How to remove MADO ransomware (Virus Removal Guide)

If you cannot open your images, documents, or files and they have a “.mado” extension, then your computer is infected with the MADO ransomware.

The MADO ransomware encrypts the personal documents found on the victim’s computer, then displays a message which offers to decrypt the data if payment in Bitcoin is made. The instructions are placed on the victim’s desktop in the “_readme.txt” text file.

1. What is the MADO ransomware?

MADO is a file-encrypting ransomware infection that restricts access to data (documents, images, videos) by encrypting files with the “.mado” extension. It then attempts to extort money from victims by asking for “ransom”, in the form of Bitcoin cryptocurrency, in exchange for access to data.

This ransomware targets all versions of Windows including Windows 7, Windows 8 and Windows 10. This executable will be launched and begin to scan all the drive letters on your computer for data files to encrypt.

The MADO ransomware searches for files with certain file extensions to encrypt. The files it encrypts include important productivity documents and files such as .doc, .docx, .xls, .pdf, among others. When these files are detected, this infection will change the extension to “.mado”, so they are no longer able to be opened.

The MADO ransomware changes the name of each encrypted file to the following format: name.mado

Once your files are encrypted with the “.mado” extension, you cannot open these files and this ransomware will create the “_readme.txt” ransom note in each folder that a file has been encrypted and on the Windows desktop.
When the infection has finished scanning your computer it will also delete all of the Shadow Volume Copies that are on the affected computer. It does this so that you cannot use the shadow volume copies to restore your encrypted files.

 

2. How did the MADO ransomware get on my computer?

 

The MADO ransomware is distributed via spam email containing infected attachments or by exploiting vulnerabilities in the operating system and installed programs.

Here’s how the MADO ransomware might get on your computer:

  • Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link inside the email). And with that, your computer is infected with the MADO ransomware.
  • The MADO ransomware was also observed attacking victims by exploiting operating system vulnerabilities. Commonly exploited software includes the operating system itself, browsers, Microsoft Office, and third-party applications.

 

Is my computer infected with MADO Ransomware?

 

Here is a short summary for the MADO ransomware:

  • Ransomware family: STOP/DJVU ransomware
  • Extensions: .mado
  • Ransomware note: _readme.txt
  • Ransom: From $490 to $980 (in Bitcoins)
  • Contact: helpdatarestore@firemail.cc or helpmanager@mail.ch
  • Symptoms: The images, videos, or documents have a “.mado” extension and cannot be opened by any programs

When this ransomware infects your computer it will scan all the drive letters for targeted file types, encrypt them, and then append the “.mado” extension to them. Once these files are encrypted, they will no longer able to be opened by your normal programs. When this ransomware has finished encrypting the victim’s files, it will also display a ransom note that includes instructions on how to contact these cybercriminals.

This is the message that the MADO ransomware (_readme.txt) will display:

 

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-sBwlEg46JX
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpdatarestore@firemail.cc

Reserve e-mail address to contact us:
helpmanager@mail.ch

Your personal ID:

 

4. Remove the MADO ransomware and recover the files

 

It’s important to understand that by starting the removal process you risk losing your files, as we cannot guarantee that you will be able to recover them. Your files may be permanently compromised when trying to remove this infection or trying to recover the encrypted documents. We cannot be held responsible for losing your files or documents during this removal process.

This guide was written to help you remove the infection itself from your computer, and if a 100% proven method to recover the encrypted files is found we will update this guide.

 

STEP 1: Use Malwarebytes Free to remove MADO ransomware

Malwarebytes Free is one of the most popular and most used anti-malware software for Windows, and for good reasons. It is able to destroy many types of malware that other software tends to miss, without costing you absolutely nothing. When it comes to cleaning up an infected device, Malwarebytes has always been free and we recommend it as an essential tool in the fight against malware.

  1. Download Malwarebytes Free.

    You can download Malwarebytes by clicking the link below.

    MALWAREBYTES DOWNLOAD LINK
    (The above link will open a new page from where you can download Malwarebytes)
  2. Double-click on the Malwarebytes setup file.

     

     

    When Malwarebytes has finished downloading, double-click on the MBSetup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder

 

You may be presented with an User Account Control pop-up asking if you want to allow Malwarebytes to make changes to your device. If this happens, you should click “Yes” to continue with the Malwarebytes installation.

 

       3.Follow the on-screen prompts to install Malwarebytes.

When the Malwarebytes installation begins, you will see the Malwarebytes setup wizard which will guide you through the installation process. The Malwarebytes installer will first ask you on what type of computer are you installing this program, click either Personal Computer or Work Computer.

 

On the next screen, click “Install” to install Malwarebytes on your computer.

When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.

        4.Select “Use Malwarebytes Free”.

After installing Malwarebytes, you’ll be prompted to select between the Free and the Premium version. The Malwarebytes Premium edition includes preventative tools like real-time scanning and ransomware protection, however, we will use the Free version to clean up the computer.
Click on “Use Malwarebytes Free“.

 

            5.Click on “Scan”.

To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes will automatically update the antivirus database and start scanning your computer for malware.

 

            6.Wait for the Malwarebytes scan to complete.

Malwarebytes will scan your computer for adware and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.

 

         7. Click on “Quarantine”.

When the scan has completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malicious programs that Malwarebytes has found, click on the “Quarantine” button.

 

       8.Restart computer.

Malwarebytes will now remove all the malicious files and registry keys that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.

STEP 2: Use Emsisoft Emergency Kit to scan for malware and unwanted programs

 

 

Emsisoft Emergency Kit is a free second opinion scanner that can be used without installation to scan and clean infected computers. Emsisoft scans the behavior of active files and also files in locations where malware normally resides for suspicious activity.

  1. Download Emsisoft Emergency Kit.

    You can download Emsisoft Emergency Kit by clicking the link below.

    EMSISOFT EMERGENCY KIT DOWNLOAD LINK
    (The above link will open a new web page from where you can download Emsisoft Emergency Kit)

     

  2. Install Emsisoft Emergency Kit.

    Double-click on the EmsisoftEmergencyKit setup file to start the installation process, then click on the “Install” button.

  3. Start Emsisoft Emergency Kit.

    On your desktop the “EEK” folder (C:\EEK) should now be open. To start Emsisoft, click on the “Start Emsisoft Emergency Kit” file to open this program.

  4. Click on “Malware Scan”.

    Emsisoft Emergency Kit will start and it will ask you for permission to update itself. Once the update process is complete, click on the “Scan” tab, and perform a “Malware Scan“.

  5. Click on “Quarantine selected”.

    When the Emsisoft scan has finished, you will be presented with a screen reporting which malicious files were detected on your computer. To remove the malicious programs, click on the “Quarantine selected“.

  6. When the malware removal process is complete, Emsisoft Emergency Kit may need to restart your computer. Click on the “Restart” button to restart your computer.
    When the process is complete, you can close Emsisoft and continue with the rest of the instructions.
  7. STEP 3: Restore the files encrypted by MADO ransomware with Emsisoft Decryptor for STOP Djvu

    Unfortunately, in most cases, it’s not possible to recover the files encrypted by this ransomware because the private key which is needed to unlock the encrypted files is only available through the cybercriminals.
    However, if your files were encrypted with an offline key there is a chance you can recover them by using Emsisoft Decryptor for STOP Djvu decryption tool.
    Here’s how to recover your files using the Emsisoft Decryptor for STOP Djvu.

    Make sure you remove the malware from your system first, otherwise, it will repeatedly lock your system or encrypt files.
    1. Download Emsisoft Decryptor for STOP Djvu

      You can download Emsisoft Decryptor for STOP Djvu by clicking the link below.

      EMSISOFT DECRYPTOR FOR STOP DJVU DOWNLOAD LINK
      (The above link will open a new web page from where you can download Emsisoft Decryptor for STOP Djvu)
    2. Run Emsisoft Decryptor for STOP Djvu

      When Emsisoft Decryptor for STOP Djvu has finished downloading, double-click on “decrypt_STOPDjvu.exe” to run this program on your computer. In most cases, downloaded files are saved to the Downloads folder.

You may be presented with a User Account Control pop-up asking if you want to allow Emsisoft to make changes to your device. If this happens, you should click “Yes” to continue with the installation.

Follow the on-screen prompts

When the Emsisoft Decryptor for STOP Djvu starts, you will need to agree with the Terms and accept a disclaimer.

Click on “Decrypt”.

Click the “Decrypt” button to start the decryption process. The screen will switch to a status view, informing you about the current process and decryption status of your files.

  1. The decryptor will inform you once the decryption process is finished. If you require the report for your personal records, you can save it by clicking the “Save log” button. If your system was compromised through the Windows Remote Desktop feature, we also recommend changing all passwords of all users that are allowed to login remotely and check the local user accounts for additional accounts the attacker might have added.

Unfortunately, in most cases, it’s not possible to recover the files encrypted by the MADO ransomware because the private key which is needed to unlock the encrypted files is only available through the cybercriminals.

Do not pay any money to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your files.


Your computer should now be free of the MADO ransomware infection. If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, please follow one of the steps:

WINDOWS How to Boot in Safe Mode on Windows 10

Ever attempted to troubleshoot your own computer? Then you’ve encountered Safe Mode. Safe Mode is an inbuilt troubleshooting feature which disables unnecessary drivers and programs during the startup process. It allows us to isolate any setting or system errors and fix them at the root, without non-essential applications interfering.

For example, you can use Safe Mode to run System Restore when troubleshooting your computer or to delete a file in use by another program. Here we’ll take a quick look at booting into Safe Mode with Windows 10, and what to do if you cannot boot into Safe Mode.

Method 1: System Configuration

To open the System Configuration screen, type msconfig in your Start Menu search bar and select the Best Match. Open the Boot tab and note the Boot Options. Selecting the Safe Boot option will force your system to boot into Safe Mode following its next restart.

windows 10 system config

You can choose from additional options. Here’s what they do:

  • Minimal: Starts Safe Mode with the absolute minimal amount of drivers and services, but with the standard Windows GUI (Graphical User Interface).
  • Alternate Shell: Starts Safe Mode with a Command Prompt, without the Windows GUI. Requires knowledge of advanced text commands, as well as navigating the operating system without a mouse.
  • Active Directory Repair: Starts Safe Mode with access to machine-specific information, such as hardware models. If we unsuccessfully install new hardware, corrupting the Active Directory, Safe Mode can be used to restore system stability by repairing corrupted data or adding new data to the directory.
  • Network: Starts Safe Mode with the necessary services and drivers for networking, with the standard Windows GUI.

Select Minimal > Apply > OK. System Configuration will now ask if you want to restart your system. Selecting Restart will immediately initiate the restart process, so be sure to save any active documents or projects.

Method 2: Advanced Startup

Your next option is Windows 10 Advanced Startup. It isn’t that advanced, but it is really useful to know.

Windows 10 Advanced Startup

Type advanced start up in your Start Menu search bar and select the Best Match. Now, under Advanced start-up, select Restart Now.

Clicking Restart Now will restart your system in recovery mode where you will encounter three options: Continue, Troubleshoot, or Turn Off Your PC.

Select Troubleshoot > Advanced Options. You now have a new range of options to choose from.

Select Start-up Settings > Restart. Your system will restart. The Startup Settings screen will load after you reboot. From here, choose the requisite option for Safe Mode.

windows 10 advanced startup settings

Advanced Startup Shortcut

You can skip the somewhat lengthy clicking process by holding down Shift and clicking Restart under Power, found in the Windows 10 Start Menu. This reboot takes you straight to the Recovery options, where you can select Troubleshoot > Advanced Options > Startup Settings.

Windows 10 Restart

Method 3: Tapping

Until the introduction of Windows 8, the most common method for entering Safe Mode was tapping F8 on your keyboard during startup. Tapping F8 brings up the Safe Mode options screen, listing the options found under Method One (above) and several alternatives.

Windows 10 (and Windows 8/8.1) has F8 Safe Mode disabled by default. However, you can sacrifice a couple of seconds during startup by enabling the F8 menu using the Command Prompt.

Begin by opening an elevated Command Prompt. Right-click the Start menu and select Command Prompt (Admin). Select Yes in the User Account Control dialogue, if it appears. Command Prompt should now be open.

Windows 10 Start Option

Input (or copy/paste) the following command:

bcdedit /set {default} bootmenupolicy legacy

Job done!

Windows 10 Command Prompt BCDEdit

To undo this legacy command at any time, reopen the elevated Command Prompt as per the above instructions and type:

bcdedit /set {default} bootmenupolicy standard

This returns startup to its original state, so to reach Safe Mode you’ll have to use one of the alternate options in this article.

What If Nothing Works?

Even if none of the above works, you still have two aces up your sleeve.

If you installed Windows 10 via a disc or USB flash drive, you can boot straight into recovery mode by inserting the said installation media before turning your system on.

Choose your keyboard layout, followed by Repair Your Computer, in the bottom-left of the screen. From here you can head to Troubleshoot > Advanced Options where you’ll find System Restore, System Image Recovery, Startup Repair, Command Prompt, and Go Back to the Previous Build.

windows 10 repair your computer

For System Image Recovery to work, you’ll have to have made a backup image before your system error, something we would absolutely advise you to do. You can create a System Image by typing recovery into the Start Menu search bar and selecting the Best Match. The Advanced Recovery Tools will open. Select Create a Recovery Drive and follow the steps.

Another helpful tool at your disposal is the System Repair Disc. Unlike the System Image, these aren’t machine-specific, so you can acquire one via a friend if all goes completely pear-shaped.

Windows 10 System Repair

Head to Control Panel > System and Security > Back-up and Restore (Windows 7).

Don’t let the Windows 7 tag put you off: you’re in the right place. Select Create a System Repair Disc from the left-hand column, and follow the instructions.

How Do I Get Out of Safe Mode?

Once you fix your Windows 10 issue, you can leave Safe Mode. But how do you get out of Safe Mode once you’re in there?

There are two options, depending on how you booted into Safe Mode.

If you entered Safe Mode using Method 1 (via System Configuration), you must turn the Safe Mode option off in the configuration window. Otherwise, Windows 10 will boot back into Safe Mode after each restart.

If you entered Safe Mode using Method 2 (via Advanced Startup) or Method 3 (via Tapping Your Keyboard), shut down or restart your system to leave Safe Mode.

Accessing Safe Mode on Windows 10 Is Simple

You now know the three easiest methods to access Windows 10 Safe Mode. Make sure to take note of the final section on System Image Recovery and System Repair Discs. Do always remember the former only works if you’ve set the recovery location before your world began collapsing in a BSOD-induced nightmare.

If you’re truly in a terrible state of affairs, with no Image Recovery and no repair disc, you could always try tech-support savior Hirens BootCD. It has saved many people, many times, and it’ll save you too!

source: https://www.makeuseof.com/

How to Create a Windows 8 Recovery Disk

he days of reinstalling Windows whenever your PC runs into trouble are long since gone. All you need to fix Windows 8 is a recovery disk, either on CD/DVD, USB drive or an external hard disk drive.

Whether you’ve upgraded from an old version of Windows or bought a new device, one of the first things that you should do is set up your own recovery disk, a process that basically installs a set of tools onto your chosen media that can then be used to repair issues with Windows 8.

These useful tools will enable you to boot your computer and run recovery tools, with the aim of quickly resolving problems caused by bad downloads, hardware installation faults or even a dodgy hard disk drive.

Recovery Disk vs. Recovery Partition

It may be the case that your Windows 8 PC has a recovery image (installed in its own partition) or even quick restore disks that shipped with the device that can be used to quickly overcome issues and reset your computer to the state it was in when you bought it.

The recovery disk tool that ships as part of Windows is at least an alternative that will save time and effort reinstalling your favourite applications and games – assuming the problems you’re experiencing are ones that can be fixed with the tools on offer.

You can check if your computer already has a recovery partition by opening the Charms bar, selecting Search and typing command. Right-click Command Prompt and select Run as administrator.

muo-w8-recovery-check

In the Command Prompt box, type recimg /showcurrent and press Enter. If the message “There is no active custom recovery image” is displayed, then you will need to create one first before creating the recovery drive.

To save space on your HDD or SSD storage, you can delete the recovery partition later, but you will of course need your recovery disk (whether USB, optical or external hard disk) should you run into trouble at a later date.

What You Need for Creating Your Own Recovery Disk

After checking whether your computer has a recovery image installed, you will need to bring together the tools you need to create the recovery disk.

muo-w8-recovery-usb

Although CD/DVD is a good option, you might be using a brand new computer with no optical drive. Fitting an external drive might be an option, but for speed you should rely on something a little more flexible, such as a USB flash drive or perhaps an SD card with a USB adapter, if you have a spare memory card.

If your computer doesn’t already have a recovery partition, it will need one setting up before the recovery disk can be created.

As described above, open the Command Prompt with administrative privileges and proceed to make a folder for the recovery image using mkdir c:\RefreshImage.  Tap Enter when you’re done, and prompt Windows to create the image in that folder with recimg –CreateImage c:\RefreshImage.

muo-w8-recovery-createimage

Note that the USB flash drive or SD card that you use will be wiped clean in the process of creating a recovery drive. As such, you should remove and archive any vital data that is usually stored on it.

Create a Windows 8 USB Recovery Disk

To get started, in Windows 8 open the Charms menu and select Search. Enter Recovery, select Settings and then Create a recovery drive, agreeing to any prompts to enter your admin password. In the recovery drive tool, check the box for Copy the recovery partition from the PC to the recovery drive and click Next.

muo-w8-recovery-recoverydrive

You will then see a screen that displays the size of the recovery partition. You will need to ensure that the USB flash drive you are using is big enough, and connect it to your PC. If you’re intending to use an external hard drive, make sure you have created a dedicated partition of sufficient size for this purpose on the device.

Select the USB device you want to use as a recovery drive, click Next > Create and wait, following any on-screen prompts. When you’re done, click Finish.

(If you want to reclaim the space used by this process, you can remove the recovery partition by selecting Delete the recovery partition > Delete.)

Using Optical Media

If you prefer to use a CD or DVD (this might be a good idea if you think your USB device might fail) then you will need to follow a slightly different set of instructions. Before proceeding, however, make sure you have a writable CD or DVD in your optical drive.

After clicking Create a recovery drive, make sure that no boxes are checked (specifically the Copy the recovery partition… box) and click Next > Create a system repair disc with a CD or DVD instead.

With this option selected, the remainder of the steps above are the same. As long as the recovery drive will fit onto your CD or DVD, you shouldn’t have any problems.

Booting From the Recovery Disk

Should you ever need to use the recovery disk, you will need to insert it into your computer’s USB drive before booting up. From here, follow any onscreen prompts to boot the computer using the disk, select language settings and choose a recovery option.

 

Conclusion: This Works for Windows 8 and RT!

Creating a Windows 8 recovery disk really is something that you should set time aside for to complete. You don’t know when it might prove a vital tool in restoring your computer without forcing you to resort to a reinstallation or quick restore disks – both of which are solutions that will delete any user data you have saved on your system drive (unless you sensibly utilise a secondary partition for personal documents and data).

Better still, the creation of a Windows 8 recovery disk works for both the standard Windows 8 and the RT alternative.

WINDOWS How to Fix an Unexpected Store Exception Error in Windows 10

Getting a blue screen of death (also known as a stop code error), where your system unexpectedly crashes, is frustrating. Especially when you don’t understand the problem. If the error is named “Unexpected Store Exception,” we can help.

Despite what you might think, this error has nothing to do with the Microsoft Store. We’re going to show you various ways to troubleshoot this error to determine the cause of an Unexpected Store Exception in Windows 10.

1. Check the Health of Your Hard Drive

The error often indicates that you’re using a failing hard drive. It’s easy to check this with a program like CrystalDiskInfo. Download the standard edition, run the installer, and open the program.

 

CrystalDiskInfo hard drive health check

The tabs at the top let you change between drives if you have multiple. Look at the Health Status, which is being determined from the values listed in the table beneath.

Good means exactly that and shows your drive is in fine health. Bad or Caution are obviously negative.

If you see either Bad or Caution status then you need to replace the drive as soon as possible because it’s at risk of failing imminently. In fact, even if you see Good, it’s worth switching the drive if you have one spare—the number one cause of the Unexpected Store Exception stop code is a faulty hard drive.

See the guide on how to replace a hard drive if you need help with replacing yours.

2. Update Your Display Driver

Display drivers causing incompatibility issues can also trigger this error. It’s worth ensuring they are updated.

To begin, boot your system into Safe Mode. Check out our guide on booting Windows 10 in Safe Mode if you need a hand.

 

Press Win + X and click Device Manager. Once here, double-click on Display adapters. This will display your graphics card. Right-click the result and click Uninstall device. Confirm it and restart your PC.

device manager, display driver, uninstall device

Press Win + I to open Settings and click Update & Security. Once here, click Check for updates. Windows should automatically find the latest driver and update your system.

If that doesn’t work, go to your graphics card manufacturer’s website to download the drivers, following their instructions.

3. Run System File Checker

Faulty system files could also cause this error. Handily, Windows includes an easy way for you to scan your system and have it automatically attempt to repair any problematic files.

Press Win + X and click Command Prompt (Admin). Once opened, type sfc /scannow and press Enter.

command prompt, sfc /scannow

This will initiate the scan. It’ll display a message once completed. It might “not find any integrity violations”, which means all is fine. Alternatively, it might say:

  • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log
  • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log

If so, input the following in Command Prompt to view that log:

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfclogs.txt"

This will output the log to your desktop, where you can review the problematic files. If the errors can’t be fixed, as per the second message listed above, you may want to consider reinstalling Windows to get fresh copies of everything.

4. Disable Your Antivirus

Your antivirus software could be interfering with your system and causing the error. Try temporarily disabling your antivirus and see if the error still occurs. How to disable will vary depending on your software, but chances are it’ll be somewhere in the program’s Settings menu.

If you’re using Windows Defender, press Windows key + I to open Settings. Go to Update & Security > Windows Security > Virus & threat protection > Virus & threat protection settings and slide Real-time protection to Off.

 

Alternatively, if using any third-party antivirus software, you could try uninstalling it entirely. Press Win + I to open Settings and go to Apps. Find your antivirus on the list, click it, then click Uninstall.

Of course, it’s not the best practice to leave your system unprotected. If this doesn’t fix the Unexpected Store Exception error, enable your antivirus again to help keep your computer secure.

5. Turn Off Fast Startup

Fast startup is a feature that is enabled by default on up-to-date Windows 10 systems. With this, your computer uses a type of hibernation in order to give you quicker boot speeds, especially on hard disk drives.

While great, it can cause some drivers to not load properly, which can lead to the Unexpected Store Exception error. As such, it’s worth disabling fast startup to see if it gets rid of the error.

 

Press Win + R to open Run. Input control panel and click OK. Click Power Options, then Choose what the power buttons do from the left-hand panel.

Once here, click Change settings that are currently unavailable. Untick Turn on fast startup (recommended) and click Save changes.

WINDOWS 7 Common Tasks The Windows Command Prompt Makes Quick & Easy

Don’t feel intimidated! The Windows command prompt is simpler and more useful than you expect. Graphical interfaces may be convenient, but sometimes it’s quicker to run a specific command to perform a specific task.

If you’ve never touched the Windows command prompt, or if you’ve given up on it due to issues in the past, we ask that you reconsider. If you still don’t like it, that’s fine and we won’t blame you. However, we think you might be surprised by what you can accomplish with just a few keystrokes.

Run Any Program Easily

Quick program access is important for productivity. Some of us have taskbars and start menus overflowing with shortcut icons. It’s not an ideal situation, often pushing users to seek out taskbar alternatives like these multifunctional docks.

Fortunately, there may be an answer that you hadn’t considered before. With a little bit of setup, you’ll be able to run any program that you want with a single command.

command-prompt-tasks-path-variable

First, you have to create a new folder (such as C:\Shortcuts). This folder will hold the shortcuts that allow fast-access to any program on your system. Once created, we’ll need to add that folder to the system’s PATH environmental variable:

 

  • Right click on My Computer and select Properties.
  • Click on Advanced System Settings.
  • Under the Advanced tab, click on Environment Variables.
  • Under System Variables, edit the PATH variable. Add ;C:\Shortcuts to the end of the variable’s value (don’t forget the semicolon separator).
  • Under System Variables, edit the PATHEXT variable. Add ;.LNK to the end of the variable’s value (don’t forget the semicolon separator).
  • Click OK to close out of all windows.

Now that the environment variable is established, all you have to do is create shortcuts to your programs, place those shortcuts in the C:\Shortcuts directory, and rename them as one-word commands.

command-prompt-tasks-shortcuts

Now, whenever you open up a command prompt, you can run those programs using those shortcut names. The command prompt’s current directory won’t matter. These shortcut commands will work from anywhere.

Rename Local Drives

The label command offers a quick way to change the name of a drive on your system. It’s so simple that there isn’t much to explain about it. Just use it like so:

label [drive:] [name]

For example, if I wanted to name my main drive “innocentric”, I’d run the following command:

label C: innocentric

Defragment Hard Drives

Modern file systems (e.g. NTFS) don’t need to be defragmented as often as file systems of the past (e.g. FAT32), but it’s still an important part of Windows maintenance, if you want to keep your system in tip-top shape. Be cautious with defragmentation of SSDs, though.

Though there are several excellent defragmentation utilities, you can still make do without them using the defrag command:

 

defrag [drive:]

That’s all. However, if you’d like a bit more diagnostic information while the defragmentation occurs, you can use the progress switch to print out progress to the prompt:

defrag [drive:] /U

And if you want as much information as possible, you can toggle the verbose switch:

defrag [drive:] /U /V

Monitor Hard Drive Health

The chkdsk command (read: “check disk”) is a diagnostic tool that scans through your hard drives and tests for potential issues like corrupted data or physical damage. It’s just as easy to use as the defragment command above:

chkdsk [drive:]

Two useful parameters are the fix switch, which attempts to fix any encountered errors, and the recover switch, which will try to recover what it can if it encounters any bad sectors.

chkdsk [drive:] /F /R

Safely Eject External Drives

While drive ejection is as simple as right-clicking on the drive and selecting Eject, sometimes this isn’t possible. For example, you may be stuck in Windows Recovery with no other option than to use the command prompt. What do you do then?

You can use the diskpart command (read: “disk partition”) to eject the drive:

command-prompt-tasks-eject-drive

When diskpart’s specialized prompt is ready, type list volume to get a list of all drives currently recognized by your system. Take note of the drive’s ###, then type select volume [###] according to the drive you want to eject. Make sure you only select drives that are marked “Removable” in the list.

Type remove all dismount to eject the drive and exit to end the specialized prompt. The drive should now be dismounted and safe to remove.

If you have trouble getting the system to recognize the drive again, repeat the process up until you’ve selected the volume, then type assign letter=[letter] to remount the drive. For example, assign letter=I would mount it as an I: drive.

Search File Contents

A handful of tools enable a fast Windows search, but many of them are limited in that they only search through file names and not file contents. The findstr command is a simple way to achieve the latter, allowing you to locate files based on the text within those files.

 

command-prompt-tasks-findstr

This command is the most complex command on this list with over a dozen switches that alter how the search is performed.

Change File Associations

As you may already know, Windows associates particular file formats with programs so that those programs are used when said files need to be opened. The assoc command (read: “associate”) is an easy way to view and edit these file assocations.

Typing the command by itself will list all of the known file associations on your system. This can be useful for diagnostic purposes, otherwise it’s a bit too much information to digest at once. What it’s actually useful for is changing file assocations.

To view the association of an extension:

assoc [.ext]

To clear the association of an extension:

assoc [.ext]=

To set the association of an extension to another filetype:

assoc [.ext]=[filetype]

What is a filetype? For that you’ll need to use the ftype command, which lists all of the known filetypes on your system and which programs they’re associated with. So for example, on my system .TXT is associated as a txtfile and that filetype is opened using Notepad.

Final Thoughts

Yes, there are tools that can handle all of the above tasks, but these commands may come in handy if you ever find yourself stuck in a command prompt or needing to write a batch script.

Plus, we’ve only scratched the surface. Make the command prompt even more useful by learning these important commands for all Windows users and reading over our command prompt cheat sheet. One more important task that ought to be mentioned is the ability to install software through the command prompt.

source:http://www.makeuseof.com

How To Install A New Hard Drive To Replace An Old One

Hard drive space isn’t infinite. Today’s massive drives, with capacities exceeding 1TB, can create that illusion. But as drive sizes increase, ways to consume drive capacity also expand. HD video, for example, can eat gigabytes for breakfast.

That’s the bad news. The good news is that learning how to install a new hard drive isn’t difficult, so there is no need to be concerned about a hard drive that is nearly full.  Read on to find out how to install a new drive to replace an old one.

Identifying The Proper Replacement

Before you can upgrade a hard drive with a new replacement you’ll need to determine the type of drive you need to buy. Today, most hard drives use a data connection known as SATA. However, computers that are several years old might instead support a data connection called IDE. You can easily tell the difference between the two because an IDE connection uses numerous pins, while SATA uses a pin-less L-shaped connector. The picture below provides a comparison – the SATA drive is on the left and the IDE drive is on the right. Laptop drives will obviously be smaller, but have the connections have the same appearance.

how to install a new hard drive

Speaking of size, you’ll also need to make sure you buy a drive with the correct physical dimensions. There are two popular hard drive sizes – 3.5″ and 2.5″. The larger is built for desktop systems, while the smaller is generally for laptops and compact desktops. However, solid state hard drives often come in the 2.5″ size regardless of the type of machine they’re meant to be installed in. This rule isn’t absolute, however, because some all-in-one computers use 2.5″ drives.

Transferring Data From The Old To New Drive

The process of installing a new hard drive is one of the least difficult hardware installation procedures around in terms of the physical effort required. However, the hard drive is one of the most critical components in your system because it stores all of your information. Everything from your operating system to your emails to your favorite songs are stored on your hard drive. Obviously, a straight replacement will leave you without that information.

how to install a hard drive

If you’re using a computer that has more than one hard drive bay you’ll find the process of transferring data from one drive to another to be easy. All you need to do is install the second hard drive in your system and then clone an image of your existing drive using one of the many freeware tools available for this task. Once the old drive’s image has been cloned and placed on the new drive, you can simply remove the old drive or reformat it and use it as a second drive (make sure the clone was successful before taking this step, however!)

how to install a hard drive

Computers that have only a single drive bay are more difficult to work with because you can’t have the new and old drive installed at the same time.You can, however, still clone your old drive to your new one. This is possible by connecting your new drive to your PC with a USB-to-SATA cable or an external hard drive dock. Cloning a drive may take some time because of the bandwidth limitations of USB 2.0, but it will complete eventually.

Replacing The Old Drive

how to install a hard drive

Desktop computer hard drives are usually placed in the lower front half of a mid-tower enclosure and are attached using between two and six screws. The process isn’t overly difficult, but is detailed enough to warrant its own post

Laptops are different, but easier. Most laptops will offer a plastic hard drive bay cover on the bottom of the laptop that is held in with one or two screws. Removing the cover will reveal the drive, which is itself typically attached with a few screws. Installing a replacement drive is simply a matter of taking the existing drive out and putting the new drive in its place. The power and data connections are built into the mount itself, so you don’t have to worry about tracking down the cables. Please note that not all laptops are intended to be user serviceable in this way,  so please read your laptop’s manual for information about hard drive replacement before proceeding.

Booting & Partitioning

how to install a new hard drive

Once you’ve replaced your old drive you will, of course, want to boot up your PC to make sure everything is functioning well. Assuming you did clone your data from your old drive to your new once, this process should be painless. Your PC will barely realize that anything has changed. You should probably visit the Disk Management utility, which can be found by visiting the Administrative Tools –> Computer Management section of the Windows Control Panel, to ensure that Windows is recognizing and using all of your new hard drive’s capacity. If it isn’t, you can extend the current partition to cover the free space or create a new drive partition.

If you didn’t end up cloning your drive, this step will be irrelevant, as you’ll have to format and partition the new drive during the installation process of your operating system.

Conclusion

Hopefully this brief post has given you the information you need to learn how to install a new hard drive. If you have any questions, feel free to post a comment.

Server Message Block Protocol (SMB protocol)

The Server Message Block Protocol (SMB protocol) is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. It can also carry transaction protocols for interprocess communication.

Created by IBM in the 1980s, the SMB protocol has since spawned multiple variants or implementations, also known as dialects, to meet evolving network requirements over the years.

How does the SMB protocol work?

The SMB protocol enables an application — or the user of an application — to access files on a remote server, as well as other resources, including printers, mail slots and named pipes. Thus, a client application can open, read, move, create and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request.

The SMB protocol is known as a response-request protocol, meaning that it transmits multiple messages between the client and server to establish a connection.

An early dialect of the SMB protocol, Common Internet File System (CIFS), gained notoriety as a chatty protocol that bogged down wide area network (WAN) performance due to the combined burdens of and CIFS’ numerous acknowledgments. The next dialect, SMB 2.0, improved the protocol’s efficiency by drastically reducing its hundreds of commands and subcommands down to just 19.

The SMB protocol operates in Layer 7, also known as the application layer, and can be used over TCP/IP on port 445 for transport. Early dialects of the SMB protocol use the application programming interface (API) NetBIOS over TCP/IP, or legacy protocols such as the Internetwork Packet Exchange or NetBEUI. Today, communication with devices that do not support SMB directly over TCP/IP requires the use of NetBIOS over a transport protocol, such as TCP/IP.

Microsoft Windows operating systems since Windows 95 have included client and server SMB protocol support. Samba, an open source server that supports the SMB protocol, was released for Unix systems.

A client and server may implement different variations of SMB, which they negotiate before starting a session.

SMB protocol dialects

Variants of the SMB protocol have improved the original implementation’s capabilities, scalability, security and efficiency. Here is a brief overview of the SMB protocol’s notable dialects:

  • SMB 1.0 (1984): Created by IBM for file sharing in DOS. Introduced opportunistic locking (OpLock) as a client-side caching mechanism designed to reduce network traffic. Microsoft would later include the SMB protocol in its LAN Manager product.
  • CIFS (1996): Microsoft-developed SMB dialect that debuted in Windows 95. Added support for larger file sizes, transport directly over TCP/IP, and symbolic links and hard links.
  • SMB 2.0 (2006): Released with Windows Vista and Windows Server 2008. Reduced chattiness to improve performance, enhanced scalability and resiliency, and added support for WAN acceleration.
  • SMB 2.1 (2010): Introduced with Windows Server 2008 R2 and Windows 7. The client oplock leasing model replaced OpLock to enhance caching and improve performance. Other updates included large maximum transmission unit (MTU) support and improved energy efficiency, which enabled clients with open files from an SMB server to enter sleep mode.
  • SMB 3.0 (2012): Debuted in Windows 8 and Windows Server 2012. Added several significant upgrades to improve availability, performance, backup, security and management. Noteworthy new features included SMB Multichannel, SMB Direct, transparent failover of client access, Remote VSS support, SMB Encryption and more.
  • SMB 3.02 (2014): Introduced in Windows 8.1 and Windows Server 2012 R2. Included performance updates and the ability to completely disable CIFS/SMB 1.0 support, including removal of the related binaries.
  • SMB 3.1.1 (2015): Released with Windows 10 and Windows Server 2016. Added support for advanced encryption, preauthentication integrity to prevent man-in-the-middle attacks and cluster dialect fencing, among other updates.

In 2017, the WannaCry and Petya ransomware attacks exploited a vulnerability in SMB 1.0 to load malware on vulnerable clients and propagate it across networks. Microsoft subsequently released a patch, but experts have advised users and administrators to take the additional step of disabling SMB 1.0/CIFS on all systems.

CIFS vs. SMB

As noted in the list above, CIFS is an early dialect of the SMB protocol developed by Microsoft. Although the terms are sometimes used interchangeably, CIFS only refers to a single implementation of SMB. Most modern systems use more recent dialects of the SMB protocol.

Samba vs. SMB

Released in 1992, Samba is an open source implementation of the SMB protocol for Unix systems and Linux distributions. It supports file sharing and print services, authentication and authorization, name resolution, and service announcements between Linux/Unix servers and Windows clients.

 

source: https://searchnetworking.techtarget.com/definition/Server-Message-Block-Protocol

how to fix network display of NAS STORAGE DEVICES IN WINDOWS 10

When Nas Storage cannot be found on network and you have taken all the necessary steps to activate network devices and detection then it is possible that some windows features are disabled and need to be turned on .

The solution is to turn windows SMB features on.

Go to Control panel -> programs and features -> application

  1. Open the Control Panel (icons view), and click/tap on the Programs and Features icon.
  2. Click/tap on the Turn Windows features on or off link on the left side. (see screenshot below)
  3. If prompted by UAC, click/tap on Yes.
  4. Turn on (check) or off (uncheck) the Windows features which are  SMB  root and activate all sub roots Enable SMB 1.0/CIFS File Sharing Support , and click/tap on OK when finished. (see screenshot below)
  5. You may be prompted by Windows to restart the computer to finish turning a feature on or off.

 

 

To Turn On Windows Features in PowerShell

 

Open an elevated PowerShell.

Type the command below you want to use into the elevated PowerShell, and press Enter. Make note of the FeatureName (ex: “Internet-Explorer-Optional-amd64”) for the disabled Windows Feature you want to enable. (see screenshot below)

(without full details)
 Get-WindowsOptionalFeature –Online | Where-Object {$_.State –eq “Disabled”}

OR

(with full details)
 Get-WindowsOptionalFeature -FeatureName * –Online | Where-Object {$_.State –eq “Disabled”}

If prompted to restart the computer, type Y, and press Enter when ready to do so. (see screenshot below)
Πρακτικές αντιμετώπισης Απειλών Ηλεκτρονικού ψαρέματος

Πρακτικές αντιμετώπισης Απειλών Ηλεκτρονικού ψαρέματος

Το Phishing είναι ενέργεια εξαπάτησης των χρηστών του διαδικτύου, κατά την οποία ο ‘θύτης’ υποδύεται μία αξιόπιστη οντότητα, καταχρώμενος την ελλιπή προστασία που παρέχουν τα ηλεκτρονικά εργαλεία, και την άγνοια του χρήστη-‘θύματος’, με σκοπό την αθέμιτη απόκτηση προσωπικών δεδομένων, όπως είναι ευαίσθητα ιδιωτικά στοιχεία και κωδικοί

Αν ήταν εφικτό να αποδώσουμε τον όρο στα Ελληνικά, θα μπορούσαμε κάλλιστα να το αποκαλέσουμε ‘Ηλεκτρονικό Ψάρεμα’, κι αυτό γιατί αγγλικός όρος δεν απέχει πολύ από αυτό. όμως πως αυτό μπορεί να αφορά τους οικιακούς ή τους εταιρικούς χρήστες του διαδικτύου; πως μπορούμε να έρθουμε αντιμέτωποι με τέτοιες απειλές;

Η αλήθεια είναι πως καθημερινά μπορούμε να έρθουμε αντιμέτωποι με απειλές τύπου phishing. Οι προσεχτικοί χρήστες θα πουν πως δε τίθεται θέμα για αυτούς αφού ελέγχουν ενδελεχώς τη σύνδεση και το domain name της σύνδεσης στο internet.

Ένας κινέζος ερευνητής ασφαλείας Πληροφοριακών συστημάτων ανέφερε μια απειλή που είναι σχεδόν δύσκολο να εντοπισθεί. Προειδοποίησε πως hackers μπορούν να εκμεταλλευθούν ευπάθειες του Chrome, Firefox και Opera web browsers και να εμφανίσουν πλαστά domain names σαν τα νόμιμα domains υπηρεσιών όπως η apple, η google ή η amazon, έτσι ώστε να κλέψουν στοιχεία πιστοποίησης και άλλα ευαίσθητα προσωπικά δεδομένα.

Τι πρέπει να κάνουμε για αυτό; Γενικά ο έλεγχος του domain στο address bar αφού η σελίδα φορτώθηκε και εφόσον υπάρχει μια έγκυρη HTTPS σύνδεση είναι μια καλή λύση. Αλλά στη προκειμένη περίπτωση αυτό δεν είναι αρκετό. Αν ο browser απεικονίζει τη σελίδα “apple.com” στο address bar ασφαλισμένο με SSL αλλά το περιεχόμενο προέρχεται από άλλο server, τότε ο browser μας είναι ευπαθής στη homograph επίθεση.

Αυτή η επίθεση είναι γνωστή από το 2001 όπου οι πάροχοι περιηγητών προσπάθησαν να διορθώσουν αυτή την ευπάθεια. Είναι ένα είδος spoofing επίθεσης όπου οι χαρακτήρες έχουν αντικατασταθεί με Unicode χαρακτήρες. πολλοί Unicode χαρακτήρες, που αντιπροσωπεύουν αλφάβητα όπως το ελληνικό, το κυριλλικό, και το αρμένικο στα διεθνή domain names μπορούν να μοιάζουν το ίδιο με τους λατινικούς χαρακτήρες στο κοινό μάτι. Αυτό δε σημαίνει ότι αντιμετωπίζεται το ίδιο από τους υπολογιστές που διαβάζουν άλλους χαρακτήρες και προφανώς κατευθύνονται σε άλλες διευθύνσεις.

Για παράδειγμα το κυριλλικό a (U+0430) και το λατινικό a (U+0041) και τα δύο αντιμετωπίζονται διαφορετικά από τον υπολογιστή παρόλο που απεικονίζονται το ίδιο.

Έτσι οι προγραμματιστές των browsers χρησιμοποιούν την punycode κωδικοποίηση για να αντιπροσωπεύσουν τους Unicode χαρακτήρες στο URL και να αμυνθούν από τις homograph απειλές. όμως εδώ ανακαλύφθηκε μια ευπάθεια που δεν αφήνει τη punycode κωδικοποίηση να εκτελεστεί αλλά αυτό είναι ένα τεχνικό ζήτημα.

Αυτή η τρύπα έχει αναφερθεί στις εταιρείες με τους ευπαθείς browsers. Δεν είναι καθόλου περίεργο να αναφέρουμε πως σε αυτές συμπεριλαμβάνονται η Google και Mozilla .
Πλέον η google έχει ολοκληρώσει μια λύση καθώς η mozilla ακόμη ψάχνει να παράγει μια λύση.

Πρακτικές αντιμετώπισης Απειλών ηλεκτρονικού ψαρέματος

Για τον firefox και για μια προσωρινή αντιμετώπιση κάντε τα εξής
1. πληκτρολογήστε στη μπάρα διεύθυνσης about:config
2. κατόπιν πληκτρολογήστε Punycode στη μπάρα αναζήτησης
3. οι ρυθμίσεις του Mozilla θα δείξουν το εξήςnetwork.IDN_show_punycode. Κάνε διπλό κλικ και επελεξε toggle και αλλαξε τη τιμή απο false σε true
Δεν υπάρχει κάτι παρόμοιο μεχρι στιγμής στο chrome ή στην opera για να απενεργοποιήσει τις αντικαταστάσεις. περιμένετε μεχρι το επόμενο update.
Υπάρχουν extensions που σας ειδοποιούν κάθε φορά που συναντάτε unicode χαρακτήρες σε κάποιο domain.
Ένας από τους καλύτερους τρόπους να προστατευτείτε από τα phishing attacks είναι ένας καλός password manager που έρχεται μαζί με add-ons και browser extensions που αυτόματα εισάγει τα στοιχεία σας στις σελίδες που πραγματικά αντιστοιχούν.
Έτσι όταν φθάνετε σε μια σελίδα που μοιάζει να είναι η πραγματική όπως η amazon ή η apple αλλά στην πραγματικότητα δεν είναι, τότε το πρόγραμμα κωδικών θα το εντοπίσει και δε θα κάνει αυθεντικοποίηση των στοιχείων. Με λίγα λόγια βρείτε και χρησιμοποιήστε ένα καλό πρόγραμμα κωδικών. Υπάρχουν αρκετά καλά και δωρεάν στο διαδίκτυο.
Τέλος οι χρήστες είναι καλό να πληκτρολογούν το domain name μόνοι τους και να μη χρησιμοποιούν ανακατευθύνσεις και συνδέσμους. Αυτό θα πρέπει να γίνεται ειδικά για τους τραπεζικούς σας λογαριασμούς.