Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, September 28, 2011

Could not reconnect all network drives

Source
Map of a network drive
Go to an Explorer window (such as My Computer) and choose Tools - Map Network Drive...
In the Map Network Drive window that appears, click on the Connect using a different user name option.
In the box that opens, enter as the user name ukc\xyz1 where xyz1 is your UKC network login. In the password field enter your UKC network password. (NB. Do not forget to put ukc\ before your username, the process will not work otherwise.)
Click OK.
Back in the main window, type the full path to the folder you are mapping, e.g. \\corfe\install. Alternatively, click on Browse to browse for a folder on the network. Most of the folders you will need to access (for example, those on the host ward) will be located under ‘UKC’ - e.g. \\ward\courses
To map your central filestore (Z: drive on public PCs) select Z: as the drive name and in the path box type \\bodiam\??? where ??? is your system ID, not your Login. You can find out your sysid on a public PC by running the mailinfo program (Start, Programs, UKC UTILITIES, Mailinfo). Make sure you run the mailinfo program on your own login. When using your sysid, only enter the three letters and NOT the numbers. E.g. hcg003 would be entered as \\bodiam\hcg.
--------------
you can try if configuring the "always wait for the network at computer startup and logon" policy in Computer Config\Administrative Templates\System\Logon affects the problem.
If any problematic computers have Windows XP or Windows Server 2003 installed, please refer the following article to resolve the issue.
--------------
Delete A Network Drive:
this is for those who suffering from annoying Balloon(pops in Traybar). Use this method for remove Disconnected
Drive But Mountable in every Logon.
OK, Lets Do it Go to Start - Run  - type Regedit
Now go to Following Address:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2
find your Network Drive From its Name and Address,then delete the key
Try changing the username on either XP or Windows 7, or using the same password on both.
If you want your account to have a password, but not ask you for one at logon:
Start -  Run (search area) - netplwiz {enter}
uncheck the checkbox "users must enter a username and password to use this computer"
------------
Change "User user accounts and passwords to connect to other computers" in the Homegroup settings as detailed here:
Thanks for the video - great work there.  Its, *very* interesting to know that having a static IP 'corrects' this problem. While were on the subject of network drives, I wanted to share with everyone something else we've discovered.
In Windows XP, if a user has a persistent network connection (a remembered network drive), when they logon, it immediately reconnects the drive.  If the same user logs into the same Windows XP machine while offline (disconnected from the network) naturally the drives don't reconnect.  They're in the same 'disconnected' state as in we've observed.  If we take that same user and have them connect to our VPN system, within seconds of establishing a connection, Explorer re-connects the network drives without the user doing anything.  This is nearly instant, not a 30-60 second thing, as once I connected to the VPN I opened Explorer and the drives were already connected.
So, I don't expect there to be any real surprises at this point, but here's the interesting part...
Windows 7 behaves differently.  If you follow the same steps in Windows 7, Explorer will *not* re-connect the network drives; It doesn't automatically re-establish a connection to the network like Windows XP.  We've tested this on a few Windows XP & Windows 7 machines and its 100% repeatable.  Something specific must be triggered before Explorer [on Windows 7] re-connects the network drives.  I won't go into great detail but I will say that UNC paths (\\server\share\file) work fine (be it a shortcut or start - run), while anything that references a drive letter (F:\file, G:\Folder) fails.  (I'm curious, as anyone else noticed this?)
The good news is that we opened a ticket with Microsoft and they were able to reproduce this problem and have confirmed it is a 'bug' but there's no word on whether or not this is seen as something that needs to be fixed.  I mentioned the network drive bubble & icon issue but they were more focused on the network drive issue I discuss here.
"I have some word back on this issue as to why you see differences in operation from XP to Win7. What I am being told is that wscript implements the opening of a file in two different ways between XP and Win7. In XP there are extra calls made to open a file via shell32 which triggers the reconnect, in Win7 these extra calls are not made and so the trigger does not occur to cause the reconnect to occur. I have been given two workarounds to offer you on this.
----------------
The mapped drive lost issue may be caused by the several possible reasons:
Possible reason1. The problematic client doesn't reconnect to the target share at logon.
Please follow the steps to re-configure the mapped driver on the client and then check if the issue will re-occur.
Steps:
a. Open "My Computer"
b. Click on "Tools" and then select "Map Network Driver"
c. input the \\ipaddressofserver\sharename to give the path of the share
d. Check "Reconnect at logon"
e. Drive gets mapped
f. Double click on the drive to check.
Possible Reason 2. Antivirus software or Windows Firewall may block the SMB protocol on clients.
Please check if there is any Antivirus software and the Windows Firewall is enabled on the problematic client. If so, please disable them to check if the issue can be resolved.
Possible Reason3. Fast Logon Optimization is enabled on the clients. 
The fast logon feature may affect the display and drive letter assignment of a mapped network drive. As a result, the drive may have been mapped; however, the user on client cannot see it in Windows Explorer. He may recognize it as a failed network drive mapping. This is the reason why we usually suggest you to disable fast logon on the clients via a GPO, and please check if the mapped network drive will be occur under this circumstance.
Please also configure the following group policy setting to disable Fast Logon Optimization to see if the issue still exists on the problematic clients.
Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon
When this policy is enabled, a Windows XP client behaves in the same manner as a Windows 2000 client at both system startup and at user logon.
Please note: As this is a computer configuration, please run "Gpupdate /force" and then reboot the problematic clients to make it take into effect.
For more information about Fast Logon Optimization feature, please check the following KB article.
305293 Description of the Windows XP Professional Fast Logon Optimization feature
http://support.microsoft.com/?id=305293
831998 Mapped network drive shows no drive letter or will not allow you to create new long-named files or folders
http://support.microsoft.com/kb/831998
297684 Mapped Drive Connection to Network Share May Be Lost
http://support.microsoft.com/kb/297684
If the issue still exists on the problematic clients, please also try adding the following registry subkey on the problematic client to check it works.
Steps:
a. Click Start, click Run, type REGEDIT, and then click OK.
b. Locate and click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache
c. Click Edit, point to New, and then click DWORD Value.
d. Type SilentForcedAutoReconnect , and then press ENTER to name the value.
e. Double-click SilentForcedAutoReconnect .
f. In the Value data box, type 1, and then click OK.
  1. Create a batch file to start the app that maps/reconnects the drive first and fails if it can't map the drive (net use drive: \\server\share && foo.exe The && states that the first one has to succeed before the second one runs.
  2. Create a cmak package that runs a script to map the drive after the connection is established.
While I realize you would like to see Win7 changed to work like XP on this, I cannot offer much hope a DCR for this would be accepted, especially when there are ways to workaround it. If you want to discuss this further we can."
So we created the DCR and recently (4/13/11) heard back:
"...in Redmond last week...this issued was discussed in detail with the development team . We did figure that this is a change in the design /code that lead to the issue you are seeing . The team weighed the effort of investigating this further ; the effort of changing the component code that has already being isolated verses a workaround for the issue that could be provided. The team felt that this request did not meet the set ( high) bar for taking in design change request for Windows 7 . Case notes indicate there are some workarounds that have been work on by previous engineers who worked on this case with you. If not, the Dev team and me will be glad to work on the workaround by editing the scripts. With my request the Dev team will file this design change request for the next OS release (the one after Windows 7) . At this moment I don’t know if this request will be accepted in the next release but if will certainly be discussed and a decision will be made."
So unfortunately it appears the blow is two fold:
  1. While we didn't get the warm and fuzzy we wanted (i.e.: this network drive auto-remapping issue fixed v.s. relying on a workaround), the workarounds will suffice.
  2. With this new change, we'll likely continue to see the notification, or the icon in the systray at least, until the next OS release.
jsepeta: I can't speak to Windows XP (SPx) users seeing this problem. Only our Windows 7 users witness this phenomenon. Windows XP is pretty good about re-establishing/re-activating network connections.

Monday, September 26, 2011

MediaShield-Raidtool installation guide:

Source
The easiest way to get the Raidtool installed is by running the SETUP.EXE of the associated nForce chipset driver package, but by doing this all nForce IDE drivers of the package will be installed too (and maybe replace the better and currently working ones).
In these cases you have to use an other way to get full access to the MediaShield/RAID software (NVIDIA Control Panel) after having completed the Vista installation.
The guide for the manually installation of the nForce Raidtool (on the basis of posts from nForcersHQ members TheMaxx32000 and Tweak_addict):
  • Run Vista.
  • Install the latest version of nTune.
  • Search for the RAIDTOOL folder of the actual Vista x86/x64 nForce chipset driver package.
  • Extract the content (all files) of the RAIDTOOL.CAB file into the C:\WINDOWS\SYSTEM32 folder.
  • Search for the file "RegRaidSedona.bat" (formerly named "RegRaid.bat") within C:\Windows\System32, right click on it, choose "Run as Administrator" and run the BAT file to get the Raidtool Services registered.
  • Search for the file "nvCplUI.exe" (formerly named "nvRaidman.exe") within the same folder and run it.
That should bring up the Nvidia Control Panel and the "Storage" item should be listed on the left window task list.
Suggestions:
1. It is a good idea to create a shortcut to the NVCPLUI.EXE (formerly NVRAIDMAN.EXE) onto the Desktop or into the Startmenu. This way you will get an easy access to the NVIDIA MediaShield Control Panel.
2. Additionally you should put a shortcut to the NVRAIDSERVICE.EXE into the Startup folder, if you want a continuous monitoring of the Raid health.

The AMD FX Bulldozer overclocking

8,42 GHz with Nitrogen cooling
AMD recently broke the overclocking Guinness World Record at 8.429 GHz with the new 8 core AMD FX-8150 processor.

Sunday, September 25, 2011

Of Passwords and People

Tips for Creating a Strong Password
Measuring the Effect of Password-Composition Policies
Requiring users to set strong passwords shores up one aspect of your network security, but it also may encourage other bad password management practices. This research report details the findings of a survey of 5,000 users who were asked to create passwords in various strength and application scenarios.
From National Institute of Standards and Technology | Sep 19, 2011
Passwords remain one of the most important, and yet most mismanaged, of IT security measures. No matter how many times you tell them not to, users share their passwords with other people, post them on sticky notes next to their monitors, or just set them to be so obvious that hackers can easily guess them.
In this paper, researchers from the National Institute of Standards and Technology and Carnegie Mellon University present their findings from a survey-based study of 5,000 online users who were asked to create passwords based on a variety of composition models and use scenarios. The researchers then go on to evaluate the results by various criteria, including entropy (the number of brute-force guesses it would take to break the password) and where users are likely to store passwords created for various scenarios.
Included in this zip file are:
  • Of Passwords and People.pdf
  • Intro Doc.pdf
  • Terms and Conditions.pdf

Improved Security Features in Windows 7

Source

Saturday, September 24, 2011

10 top mistakes of Bill

Source
Bill Gates is considered as a great man. Many people look up to him. And a lot of people are inspired by his life. But then again like any other human being he also has his own mistakes. Here are the top 10 mistakes of Bill Gates.
  1. The man created a software monopoly and in return he got so many lawsuits for it.Bill Gates is still fighting with lawsuits.The source on wikipedia clearly stated that
    United States v. Microsoft was a set of consolidated civil actions filed against Microsoft Corporation on May 18, 1998 by the United States Department of Justice (DOJ) and 20 U.S. states. Joel I. Klein was the lead prosecutor.The trial started on May 18, 1998 with the U.S. Justice Department and the Attorneys General of twenty U.S. states suing Microsoft for illegally thwarting competition in order to protect and extend its software monopoly.
  2. Bill Gates did not consider opensource. His business strategies always counter opensource principles and paradigm.You may be interested in his open-source debate In a Fortune magazine he clearly says that
    It’s easier for our software to compete with Linux when there’s piracy than when there’s not.
  3. The Windows OS made Mr. Gates the richest man in the world. But its latest iteration is bombarded with lots of negative criticisms.
  4. He allowed Windows Mobile to happen. Did he run out of innovative ideas so he settled for a miniature Windows OS for mobile phone. He could have put up a team to design the OS from ground up.
  5. He let DOS die. It was a promising OS and a very stable one.
  6. Bill Gates did not think of cloud computing probably because of his proprietary Windows OS. But this is definitely one of his biggest mistakes.
  7. He allowed Windows Millennium edition to be released. The OS was definitely a reflection of the lack of talents from Microsoft. It failed the expectation of the people. It was premature.
  8. He ignored search. Look what happened to Google now. Bill Gates already made some moves about search in the end of the 90s and it was definitely a mistake to trash it.Scobleizer once revealed in his post thatLook at my last post. Now read this one over on LiveSide. It’s a short report that Microsoft executives are bragging to MVPs that “we’re in it to win.”
    I don’t think Microsoft is. The words are empty. Microsoft’s Internet execution sucks (on whole). Its search sucks. Its advertising sucks (look at that last post again). If that’s “in it to win” then I don’t get it. I saw a bunch of posts similar to the one on LiveSide coming out of the MVP Summit. I didn’t post any of them to my link blog for a reason: All were air, no real demonstrations of how Microsoft is going to lead.
  9. The Microsoft Zune is a mistake. A lot of money poured into its development but yet it did not yield enough profit.John Biggs from Crunchgear had a poetic post on “Who killed Microsoft?”.Some of the extract are as follows:
    Who killed Microsoft? Why did all those jobs get lost?
    “Not I,” said the Zune fanboy, “I got Zune, I’m no iToy Sure it didn’t do too much and too bad my girlfriend bought a Touch now we’re iTunes all the way what else do I have to say?”
  10. The Xbox on the other hand is too pricey for a gaming console and because of this; people go for other brands- the cheaper ones.This is only reason why Xbox price set to drop in war with  Sony’s PS3 and Nintendo’s top-selling Wii. Those are the top 10 mistakes of Bill Gates. These might be some of the negative side of the guy but these will never take away his greatness.

free RAID recovery

ReclaiMe Free RAID Recovery works with
  • hard drives (internal and external),
  • disk image files,
  • hardware and software RAIDs.
Note: ReclaiMe Free RAID Recovery needs Windows to run. It does not run on Apple Mac or Linux environment.
Our free RAID recovery software performs
and recovers the following RAID parameters:
  • Start offset and block size,
  • Number of member disks,
  • Member disks and data order,
  • Parity position and rotation,
Once you recovered the parameters using ReclaiMe Free RAID Recovery, you can:

USB ports disabler

Source
USB Disabler is a small, simple yet powerfull program designed to enable or disable USB storage access on your Windows computer. This program come with a very simple interface which allow you to do the following action:
1) Disable any USB storage / PenDrive access to your laptop or pc.
2) Set Read-Only access to USB storage / Pendrive, which means nobody can copy your personal documents over their removable storage.
3) Reset everything back to Normal so your own USB Storage / Pendrive will be functioning as usual.
With this small utility in hand, you will able to secure your machine from viruses coming from external USB drive. Also, it will keep you away from data thief and computer misused.
Feature:
Lightweight & Portable. Only 1MB (zipped) in size . [You need to extract it before use]
Simple interface. Few click and you are done!
Compatible with Vista/7 UAC feature
Royalty-free for personal or company usage
Download at:

Windows 7 Error Code 39 Solution

Source
A Windows 7 error code 39 is another one of those annoying errors that seem hard to fix, but generally isn’t all that difficult once you know what you are looking for.
If your CD-ROM is not visible in My Computer, you might see that error code displayed in the Device Manager.
To check, open the Device Manager by right clicking on the “My Computer” icon on the desktop. Then on the Hardware tab, select the Device Manager button. In the Device Manger window, look at the CD or DVD drive with a yellow exclamation mark. Right-click on it and select update driver. Follow the instructions and reboot the computer.
If that doesn’t do the trick, you will need to correcting the problem via the registry error. You can manually go into the registry and attempt to fix the problem. An error code 39 in Windows 7 doesn’t include many keys fortunately.
On Start
Run
regedit [press the Enter key]
Next, navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\Current\ControlSet\ ControlClass {4D36E965-E325-11CE-BFC1-08002BE10318}
Delete any of the following registry entries if they exist under this key:
  • LowerFilters
  • LowerFilters.bak
  • UpperFilters
  • UpperFilters.bak
Once you have removed those files, restart your computer and check to see if the CD-ROM is visible. Also, go back into the device manager and confirm that the error code is indeed gone.
You will need to reinstall any applications that use the DVD or CD-ROM drive. For example Nero or other burning applications use these registry keys, so reinstalling the applications will re-add those keys and they should then be the correct versions of them.
Going into the registry is something that you should be comfortable with and be careful with however. Only edit keys you specifically know what they are. Incorrectly editing keys can lead to worse issues than the original problem. An easier potential solution is to download and use a registry cleaner program. These applications search for invalid or inaccurate registry keys and correct or remove them.
This should fix your Windows 7 error code 39.
You can find the best registry cleaners reviews in my website Improve PC Tools. You will also find there many great tools and utilities that will help you solve the Windows 7 error code 39.

Cloning SW

Quelle: libe.net/themen/Festplatte-klonen
PC INSPECTOR™ clone maxx:
erzeugt eine bootfähige Diskette
positiv: einfach, schnell (klont in unserem Test eine 10GB Platte auf eine 20GB Platte in 8 Minuten)
negativ: kann keine große Platte auf eine kleinere, nur 1:1 Kopie, keine Images
Fazit: bestes kostenloses 1-1 kopier-Tool außerhalb des Betriebssystems
Hersteller:
www.pcinspector.de/CloneMaxx/info.htm?language=2
www.datenretter.de/Freeware.htm?po=0&language=2
HD Clone 2.0
positiv: einfach zu bedienen
negativ:
- ist extrem langsam
brauchte in unserem Test für eine 10GB auf eine 20GB-HDD sage und schreibe 2 Stunden
bei den heutigen Festplattengrößen ist der Tag vorbei bis dieses Programm mit dem klonen fertig ist!
- kann keine große Platte auf eine kleinere
Hersteller: www.miray.de/download/sat.hdclone.html
g4u - Harddisk Image Cloning for PCs
positiv: Netzwerkunterstützung (benötigt einen FTP-Server), relativ schnell, für 10GB, 12 Minuten in unserem TEST
negativ: Bedienung unübersichtlich kompliziert, kann keine große Platte auf eine kleinere
Hersteller:
www.feyrer.de/g4u
G4L - Ghost for Linux
positiv: Netzwerkunterstützung (benötigt einen FTP-Server), relativ schnell, für 10GB, 12 Minuten in unserem TEST
negativ:  kann keine große Platte auf eine kleinere
siehe auch:
Ghost for Linux bzw. Hersteller: g4l.sourceforge.net/
Clonezilla
Open Source Festplatten Klone Lösung:
kann auch multicast, d.h. ein Festplattenimage kann gleichzeitig auf mehrere Rechner aufgebracht werden ( ähnlich Symantec Ghost Corporate Edition ) unterstützt folgende Dateisysteme: ext2, ext3, ext4, reiserfs, xfs, jfs GNU/Linux, FAT, NTFS  MS Windows, und HFS+ Mac OS
wie auch bei den anderen kostenlosen Programmen kann Clonezilla nur auf gleichgroße oder größere Partitionen klonen. Die Imagedatei kann nicht gemountet oder teile davon extrahiert werden.
Verwendet Partclone, um Images von Festplatten zu erstellen.
Details / Download siehe:
Download Clonezilla
Partimage
Open Source Festplatten Backup Software
Partimage basiert auf Linux/Unix und kann Images von Partitionen erstellen. Linux und Windows Dateisysteme sind unterstützt.
www.partimage.org/
Fog PXE Server
Fog gratis PXE Server
PING 
http://ping.windowsdream.com/

PING is a live Linux ISO, based on the excellent Linux From Scratch (LFS) documentation. It can be burnt on a CD and booted, or integrated into a PXE / RIS environment.
Several tools have been added and written, so to make this ISO the perfect choice to backup and restore whole partitions, an easy way. It sounds like Symantec Ghost(tm), but has even better features, and is totally free.
Download the ISO
EaseUS Disk Copy   Freeware
- Language:  English Language
- 2.3.1 Full Version All operating systems.
- Download from Majorgeeks.com
================
More HD tools

Thursday, September 15, 2011

"Acronis VSS Provider is not installed

Microsoft Software Shadow Copy provider will be used instead."
Source
Currently there is a problem within our software that brings up this prompt. Most likely there is a problem with the user permissions from which the program is being installed. I would recommend the following article to check the proper permissions to work with ABR10.
As a workaround, you can continue using Microsoft VSS and your backup integrity should not be affected. I will update this thread as soon as I have additional information from our Development team.

Tuesday, September 13, 2011

NCT static IP address on server

www.pcstation.org/blog/Thin_Client_PC_Station/178.html
NetPCStation User's Manual

OfficeStation(L110)User'sGuide

Bootsrv.exe UTMA-UTSA image boot server

Source
NComputing Inc. - UTMA and were most often developed by company NComputing Inc.. All filtered files most often have description NComputing UTMA/UTSA Image boot server. This is executable file. You can find it running in Task Manager as the process bootsrv.exe.
Product: NComputing Inc. - UTMA *1
Company: NComputing Inc. *1
Description: NComputing UTMA/UTSA Image boot server *1
Version: 4.9.5.11 *1
MD5: 18B7DE4F6248B3E7B588EB33FDAE90DB *1
Size: 544825 *1
Directory: %COMMONFILES%\NComputer\BOOTSRV.EXE *1
Operating System: Windows XP *1
 --------------------------
Publisher: NComputing Co.,Ltd. - Korea
Startup Section: Services
HKLM\SYSTEM\CurrentControlSet\Services
Names:
Multiuser Boot Server for Miniterm
Subkeys:
HpBootSrv
Locations:
%CommonFiles%\NComputer
File Names:
bootsrv.exe
File Size: 73728 (72 kb)
Publisher: Unknown
Startup Section: Services
HKLM\SYSTEM\CurrentControlSet\Services
Names:
Multiuser Boot Server for Miniterm
Subkeys:
HpBootSrv
Locations:
%CommonFiles%\NComputer
File Names:
bootsrv.exe
File Size: 315392 (308 kb)

Stop 0x00000050

Source
When you try to run one of the following diagnostic programs, the program may immediately close:
  • Registry Editor (Regedit.exe)
  • Task Manager (Taskmgr.exe)
  • System Configuration Utility (Msconfig.exe)
  • System Information (Msinfo32.exe)
You may also experience any one of the following symptoms:
  • The computer automatically restarts.
  • After you log on, you receive the following error message:
    Microsoft Windows
    The system has recovered from a serious error.
    A log of this error has been created.
    Please tell Microsoft about this problem.
    When you click the click here link at the bottom of the message box, you see error signature information that may be similar to one of the following data samples:

    Data sample 1

    BCCode : 00000050 BCP1 : ffffff60 BCP2 : 00000000 BCP3 : 804fa26f 
    BCP4 : 00000000 OSVer : 5_1_2600 SP : 0_0 Product : 256_1

    Data sample 2

    BCCode : 0000000A BCP1 : ffffff94 BCP2 : 00000000 BCP3 : 00000000 
    BCP4 : 804e15ef OSVer : 5_1_2600 SP : 0_0 Product : 256_1
  • You receive one of the following Stop error messages:

    Message 1

    A problem has been detected and Windows has been shut down to prevent damage to your computer...
    Technical information:

    *** STOP: 0x00000050 (0xffffff60, 0x00000000, 0x804fa26f, 0x00000000) PAGE_FAULT_IN_NONPAGED_AREA address 0x804fa26f in 0x50_nt!ObReferenceObjectSafe+e

    Message 2

    A problem has been detected and Windows has been shut down to prevent damage to your computer...
    Technical information:

    *** STOP: 0x0000000A (0xffffff94, 0x00000000, 0x00000000, 0x804e15ef) IRQL_NOT_LESS_OR_EQUAL address 0x804fa26f in 0xA_nt!ExpCopyThreadInfo+a
  • When you view the System log in Event Viewer, you may see an entry that is similar to one of the following:

    Entry 1

    Date: date
    Source: System
    Error Time: time
    Category: (102)
    Type: Error
    Event ID: 1003
    User: N/A
    Computer: COMPUTER
    Description: Error code 00000050, parameter1 ffffff60, parameter2 00000000, parameter3 804fa26f, parameter4 00000000.
--------------------------------------------------
This problem may occur if the computer is infected with a variant of the Sdbot virus.

The Sdbot virus creates a hidden process. This process closes programs that system administrators use for diagnostic and configuration purposes. The process may also prevent these programs from running.

The file name of the Sdbot virus varies. Many variants of this virus put a driver that is named Msdirectx.sys or Haxdrv.sys on the computer. This driver is used to hide the virus process. The file names that the virus frequently uses include Msdrv.exe and Sdkcore.exe. These virus variants can restore the virus if you delete the files.
[...]

FOG

Source
FOG is a free alternative to products like Symantec’s Ghost, which, while being a very good product, can be too expensive for small imaging operations. Beyond just imaging, FOG also includes a client-side program, which can communicate with the FOG server and manage various things. For instance, you can remotely install new applications, network printers, scan for viruses, and track user access.
The FOG project began in August 2007, and is maintained by Chuck Syperski and Jian Zhang. As of writing this article, they’re currently working on version 0.27, and have made some significant improvements since I began using their product.
FOG is designed for Linux; it’s designed and tested on Fedora, but it also supports Ubuntu. So any machine you can install Linux on, you can probably use as a FOG server.
FOG’s Sourceforge page, and grab the latest version. Extract it to the /opt directory:

NDIS driver or malware?


Source
From HiJackThis
Unknown file in Winstock LSP: C:/windows/system32/nlaapi.dll
Unknown file in Winstock LSP: C:/windows/system32/napinsp.dll
Unknown file in Winstock LSP: C:/program files/bonjour/mdnsnsp.dll
From RegCleaner 4.3
(Unknown) RegisteredApplications
(Unknown) Set8187
(Unknown) Set8187B
----------------------------------------
DO NOT DELETE THOSE FILES. they are microsoft files.
nlaapi.dll should not be disabled, required for essential applications to work properly
napinsp.dll is a system file created by Microsoft Corporation. napinsp.dll is part of Windows Operating System
---------------------
If you remove the wrong LSP without restoring the correct system settings, you will loose all networking on your system.
---------------------
Do a scan with Spybot S&D from http://www.safer-networking.org
It should find LSP anomalies and report them. Sometimes it is unable to fix those problems, but it will pop-up a message with a link to a site that has a "fixer" tool for LSP problems. Download that tool first, then you can remove LSP entries to your hearts content, and run the fixer tool to repair your network after the fact.
 
Source
The following is a preview of SETUP.TXT in Archive ec28209e:
+============================+

| REALTEK RTL8187 USB Wireless LAN Driver Setup Utility |
| for Windows ME/2000/XP NDIS Driver | | Release Note | +=========================================+
How to use this Set8187 Utility 
 For Windows 2000/XP:
1. If the Operating System's Found New Hardware Wizard prompts you that "New Hardware Found" for the "Ethernet Controller", you should click "Next" until "Finish" is clicked and without specifying location of the driver. You will see the "Ethernet Controller" in the Device Manager. 
2. Then you can install or upgrade the NDIS driver with "setup" or "setup -s" command: 
a) setup: The InstallShield will prompt you the steps to install or upgrade the driver. 
b) setup -s:  The InstallShield will complete the installation or upgrade without prompting you any instruction.
3. You can remove Set8187 utility from Add/Remove Program Palette in Control Panel
The InstallShield will prompt you the steps to remove the driver. After remove the driver, please restart the system inmediately if you want your networking to be re-installed.

Temporarily disable protection aplications for malware removal

Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
During the process of removing malware from your computer, there are times you may need to use specialized fix tools. This is especially true if you are receiving help from a member of the HJT Team. Certain embedded files that are part of these specialized fix tools may at times be detected by your anti-virus or anti-malware scanner as a "RiskTool", "Hacking tool", "Potentially unwanted tool", a virus or a "Trojan" when that is not the case.
These tools have been carefully created and tested by security experts so if your anti-virus or anti-malware program flags them as malware, the detection is what's known as a "False Positive". Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the removal of these files can have "unpredictable results" and unintentional results.
To avoid any problems while using a specialized tool it is very important that you temporarily disable your anti-virus and/or anti-malware programs before using them or when instructed by a member of the HJT Team. You can re-enable these programs after the malware removal process has been completed.
Many folks may not be sure how to do this so the BC Staff has created a list of common anti-virus programs and the relevant steps to disable their Real-time protection capabilities. When your system has been cleaned or when advised by your helper, it is important that you re-enable your security programs to avoid re-infection
============================
Malware: Viruses, Adware, and Spyware Removal Instructions
How to Get Rid of Malware & Viruses - Updated for 2011
You most likely arrived here because you think you may be infected with some sort of malicious malware. Symptoms of a rogue virus may include: unwanted pop-ups, hijacked search results, general computer / internet slowness, inability to connect to the internet, unknown processes running, etc...
New virus's and virus variants seem to come along almost everyday, so no matter what virus software you use, and how often you update it, your current security software may not be able to cure or even detect your problem.
Preparation for Malware/Virus Removal: Fortunately, virus problems are almost always curable. You will most likely need to download some new software and take a multi-step approach to remove a virus, but if you follow these instructions step-by-step, you will be back to a clean machine. Updates:
First, make sure your version of Windows is updated, especially the security patches and critical updates. Also check for Java Updates and Adobe Acrobat Updates.

Temp File Clean up:
Next, Download and Run TFC. This is a simple but useful tool that cleans all your temp folders. Using it makes your antivirus software scan a lot quicker, too.
More info about TFC here. After downloading follow these steps:
- Open TFC and close any other windows/programs. Click the Start button. Do not open any programs or windows after you have started the program.
- TFC requires a reboot immediately after running.
Continue to the next step...
Scan for Viruses Make sure your antivirus software is up-to-date. Now, run a full system scan and save a copy the log file for the last step. Recommended Free Anti-Virus Software: AVG and Avira and Avast all offer great free antivirus / computer security software. I used AVG for many years, but recently became a fan of Avast.
Scan with Malwarebytes Anti-Malware Download Malwarebytes Anti-Malware and follow these steps: - Open mbam-setup.exe and follow the instructions to install. At the end, be sure the Update & Launch and boxes are ticked, and click Finish.
- Once updated and loaded, select Perform Quick Scan, then click Scan. When complete, click OK, then Show Results.
- Be sure everything is checked, then click Remove Selected.
- A log file will open in notepad. Save this in the same place you saved your antivirus log file.
- Restart your computer.
Hopefully, these first 3 steps found and removed any sort of malware from your PC. If you want to be certain, or think you are still infected, continue on to the next steps:
GMER - Download and Run
Follow these steps:
Important Tips :

1. Install all of your anti-virus/ spyware/adware utilities in one folder for easy finding.

2. Allow your antivirus programs to check for updates and download them automatically, or do it manually at least once a week.

- Download GMER and save it to where you are storing your anti-malware utilities. Note: This file will have a random name.
- Disconnect from internet, close all running programs including any real-time virus scanning utility.
- Open the randomly named gamr file, allow gmer.sys driver to load if prompted.
- Select the Rootkit tab> click Scan
- If you get a WARNING about rootkit activity, and are prompted to fully scan your computer, click NO.
- After the scan completes, click Save button, then save results as gmer.log (again, keep track of where you have this log file).
- Exit GMER and re-enable your active virus protection.
DDS by sUBs - Download & Run Follow these steps - DDS is a program that is used to troubleshoot malware issues. The log files it produces will be needed for the last step of this process.
- Download DDS by sUBs here. After downloading, disable your virus protection/script blocking protection, and also disconnect from the internet.
- Double click on the DDS icon, allow it to run. If it won't run, rename the file and try again. A window will open, with info about the utility. You don't need to do anything, the scan is already running.
- The results will open in notepad. Click No for the Optional_Scan.
- Follow the instructions. When finished, DDS will open 2 log files: DDS.txt and Attach.txt (save these with your other log files).
- Close the DDS window. Delete the program from your where you saved it.
- Enable your virus protection and re-connect to the internet.

Final Step - Posting Logs to a Forum for Help Phew, you made it. Now you can post your log files to a malware removal help forum.
I suggest: TechSpot.com. These are a bunch of helpful folks, so please be sure to follow their posting rules completely -- before posting ;) If you follow their instructions, they will help you with the nitty-gritty details to remove problem malware.
Follow these instruction to request assistance:
- Register for forum membership at TechSpot.com
- After registration is complete, point your browser to this page. You've already done their 8 steps if you followed all the steps in the previous guide, but please read over it to make sure you didn't miss anything, then Skip to Step 7.
- Got all that? Now go to TechSpot.com's Virus & Malware Removal Board . Click the button for +New Topic, and post your message.
- I suggest you use a concise & descriptive message title, then a little bit about your malware symptoms, be sure to mention that you followed their 8 Step Guide and have your required log files. Then paste in the following logs:
  • Malwarebytes Anti-Malware log
  • GMER log
  • DDS logs: both DDS.txt and Attach.txt
Keep your antivirus scan log from earlier handy incase you are asked to post it as well.
Finish posting your assistance request to the forum, and you will recieve replies within a day, but generally within an hour or less.
Alternative Malware Removal Help:
http://www.geekstogo.com
Rogue Security Software:Many rogue malware applications imitate antivirus software with fake system scans, claims that your computer is infected with malware, and that you need to purchase the full version of the program to remove these bogus infections:
Check out this list on Wikipedia of Rogue Anti Virus / Security Software.
===================
Source
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
-----------------
Please go to VirusTotal, and upload the following file for analysis:
C:\WINDOWS\system32\logon.scr
Post the results in your reply.

Monday, September 12, 2011

"Hard disk not found"

Source
System administrator rights needed to control the hard disks
No Drive Letters Show in Disk Management
Try rescan for drive information
Start/run/cmd
diskpart
rescan
When finished type "exit" to quit diskpart and "exit" again to quit command prompt window.
Recheck Disk management for missing partitions.
 --------------------
If the problem is still valid here is a solution for you:
Start Windows - press Start - run - type regedit and press ok/enter.
Then find the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
There you will need to select Edit - New - Multi-String Value.
Rename it to UpperFilters. Then right click on this value and select Modify. Type PartMgr.
Quit and then restart Windows.
Since then the drive letters will be in WDM. The cause of the problem is in rootkit viruses to my mind.

Win32/Vundo.H

  •  Win32/Rbot!generic (CA)
  • W32/Rbot-Fam (Sophos)
  • Backdoor.Win32.Rbot.aeu (Kaspersky)
  • W32/Sdbot.worm (McAfee)
  • :W32/Gaobot.gen.worm (Panda)
  • W32.IRCBot (Symantec)
  • WORM_RBOT.GEN-1 (Trend Micro)
 geekstogo.com/forum/   trojan-vundoh-bho-and-trojanagent
/forums.majorgeeks.com/showthread.php?t=161380
========================

http://free.antivirus.com/hijackthis/
microsoft.com/security/pc-security/malware-removal.aspx

Thursday, September 8, 2011

Windows PowerShell and GPO

Deploying with SCCM has nothing to do with UAC.  UAC only counts when you are logged into the machinelocally.
The script you are running is set of batch commands that can be executed by SCCM.  ALl of these commands can also be done using POwerShell remnotely which also does nnot require UAC elevation.
None of the scenarios you describe indicate that UAC is your problem.
If run under SCCM it will be silent. SCCM runs elevated always.
This is a process that only ever gets run once. Wy is it a problem to have to eleavter.  Just choose to right click runas.  Running silently locally would only be required if you were trying to make something happen that shouldn't happen.
Use the PowerSHell sIIS 7 shell to run all of those commands remotely or even WMI remotely assuming you ae an administrator.  Remote operations with the administrator account do  not trigger UAC.

Using PowerShell remotely:
--------------------
As you may know, Windows PowerShell 2.0 introduced a new remoting feature, allowing for remote management of computers.
While this feature can be enabled manually (or scripted) with the PowerShell 2.0 cmdlet Enable-PSRemoting, I would recommend using Group Policy whenever possible. This guide will show you how this can be accomplished for Windows Vista, Windows Server 2008 and above. For Windows XP and Windows Server 2003, running Enable-PSRemoting in a PowerShell startup script would be the best approach.
Windows PowerShell 2.0 and WinRM 2.0 shipped with Windows 7 and Windows Server 2008 R2. To take advantage of Windows PowerShell Remoting, both of these are required on the downlevel operating systems Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. Both Windows PowerShell 2.0 and WinRM 2.0 are available for download here, as part of the Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0). To deploy this update to downlevel operating systems I would recommend to use WSUS, which are described in detail in this blog post by Kurt Roggen.
Group Policy Configuration
Open the Group Policy Management Console from a domain-joined Windows 7 or Windows Server 2008 R2 computer.
Create or use an existing Group Policy Object, open it, and navigate to Computer Configuration->Policies->Administrative templates->Windows Components
Here you will find the available Group Policy settings for Windows PowerShell, WinRM and Windows Remote Shell:
image
To enable PowerShell Remoting, the only setting we need to configure are found under “WinRM Service”, named “Allow automatic configuration of listeners”:
More at link
-----------------------
Installing Roles and Features remotely on multiple computers simultaneously

Add elevated command prompt to context menu

Source 
I would like to add to my context menu an elevated command prompt (with administrator privileges) in the same or similar coding fashion (not binary code) as in this example below. The key is that it has to be "elevated" with Administrator privileges, not just a normal command prompt to open. I am not sure how to write a working script since it "MAY" (probably is) quite different than the coding pattern in my example here after including the 'elevated' coding component part to it:
[HKEY_CLASSES_ROOT\Directory\Background\shell\Elevated Command Prompt]
[HKEY_CLASSES_ROOT\Directory\Background\shell\Elevated Command Prompt\command]
@="control appwiz.cpl"
Please correct by adding and or deleting or modifying the script above so the code that would demonstrate a working "elevated" command prompt script to open in a window.
I would also like to add the command prompt icon to my context menu too. I am very sure that it would look something like this (pretty sure if the registry key information is correct though, probably it is not since I am looking for the script to be 'elevated' as I have already stated):
[HKEY_CLASSES_ROOT\Directory\Background\shell\Elevated Command Prompt]
"Icon"="C:\\Windows\\Context Menu Icons\\Elevated Command Prompt.ico"
Where an "Elevated Command Prompt" ico icon in a "Context Menu Icons" folder would be FIRST placed in the C:\Windows folder location BEFORE running a workable elevated command prompt registry script.
So what is the proper coding I need to do (and appropriately placed in this script) in order to add an elevated command prompt with the icon to this script so it works in the context menu???
sevenforums.com/tutorials/47415-open-command-window-here-administrator
1. To Add "Open Command Window Here as Administrator"
A) Click on the download button below to download the file below.
Add_Open_Command_Window_Here_as_Administrator.reg
download
B) Go to step 3.
2. To Remove "Open Command Window Here as Administrator"
A) Click on the download button below to download the file below.
Remove_Open_Command_Window_Here_as_Administrator.reg
download
3. Click on Save, and save the .reg file to the desktop.
4. Right click on the downloaded .reg file and click on Merge.
5. When prompted, click on Run, Yes, Yes, and OK to approve merging the .reg file.
6. You can now delete the downloaded .reg file if you like.
 

Elevation of privilege per script

Source
The designers of Windows Vista's User Account Control expressly decided not to incorporate functionality like setuid/suid or sudo found in Unix and Unix-like OSes such as Mac OS X. I think they made the right decision.  
Large parts of the Windows ecosystem have a long legacy of assuming that the end user has administrative permissions, and consequently a lot of programs work correctly only when run that way. (I'm not going to delve into that history here, nor will I entertain any finger-pointing on the topic at this time. One of these days I'll post my thoughts on that subject.) As computer security has become increasingly important, breaking that cycle became absolutely imperative. It is with the release of Windows Vista that the first major move in that direction is achieved. Indeed, the primary purpose of the technologies that comprise UAC is to make the "standard user" the default for Windows, encouraging software developers to create applications that do not require admin. It's not perfect by any means, but changing the ecosystem will take a long time, and UAC is a good first step.
Pre-approving code to run with elevated permissions without going through an elevation prompt, as described in the bulleted scenarios above, seems at first glance to be both useful and convenient. However, the negatives far outweigh those benefits. In particular:
  • The "standard user by default" vision would become impossible and ultimately never happen;
  • Elevation of privilege (EoP) would be trivial – any compromise could lead to full system compromise.
If it were possible to mark an application to run with silently-elevated privileges, what would become of all those apps out there with LUA bugs? Answer: they'd all be marked to silently elevate. How would future software for Windows be written? Answer: To silently elevate. Nobody would actually fix their apps, and end-user applications will continue to require and run with full administrative permissions unnecessarily.
What if the application could not mark itself for silent elevation but instead had to be marked by the consumer or enterprise administrator installing the application? Answer: the developer of the installation program (which necessarily runs with admin/system permissions in order to install machine-wide) would figure out where the setting lived, and set it. (Several major ISVs told us directly that they would in fact do exactly that.) There would be no real way to protect that setting from anything running as admin. This would be especially true if it were settable via Group Policy (which would be expected, if not demanded).
"Well, so what? We're only talking about applications I approved!" OK, let's say that's true, but how do you ensure that a malicious user cannot use the application for purposes other than those for which it was intended? And at least as important – how do you ensure that malware that has infected the user's session cannot drive a setuid application programmatically to take over the system? Ensuring strict behavioral boundaries for complex software running with elevated privileges is (at best) incredibly difficult. And ensuring that it is free of exploitable design and implementation bugs is far beyond the capabilities of software engineering today. The complexity and risk compounds when you consider how many apps have extensibility points that load code that you or your IT admin may not be aware of, or that can load code or consume data from user-writable areas with minimal if any validation.
Privilege escalation due to setuid and sudo has plagued Unix-like systems for many years, and continues to do so. In fact, several of the bugs in the recent Month of Apple Bugs fell into this category. Follow these links for lots more references: (*)
In the past, elevation of privilege has tended not to be noticed in Windows – there is no real "elevation" if you're already running as admin. (**) With the Vista shift toward "standard user", EoP threats become much more important, and it is vital that Windows do as much as practical to mitigate them. That is also why Windows services are no longer able to interact with the user desktop. Taking on the setuid headaches that *nix has had to live with does not seem like a profitable deal.
We expect that in ordinary day-to-day usage, users should rarely, if ever, see elevation prompts, since most should rarely, if ever, have to perform administrative tasks – and never in a well-managed enterprise. Elevation prompts are to be expected when setting up a new system or installing new software. Beyond that, they should be infrequent enough that they catch your attention when they occur, and not simply trigger a reflexive approval response. This will increasingly be the case as more software conforms to least-privilege norms, and as improvements in the Windows user experience reduces prompting further.
Having said all that, there is a Local Security Policy option to change the behavior of the elevation prompt for Administrators to "elevate without prompting". With this option selected, anything that requests elevation gets elevated without prompting the user. (The default setting is "prompt for consent"; the third option is "prompt for credentials". Note that "elevate without prompting" is available only for members of the Administrators group. The options for standard users are "prompt for credentials" and "automatically deny elevation requests".) While "elevate without prompting" may be useful in well-constrained, secure environments for automated testing and possibly for initial system setup, having this option selected otherwise is very risky and strongly discouraged. (Note also that Vista's Home SKUs do not include the policy editor.)
Nitpicker's corner (***)
(*) Pointing out the obvious: local privilege escalation by definition means that the bad actor is already on your system. However, there's a huge difference between malware running as you (non-admin) and malware running with root privileges.  If there weren't, there would be no point (from a security point of view) in running with least privilege.
(**) "Elevation of privilege" in this context means "unauthorized elevation of privilege". Technically, yes, Administrator is not as powerful as System (in that there are operations that Administrator will get Access Denied where System will succeed), and System is not as powerful as kernel-mode code (in that there are operations that fail for user-mode code running as System that succeed when called from kernel code). However, two of the things that Administrator is authorized to do include: 1) configuring arbitrary code to run as System, and running it; and 2) loading arbitrary code into the kernel, and running it. Hence, if code is running as admin, there is nothing it is not authorized to do.
(***) "Nitpicker's corner" might be a trademark of The Old New Thing.
--------------------------------------
if wscript.arguments.named.exists("elevated") = false then
  createobject("Shell.Application").ShellExecute "wscript.exe", """" & wscript.scriptfullname & """ / elevated", "", "runas", 1
else
  'what you want to do with elevated rights
end if
=================
Source
The VB Script below will raise a UAC challenge, then invoke your batch file, but it won't turn off UAC.
'---------------------------------------------
'Invoke a batch file under elevated privileges
'25.2.2011 FNL
'---------------------------------------------
bElevate = False
if WScript.Arguments.Count > 0 Then If WScript.Arguments(WScript.Arguments.Count-1) <> "|" then bElevate = True
if bElevate Or WScript.Arguments.Count = 0 Then ElevateUAC
Set oWshShell = CreateObject("WScript.Shell")
oWshShell.run "d:\temp\Ariel.bat"

'-----------------------------------------
'Run this script under elevated privileges
'-----------------------------------------
Sub ElevateUAC
    sParms = " |"
    If WScript.Arguments.Count > 0 Then
        For i = WScript.Arguments.Count-1 To 0 Step -1
            sParms = " " & WScript.Arguments(i) & sParms
        Next
    End If
    Set oShell = CreateObject("Shell.Application")
    oShell.ShellExecute "wscript.exe", WScript.ScriptFullName & sParms, , "runas", 1
    WScript.Quit
End Sub
===============================

It seems that you want to run the copy action as an administrator using the script itself.
You can refer the following URLs, hope it would be helpful.
Utility Spotlight - Script Elevation PowerToys for Windows Vista
http://technet.microsoft.com/en-us/magazine/2007.06.utilityspotlight.aspx?pr=blog
How Can I Run a Script Under Alternate Credentials?
http://blogs.technet.com/heyscriptingguy/archive/2004/12/13/how-can-i-run-a-script-under-alternate-credentials.aspx

Since this issue is more related to scripting, I recommend you open a thread to Official Scripting Guys Forum in Technet so those coders can help you fix the issue in a timely manner.
Official Scripting Guys Forum http://social.technet.microsoft.com/Forums/en/ITCG/threads
Script Center:  http://technet.microsoft.com/en-us/scriptcenter/default.aspx
===============================================

You should be able to get around this by using the runas command:
runas /user:administrator /savecred c:\batchfile.bat
you can also use the run as to place the admin's username and password in plain text, but that less desirable. In the above example, the batchfile.bat would contain all of your copy and install commands for the citrix client.


Enable or disable the Windows 7 administrator account.

Source
The easiest way to enable or disable the Windows 7 build in administrator account is from the command line. Open a command prompt with administrator rights. This is done by right-clicking on the command prompt icon in the Windows 7 start menu and selecting Run As Administrator from the available options.
To enable the Windows 7 administrator account:
net user administrator /active:yes
To disable the Windows 7 administrator account:
net user administrator /active:no
To change the password of the Windows 7 administrator account:
Net user administrator password
An alternative would be to enable or disable the Windows 7 administrator account using the Local Security Policy option. You can open the Local Security Policy by launching secpol.msc from the run box.
Please note that you have only access to the Local Security Policy on certain editions of the Windows operating system. The configuration tool is only available under Windows 7 Professional, Windows 7 Ultimate and Enterprise.
You find the option under Local Policies-> Security Options. Just change the setting Accounts: Administrator account by double-clicking the entry.
enable disable administrator account Enable Or Disable The Windows 7 Administrator Account
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
Again, it is not really necessary to enable the administrator account, as it is possible to use a standard account with elevated rights for the same configuration options that an administrators account would offer. And it is better for security to not run an administrator account by default.
===========================
Source
An administrator password in Windows 7 is the password to any account that's setup to access administrator level functions in Windows 7.
There doesn't actually have to be an "Administrator" user account. What you need is the password to any account that can act as an administrator.
There are a few times when you will need this password. You may need an administrator password in Windows 7 if you're trying to run certain types of programs or access certain Windows 7 recovery tools.
Follow the steps to quickly Reset or Remove an administrator password in Windows 7!
Read more about this and other tutorials on my forum
http://www.briteccomputers.co.uk/forum
megaupload (dot) com/?d=3DFX2XLZ
kon bot

bbcode: 50

Blue screens are mostly due to hardware and sometimes due to incompatible software.  In a lot of cases it is a corrupted driver or a driver conflict.  The most common causes of blue screens are overheating, faulty RAM, and video card problems.
Source
This problem may occur if the computer is infected with a variant of the Sdbot virus.
The Sdbot virus creates a hidden process. This process closes programs that system administrators use for diagnostic and configuration purposes. The process may also prevent these programs from running.
The file name of the Sdbot virus varies. Many variants of this virus put a driver that is named Msdirectx.sys or Haxdrv.sys on the computer. This driver is used to hide the virus process. The file names that the virus frequently uses include Msdrv.exe and Sdkcore.exe. These virus variants can restore the virus if you delete the files.
[...]
microsoft.com/security/pc-security/malware-removal

Wednesday, September 7, 2011

Cyberangriff aus Iran

Totale, unbemerkte Überwachung
Um das zu erreichen, hätte es allerdings noch eines zweiten Tricks bedurft - und das spricht stark dafür, dass es sich bei dem Angriff tatsächlich um die Aktion einer staatlichen Organisation handelt.
Um diesen Teil zu verstehen, ist ein bisschen Internet-Grundwissen nötig:
  • Wenn ein Browser eine bestimmte Website öffnen soll, braucht er dazu eine zusätzliche Information: Die Übersetzung des Domainnamens (etwa www.spiegel.de) in eine IP-Adresse (im Fall von Spiegel.de: 195.71.11.67).
  • Diese Übersetzung erledigt das sogenannte Domain Name System (DNS). Der Browser fragt bei einem von vielen rund um die Welt verteilten DNS-Servern nach, welche IP-Nummer zu dem Domainnamen gehört, die er gerade aufrufen soll.
  • Wer die Kontrolle über den jeweiligen DNS-Server hat, könnte den Browser im Prinzip in die Irre führen - und ihn zu einer eigentlich falschen IP-Nummer seiner Wahl weiterleiten.
Mächtig und gefährlich würde beides in Kombination: Ein so in die Irre geführter Browser, dem dann auch noch ein gefälschter Web-Ausweis gezeigt wird, hielte eine gefälschte Web-Seite zwangsläufig für echt. Für den Nutzer wäre es praktisch unmöglich, zu erkennen, dass er gerade ausgetrickst wird. Zugriff auf DNS-Server hat nicht jeder - aber beispielsweise die iranischen Behörden. Sie könnten also alle Nutzer von Diensten wie Googlemail, Yahoo-Mail oder Skype auf eigene Websites umleiten und dort eine Kopie des echten Angebots bereitstellen.
Wer sich in seinen Mailaccount einloggte, würde nichts Ungewöhnliches bemerken, dabei liefe die ganze Kommunikation heimlich über den Server des jeweiligen Angreifers. Totale, unbemerkte Überwachung wäre die Folge. Allerdings wohl nur in der jeweiligen Region - deutsche Nutzer etwa beziehen ihre DNS-Informationen nicht von iranischen DNS-Servern.
Tatsächlich benutzt wurde Abdulhayoglu zufolge bislang nur eines der gefälschten Zertifikate - das für Yahoo. Comodo selbst habe festgestellt, dass die Angreifer es offenbar ausprobiert hätten, wiederum über eine iranische IP-Adresse.
Attacke auf das Sicherheitssystem des Webs
http://de.wikipedia.org/wiki/Man-in-the-middle-Angriff
http://de.wikipedia.org/wiki/Spoofing