Classic Tech Tips Archive
Salvaged posts from the original averyjparker.com tech blog — Windows, Linux, security, and hardware troubleshooting. Preserved for SEO value and long-tail usefulness.
-
Spyware, viral cleanup disabling system restore
Sorry, but to get into the guts of what I found in the wake of the WMF exploit, I did leave out another important step in the cleanup process. IF you are trying to clean up an infested machine one of…
-
Update on the WMF exploit - more sites to block
I haven't checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure).... toolbarbizbiz toolbarsitebiz toolbart…
-
http://60.topnssearch.com popups in infestation
One other note from the previous series on WMF exploit infestation cleanup. Among the multiple popups that came when launching internet explorer, most were directed at the site http://60.topnssearch.…
-
Cleaning up after WMF Exploit - summary
Can I say enough times that after a bad trojan infestation you should format and reinstall? I've cleaned up the infested image that I "sacrificed" to the WMF exploit and as I've said you're pestware …
-
Cleaning up after WMF exploit - BHO removal
Browser helper objects (BHO's) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I've used BHOdemon in the past to…
-
Cleaning up after WMF exploit - is it clean?
So, I've got most of the baddies cleaned out and I'm not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in pa…
-
C:\windows\system32\kernels64.exe not found
On the next boot I was greeted with the above message C:\windows\system32\kernels64.exe not found please make sure the path......correct.... blah blah blah. Back to msconfig. Everything there now loo…
-
Cleaning up after WMF exploit third party boot disc
At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:\windows\inet20001 and windows wouldn't let me k…
-
Removing items from MSCONFIG after WMF exploit
OK, so, I'm busy killing off running processes and fire up MSConfig to try to keep them from coming back on the next boot. To launch msconfig go to start, run... type in msconfig and click ok. The st…
-
Task Manager Suspicious Processes after WMF exploit
After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn't recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jk…
-
Task manager has been disabled by your administrator
The first problem I ran into in cleaning up after my infested Windows XP image was this error message. One of the first things I do in cleaning an infested system is try to kill off running process t…
-
Cleaning up after the WMF exploit
OK, I mentioned that I infested a virtual machine with the current WMF 0-day exploit. First I should probably clarify. An exploit is a means of getting in to a system. The payload is the software tha…
-
Microsoft Security advisory on WMF exploit
I've read the security advisory and unfortunately Microsoft doesn't give any real workarounds. (There have been several announced from other sources.) Unfortunately, Microsoft: 1)urges caution in ope…
-
WMF 0-day update
Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightf…
-
WMF zero-day exploit first hand experience
Well, I've just spent the better part of 6 hours (maybe a bit more) "sacrificing" a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one sit…
-
Joystick calibration under linux
I don't know off the top of my head of a graphical joystick calibrator for linux, but there is a command line utility that's dead easy to use.... jscal I found the tip in a flightgear mailing list af…
-
Building RPM's - building from tarballs
Again - I'm NOT an expert on the subject, but have had some success with building rpm's from either src.rpms (covered last time) and building from tarballs... This entry will talk about the simplest …
-
Converting spaces in filenames to underscores
Linux supports long file names, in some (many?) ways better than windows. However, when I moved over to linux I had tons of files with spaces in the name. This isn't really a problem usually, but it …
-
Another workaround for WMF exploit
There are at least two other workarounds for the Windows Meta File (WMF) exploit that I've been looking into this afternoon. These from sunbelt blog. First up... 2. Change file associations for WMF f…
-
Workaround for zeroday WMF exploit
It's worth repeating a few things here. There is a nasty exploit in the way that WMF images are parsed in Windows. This means that WITHOUT user intervention a system can be remotely exploited and thr…
-
Workaround for the critical WMF zero-day exploit
The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious ema…
-
Windows Metafile zeroday exploit
There's more on the WMF 0-day exploit... According to f-secure it's being used to distribute the following nasties.... Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Sma…
-
More on the Windows WMF zero-day exploit
There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get at…
-
Small Ethernet Print Server
The Hawking Technology Print Server (HPS1P) is a nice little parallel port to ethernet print server that can be configured to make a single printer available to multiple machines on a LAN (local area…
-
Network Security guide for the home or small business network - Part 16 - Learn about the enemy
I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a "know your enemy" p…