tag:blogger.com,1999:blog-43044127310850687882010-03-14T20:19:07.187-04:00NirBlogThe official blog of nirsoft.netNir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.comBlogger86125tag:blogger.com,1999:blog-4304412731085068788.post-41037059458101130602009-08-23T03:40:00.002-04:002009-08-23T04:02:06.659-04:00NirBlog moves to a new homeIn the last few weeks, I had too much problems with the blogging system of Blogger.com<br />Just for example: in all recent posts, the Blogger system failed to upload the screenshots of my tools through my FTP server, and I had to manually upload them and then edit the HTML of the post in order to properly show them inside the Blog post.<br /><br />Also, some users complained that they cannot add their comments to my posts or their comments are added only when they use a specific Web browser.<br /><br />Unfortunately, I cannot solve the problems caused by Blogger system, so the only solution is to host the blog on my own server.<br />I installed the latest version of WordPress on my server, and imported all my Blogger posts into the new Blog. The import process is not perfect, but it generally look fine.<br /><br />The new Blog address is <a href="http://blog.nirsoft.net/">http://blog.nirsoft.net/</a>.<br /><br />The old Blog will still be available for some time, because there are other pages that link to it.<br /><br />Also, be aware that if you subscribed the RSS of my Blogger Blog, you should cancel it and subscribe the RSS feed of <a href="http://blog.nirsoft.net/">http://blog.nirsoft.net/</a>.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-4103705945810113060?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com1tag:blogger.com,1999:blog-4304412731085068788.post-30606878789521245062009-08-18T02:52:00.001-04:002009-08-18T02:56:27.764-04:00BlueScreenView now also support 64-bit MiniDump FilesThe new version of <a href="http://www.nirsoft.net/utils/blue_screen_view.html">BlueScreenView</a>, version 1.05, now also support the MiniDump Files created by x64 version of Windows.<br />The executable file of BlueScreenView is still created as 32-bit application, but it can read and analyze the crash MiniDump Files of both both 32-bit and x64 systems.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-3060687878952124506?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com3tag:blogger.com,1999:blog-4304412731085068788.post-29400406086642350302009-08-15T02:55:00.006-04:002009-08-15T03:15:36.688-04:00NirSoft Launcher is in development processMany people ask me if there is any package with all NirSoft utilities and a launcher application to easily find and run the desired utility.<br />So now there is something in development:<br />NirLauncher (The name might be changed later) is a utility that will be packed with dozens of NirSoft utilities and will display them in the main window, separated by different categories, like 'Password Recovery Tools', 'Network Tools', 'Web Browser Tools', and so on.<br /><br />It'll allow you to easy run a utility, run the utility with command-line parameters, open the help file, browser into the Web page of the utility, and so on.<br />It's also possible that NirLauncher will allow other developers to provide their utilities as additional package for NirLauncher.<br /><br />I hope that the first Beta of NirSoft Launcher will be available to download in the incoming weeks.<br />For now, you can enjoy the first screenshots of NirLauncher:<br /><p><br /><br /><a href="http://www.nirsoft.net/images/nir_launcher1.png"><img src="http://www.nirsoft.net/images/nir_launcher1.png" height="230" width="450"></a><br /><br /><br /><br /><p><br /><a href="http://www.nirsoft.net/images/nir_launcher2.png" target="launcher2"><img src="http://www.nirsoft.net/images/nir_launcher2.png" height="230" width="450"></a><br /><br /></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-2940040608664235030?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com8tag:blogger.com,1999:blog-4304412731085068788.post-60707603806218362522009-08-11T02:06:00.002-04:002009-08-11T02:10:56.045-04:00View all fonts installed in Windows.<a href="http://www.nirsoft.net/utils/windows_fonts_viewer.html">WinFontsView</a> is a new utility that enumerates all fonts installed on your system, and displays them in one simple table.<br />For each font, WinFontsView draws 5 samples of the font in different sizes, in order to allow you to easily find and choose the desired font that you need. WinFontsView also allows you to view the fonts as Bold, as Italic or with underline, as well as it allows you to export the fonts list into html file.<br /><br />For more infromation about WinFontsView, <a href="http://www.nirsoft.net/utils/windows_fonts_viewer.html">click here</a>.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-6070760380621836252?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-46230764825943207472009-08-04T14:37:00.005-04:002009-08-04T14:50:30.664-04:00Allopass continue to support msnpass.info and msn-blocked.com scam Web sites.A few days ago, I reported that Allopass company decided to close the account of msnpass.info scam. So it seems that they simply lied to me.<br />After a few days, I saw that msnpass.info Web site is still very active, so I contacted Allopass again, and now their representative says that they are not going to close the account.<br /><br />The reason: The owner of msnpass.info told them that msnpass.info sell a software developed by msnpass.info team, and this Web site doesn't sell the utilities of NirSoft at all.<br />This is probably the reason for the <a href="http://www.nirsoft.net/blog/2009/07/msnpassinfo-is-active-again-with-new.html">screenshot change, that I reported a few days ago</a>.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msnpass_new-795313.png"><img style="cursor: pointer; width: 400px; height: 138px;" src="http://www.nirsoft.net/blog/uploaded_images/msnpass_new-795309.png" alt="" border="0" /></a><br /><br />The owner of msnpass.info created a fake screenshot of a software that doesn't really exist, and told the Allopass company that msnpass.info sell the software shown in the screenshot, which doesn't look like the MessenPass utility of NirSoft.<br /><br />But according to reports that I received in the last days from 2 people that fell into msnpass.info scam, after users pay through the payment system of Allopass, they are still sent to download my MessenPass and Mail PassView utilities.<br />The fake screenshot in the landing page of msnpass.info was just created to give Allopass a good excuse for not closing the account.<br /><br />The sad fact is - Both msnpass.info and Allopass company have interest of keeping msnpass.info account open and to continue making a lots of money from this nasty scam.<br /><br />In the last few weeks, I was in contact with a few employees of Allopass company regarding this scam, and in all this time, they just wasted my time and protected the side of the criminals.<br />Instead of suspending the account of msnpass.info and require this Web site owner to stop the nasty MSN spamming activities and to stop selling the software of others,<br />Allopass simply sent my complaint to msnpass.info owner. msnpass.info owner answered them that he sell his own software and not my software, and Allopass simply accepted this answer, and decided to keep the account open.<br /><br />Just to remind you again - msnpass.info and msn-blocked.com are a pair of scam Web sites in french that use very nasty way to get a large amount of traffic and... money.<br />The first one, msn-blocked.com - asks innocent users to type their MSN user/password, and then floods all their contacts with fake instant messages that invite them to join msn-blocked Web site, and enter their user/password too.<br />The second one, msnpass.info - offer the users of msn-blocked.com to purchase the MessenPass utility of NirSoft through the SMS payment system of allopass.com, misleading french users that don't know that this utility is available for free at www.nirsoft.net.<br /><br />For more information about how this scam works, <a href="http://www.nirsoft.net/blog/2009/07/msn-blockedcom-and-msnpassinfo-scams.html">read this post</a>.<br /><br /><br /><span style="color: rgb(0, 0, 153); font-weight: bold;font-size:130%;" >msn-blocked.com blocked by Firefox, so other domains are used</span><br /><br />Due to complains of many users about msn-blocked Web site, Firefox and Google blocked this domain for 'Reported Web Forgery'.<br />So the owner of this scam started to redirect Firefox users to other domains like msn-block.info, msn-blocking.com, msn-check.info, and possibly others.<br />msn-block.info and msn-blocking.com domains are already completely blocked by Firefox too, while msn-check.info is only partly blocked.<br /><br />So for, Firefox/Google are the only good side in this world that do something against this scam.<br />I already reported about this scam to Microsoft (for MSN Messenger abuse), to GoDaddy (The domain registrar), to Domains By Proxy (the privacy protection company), to EURO-WEB Servers renting (the current hosting company), and to some other organizations that handle these kind of scams. So far, there is no any action from any of them.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-4623076482594320747?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com5tag:blogger.com,1999:blog-4304412731085068788.post-30248626570320596932009-08-04T03:08:00.001-04:002009-08-04T03:10:05.540-04:00Getting information about BSODs that occurred in your system<a href="http://www.nirsoft.net/utils/blue_screen_view.html">BlueScreenView</a> is a new utility that allows you to watch the details of all 'Blue Screen of Death' crashes that occurred in your system.<br /><br />It automatically scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version).<br />BlueScreenView also displays the list of all drivers loaded during the crash, as well as it allows you to view a blue screen window which is very similar to the one that Windows displayed during the crash.<br /><br />For more information about this utility, go to <a href="http://www.nirsoft.net/utils/blue_screen_view.html">BlueScreenView Web page</a>.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/bluescreenview2-783737.gif"><img style="cursor: pointer; width: 400px; height: 332px;" src="http://www.nirsoft.net/blog/uploaded_images/bluescreenview2-783735.gif" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-3024862657032059693?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-47631078211671050632009-08-04T03:01:00.004-04:002009-08-04T03:06:37.914-04:00Watching current METAR weather reports in Google earth<a href="http://www.nirsoft.net/utils/mweather.html">MetarWeather</a> utility has a new feature that allows you to watch the latest METAR weather reports from Google Earth map.<br />In order to use this feature, simply selected the desired METAR report lines, go to 'Save Selected Items' (Ctrl+S), choose the KML in the file type combo-box, and save the file. After that, you can open the saved .kml file in Google Earth, and watch the METAR reports on earth map.<br /><br />Here's a sample result of METAR reports in Google Earth:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/mweather_google_earth-770996.png"><img style="cursor: pointer; width: 400px; height: 368px;" src="http://www.nirsoft.net/blog/uploaded_images/mweather_google_earth-770505.png" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-4763107821167105063?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com1tag:blogger.com,1999:blog-4304412731085068788.post-44499635382009298482009-07-30T15:06:00.002-04:002009-07-30T15:14:21.018-04:00MessenPass with alerts in only 2 Antivirus programs out of 41 - is it possible ?As I already reported in the past, MessenPass, my password recovery tool for Messenger applications, is falsely detect as Virus/Trojan/Malware by many Antivirus programs.<br /><br />Currently, according to this <a href="http://www.virustotal.com/analisis/ea10d96e8a11ce669cd6dd9ae50c969a080a91eee08e90cff8ee277cf7dabfcf-1248813128">virustotal report</a>, 18 out of 41 Antivirus programs shows a virus alert for MessenPass utility.<br /><br />So I decided to make a nice test. I took the same code of MessenPass, and recompiled it with different compiler optimization options.<br />I also left it without UPX compression that I usually do with all my utilities.<br />I posted <a href="http://www.nirsoft.net/utils/mspass_test.zip">the new build of MessenPass</a> for testing in VirusTotal Web site, and here's the amazing result:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass_test-754731.png"><img style="cursor: pointer; width: 163px; height: 400px;" src="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass_test-754309.png" alt="" border="0" /></a><br /><br /><br />Only 2 out of 41 Antivirus programs trigger a virus alert for the new build of MessenPass.<br />Just to be clear - It's still the same version of MessenPass (v1.26) like the original MessenPass with the 18 Antivirus alerts.<br />I simply compiled the same code of MessenPass with different compiler options.<br />avoiding from UPX compression also helped a little, because after compressing the same file with UPX, I got 5 virus alerts.<br /><br />Currently, <a href="http://www.nirsoft.net/utils/mspass_test.zip">this build of MessenPass</a> is only posted in this blog, while the I left the original build in the MessenPass Web page.<br />It's interesting to see whether the Antivirus companies read or scan my blog.<br />If they do, the number of virus alerts in this MessenPass build will increase very soon...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-4449963538200929848?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com2tag:blogger.com,1999:blog-4304412731085068788.post-79168390495365544972009-07-30T02:39:00.003-04:002009-07-30T02:42:02.408-04:00msnpass.info is active again with a new screenshotAfter a few hours with the new 'who loves you' scam Web site, msn-blocked Web site once again redirect all users to msnpass.info<br />But now msnpass.info shows a new screenshot of password-recovery software, instead of the screenshot of MessenPass. I don't know if this screenshot is based on a real existing software, or it's just a completely fake screenshot created by msnpass.info owner.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msnpass_new-744658.png"><img style="cursor: pointer; width: 400px; height: 138px;" src="http://www.nirsoft.net/blog/uploaded_images/msnpass_new-744653.png" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-7916839049536554497?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com1tag:blogger.com,1999:blog-4304412731085068788.post-2589892410965405452009-07-29T02:56:00.004-04:002009-07-29T03:08:00.089-04:00Instead of messenger password, find who loves you !Finally, the owner of msnpass.info decided to stop selling my MessenPass software.<br />The Web page of msnpass.info still exists, but all visitors of msn-blocked.com are now redirected to a new Web site that is hosted in the same IP addresses of msnpass.info<br />The new Web site is oh-love.me, and like msnpass.info, it's hosted with multiple host names, like http://d.oh-love.me, http://c.oh-love.me, http://b.oh-love.me, and others.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/ohlove-769372.png"><img style="cursor: pointer; width: 400px; height: 237px;" src="http://www.nirsoft.net/blog/uploaded_images/ohlove-769358.png" alt="" border="0" /></a><br /><br /><br />This Web site is also in french, so I used Google Translator to find out what exactly this Web site offer the users, and here's the result:<br /><span style="color: rgb(51, 51, 255);">Welcome to oh-love.me,</span> <span style="color: rgb(51, 51, 255);">You always wanted to be able to read minds of others? Power who secretly pinching for you?</span> <span style="color: rgb(51, 51, 255);">Your dream will come true soon!</span> <span style="color: rgb(51, 51, 255);">With oh-love.me, you will be able to know the name of the boy or girl who secretly loves you!</span> <span style="color: rgb(51, 51, 255);">It's super easy, you simply send an SMS that you will be shown by clicking on the flag of your country.</span> <span style="color: rgb(51, 51, 255);">By entering the code magic optenu on the site, you immediately know the name of your claim or your pr?tendante secret!</span><br /><br />I don't know what exactly the users get when they send the SMS, but there is no any utility in NirSoft Web site that can do that :-)<br /><br />Also, Firefox/Google blocked the entire domain of msn-blocked.com, so now all the Firefox visitors are redirected to msn-block.info domain (like s502.msn-block.info and many others)<br />while the users of Internet Explorer are still redirected to msn-blocked.com domain, because IE doesn't block them.<br /><br />It looks like whoever is behind these scams, works around the clock just to keep them alive...<br /><br />And just more good news... I received another email from Allopass, and now they say that they are going to cut the account that was used for selling my MessenPass software.<br />I guess that even after closing the Allopass account, the scam owner won't give up, and will open a new account in Allopass or in other similar payment company.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-258989241096540545?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com2tag:blogger.com,1999:blog-4304412731085068788.post-76604697149599733202009-07-25T15:03:00.006-04:002009-07-25T17:00:29.905-04:00msn-blocked.com and msnpass.info scams moved to a new hosting and Allopass returned a ridiculous response.msn-blocked.com and msnpass.info are a pair of scam Web sites in french that are extermly active in the last few weeks.<br />The first one, msn-blocked.com - asks innocent users to type their MSN user/password, and then floods all their contacts with fake instant messages that invite them to join msn-blocked Web site, and enter their user/password too.<br />The second one, msnpass.info - offer the users of msn-blocked.com to purchase the MessenPass utility of NirSoft through the SMS payment system of allopass.com, misleading french users that don't know that this utility is available for free at www.nirsoft.net.<br /><br />As I already <a href="http://www.nirsoft.net/blog/2009/07/msnpassinfo-and-msn-blockedcom-scam.html">reported in my previous posts</a>, these Web site were hosted in ovh.net hosting company, but in the last few days the owner of these scams moved most of the servers into another hosting company - <a href="http://www.sd-france.com/">EURO-WEB Servers renting</a>, which is also an hosting company in France. Although most of the activity moved to the new hosting company, some of the servers are still active in the previous hosting company - ovh.net<br /><br />The host names in the new hosting company are:<br />a.msnpass.info<br />b.msnpass.info<br />c.msnpass.info<br />d.msnpass.info<br />e.msnpass.info<br />f.msnpass.info<br />a2.msn-blocked.com<br />b2.msn-blocked.com<br />c1.msn-blocked.com<br />d1.msn-blocked.com<br />f5.msn-blocked.com<br /><br />...And there are possibly more...<br /><br /><br /><span style="color: rgb(51, 51, 255); font-weight: bold;font-family:arial;font-size:130%;" >Ridiculous Answer From Allopass.com</span><br /><br />I the previous post, I reported that there was no answer from Allopass payment company that is used as a part of msnpass.info/msn-blocked.com scam.<br />So after a while, they sent me their ridiculous answer to my complaint about these scams, and here's the quote from their response:<br />"<span style="color: rgb(51, 0, 153);">Please apologize for this late answer. As a payment system provide, Allopass is not entitled to take side in this kind of dispute. However, we just notified the publisher of http://www.msnpass.info/ of your complaint, and now look forward to his reply.</span>"<br /><br />So Allopass don't want to "take side" in this issue, but they actually enjoy to take their side in sharing the revenue with msnpass.info owner.<br />Each time that a new innocent victim pays for my MessenPass software in msnpass.info Web site, Allopass company also get their side in the SMS revenue, together with msnpass.info scam owner.<br />But the main problem with msnpass.info is not the action of illegally selling NirSoft software, but the fact that this Web site get all the traffic by spamming the MSN Messenger accounts of innocent people with fake messages generated by msn-blocked.com Web site.<br /><br />As you can see from Alexa ranking, the traffic of msn-blocked.com Web site continue to grow, and in the last days the it reached to a new record:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msnblocked_alexa-723124.png"><img style="cursor: pointer; width: 400px; height: 178px;" src="http://www.nirsoft.net/blog/uploaded_images/msnblocked_alexa-723122.png" alt="" border="0" /></a><br /><br />most of the traffic of msn-blocked.com comes from countries with french speakers - France, Belgium, Switzerland, and a few more.<br /><br /><br /><span style="color: rgb(51, 51, 255); font-weight: bold;font-family:arial;font-size:130%;" >How This Scam Works</span><br /><br />If you still don't understand how exactly this scam works, and how these scam Web sites get so much traffic, here's a simple explanation of the viral spreading made in these Web sites.<br />For the examples below - User X, User Y, and User C are french speakers that constantly use MSN or Live Messenger to chat with their friends.<br /><br /><ol><li><span style="color: rgb(153, 0, 0);">User X</span> get an instant message in MSN from his good friend, <span style="color: rgb(153, 0, 0);">User Y</span>, that recommend him to visit msn-blocked.com Web site (And <span style="color: rgb(153, 0, 0);">User X</span> doesn't know yet that this is fake message generated by msn-blocked.com Web site)<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msn_scan-770493.png"><img style="cursor: pointer; width: 373px; height: 400px;" src="http://www.nirsoft.net/blog/uploaded_images/msn_scan-770490.png" alt="" border="0" /></a><br /><br /></li><li><span style="color: rgb(153, 0, 0);">User X</span> Visit msn-blocked Web site and put his MSN user name and password, assuming that it's a safe Web site, because <span style="color: rgb(153, 0, 0);">User Y</span>, his good friend that he trust, sent him to this site.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msn-blocked1-710965.png"><img style="cursor: pointer; width: 400px; height: 356px;" src="http://www.nirsoft.net/blog/uploaded_images/msn-blocked1-710963.png" alt="" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msn-blocked1-710965.png"><br /></a></li><li>After giving his MSN user name/password to msn-blocked, this Web site connect to the MSN account of <span style="color: rgb(153, 0, 0);">User X</span>, and send fake instant messages to all his contacts !!<br /><br /></li><li>Now <span style="color: rgb(153, 0, 0);">User C</span>, D, E, F, and others, which are in the contacts list of <span style="color: rgb(153, 0, 0);">User X</span>, receive the fake invitation message from <span style="color: rgb(153, 0, 0);">User X</span>, and some of them, like <span style="color: rgb(153, 0, 0);">User X</span>, do the same mistake, and go to msn-blocked Web site and give their user name/password.<br /><br /></li><li>In the <span style="color: rgb(153, 0, 0);">User X</span> side, msn-blocked page is loaded and display his contacts list for a few seconds.<br /><br /></li><li>After a few seconds, the Web site is suddenly redirected to www.msnpass.info Web site.<br /><br /></li><li>www.msnpass.info Web site offers <span style="color: rgb(153, 0, 0);">User X</span> to download my MessenPass Software by using the SMS payment system of allopass.com<br /><span style="color: rgb(153, 0, 0);">User X</span> still doesn't know that all his contacts received the fake instant messages in his name, and he think that msnpass.info is good Web site recommended by his friend, and of course, <span style="color: rgb(153, 0, 0);">User X</span> doesn't know that MessenPass utility is available to download for free at NirSoft Web site.<br /><br /></li><li><span style="color: rgb(153, 0, 0);">User X</span> send an SMS and get the code for downloading my MessenPass Software, assuming that <span style="color: rgb(153, 0, 0);">User Y</span> recommeneded him to do so.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msnpass1-705304.png"><img style="cursor: pointer; width: 400px; height: 238px;" src="http://www.nirsoft.net/blog/uploaded_images/msnpass1-705299.png" alt="" border="0" /></a><br /><br /><br /><br /></li><li>When <span style="color: rgb(153, 0, 0);">User X</span> send the SMS, the payment is shared between the scam owner, Allopass payment company, and the phone company.<br /><br /></li><li>After a while, <span style="color: rgb(153, 0, 0);">User C</span>, a friend of <span style="color: rgb(153, 0, 0);">User X</span>, ask him about the link he sent him earlier.<br /><span style="color: rgb(153, 0, 0);">User X</span> doesn't remember that he sent any link to <span style="color: rgb(153, 0, 0);">User C</span>, and he start to understand that msn-blocked.com sent fake messages to all his contacts.<br />But it's already too late. Some of the <span style="color: rgb(153, 0, 0);">User X</span> contacts, the received the same fake invitation message, already gave their MSN user/password, and continued the viral spreading of msn-blocked scam.<br /><br /></li><li><span style="color: rgb(153, 0, 0);">User X</span>, angry about the embarrassment that this Web site caused him, browse into msn-blocked.com link again, and report it as 'Web Forgery' from the Web browser interface.<br />After a while, the Web address reported by <span style="color: rgb(153, 0, 0);">User X</span> will be blocked by Firefox/Google and other Web site blockers, but it won't help much to the next victims, because the scam owner constantly modifies the Web site address. For example: If <span style="color: rgb(153, 0, 0);">User X</span>, received the Web site address as s12.msn-blocked.com, the next victims will get a new address like s35.msn-blocked.com, and thus it won't be blocked for the next victims.<br /><br /><br /></li><li>The owner of mspass.info and msn-blocked sites, accumulates more and more money from the SMS system, allowing him to pay more for the hosting services and to extend his scam Web sites to more servers.<br /><br /></li><li>Due to the nature of "viral spreading" like in this scam, the number of users visit these sites grows exponentially, and the scam owner rent more and more servers in order serve all the site "visitors".<br />The scam owner probably relies on payments from Allopass system for paying the new hosting servers.<br /><br /></li><li>Allopass company also enjoy the scam of msnpass.info, and get their part of the revenue, without caring about the nasty way that the visitors are sent into msnpass.info Web site, and without caring about violation of my intellectual property rights, even if it's against their own <a href="http://en.allopass.com/reglement2.php4">conditions of use</a>.<br /><br /></li><li>It's possible that all MSN user/passwords provided by users in msn-blocked Web sites, are collected into a large database of passwords for using it later for<br />identity theft and other crimes.<br /><br /></li></ol><br />That's all for now.<br /><br />You are welcome to add your comment about Allopass behaviour in this matter, and whether they should continue to provide their payments services for the nasty scam Web sites that I described above.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-7660469714959973320?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com5tag:blogger.com,1999:blog-4304412731085068788.post-89310102955821742082009-07-23T14:41:00.000-04:002009-07-23T14:42:13.485-04:00View and export the contacts.edb of Windows Live MessengerLiveContactsView is a new utility that allows you to easily view all your contacts stored by<br />Windows Live messenger, inside the contacts.edb database.<br />Like in all NirSoft utilities, you can select the desired contacts and export them into text,csv,html, and xml file, or you can copy them to the clipboard and paste into a spreadsheet application.<br /><br />LiveContactsView is available to download from <a href="http://www.nirsoft.net/utils/live_messenger_contacts.html">here</a>.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-8931010295582174208?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-67734794378291656012009-07-20T02:47:00.002-04:002009-07-20T02:57:17.963-04:00MessenPass false positives increased to 17As I predicted in my <a href="http://www.nirsoft.net/blog/2009/07/only-10-false-positives-in-new.html">previous post about MessenPass false positives</a> , the number of false positives alerts in the new version of MessenPass increased to 17, according to VirusTotal report.<br /><br />The new false alerts are:<br /><br />a-squared - Trojan.Generic!IK<br />AntiVir - SPR/PSW.Messen.DC<br />Antiy-AVL - PSWTool/Win32.Messen.gen<br />Comodo - UnclassifiedMalware<br />Fortinet - HackerTool/Messen<br />McAfee-GW-Edition - Riskware.PSW.Messen.DC<br />ViRobot - Not_a_virus:PSWTool.Messen.64512.B<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass2007-737216.png"><img style="cursor: pointer; width: 156px; height: 400px;" src="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass2007-736790.png" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-6773479437829165601?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com1tag:blogger.com,1999:blog-4304412731085068788.post-82705302444167816852009-07-12T03:14:00.002-04:002009-07-12T03:19:18.984-04:00Only 10 false positives in the new MessenPass release, for now.A few days ago, I released a new version of MessenPass. According to <a href="http://www.virustotal.com">VirusTotal Web site</a>, so far there are only <a href="http://www.virustotal.com/analisis/252301f2270fb4fc22c66a00fbd02d3fe3fe1abc2e8c2af62e7b500cac677527-1247134181">10 Antivirus programs</a> that detect a threat or infection inside mspass.zip:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass125-733342.png"><img style="cursor: pointer; width: 157px; height: 400px;" src="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass125-732853.png" alt="" border="0" /></a><br /><br />If you wonder what is the reason that I say the word 'Only', that's because the previous of MessenPass (v1.24) has <a href="http://www.virustotal.com/analisis/f7ecb852a035c1be094c448b063042850dc8cea5e9a517fc8f8dd8c1079b7266-1247011399">false alerts in 25 Antivirus programs</a>:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass124-784081.png"><img style="cursor: pointer; width: 160px; height: 400px;" src="http://www.nirsoft.net/blog/uploaded_images/virustotal_msnpass124-783546.png" alt="" border="0" /></a><br /><br /><br />The reason of the False Positive decrease is probably because most Antivirus programs don't find the bytes sequence that they used to detect the previous version of MessenPass.<br />Unfortunately, in the next days/weeks, these Antivirus companies will probably add the new MessenPass into their database, and the number of false alerts will increase back to around 25.<br />In the next few days, I'll watch closely the changes in <a href="http://www.nirsoft.net/utils/mspass.html">MessenPass</a> false positives, and I'll post an update when the number of false alerts significantly increase.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-8270530244416781685?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-48078137930201578362009-07-12T02:57:00.004-04:002009-07-12T04:15:44.581-04:00Troubles caused by false positives of McAfeeA few weeks ago, I wrote about the <a href="http://www.nirsoft.net/blog/2009/05/antivirus-companies-cause-big-headache.html">troubles I have from all these false virus alerts</a> generated by Antivirus programs.<br />So here's 2 more examples of serious troubles that McAfee false positives caused to other companies:<br /><ol><li><a href="http://www.theregister.co.uk/2009/07/03/mcafee_false_positive_glitch/">McAfee false-positive glitch fells PCs worldwide When AV attacks</a>:<br />In this event, that occurred only 10 days ago, McAfee Antivirus "attacked" some system files that were falsely detected as Trojan, and caused<br />these computers to crash with blue screen of death.<br /><br /></li><li><a href="http://www.crn.com/security/208401061;jsessionid=TKRILK4WC4CYEQSNDLPSKH0CJUNN2JVN">Companies Struggle To Reverse McAfee's False Positives On Yahoo Search</a>:<br />Around a year ago, Yahoo started a partnership with McAfee's SiteAdvisor, causing some Web sites to be displayed with false red alerts on Yahoo search results.<br /><br /></li></ol>...And finally, just a good word for <a href="http://www.siteadvisor.com/">McAfee SiteAdvisor</a>: Although they have some false alerts problems like mentioned in the second article, at least they also show a good willingness to fix these kind of problems. 3 years ago, their SiteAdvisor was displayed a red alert on my Web site, but after I added my remark as the author of NirSoft, they checked <a href="http://www.siteadvisor.com/sites/nirsoft.net">my Web site and decided to turn it from red to green</a>.<br />As opposed to SiteAdvisor, the Antivirus of McAfee is a troublemaker like all the others, and continue to detect my utilities as "potentially unwanted program" or "Generic PUP".<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-4807813793020157836?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-43368590682162122212009-07-08T14:53:00.004-04:002009-07-09T03:18:06.407-04:00MsnPass.Info and msn-blocked.com Scam UpdateAfter digging more into the MsnPass.Info scam that I reported in previous posts, I found out that this scam is a only part of possibly a larger scam that may involve in collecting emails and passwords of french users.<br /><br />msn-blocked.com is a Web site that offers french users to find out who block their msn messenger user. In order to use this "service", the users are required to provide their MSN user name and password.<br />Currently, it has at least 3 active servers: http://s601.msn-blocked.com/, http://s502.msn-blocked.com, http://s12.msn-blocked.com<br />There are some other addresses that already blocked by Firefox with "Reported Web Forgery!" message (For example: http://s11.msn-blocked.com), probably after users reported that it's a phishing site.<br />But every time that a Web address is blocked, the scam owner simply replace it with a new server name.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msn-blocked-736964.png"><img style="cursor: pointer; width: 400px; height: 201px;" src="http://www.nirsoft.net/blog/uploaded_images/msn-blocked-736961.png" alt="" border="0" /></a><br /><br />This Web site has a terms and conditions in french, so I used the 'Google Translate' tool for translating them to English, and that's what they say: "The site aims to provide you with tools to identify people who you are blocked and / or removed from their list of contacts on MSN or Windows Live Messenger. In return you grant this site (MSN-blocked.com) to include your email address in mailing lists marketing."<br />In other words, the Web site owner says that he collect every email entered by the user for spamming purposes.<br /><br />Just for a test, I tried to create a new MSN account (I wouldn't give my real user name/password for criminals) and use them in http://s12.msn-blocked.com/ Web site.<br />After I did it, The Web site showed it's connecting to the MSN server, and than it redirected me to a page with a few french words that I don't understand. A few seconds later, it redirected me again... to mspass.info Web site.<br />So after I gave my user name/password to the Web site owner, he simply offer me to buy my own utility through SMS/phone system of allopass.com.<br />In the beginning, both msnpass.info and msn-blocked.com were hosted in the same server, but now each of these Web site is hosted in 3 - 4 separated servers.<br /><br />There are 2 other things to concern:<br />1. This Web site (msn-blocked.com) may also collect that passwords of each user that uses this service, and that's really bad, especially when we already know that the owner is a thief that sell the software of others.<br /><br />2. With the MSN user name/password, the Web site owner can collect the email addresses of all the contacts of the user - for spamming purposes.<br /><br />But the most concerning thing in this scam is the large amount of traffic the scam owner managed to receive.<br />I have already seen many scam Web sites in my life, but scale of this scam is really unusual.<br />Both Alexa and radarurl.com (a widget added by scam owner to watch the number of online users) displayed exterme amount of traffic in the last<br />few days.<br /><a href="http://radarurl.com/url/3.msnpass.info">radarurl.com already removed msnpass.info</a> and msn-blocked.com sites (Maybe because the owner of radarurl.com found out about this scam), but before they were removed, it was displaying around 100-200 online users for each server (around 1000 online users for all servers together) in the peak hours.<br /><br />In Alexa, the traffic rank of msn-blocked.com is around 8000 in the last few days, which is very high for a Web site that established only 3 weeks ago.<br /><br />Moreover, it seems that the scam owner have at least 8 dedicated servers (4 for msnpass.info and 4 for msn-blocked.com) which implies that it's really a major scam. The scam owner wouldn't pay for 8 dedicated servers unless there is something huge behind that.<br /><br />As I already reported, I tried to contact both ovh.com hosting and the payment company (allopass.com) by email and from their Web site contact forms, but with no success.<br />They simply don't answer - I don't know if they simply don't understand English or they don't really care that their services are used for fraud activities.<br />Unfortunately, I don't live in france and I don't speak french, so I cannot do anything else to shut down this scam.<br /><br />If you live in france and/or you can talk in french, you may try to call this <a href="http://www.ovh.com/fr/index.xml">ovh.com</a> company, get to the right department, and tell them about scam of msn-blocked.com and msnpass.info.<br /><br />If no one will do something about this scam, these criminals will continue to collect more and more msn emails/passwords and to make money from selling my software.<br />In the end, they'll have a nice amount of money in the bank, and a large user/password database that will allow them to do many other terrible things.<br /><br />Finally, here's a small explanation about how these Web sites get all the traffic:<br />Each time that a use put his user name and password into msn-blocked.com, this Web site send a live message in french to all the contacts of the user:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msn_scan-755863.png"><img style="cursor: pointer; width: 373px; height: 400px;" src="http://www.nirsoft.net/blog/uploaded_images/msn_scan-755861.png" alt="" border="0" /></a><br /><br /><br />The message is sent in the name of the user that gave his user name/password, and invite all contacts to check the Web sites of MsnPass.Info or msn-blocked.com<br />The users that receive this message think that it as came from their messenger friend, and thus many of them browse into this Web site, login with their user/password, and cause this viral spreading to continue.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-4336859068216212221?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com3tag:blogger.com,1999:blog-4304412731085068788.post-47408571122525843722009-07-05T03:02:00.003-04:002009-07-05T03:16:30.070-04:00MsnPass.Info Scam is extending...Since my <a href="http://www.nirsoft.net/blog/2009/06/msnpassinfo-scam-report.html">last post about the MsnPass.Info Scam</a>, the owner of this scam extended the Web site, and now there are 3 new dedicated servers - 2.msnpass.info, 3.msnpass.info, and 4.msnpass.info<br />These new servers are hosted in same hosting company - <a href="http://www.ovh.com/">http://www.ovh.com</a>, although I already reported them about the scam. I seems that they don't really care that their services are used for fraud activities.<br /><br />The main server (www.msnpass.info) is used for randomly redirecting the user to one of the other 3 servers, probably to avoid server overload.<br />In the last few days, this Web site has extreme amount of traffic, as you can see from <a href="http://www.alexa.com/siteinfo/http%3A%2F%2Fwww.msnpass.info%2F">this Alexa report</a>:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msnpass_scam_alexa-732759.png"><img style="cursor: pointer; width: 400px; height: 159px;" src="http://www.nirsoft.net/blog/uploaded_images/msnpass_scam_alexa-732757.png" alt="" border="0" /></a><br /><br />In fact, for some of these days, this Web site received more traffic than the entire NirSoft Web site, despite the fact that it contains only a single page in french. This amount of traffic for one-page Web site cannot be "natural". The scam owner probably uses spam messages and other bad techniques in order to get this volume of traffic.<br /><br />msnpass.info displays a download counter inside the landing page, saying that more than 800,000 already downloaded it. I don't believe that this download counter is really the truth.<br />It's more likely that this number represents the number of page views.<br />Assuming that this number represents the number of page views, and even if only low percentage of the users actually payed and downloaded my software, it possible that the scam owner and allopass.com (the payment company) already generated an income of more than 100,000 Euro from this scam.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-4740857112252584372?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com1tag:blogger.com,1999:blog-4304412731085068788.post-69160883115222041082009-06-27T14:46:00.003-04:002009-06-27T14:51:50.299-04:00MsnPass.Info Scam ReportOne of my software users reported me about a scam Web site in french that sells my <a href="http://www.nirsoft.net/utils/mspass.html">MessenPass</a> utility in another faked name.<br />This Web site displays a faked screenshot of <a href="http://www.nirsoft.net/utils/mspass.html">MessenPass</a> utility. In this screenshot, the name of the utility is MsnPass.Info and my Web site address in the status bar was removed.<br />This Web site offers the users to "purchase" this utility for 2.00 EUR, which looks like a good and attractive price for a password-recovery utility , but without specifying that it's a freeware tool that was taken from NirSoft.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/msnpass_scam-789278.png"><img style="cursor: pointer; width: 400px; height: 284px;" src="http://www.nirsoft.net/blog/uploaded_images/msnpass_scam-789273.png" alt="" border="0" /></a><br /><br /><br />This Web site uses the services of allopass.com to get the payments from users. I already send them a message about this scam, but I don't know if they are going to do something about that.<br /><br />The Web site address is http://www.msnpass.info<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-6916088311522204108?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com4tag:blogger.com,1999:blog-4304412731085068788.post-63240995973429661942009-06-24T15:04:00.002-04:002009-06-24T15:15:14.758-04:00128 GB flash drive from KingstonIn my previous post, I said that the largest available flash drive is 64 GB.<br />So I discovered that I was wrong, Because just a week ago, Kingston announced about the first 128 GB flash drive in the market.<br /><br />If you are really a millionaire that want to waste your money, you can purchase this flash drive in a <a href="http://www.amazon.com/gp/product/B002DT4PUW?ie=UTF8&tag=nirsfreeutil-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=B002DT4PUW">special price of $1065 at Amazon</a>.<br /><br />If you are not a millionaire, wait 2 years, and then you'll be able to purchase the same flash drive in less than 10% of the price that it's sold today.<br />In that time, we'll probably see the first 512 GB or even 1 TB flash drives in the market.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/usb_flash_drive_128gb-715588.png"><img style="cursor: pointer; width: 281px; height: 100px;" src="http://www.nirsoft.net/blog/uploaded_images/usb_flash_drive_128gb-715587.png" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-6324099597342966194?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-77312452557795899032009-06-23T14:47:00.002-04:002009-06-23T14:53:33.341-04:00Compare the speed of USB flash drives<a href="http://www.nirsoft.net/utils/usb_devices_view.html">USBDeview</a> has a new feature that allows you to test the read and write speed of your USB flash drive. But the more interesting feature is the ability the submit the speed test result to <a href="http://usbspeed.nirsoft.net">http://usbspeed.nirsoft.net</a>, so you and other people will be able to easily compare the speed of many USB flash drives.<br /><br />In the first 24 hours of this <a href="http://www.nirsoft.net/utils/usb_devices_view.html">USBDeview</a> release, I already received more than 50 <br />speed test records, which is quite impressive.<br /><br />However, in this growing speed tests list, there is a lacking of 32 GB and 64 GB flash drives, probably because these flash drives are still quite rare and expensive, and most people simply don't purchase them.<br />(I must admit that I also have only 16GB flash drive, and I won't purchase the larger flash drives until their price will decrease...)<br />Just for example: The price of <a href="http://www.amazon.com/gp/product/B001JJBCBW?ie=UTF8&tag=nirsfreeutil-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=B001JJBCBW">'Kingston DataTraveler 64 GB'</a> at Amazon is $148, and there are some other 64 GB flash drives that are even more expensive.<br /><br />If you already have one of these expensive 32GB/64GB flash drives, I'll be glad if you test them with USBDeview and submit the test result to <a href="http://usbspeed.nirsoft.net">http://usbspeed.nirsoft.net<br /><br /></a>Also, be aware to the difference between USB Flash Drives and USB external hard disk drives.<br />Flash Drives are memory devices that stores the data in flash memory, while USB external hard disks are regular hard disks plugged to USB that stores the data in magnetic surfaces, like the hard disk inside your computer.<br />Currently, the largest available flash drives can store up to 64 GB of data, while external hard disk drives are avialble in much larger sizes, and some of them can store more than 1 TB (1000 GB) of data.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-7731245255779589903?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com5tag:blogger.com,1999:blog-4304412731085068788.post-51461125412270828752009-06-20T03:45:00.002-04:002009-06-20T03:48:58.710-04:00Adding new applications to Windows startup<a href="http://www.nirsoft.net/utils/what_run_in_startup.html">WhatInStartup utility</a> now allows you to add new applications into the list of programs that are executed at Windows startup. You can add your new startup item into the Registry or into the startup folder of Windows.<br /><br />In order to use this feature, simply select "New Startup Item" from the File menu, or press Ctrl+N, and then choose the desired item type, fill the 'Item Name' and 'Process Path' fields, and click the 'Ok' button.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/new_startup_item-760102.gif"><img style="cursor: pointer; width: 400px; height: 151px;" src="http://www.nirsoft.net/blog/uploaded_images/new_startup_item-760101.gif" alt="" border="0" /></a><br /><br />In addition to this feature <a href="http://www.nirsoft.net/utils/what_run_in_startup.html">WhatInStartup</a> now also has 3 new columns in the main window: 'File Created Time', 'File Modified Time', and 'File Attributes'.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-5146112541227082875?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-6181848545089477172009-06-16T02:52:00.004-04:002009-06-16T02:56:01.402-04:00New MAC Address lookup tool - MACAddressView<a href="http://www.nirsoft.net/utils/mac_address_lookup_find.html">MACAddressView</a> is a new utility that allows you to easily find the company details (company name, address, and country) according to the MAC address of a product.<br />It also allows you to find MAC address records according to the company name, company address, or country name.<br /><a href="http://www.nirsoft.net/utils/mac_address_lookup_find.html">MACAddressView</a> doesn't send any request to a remote server, it simply uses the internal MAC addresses database stored inside the .exe file.<br /><br />You can read more about MACAddressView and download it from <a href="http://www.nirsoft.net/utils/mac_address_lookup_find.html">here</a>.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.nirsoft.net/blog/uploaded_images/macaddressview-791793.gif"><img style="cursor: pointer; width: 400px; height: 199px;" src="http://www.nirsoft.net/blog/uploaded_images/macaddressview-791791.gif" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-618184854508947717?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-88243463398015751892009-06-13T03:17:00.001-04:002009-06-13T03:19:55.162-04:00Whois utility now displays 'Expires On', 'Created On', and 'Last Updated On' columnsThe new version of <a href="http://www.nirsoft.net/utils/whois_this_domain.html">WhoisThisDomain utility</a> (v1.40) displays 3 new columns: 'Expires On', 'Created On', and 'Last Updated On'. These columns are automatically filled for .com and .net domains registered with major Registrar, like GoDaddy and Network Solutions.<br />Unfortunately, there is no standard for displaying the expire/created dates in the WHOIS response, and each WHOIS server send these dates in different format, so I cannot insure that this feature will work for every WHOIS request.<br /><br />Also, there are many WHOIS servers that don't provide the expire/created datea at all, so in this case, WhoisThisDomain will never be able to display them.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-8824346339801575189?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-52410462987303672622009-06-10T02:27:00.002-04:002009-06-10T02:29:55.415-04:00New DLL Information site for Windows 7I created a new Web site containing information about every DLL in the system32 directory of Windows 7 Release Candidate.<br /><br />Each DLL page contains the following information:<br /><br /><ul><li>Version information - product name, company, file desctiption, and so on.</li><li>DLL popularity - Shows you how many DLLs are statically linked to this file.<br /></li><li>List of files that are statically linked to the specified file. Displayed only when the number of files in the list is 10 or less.<br /></li><li>Sections information - Shows you the code and data sections in the DLL.<br /></li><li>Resources information - Displays a summary of resources stored in the DLL (icons, bitmaps, cursors, dialog-boxes, and so on)<br /></li><li>Icons Thumbnail - A Thumbnail with all icons stored in the DLL.<br /></li><li>Cursors Thumbnail - A Thumbnail with all cursors stored in the DLL.<br /></li><li>Strings information - Displays a list of strings stored in this DLL (Currently the list is limited to 100 strings)<br /></li><li>Diaogbox information - Displays a list of dialog-boxes captions in this DLL (Currently the list is limited to 100 dialog-boxes)<br /></li><li>Static Linking - Displays the list of DLL files that are statically linked to the DLL. When a DLL is loaded the DLL in this Static Linking list are also loaded with it.<br /></li><li>Exports/Imports List - A list of all imported and exported functions.<br /></li></ul>There are also some "Top DLL" statitics tables that shows the DLL files with largest number of icons, DLL files with largest number of cursors, and so on.<br /><br /><a href="http://www.win7dll.info/">DLL File Information for Windows 7</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-5241046298730367262?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0tag:blogger.com,1999:blog-4304412731085068788.post-62350914271660563622009-06-03T02:40:00.001-04:002009-06-03T02:43:24.184-04:00Utilities update for Windows 7 and x64 systems.3 of my utilities that stopped working under Windows 7 - <a href="http://www.nirsoft.net/utils/reg_file_from_application.html">RegFromApp</a>, <a href="http://www.nirsoft.net/utils/process_activity_view.html">ProcessActivityView</a>, and <a href="http://www.nirsoft.net/utils/socket_sniffer.html">SocketSniff</a>, are now fixed and works properly with Windows 7.<br />These utilities failed to work with Windows 7 due to some changes made in Windows 7 kernel, and you can read more about these kernel changes, <a href="http://www.nirsoft.net/articles/windows_7_kernel_architecture_changes.html">here</a>.<br /><br />In addition to the updates for Windows 7, I also added x64 downloads for RegFromApp, ProcessActivityView, and RunAsDate utilities.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4304412731085068788-6235091427166056362?l=www.nirsoft.net%2Fblog' alt='' /></div>Nir Soferhttp://www.blogger.com/profile/14229772253166199516noreply@blogger.com0