Saturday 28 November 2009

○ Windows DLL files Checker


To perform a windows DLL files test for integrity to see if they are intact and in their original versions there is a good native tool called SFC that only system administrators can perform:

This will check to see wether your currently being used DLL files are trust worthy and/or match those on the DLL Cache folder. I have a progress percentage indicator as you can see in this screenshot but some operating systems like XP/W2k/2003 end the verification and do not report anything back when it finishes. So, it's good to see that Microsoft gave this another step up.

Thanks for reading

○ Removing HD1.exe Virus

Hello, i decided to write something about this because i found the information available at this time.

This virus from what i have been seing recently spreads mostly from USB pens, on operative systems that have the Autorun Feature turned on for USB Removable devices.

It starts by:

1- writing a file named autorun.inf on your USB pendrive with the following content:

[autorun]
OPeN=rEcYClEr\sEtUp32.exe
IcON=%wIndIr%\sYstEm32\ShElL32.DlL,7
ACtION=Open USB
sHeLl\OpEN=oPEn
sHeLl\OpEN\cOMMaND=ReCyClER\sEtUp.exe
sHeLl\OpEN\deFaULt=1

It then writes the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Taskman"="C:\RECYCLER\S-{Numbers}\hd1.exe"

or

"Taskman"="E:\\hd1.exe"

depending from where did you run the virus file setup32.exe


{Numbers} represent the security ID's present on your machine. You may have more than one if more than one user has logged in at least once, so you may have more than one hd1.exe file.


To manually remove the virus:

1. You have to delete that "taskman" entry on the registry.
2. Manualy delete hd1.exe files from c:\RECYCLER folder.
2a. You can use at the command prompt from within RECYCLER folder: "dir /s /a hd1.exe" to see how many hd1.exe you have
2b. You can use attrib command to remove -S -H -R from hd1.exe/Desktop.ini files before deleting.
2c. You may have to terminate explore.exe process under task manager to successfully delete this file. If you still can't even after using attrib you have to use Windows Recovery Console, or any other bootable disk with full ntfs support tools, for instance, Hiren's Boot Tools.


I do not think there are any dll files altered with this virus after my tests. But checking windows dll files for integrity to see if they are in they are intact and in their original versions is a good idea afterwords.

Direct Link to this article

Thanks for reading

Saturday 14 November 2009

○ IVT_Virtual_0000 Driver



If you have this device hanging on your device manager waiting for a driver, probably you instaled IVT BlueSoleil on your computer without installing the native Bluetooth drivers from the manufacturer first. Or, the IVT version you have is not compatible with your windows version.
I came across this issue and what i did to solve it was to:

1. Download the latest trial version, right now it's IVT_BlueSoleil_6.4.275.0 which is Windows7 compatible.
2. Extract contents of the ZIP File to a folder
3. Extract all the CAB files BlueSo~1.cab, BlueSo~2.cab, etc, using a capable application like winrar.

After you have extracted the CAB Files you should see some .inf files, one of them is for the Bluetooth PAN Network Adapter .

4. Device Manager -> Unkown Device IVT_Virtual_0000 -> Update Driver -> Point to folder where you extracted the CAB Files.

And you are done:




edit:
This was not tested on Windows 7 64bit Platforms

○ Unknown device ACPI\ITE8707\4&2D46162D&0 on ASUS C90s



Another struggle for a unknown device. Funny thing is when i had XP i did not detect it, neither with vista, but windows 7 did.

Finally discovered that this unknown device corresponds to ITECIR Infrared Receiver

You have to download ite_ir_5.03_vista32-64 driver for it to install, here are 2 screenshots:





And voila

Thanks for reading, i hope this helps.

Monday 9 November 2009

○ How to view Windows Registry in DOS Mode


This makes a usefull feature when all you have is a command line and want to sneak in the windows registry. You will have to have a PATH variable defined to the reg.exe file or direct access however otherwise it won't run.

The usage is:

REG Operation /?

Examples:

REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?
REG FLAGS /?

You can even add or delete keys, of course, you will have to have the proper access control entry rights on any given hive. For more on ACE's

Be cautious about messing around in the registry. Even performin a query, if the key values are to extensive the output can be something like:



This reminds me of beeping outputs in the old days when using Type command on some file. Ouch

Saturday 7 November 2009

○ Intel 845GE Graphics Driver for Windows Vista/7


Ufff, i was installing a version of Windows Seven on my brother's computer, but Windows 7 did not detected /installed the proper drivers so i had to search for an alternative. The Standard VGA Graphics Adapter it gave me, could not go over 1024x1280 resolutions. I needed higher resolutions as i have a capable monitor of 1920x1200. Drivers were definitely not helping me.

After hours spent, i finally found this which almost did the trick (and you will see why it is almost). Don't know if it is true, but it seems the native graphics driver ( or Standard VGA Graphics Adapter ) from Windows is very close to
Intel(R) Graphics Controller 6.14.10.3722 . This is a driver for W2k but it works on Windows Seven. Going trough the setup.exe (double clicking the executable application) obviously is not the way to go. What you need to do is to go to Control Panel -> System -> Device Manager and Update drivers for your current listed Display Adapter selecting the .inf file.

So:

1- Download Intel(R) Graphics Controller 6.14.10.3722 for 845GE

2- Install from the ".inf", trough the device manager.

3- Restart, check configurations

You may get errors (like i did) but simply restarting a trying again should do the trick. (It did for me anyway)

In the end you will be able to see at the device manager:




Now as for the "almost" . The maximum setting it gives me is 1920x1200 x 16 bits when i was looking for 1920x1200 x 32 bits...

But as im not much of a player it's fine by him.