PC Advisor

A free and easy way of viewing all the processes that have established a network connection in Windows XP  is  the following :

•  Press Windows start Button
• Select Run
• Type cmd and press Enter
• Then type: netstat -ab and press Enter

If you wait a couple of seconds you will see:

All network connections, their local address, the address that they are connected to, their state, the process id of the connected process, the name of the process and possibly dll files  that the process use.

Md5sum is a computer program which calculates and verifies 128-bit MD5 hashes. The MD5 hash functions as a compact digital fingerprint of a file. It is extremely unlikely that any two non-identical files will have the same MD5 hash. This means that when we download a file, we can validate the download by comparing the md5 hash value provided by the download location (it is usually stored in *.md5 files) with the md5 hash value calculated for the downloaded file in our computer. In order to calculate the md5 hash for a program in a Windows machine one can use:

Free, open source winMd5Sum from Nullriver Software.

For more info and downloads please visit:

http://www.nullriver.com/index/products/winmd5sum

Recently a friend brought me a very badly infected computer to repair. The computer after various tests was found infected  by multiple pieces of malware. The very strange thing of the whole scenario was the presence of a file called "sol630.txt" in windows/system32 folder. This file was a masqueraded dll file that:

• Could not be deleted (you could delete it but it kept being recreated)

• Was called everytime an application was launched (found the registry key:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"="C:\\WINDOWS\\system32\\sol630.txt" which also kept being recreated when deleted)

• And the most strange thing is that we could not find any info about this file in the web! We found info about a similar file called sol629.txt.

Avira’s antivir detected the presence of a trojan and various other malware, but could not remove everything even in safe mode.

The solution to repair the system was sadly the complete removal of the old windows installation and the installation of Windows from scratch.