Jump to content

files arent removed after using cleanup.cmd

Solid as a rock
 Share

Recommended Posts

SiMoNsAyS

SiMoNsAyS

Posted
Posted
And I can't see why windows wants to protect screensavers as a vital system file.

yes, windows .scr files are protected. prove it deleting for example ssmarque.scr and see how it is restored seconds later.

and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.

if you want to delete system protected files you will need to replace the .dll change the registry setting, delete WFP files, replace dll with original and change again the registry setting or your system will be vulnerable.


Solid as a rock

Solid as a rock

Posted
  • Author
Posted
And I can't see why windows wants to protect screensavers as a vital system file.

yes, windows .scr files are protected. prove it deleting for example ssmarque.scr and see how it is restored seconds later.

and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.

if you want to delete system protected files you will need to replace the .dll change the registry setting, delete WFP files, replace dll with original and change again the registry setting or your system will be vulnerable.

ok. i understand. thanks for explaining that.

how to do this best? i dont want ANY of these scr. the only i want are included on my cd. the 3dwindows scr and logon.scr and to keep my protect? why the SFCDisable=ffffff9d dont work anymore?

how to stop the protect during unattend and after this enable it again?

Alanoll

Alanoll

Posted
Posted

actually, if you use modified DLL, either one, if you reset the registry entry to it's default, WFP will be reenabled. There is no need to replace with the original. The only difference is in RaveRod's hack, the key is changed, in the nLite hack, it skips the portion that resets the key.

Glowy

Glowy

Posted
Posted
and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.

Still I don't see the addition of extra security here... copy a random scr file in the dir modify the reg et voilà there you have it. no need to modify a scr.

deleting a scr will not result in programs not working, a dll or an ocx will.

Solid as a rock

Solid as a rock

Posted
  • Author
Posted
and yes they are vital system files. why?? because if i'm a "bad mad ugly person with intentions to create a virus" i will choose to replace ssmarque.scr with my .scr file this will cause that my exe code can be run if this screensaver is activated.

Still I don't see the addition of extra security here... copy a random scr file in the dir modify the reg et voilà there you have it. no need to modify a scr.

deleting a scr will not result in programs not working, a dll or an ocx will.

the truth is bypassing the regkey is not enough for me? i cant remove the scr. you can. i cant. but ok. this is too difficult. why you + esp can and i cant remove them?

i have choose for nlite to strip them out. problem solved. no headache, no hacking this and that. no difficult. :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...