SiMoNsAyS Posted July 26, 2004 Share Posted July 26, 2004 And I can't see why windows wants to protect screensavers as a vital system file.yes, windows .scr files are protected. prove it deleting for example ssmarque.scr and see how it is restored seconds later.and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.if you want to delete system protected files you will need to replace the .dll change the registry setting, delete WFP files, replace dll with original and change again the registry setting or your system will be vulnerable. Link to comment Share on other sites More sharing options...
Solid as a rock Posted July 26, 2004 Author Share Posted July 26, 2004 And I can't see why windows wants to protect screensavers as a vital system file.yes, windows .scr files are protected. prove it deleting for example ssmarque.scr and see how it is restored seconds later.and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.if you want to delete system protected files you will need to replace the .dll change the registry setting, delete WFP files, replace dll with original and change again the registry setting or your system will be vulnerable. ok. i understand. thanks for explaining that. how to do this best? i dont want ANY of these scr. the only i want are included on my cd. the 3dwindows scr and logon.scr and to keep my protect? why the SFCDisable=ffffff9d dont work anymore? how to stop the protect during unattend and after this enable it again? Link to comment Share on other sites More sharing options...
Alanoll Posted July 26, 2004 Share Posted July 26, 2004 actually, if you use modified DLL, either one, if you reset the registry entry to it's default, WFP will be reenabled. There is no need to replace with the original. The only difference is in RaveRod's hack, the key is changed, in the nLite hack, it skips the portion that resets the key. Link to comment Share on other sites More sharing options...
Glowy Posted July 27, 2004 Share Posted July 27, 2004 and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.Still I don't see the addition of extra security here... copy a random scr file in the dir modify the reg et voilà there you have it. no need to modify a scr.deleting a scr will not result in programs not working, a dll or an ocx will. Link to comment Share on other sites More sharing options...
Solid as a rock Posted July 27, 2004 Author Share Posted July 27, 2004 and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.Still I don't see the addition of extra security here... copy a random scr file in the dir modify the reg et voilà there you have it. no need to modify a scr.deleting a scr will not result in programs not working, a dll or an ocx will. the truth is bypassing the regkey is not enough for me? i cant remove the scr. you can. i cant. but ok. this is too difficult. why you + esp can and i cant remove them?i have choose for nlite to strip them out. problem solved. no headache, no hacking this and that. no difficult. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now