TKO-OTTAWA

Technical Knock-Out

Your malware fighting reference!
HOME CONTACT US JHO'S WEBSITE  
 

Tips & Tricks

Create empty .txt files called team_deviance.txt & team_crude.txt in %systemroot%
 
Reset Administrator Password in Windows VISTA:
  1. Log into WinRE from within the F8 menu.
  2. In WinRE select Command Prompt from the “Choose a Repair Tool Menu”
  3. In the CMD prompt type in “net user administrator password”
  4. Next type the following command “net user administrator /activate : yes”
  5. Ensure the following message is displayed “The command completed successfully”
  6. Boot back into Windows
  7. On the Logon screen you should now have a user name Administrator with the password = “password”
  8. Once logged in you can now go into the User Account feature and reset the password of the user account the customer uses
  9. Once user is able to log in to his/her normal account, it is very important that we once again disable this Administrator account by launching a CMD window with elevated access and typing in “net user administrator /activate : no”
Reboot to complete the action
 
How to download Firefox through ftp (the latest version available on ftp is 2.0.0.9, while version 2.0.0.11 can be downloaded from http):
  1. Run CMD
  2. ftp ftp.mozilla.org
  3. username: anonymous
  4. password: [blank]
  5. cd pub
  6. cd mozilla.org
  7. cd firefox
  8. cd releases
  9. cd latest
  10. cd win32
  11. cd en-US                               (case sensitive)
  12. binary
  13. lcd c:\                                  (folder where to save setup)
  14. get "Firefox Setup 2.0.0.9.exe"
 
Vista WinRE with networking:

To start the system in the Microsoft Windows Recovery environment, perform the following steps:

  1. Restart the computer.

  2. Tap the <F8> key during startup until the Windows Advanced Options menu appears, and then press the <Down arrow> key until Repair Your Computer is highlighted and press <Enter>.

  3. In the System Recovery Options window, click the Command Prompt option.

  4. In the Command Prompt window, type the following command and press the <Enter> key after each command: 
    C:\>cd windows\system32
    C:\Windows\System32>wpeutil initializenetwork

 
 
How to let Combofix delete known threats:

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

Quote:
File::
C:\WINDOWS\system32\fukvdoxrwgwl.exe
C:\WINDOWS\system32\estmmsmejuad.exe

Folder::
C:\VundoFix Backups


* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Part of JHO's Website, Copyrights 2009, All Rights Reserved!