POST BEEP CODES

Post Beep Codes, AMI & Phoenix/Award BIOS error codes








Building a new PC or installing new hardware is fairly straight forward until things go wrong.

This page is © Copyright 2001-2008 helpwithpcs.com

Before you follow this tutorial you must read the terms of our disclaimer.

When a PC is first switched on or reset it performs a special diagnostic test called a POST (Power-On Self Test), to check all of the components in the PC the POST program sends out a signal to each device initialising each device's built-in self test procedure.
The POST test is a two stage process, first it will check all of the basic components including amongst other things the system clock, the processor, RAM, the keyboard controller and the Video Card.

When a device fails the first part of the POST, the BIOS will send a series of beeps from the PC's speaker (internal) to inform the PC user that there is a problem, these beeps are coded allowing the user to diagnose the troublesome component.

After the video has been tested the BIOS will then indicate any errors encountered by displaying either a numeric code or a text message on the screen.

When the POST has been completed successfully the PC will make a short beep to let the user know everything is as it should be.

back to top | © Copyright 2001-2008 helpwithpcs.com

Below are some common beep codes for AMI and Phoenix BIOS.


AMI BIOS ERROR BEEP CODES
1 Beep - Memory Refresh Failure (check memory)
2 Beeps - Memory Parity Error in first 64KB block (check memory)
3 Beeps - Memory Read/Write Error in first 64KB block (check memory)
4 Beeps - Motherboard timer not functioning (possible motherboard replacement)
5 Beeps - Processor Error (may need replacement Processor)
6 Beeps - Gate A20/keyboard controller failure (possible motherboard replacement)
7 Beeps - Processor Exception Interrupt Error (may need replacement Processor)
8 Beeps - Display Memory Read/Write Failure (reseat or replace video card)
9 Beeps - ROM checksum Error (replace BIOS chip or motherboard)
10 Beeps - CMOS shutdown Read/Write error (possible motherboard replacement)
11 Beeps - Bad Cache Memory - test failed (replace cache memory)

back to top | © Copyright 2001-2008 helpwithpcs.com

Phoenix BIOS ERROR BEEP CODES

Phoenix BIOS beep codes are a series of beeps separated by a pause, for example:
beep --- beep beep --- beep --- beep beep would be 1-2-1-2
1-1-4-1 - Cache Error (level 2)
1-2-2-3 - BIOS ROM Checksum
1-3-1-1 - DRAM Refresh Test
1-3-1-3 - Keyboard controller test
1-3-4-1 - RAM Failure on address line xxxx (check memory)
1-3-4-3 - RAM Failure on data bits xxxx of low byte of memory bus
1-4-1-1 - RAM Failure on data bits xxxx of high byte of memory bus
2-1-2-3 - ROM copyright notice
2-2-3-1 - Test for unexpected interrupts

back to top | © Copyright 2001-2008 helpwithpcs.com

AWARD BIOS ERROR BEEP CODES

There are 2 main beep codes for the Award BIOS:
one long beep and two short beeps - Video error (reseat or replace video card)
two short beeps - Non-Fatal Error (reseat RAM, check other components)

back to top | © Copyright 2001-2008 helpwithpcs.com
For more on BIOS beep codes or numeric codes see the manufacturer's website:
AMI BIOS
Phoenix/Award BIOS

back to top | Back to PC Upgrade Menu | © Copyright 2001-2008 helpwithpcs.com

Voice chat in YM

Yahoo! (r) Messenger Tutorial Part 4 - Voice Conferencing

--------------------------------------------------------------------------------
note: This tutorial is currently being updated
--------------------------------------------------------------------------------
Voice conferencing can be a very handy feature of any instant messenger program, in this part we will look at how to use this feature in Yahoo!® Messenger.
--------------------------------------------------------------------------------
This page is © Copyright 2001-2008 helpwithpcs.com

Before you follow this tutorial you must read the terms of our disclaimer.
--------------------------------------------------------------------------------
If you use a dial-up connection then the chances are that the number you dial to connect to the internet is a local call (or included in a monthly fee such as broadband), this means that if you use the voice conferencing feature of a program like Yahoo!® Messenger instead of the phone it can save money with any long distance calls.
--------------------------------------------------------------------------------

In part four:
Setting up your mic & sound.
The Voice conferencing Toolbar.
Setting up the sound levels.
Back to course menu.



--------------------------------------------------------------------------------
Setting up your mic & sound
To set up your microphone ready for use plug it into the mic socket at the back of your PC, fig 1.1 shows a common set of sound inputs/outputs and we have pointed out the mic socket.

--------------------------------------------------------------------------------
The next step is to open the messenger program and contact the friend that you want to talk to, when you have sent them a message you will see the main instant message window, one of the icons visible is the voice button.
--------------------------------------------------------------------------------
Clicking on the voice button adds a new toolbar with some new areas of interest within the message window, these extra buttons/indicators (see fig 1.2) are what you will use to control the voice conferencing.

--------------------------------------------------------------------------------
Back to top | Part 5 coming in the next few days - © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
The Voice conferencing Toolbar

Above in fig 1.2 we have pointed out the main areas that are used to control the voice conferencing:

A - This is similar to the hands free feature on a normal telephone, allowing the user to talk without pressing the Talk button, when selected a certain volume triggers the hands free feature.

B - The Talk button is what you press and hold to speak, for better results this button should be pressed and held 1 second before you start to talk.

C - This is a level indicator, it indicates the input level of your microphone.

D - This is another level indicator, this one indicates the level of the incoming voice (your friend's voice).

E - The mute facility is much like the mute on your TV, when selected it mutes all sound.

F - This is a level indicator which indicates the level of the sound output.
--------------------------------------------------------------------------------
Back to top | Part 5 coming in the next few days - © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
Setting up the sound levels

Now you are familiar with the voice toolbar it is time to test and set up the sound levels including the input level for your microphone, this is achieved by opening the volume control on the Windows taskbar (bottom right of your screen by the clock).
In fig 1.3 to the left is a standard volume control window, yours may vary with different controls for different devices.

The one we are interested in is the Mic control, if you cannot see the mic in your volume window then click on options, properties, and then put a tick next to the Mic option in the dialogue box that appears.

Normally your mic will be muted so we need to untick the Mute checkbox (as in fig 1.2), now move the slider for the mic about halfway up for now, we will test the settings in a minute.

Also notice the Volume slider, this should be set according to your PC's speakers.

Now it is time to test the mic, when you enable the voice conferencing (clicking the Voice button) your friend will receive a message asking them if they would like to enable voice as well, presuming they do accept then you would see a message appear in the message window along the lines of your friend has enabled voice conference.

Press the Talk button and say something into your mic, you should see your mic level indicator (C in fig 1.2) light up, the ideal level is shown in fig 1.4 below

Having the mic any louder than the level shown above can cause distortion, adjust your mic slider (fig 1.3) to set the level accordingly, always ask your friend how it sounds at their end too.

Once you have set your levels you are ready to go, just press the talk button or use the hands free feature to talk.

To stop the voice conference simply click on the Voice Off button as seen below

note: If you experience feedback (a humming noise) while talking then adjust the volume and mic sliders until the humming disappears, another cause of feedback is having the mic too close to the speakers.

--------------------------------------------------------------------------------
Back to top | Part 5 coming in the next few days - © Copyright 2001-2008 helpwithpcs.com

Processor

What is a processor and what does it do?

The processor (often called the CPU) is the brain of your PC and is where the majority of the work is performed.

As its name suggests a processor processes something, that something is data, this data is made up of 0's and 1's (zeroes and ones).

To understand a processor we first need to take a quick look at the way digital systems function. All of the work that goes on inside your PC is carried out by the means of voltage, or more accurately the difference in two voltages.

note: Voltage refers to the electrical unit. (for example a 12 Volt battery)

Digital systems use only two voltages, one which is a low voltage (usually between 0 and 1 volt) and one which is a high voltage (typically between 3 and 5 volts). These low and high voltages represent off and on respectively, a digital system will interpret these off and on states as 0 and 1. In other words if the voltage is low then it would represent 0 (off state), and if the voltage is high then it would represent a 1 (on state).
These zeroes and ones are called bits. The word bit is short for Binary Digit.
For example here are 8 bits (binary digits): 10010010
For more on binary see our guide to binary numbers.

back to top | © Copyright 2001-2008 helpwithpcs.com

Processor Architecture

A processor (as stated earlier) processes bits (binary digits) of data. In its simplest form, the processor will retrieve some data, perform some process on that data, and then store the result in either its own internal memory (cache) or the systems memory.

You may have seen processors advertised as 32-bit or 64-bit, this basically means that the processor can process internally either 32 bits or 64 bits of data at any one time.

This would theoretically make a 64-bit processor twice as fast as its 32-bit counterpart.

Software can also be defined as either 16-bit, 32-bit or 64-bit. You can probably see that theoretically, if you are using 64-bit software with a 32-bit processor then it would take two clock cycles (32-bits at a time) to process any one set of 64-bits, this is referred to as a bottleneck.

back to top | © Copyright 2001-2008 helpwithpcs.com

Processor Clock Speed

Every processor has its own built-in clock, this clock dictates how fast the processor can process the data (0's and 1's). You will see processors advertised as having a speed of say 2GHz, this measurement refers to the internal clock.

If a processor is advertised as having a speed of 2GHz, this means that it can process data internally 2 billion times a second (every clock cycle). If the processor is a 32-bit processor running at 2GHz then it can potentially process 32 bits of data simultaneously, 2 billion times a second !!

back to top | © Copyright 2001-2008 helpwithpcs.com

Front Side Bus (FSB)

Overall processor performance relies on other internal and external factors, one of which is the processor's front side bus (FSB) speed, two common figures for the Intel Pentium 4 are 533MHz and 800MHz.

The front side bus consists of two channels, one for transferring data, and one for indicating the memory address where the data is to be retrieved from or stored.

The front side bus transfers data between the processor and the computer's other components such as memory, hard drives, etc. The FSB will have a certain width (measured in bits) which dictates how many bits can be transferred at any one time. As the 533MHz and 800MHz figures suggest, the FSB also has a clock cycle frequency indicating how fast the data can be transferred.
For example a processor having a FSB width of 32-bits and running at 533MHz, can transfer a set of 32-bits of data, 533,000,000 times a second.

back to top | © Copyright 2001-2008 helpwithpcs.com

Instruction Sets

The type of work a processor carries out is defined by its instructions, these instructions are coded in binary. All modern processors have their own instructions built-in for common tasks.

Having these instruction sets built-in allow the processor to carry out certain operations much faster. The instruction sets that are built-in depend on the processor's architecture, there are two main types of processor architecture on the market, CISC and RISC.

CISC (Complex Instruction Set Computer)
CISC processors have more internal instructions than its RISC counterpart allowing a more diverse set of operations. Although this may sound the best option, CISC processors are generally slower due to the complexity of the instructions. Some people think the benefit of having more complex instructions built-in outweigh the performance lose, but it would depend on the applications that the processor is going to run.

RISC (Reduced Instruction Set Computer)
RISC processors, as the name suggests, have fewer built-in instructions, this can add to the overall speed of the processor due to the simplicity of the instructions, but again the performance would depend on the type of applications the processor was to be used for.

Most modern processors have built-in instructions specifically designed for certain applications such as 3D graphics, audio manipulation, etc. One example of this would be the MMX (MultiMedia eXtension) technology which Intel built-in to its Pentium architecture in the late nineties. This was a special set of internal instructions that allowed the faster processing of audio and visual algorithms.

back to top | © Copyright 2001-2008 helpwithpcs.com

Cache (L2)

L2 Cache (pronounced cash) is a special block of memory inside the processor (in the same chip) which offers faster data retrieval, typical sizes are 128KB, 256KB and 512KB.

note: Some processors (generally older) utilise external L2 cache.

The data that the processor stores in its cache memory will be data that is frequently used (such as a certain algorithm), the processor will also guess what data may be required and store this data in its cache. This guessing may be successful or it may not, the success rate is known as a hit rate. For instance, if the hit rate was 94% then it would mean that 94 out of every 100 attempts the processor correctly identified and stored a block of data which was needed, the other 6 times the data was never used.

back to top | © Copyright 2001-2008 helpwithpcs.com

Arithmetic Logic Unit (ALU)

The ALU is an internal part of the processor which is used for all mathematical and logical operations. The basic operations of an ALU include adding and multiplying binary values, as well as performing logical operations such as AND, OR and XOR. The algorithms for performing these mathematical and logical operations are hard coded (stored permanently) within the ALU.

back to top | © Copyright 2001-2008 helpwithpcs.com

Floating Point Unit (FPU)

The FPU is also an internal part of modern processors. The FPU is designed to handle any floating point calculations, and like the ALU it has its algorithms hard coded (stored permanently) inside the unit.

With the Intel family of processors up until the 80486DX the floating point unit was an external unit (commonly called a math coprocessor), subsequent processors such as the Pentium have the FPU built in. For example, if you had the (now old) 80386SX processor from Intel you would be able to purchase the 80387 coprocessor, which was in fact the floating point unit.

back to top | © Copyright 2001-2008 helpwithpcs.com

Power Supply

What is a power supply and what does it do?
The power supply unit (PSU) in a PC regulates and delivers the power to the components in the case.
--------------------------------------------------------------------------------
Power Supplies contain dangerous voltages and should only be opened by experienced and qualified engineers, there are no user servicable parts inside.

Always disconnect the PSU from the mains supply before removing the cover of the PC.

--------------------------------------------------------------------------------
Standard power supplies turn the incoming 110V or 220V AC (Alternating Current) into various DC (Direct Current) voltages suitable for powering the computer's components.

Power supplies are quoted as having a certain power output specified in Watts, a standard power supply would typically be able to deliver around 350 Watts.

The more components (hard drives, CD/DVD drives, tape drives, ventilation fans, etc) you have in your PC the greater the power required from the power supply.


By using a PSU that delivers more power than required means it won't be running at full capacity, which can prolong life by reducing heat damage to the PSU's internal components during long periods of use.

Always replace a power supply with an equivalent or superior power output (Wattage).

There are 3 types of power supply in common use:
AT Power Supply - still in use in older PCs.
ATX Power Supply - commonly in use today.
ATX-2 Power Supply - recently new standard.
The voltages produced by AT/ATX/ATX-2 power supplies are:
+3.3 Volts DC (ATX/ATX-2)
+5 Volts DC (AT/ATX/ATX-2)
-5 Volts DC (AT/ATX/ATX-2)
+5 Volts DC Standby (ATX/ATX-2)
+12 Volts DC (AT/ATX/ATX-2)
-12 Volts DC (AT/ATX/ATX-2)
A power supply can be easily changed and are generally not expensive, so if one fails (which is far from uncommon) then replacement is usually the most economic solution.
--------------------------------------------------------------------------------
back to top | © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
The power supply connectors
4 Pin Berg Connector
Used to connect the PSU to small form factor devices, such as 3.5" floppy drives.
available in: AT, ATX & ATX-2
4 Pin Molex Connector
This is used to power various components, including hard drives and optical drives.
available in: AT, ATX & ATX-2
20 Pin Molex ATX Power Connector
This is used to power the motherboard in ATX systems.
available in: ATX( ATX-2 have four extra pins)
4 Pin Molex P4 12V Power Connector
Used specifically for Pentium 4 Processor Motherboards.
available in: ATX (integrated into the power connector in ATX-2)
6 Pin AUX Connector
Provides +5V DC, and two connections of +3.3V.
available in: ATX/ATX-2

--------------------------------------------------------------------------------
back to top | © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
ATX Power Supply Pinouts
Below are pinout diagrams of the common connectors in ATX power supplies.

note: The pinouts above relate to the connectors not the sockets.
note: To power up an ATX or ATX-2 PSU for testing, short pin 14 (PS_ON) with one of the grounds.

RAID CONFIGURATION

RAID Levels, Data Striping, Disk Mirroring and Parity Fault Tolerance

RAID - Redundant Array of Independant Disks
RAID is a hard disk technology which can be used to speed up data transfer and/or provide disk redundancy.

RAID provides these features by utilising more than one hard disk at a time, there are several variations of a RAID configuration referred to as levels.

Each of these levels provide different performance and/or fault tolerance benefits.

© Copyright 2001-2008 helpwithpcs.com

Below are some RAID configurations with a brief description.

RAID 0
This configuration is the fastest of all the RAID levels, it uses a technique called data striping (see below) and requires at least 2 hard disks.

RAID 1
This level uses a pair of hard disks at a time to provide fault tolerance (there is no performance benefit) and requires at least 2 hard disks.

Using a technique called disk mirroring (see below) the same data is written to both disks at a time, so if one hard disk crashes then the same data is available from the remaining hard disk.

RAID 2
The RAID 2 configuration uses data striping (see below) and a fault tolerance technique called parity (see below), it requires at least 3 disks.

Two (or more) of the disks are used to store the data and one disk is used to store the parity (see below) information.

RAID 2 strips the data into bits, which is why RAID 3 (below) is a better implementation as it strips the data into bytes instead.


RAID 3
A common RAID level similar to RAID 2 except that the data is striped into bytes and not bits, giving a performance benefit over RAID 2.

RAID 4
RAID 4 strips the data into blocks and uses a parity drive for fault tolerance, at least 3 drives are required, not a commonly used implementation.

RAID 5
A popular RAID configuration utilising at least 3 drives.

Data is striped across the drives in bytes, the parity data for one particular drive is stored on another drive allowing the data to be rebuilt using the parity technique.

© Copyright 2001-2008 helpwithpcs.com

Data Striping
Data Striping is a technique for writing and reading data sequentially to/from more than one storage device.

Before the data is written it is broken up into blocks, these blocks vary in size depending on the RAID configuration (level) used.

The blocks of data are then written sequentially to all disks simultaneously into areas called stripes.

Because all of the read/write heads are working all the time, it increases performance as opposed to writing/retrieving data to/from one disk at a time.

© Copyright 2001-2008 helpwithpcs.com

Disk Mirroring and Disk Duplexing
This technique does exactly what it sounds like, it creates a mirror image of the information of one disk onto another.

The data is written to both disks at the same time, if one disk fails then the mirror disk can be utilised immediately to provide requested data and/or restore the lost data.

Disk Mirroring techniques usually use one disk controller for both drives. This can lead to problems, if for some reason the disk controller has a failure, then none of the disks would be available.

Disk Duplexing gets around this problem by using a separate controller for each data disk, allowing total disk redundancy.

© Copyright 2001-2008 helpwithpcs.com

Parity Fault Tolerance
This is a technique which is fairly simple but very effective.

It works by performing a logical operation on the data as it stores it and writing the result of this operation to either a dedicated disk (RAID 2,3 & 4) or on the main data disks (RAID 5).

The logical operation normally used is XOR (eXclusive OR).

An example, if there were 4 data disks in use called DD1, DD2, DD3 and DD4, and one parity disk PD1, whenever data is written to the drives the logical operation that would be performed is:

DD1 XOR DD2 XOR DD3 XOR DD4

and the result stored in PD1

Then if any of the drives fail the data can be rebuilt by performing a similar calculation, but this time substituting the missing data with the value of PD1.

For example, if we were missing DD2, the calculation would be:

DD1 XOR PD1 XOR DD3 XOR DD4 = DD2 (the missing data)

One of the drawbacks to using this type of fault tolerance is a speed loss due to the overhead of the calculations, it obviously needs to use up some disk space too, but it can be invaluable when it comes to retrieving otherwise lost data.

© Copyright 2001-2008 helpwithpcs.com

Network topologies

Network Topologies
What does network topology mean ?
The Bus Topology
The Mesh Topology
The Ring Topology
The Star Topology




--------------------------------------------------------------------------------
What does network topology mean ?
A network topology refers to either the physical or logical layout of a network installation.

Physical Topology when in the context of networking refers to the physical layout of the devices connected to the network, including the location and cable installation.

The Logical Topology refers to the way it actually operates (transfers data) as opposed to its layout.

There are four main network topologies (and mixtures of the four) in common use today.
Bus
Mesh
Ring
Star
We will take a closer look at these topologies below.
--------------------------------------------------------------------------------
back to top | © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
The Bus Topology
This type of network topology is generally used with Ethernet (discussed later in the tutorial) networks.

A Bus topology can be both Physical and Logical.

The Bus topology is one of the simplest of the four network topologies to use, in its most basic form it is simply a case of running one cable (referred to as the backbone) from the first device/PC in the network to the last device/PC, and then add any further devices/PCs to the existing cable (backbone) between the first and last machines (see fig 1.1 below).
This topology is probably the cheapest network type of all to initially setup, as only one cable is used the installation is fairly simple and economical.

The problems can come when trying to add a device to an existing Bus topology network. To add a device requires physically linking it to the existing backbone which can turn out to be a major job.
Another consideration if using a bus topology for a network is fault tolerance, or the lack of it, this type of network transfers data by passing messages through the same cable, so a break in any part of the cable will bring the whole network down.

Each device will check to see if the message is intended for them, the device to which the data is addressed will copy the contents to its network card's onboard RAM and process it accordingly.
--------------------------------------------------------------------------------
back to top | © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
The Mesh Topology
This type of network topology boasts the highest fault tolerance of all of the network topologies, it is also usually the most expensive.

In a mesh topology each device/PC is connected to every other device/PC in the network by its own cable (see fig 1.2 below), which means vast amounts of cables for any sizeable network.
The Mesh topology provides fault tolerance by having separate cables for each connection, allowing any one cable to break without interferring with the rest of the network.

Unfortunately because each connection needs its own cable a Mesh topology can get very expensive.

Everytime you add a client to a mesh network you have to run cables to each of the other devices.
The amount of cables you will need for a mesh network can be calculated by: CN = (D * (D-1)) / 2
(where CN is Cables Needed, and D is the amount of devices on the network)

If your network was going to have 4 clients/devices then you would need 4 * 3 / 2 = 6 cables

The problems come with a large network, imagine a 40 device network: 40 * 39 / 2 = 780 cables

When you need to add a single device to a Mesh network the job can be very complex, for example if you had a network of 15 devices, to add one device would mean adding 15 cables to the network.
--------------------------------------------------------------------------------
back to top | © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
The Ring Topology
The physical ring topology is rarely used these days, a Ring topology networks the devices by connecting each device to its two neighbouring devices (see fig 1.3 below).
Data is passed one way from device to device, fault tolerance in a physical ring topology is non existant, if one device/cable fails then the whole network goes down.

Adding a new device to an existing physical Ring network can be complicated as any new device needs to go inbetween the existing devices.

--------------------------------------------------------------------------------
back to top | © Copyright 2001-2008 helpwithpcs.com
--------------------------------------------------------------------------------
The Star Topology
A physical Star topology connects the devices via a centralised unit such as a Hub or Switch.
A Star topology gives great fault tolerance as any device/cable failure will not affect the rest of the network (unless the centralising device or server (if vital) fails).

Physically adding new devices to a Star network is very simple compared to any of the other topologies, you simply run a cable from the new device to the hub/switch.
Star topologies are very common, especially in Ethernet networks, also, they are commonly mixed with one of the other topologies to create a hybrid topology.
--------------------------------------------------------------------------------
back to top | © Copyright 2001-2008 helpwithpcs.com

DC/DC CONVERTER

PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
1
ORDERING INFORMATION
DESCRIPTION
The SC1162/3 combines a synchronous voltage mode
controller with a low-dropout linear regulator providing
most of the circuitry necessary to implement two DC/
DC converters for powering advanced microprocessors
such as Pentium® II.
The SC1162/3 switching section features an integrated
5 bit D/A converter, pulse by pulse current limiting,
integrated power good signaling, and logic compatible
shutdown. The SC1162/3 switching section operates at
a fixed frequency of 200kHz, providing an optimum
compromise between size, efficiency and cost in the
intended application areas. The integrated D/A converter
provides programmability of output voltage from
2.0V to 3.5V in 100mV increments and 1.30V to 2.05V
in 50mV increments with no external components.
The SC1162/3 linear section is a high performance
positive voltage regulator design for either the GTL bus
supply at 1.5V (SC1162) or an adjustable output
(SC1163).
The output of the linear regulator can provide up to 5A
or more with the appropriate external MOSFET.
Pentium is a registered trademark of Intel Corporation
PIN CONFIGURATION
TEL:805-498-2111 FAX:805-498-3804 WEB:http://www.semtech.com
BLOCK DIAGRAM
FEATURES
• Synchronous design, enables no heatsink solution
• 95% efficiency (switching section)
• 5 bit DAC for output programmability
• On chip power good function
• Designed for Intel Pentium® II requirements
• 1.5V or Adj. @ 1% for linear section
• 1.300V-2.05V ±1.5%; 2.100V-3.500V ±2%
APPLICATIONS
• Pentium® ll or Deschutes microprocessor supplies
• Flexible motherboards
• 1.3V to 3.5V microprocessor supplies
• Programmable dual power supplies
Part Number(1) Package
Linear
Voltage
Temp.
Range (TJ)
SC1162CSW SO-24 1.5V 0° to 125°C
SC1163CSW SO-24 Adj. 0° to 125°C
Note:
(1) Add suffix ‘TR’ for tape and reel.
Top View
(24 Pin SOIC)
LDOV GATE LDOS
PGNDL
DL
BSTL
PGNDH
DH
BSTH
VCC CS- CS+ EN
VID3
VID4
VID2
VID0
VID1
VOSENSE
PWRGOOD
OVP
VCC
70mV
1.25 REF CURRENT LIMIT
D/A &
LEVEL SHIFT
AND HIGH SIDE
MOSFET DRIVE
SHUTDOWN
LOGIC
OSCILLATOR
R
S
Q
SHOOTTHRU
CONTROL
SYNCHRONOUS
MOSFET DRIVER
ERROR
AMP
AGND
FET
CONTROLLER
1.265V
REF
OPEN
COLLECTORS
VCC
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
2
ELECTRICAL CHARACTERISTICS
Unless specified: VCC = 4.75V to 5.25V; GND = PGND = 0V; VOSENSE = VO; 0mV < (CSp-CSm) < 60mV; LDOV = 11.4V to 12.6V; TA = 25oC
PARAMETER CONDITIONS MIN TYP MAX UNITS
Switching Section
Output Voltage IO = 2A See Note 1.
Supply Voltage VCC 4.2 7 V
Supply Current VCC = 5.0 8 15 mA
Load Regulation IO = 0.8A to 15A 1 %
Line Regulation 0.5 %
Minimum operating voltage 4.2 V
Current Limit Voltage 55 70 85 mV
Oscillator Frequency 175 200 225 kHz
Oscillator Max Duty Cycle 90 95 %
DH Sink/Source Current BSTH-DH = 4.5V, DH-PGNDH = 2V 1 A
DL Sink/Source Current BSTL-DL = 4.5V, DL-PGNDL = 2V 1 A
Output Voltage Tempco 65 ppm/oC
Gain (AOL) VOSENSE to VO 35 dB
OVP threshold voltage 120 %
OVP source current VOVP = 3.0V 10 mA
Power good threshold voltage 85 115 %
Dead time 50 100 ns
Linear Section
Quiescent current LDOV = 12V 5 mA
Output Voltage (SC1162) 1.485 1.500 1.515 V
Reference Voltage (SC1163) 1.252 1.265 1.278 V
Feedback Pin Bias Current (SC1163) 10 uA
Gain (AOL) LDOS to GATE 90 dB
Load Regulation IO = 0 to 8A(2) 0.3 %
Line Regulation 0.3 %
Output Impedance 200 Ω
Parameter Symbol Maximum Units
VCC to GND VIN -0.3 to +7 V
PGND to GND ± 1 V
BST to GND -0.3 to +15 V
Operating Temperature Range TA 0 to +70 °C
Junction Temperature Range TJ 0 to +125 °C
Storage Temperature Range TSTG -65 to +150 °C
Lead Temperature (Soldering) 10 seconds TL 300 °C
Thermal Impedance Junction to Ambient θJA 80 °C/W
Thermal Impedance Junction to Case θJC 25 °C/W
ABSOLUTE MAXIMUM RATINGS
Notes: (1) See Output Voltage table
(2) In application circuit
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
3
Note:
(1) All logic level inputs and outputs are open
collector TTL compatible.
PIN DESCRIPTION
Pin Pin Name Pin Function
1 AGND Small Signal Analog and Digital Ground
2 NC No connection
3 NC No Connection
4 LDOS Sense Input for LDO
5 VCC Input Voltage
6 OVP High Signal out if VO>setpoint +20%
7 PWRGOOD(1)
Open collector logic output, high if VO
within 10% of setpoint
8 CS- Current Sense Input (negative)
9 CS+ Current Sense Input (positive)
10 PGNDH Power Ground for High Side Switch
11 DH High Side Driver Output
12 PGNDL Power Ground for Low Side Switch
13 DL Low Side Driver Output
14 BSTL Supply for Low Side Driver
15 BSTH Supply for High Side Driver
16 EN(1) Logic low shuts down the converter;
High or open for normal operation.
17 VOSENSE Top end of internal feedback chain
18 VID4(1) Programming Input (MSB)
19 VID3(1) Programming Input
20 VID2(1) Programming Input
21 VID1(1) Programming Input
22 VID0(1) Programming Input (LSB)
23 LDOV +12V for LDO section
24 GATE Gate Drive Output LDO
Top View
(24 Pin SOIC)
AGND GATE
LDOS
NC
VCC
OVP
PWRGOOD
CSCS+
PGNDH
DH
PGNDL
1
2
3
LDOV
4
5
6
7
8
9
10
11
12
24
23
22
21
20
19
18
17
16
15
14
13
VOSENSE
EN
BSTH
BSTL
DL
VID0
VID1
VID2
VID3
VID4
NC
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
4
OUTPUT VOLTAGE
Unless specified: VCC = 5.00V; GND = PGND = 0V; VOSENSE = VO; 0mV < (CSp-CSm) < 60mV; TA = 25oC
PARAMETER CONDITIONS VID
43210
MIN TYP MAX UNITS
Output Voltage IO = 2A in Application Circuit 01111 1.281 1.300 1.320
01110 1.330 1.350 1.370
01101 1.379 1.400 1.421
01100 1.428 1.450 1.472
01011 1.478 1.500 1.523
01010 1.527 1.550 1.573
01001 1.576 1.600 1.624
01000 1.625 1.650 1.675
00111 1.675 1.700 1.726
00110 1.724 1.750 1.776
00101 1.773 1.800 1.827
00100 1.822 1.850 1.878
00011 1.872 1.900 1.929
00010 1.921 1.950 1.979
00001 1.970 2.000 2.030
00000 2.019 2.050 2.081
11111 1.960 2.000 2.040
11110 2.058 2.100 2.142
11101 2.156 2.200 2.244
11100 2.254 2.300 2.346
11011 2.352 2.400 2.448
11010 2.450 2.500 2.550
11001 2.548 2.600 2.652
11000 2.646 2.700 2.754
10111 2.744 2.800 2.856
10110 2.842 2.900 2.958
10101 2.940 3.000 3.060
10100 3.038 3.100 3.162
10011 3.136 3.200 3.264
10010 3.234 3.300 3.366
10001 3.332 3.400 3.468
10000 3.430 3.500 3.570
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
5
VCC_CORE
VLIN
VID0 GND
VID1
VID2
VID3
VID4
12V
5V
EN
OVP
PWRGD
5V
C1
0.1uF
L1
4uH
R4
5mOhm
C18
0.1uF
+
C14
1500uF
+
C15
1500uF
+
C16
1500uF
+
C17
1500uF
+
C3
1500uF
+
C2
1500uF
R1
10 C13
0.1uF
Q2
BUK556
Q1
BUK556
C5
0.1uF
Q3
BUK556
+
R17
100K
+
C12
330uF
R5
2.32k
U1
SC1162/3CSW
AGND
1
VCC
5
OVP
6
PWRGOOD
7
CS-
8
CS+
9
PGNDH
10
DH
11
BSTH
15
EN
16
VO SENSE
17
VID4
18
VID3
19
VID2
20
VID1
21
VID0
22
DL
13
PGNDL
12
BSTL
14
NC
24 GATE
2 LDOV 23
LDOS
3
NC
4
R6
1.00k
R12
R13
R16
10k
NOTES: FOR SC1162, R12 AND R13 ARE NOT REQUIRED
CONNECT LDOS (PIN4) DIRECTLY TO VLIN
TO GENERATE 1.5V OUTPUT.
+
C21
330uF
*
*
* SEE "SETTING LDO OUTPUT VOLTAGE" TABLE
R17 REQUIRED IF VINLIN CAN BE PRESENT
WITHOUT 12V BEING PRESENT
APPLICATION CIRCUIT
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
6
MATERIALS LIST
Qty. Reference Part/Description Vendor Notes
4 C1,C5,C13,C
18
0.1μF Ceramic Various
6 C2,C3,C14-
C17
1500μF/6.3V SANYO MV-GX or equiv. Low ESR
3 C11,C12,
C21
330μF/6.3V Various
1 L1 4μH 8 Turns 16AWG on MICROMETALS T50-52D core
3 Q1,Q2,Q3 See notes See notes FET selection requires trade-off between efficiency and
cost. Absolute maximum RDS(ON) = 22 mΩ for Q1,Q2
1 R4 5mΩ IRC OAR-1 Series
1 R5 2.32kΩ, 1%, 1/8W Various
1 R6 1kΩ, 1%, 1/8W Various
1 R1 10Ω, 5%, 1/8W Various
1 R12 1%, 1/8W Various See Table (Not required for SC1162)
1 R13 1%, 1/8W Various See Table (Not required for SC1162)
1 R17 100k, 5%, 1/8W Various Required if Voltage is applied to the linear FET without
12V applied to SC1162/3
1 U1 SC1162/3CSW SEMTECH
SETTING LDO OUTPUT VOLTAGE
RB RA
VO LDO R12 R13
3.45V 105Ω 182Ω
3.30V 105Ω 169Ω
3.10V 102Ω 147Ω
2.90V 100Ω 130Ω
2.80V 100Ω 121Ω
2.50V 100Ω 97.6Ω
1.50V 100Ω 18.7Ω significan t error
that the (I R ) term does not cause
R and R must be low enough so
See layout diagram for clarificat ion
R Bottom feedback resistor
R Top feedback resistor
I Feedback pin bias current
Where :
(I R )
R
1.265 (R R )
V
FB A
A B
B
A
FB
FB A
B
A B
OUT
⋅
=
=
=
= ⋅ + + ⋅
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
7
70%
75%
80%
85%
90%
95%
0 2 4 6 8 10 12 14 16
Io (Amps)
Efficiency
3.5V Std
3.5V Sync
3.5V Sync Lo Rds
Typical Efficiency at Vo=3.5V
70%
75%
80%
85%
90%
95%
0 2 4 6 8 10 12 14 16
Io (Amps)
Efficiency
2.5V Std
2.5V Sync
2.5V Sync Lo Rds
Typical Ripple, Vo=2.8V, Io=10A
70%
75%
80%
85%
90%
95%
0 2 4 6 8 10 12 14 16
Io (Amps)
Efficiency
2.8V Std
2.8V Sync
2.8V Sync Lo Rds
Typical Efficiency at Vo=2.8V
70%
75%
80%
85%
90%
95%
0 2 4 6 8 10 12 14 16
Io (Amps)
Efficiency
2.0V Std
2.0V Sync
2.0V Sync Lo Rds
Typical Efficiency at Vo=2.0V
Transient Response Vo=2.8V, Io=300mA to 10A
Typical Efficiency at Vo=2.5V
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
8
LAYOUT GUIDELINES
Careful attention to layout requirements are necessary
for successful implementation of the SC1162/3 PWM
controller. High currents switching at 200kHz are present
in the application and their effect on ground plane
voltage differentials must be understood and minimized.
1). The high power parts of the circuit should be laid out
first. A ground plane should be used, the number and
position of ground plane interruptions should be such
as to not unnecessarily compromise ground plane integrity.
Isolated or semi-isolated areas of the ground
plane may be deliberately introduced to constrain
ground currents to particular areas, for example the input
capacitor and bottom FET ground.
2). The loop formed by the Input Capacitor(s) (Cin), the
Top FET (Q1) and the Bottom FET (Q2) must be kept
as small as possible. This loop contains all the high current,
fast transition switching. Connections should be as
wide and as short as possible to minimize loop inductance.
Minimizing this loop area will a) reduce EMI, b)
lower ground injection currents, resulting in electrically
“cleaner” grounds for the rest of the system and c) minimize
source ringing, resulting in more reliable gate
switching signals.
3). The connection between the junction of Q1, Q2 and
the output inductor should be a wide trace or copper
region. It should be as short as practical. Since this
connection has fast voltage transitions, keeping this
connection short will minimize EMI. The connection between
the output inductor and the sense resistor should
be a wide trace or copper area, there are no fast voltage
or current transitions in this connection and length
is not so important, however adding unnecessary
impedance will reduce efficiency.
Vout
12V IN
5V Vo Lin
5V
4uH
5mOhm
+
Cout
+
Cin
10
Q2
0.1uF
Q3
+
Cout Lin
2.32k
1.00k
RB
RA
+
Cin Lin
SC1162/3
AGND
1
VCC
5
OVP
6
PWRGOOD
7
CS-
8
CS+
9
PGNDH
10
DH
11
BSTH
15
EN
16
VO SENSE
17
VID4
18
VID3
19
VID2
20
VID1
21
VID0
22
DL
13
PGNDL
12
BSTL
14
NC
24
GATE
2
LDOV
23
LDOS
3
NC
4 Q1
0.1uF
Heavy lines indicate
high current paths.
are not required. LDOS connects to
For SC1162, RA and RB
Vo Lin
Layout diagram for the SC1162/3
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
9
Vout
5V
+
+
4) The Output Capacitor(s) (Cout) should be located
as close to the load as possible, fast transient load
currents are supplied by Cout only, and connections
between Cout and the load must be short, wide copper
areas to minimize inductance and resistance.
5) The SC1162/3 is best placed over a quite ground
plane area, avoid pulse currents in the Cin, Q1, Q2
loop flowing in this area. PGNDH and PGNDL should
be returned to the ground plane close to the package.
The AGND pin should be connected to the ground
side of (one of) the output capacitor(s). If this is not
possible, the AGND pin may be connected to the
ground path between the Output Capacitor(s) and the
Cin, Q1, Q2 loop. Under no circumstances should
AGND be returned to a ground inside the Cin, Q1, Q2
loop.
6) Vcc for the SC1162/3 should be supplied from the
5V supply through a 10Ω resistor, the Vcc pin should
be decoupled directly to AGND by a 0.1μF ceramic
capacitor, trace lengths should be as short as possible.
7) The Current Sense resistor and the divider across
it should form as small a loop as possible, the traces
running back to CS+ and CS- on the SC1162/3 should
run parallel and close to each other. The 0.1μF capacitor
should be mounted as close to the CS+ and
CS- pins as possible.
8) Ideally, the ground for the LDO section should be
returned to the ground side of (one of) the switching
section output capacitor(s).
Currents in various parts of the power section
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
10
COMPONENT SELECTION
SWITCHING SECTION
OUTPUT CAPACITORS - Selection begins with the
most critical component. Because of fast transient load
current requirements in modern microprocessor core
supplies, the output capacitors must supply all transient
load current requirements until the current in the output
inductor ramps up to the new level. Output capacitor
ESR is therefore one of the most important criteria. The
maximum ESR can be simply calculated from:
Transient current step
Maximum transient voltage excursion
Where
=
=
≤
t
t
t
t
ESR
I
V
I
V
R
Each Capacitor Total
Technology C
(μF)
ESR
(mΩ)
Qty.
Rqd.
C
(μF)
ESR
(mΩ)
Low ESR Tantalum 330 60 6 2000 10
OS-CON 330 25 3 990 8.3
Low ESR Aluminum 1500 44 5 7500 8.8
( )IN O
t
ESR V V
I
R C
L ≤ −
OSC
IN
L L f
V
I
RIPPLE ⋅ ⋅
=
4
IN
O
COND O DS on
V
V
P I R
≈
= ⋅ ⋅
= duty cycle
where
( )
2
δ
δ
= ⋅ ⋅10−2 SW O IN P I V
4
( ) O IN r f OSC
SW
I V t t f
P
⋅ ⋅ + ⋅
=
RR RR IN OSC P = Q ⋅V ⋅ f
For example, to meet a 100mV transient limit with a
10A load step, the output capacitor ESR must be less
than 10mΩ. To meet this kind of ESR level, there are
three available capacitor technologies:
The choice of which to use is simply a cost /performance
issue, with Low ESR Aluminum being the
cheapest, but taking up the most space.
INDUCTOR - Having decided on a suitable type and
value of output capacitor, the maximum allowable
value of inductor can be calculated. Too large an inductor
will produce a slow current ramp rate and will
cause the output capacitor to supply more of the transient
load current for longer - leading to an output voltage
sag below the ESR excursion calculated above.
The maximum inductor value may be calculated from:
The calculated maximum inductor value assumes 100%
duty cycle, so some allowance must be made. Choosing
an inductor value of 50 to 75% of the calculated maximum
will guarantee that the inductor current will ramp
fast enough to reduce the voltage dropped across the
ESR at a faster rate than the capacitor sags, hence ensuring
a good recovery from transient with no additional
excursions.
We must also be concerned with ripple current in the
output inductor and a general rule of thumb has been to
allow 10% of maximum output current as ripple current.
Note that most of the output voltage ripple is produced
by the inductor ripple current flowing in the output capacitor
ESR. Ripple current can be calculated from:
Ripple current allowance will define the minimum permitted
inductor value.
POWER FETS - The FETs are chosen based on several
criteria with probably the most important being power
dissipation and power handling capability.
TOP FET - The power dissipation in the top FET is a
combination of conduction losses, switching losses and
bottom FET body diode recovery losses.
a) Conduction losses are simply calculated as:
b) Switching losses can be estimated by assuming a
switching time, if we assume 100ns then:
or more generally,
c) Body diode recovery losses are more difficult to estimate,
but to a first approximation, it is reasonable to assume
that the stored charge on the bottom FET body
diode will be moved through the top FET as it starts to
turn on. The resulting power dissipation in the top FET
will be:
To a first order approximation, it is convenient to only
consider conduction losses to determine FET suitability.
For a 5V in; 2.8V out at 14.2A requirement, typical FET
losses would be:
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
11
FET type RDS(on) (mΩ) PD (W) Package
BUK556H 22 2.48 TO220
IRL2203 7.0 0.79 D2PAK
Si4410 13.5 1.53 SO-8
(1 ) ( )
= 2 ⋅ ⋅ −δ COND O DS on P I R
FET type RDS(on) (mΩ) PD (W) Package
BUK556H 22 1.95 TO220
IRL2203 7.0 0.62 D2PAK
Si4410 13.5 1.20 SO-8
BOTTOM FET - Bottom FET losses are almost entirely
due to conduction. The body diode is forced into conduction
at the beginning and end of the bottom switch conduction
period, so when the FET turns on and off, there
is very little voltage across it, resulting in low switching
losses. Conduction losses for the FET can be determined
by:
For the example above:
Each of the package types has a characteristic thermal
impedance, for the TO-220 package, thermal impedance
is mostly determined by the heatsink used. For the surface
mount packages on double sided FR4, 2 oz printed
circuit board material, thermal impedances of 40oC/W
for the D2PAK and 80oC/W for the SO-8 are readily
achievable. The corresponding temperature rise is detailed
below:
Temperature rise (oC)
FET type Top FET Bottom FET
BUK556H 49.6(1) 39.0(1)
IRL2203 31.6 24.8
Si4410 122.4 96
(1) With 20oC/W Heatsink
It is apparent that single SO-8 Si4410 are not adequate for
this application, but by using parallel pairs in each position,
power dissipation will be approximately halved and
temperature rise reduced by a factor of 4.
INPUT CAPACITORS - since the RMS ripple current in
the input capacitors may be as high as 50% of the output
current, suitable capacitors must be chosen accordingly.
Also, during fast load transients, there may
be restrictions on input di/dt. These restrictions require
useable energy storage within the converter circuitry,
either as extra output capacitance or, more usually,
additional input capacitors. Choosing low ESR input
capacitors will help maximize ripple rating for a given
size.
PROGRAMMABLE SYNCHRONOUS DC/DC
CONVERTER WITH LOW DROPOUT
REGULATOR CONTROLLER
SC1162/3
© 1999 SEMTECH CORP.
October 25, 1999
652 MITCHELL ROAD NEWBURY PARK CA 91320
12
OUTLINE DRAWING
JEDEC MS-013AD
B17104B
ECN99-667
This datasheet has been download from:
www.datasheetcatalog.com
Datasheets for electronics components.

How To remove MTX Virus

VIRUS COMPUTER
HOW TO REMOVE MTX VIRUS
Dear all, today i made some experiments with mtx virus...I found this virus is very
dangerous virus.. this is a new type of worm and trojan combination found on aug 2k.
Once you infected, no antivirus can remove in windows mode, mtx virus infected
windows components like wsock32.dll, explorer.exe , run32dll.exe that cannot deleted,
remove or rename in windows mode.
W95.MTX has a virus component and a worm component. It propagate using email. Also
it infects some Win32 executables in specific directories.The virus also has the capability
to block access to certain web sites. This may prevent users from downloading new virus
definitions.
The best way how to remove mtx, is use rescue disk of antivirus ( you must have
antivirus software like avp, nav, or mcafee ), then scan your hardisk in dos mode.... it's
need 3 up to 5 hours depend on your hardisk volume and usages.
If you don't have antivirus updated at least from october 2k , you can try this article from
symantec
http://www.symantec.com/avcenter/venc/data/w95.mtx.html
I suggest you to try both of way.. use rescue disk ( you will need 5 diskettes ) and manual
removal, to check whether your antivirus already clean up all the files or not, hope will
help
note : for your safety, please don't ever open attachment contain one of those files :
I_wanna_see_you.txt.pif
Matrix_screen_saver.scr
Love_letter_for_you.txt.pif
New_playboy_screen_saver.scr
Bill_gates_piece.jpg.pif
Tiazinha.jpg.pif
Feiticeira_nua.jpg.pif
Geocities_free_sites.txt.pif
New_napster_site.txt.pif
Metallica_song.mp3.pif
Anti_cih.exe
Internet_security_forum.doc.pif
Alanis_screen_saver.scr
Reader_digest_letter.txt.pif
Win_$100_now.doc.pif
Is_linux_good_enough!.txt.pif
Qi_test.exe
Avp_updates.exe
Seicho_no_ie.exe
You_are_fat!.txt.pif
Free_xxx_sites.txt.pif
I_am_sorry.doc.pif
Me_nude.avi.pif
Sorry_about_yesterday.doc.pif
Protect_your_credit.html.pif
Jimi_hendrix.mp3.pif
Hanson.scr
F___ing_with_dogs.scr
Matrix_2_is_out.scr
Zipped_files.exe
Blink_182.mp3.pif
withlove - sophie
W32 / NAVIDAD (Worm Virus)
W32/Navidad@M is an Internet worm that spreads using the Windows email program
Outlook. McAfee AVERT has given it a risk assessment of MEDIUM-ON WATCH, due
to a significant increase in infection levels worldwide.
The email can come from addresses that you will recognize. Attached is a file named
NAVIDAD.EXE and when it is run, it displays a dialog box entitled, "Error" which reads
"UI". A blue eye icon then appears in the system tray next to the clock in the lower right
corner of the screen, and a copy of the worm is saved to the file "winsvrc.vxd" in the
WINDOWS SYSTEM directory. If your PC becomes infected with the
W32/Navidad@M worm, all subsequent emails addressed to you will be responded to
automatically with an email from your address with the W32/Navidad@M worm as an
attachment.
What the tool does :
After running the W32.Navidad Fix Tool, you will be able to launch programs just as
your were able before W32.Navidad infected your computer.
The value Win32BaseServiceMOD is removed from the following registry key :
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
* HKEY_USERS\DEFAULT\Software\Navidad on Windows 95 and Windows 98
systems or HKEY_CURRENT_USER\Software\Navidad on Windows NT and Windows
2000 systems.
* The value of
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command is
restored to "%1" %*" on Windows 95 and Windows 98 systems or The value of
HKEY_CLASSES_ROOT\exefile\shell\open\command is restored to "%1" %*" on
windows NT and Windows 2000 systems.
* The file winsvrc.vxd is removed from the Windows system directory.
To verify the digital signature of fixnavid.com using chktrust.exe. Download Chktrust
into the same folder where fixnavid.com is located. Launch the MS-DOS prompt via the
Start/Programs/MS DOS prompt menu. Change to the folder where fixnavid.com and
chktrust.exe are stored. If the files were saved to the desktop folder on a system running
Windows 95 or Windows 98 the customary command to enter in the MS DOS prompt is:
cd \windows\desktop
Type the following command to check the digital signature of fixnavid.com: chktrust -i
fixnavid.com. If the digital signature is valid you will see a dialog asking the following
question: "Do you want to install and run "navidadfix" signed on 11/11/00 2:10PM and
distributed by Symantec Corporation."
The date and time that are displayed in this dialog will be adjusted to your timezone if
your computer is not set to the Pacific time zone. For example, if you live in the Eastern
time zone the date and time you will see will be 11/11/00 5:10PM. If you have the
Daylight Savings feature activated on your computer's clock, the time displayed will be
exactly one hour earlier.
You might also see the text message "Result:0" displayed following the command line. If
you do, then the test is positive and the file is confirmed as being from Symantec. If this
dialog or text message do not appear or the date and time are not properly adjusted for
your timezone do not use your copy of fixnavid.com. It is not from Symantec. If this
dialog appears and the text is correct for your timezone this copy of fixnavid.com is from
Symantec. Click the "Yes" button to dismiss the chktrust dialog. Type exit and then press
the enter key. This will terminate the MS DOS session.
MCAFEE VIRUSSCAN USERS (notes on detection and removal using McAfee
VirusScan): McAfee VirusScan 4.1.00 and above with DAT file 4105 and higher will
detect and remove W32/Navidad @M.
* Detection and Removal instructions.
* ActiveShield installed and/or updated, if you are not protected from infection from this
worm.
* Instant Protection If you are not a subscriber to the McAfee.com Clinic.
* Complete Instructions on removal and repair.
* Help Center for going to the W32/Navidad @M.
* VirusScan Online become a McAfee.com Clinic subscriber and check your system
online.
* Purchase the latest copy of VirusScan.
* Upgrade to the latest VirusScan. Purchase the VirusScan Maintenance Plan which
entitles you to 12 months of upgrades.
* Download the latest DAT files.
* Find out how to detect and prevent viruses with these handy tips.
JUNE 1st VIRUS WARNING DECLARED A HOAX
Are you worried about all of your files being deleted if you don't take action fast?
Supposedly, a little known file found on most Windows PCs can do some serious damage
if you don't delete it. According to the latest virus hoax, you need to delete a file in
Windows before June 1st or all of your files will be deleted. Well, before you start
panicking, find out what Dr. D. Bunk has to say about SULFNBK.EXE.
A new virus, (W32/SirCam@MM) has made an appearance. This virus sends itself to
everyone in your address book "and" reads from your CACHE folder for mailto address
and sends to thes as well. Everyone should do a scan of their system to see if it's on your
computer. Many of you will find it is. It's a bit of a pain to get rid of but it can be done.
Two things all Internet users can/should do to help prevent the spead of these viruses are:
1: Do Not select the option in Outlook/Outlook Express to automatically add senders to
your adress book. If you have this option selected, go into your option folder and disable
it.
2: If you use an auto-responder, you should always have virus protection in place. If you
don't, then you will be sending this virus to everyone you reply to.
For more information on this virus, it's characteristics and how to kill it, please visit:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99141
WARNING No.1
Do not open Snow-white and the Seven Dwarfs, it is the Hybris virus which is a worm
and will destroy all of your files and sends itself to everyone in your address book. It is
being sent by HAHAHA@sexyfun.net and is sent as attachment, an executable file.
WARNING No. 2
If you receive any CELCOM Screen Saver, please do not install it! This screen saver is
very cool. It shows a NOKIA hand phone, with time messages. After it is activated, the
PC cannot boot up at all. It goes very slowly. It destroys your hard disk. The Filename is
CELLSAVER.EXE
WARNING No. 3
Beware! If someone named SandMan asks you to check out his page. DO NOT! It is at
http://www.geocities/. This page hacks into your C:/drive. DO NOT GO
THERE...FORWARD THIS MAIL TO EVERYONE YOU KNOW.
WARNING No. 4
If you get a E-mail titled "Win A Holiday" DO NOT open it. Delete it immediately.
Microsoft just announced it yesterday. It is a malicious virus that WILL ERASE YOUR
HARD DRIVE. At this time there is no remedy.
MENGENAL VIRUS KOMPUTER
Cara Virus Komputer Bekerja
Virus komputer: Sebuah kode komputer yang mampu "berbiak dengan sendirinya" yang
menempelkan sebagian atau seluruh kodenya pada file atau aplikasi, dan mengakibatkan
komputer Anda melakukan hal-hal yang tidak Anda inginkan.
Virus-virus komputer merupakan penyakit umum dalam dunia teknologi modern. Mereka
dapat menyebar dengan cepat melalui jaringan komputer yang terbuka seperti Internet,
dan mengakibatkan kerugian hingga milyaran dolar dalam waktu singkat. Lima tahun
yang lalu, peluang untuk terjangkiti sebuah virus dalam periode 12 bulan adalah 1
berbanding 1000; sekarang perbandingan itu naik drastis hingga 1 berbanding 10.
Statistik vital dari virus:
· Virus-virus masuk ke dalam sistem Anda melalui e-mail, download, floppy disk yang
terinfeksi, atau (kadang-kadang) oleh hacking.
· Dari definisinya, sebuah virus harus dapat melakukan "pembiakan sendiri" (alias
membuat kloning atau salinan dari dirinya sendiri) untuk dapat menyebar.
· Saat ini terdapat ribuan jenis virus, tetapi hanya sedikit yang ditemukan "di belantara"
(berkeliaran, tak terdeteksi, di dalam jaringan) karena sebagian besar dari virus yang
dikenal lahir dari laboratorium, yang merupakan varian dari virus "liar" yang banyak
terdapat di dunia.
· Akibat yang ditimbulkan virus bervariasi, mulai dari yang menjengkelkan hingga yang
sangat merusak, akan tetapi virus yang paling sederhana pun memiliki kecenderungan
untuk merusak karena adanya bug pada kode komputer mereka (karena programmer
virusnya sangat ceroboh atau memang punya niat jahat).
· Software antivirus yang ada di pasaran saat ini dapat mendeteksi hampir semua jenis
virus yang ada, tetapi harus diupdate secara reguler untuk menjaga keefektifannya.
Sebuah virus hanyalah sebuah program komputer. Seperti program komputer lainnya, di
dalamnya terdapat instruksi yang dapat menyuruh komputer untuk melakukan tugas
tertentu. Tetapi berbeda dengan program aplikasi, sebuah virus biasanya memerintahkan
komputer Anda untuk melakukan hal yang sebenarnya tidak Anda inginkan, dan biasanya
dapat menyebarkan dirinya ke file-file yang ada di dalam komputer Anda--dan kadangkadang
ke komputer orang lain juga.
Bila Anda beruntung, sebuah virus paling-paling hanya menyebabkan komputer untuk
melakukan tindakan yang aneh-aneh, seperti menyebabkan speaker komputer Anda
berbunyi "blip-blip-blip" secara acak. Yang paling ditakuti adalah virus ganas yang dapat
menyebabkan seluruh data pada harddisk Anda hilang (dengan memerintah komputer
untuk memformat harddisk), bahkan ada virus yang dapat merusak hardware komputer
Anda, seperti virus CIH yang merusakkan BIOS motherboard komputer Anda.
Bagaimana Komputer Saya Dapat Terkena Virus?
Komputer Anda dapat terinfeksi virus saat Anda menyalin sebuah file yang terinfeks ke
dalam komputer, kemudian mengaktifkan kode dari tubuhnya saat file yang terinfeksi
tersebut dijalankan atau dibuka. Mungkin Anda tidak merasa menyalinkan file terinfeksi
ke dalam komputer Anda: Hei, virus tidak peduli apakah mereka menempel pada
attachment e-mail, saat Anda tengah mendownload file, atau melalui floppy disk yang
sering dipinjam-pinjamkan. Dan saat ini, dengan meningkatnya pemakai Internet, trend
penyebaran virus adalah melalui attachment e-mail.
Pada saat Anda membuka file atau aplikasi yang terinfeksi, kode perusak menyalin
dirinya sendiri ke dalam sebuah file pada sistem Anda, kemudian menunggu untuk
mengirimkan isinya--apapun itu yang dirancang si programmer untuk dilakukan pada
komputer orang lain. Dengan hanya menghapus e-mail yang terinfeksi setelah Anda
membuka file attachment-nya tidak akan menolong, karena virus tersebut telah merasuk
ke dalam sistem komputer Anda sebelumnya.
Seorang penulis virus dapat mengeset waktu penyerangan virusnya, saat itu juga, pada
waktu atau tanggal tertentu, atau pada saat suatu perintah tertentu dijalankan, misalnya
sewaktu Anda memerintahkan menyimpan atau menutup sebuah file. Contoh: virus
Michaelangelo yang diprogram untuk melepas kode perusaknya setiap tanggal 6 Maret
setiap tahunnya--yang merupakan tanggal ulang tahun
Jenis-jenis Virus Umum
Saat ini banyak jenis variasi virus yang beredar, kebanyakan diantaranya dapat
dikelompokkan menjadi enam kategori umum, dimana tiap jenis sedikit berbeda cara
kerjanya:
· Virus boot-sector: menggantikan atau memasukkan dirinya ke dalam boot-sector--
sebuah area pada hard drive (atau jenis disk lainnya) yang akan diakses pertama kali saat
komputer dinyalakan. Virus jenis ini dapat menghalangi komputer Anda untuk melakukan
booting dari hard disk.
· Virus file: menginfeksi aplikasi. Virus ini melakukan eksekusi untuk menyebarkan
dirinya pada aplikasi dan dokumen yang terkait dengannya saat file yang terinfeksi
dibuka atau dijalankan.
· Virus makro: ditulis dengan menggunakan bahasa pemrograman makro yang
disederhanakan, dan menginfeksi aplikasi Microsoft Office, seperti Word dan Excel, dan
saat ini diperkirakan 75 persen dari jenis virus ini telah tersebar di dunia. Sebuah
dokumen yang terinfeksi oleh virus makro secara umum akan memodifikasi perintah
yang telah ada dan banyak digunakan (seperti perintah "Save") untuk memicu penyebaran
dirinya saat perintah tersebut dijalankan.
· Virus multipartite: menginfeksi baik file dan boot-sector--sebuah penjahat berkedok
ganda yang dapat menginfeksikan sistem Anda terus menerus sebelum ditangkap oleh
scanner antivirus.
· Virus polymorphic: akan mengubah kode dirinya saat dilewatkan pada mesin yang
berbeda; secara teoritis virus jenis ini lebih susah untuk dapat dideteksi oleh scanner
antivirus, tetapi dalam kenyataannya virus jenis ini tidak ditulis dengan baik, sehingga
mudah untuk diketahui keberadaannya.
· Virus stealth: menyembunyikan dirinya dengan membuat file yang terinfeksi tampak
tidak terinfeksi, tetapi virus jenis ini jarang mampu menghadapi scanner antivirus terbaru.
Semua Kode Jahat (Malicious Code) Bukanlah Virus
Salah satu persepsi keliru dalam masyarakat komputer adalah kode elektronik buruk
lainnya, seperti worm dan aplikasi Trojan horse adalah jenis virus. Mereka bukan virus.
Worm, Trojan horse, dan virus dalam kategori yang besar biasa disebut analis sebagai
"kode jahat".
Sebuah worm akan mereplikasi dirinya dan masuk ke dalam koneksi jaringan untuk
menginfeksi setiap mesin pada jaringan tersebut dan kemudian mereplikasi dirinya
kembali, mengambil ruang hard disk dan memperlambat kerja komputer dan jaringan.
Walau begitu, worm tidak mengubah atau menghapus file-file lainnya.
Sebuah Trojan horse tidak mereplikasi dirinya, tetapi ia berupa sebuah program jahat
yang disamarkan sebagai format lain seperti sebuah screen saver atau file gambar. Saat
dieksekusi pada mesin Anda, sebuah Trojan horse akan mengambil informasi dari sistem
Anda--seperti nama user dan passwordnya--atau dapat membuat seorang hacker jahat
mengambil alih komputer Anda secara remote (dari jarak jauh).
Software Antivirus Menjawab Panggilan Darurat
Para ahli virus telah mendata sekitar 40.000 jenis virus dan variannya selama bertahuntahun,
walau hanya 200 jenis saja yang saat ini aktif di belantara komputer. Sementara
kebanyakan virus lebih banyak hanya mengganggu dan menghabiskan waktu kita, dari
jenis yang sangat merusaklah yang sangat berbahaya bagi kesehatan [komputer dan
kantung Anda].
Virus komputer telah ada sejak tahun 1960, sejak dimulainya era komputer, walau hingga
kisaran tahun 1980 mereka kebanyakan hanya spesimen di laboratorium komputer,
diciptakan oleh periset dan dilepas dalam lingkungan yang terkontrol untuk mengevaluasi
efek mereka.
Saat virus pertama kali ditemukan di permukaan pada tahun 1980-an, penyebaran mereka
sangat lambat dan berpindah melalui "jaringan penyelundup": melalui floppy disk yang
dijual dan dibagi pakai antar komputer. Tetapi dengan adanya Internet dan akses e-mail
penyebaran virus semakin dipercepat.
Dua tahun yang lalu, dimulai dengan munculnya virus Melissa LoveLetter, penyebaran
virus lewat e-mail terus meningkat sehingga perbandingan pengguna komputer biasa
menghadapi virus pun semakin membesar. Virus e-mail sekarang menempati tempat
teratas dimana ia mengambil porsi 81 persen penyebab komputer terinfeksi virus dan
dapat menyebar ke dalam sistem dalam hitungan menit.
Berlatih Menggunakan Komputer Secara Aman
Jalan terbaik untuk melindungi diri [eh, komputer] Anda dari virus adalah jika Anda
memiliki koneksi ke Internet, jangan membuka attachment e-mail dari orang yang tidak
dikenal dan hindari mendownload dari sumber yang tidak jelas. Lawan keinginan Anda
untuk mengklik-dobel isi mailbox Anda. Dan bila Anda mendapat sebuah attachment file
dan Anda tidak memintanya, tanyakan pada si pengirim tentang isi attachment dan
bagaimana cara menggunakannya tersebut sebelum dibuka.
Untuk memperketat keamanan, Anda perlu menginstall software scanning antivirus yang
handal dan selalu mendownload updatenya secara teratur. Vendor software antivirus
besar, seperti Symantec, Network Associates, Computer Associates, dan Kapersky Lab,
menyediakan layanan update reguler (sebagai catatan Computer Associates InoculateIT
merupakan software antivirus yang gratis). Beberapa vendor juga menawarkan layanan
update reguler melalui situs Web perusahaan mereka.
Update secara reguler sangat penting. Para periset dari Computer Economics
memperkirakan bahwa 30 persen dari usaha kecil sangat rentan terhadap bahaya virus
dan itu dikarenakan mereka tidak mengupdate software antivirus mereka secara teratur
atau mereka tidak menginstalasikannya secara benar.
Cara Kerja Software Antivirus
Software antivirus memindai isi harddisk komputer dengan dua cara. Bila terdapat virus
yang dikenal (yaitu virus yang telah diketahui keberadaannya dan penangkalnya telah
ditemukan) maka software tersebut akan mencari signature (tanda) virus--yaitu sebuah
string unik pada byte program virus yang mengidentifikasikan virus tersebut seperti
sebuah sidik jari--dan akan membuangnya dari sistem Anda. Kebanyakan software
scanning tidak hanya mencari virus jenis awal saja, tetapi juga dapat mencari varian virus
tersebut, karena kode signature virus tersebut biasanya serupa.
Dalam kasus virus baru yang belum ditemukan antidote-nya, software antivirus akan
menjalankan program heuristic yang akan mencari aktivitas mirip virus pada sistem
Anda. Bila program tersebut melihat ada gejala tak beres, ia akan mengkarantinakan
program yang bermasalah tersebut dan akan menampilkan pesan peringatan pada Anda
mengenai apa yang akan dilakukan oleh program tersebut (misalnya mengubah registry
Windows Anda). Bila Anda dan software merasa bahwa program tersebut adalah virus,
Anda dapat mengirimkan file yang telah terkarantina tersebut pada vendor software
antivirus untuk dianalisa, menentukan signaturenya, menamainya dan memasukkannya
ke dalam katalog, dan mengirimkan antidote-nya. Virus itu sekarang merupakan virus
yang dikenal.
Bila virus tersebut tidak muncul lagi--hal tersebut sering terjadi karena virus tidak ditulis
dengan baik untuk disebarkan--vendor akan mengkategorikan virus itu sebagai dormant
(virus tidur). Tetapi sebagian virus menyebar seperti gempa: Penyebaran awalnya selalu
disertai dengan kejadian susulan. Varian virus (virus jiplakan yang muncul setelah
penyebaran virus pertama) akan menambah jumlah jenis virus yang ada.
Contoh adalah saat virus Melissa LoveLetter muncul di Amerika Serikat, variannya--
VeryFunnyJoke--langsung muncul dalam beberapa saat, diikuti dengan lebih dari 30 jenis
lainnya dalam dua bulan kemudian. Dan tidak semua varian berasal dari penulis program
yang misterius. Beberapa perusahaan pernah terinfeksi oleh varian virus yang disebarkan
oleh pegawainya sendiri yang penuh rasa ingin tahu terhadap virus yang mereka yang
terima, menciptakan variannya, dan melepaskannya dalam sistem komputer perusahaan
mereka--kadang secara tidak sengaja, kadang memang ingin melakukannya.
LANGKAH MENGATASI VIRUS KOK
Nama virus : WScript/kok.worm.bat Masih ingat virus Bubble Boy ?Virus itu
memunculkan trend baru tentang adanya virus e-mail.Tidak seperti virus Happy99.exe
dan PrettyPark.exe yang berbentuk attachment pada e-mail. Virus Bubbleboy dan virus
Kok ini merupakan virus yang berada dalam mail yang terinfeksi. Jadi penerima mail tak
perlu menjalankan file attachment, tetapi cukup dengan membaca mail tersebut,
terinfeksilah PCnya dengan virus e-mail generasi terbaru.
Pada tanggal 11 Februari 2000, sewaktu saya membuka PC saya, program antivirus
McAfee saya memberi message seperti ini :
C:\Autoexec.bat
Found the WScript/kok.worm.bat
Virus apa pula ini ? Kenapa PC saya (berbasiskan Windows '98) bisa terinfeksi virus ini ?
Darimana asal muasal virus ini ? Koq tidak ada warning dari McAfee saya sewaktu virus
itu akan menginfeksi PC saya? Karena saya tidak bisa menemukan cara membersihkan
virus ini (pada waktu itu), maka saya tekan tombol enter saja dan menjalankan komputer
seperti biasanya. Saya mulai merasa terganggu akan kehadiran virus ini setelah sering
komputer saya hang, padahal sedang online (kejadian ini tidak saya alami lagi sewaktu
virus tersebut sudah saya bersihkan). Saya kemudian ke homepage McAfee dan Network
Associates, tetapi jawaban yang saya temukan adalah : Search Results No Archive
Documents Matched The Query: WScript/kak.worm.bat
Wah ternyata, antivirus saya belum mempunyai catatan mengenai virus aneh ini.
Kemudian mulailah saya menjelajah mencari-cari keterangan mengenai virus ini. (berita
terakhir saya temui, virus ini dengan nama : Kagou-Anti-Kro$oft Kak ) Akhirnya saya
temukan sedikit keterangan di F-Secure : (dan berita terakhir Norton 2000 juga sudah
mengantisipasi hal ini). NAME: Kak ALIAS: Wscript.KakWorm, merupakan virus yang
melekat pada mail yang dikirim dari sistem yang telah terinfeksi. Virus ini ditulis dengan
Javascript dan bekerja pada Windows 95/98 versi Bahasa Inggris dan Perancis. Virus ini
memanfaatkan kerentanan Outlook Express. Pada waktu pengguna menerima e-mail yang
telah terinfeksi (biasanya dalam HTML/Rich Text style) maka virus ini akan membuat
file kak.hta pada direktori Windows Startup. Saya sendiri menemukan file kak.hta ini
pada folder : C:\WINDOWS\Start Menu\Programs\Startup\KAK.HTA
Pada waktu kita reboot komputer kita setelah file kak.hta ini sudah ada dalam sistem kita,
maka virus ini mengcopy file c:\autoexec.bat kita menjadi c:\ae.kak dan membuat file
c:\autoexec.bat baru dengan tambahan 2 baris di akhir file tersebut yang tulisannya
sebagai berikut :
@echo offC:\Windows\STARTM~1\Programs\Startup\kak.hta
del C:\Windows\STARTM~1\Programs\Startup\kak.hta
Kemudian signature kita di Outlook Express 5.0 akan direplace dengan signature yang
telah terinfeksi file kak.htm. Setelah kejadian ini, secara tak sadar jadilah kita penyebar
virus Kak ini, melalui e-mail yang kita kirim ke rekan-rekan kita. Jeleknya, kerja virus ini
bukan hanya sampai disitu saja. Registri kitapun diobrak-abrik. Dengan memodifikasi
registri maka virus ini akan bekerja setiap kita memboot / menjalankan komputer kita.
Kemudian pada hari pertama setiap bulan, jika waktu telah menunjukkan lebih dari 17:00
(5:00pm) maka virus ini akan menunjukkan kotak peringatan dengan tulisan : KagouAnit-
Kro$oft say not today! Kemudian virus ini akan membuat komputer Windows kita
shut down. Saya menemukan isi registri saya sbb. :
MyComputer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Doc Find Spec MRU Name Data (Default) (value not set)
a ""
b ""
c "DS32"
d "kok.reg"
e "kak.worm.bat"
f "sendcmt.cgi"
g "gotmale"
h "kak.reg"
i "bworks"
j "body"
MRUList "hadecgbijf
Kemudian file KAK.HTA saya temukan di : C:\WINDOWS\Start
Menu\Programs\Startup\KAK.HTA dan file kak.htm di : C:\Windows\kak.htm.
Bagaimana mengdiagnosanya? Berikut ini langkah mendiagnosa sekaligus menghapus
virus ini dari sistem Anda.
Periksa file C:\Autoexec.bat PC Anda. Start | Run | msconfig kemudian ke tab
Autoexec.bat Lihat apakah sudah ada 2 baris tambahan yang berisi :
@echo offC:\Windows\STARTM~1\Programs\Startup\kak.hta
del C:\Windows\STARTM~1\Programs\Startup\kak.hta
Jika kedua baris itu sudah ada, maka yang Anda perlu lakukan adalah menghapus
Autoexec.bat kemudian merename file C:\ae.kak menjadi C:\autoexec.bat.
Untuk melakukan hal ini gunakan perintah dari DOS. Cari file : KAK.HTA, jika ketemu
segeralah hapus : C:\WINDOWS\Start Menu\Programs\Startup\KAK.HTA kak.htm, jika
ketemu segeralah hapus : C:\Windows\kak.htm
Obok-obok registri dengan mencari kata kok.reg atau kak.reg. Bisa juga langsung saja
menuju :
MyComputer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Doc Find Spec MRU
Kemudian hapus segeralah file / karakter yang ada hubungannya dengan kak dan kok ini
di registri tersebut.
Periksa Start up komputer Anda, caranya : Start | Run | msconfig, kemudian ke tab
Startup. Akan terlihat dua line yang mengandung kata :
- cAgAu
- kak.hta
Uncheck kedua line ini. Jika telah di unchek, langkah selanjutnya adalah menghilangkan
2 baris ini melalui regedit. Gunakan fasilitas regedit ke :
HKLM/Software/Microsoft/Windows/CurrentVersion
Cari di bagian Run atau RunService.Cari karakter kak atau kok atau cAgAu dan hapus.
Dengan menghapus karakter ini maka fasilitas on/off di startupnya jadi hilang. Setelah ini
selesai dilakukan, bootlah kembali komputer Anda. Apa yang harus kita lakukan untuk
mencegah tertularnya virus ini ?
Upgrade Internet Explorer 5.0 Anda menjadi 5.01.Updatenya bisa di download di
Websitenya Microsoft Internet Explorer. Download security patch dari MS Windows
Patch ini bisa didapat gratis di websitenya MS yaitu di :
Internet Explorer Security Area.Baca teliti petunjuk di page tersebut dan download semua
patch-patch sesuai dengan konfigurasi komputer Anda.
Jika hal ini telah dilakukan, maka sewaktu ada virus sejenis yang menyerang sistem PC
Anda, akan muncul warning:
Some software (ActiveX controls) on this page might be unsafe. It is
recommended that you not run it. Do you want to allow it to run ?(Yes/No)
Kemudian muncul warning lagi (apapun yang kita tekan) : An ActiveX control on this
page is not safe. Your current security settings prohibit running unsafe controls on this
page. As a result this page may not display as intended (OK)
MATRIX / MTX VIRUS
Sekedar bagi pengalaman aja... Itu virus disebut virus matrix... Virus itu ditularkan
melalui email... Kalo terima email dengan attachment yang berextension ".pif" jangan
dibuka... Sebab begitu dibuka maka dia akan menyebar cepat...
Pertama-tama file wsock32.dll akan dihapus diganti dengan file-nya dia... Kemudian
sock32.dll juga dihapus dan diganti dengan file-nya dia juga... filenya dia selalu *.mtx...
Nach yang lebih parahnya dia juga menaruh register di windows register... Kalo
komputer diboot ulang maka register akan dijalankan... dan file yang dijalankan windows
akan membengkak sebesar kurang lebih 8kb... Dan kalo ngga salah lagi file yang
terinfeksi akan berjumlah sekitar 60-70 file windows... semuanya exe, com dan dll...
Saya tidak tahu apakah bisa dibersihkan dengan norton antivirus... Tapi sudah saya pake
scan mcafee versi terbaru ngga isa dibersihkan... satu2nya cara adalah mendelete file
tersebut... Tapi catatlah file tersebut sebelum mendelete... kemudian kopilah dari
komputer lainnya dengan sistem operasi yang sama... kalo windows 98 SE juga gunakan
windows 98 SE... Kalo belon dibersihkan setiap anda menjalankan file pasti terinfeksi...
Semakin lama semakin banyak yang terinfeksi... Dan file yang sudah terinfeksi jika
dijalankan akan membuat tiga buah file baru... file tersebut adalah MTX_.EXE,
IE_PACK.EXE dan WIN32.DLL Nach ketiga file ini di hidden dan akan terus muncul
selama virus masih ada (meskipun sudah didelete berulang kali)... dan register belum
dibersihkan.
Cara bersihkan register : (how to clean the register)
1. Start - run - type regedit - ok
2. Expand HKey_Local_Machine\Software\Microsoft\Windows\Current_version\Run
3. If you find the words: system backup = ... mtx_.exe --> just delete it
4. If you find in the expand current_version: the folder [matrix] just delete it.
After that you have to delete the files with name: MTX_.EXE, IE_PACK.EXE,
Win32.dll. the author suggest to delete it in MS_DOS mode, but i couldn't find that files
under dos, thus i just delete it in windows, and i wish that's cleaned perfectly now.
Jalankan regedit dulu baru kemudian selanjutnya ... Jadi jika anda sudah mengetahui file
apa saja yang terinfeksi (dat file mcafee terbaru adalah 4098)... Maka replace (tumpukin)
file tersebut dengan file yang sama yang bersih... (sizenya seharusnya lebih kecil)... Tapi
saat melakukan replace jangan masuk ke sistem windows... Melainkan lakukan melalui
ms-dos prompt... Jangan sekali2 melalui windows... sama saja bohong... pake F8 pilih
command prompt only... baru kemudian kopikan... Setelah itu hapus ketiga file tersebut
(MTX_.exe, win32.dll, dan ie_pack.exe) yang dihidden... baru load windows-nya...
kemudian check lagi apa tiga file tersebut masih ada... jika tidak ada maka sudah bersih...
jika masih ada maka masih ada yang terinfeksi... dan jalankan langkah di atas...
Saya sudah kena selama satu minggu dan sekarang sudah bersih... Biasanya sich file
'.pif'-nya itu selalu menarik untuk dilihat heheeee... Dan jika melihat ada file *.mtx
jangan ragu2 untuk melakukan pendelete-an... Dan jangan dicari backup-nya ... sebab
pasti tidak ada hahahaaaa... Ciri khas emailnya adalah email kosong dengan attachment
*.pif (terkadang sender bisa unknown)...
Cara kerjanya jika anda terinfeksi maka saat anda sending email akan disending pula
sebuah email ke alamat yang anda tuju... Jadi orang yang tuju akan menerima dua email
dengan subject yang berbeda dan isi yang berbeda... hati2... Semoga pengalaman saya
berguna untuk anda semua....
"Budianto Putero Widjaya"
VIRUS NAVIDAD
NAVIDAD adalah jenis virus Worm yang menginfeksi file Exe. Jika kita menjalankan
program Navidad*.Exe maka virus tersebut akan menyebar langsung ke sistem komputer.
Virus ini bekerja secara otomatis melakukan penyebaran ke setiap email yang kita kirim
dan terima berupa file attachment. Jadi bila mendapatkan file attachment yang bernama
Navidad.Exe lebih baik jangan dibuka, langsung dihapus saja.
Cara untuk membersihkan Virus Navidad yaitu:
1. Tutup semua program Windows yang dibuka.
2. Pilih: Start - Programs - MS-DOS Prompt
3. Pada Dos prompt, ketik:
Cd\, dir/s/p/a Navidad.*, hapus file navidad.* bila ditemukan.
Cd\, dir/s/p/a WinSvrc.*, hapus file WinSvrc.* bila ditemukan.
Cd C:\Windows, copy Regedit.Exe menjadi Reg.Com
4. Exit dari Dos prompt dan ReStart komputer.
5. Buat file text kosong dan berikan nama UnNavidad.Reg
6. Copy dan Paste line di bawah ini ke UnNavidad.Reg yang telah dibuat tadi:
REGEDIT4
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command]
@="\"%1\" %*"
7. Klik file UnNavidad.Reg yang telah dibuat tadi
8. Pilih: Start - Run, ketik C:\WINDOWS\Reg.com
9. Pilih: Edit - Find, ketik: Winsvrc
10. Cari setiap key yang berisi 'winsvrc' dan hapus dengan cara: right click - delete.
11. Ulangi langkah 6 & 7 sampai selesai.
12. Ulangi langkah 6 & 7 untuk setiap key yang berisi 'Navidad'
13. Tutup reg.com dan shutdown komputer.
14. Matikan Cpu tunggu beberapa detik dan hidupkan Cpu kembali
15. Coba kirim email ke alamat sendiri untuk memastikan apakah virusnya telah hilang...,
semoga berhasil...
VIRUSWin32.Invalid.A@mm (laporan: yay)
Sebuah virus kategori worm bernama Win.32.Invalid.A@mm dikabarkan terdeteksi di
server Microsoft Technical Support. Central Command, Kamis (30/8), mengirimkan
peringatan menyangkut virus berbahaya yang menjalar via e-mail itu.
Menurut Microsoft, virus ini sangat berbahaya karena bisa mengenkripsikan aplikasi file
.exe secara acak dan membuatnya luluh-lantak. Selain merusak .exe, virus ini juga
memeriksa koneksi internet yang terbuka sambil mencari file berekstensi .ht dalam folder
My Ducuments. Lebih jauh, mereka masuk ke alamat e-mail dan melakukan proses
forward dengan sendirinya. Ciri-cirinya dalah:
From: "Microsoft Support" support@microsoft.com
Subject: Invalid SSL Certificate
Hello,
Microsoft Corporation announced that an invalid SSL certificate that web sites use is
required to be installed on the user computer to use the https protocol. During the
installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by
that allows attackers to get access to your computer. The SSL protocol is used by many
companies that require credit card or personal information so, there is a high possibility
that you have this certificate installed. To avoid of being attacked by hackers, please
download and install the attached patch. It is strongly recommended to install it because
almost all users have this certificate installed without their knowledge.
Have a nice day,
Microsoft Corporation, Attachment: sslpatch.exe
Nah, menurut Central Commands virus ini sangat berbahaya lantaran banyak orang yang
sedang gencar melakukan upgrade Internet Explorer 6.0 dan Media Player 7. Buat yang
menerima file ini harap jangan membuka attachment-nya.