Tuesday, October 23, 2007

Startup Configuration

Windows may start up quickly, but then these programs that run on startup intensifies the load and slows the system to a drag. Find out how to prevent programs from starting up automatically at boot time

When Booting Means Waiting

Windows XP does start up pretty quickly, but the startup programs that it launches lengthens the time to get your system up and running. If only there's a way to disable those pesky startup programs from opening automatically.

Thankfully, Windows XP includes a small utility, called the System Configuration Utility, that allows you to customize, on some levels, which programs should launch at startup.

To start the System Configuration Utility:
  1. Go to Start, then Run.
  2. Type msconfig and press Enter

The System Configuration Utility will appear on your screen. Select the Startup tab, because that's the tab that controls Startup behaviour. Here, you can tweak which programs should start automatically when Windows starts, and which should not. Of course, you have to select the programs you don't really need, or rarely used. If you feel that you don't really use the program, then go ahead and uncheck it. This operation is completely reversible. System Configuration Utility runs even on Safe Mode, by the way.

Of course, there are many utilities that allows you to configure your startup to a more precise level, but at least you know that this utility is included with Windows.

Copyright 2007 Sonicsoft Corporation
All Rights Reserved.

Sunday, October 21, 2007

Removing Common USB Viruses

How do you remove a common USB drive virus? Follow these instructions and you will be blasting those viruses off your system.

Flush Those USB Drive Viruses Away

USB viruses are so common these days that people expect their USB drive to be infected when inserted into a public computer. Although vicious as these viruses may be, there are simple ways to prevent them from infecting your system. You can find more information by reading my blog, A New Virus Infection Method at Sonicsoft Wired.

Now, of course, occasionally your USB drive will become infected with these type of viruses. What ever shall we do? Luckily, I have created a simple survival guide so that at least you have a technical know how on how to drive those viruses away.

Your Best Defense
Your best defense? Know your system. I don't mean to actually know the technical specifications, but more on the software side - what operating system version and service pack you have, the programs you have installed, any protection software such as anti viruses and anti spywares installed, and the usual behaviour of your system.

Of course, a dead giveaway of a virus is when your system behaves weird or unexpectedly, such as, and more commonly, changed Windows Internet Explorer title bar (replacing Internet Explorer with a different value, like a website or a slogan). Others are more subtle, like running unknown programs in your system, or mysterious pop-ups or dialog boxes that displays garbage.

The best way to protect yourself from threats like USB viruses is to know your Task List. It is the list of all running programs you have in your system. You can see the Task List by opening the Windows Task Manager.

To open Task Manager, either:

  • press CTRL + ALT + DEL all at the same time, known as the three-finger salute; or

  • right-click a blank portion of the task bar, and select Task Manager

SIDEBAR: Processes and Programs are used
interchangeably and mean the same thing

When the Task Manger opens, select the Processes tab. This tab has the complete list of every single program or processes your system is currently running. It is imperative that you familiarize yourself with this list. I am not saying that you need to memorize the list, but it really helps.

The Task manager Processes tab contains certain columns worth mentioning. The first column Image Name is the process or program's executable file name. You will usually find the name followed by the extension .EXE as these are the common executable. Some may end with .COM, or .BAT. Another column is labeled User Name, indicates which user executed the process. Depending on your system, it will contain your log-in name, SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. This column is also important, as viruses are run by your log-in name, not by the system, or any service. Lastly, the column labeled CPU indicates how much the processes is using your computer. The higher this number, the busier the process is.

You need to be familiar with the Image Name column. It gets easier, as certain names are really discernible based on your knowledge of what programs you have in your system. For example, the task labeled Winword.exe is clearly your Microsoft Word (a bad example. It's named Winword because the original name is called Word for Windows, hence WinWord), and other stuff like mspaint.exe is your Windows Paint program.

USB viruses are programs themselves, so they appear on your Task List. That's why you need to determine which process in the task list is legit, and which ones are viruses. To do that, carefully look through the list and see if any Image Name is unfamiliar. Since viruses are run by your local user name, you only need to look through processes with your user name under the User Name column. Be vigilant, as some viruses use file names that are surprisingly similar to legit programs, like explore.exe, or mpsaint.exe.

If you see any funny names (and that's why you need to be familiar with the list), do a web search on it. Chances are, they may be viruses. If a web search doesn't yield any results, immediately kill the process by hitting Del on your keyboard, or right-clicking the process and select End Process on the context menu. Standby if the process spawns again. If it does, look deeper in the task list - there might be another process that runs the virus every time it's terminated. If it doesn't, lucky for you. You can proceed to rooting it out.

Deleting Traces
Common USB viruses run by starting every time Windows starts. Of course, it can only start when the virus itself is present in your system, so you need to hunt down the root of the virus.

To do that, follow these steps:

  1. Open the Command Interpreter. Go to Start, then Run, type CMD and press enter. The Command Prompt will appear

  2. To go to the root of your drive, type CD \ (backslash) and press enter

  3. Type attrib and press Enter

  4. The program will list all the files on your root. Look carefully for a file name named AUTORUN.INF, which contains information about the virus. Your hard drive root shouldn't contain this file.

Before you delete this file, open it with Notepad. To do that, type:

attrib -h -r -s autorun.inf

and press Enter. Then type:

notepad autorun.inf

and press enter in the command prompt. Notepad will appear opening the file. Don't worry, it's safe to open this file.

Look through the contents of the file. Eventually, you'll find a line that goes:

open = someprogram.exe

inside. This is the Image Name of the virus. Now, make a mental note of the name, close Notepad, and go back to the command prompt. Type in the following:

attrib -h -r -s someprogram.exe

replacing the someprogram with the name you saw inside the notepad file. And press Enter. Then, type the following:

erase someprogram.exe
erase autorun.inf

pressing Enter after each line. This effectively removes the virus program from your computer. Depending on the number of drives you have, you will repeat the entire process (tedious, but required) to completely remove the virus, although you will have to change step 1 above with this step:

  1. Type in the drive letter of your next hard drive followed by a colon (D:) and press Enter. Proceed to step 2.

You will also have to do this on your USB drive.

Tweaking the Registry
We really removed the virus, but the changes the virus made to your system are still left. To do that, we need to tweak the registry.


To open the Windows Registry Editor, go to Start, then Run. Type regedit and press Enter. You will enter the brain of Windows.

Press CTRL + F to do a search. Type mountpoints2 and press Enter. For faster results, make sure that only the Keys under Look at is checked. The Windows Registry will perform a search. After that, you will be presented with the result.

Alternatively, you can navigate to


If you performed a search, make sure the status bar below is similar to this one.

Click an entry on the left, and check the properties on the right. If the right panel shows a _LabelFromReg Name, that's a hard drive attached to your computer. The value for this would be the label of your hard drive.

Now, expand the entry by clicking the [+] icon. The dead giveaway is that it has this plus icon. If it doesn't have the icon or it cannot be expanded, your drive is not infected and search for other entries or drives.

If you expanded it and it contains the _AutoRun or AutoPlay node, your computer drive is infected. What you need to do is select the _AutoRun or AutoPlay node and delete the entry by pressing Del in your keyboard. (Make sure you have a backup of the registry just in case the operation fails). Click Yes on the next window.

Now, search for other entries that is a drive and contains the _AutoRun node and perform the steps above.

You may also need to do this for your flash drives. It's quite tricky and complicated, but the idea is remove all _AutoRun entries except for CD drives. The hard part is figuring out which is which, so be careful. Don't do it if in doubt.

There you go, how to remove a virus info from your computer. It's quite complicated and tedious, but it's the only way if your anti virus cannot detect the virus. Also, be vigilant when inserting a foreign USB drive, and be careful.

For more questions, you can email me at wired.sonicsoft@gmail.com. I will reply to your questions as soon as possible.

Copyright 2007 Sonicsoft Corporation
All Rights Reserved

Thursday, October 18, 2007

Missing Fonts in Microsoft Word

Have you ever experienced a time when Microsoft Word mysteriously changed your fonts to something else? Find out how to correct this problem with Microsoft Word's nifty feature.

Where Did My Fonts Go?

Your report is finished and all you have to do is print it. You spent all night trying to figure out what font faces will be appropriate for the context, and finally decided on a nice font that strongly suggest the theme of your report. You figured you can print the document at the office, only to find out that all the fonts you've used have been changed.

Face it, Microsoft Word performs a technique called Font Substitution, where your fonts are replaced by a similar looking font face. The reason behind it is that Microsoft Word cannot find the appropriate fonts in the system and therefore substitutes other similar looking fonts to display the document properly, otherwise, all you'll see are a bunch of squares that's pretty much garbage.

Missing fonts occur when a document is created with a very unique font, which is usually installed on the computer which created the document. To put it simply, not all computers have the same fonts installed on them. So, what you need to do is to have that font installed on another computer.

Of course, you can copy the font from the \Windows\Fonts folder and install it on the next computer, but did you know Word has a feature that does this for you? Well, it's a slightly different trick, it embeds the font into the document, so it looks the same on any computer. It usually results in a slightly bigger file, but at least you are guaranteed your document is WYSIWYG.

To embed fonts to your document

Microsoft 2003 and earlier

  1. Go to Options under the Tools menu.

  2. Open the Save tab

  3. Find the option, Embed fonts to this document. You can either choose whether to embed the whole font (bigger file size), or embed only the characters used in the document (usually results in smaller file size, but it's not recommended if you are still going to edit the document later)

  4. Click OK to save changes

Microsoft 2007

  1. Click the Office Menu button. It's the button on the top-left corner with the Office logo.

  2. Click Word Options at the bottom of the menu

  3. On the next window, click the Save option on the left

  4. Scroll until you find the option, Embed Fonts used in this document. You will be presented with the choice whether not to embed common system fonts (system fonts are fonts installed when Windows is installed, and usually includes Tahoma, Arial, and Times New Roman), and embed characters used in the document (results in smaller file sizes, but is not recommended if you will edit the document later)

  5. Click OK to save changes

The caveat though is that your documents will result in bigger file sizes, especially small documents (from 5 KB to 300+ KB) so be sure to watch out for that. And Word will save your document a little slower as it has to embed the fonts onto the document. Auto Save will also lag, so I recommend that you embed or enable the font embedding just before saving and quitting Word.

Also, fonts are only embedded for the current document, so you have to do this either to all your documents, or try to open NORMAL.DOT and apply that. Word doesn't really install those fonts into the Fonts folder, and you cannot extract the font used by regular means (unless some hack exists that I don't know yet).

There you go, saving documents to preserve formatting. But the best option is to use simple fonts and avoid unusual ones. At least you are assured that your document will look exactly as you typed it. And of course, you can convert it to PDF format. That preserves all formatting, but prevents the document from being edited easily.

One final tip, this is applicable to all Office suite programs. Pretty neat, huh?