Over 1 million tech questions and answers.

HackTool App/Psexec-Gen and Bullet Proof Software Spyware

Q: HackTool App/Psexec-Gen and Bullet Proof Software Spyware

Hello.I have a Windows XP Pro SP3 with several problems:* I cannot accede to http: // es.mcafee.com from Firefox or Internet Explorer.* I cannot update the antivirus Mcafee. In addition, before its icon appears close to the clock on the task bar and now it does not appear.* On having looked for something in google in the Firefox, some links open windows with porn and mobiles. In Internet Explorer it works well.* The Firefox crushes when you sail with it (version 3.0.8).* Emulate also crushes on having executed.* Spyboot Search and destroy does not find anything.* Mcafee has not found anything (one week ago had the virus of the double tilde that it could erease).* SuperAntiSpyware does not find anything.* Malwarebytes ' Anti-Malware does not find anything either.* WebRoot finds a HackTool App/Psexec-Gen and Bullet Proof Software Spyware but since I do not have a subscription cannot eliminate them.I can't open Mcafee's page from the fail-safe mode with network's funtions either.HitJack log is this:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:50:35, on 02/04/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService .exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\Archivos de programa\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Archivos de programa\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Archivos de programa\CyberLink\Shared files\RichVideo.exeC:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Archivos de programa\Creative\SBLive\AudioHQ\AHQTBU.EXEC:\Archivos de programa\ASUS\AI Suite\AiNap\AiNap.exeC:\Archivos de programa\Winamp\winampa.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Archivos de programa\Microsoft IntelliType Pro\itype.exeC:\Archivos de programa\Microsoft IntelliPoint\ipoint.exeC:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exeC:\Archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exeC:\Archivos de programa\Microsoft ActiveSync\wcescomm.exeD:\Programas\Spyware\Spybot - Search & Destroy\TeaTimer.exeC:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exeC:\ARCHIV~1\MI3AA1~1\rapimgr.exeC:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exeC:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exeC:\Archivos de programa\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\explorer.exeC:\Archivos de programa\Mozilla Firefox\firefox.exeC:\Archivos de programa\virus\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V?nculosO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.8.30.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spyware\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Aplicaci?n auxiliar de inicio de sesi?n - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.357 2\swg.dllO4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"O4 - HKLM\..\Run: [Jet Detection] "C:\Archivos de programa\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [AudioHQU] "C:\Archivos de programa\Creative\SBLive\AudioHQ\AHQTBU.EXE"O4 - HKLM\..\Run: [Ai Nap] "C:\Archivos de programa\ASUS\AI Suite\AiNap\AiNap.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe"O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installO4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [itype] "C:\Archivos de programa\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [IntelliPoint] "C:\Archivos de programa\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [Ad-Watch] "C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe"O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintrayO4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Programas\Spyware\Spybot - Search & Destroy\TeaTimer.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Herramienta de b?squeda de soportes de Picture Motion Browser.lnk = C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exeO4 - Global Startup: AutorunsDisabledO8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - AutorunsDisabled - (no file)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~4\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~4\Office12\ONBttnIE.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Crear un favorito m?vil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dllO9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.8.30.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLLO9 - Extra button: Barra de b?squeda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programas\Spyware\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programas\Spyware\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cabO16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - http://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CABO16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtual...iveXClient1.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cabO20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\Virus\SUPERAntiSpyware\SASWINLO.dllO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1c98632fdf91f7e) (gupdate1c98632fdf91f7e) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exeO23 - Service: Ethernet Packet Service (npacketservice) - Nokia - C:\WINDOWS\system32\npacketsvc.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Archivos de programa\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exeO23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exeO23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService .exe--End of file - 11897 bytes

RELEVANCY SCORE 200
Preferred Solution: HackTool App/Psexec-Gen and Bullet Proof Software Spyware

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HackTool App/Psexec-Gen and Bullet Proof Software Spyware

I see you have Quadruple posted http://forum.securitycadets.com/index.php?showtopic=10287http://www.security-forums.com/viewtopic.p...48934e99b8d813fhttp://www.bleepingcomputer.com/forums/lof...hp/t216359.htmlhttp://forums.techguy.org/malware-removal-...mcafee-web.htmlAll Malware Removal/Hijackthis forums greatly frown on anyone that double, triple or quadrupile posts, as it creates back logs and wastes our time! Since you are receiving help Katana at Security Cadets I am closing this thread.

Read other 1 answers
RELEVANCY SCORE 113.6

I installed BPS' Spyware Remover. I have finished the introductory trial period and everytime I boot up it comes up trying to get me to buy the software. When I close the window, it brings up IE at their website nagging me more about buying the software. How do I get rid of this worthless software? Thanks.
 

A:[SOLVED] Remove Bullet Proof Software Spyware Remover

Evening pterostyrax,

Does it have an uninstall feature included. Click on Start | Programs and find the program. Does it have an arrow next to it, that when hovered over with the mouse cursor, gives a list of programs? If so and one of them is an unistall option, just click and follow the instructions.

If it doesn't have the option, go to Start | Settings | Control Panel, click on Add/Remove programs, and find it in the list, click once to highlight, and hit the remove button.

If none of the above work for some reason, go to http://tomcoyote.org/hjt/ and download HiJackThis. Use Winzip to unzip it, then install and run it. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. Most of what it finds is harmless, so do not do anything yet. Someone here will be happy to analyse the log and let you know of any problems.

Cheers

Liam
 

Read other 2 answers
RELEVANCY SCORE 81.2

i dont know wear to post this i hope this is the rite area..does anyone know how to use this this is 2.21 for a server i can acces it np on my end but no one else can maybe someone knows ??? this server is sitting behind a router wat ip do i use the router or wat thanks
 

A:Bullet Proof Ftp

Huh?
 

Read other 3 answers
RELEVANCY SCORE 81.2

I am using windows 10 and I currently have kaspersky premium and i'm trying different second opinion scanners such as hitmanpro, zemana, and emsisoft. I tried hitmanpro and it was okay, i'm currently trying zemana and it looks pretty good. My question is What antivirus should I be using and what second opinion scanner should I be using if my only concern is security. I don't care about false positives, or the ui, or the speed of scans. Just what will be most likely to make me bullet proof. (Note I also use purevpn) Thanks for the help!
 

A:How to be bullet-proof?

It's impossible to make your security config bullet-proof as malware is always changing and there is constantly new and more advanced malware showing up online and spreading.
Share your security config here to get help and tips on how to better secure your system: Security Configuration Wizard
 

Read other 2 answers
RELEVANCY SCORE 80.4

I recently got slammed by a virus and malware program on my old computer.
 
I was running AVG free antivirus.  I am not sure where it came from but I suspect that I goggled team viewer to a remote meeting and I believe that the link was not really team viewer.  After trying a lot of things I thought it was gone but I kept getting nonsense.
 
I was getting clean malware bytes scans but days later it disabled the updates to that and my AVG.
 
I tossed that computer it was 4 years old and the computer company wanted 125/hr to come to the house to remove the virus and reset the registry.  I decided to cut my losees and buy a new one.  I am using paid Symantec End Point protection and Malware bytes.
 
What else can I do to protect the system.  Thanks
 
I am not downloading nonsense, but it still got slammed.  I will be more careful as to what I click on.
 
Thanks

A:I need to bullet proof my computer

Hello, and Welcome
 
Firstly, if you still have the computer you tossed and it's an OEM like HP or Toshiba you would be able to reset it back to a factory state using the recovery partition after backing up your data to an external drive.
 
For hardening your current computer, you could set a strong Admin password. After doing that create a Standard User Account and use that for browsing and email. When using the Standard account a UAC window pops up asking to allow system changes it would give a clue that something is trying to install.
 
Take some time to learn Microsofts EMET program. This can harden a computer against malware but it has a learning curve. The latest version is 5.1
 

Only one cash prize went unclaimed at Pwn2Own 2014. All major browsers were hacked, but hackers were unable to claim the $150,000 grand prize for hacking IE 11 secured with EMET. Secure your own PC with EMET today.

 
http://www.howtogeek.com/190590/quickly-secure-your-computer-with-microsofts-enhanced-mitigation-experience-toolkit-emet/
 
Good tutorial on V4

Read other 5 answers
RELEVANCY SCORE 80.4

Windows Shared Computer Toolkit and Help

This FREE Windows Utility works on both XP Home and XP Pro and XP Tablet PC editions, other versions of XP and windows are not supported.

Basically you can read the documentation for in depth information but I will do my best to explain the advantages and disadvantages I have found using and installing this for clients as well as helping others use this at home.

The very first thing that needs to be explained is that this is an excellent tool even for home use. The documentation makes it seems like only very public systems like a library or school can benefit by the use of this tool, which is not really true.

The core of this tool is the windows disk protection which requires 1 Gig ("Or 10 percent of actual disk or partition size, whichever is greater") of use in unallocated disk space, what this unallocated area does is keep 2 disk images ("One to revert back to, much like one would use a system restore point for") in the event of problems, or change of mind on a modified setting.

This may at first seem like one is giving up a ton of disk space to use this product, however the results in safety and recovery under almost any malware or accidental change or deletion soon prove to be worth the space.

The actual space of the toolkit itself is only about 5 Megabytes, you will need to be using a Genuine version of Windows XP and may be prompted to install the User Profile Hive Cleanup Service befo... Read more

A:Bullet Proof XP from Malware and Changes

Nice suggestion. hank you!

This seems to do the same thing as Norton Go-Back, which is the first thing I install after installing windows and I consider it a must have. The thing with goback is that it will not work with a disk that has a DDO, which seems to be installed automatically by some drive utilities, whether it's needed or not. So I end up setting up the drive in windows, then use the disk utility to copy the drive. Also, go back can't work with some boot utilities which write to the MBR. Does the toolkit eliminate these restrictions that go back has?

Read other 5 answers
RELEVANCY SCORE 80.4

I give up.

I have tried everything I know to do to stop garbage from corrupting my computer and am still routinely getting infected, hijacked and just generally abused. I currently have Panda as my main program, with SuperAntiSpyware running, Uniblue spyeraser running, Spybot running and recently added Peer Guardian. Yesterday I visited some sites associated with video gaming, I was trying to find a walkthrough for a specific game and whammo before I knew it I was infected.

My connection to the internet is provided via Verizon fiber optic through an ethernet cable connected to a router. I suppose a firewall is what I need but don't know much about the technology. The Microsoft firewall is disabled by Panda which is providing the firewall application. As I understand it there are 2 kinds of firewalls, a physical and an application, I have the application as provided by Panda but I guess not the physical.

Maybe the firewall thing is not the answer but I surely dont know what the answer is. I get a lot of advice about where not to visit and what not to do to keep from being infected but have to wonder if thats the best I can expect, really...?

Is there bullet proof security?
 

A:Bullet proof security

Read other 16 answers
RELEVANCY SCORE 78.4

1st create a two partition hard drive layout in Windows 7.

In windows 7 download a freebie utility "Easus todo backup" of course un tick all the b.s. install options

In windows 7 Use Easus to do the following Create a full byte by byte copy on the separate partition along with installing Microsoft ASR and Using Easus to create a boot able PE disk.

Once done you can test the integrity of your backup prior to an 8 upgrade install.

Once the integrity checks are finished choose the upgrade installation of 8 have fun with it.

It's a simple procedure to restoring 7 by booting from the Easus PE disk and restoring the created image roughly 25min depending on the speed of your PC And reverting back to the 0day backup of your 7 installation "programs and all" .

While I had 8 installed I created a byte by byte of that as well and cloned it to another testbeds hard drive using the dissimilar hardware feature in Easus giving me a fully functional upgrade installation on a separate testbed machine.

Further Details:
This is a great method for testing hardware compatibility as drivers will need to be reinstalled on the testbed machine giving one a real time compatibility acid test. So far I've managed to get hardware working that according to the Seven 64bit compatibility database is incompatible. So for the purposes of testing hardware compatibility it's a nice option.

Read other answers
RELEVANCY SCORE 54

I have some things that popped up while running a panda scan. Here ismy HJT log.Logfile of HijackThis v1.99.1Scan saved at 7:29:18 PM, on 4/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.ex... Read more

A:Hacktool/spyware

Hi Brian 123,Thanks for posting this as a separate log. It's less confusing this way. The log is clean but let's do the following to ensure that there is nothing hiding anywhere else.Please follow all the instructions as specified. Print these instructions to ensure all are followed. Please download the following programs, but do not run them yet: rdrivrem.zip Unzip it to your desktop.Ewido Anti-Malware During the installation, uncheck the following under Additional Options: Install background guardInstall scan via context menuCheck for updates but do not run it yet.ATF Cleaner by Atribune and save it to your Desktop. =================================== Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter. =================================== Please go into the rdrivrem folder and double-click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder.=================================== Double-click the Ewido Security Suite icon to run the program. Click on scanner Click Complete System Scan Let the program scan the machine While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner ... Read more

Read other 6 answers
RELEVANCY SCORE 54

Trying to install MS Office 2007, on a new install of Windows 7, and get that proofing file is missing. Upon googling it suggested copying Disc to a folder on PC It still doesn't work. I have installed this on my previous pc's with no problem. Please help!

Thanks
4dsmom
 

Read other answers
RELEVANCY SCORE 52

Please help, I am getting all kinds of pop ups and whenever I open a browser it redirects away from my home page to C:\secure32.html which says: Detected SPYware! System error #384, and says I need to download spyware. I was getting a balloon pop up with a security warning in the lower right hand corner and it also changed my desktop background to a warning page as well.

I went through the steps in the "read this before posting log" and don't get the balloon popup or the desk top background any more, but am still getting redirected and geting popups when on the internet. Here is my Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:52 AM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\windows\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Pr... Read more

A:Hacktool.root, spyware, popups, coolwebsearch, etc...

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before we do anything else, please ensure that you have already patch your system against the recent WMF exploit. Please refer to my sig. No point we fix anything only for it to return tomorrow.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *


Download win32delfkil.exe.Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop called win32delfkil.
Close all windows and open the win32delfkil folder and double click on fix.bat.
Once the tool has finished the computer will reboot automatically. If it does not reboot...please do so manually by turning the power off and then back on.
Post the contents of the logfile c:\windelf.txt when you have completed the fix

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install - CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Host.zip - From within Host.zip, double click on MVPS.bat... Read more

Read other 9 answers
RELEVANCY SCORE 52

Can someone review my hijackthis log and give guidence on wether or not I should format the hd and start over. Thanks Phil

Logfile of HijackThis v1.99.1
Scan saved at 3:08:29 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Intel\Wireless\B... Read more

Read other answers
RELEVANCY SCORE 44.8

I suspect that my PC got infected from Media codex downloads. I've used Ewido, Spy-bot, Ad-aware and others to remove these. Here is my Hijack log:Logfile of HijackThis v1.99.1Scan saved at 4:27:03 PM, on 4/29/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program ... Read more

A:Malacious Software Infection - Cannot Remove With Spyware Removal Software

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run from a temp directory. Download and run the HijackThis autoinstall program Please choose the default location of C:\Program Files as the destination.Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.Once you have Hijackthis running from this folder, please reboot and post a new hijackthis log as a reply in this thread.

Read other 11 answers
RELEVANCY SCORE 44.4

I have microsoft anti spyware and it has found a few nasties however it removes them and reboots and find them again. my computer is also not running as fast as beforehere is my log please help meLogfile of HijackThis v1.99.1Scan saved at 9:11:53 AM, on 4/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exec:\progra~1\mcafee\mcafee antispyware\massrv.exec:\program fil... Read more

A:Computer Is Acting Up And Spyware Software Cant Remove Spyware

1. Please download Ewido Anti-MalwareInstall ewido anti-malwareLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")Exit Ewido, do not run the scan yet!If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates2. Please download Brute Force Uninstaller to your desktop.Right click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU).Do not do anything with these yet!Re... Read more

Read other 8 answers
RELEVANCY SCORE 44.4

Just happened to me recently and I tried a system Restore as well.It has disconnected my usage of internet as well.When I tried to run AdAware FULL SCAN it reboots my PC and an error comes upI just downloaded HijakThisHere are the results:Logfile of HijackThis v1.99.1Scan saved at 2:48:51 PM, on 4/20/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\randy\Desktop\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F3 - REG:win.ini: load= C:\S-MONEY\CASM2ALR.EXEO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: &Radio - {8E... Read more

A:Spyware - Reboots My Pc When Running Anti-spyware Software

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 2 answers
RELEVANCY SCORE 44.4

Kindly help me how to run below script to mutiple machines using PSEXEC and powershell both methos

<#Script Disclaimer: The sample scripts provided here are not supported under any Microsoft standard support program or service.
All scripts are provided AS IS without warranty of any kind.
ERRORS:UpdatesDeployment.logJob error (0x80004005) received for assignment ({bf7a48e6-d220-4070-bb9b-ecc239107584}) action UpdatesDeploymentAgent 12/6/2017
10:32:27 AM 2096 (0x0830)WUAHandler.logUnable to read existing WUA Group Policy object. Error = 0x80004005. WUAHandler 12/6/2017 3:41:00 AM 2828 (0x0B0C)Failed
to Add Update Source for WUAgent of type (2) and id ({3AAB6A76-CE2D-4E8A-9F11-741AE69677A2}). Error = 0x80004005. WUAHandler 12/6/2017 11:03:31 AM 2276 (0x08E4)Author:
Twitter @Syswow64blogWeb: systemcenterblog.co.uk#>
$Registrypol= (TEST-PATH C:\Windows\System32\GroupPolicy\Machine\Registry.pol)$RegistrypolOLD=
(TEST-PATH C:\Windows\System32\GroupPolicy\Machine\Registry.pol.OLD)$commentcmtx=(TEST-PATH C:\Windows\System32\GroupPolicy\Machine\comment.cmtx)$commentcmtxOLD=(TEST-PATH
C:\Windows\System32\GroupPolicy\Machine\comment.cmtx.OLD)$SOFTWAREDISTRIBUTIONOLD=(TEST-PATH C:\Windows\SOFTWAREDISTRIBUTION.OLD)
GET-SERVICE -NAME WUAUSERV
| STOP-SERVICE
IF($Registrypol) {write-host
"Registrypol = true"
IF(!($RegistrypolOLD)) {
write-host "RegistrypolOLD = FALSE"
Rename-item -path
"C:\Windows\System32\GroupPolicy\Machine\Registry.pol&... Read more

Read other answers
RELEVANCY SCORE 44.4

Hello Team,
Please I want to ask if it is possible for ATA to detect when an attacker launch remote code execution (psexec) against a server on the network. I know ATA detects when such attack is launched against domain controllers, but what if the targeted machine
is a member server or workstation, will ATA still detect it?
Thanks.

BR, David Sunday

Read other answers
RELEVANCY SCORE 44

Hi i am new to this sort of forum and my computer has been running very slow, as of today. And i found this site and i have read the 5 steps and i think i have done everything right so here are my longs =]

Thank you in advance.

Here is my main log:

Deckard's System Scanner v20070729.57
Run by Nick on 2007-08-04 at 15:55:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2007-08-04 05:55:54 UTC - RP249 - Deckard's System Scanner Restore Point
38: 2007-08-03 14:33:23 UTC - RP248 - System Checkpoint
37: 2007-08-02 14:02:02 UTC - RP247 - System Checkpoint
36: 2007-08-01 13:19:14 UTC - RP246 - System Checkpoint
35: 2007-07-28 14:44:35 UTC - RP245 - System Checkpoint


-- First Restore Point --
1: 2007-06-26 17:09:07 UTC - RP211 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:57:52 PM, on 4/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\sy... Read more

A:New:Virus:Eicar.Mod, Hacktool:Hacktool/MSNpass.D, Virus:Trj/Downloader.MDW

bump.

Read other 15 answers
RELEVANCY SCORE 44

am in the process of putting a batch file together to detect and force microsoft updates to a machine or a group of machines using PSEXEC.exe and a VBS script created by Rob Dunn and posted over at the forums at www.wsus.info.

I have listed below the steps needed to complete this task and would like it put together (if possible) in a batch file, UPDATE.VBS is the name of the script that I copy over to the machine and the PSTOOLS dir is the directory that PSEXEC resides in.

If I run these commands one at a time everything runs well, I would just like to know if it is possible to make this a "one step process"?
Ok here are all the cmds I need in order to run the script

1. net use \\TARGETMACHINE\C$ /user:"DOMAIN\DOMAIN USER"

2. copy update.vbs \\TARGETMACHINE\C$\update.vbs

3. exit back into PSTOOLS directory

3. psexec.exe \\TARGETMACHINE -u "DOMAIN\DOMAIN USER" -p PASSWORD -e -i cmd.exe /c cscript.exe //B C:\UPDATE.vbs
I have tested this on multiple machines and everything is running well. Any suggestions on how to set this up in one batch file? Of course I will eventually setup the PSTOOLS dir on a network drive instead of my local machine.
 

A:Using PSEXEC and VBS script with WSUS

Ok after a few weeks of playing around with the script and lots of help from Karlchen over at http://forum.sysinternals.com/default.asp I got it running, it goes a little something like this:

@echo off
:: Programme: remoteupd.bat
:: Function : copy update.vbs to \\target
:: launch update.vbs on \\target using psexec
:: &nbs p; will read computerlist.txt and launch update.vbs on each
:: &nbs p; of the hostnames\IPs inside the file
:: Status : third draft, arguments given on commandline, uses a listfile
:: Note : we will assume "computerlist.txt" is located in F:\Work Applications\WSUS Force Update, too.
:: Usage : remoteupd.bat adminuser password
::
:: Check that 2 arguments have been given on the commandline
if "%2"=="" (
echo usage: remoteupd.bat adminuser password
echo Try again.
exit /b 1
)
set ADMUSER="ADMIN USER\DOMAIN"
set ADMPASS="PASSWORD"
set LISTFILE=computerlist.txt

:: go to the source folder
f:
cd \Work Applications\WSUS Force Update

:: check that the listfile is there
if not exist %LISTFILE% (
echo Listfile %LISTFILE% not found. Create it and try again.
exit /b 1
)

:: Finally, all checks done, let us do our work in a for loop
for /F %%i in (%LISTFILE%) do (
REM 1. net use if ADMPASS has got no space character the
REM double quotes may be removed
net use \\%%i\C$ /user:"ADMIN USER\DOMAIN" "PASSWORD"

REM 2. copy update.vbs
copy update.vbs \\%%i\C$\update... Read more

Read other 1 answers
RELEVANCY SCORE 44

I am in the process of putting a batch file together to detect and force microsoft updates to a machine or a group of machines using PSEXEC.exe and a VBS script created by Rob Dunn and posted over at the forums at www.wsus.info.

I have listed below the steps needed to complete this task and would like it put together (if possible) in a batch file, UPDATE.VBS is the name of the script that I copy over to the machine and the PSTOOLS dir is the directory that PSEXEC resides in.

If I run these commands one at a time everything runs well, I would just like to know if it is possible to make this a "one step process"?


Ok here are all the cmds I need in order to run the script

1. net use \\TARGETMACHINE\C$ /user:"DOMAIN\DOMAIN USER"

2. copy update.vbs \\TARGETMACHINE\C$\update.vbs

3. exit back into PSTOOLS directory

3. psexec.exe \\TARGETMACHINE -u "DOMAIN\DOMAIN USER" -p PASSWORD -e -i cmd.exe /c cscript.exe //B C:\UPDATE.vbs


I have tested this on multiple machines and everything is running well. Any suggestions on how to set this up in one batch file? Of course I will eventually setup the PSTOOLS dir on a network drive instead of my local machine.

A:Using PSEXEC and VBS script with WSUS

Ok after a few weeks of playing around with the script and lots of help from Karlchen over at http://forum.sysinternals.com/default.asp I got it running, it goes a little something like this:

@echo off
:: Programme: remoteupd.bat
:: Function : copy update.vbs to \\target
:: launch update.vbs on \\target using psexec
:: &nbs p; will read computerlist.txt and launch update.vbs on each
:: &nbs p; of the hostnames\IPs inside the file
:: Status : third draft, arguments given on commandline, uses a listfile
:: Note : we will assume "computerlist.txt" is located in F:\Work Applications\WSUS Force Update, too.
:: Usage : remoteupd.bat adminuser password
::
:: Check that 2 arguments have been given on the commandline
if "%2"=="" (
echo usage: remoteupd.bat adminuser password
echo Try again.
exit /b 1
)
set ADMUSER="ADMIN USER\DOMAIN"
set ADMPASS="PASSWORD"
set LISTFILE=computerlist.txt

:: go to the source folder
f:
cd \Work Applications\WSUS Force Update

:: check that the listfile is there
if not exist %LISTFILE% (
echo Listfile %LISTFILE% not found. Create it and try again.
exit /b 1
)

:: Finally, all checks done, let us do our work in a for loop
for /F %%i in (%LISTFILE%) do (
REM 1. net use if ADMPASS has got no space character the
REM double quotes may be removed
net use \\%%i\C$ /user:"ADMIN USER\DOMAIN" "PASSWORD"

REM 2. copy updat... Read more

Read other 1 answers
RELEVANCY SCORE 44

Hi there,
I am facing difficulty in using pcexec , i am simply trying to use an ipconfig command and remote pc.
both PCs are win Xps
psexec \\10.10.xx.xx -u XXX -p XXX ipconfig
but all am getting is
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich

Could not start PsExec service on 10.10.XX.XX:
Access is denied.      HELP PLEASE

A:Could not start PsExec service

it should be something like this
psexec \\marklap cmd
ipconfig
after you connect to the remote cmd then you issue "ipconfig"

Read other 10 answers
RELEVANCY SCORE 44

Hi,
I have a question regarding psexec or an alternative perhaps? Basically, I have a batch file I made, that I want to allow a friend from a remote machine to exec. However, I want him ONLY to be able to exec this file, and not mess around anywhere else on the machine. Psexec gives too much privilege and he could open other things, etc. I did come across the program RemoteExec, but after the 15 day trial that won't be of much value to me(not paying 400$ for this singular occurrence). Any ideas or help would be GREATLY appreciated!!!

Thanks
 

A:Psexec related question

Why do you want to give remote access to this file? This kind of sounds like a classroom project you are trying to get help with.

At any rate, what about installing Apache web server and having the file access granted through the webserver?
 

Read other 1 answers
RELEVANCY SCORE 44

Hello Fangzhou CHEN,

Per your instructions below.  Is the U/P my admin info or the users?  Please advise.

We could use the PsExec tool to conduct the remote control.
1. Download the tool and copy to file to C:\Windows\System32

2. Run cmd as administrator
3. We could run the command psexec  \\ <computername >
-u <username> -p <password> <command>to run command in remote computer.

Read other answers
RELEVANCY SCORE 44

Hello all, I have a question about setting up Remote Desktop on PCs in our company. For most of the PCs on our network Remote Desktop is disabled by decree of the management. When I do need access to a machine I'll use psexec to enable the service then I'll disable it when I'm done. Some of the PCs are accessed by normal (non-admin) users on the network using Remote Desktop - we're looking for a way to remotely edit the list of users that can access the PCs that way - it'll be one specific user allowed per machine so a group policy doesn't seem to be the right way to go... Basically I'm looking for a way to remotely edit a machine's local secpol, specifically the "Allow logon through terminal services" setting.
I found this MS article http://technet.microsoft.com/en-us/library/bb457125.aspx that mentions the SeNetworkLogonRight but I don't see that in the registry... I must be missing something stupid here - there has to be an easy way to do what I'm trying to do... Does anyone know what that easy way is?
This is the command I use to enable remote desktop - it seems like something similar could be used to edit the userlist? Argh!
psexec \\machine reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

-Oh, it's an Active Directory Domain, all the PCs are WinXP - Thanks!
 

Read other answers
RELEVANCY SCORE 44

Hi Guys I know there's probably a lot of these on these forums but when i type in the command

psexec \\computername cmd it says access is denied

I am running cmd as admin and havn't tried anything else,
i'm not very good with cmd so would someone please help?

Thank you

A:psexec access is denied

You need to supply username and password.

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Read other 9 answers
RELEVANCY SCORE 43.2

I am looking PSEXEC comamnd or  setps to delete file C:\windows\abc.exe and delete service from the registry (HKLM\System\currentcontolset\services\abc) on mutiple machines using PSEXEC commands

Read other answers
RELEVANCY SCORE 43.2

Has anyone experienced this or similar recently? We've seen multiple unrelated clients get hit with something that resembles a worm. It appears to use mimikatz to steal passwords for the currently logged on user (Active Directory) and then reaches out to other PCs on the network and uses psexec to run something. I assume it's trying to steal the next computer's username/password and so on. Processes can be seen in Task Manager running under other user accounts that are NOT logged into the PC. The users (which have never otherwise logged into the PC) then have profiles in C:\users. This process leaves the PSEXECSVC Windows service (visible in services.msc) and saves mimikatz.exe and other random KB_______.exe and ms_______.exe files in C:\ProgramData and C:\users\username\appdata\roaming and \appdata\local\temp. It seems to disable the Windows Firewall and Windows Update services, and it breaks Show Hidden Files so it can't be turned on or off.
 
Users have complained of audio/music playing in the background, and we've found .mp3 files in c:\users\username\appdata\roaming. It's hard to recover from this because cleaning the PCs one by one is great until an infected one is turned back on with network connectivity and hits all the cleaned/rebuilt ones again.
 
The thing that's most worrying to me is that I can't find much about this online. This appears to be the closest thing: http://blog.cylance.com/operation-cleaver-net-crawler
 
Any ideas what t... Read more

A:Some type of worm using psexec and mimikatz?

First thing first, it would have to eb running at domain adminlevel to execute through psexec, so change the administrators password pronto.
Also setup a group policy to disallow psexec.exce from running on C:\*
Thirdly make sure no user account has admin rights, ecspecially global admin rights or local admin rights.
If its conencting to each amchine IPC$ then im assuming it has the Domain\Administrator account token/password.

Read other 7 answers
RELEVANCY SCORE 43.2

I am trying to determine why IE7 installer fails to work when using PSEXEC to remotely install it?
I have the IE7 installer in c:\temp
This does not work (The switches are valid)
 
psexec \\new_computer c:\temp\ie7.exe /quiet /update-no /norestart /log:c:\temp
 
 
 
It installs fine with the same switches if I manually run it locally but I *MUST* remotely install it as I have multiple PCs to manage and don't need to bother the users 
Below is the log it generates yet it's not making any sense.

00:00.000: ====================================================================
00:00.218: Started: 2011/05/21 (Y/M/D) 21:11:52.900 (local)
00:00.468: Time Format in this log: MM:ss.mmm (minutes:seconds.milliseconds)
00:00.609: Command line: c:\ba1df32f992674d86f0534\update\iesetup.exe /quiet /update-no /norestart /log:c:\temp
00:00.890: INFO: Acquired Package Installer Mutex
00:01.125: INFO: Operating System: Windows Workstation: 5.2.3790 (Service Pack 2)
00:01.656: INFO: Checking version for C:\Program Files\Internet Explorer\iexplore.exe: 6.0.3790.1830
00:01.765: INFO: C:\Program Files\Internet Explorer\iexplore.exe version: 6.0.3790.1830
00:01.781: INFO: Checking if iexplore.exe's current version is between 7.0.0.0...
00:01.812: INFO: ...and 7.1.0.0...
00:01.890: INFO: Maximum version on which to run IEAK branding is: 7.1.0.0...
00:01.906: INFO: iexplore.exe version check success. Install can proceed.
00:01.922: INFO: EULA not shown in passive or... Read more

A:Unable to remotely install IE7 using PSEXEC

Hi,

 

Regarding the issue, I’m just wondering that if you can collect the IE7 log (%windir%\ie7.log)for me, then we can try to find the cause.


 

Please understand, we need more detail information to troubleshooting the issue.You may upload the file via SkyDrive and post a link here.

 

Also please refer:

 

http://support.microsoft.com/kb/917925

 

Also if you want remote install IE7, you may use the .msi file to do. Please refer:

 

http://support.microsoft.com/kb/942812

 

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e41d8800-d134-4356-a2e7-c01bee790908&displaylang=en
Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ?

Read other 7 answers
RELEVANCY SCORE 43.2

Hi Tech Support,
I got below error when using psexec on remote computer (india). user123 is admin at india. Admin$ and IPC$ can access without error. Please help....
psexec \\india -u india\user123 -p [email protected] -h cmd
Error establishing communication with PsExec service on india:
Access is denied.

Read other answers
RELEVANCY SCORE 43.2

I am looking psexec commands to fulfil below requirements
1) copy file into C:\temp on remote machines including bat file and source files
2) Install using batch files (EXE file using batch file)

looking sample psexec commands to install EXE, MSI, WSU, bat, cmd etc

Read other answers
RELEVANCY SCORE 42.8

Ok imma give a full rundown of the situation. Currently on the network we are on because of the way it is setup wake on lan doesn't work, so SCCM has at best a 70 success rate for patching. So I am currently spending a couple days a week remoting into computers and running a batch file to manually update computers. I need a way, that isn't psexec to execute a batch file on a remote computer. If anyone has any ideas they would be greatly appreciated.

Additional Notes
- Batch file is on share drive atm.

A:Run Batch File On Remote Computer Without PsExec

So, you are using RDP and remotely logging into the computer? If that's the case, you should be able to put the batch file on a network share, and then execute it while you are in the RDP session.

Read other 9 answers
RELEVANCY SCORE 42.8

I am looking psexec commands to install exe
scenario:
I had copied source folders \\server1\test  into  designation (C:\windows\test) via PowerShell
now I am looking psxec complete command to run exe on remote machines (remote machines will take from txt file)
PSEXEC syntax or command  to run exe on multiple machines 

Read other answers
RELEVANCY SCORE 42.8

Hi,

After migrating on Windows 10 from Windows 8 when using psexec I've started to recieve an error message when enumerating domain. Error is "A system error has occurred: 53". On other machine where still Windows 8 is installed everything works fine. 
When I use psexec \\pcname command is executed without problems, but when I use psexec \\* I've get  "A system error has occurred: 53"

Sorry for bad english :)

Thanks.

Read other answers
RELEVANCY SCORE 42.8

I have created a couple batch files to easily update firefox on users computers. See the scripts below.

This executes a batch file on all computers listed in the firefoxusers.txt file.
Code:
psexec @firefoxusers.txt -u [I]AdminUsername[/I] -p [I]password[/I] c:\installers\firefox.bat
This is the file that is executed from the one above to install the file silently from a shared drive.
Code:
pushd \\server\applications\firefox

firefoxsetup.exe -ms

popd
My problem is that when I run this script I have no idea if the software was installed correctly or not. I am looking for a way to just output what was run so I can go through and see if anything failed.

Any help would be appreciated.

Thanks
 

A:Solved: Output log file from PSExec batch

Not sure if Redirection will work or not.
http://www.robvanderwoude.com/redirection.php

You could try this.
psexec @firefoxusers.txt -u AdminUsername -p password c:\installers\firefox.bat 2> errorlog.txt

or inside your batch file. Not sure if this one witll work or not.
firefoxsetup.exe -ms 2> \\server\applications\firefox\errorlog.txt
 

Read other 2 answers
RELEVANCY SCORE 42.8

I am looking sample powershell scripts which uses PSEXEC command in powershell scripts 

Read other answers
RELEVANCY SCORE 42.4

Hi there,
As described in the following link on how to run a disk defragment using Disk Defragmenter via PsExec http://www.winhelponline.com/blog/how-to-run-disk-defragmenter-on-a-remote-computer/,
would you say that all parameters mentioned by the author in the blog are applicable? If not, please could you specify which parameters aren't needed in order for me achieve this task efficiently, I've been trying to understand all the parameters for PsExec
and from what I can understand I don't think parameters -s and -f are applicable as mentioned in
http://technet.microsoft.com/en-gb/sysinternals/bb897553.aspx. Reason why I say this is that when you when specify parameter -s (using system account) in the command and log on as a
user of that remote computer in which I've been using Remote Desktop to achieve this as well as Command Prompt, the prompt comes up with "Disk Defragmenter exited with error code 0" straightaway when logging on and logging off as that user on the
remote computer, the same also applies when logging off as that user on the remote computer when running the command when being logged on as that user whereas if you don't specify parameter -s the message is delayed for longer which is what I would expect,
I'm assuming error code 0 means that the task has completed successfully as mentioned in the following link
http://aumha.org/a/defragerr.htm. Another reason as to why I don't think parameter -f is needed is that the program (Disk Def... Read more

A:Clarification of running Disk Defragmenter remotely using PsExec

Case closed, managed to solve issue.

Read other 1 answers
RELEVANCY SCORE 42.4

I am looking PSEXEC command to install msu files on mutiple machines or list of computers. looking setps to copy msu file locally and install via PSEXEC

Read other answers
RELEVANCY SCORE 42

Does anyone know how to setup Bullet FTP with the Dell Wireless Router 1184? Someone told me i need to obtain the actual Router IP. I can't find it and not sure where to look. I am new to ftp and new to the wireless router so any help would be apprecitated.

I have Bullet setupup, i'm just not sure how to set up the router.

Thanks!
 

Read other answers
RELEVANCY SCORE 42

Heres the story. I have an old laptop and don't use it very often, so it's no big deal, but its nice when I need it. It's a Texas Instruments extensa 120mhz with and internal cd. About a month ago I went to start it up and I got the error something like no operating system found. I lost the floppy drive for it so I thought I was SOL, then was thinking and figured if it had an internal cd, even though it's so old it might have boot from cd, and it did. Stuck my win98 cd in there and booted her up. Went to run setup and got some errors about there not being any free space, so I decided I'd reformat, typed c: and got invalid drive specification error, thought to myself that can't be good. Ran fdisk and it returned an error to the effect that there was no hd. rebooted and went into the bios, check settings and everything looks good, list the hd spec.'s just like it's supposed too. tried again and got the same error with fdisk, so I ask you, did my hd bite the bullet?
 

A:The HD that bit the Bullet?

it sounds like it to me
 

Read other 3 answers
RELEVANCY SCORE 42

I recently scanned my computer with Malwarebytes Anti-Malware, Spybot Search & Destroy, and Avira AntiVir personal.MBAM and SB S&D came up with nothing but Avira did. This is the 2nd time this month that Avira detected "appl/psexec.e" found in "C:\System Volume Information". There are 3 different instances in the Quarantine.Please look through my HJT log to help stop this recurrence.Also, users on this computer use Firefox Portable from portableapps.com run from 2 different USB drives. Both equppied with the add-ons NoScript, AdBlock Plus, and Web of Trust (WOT) to better protect us from viruses & etc.Thank you for your time.- - - - -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:17:23 AM, on 5/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:&... Read more

A:Avira detects appl/psexec.e reoccured 2nd time this month

Hi PixelPlay,Sorry for the delay the forums here at BC are always very busy and we do are best to keep up. Sinceyour log is quite old and alot could have changed, I would like to see a new log please. If you nolonger require any help could you let me no please, so this topic can be closed.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

Read other 18 answers
RELEVANCY SCORE 42

Hi,
I am trying to execute psexec command to remote machine.
My command is
psexec -u domain\user -p password \\machineName -c abc.bat
I am trying from windows 7(64 bit)  machine. The remote machines are xp and windows 7(32 and 64 bit).
In XP machines, it is working and also in some windows 7 machines. But in some windows 7 machines it give message-
"Could not start PsExec service on target machine.
Access is denied."
 
If I try to execute psexec command from XP machines, it works to all machines.
Suddenly what happen I do not know but one of the windows 7 machine( where psexec was not starting) , psexec started. but not in other machines.
Now I am very much confuse here exactly what happen. and what is the issue.
Please help. It urgent.
Thanks.

A:Could not start PsExec service on target machine. Access is denied.

Hi,

 

When opening the Command Prompt, please right click it and run as Administrator. Meanwhile, make sure the user has administrator privileges on target PC. If the issue
persists, try to disable UAC on both sides.

 

As far as I know the Security Level on Windows 7 is higher than the level on Windows XP.  Therefore, 'psexec' works to all machines.

 

Best Regards,

Niki
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Read other 20 answers
RELEVANCY SCORE 41.6

Several issues:

- "Add/Remove Programs" will only give me the first four or five programs when generating the list (seems to hang up)
- Windows Media Player not launching (get an error message),
- Antivirus software won't scan (get a hanging window, requesting to Activate but won't connect),
- Several times links in websites won't open (usually those that open new pop-up windows, and yes, I disable IE pop-up blocker),
- Can't run a search on Yahoo, get this message: "Your browser sent a request that this server could not understand." (However Google still works fine).

Things I did before I noticed all of this started happening:

- Installed a CD burner and new PCI card for USB 2.0 ports (both work fine),
- Installed Norton AntiVirus, but it won't activate (see above),
- Had to use a demo version of McAfee UnInstaller to remove unwanted programs installed with Roxio CD burner software (such as media player, etc),
- Used McAfee UnInstaller to remove a couple of other old programs (Virus Scan, Netscape,

I'm running Windows XP, SP2. Does this sound like a virus, or did I accidentally uninstall some critical file (or files) that relates to all the above problems? Am I going to have to reinstall XP? I ran AdAware and Spybot and removed all spyware, but I can't get Norton to run a virus scan.

Any feedback at all would be GREATLY appreciated.

Thanks!
 

A:I'm ready to eat a bullet...

Read other 12 answers
RELEVANCY SCORE 41.6

Sooo Finally got the go ahead to reinstall XP. Too Easy, don't know what I was worried about. First time installing an OS I guess. All has gone well. Updated and secure, used Paul Thurrots guide, just about to start reinstalling a few games. Just a Couple of little things, while IE Explorer was working at first( I switched to Firefox), It will not connect to page any longer. This occurred right after I installed SP2. Also I cant start my 'new' MSN,SP2 firewall. It was running at first, just after the SP2 inst. But know I cant start the ICS service??? Doesn't seem to affect anything else, far as I can tell, but I would like to get the little red shield off the taskbar!!! As well as solve the prob, So any ideas? A Super Holiday season to all and a Happy New Year, Thanks Graiskye.
 

A:Finally bit the bullet!!

Graiskye, if possible can u attach any foto or pic of the taskbar. If not it should be possible try to right click on it. Say the options that are displayed there when you right click
 

Read other 1 answers
RELEVANCY SCORE 41.6

Hey,

Been having problems with just one bullet in word 2002. All other bullets work, but the one causes an error stating that word has encountered an error and needs to restart, you can select cancel or send to ms. Either way word is closed and reopened automatically and the recovered document is diplayed and I have to delete it. I uninstalled and reinstalled office xp, added service pack 1 and 2. Still no dice. I was wondering if anyone new if bullets are controlled by fonts..?? Thought maybe one of my fonts are corrupt.

Any suggestions??
Hamill
 

A:Bullet Font?

Read other 6 answers
RELEVANCY SCORE 41.6

Hi,
We are unable to take backup of "Favorites","Desktop" folders in a user profile when scanstate is run remotely using "Psexec \\computername -s scanstate.exe /ue:*\* /ui:domain\user /i:miguser.xml /config:config.xml /c" command.
These folders are redirected to a shared folder on a server and when we try to see the folders by using UNC path(\\computername\c$\users\username) on the user's machine they dont appear under user profile. Even though "Documents" are redirected,
we are able to take backup of the "Documents" folder.
However, when scanstate is run locally on the system, all folders are backedup to usmt.mig file. We are using "miguser.xml" and "Config.xml" for scanstate, since we need backup of "Documents","Desktop" and "Favorites"
only. After searching over internet, we doubt that, this behavior has got something to do with "Shell Folders" and "User Shell Folders" in the registry under "HKCU\Software\Microsoft\Windows\Currentversion\explorer\shell folders",
where paths to all user profile related folders information is stored. We dont find "Documents" folder there, may be thats the reason why we are able to take backup of only "My Documents" and not the rest of the folders (Favorites,Desktop).
When scanstate is run locally, the backup of "Favorites","Desktop" and "Documents" is... Read more

Read other answers
RELEVANCY SCORE 41.2

I am working on some code that will detect formatting in a textframe on a PPT slide, most of it is working I am just missing the 'Bullet' and the 'Enter or Break'
below is some sample code and notes:

the overall code is builing a doc file with HTML tags in it.
_______________________________________________________________________
Private Function DoPageTitle(ByVal oShp As Shape) As String

Dim vWord As Object
Dim vText As String
Dim vBold As Boolean
Dim vUnderline As Boolean
Dim vItalic As Boolean
Dim vCounter As Integer
Dim vBullet As Boolean
vText = ""

vCounter = 1

For Each vWord In oShp.TextFrame.TextRange.Words
If vWord.Font.Bold = msoFalse And vBold = True Then
vText = vText & "</b>"
vBold = False
ElseIf vWord.Font.Bold = msoTrue And vCounter = oShp.TextFrame.TextRange.Words.Count Then
vText = vText & vWord & "</b>"
vBold = False
GoTo TypeText
End If

If vWord.Font.Underline = msoFalse And vUnderline = True Then
vText = vText & "</u>"
vUnderline = False
ElseIf vWord.Font.Underline = msoTrue And vCounter = oShp.TextFrame.TextRange.Words.Count Then
vText = vText & vWord & "</u>"
vUnderline = False
GoTo TypeText
End If

If vWord.Font.Italic = msoFalse And vItalic = True Then
vText = vText & "</i>"
vItalic = False
ElseIf vWord.Font.Italic = msoTrue And vCounter = oShp.TextFrame.TextRange.Words.Count Then
vText = vText & vWord &... Read more

Read other answers