Automatic nuisances near the time...
Have you ever visited an end-user’s desktop and noticed a dozen icons in the system tray? Each icon represents a process running in either the foreground or background. Most of them are running in the background, so the users may not be aware that they are running 20+ applications at the same time.
This is due to applications starting up automatically in the background. Look first for such programs in the Startup folder in the Start menu. Many applications place components in the Startup folder to run in the background. Some of these, such as the Microsoft Office Findfast, can really chew up processor and disk time and noticeably slow down a system. Review each of the entries in the Startup folder and delete any that are unnecessary.
Not all programs that run at startup appear in the Startup folder. Another place to look is the following registry keys(Start>Run> type Regedit and press Enter):
HKEY
_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY
_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Alternatively you could run msconfig and check the Startup tab to view startup programs. You can uncheck the boxes to keep individual programs from running at startup.
Using Regedit would eliminate them altogether!
Viral Dilemna
I recently wrote a script that could shutdown any machine on the network provided that you had sufficient rights, this was to automate restart after multi installations of a patch. However when I ran the script, the heuristics of my anti-virus picked it up as malicious and quarantined it and I then had to restart machines using the command line.
Good old fashioned DOS, will the command line ever die?
Go to the commandline and type
Taskkill /?
This is a fairly useful tool to shutdown processes.
Also type
Shutdown /?
Aha!!
Knock knock I am on your server
Today I haven't got any problems on my servers, there are no viruses in the quarantine folder and security seems to be holding up. Is everything as it seems, because I had exactly the same result yesterday?
Sometimes I haven't the time to go checking the server logs, checking the quarantine folder, keeping myself up to date with the hard drive space and ensuring backups are running accurately. It is monotonous, but sometimes like last Wednesday it proved effective enough... I found a back door Trojan installed on the terminal server, yes that is a virus! The issue was that my antivirus told me that it could not do anything with it. I ran as system, see how to in previous post... and then removed the file.
A place for everything and everything in its place, Security is easier from there
Forget Admin I want to be a System
Assumptions of the reader: You have a fair knowledge of Windows, perhaps an administrator of sort...
This might come as a surprise to some but the 'administrator' account is not actually 'full control' If you want more power to say... kill tasks that are not within your power like system services or the like. Well there is a work around to gain
System user privileges, read on.
Very easy to do...
The 'at' command schedules a program or task to run at a specific time under the 'SYSTEM' user account. Scheduling say taskmanager would (at a given time) bring up taskmgr with SYSTEM privileges. This in turn can allow us to shut down services and programs that we wouldnt be able to otherwise.
Or start a program as SYSTEM that noone else can disable unless they too know this technique.
the syntax is as follows
C:> at 1:42PM /interactive taskmgr
Words of advice:
If you are just an ordinary user, chances are that this won't work as you won't have access to command prompt, however if you put the command into a text file and then saved it as task.bat it should then run.
Using this tool may cause your system to become unstable, please use with caution and only stop processes if you know what they are for.
7 Easy Steps To a Heavenly Solution
Most of you will just go to number seven...
One: Blame everyone except the user
Two: Read the manual.
Three: Check connections.
Four: Relax and brainstorm.
Five: Can't hack it? Have you tried Google?
Six: Still no solution, you sure you read the manual?
Seven: Phone for support.
Labels: 7 Easy Steps To a Heavenly Solution, Phone Support, Read the manual, RTFM
They can't catch me I'm the ginger bread man
Many a company has made the critical mistake of saying that their business is 100% secure. The thing is you can never be 100% secure with anything, ponder this a bit...
Why would this be so?
Mistakes are the central theme here, sometimes stupid and sometimes fairly complicated all be it exist everywhere.
We humans like everything to be easy and without complication, we want to just press the button as would DEE DEE in a children's cartoon called Dexter's Laboratory.
Checking LogsWe don't want to pour through event logs every morning because maybe... so we automate it! The hacker exploits this and disables the program while he romps around your network Scott-free.
Software DevelopersProgrammers get stuck on a problem and instead of fixing it, they put in a work around 'temporarily' and in the end it is shipped with the finished product. Three weeks later he is writing another program re-using the code and suddenly realizes his mistake, publishes a patch on the program's help website and who finds that patch?
The h4ck3r and he either exploits the error in the initial program or if he is able to reverse engineers the patch to make his work easier.
So at the end of the day...
We all want an easy life, LOL!!
