Micro-Claymore Mine
Monday, January 31, 2005
Check out the instructions here.
Spybot-S&D - Remove spyware using Spybot-S&D. Update, scan and remove all the infections you can, then turn on the immunization feature of Spybot.
http://www.safer-networking.org/en/index.html
Ad-Aware SE Personal - This one is a personal favorite. Another spyware removal tool, update, scan and remove all the infections.
http://www.lavasoftusa.com/software/adaware/
SpywareBlaster - install SpywareBlaster to block future infections.
http://www.javacoolsoftware.com/spywareblaster.html
AVG Anti-Virus FREE - If you need a free virus prevention tool, visit:
http://free.grisoft.com/freeweb.php
Maybe you really like the "Windows XP Pro/Home" screen that appears when WinXP boots up, but I doubt it. Jeez. You know what OS you run. You know Microsoft made it. Does it really need to remind you at every startup? No. Allow me to show you how to make the currently obvious (and boring) boot screen say whatever you want. You have two options.
1. Use a boot screen changing program that walks you through the process.
2. Hack your boot screen.
Boot screen programs
I really like Stardock's BootSkin, a free program that works with Windows 2000/XP. Plus, you don't have to mess with the Windows kernel, which can really suck if you do something wrong. I like another good program called Screen Booty even better. It works with Windows 95/98/ME/2000/XP, but you'll need to pay $18 when the 60-day free trial period ends.
Hacking = more fun
I never like doing things the easy way, so I'm going to explain how to hack your WinXP boot screen by modifying the Windows kernel in Resource Hacker. Modifying the kernel is really risky, and if you mess things up, Windows may not even start. Please be careful. No, onto the danger! Start by getting the tools you need.
Every smart Windows tweaker needs Resource Hacker. Download it.
You'll also need an image editor that can import palettes such as Photoshop or Paint Shop Pro. I'm using Paint Shop Pro's free trial edition.
The step-by-step
1. Locate ntoskrnl.exe in your \Windows\System32 folder. You might have to unhide the folder.
2. Make a copy of your ntoskrnl.exe and rename it ntoskrnl.bak for backup safety.
3. Launch Resource Hacker and open ntoskrnl.exe.
4. In the left hand you will see a list of resources to edit. Open the first tree called Bitmaps and you'll see numbers 1 through 12. The Windows XP Pro bitmaps are numbers 1, 8, and 10. Windows XP Home bitmaps are numbered 1, 7, and 9. The bitmaps are slightly different shapes and sizes based on the graphics and text for each. In this tutorial we'll work with Windows XP Pro. If you use Home, substitute the numbers for your OS.
5. Select No. 1. The bitmap will appear completely black, but it really isn't. For some reason Microsoft removed the color palette from the logo to another location in Windows XP. We'll fix it later in our image editor.
6. Go to the Action Menu and choose "Save Bitmap." You can save the bitmap wherever you want, but remember where you put them for later. Repeat this process for numbers 8 and 10.
7. Open your image editor (my steps are for Paint Shop Pro 8, but you Photoshop experts can go that route). Open all three of your saved bitmap images. When opened, they should appear totally black.
8. We'll have to import the palette to see the actual images. Save the following file to Program Files\Jasc\Paintshoppro\Palettes.
Download Paint Shop Pro Color Palette
Side note: you might need to right-click and "Save Target As" if your browser tries to open the file as a bunch of numbers. Make sure you rename the file with the extention ".PSPpalette" if that's not the extention by default.
9. In Paint Shop Pro, make sure the bitmap 1 window is active and press Shift + O to import your palette. If you have multiple palettes available, select your new one to import the colors used in the original boot screen.
Important: Make sure to select Maintain Indexes in the bottom options before importing. If you've already got all three images open at once in your canvas, you will need to apply the palette to bitmaps 8 and 10 as well with the steps above to make the images visible.
10. Modify the bitmaps however you like and save them over the existing bitmaps 1,8, and 10. They will make up your new boot screen.
11. Open Resource Hacker again, and reopen the ntoskrnl.exe. Under the Action menu, choose "Replace Bitmap." Select Bitmap to Replace for bitmap 1, then click "Open file with new Bitmap" and find your edited image. Click replace. Follow the same steps with bitmap 8 and 10.
12. Once you replace all 3 bitmaps, choose Save As and save your new ntoskrnl.exe to a directory other then the system32 directory. You don't want to overwrite the original while it's in use. Saving it to your desktop is fine.
13. You have the option to test out your new boot screen before totally overwriting the original. First, name your new ntoskrnl.exe something different (like ntsarah.exe). In boot.ini, locate this string:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
Add a line just above it with this string:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="My new boot screen" /fastdetect\kernel=ntsarah.exe (or whatever you named your new ntoskrnl.exe)
Now, move your new and renamed ntoskrnl.exe back into your system32 folder. This will allow you to choose which kernel you boot into before Windows starts.
Now go ahead and restart. When you get to the prompt, choose "My new boot screen" and see if you like it. If you're happy, go back into boot.ini and delete the string you added.
14. You don't want to keep multiple booting options in your boot.ini. When Windows has critical updates or other updates it needs to install on your system, it only updates what it considers the original kernel, the ntoskrl.exe. Basically, you want to overwrite the original ntoskrnl.exe file so you only have one copy in the System32 folder. Remember, you did make a backup of the true original before at the very start of this exercise, so you can always revert back if you absolutely have to.
In order to overwrite properly, Windows File Protection makes you reboot into safe mode (reboot and hit F8 before the boot screen appears). You could also boot off a DOS bootdisk to overwrite the original ntoskrnl.exe in the System32 folder. Once you overwrite the file, reboot. Your new screen should appear!
If you're still with me, I commend you. I found this exercise really fun. Hopefully you did too.
XO,
Sarah
Here's a screen shot of what the conversation could look like while using the AIM bot.
After the bot is finished sending the last message, you get a copy of the logs.