February 2010 - Posts

Fake Security Essential 2010 in Circulate

Mimicry of Microsoft Security Essential has been detached across the Internet. This rogue antivirus report false detection to convince user to upgrade their existing trial version to full version. Microsoft says this is due to Trojan:Win32/Fakeinit .

This fake AV get installed by Win32/fakeinit.

main

Symptoms

Symptoms vary among different distributions of Trojan:Win32/Fakeinit, however, the presence of the following system changes (or similar) may indicate the presence of this program:

  • Presence of the following folder and file, or similar (for example):
    %ProgramFiles%\Securityessentials2010\SE2010.exe
    %ProgramFiles%\antivirusxp\antivirusxp.exe
    %ProgramFiles%\InternetSecurity2010\IS2010.exe
    <system folder>\helpers32.dll

  • Presence of registry modifications that load the malware as in the following example:
    Adds value: "Security essentials 2010"
    With data: "%ProgramFiles%\Securityessentials2010\SE2010.exe"
    In subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Added value: "AntivirusXP.exe"
    With data: "%ProgramFiles%\antivirusxp\antivirusxp.exe"
    To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Added value: "Internet Security 2010"
    with data: "%ProgramFiles%\InternetSecurity2010\IS2010.exe"
    To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

The Trojan will also restrict to some of genuine sites.

site

Snapshots:

fake report

Fake Report

trial

Nagging to upgrade

activation

Activation Windows

in xp

Seem like Genuine Antivirus!

Prevention is pretty easy:

  • Always Turn on Windows Firewall
  • Don’t open the attachment from unknown sender
  • Always turn on Windows update and make sure you have installed all important updates
  • Don’t use pirate software

Microsoft Security Essential is free for all . Please do remember this.

Compiled By Gandip Khaling.

Posted: 02-26-2010 3:44 AM by gandip with 2 comment(s)

List of GODMODE for Windows 7

Here few strings available only for windows 7

GUID.

Action Center
{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}

Backup and Restore
{B98A2BEA-7D42-4558-8BD1-832F41BAC6FD}

Biometric Devices
{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}

Credential Manager
{1206F5F1-0569-412C-8FEC-3204630DFB70}

Default Location
{00C6D95F-329C-409a-81D7-C46C66EA7F33}

Devices and Printers
{A8A91A66-3A7D-4424-8D24-04E180695C7A}

Display
{C555438B-3C23-4769-A71F-B6D3D9B6053A}

HomeGroup
{67CA7650-96E6-4FDD-BB43-A8E774F73A57}

Location and Other Sensors
{E9950154-C418-419e-A90A-20C5287AE24B}

Notification Area Icons
{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}

Recovery
{9FE63AFD-59CF-4419-9775-ABCC3849F861}

RemoteApp and Desktop Connections
{241D7C96-F8BF-4F85-B01F-E2B043341A4B}

Speech Recognition
{58E3C745-D971-4081-9034-86E34B30836A}

Troubleshooting
{C58C4893-3BE0-4B45-ABB5-A63E4B8C8651}

You can create your own GodMode by Specifying a Namespace Extension's Location

Posted: 02-26-2010 1:19 AM by gandip with no comments

Filed under:

GodMode CLSID

The secret Behind the God Mode is simple. Windows signs certain folder with unique string which is Windows Class Identifiers. This has been since Windows Vista , I am not sure of XP or older version of OS.  These specific folder can be found on Registry . Here is snap shot.

clasid

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Explorer

CLSID

Posted: 02-26-2010 1:15 AM by gandip with no comments

Filed under:

Unleash The God in Windows 7

Copy paste GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}  and create New Folder and rename

god1   god2

:-)

Posted: 02-25-2010 11:09 AM by gandip with 1 comment(s)

Filed under:

Let Windows 7 Take Care of Default Printer

 

      Every time you reach to home from office and you have important document to print. Now I know the classic way is to press Ctrl+P and select printer and print…

Humm… how about Location aware printing where your windows will automatically select the printer for you so that you do not need to switch in between different printers.

Here how you do:

  • Click on “Windows Orb” and then click on “Devices and Printers”.
  • On “Printer and faxes”  on menu bar click on “Manage Default printers”.
  • Click on “Change my default printer when I change networks”, specify default Printer for each network

printer

Posted: 02-22-2010 10:57 AM by gandip with no comments

how to host php on IIS 7.5

Php application can be hosted on IIS web server by using FastCGI Module that can be found in IIS. Here I am using Windows 7 as my IIS web server. Same is for server 2008 R2. Remember R2 has IIS ver7.5 ditto Windows 7.

First you  need to install IIS in your server, make sure that you have installed CGI feature while installation.

addorremoveCGI

Now you need to Install and Configure the php to run for IIS.

You may go to http://www.php.net/downloads.php and download the php zip file for windows.

Unzip the downloaded file somewhere like C:\php . Now rename the php.ini-recommanded to php.ini .

Now eopne php.ini and then uncomment and modify to following:

set fastcgi.impersonate = 1

Set cgi.force_redirect=0

Set cgi.fix=pathinfo=0

open_basedir and edit to your desired directory

Set extension_dir to the directory where php extension reside in this case C:\php\ext

Enable following by uncommenting:

extension=php_mssql.dll

extension=php_mysql.dll 

Here your Configuration part is over. Now you need  to handle to php Request. As I have mention before we will be using FastCGI for this purpose here.

Open your IIS manager. “inetmgt” Now double click on “Handle Mappings”

handle

Now add Module Mapping and point phpCGI.exe for php files.

Now here what you need to do.

module mapping

You will get a dialogue box stating FastCGI application. Click on “Yes” and you are good to go for php apps.

You may want to create a php info file in wwwroot  folder like this <?php phpinfo(); ?> and test.

test

:-)

Posted: 02-21-2010 6:00 AM by gandip with no comments

Filed under:

Microsoft Gives you Windows 7 USB/DVD Download Tool

 

Here is small tool to make your USB Bootable for Windows 7 installation. Its simple and easy just couple of next and you are done with bootable usbdrive.

Download the Tool from Codeplex here is link. Install it and run it. Make sure you have ISO file of Windows 7 in your hard drive.

conform

select

Posted: 02-20-2010 12:34 AM by gandip with 1 comment(s)

Filed under:

Ping Dropped in Hyper-V in Server 2008 R2 of NLB

   When you  Configure your NLB host in unicast mode you wont be able to access dedicated IPs of your Guest VMs. However here a by Spoofing your VMs MAC IDs you can access your NLB host. By default your this will be turn off.

1

You can enable the Spoofing of MAC addresses.

Remember: Enabling this option will give ability to VMs to  Override their MAC and send and receive traffic using any MAC ids.

Virtual switch in Hyper is Layer-2 switches. hence if Malicious VMs start sending packet with MAC owned by other machine then it may cause security flaws (DOS attacks).

Gandip Khaling

<

Posted: 02-13-2010 8:44 PM by gandip with no comments

Filed under: