March 2004 - Posts

• Registry Hacks

  I just rebuilt my laptop last night, and after 10hrs of installs, I’m finally back to a ‘usable’ state.  One of the things I had forgotten about, that I take for granted was all of the registry hacks that I was used too. Basically, these hacks were ones I made so that additional options would show up when I either right-clicked on a folder or a file, in explorer. DISCLAIMER DANGER WILL ROBINSON! DANGER!!! Modify your registry at your own risk. If you hose your computer, I am not responsible. Ok, so here are some of the keys I just added, and a brief explanation of what they do. They point to additional tools and utilities, so you may need to modify the paths to fit your system. I’ll list all of the keys at the end, so you can create a .reg file, and import them. 1.)This key allows you to right-click on a COM dll, and register it, just like you ran regsvr32 against it, from a command prompt. [HKEY_CLASSES_ROOT\dllfile\shell\Register\command] @="regsvr32 /s %1" 2) Same as above, except un-registers the dll. [HKEY_CLASSES_ROOT\dllfile\shell\Unregister\command] @="regsvr32 /u /s %1" 3)Register a COM .exe [HKEY_CLASSES_ROOT\exefile\shell\Register\command] @="regsvr32 /s %1" 4)Un-Register a COM .exe  [HKEY_CLASSES_ROOT\exefile\shell\Unregister\command] @="regsvr32 /u /s %1" 5)Right-click on a .NET assembly, and install in the GAC [HKEY_CLASSES_ROOT\dllfile\shell\Register In GAC\command] @="C:\\Program Files\\Microsoft.NET\\FrameworkSDK\\Bin\\gacutil /i %1" 6)And most importantly, right-click on a folder, and open it’s path in a  command prompt. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\CMD Here\command] @="cmd.exe /k pushd %L " Here are all of the keys at once. Do you have any cool hacks! Add them below in the Comments section. Cheers! Dave Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\dllfile\shell\Register\command] @="regsvr32 /s %1" [HKEY_CLASSES_ROOT\dllfile\shell\Unregister\command] @="regsvr32 /u /s %1" [HKEY_CLASSES_ROOT\exefile\shell\Register\command] @="regsvr32 /s %1" [HKEY_CLASSES_ROOT\exefile\shell\Unregister\command] @="regsvr32 /u /s %1"   [HKEY_CLASSES_ROOT\dllfile\shell\Register In GAC\command] @="C:\\Program Files\\Microsoft.NET\\FrameworkSDK\\Bin\\gacutil /i %1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\CMD Here\command] @="cmd.exe /k pushd %L "   Posted Mar 31 2004, 03:56 PM by AdvanIntel with 24 comment(s)

• New OBJECTDATA virus

  From the IMAIL list I'm on. Thought I would spread the love. During the past few weeks, virus writers have come up with at least 6 new tricks to get their viruses past mailserver virus scanners.  They started by spreading in .ZIP files, then moved to static encrypted .ZIP files, then moved to dynamic encrypted .ZIP files, then started using pictures to give out the passwords, then started using encrypted .RAR files.  The latest trick, first announced this morning, is that they are now using the OBJECT DATA exploit.  With this, the virus isn't spread in the E-mail, so it can't be detected.  Worse, a user doesn't have to open an attachment for it to spread. There is now a new interim release of Declude Virus that will automatically detect the OBJECT DATA exploit, which is the only way for a mailserver virus scanner to prevent Bagle.Q or Bagle.R from spreading.  For people using Declude Virus, we recommend upgrading to the latest interim release (at http://www.declude.com/interim ).  Please note that you MUST have an up-to-date Service Agreement to download this release.  If you do not have an up-to-date Service Agreement, you can order it online at http://www.declude.com/order.htm , and then you can immediately download the latest interim release. If you are using another brand of virus scanner, you should upgrade as soon as the vendor has an upgrade available to detect the OBJECT DATA exploit.                                                     Patch, Patch, Patch. Cheers! Dave Posted Mar 18 2004, 07:49 AM by AdvanIntel with 1 comment(s)