Jump to content

uptonm

Member
  • Posts

    9
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    United States

About uptonm

uptonm's Achievements

0

Reputation

  1. an informative database of viruses apparently created by hobbyists. http://vx.netlux.org/'' Edited for spelling.
  2. perhaps i'm not explaining clearly. the features of the windows system file checker are a small part of it, but only part. I'm talking not only file replacements, I'm talking about extra files, also md5/sha1sum info on every file inside the windows folder compared against an independent database. a complete listing of all of the files inside the folder, along with color coded highlights that tell you what is standard, what is extra, what files are changed from original system versions. In some ways the same thing, but in a much nicer layout to help advanced users. It would be more of an information tool, than a cleanup tool. An alert that the system is infected or clean is nice but less important, than to possess knowledge about what is different. There would not actually be an "infected" listing, but just a mark to show that its different. A lot of malware tends to leave behind files such as batch files, downloaders, even log files, and things that are not system file replacements, per se, but are simply leftovers. a quick google search on a particular file and its location, a rough example: googling c:\windows\temp.exe can often lead to information about malware that might have used such a file as a downloader. sometimes you can look inside batch files that have not been normally present in a windows system and google the text inside. You can use file analysis tools to determine what is inside of a file, if it is suspect, and look at strings inside, etc. We have tools like Hijack this! for findings inside the registry, etc. but the principle I'm thinking on is roughly the same thing, only more file based. I can't count how many times I've simply fired up windows explorer and found malware that an antivirus did not find simply by noticing things that seem unusual. One memorable occasion was when I connected via vnc to a friend's computer over the internet, and within 10 minutes i had determined that her computer was infected by a rootkit virus. Why? because her id*** boyfriend who coded the thing was capturing all of her internet activity and dumping it to a gigantic 1 gig file simply located in c:\. (he admitted it was his him) It has happened so often I now make it a point to fire up windows explorer for just a quick peek while I'm working with a customer. I know that sort of method can be effective because I've done it so often just by eye. One could only think it would be even more useful if much of the process were automated.
  3. ok so maybe nobody knows, but don't you see the potential in this kind of tool? I'd personally like to know all of the files in my windows system at a glance and see if they match up to the ones provided by microsoft or not, plus any other things that might come from other companies. You find interesting things with "unknown files." I'm not talking about running processes, I know there are plenty of tools for that, rather I'm talking about files on the disk
  4. Hello. I was wondering about a particular kind of windows system scanner that will help a more advanced user check for malware/understand what is going on in his system. I've spent a lot of time searching for this, but have not been able to find anything. Specifically, if anybody knows of a program that will have some sort of database (similar to program checker except a local program that can scan all of the files.) where it can scan through your windows folder, check file sizes/md5sums of files to see if they are normal. To tell you what files are normally in a windows installation, and which ones have been added later. Thanks.
  5. Title says it all. I screwed up. I restored a customer's HP Laptop, I backed up her emails from Outlook Express, but I did not back up the address book. Is there any sort of a program which I could use to get that address book back, just from any raw data on the disk that might have survived? Thanks.
  6. A friend of mine used to be able to go into Outlook Express and select a message, then press the forward button. Then an address book would appear with all of the names inside of the address book listed alphebetically. Then he could select who in his address book he wanted to forward to. This does not happen anymore, it merely pops up a new window for the forwarded message now. I would like to help him but I am not sure of the option in outlook express to use. Any help on this would be appreciated. Thanks in advance, http://www.repairsbymike.com/forums
  7. Part of getting my raw socket functionality back http://dsns.net/news.html i would like fully functioning raw sockets, for experimenting with a full spectrum of networking abilities. Yeah I know its a risk to uninstall a security update, but, as they say, that's my problem to worry about. That particular update is one for a denial of service attack. No big deal. I'm behind a NAT router which ignores unsolicited incoming traffic. If, on the other hand, someone were to successfully DOS me or even DDOS me, what are they gonna do when I reset my modem and grab a new IP? I ain't worried. Thanks for your recommendation, but I'm fully willing to accept the risk.
  8. well, there is no remove button. see below which do i use, the $NtUninstallKB913446$ folder, or the $NtUninstallKB913446_0$ folder? and what would be the point of having a replicated folder like that? Thanks so much for posting...
  9. Hi, There is a Windows update on my computer that I would really like to be removed. I fully understand the security risks and concerns, however for me the benefits would outweigh the risk. Unfortunately, going to Control Panel, then to add/remove programs, clicking on show updates, I see the update listed there, but it says it cannot be removed. Now browsing my c:\Windows folder, I can see the update listed there under a directory $NtUninstallKB etc $, and when i browse the folder I see another folder which says spuninst, and looking in there i see a file called Spuninst.exe which I assume removes the related update. My Questions are these: Is this a valid, or at least a working way to uninstall an update when there is no option to remove it from add/remove programs? Please elaborate as much as possible, I would like to understand this. and There appears to be another folder which is almost exactly like the first in name, except that it has a _0 in it. for example, $NtUninstallKB913446_0$ as opposed to $NtUninstallKB913446$. Both contain the Spuninst directory with the related .exe file inside. Which one do I choose? Thanks very much in advance for help with this issue.
  10. Hi all, Glad to see a forum going on for Windows, where I can talk with others about various aspects of the OS... Dual booting Winders XP w/ Fedora Core 4, and proud to use both OS'es.
×
×
  • Create New...