Wednesday, April 8, 2009
Two More Methods to enable regedit
Two More Methods to enable regedit
This two methods I discovered on Ramesh’s troubleshooting Windows site - windowsxp.mvps.org.
First method
Type this command in Run box and press Ok.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Second method
Using Group Policy editor. Once again in the Run box, type gpedit.msc and press Ok. Go to User Configuration-Administrative Templates-System, double click Disable registry editing tools and set it to Not Configured. Exit Group Policy editor.
UPDATE: Start your computer in safe mode with command prompt and type the following command to enable registry editor:-
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v “DisableRegistryTools” and run HKLM\software\microsoft\windows\currentversion\policies\system /v “DisableRegistryTools”
After you have run both commands your registry editor should be enabled
Found this on Rahul’s website. It was showing others how to remove Brontok virus actually, but since Brontok too disables the Registry Editor so it’s worth a shot.
http://pcproblems.wordpress.com/2007/10/06/two-more-methods-to-enable-regedit/
Wednesday, April 1, 2009
Countdown to Conficker
Countdown to Conficker
By Elinor Mills, CNET News.com
Wednesday, April 01, 2009 08:55 AM
The Conficker worm is stirring on some infected computers in Asia where it's April 1, but so far the activity is very tame, security researchers say.
"We've seen activity in honeypot machines in Asia.... They're generating the 50,000 list of (potential) domains to contact," said Paul Ferguson, an advanced threats researcher for Trend Micro.
The latest variant of the worm, Conficker.C, was set to activate on April 1, which for some of the infected machines will happen at local time and for others it will be GMT, depending on whether the machines are turned on and connected to the Internet, he said.
The process seems to be starting slowly, with infected machines starting to generate the list of domains and then picking one domain and trying to contact it and waiting before continuing on through 500 of those 50,000 domains, according to Ferguson.
The owners of the infected computers likely won't notice anything, unless they can't access the Web sites of security vendors and then they will know they are infected, he said. Trend Micro has figured out a way to unblock the computer from the sites that the worm has blocked using a Microsoft networking service, he said. More details are on the Trend Micro site.
"Nothing at this point; we're running updates every half hour or so," Dave Marcus, director of security research for McAfee Avert Labs, said when asked to report what he was seeing. "They're supposed to connect to one of a variety of Web sites and download a piece of code. What that code is supposed to do is up in the air."
IBM ISS's X-Force group also reported that things were quiet, at least for the moment, in Asia where most of the infections are. Nearly 45 percent are in Asia, followed by Europe at about 30 percent, according to the Frequency X blog.
IBM ISS also said it had found a way for ISPs to detect infected computers on a network by monitoring the peer-to-peer communications the worm makes between infected PCs.
Experts say the worm could be used to steal passwords or other sensitive data from infected computers, or turn them into a botnet that sends out spam.
The worm exploits a vulnerability in Windows that Microsoft patched in October and spreads through weakly protected network shares and via removable storage devices, like USB drives.
Conficker.C also shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It reaches out to other infected computers via peer-to-peer networking, in addition to being programmed to reach out to 500 domains to receive updated copies or other malware instead of just 250 domains as earlier versions did.
By Elinor Mills, CNET News.com
Wednesday, April 01, 2009 08:55 AM
The Conficker worm is stirring on some infected computers in Asia where it's April 1, but so far the activity is very tame, security researchers say.
"We've seen activity in honeypot machines in Asia.... They're generating the 50,000 list of (potential) domains to contact," said Paul Ferguson, an advanced threats researcher for Trend Micro.
The latest variant of the worm, Conficker.C, was set to activate on April 1, which for some of the infected machines will happen at local time and for others it will be GMT, depending on whether the machines are turned on and connected to the Internet, he said.
The process seems to be starting slowly, with infected machines starting to generate the list of domains and then picking one domain and trying to contact it and waiting before continuing on through 500 of those 50,000 domains, according to Ferguson.
The owners of the infected computers likely won't notice anything, unless they can't access the Web sites of security vendors and then they will know they are infected, he said. Trend Micro has figured out a way to unblock the computer from the sites that the worm has blocked using a Microsoft networking service, he said. More details are on the Trend Micro site.
"Nothing at this point; we're running updates every half hour or so," Dave Marcus, director of security research for McAfee Avert Labs, said when asked to report what he was seeing. "They're supposed to connect to one of a variety of Web sites and download a piece of code. What that code is supposed to do is up in the air."
IBM ISS's X-Force group also reported that things were quiet, at least for the moment, in Asia where most of the infections are. Nearly 45 percent are in Asia, followed by Europe at about 30 percent, according to the Frequency X blog.
IBM ISS also said it had found a way for ISPs to detect infected computers on a network by monitoring the peer-to-peer communications the worm makes between infected PCs.
Experts say the worm could be used to steal passwords or other sensitive data from infected computers, or turn them into a botnet that sends out spam.
The worm exploits a vulnerability in Windows that Microsoft patched in October and spreads through weakly protected network shares and via removable storage devices, like USB drives.
Conficker.C also shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It reaches out to other infected computers via peer-to-peer networking, in addition to being programmed to reach out to 500 domains to receive updated copies or other malware instead of just 250 domains as earlier versions did.
Conficker worm digs in around the world
Conficker worm digs in around the world
By Glenn Chapman
Agence France-Presse
First Posted 14:16:00 04/01/2009
Filed Under: Technology (general), Internet
SAN FRANCISCO--Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.
The malicious software evolved, as expected, from East to West, beginning in time zones first to greet April Fool's Day.
"Planes are not going to fall out of the sky and the Internet is not going to melt down," said threat analyst Paul Ferguson of Trend Micro computer security firm in Northern California.
"The big mystery is what those behind Conficker are going to do. When they have this many machines under their control it is kind of scary. With a click of a mouse they could get thousands of machines to do whatever they want."
A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.
The worm was programmed to modify itself on Wednesday to become harder to stop and began doing that when infected machines got cues, some from websites with Greenwich Mean Time and others based on local clocks.
Conficker task force members tracking Internet traffic in Asia and Europe after clocks struck April 1st there said there was no sign that the worm was doing anything other than modifying itself to be harder to exterminate.
Conficker had been programmed to reach out to 250 websites daily to download commands from its masters, they said, but on Wednesday it began generating daily lists of 50,000 websites and reaching randomly to 500 of those.
The hackers behind the worm have yet to give it any specific orders.
An estimated one to two million computers worldwide are infected with Conficker.
Computer security specialists warn that the Conficker threat will remain even if April 1st passes without it causing trouble.
"It doesn't seem to be doing anything right now," Ferguson said as Conficker made its way to the western United States.
"I hope April 1st comes and goes with no trouble. But, there is this loaded pistol looming large out there even if no one has pulled the trigger."
The FBI said Tuesday it is working with the Department of Homeland Security and other US agencies to "identify and mitigate" the Conficker threat.
"The public is once again reminded to employ strong security measures on their computers," FBI Cyber Division assistant director Shawn Henry said in a release.
"That includes the installation of the latest anti-virus software and having a firewall in place...Opening, responding to, or clicking on attachments contained in unsolicited e-mail is particularly harmful and should be avoided."
The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service.
It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.
Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.
Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker.
The infection rate has slowed from a fierce pace earlier this year, but computers that are not updated with a software patch released by Microsoft remain vulnerable, according to security specialists.
Conficker was first detected in November 2008.
Among the ways one can tell if their machine is infected is that the worm will block efforts to connect with websites of security firms such as Trend Micro or Symantec where there are online tools for removing the virus.
Cyber-criminals have taken advantage of Conficker hype by using promises of information or cures to lure Internet users to websites booby-trapped with malicious software.
By Glenn Chapman
Agence France-Presse
First Posted 14:16:00 04/01/2009
Filed Under: Technology (general), Internet
SAN FRANCISCO--Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.
The malicious software evolved, as expected, from East to West, beginning in time zones first to greet April Fool's Day.
"Planes are not going to fall out of the sky and the Internet is not going to melt down," said threat analyst Paul Ferguson of Trend Micro computer security firm in Northern California.
"The big mystery is what those behind Conficker are going to do. When they have this many machines under their control it is kind of scary. With a click of a mouse they could get thousands of machines to do whatever they want."
A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.
The worm was programmed to modify itself on Wednesday to become harder to stop and began doing that when infected machines got cues, some from websites with Greenwich Mean Time and others based on local clocks.
Conficker task force members tracking Internet traffic in Asia and Europe after clocks struck April 1st there said there was no sign that the worm was doing anything other than modifying itself to be harder to exterminate.
Conficker had been programmed to reach out to 250 websites daily to download commands from its masters, they said, but on Wednesday it began generating daily lists of 50,000 websites and reaching randomly to 500 of those.
The hackers behind the worm have yet to give it any specific orders.
An estimated one to two million computers worldwide are infected with Conficker.
Computer security specialists warn that the Conficker threat will remain even if April 1st passes without it causing trouble.
"It doesn't seem to be doing anything right now," Ferguson said as Conficker made its way to the western United States.
"I hope April 1st comes and goes with no trouble. But, there is this loaded pistol looming large out there even if no one has pulled the trigger."
The FBI said Tuesday it is working with the Department of Homeland Security and other US agencies to "identify and mitigate" the Conficker threat.
"The public is once again reminded to employ strong security measures on their computers," FBI Cyber Division assistant director Shawn Henry said in a release.
"That includes the installation of the latest anti-virus software and having a firewall in place...Opening, responding to, or clicking on attachments contained in unsolicited e-mail is particularly harmful and should be avoided."
The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service.
It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.
Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.
Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker.
The infection rate has slowed from a fierce pace earlier this year, but computers that are not updated with a software patch released by Microsoft remain vulnerable, according to security specialists.
Conficker was first detected in November 2008.
Among the ways one can tell if their machine is infected is that the worm will block efforts to connect with websites of security firms such as Trend Micro or Symantec where there are online tools for removing the virus.
Cyber-criminals have taken advantage of Conficker hype by using promises of information or cures to lure Internet users to websites booby-trapped with malicious software.
Subscribe to:
Posts (Atom)