[H] Anyone see the CERT today about AUTORUN?
TA09-020A http://www.us-cert.gov/cas/techalerts/TA09-020A.html I know a lot of the collective disable autorun, thought this would be useful for you. Christopher Fisk -- The inside of my head was exploding with fireworks. Fortunately, my last thought turned out the lights when it left. --- Calvin -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] Anyone see the CERT today about AUTORUN?
Quite interesting. Thanks for the heads up. On Jan 21, 2009 4:54 PM, Christopher Fisk chr...@mhonline.net wrote: TA09-020A http://www.us-cert.gov/cas/techalerts/TA09-020A.html I know a lot of the collective disable autorun, thought this would be useful for you. Christopher Fisk -- The inside of my head was exploding with fireworks. Fortunately, my last thought turned out the lights when it left. --- Calvin -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] Anyone see the CERT today about AUTORUN?
On Wed, 21 Jan 2009, Wayne Johnson wrote: At 08:54 AM 1/21/2009, Christopher Fisk typed: TA09-020A http://www.us-cert.gov/cas/techalerts/TA09-020A.html I know a lot of the collective disable autorun, thought this would be useful for you. I don't think I completely agree with this solution especially if you have a lan. Alternatively, the following registry key may be deleted: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 If one deletes this then won't they'll lose their mappoints for all the other drives on the lan? I do have a reg file that I run that disabled autorun REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files] *setup*.exe= *instal*.exe= *setup*.bat= *instal*.bat= *setup*.cmd= *instal*.cmd= *setup*.com= *instal*.com= Y?kle*= Felrak.exe= Imposta.exe= KUR.exe= Ayarla.exe= sfc2.ico= evanims= 0001.tmp= updmoney.exe= hs\\media\\y\\11399\\11399_cd_fp.jpg= hs\\media\\y\\9953\\9953_cd_fp.jpg= hs\\media\\y\\9951\\9951_cd_fp.jpg= hs\\media\\y\\9964\\9964_cd_fp.jpg= hs\\media\\y\\9968\\9968_cd_fp.jpg= inf= And then there is always using TweakUI to disable it. I'm pretty sure the issue is that the autoplay feature can be susceptable to a buffer overrun, so it still reads the autorun.inf and if that is malformed can cause an issue (If I read it right). Essentially, even with autorun turned off how Microsoft recommends it be turned off it still parses the autorun (To get things like the icon for the drive and stuff). Christopher Fisk -- You know you're using the computer too much when: all of the sudden people ask you to many danm questions on aim or msn messenger -- RedDawn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] Anyone see the CERT today about AUTORUN?
you can always use ; in front of the key to disable it without deleting it for
testing
fp
At 10:21 AM 1/21/2009, DHSinclair Poked the stick with:
Chris,
Thanks for this answer to Wayne's alternative. I have read thru the doc
several times now.
I'd really like to install this business, BUT I do have some concern about the
delete of the moutpoints2 key. I do not have a key, I have a Folder/Key.
And, it has very much inside it.
I see keys for each of my installed I/O on the machine. This I get. But, I
also see many {big hex #} keys also which I really do not wish to research
prior to deletion of the parent key.
I do NOT yet use mountpoints for remote drives on my LAN yet. If I read
Wayne's concern correctly, once I install this fix I will NOT be able to use
remote drive mounts..Is this correct?
Ideas/suggestions? Oh, this is a machine that was upgraded from W2K to WXP!
Thanks,
Duncan
At 11:46 01/21/2009 -0500, you wrote:
On Wed, 21 Jan 2009, Wayne Johnson wrote:
I don't think I completely agree with this solution especially if you have a
lan.
Alternatively, the following registry key may be deleted:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
If one deletes this then won't they'll lose their mappoints for all the
other drives on the lan?
It just deletes the autorun cache, not the mountpoints themselves. Good if
you're looking to get rid of any memorized autoruns.
I do have a reg file that I run that disabled autorun
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files]
*setup*.exe=
*instal*.exe=
*setup*.bat=
*instal*.bat=
*setup*.cmd=
*instal*.cmd=
*setup*.com=
*instal*.com=
Y?kle*=
Felrak.exe=
Imposta.exe=
KUR.exe=
Ayarla.exe=
sfc2.ico=
evanims=
0001.tmp=
updmoney.exe=
hs\\media\\y\\11399\\11399_cd_fp.jpg=
hs\\media\\y\\9953\\9953_cd_fp.jpg=
hs\\media\\y\\9951\\9951_cd_fp.jpg=
hs\\media\\y\\9964\\9964_cd_fp.jpg=
hs\\media\\y\\9968\\9968_cd_fp.jpg=
inf=
That only stops what you can proactively stop. If someone were to name their
malicious autorun blahblahblah.exe then you're not stopping it.
Christopher Fisk
--
[during a company sexual harassment training video]
Narrator: Remember, nothing says good job like a firm, open-palm slap on
the behind.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
Tallyho ! ]:8)
Taglines below !
--
The bird of war is not the eagle but the stork.
Re: [H] Anyone see the CERT today about AUTORUN?
Chris,
ROTFLMAO!
Well, I do not believe I am quite that rural, yet! And the gerbils are
APC ups's.
But, I do see your point.
I'll test this on one machine and see what happens; about the
mountpoints/2 business.
The machine can be rebuilt easy enough! I now have a pre-fix image of it
ATM. I now have a current test XPpro machine! Just for stuff like this.
Thanks,
Duncan
At 12:40 01/21/2009 -0500, you wrote:
On Wed, 21 Jan 2009, DHSinclair wrote:
Chris,
Thanks for this answer to Wayne's alternative. I have read thru the doc
several times now.
I'd really like to install this business, BUT I do have some concern
about the delete of the moutpoints2 key. I do not have a key, I have a
Folder/Key. And, it has very much inside it.
I see keys for each of my installed I/O on the machine. This I get. But,
I also see many {big hex #} keys also which I really do not wish to
research prior to deletion of the parent key.
I do NOT yet use mountpoints for remote drives on my LAN yet. If I read
Wayne's concern correctly, once I install this fix I will NOT be able
to use remote drive mounts..Is this correct?
Ideas/suggestions? Oh, this is a machine that was upgraded from W2K to WXP!
Thanks,
Duncan
I'd have to say from the standpoint of security, since you live 100 miles
from anyone else and have Gerbils for power generation the chance someone
will be putting a bad USB stick into your system is low. =)
I'm not 100% sure what information is stored in that mountpoints
key/folder in the registry. If I've read correctly (And I've messed up my
reading in the past) it's just a cache of previous autoruns. You can
always export that registry key, delete it, then restart the computer and
see if it has any problems. Worst case you'd have to go into the recovery
console and re-import the keys.
Christopher Fisk
--
Stewie Griffin: Am I to spend the entire day wallowing around in my own
feces? A little service here.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: [H] New build trouble?
Well you might have fixed it last time by moving the DIMMs, maybe it was just a matter of reseating them or there is a bad socket??? -Original Message- From: hardware-boun...@hardwaregroup.com [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair Sent: Tuesday, December 23, 2008 3:04 PM To: hardware@hardwaregroup.com Subject: Re: [H] New build trouble? OK, I am now flumoxed! This new system worked fine for 4 days until I moved to my back bedroom! Plugged it in and it did not work. If fact, it did NOT work exactly like before I moved the RAM dimms I have now take the system apart and have the m/b w/cpu and hs/fan mounted plus the pair of dimms.. I am no clueless as to how to figure out which of the major components is bad (for RMA purposes). I do have a new spare m/b, cpu w/hs/fan, dimms, and psu. I will be building this hdw tonight. I really hate it when a plan goes into the tank! I do suspect infant mortality. But, at this point I have not got a clue to who/what! If I were to take the bare m/b, w/mounted cpu and hs/fan plus dimms, and, the psu to a qualified repair shop, do you think they could sort out just what is broken? ? ? Thank you, Duncan At 20:39 12/20/2008 -0700, you wrote: 1st thing I would do is clear the cmos, sometimes something there keeps them back. Make sure clear cmos jumper is in the normal position, they sometimes ship in the clear position. Powersupply all connections hooked up. fp At 05:24 PM 12/20/2008, DHSinclair Poked the stick with: Seeking opinions and suggestions. I have a brand new PC built that will NOT light UP the display and provides NO POST codes either. I am stumped. I am building a new PC to replace my old gaming platform. The old gaming platform uses an Adaptec 29160-64 and a pair of 18.4GB Cheetahs. I have run out of space on the c:/ partition, so it is time to backup and build a new, modern replacement PC. The new PC is: Asus P5Q3 m/b 2x 1GB Crucial Ballistix DDR3 RAM Intel E8400 C2D using the stock hs/fan ATI R4670 video card Seagate ST316015AS 160GB SATA HD AOpen D-1240 PATA DVDROM PCPC 610 EPS12V PSU Since it will NOT even light up the Dell panel (no video out), I'm stuck in the ozone. I do have a new spare m/b, a new spare E8400, and a new spare PCPC 610 EPS12V psu. I have tried my spare Matrox G200 PCI and my spare FX550 PCI video cards. Neither will light up the display... Most odd! Just wondering where to start? My little black book is missing some magic! Thank you, Duncan -- Tallyho ! ]:8) Taglines below ! -- Can I go back to bed now?
Re: [H] New build trouble?
Mark, You have a very good point. I tested the suspect dimm in all available sockets. Same failure...each test. Not satisfied, I then took the same dimm to another like machine (same hdw) and swapped out 1 good dimm for this suspect dimm. The other machine booted up the same (bad) way as the suspect machine. I conclude that this dimm is just bad. Yes, I will accept that I may have killed it. Really do not think so. I am focused on infant mortality. I will give it up that the suspect m/b may still harbor a NOW bad dimm slot. Guess I will not know until a replacement dimm arrives to confirm. The m/b plays fine with the workable dimm in both slot 0 (black) and slot 2 (black). (slot 1 (orange) and slot 3 (orange) are for OverClocking the m/b; I do not use them!) So far, this test (suspect) machine has been running fine with only 1GB of RAM for ~2wks 24/7 w/o any trouble.. :) Crucial and I will now decide whether I get warranty protection or not. The RMA/Warranty claim is in process. Thanks, Duncan At 17:19 01/21/2009 -0600, you wrote: Well you might have fixed it last time by moving the DIMMs, maybe it was just a matter of reseating them or there is a bad socket??? -Original Message- From: hardware-boun...@hardwaregroup.com [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair Sent: Tuesday, December 23, 2008 3:04 PM To: hardware@hardwaregroup.com Subject: Re: [H] New build trouble? OK, I am now flumoxed! This new system worked fine for 4 days until I moved to my back bedroom! Plugged it in and it did not work. If fact, it did NOT work exactly like before I moved the RAM dimms I have now take the system apart and have the m/b w/cpu and hs/fan mounted plus the pair of dimms.. I am no clueless as to how to figure out which of the major components is bad (for RMA purposes). I do have a new spare m/b, cpu w/hs/fan, dimms, and psu. I will be building this hdw tonight. I really hate it when a plan goes into the tank! I do suspect infant mortality. But, at this point I have not got a clue to who/what! If I were to take the bare m/b, w/mounted cpu and hs/fan plus dimms, and, the psu to a qualified repair shop, do you think they could sort out just what is broken? ? ? Thank you, Duncan At 20:39 12/20/2008 -0700, you wrote: 1st thing I would do is clear the cmos, sometimes something there keeps them back. Make sure clear cmos jumper is in the normal position, they sometimes ship in the clear position. Powersupply all connections hooked up. fp At 05:24 PM 12/20/2008, DHSinclair Poked the stick with: Seeking opinions and suggestions. I have a brand new PC built that will NOT light UP the display and provides NO POST codes either. I am stumped. I am building a new PC to replace my old gaming platform. The old gaming platform uses an Adaptec 29160-64 and a pair of 18.4GB Cheetahs. I have run out of space on the c:/ partition, so it is time to backup and build a new, modern replacement PC. The new PC is: Asus P5Q3 m/b 2x 1GB Crucial Ballistix DDR3 RAM Intel E8400 C2D using the stock hs/fan ATI R4670 video card Seagate ST316015AS 160GB SATA HD AOpen D-1240 PATA DVDROM PCPC 610 EPS12V PSU Since it will NOT even light up the Dell panel (no video out), I'm stuck in the ozone. I do have a new spare m/b, a new spare E8400, and a new spare PCPC 610 EPS12V psu. I have tried my spare Matrox G200 PCI and my spare FX550 PCI video cards. Neither will light up the display... Most odd! Just wondering where to start? My little black book is missing some magic! Thank you, Duncan -- Tallyho ! ]:8) Taglines below ! -- Can I go back to bed now?
[H] What izit?
Can anyone tell me what Adobe AIR is? I have it because I did install ARv9.0. Thank you, Duncan
[H] Can MDAC be removed w/o complete new XPpro?
I seem to have allowed something to be installed on my machinethat I may not need... ! The machine seems to run fine, EXCEPTAdvisor tells me that I have a problem with MDAC. Like, I should re-install KB927779. OK. This could be can do, but, I am not so sureanymore. I did it! Yes, I did it some time back. Believe I now have MDAC v2.5 running around inside. Can IT be wrenched out w/o a new re-install?... :) (a new re-install is not a catastrophe ATM! Really) Thank you, Duncan
[H] Just a SCSI Question....
I have a server that has a U160 RAID cabinet. The cabinet has 5x U160 10K (SCA) drives in it. It runs oh so wellATM. The big SCSI question is: Can the latest U320 SCSI controller(s) stuff deal with older U160 drives? If so, I have a potential upgrade path; yes, expensive, possibly truly stupid! But, a path none the less :) If not, I really have to do a major re-plan for my server :( Can do This is my retirement hobby after all. Opinions/Suggestions/Whatever regarding SCSI upgrades welcome! (NO! moving to SATA is not part of the plan unless that is my only option!) Thanks, Duncan
Re: [H] What izit?
From: DHSinclair Subject: [H] What izit? Can anyone tell me what Adobe AIR is? I have it because I did install ARv9.0. Thank you, Duncan http://www.adobe.com/products/air/ http://www.adobe.com/devnet/air/ http://en.wikipedia.org/wiki/Adobe_Integrated_Runtime Rick Glazier
Re: [H] Stupid Question..perhaps?
Correct.
--Original Message--
From: DHSinclair
Sender: hardware-boun...@hardwaregroup.com
To: Hardware Group
ReplyTo: hardware@hardwaregroup.com
Sent: Jan 21, 2009 11:27 PM
Subject: [H] Stupid Question..perhaps?
I truly apologize for this one. I have totally NOT kept up with this.
Sorry.
My server now runs Win2000 Server. It is at SP4. But, I suspect that this
level of OS is soon to be no longer supported and/or able to be
WinUpdate-able. SO,...
{When is goes I will miss itIt runs so well.}
What might I be shopping for? I have seen mention of Server 03 and
Server 08. Yes, I have already read through OUR threads about the SBS
versions of same. Not thinking I need to do a Small Business Server just
to come current; and/or support my LAN.
Can I suppose that Server03? is at the XP level; and, that the
Server08? business is about Vista-class?
Best,
Duncan
Sent via BlackBerry
Re: [H] What izit?
Rick, Thank you...So, if I will never [build] anything I can now toss Adobe AIR? Well, that's my read of your shares.. Thanks, Duncan At 00:13 01/22/2009 -0500, you wrote: From: DHSinclair Subject: [H] What izit? Can anyone tell me what Adobe AIR is? I have it because I did install ARv9.0. Thank you, Duncan http://www.adobe.com/products/air/ http://www.adobe.com/devnet/air/ http://en.wikipedia.org/wiki/Adobe_Integrated_Runtime Rick Glazier
Re: [H] Stupid Question..perhaps?
So, do any of our partners have any offers for Windows Server 2003?
Well, B4 I spend the next few days shopping. :)
Best,
Duncan
{tnx Chris!}
At 05:34 01/22/2009 +, you wrote:
Correct.
--Original Message--
From: DHSinclair
Sender: hardware-boun...@hardwaregroup.com
To: Hardware Group
ReplyTo: hardware@hardwaregroup.com
Sent: Jan 21, 2009 11:27 PM
Subject: [H] Stupid Question..perhaps?
I truly apologize for this one. I have totally NOT kept up with this.
Sorry.
My server now runs Win2000 Server. It is at SP4. But, I suspect that this
level of OS is soon to be no longer supported and/or able to be
WinUpdate-able. SO,...
{When is goes I will miss itIt runs so well.}
What might I be shopping for? I have seen mention of Server 03 and
Server 08. Yes, I have already read through OUR threads about the SBS
versions of same. Not thinking I need to do a Small Business Server just
to come current; and/or support my LAN.
Can I suppose that Server03? is at the XP level; and, that the
Server08? business is about Vista-class?
Best,
Duncan
Sent via BlackBerry
Re: [H] Stupid Question..perhaps?
I am deploying Server 2003 right now,
I had to spend about 700 for each server plus CALCS for the terminals (169 for
5)
I would like to get it cheaper also.
-Original Message-
From: DHSinclair dsinc...@bellsouth.net
Sent: Jan 21, 2009 11:57 PM
To: hardware@hardwaregroup.com
Subject: Re: [H] Stupid Question..perhaps?
So, do any of our partners have any offers for Windows Server 2003?
Well, B4 I spend the next few days shopping. :)
Best,
Duncan
{tnx Chris!}
At 05:34 01/22/2009 +, you wrote:
Correct.
--Original Message--
From: DHSinclair
Sender: hardware-boun...@hardwaregroup.com
To: Hardware Group
ReplyTo: hardware@hardwaregroup.com
Sent: Jan 21, 2009 11:27 PM
Subject: [H] Stupid Question..perhaps?
I truly apologize for this one. I have totally NOT kept up with this.
Sorry.
My server now runs Win2000 Server. It is at SP4. But, I suspect that this
level of OS is soon to be no longer supported and/or able to be
WinUpdate-able. SO,...
{When is goes I will miss itIt runs so well.}
What might I be shopping for? I have seen mention of Server 03 and
Server 08. Yes, I have already read through OUR threads about the SBS
versions of same. Not thinking I need to do a Small Business Server just
to come current; and/or support my LAN.
Can I suppose that Server03? is at the XP level; and, that the
Server08? business is about Vista-class?
Best,
Duncan
Sent via BlackBerry
Mark Dodge
