*

Recent Posts

Welcome, Guest. Please login or register.
November 26, 2024, 11:48:41 PM

Login with username, password and session length

Members
  • Total Members: 61
  • Latest: AciDeX
Stats
  • Total Posts: 28505
  • Total Topics: 1915
  • Online Today: 91
  • Online Ever: 569
  • (August 02, 2024, 06:20:39 AM)
Users Online
Users: 0
Guests: 37
Total: 37

Permissions

Author Topic: Cool AutoRun utility  (Read 3274 times)

0 Members and 1 Guest are viewing this topic.

Offline ZWarrior

  • Administrator
  • Hero Member
  • *****
  • Posts: 7798
  • Karma: 8
  • Shhh! Be wery wery qwiet...
    • View Profile
    • Ambush!
Cool AutoRun utility
« on: August 09, 2005, 10:44:32 AM »
Ever since I got hit with a virus and spyware attack early last month I have been tryiung to get MS Messenger to stop loading everytime I logon.  I set it in the application, I checked the registry, but I could not stop it from auto-running.

Well, I was playing around with Digg.Com and there was a link there for a utility on SysInternals.Com called Autoruns.

This thing lists all the possible locations that apps can be run from, as well as DLLs, and other files.  Using this I disabled a few things, and discovered that there were 3 entries that wew related to the infection last month that were still in my registry.  One of them said it was for Notepad.Exe, but pointed to MS Messenger!  Needless to say, I disable all three, and I am off an running again!

Go check it out:http://www.sysinternals.com/utilities/autoruns.html
--------------------------------
Zoë: Shepard, isn't the Bible kind of specific about killing?
Book: Very specific. It is, however, somewhat fuzzy around the area of kneecaps.

Offline Boomslang

  • Hero Member
  • *****
  • Posts: 1715
  • Karma: 5
    • View Profile
    • http://www.xbitlabs.com/
Cool AutoRun utility
« Reply #1 on: August 09, 2005, 03:52:43 PM »
When using this I came a cross this..  Image Hijacks - NTSD
http://www.auditmypc.com/acronym/NTSD.asp

It gave me my internal IP did it yours? and how do I fix this I'm behind two firewalls!

Can I delete the reg entry?

Offline ZWarrior

  • Administrator
  • Hero Member
  • *****
  • Posts: 7798
  • Karma: 8
  • Shhh! Be wery wery qwiet...
    • View Profile
    • Ambush!
Cool AutoRun utility
« Reply #2 on: August 09, 2005, 04:43:38 PM »
I am not sure that you can or cannot. I would have to know more about the entry.  however, if you read the full details page, you will see that this page was done using Java technology that is not stopped by your firewalls, it is part of your browser.  There are recommendations on that page for stopping this from happening.

However, be advised that you could break a lot of the sites that you visit if you do successfully disable the Java functions.

I don't have that entry in my system, but I did find the following links that are more likely what the item:
http://msmvps.com/debuginfo/archive/2005/06/27/56125.aspx
http://blogs.wdevs.com/angelos/archive/2005/07/03/8377.aspx
--------------------------------
Zoë: Shepard, isn't the Bible kind of specific about killing?
Book: Very specific. It is, however, somewhat fuzzy around the area of kneecaps.

Offline Boomslang

  • Hero Member
  • *****
  • Posts: 1715
  • Karma: 5
    • View Profile
    • http://www.xbitlabs.com/
Cool AutoRun utility
« Reply #3 on: August 09, 2005, 05:06:05 PM »
I went and encrpted the ntsd file and did the MS 7 updates that are out and that worked.

Offline Morpheus

  • Hero Member
  • *****
  • Posts: 1186
  • Karma: 0
  • I shoulda taken the green pill!
    • View Profile
Cool AutoRun utility
« Reply #4 on: August 10, 2005, 10:51:19 AM »
Boom could you be a little more specific?  What MS 7 updates, and how did you encrypt the ntsd file?
Luck is better than skill anyday! The more skill I get, the luckier I get!

Offline Boomslang

  • Hero Member
  • *****
  • Posts: 1715
  • Karma: 5
    • View Profile
    • http://www.xbitlabs.com/
Cool AutoRun utility
« Reply #5 on: August 10, 2005, 03:13:51 PM »
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

updates

Right click properties advanced, check the encrypt box