Tuesday, March 1, 2011
Resistry Shortcuts KEYS
"Ctrl+F" -- Opens the Find dialog box.
"F3" -- Repeats the last search.
Browsing
"Keypad +" -- Expands the selected branch.
"Keypad -" -- Collapses the selected branch.
"Keypad *" -- Expands all the selected branch's sub keys.
"Up Arrow" -- Selects the previous key.
"Down Arrow" -- Selects the next key.
"Left Arrow" -- Collapses the selected branch if it's not collapsed; otherwise, selects the parent key.
"Right Arrow" -- Expands the selected branch if it's not already expanded; otherwise, selects the key's first sub key.
"Home" -- Selects My Computer.
"End" -- Selects the last key that's visible in the key pane.
"Page Up" -- Moves up one page in the key pane.
"Page Down" -- Moves down one page in the key pane.
"Tab" -- Moves between the key and value panes.
"F6" -- Moves between the key and value panes.
"Delete" -- Deletes the select branch or value.
"F1" -- Opens Regedit's Help.
"F2" -- Renames the selected key or value.
"F5" -- Refreshes the key and value panes.
"F10" -- Opens Regedit's menu bar.
"Shift+F10" -- Opens the shortcut menu for the selected key or value.
"Alt+F4" -- Closes Regedit.
Restore Task Manager, Regedit and Folder Options Disabled by Virus
All of us have been infected by virus before. Even if you have anti-virus installed, you can still be infected by a new or custom virus that is not recognized by your anti-virus. Sometimes after removing the virus completely from our system, you'll facenew problems such as you can no longer bring up Windows Task Manager fromCTRL+ALT+DEL. You get the error message saying "Task Manager has been disabled by your administrator".
You think that it's easy to fix this problem by going to Registry Editor but you can't! You get the error message "Registry editing has been disabled by your administrator".
Folder Options and even Show Hidden Files & Folder is disabled! How frustrating! Don't worry, here's how to restore your Windows Task Manager, Registry Editor, Folder Options and Show hidden files & folders.
This problem is most commonly caused by a virus called "Brontok". Brontok virus will make some changes to the system restrictions in order to hide itself from easy detection and also from easy cleaning.
Method 1:
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Top of Form
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
Bottom of Form
Method 2:
• Click Start, Run and type Regedit.exe
• Navigate to the following branch:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
• In the right-pane, delete the value named DisableTaskMgr
• Close Regedit.exe
Method 3:
Using Group Policy Editor - for Windows XP Professional
• Click Start, Run, type gpedit.msc and click OK.
• Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager
• Double-click the Remove Task Manager option.
• Set the policy to Not Configured.
Message: "The command prompt has been disabled by your administrator"
When you attempt to run CMD.exe or a batch file, you may receive the message "The command prompt has been disabled by your administrator". This is caused by restrictions placed in Registry. DisableCMD value is set to 1 or via Group Policy. To enable Task Manager, try any of these methods:
Method 1: Using the console registry tool
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
Method 2: Edit the registry directly
Open Registry Editor (Regedit.exe) and navigate to:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
In the right-pane, double-click DisableCMD and set it's data to 0
Method 3:Using Group Policy Editor in Windows XP Professional.
Click Start, Run, type gpedit.msc and click OK.
Navigate to User Configuration \ Administrative Templates \ System
Double-click the Prevent access to the command prompt
You can then disable or set the policy to Not Configured. Disabling or setting this policy to Not Configured should solve the problem.
Types of viruses :-
The different types of viruses are:-
1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk or the floppy drive. The boot record program responsible for the booting of operating system is replaced by the virus. The virus either copies the master boot program to another part of the hard disk or overwrites it. They infect a computer when it boots up or when it accesses the infected floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-write-protected disk accessed by this system will become infected.
Examples of boot- sector viruses are Michelangelo and Stoned.
2) File or Program Viruses :- Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .
Some common file viruses are Sunday, Cascade.
3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target. It attempts to attack both the boot sector and the executable, or programs, files at the same time. When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it will in turn infect the boot sector.
This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.
4) Stealth Viruses :- These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it's presense.
6) Macro Viruses :- A macro virus is a computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.
1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk or the floppy drive. The boot record program responsible for the booting of operating system is replaced by the virus. The virus either copies the master boot program to another part of the hard disk or overwrites it. They infect a computer when it boots up or when it accesses the infected floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-write-protected disk accessed by this system will become infected.
Examples of boot- sector viruses are Michelangelo and Stoned.
2) File or Program Viruses :- Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .
Some common file viruses are Sunday, Cascade.
3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target. It attempts to attack both the boot sector and the executable, or programs, files at the same time. When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it will in turn infect the boot sector.
This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.
4) Stealth Viruses :- These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it's presense.
6) Macro Viruses :- A macro virus is a computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.
The TROJON HORSE
What is a Trojan ?
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system". - Wikipedia
"A Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat.". - CERT Advisory
Types of Trojan :-
The different types of Trojan Horses are as follows-
1) Remote Access Trojans :- Abbreviated as RATs, a Remote Access Trojans are potentially the most damaging, designed to provide the attacker with complete control of the victim's system.
2) Data Sending Trojans :- A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. They could install a keylogger and send all recorded keystrokes back to the attacker.
3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to systematically or completely randomly delete information from your computer. This can include files, folders, registry entries, and important system files, which likely to cause the failure of your operating system.
4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to conduct illegal activities, or even to use your system to launch malicious attacks against other networks.
5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP server. Once installed, the attacker not only could download/upload files/programs to victim's computer but also install futher malware on your computer.
6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload.
7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack against some website or network or any individual. In this case they are well known as "Zombies".
How Trojan Works ?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.
It is necessary for the attacker to know the victim’s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.
Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.
How Trojan Horses Are Installed ?
Infection from Trojans is alarmingly simple. Following are very common ways to become infected that most computer users perform on a very regular basis.
* Software Downloads
* Websites containing executable content (ActiveX control)
* Email Attachments
* Application Exploits (Flaws in a web applications)
* Social Engineering Attacks
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system". - Wikipedia
"A Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat.". - CERT Advisory
Types of Trojan :-
The different types of Trojan Horses are as follows-
1) Remote Access Trojans :- Abbreviated as RATs, a Remote Access Trojans are potentially the most damaging, designed to provide the attacker with complete control of the victim's system.
2) Data Sending Trojans :- A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. They could install a keylogger and send all recorded keystrokes back to the attacker.
3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to systematically or completely randomly delete information from your computer. This can include files, folders, registry entries, and important system files, which likely to cause the failure of your operating system.
4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to conduct illegal activities, or even to use your system to launch malicious attacks against other networks.
5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP server. Once installed, the attacker not only could download/upload files/programs to victim's computer but also install futher malware on your computer.
6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload.
7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack against some website or network or any individual. In this case they are well known as "Zombies".
How Trojan Works ?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.
It is necessary for the attacker to know the victim’s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.
Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.
How Trojan Horses Are Installed ?
Infection from Trojans is alarmingly simple. Following are very common ways to become infected that most computer users perform on a very regular basis.
* Software Downloads
* Websites containing executable content (ActiveX control)
* Email Attachments
* Application Exploits (Flaws in a web applications)
* Social Engineering Attacks
Subscribe to:
Posts (Atom)