As well as the manual download, we saw how to remove memory and a hard drive from a laptop. woo hoo
Friday, December 3, 2010
20-4 Autoruns
Downloaded Autoruns from website, nice that it doesn't install anything, just runs from the executable.
20 Regisry keys
12 for msconfig
Msconfig does not go as in depth to show you what is running, probably to keep neophites from dorking up their machines.
20 Regisry keys
12 for msconfig
Msconfig does not go as in depth to show you what is running, probably to keep neophites from dorking up their machines.
20-3 Processes
AVSuite – Antivir antivirus
Audiodg.exe – hosts the audio engine
FSCapture –Flag Stone capture program, used to bring you the wonderful photos on my blog.
Jusched – Java update scheduler, that wonderful program that looks for updates for JAVA.
Csrss. Exe - This is the user-mode portion of the Win32 subsystem; Win32.sys is the kernel-mode portion.
Csrss stands for Client/Server Run-Time Subsystem, and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and implementing some portions of the 16-bit virtual MS-DOS environment.
Avshadow – This process (avshadow.exe) implementation of the Shadow Copy Service (something offered by current Windows Versions). It is used to scan files that are locked or in use by creating a “shadow copy” of the file, which:
a) allows antivir to scan it and
b) does not interfere with any processes continuing to modify the “original” file.
Igfxpers – igfxpers.exe is a process installed alongside NVidia graphics cards and provides additional configuration options for these devices
Igfxtray - igfxtray.exe is a process which allows you to access the Intel Graphics configuration and diagnostic application for the Intel 810 series graphics chipset.
Hqtray – hqtray.exe is a Network Access Status Tray Application from VMware, Inc. belonging to VMware Workstation
Lsass - Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. It also writes to the Windows Security Log.
Forcible termination of lsass.exe will result in the Welcome screen losing its accounts, prompting a restart of the machine.
20-2 Antivirus
I've already got Antivir on my system, no sense in wasting time uninstalling it and installing AVG.
Antivir by default scans email.
Update, config, scan, results, schedule
19-2 Real Problem - Password removal
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
Features:
» Runs on Windows, Linux/Unix, Mac OS X, ...
» Cracks LM and NTLM hashes.
» Free tables available for Windows XP and Vista.
» Brute-force module for simple passwords.
» Audit mode and CSV export.
» Real-time graphs to analyze the passwords.
» LiveCD available to simplify the cracking.
» Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
» Free and open source software (GPL).
Rainbow table can be many gigs in size, depending on the OS.
Active@ Password Changer is designed for resetting local administrator and user passwords on Windows XP / VISTA / 2008 / 2003 / 2000 & Windows 7 systems in case an Administrator's password is forgotten or lost. You do not need to re-install and re-configure the operating system.
Forgotten password recovery software has a simple user interface, supports multiple hard disk drives, detects several SAM databases (if multiple OS were installed on one volume) and provides the opportunity to pick the right SAM before starting the password recovery process. It displays a list of all local users. The software user simply chooses the local user from the list to reset the password.
Other Windows login security restrictions like 'Account is disabled', 'Password never expires', 'Disable Force Smart Card Login', 'Account is locked out', 'User Must Change Password at Next Logon' and 'Logon Hours' can be changed or reset.
With Active@ Password Changer you can log in as a particular user with a blank password.
$49.95 Personal use
Sounds like the free one I use all the time, not this one though.
Password reset pro.
$19.95
Reset password thru command line interface. Simpler to use but I'll stick with the free one. I still do not see one that works on a raid array though.
Features:
» Runs on Windows, Linux/Unix, Mac OS X, ...
» Cracks LM and NTLM hashes.
» Free tables available for Windows XP and Vista.
» Brute-force module for simple passwords.
» Audit mode and CSV export.
» Real-time graphs to analyze the passwords.
» LiveCD available to simplify the cracking.
» Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
» Free and open source software (GPL).
Rainbow table can be many gigs in size, depending on the OS.
Active@ Password Changer is designed for resetting local administrator and user passwords on Windows XP / VISTA / 2008 / 2003 / 2000 & Windows 7 systems in case an Administrator's password is forgotten or lost. You do not need to re-install and re-configure the operating system.
Forgotten password recovery software has a simple user interface, supports multiple hard disk drives, detects several SAM databases (if multiple OS were installed on one volume) and provides the opportunity to pick the right SAM before starting the password recovery process. It displays a list of all local users. The software user simply chooses the local user from the list to reset the password.
Other Windows login security restrictions like 'Account is disabled', 'Password never expires', 'Disable Force Smart Card Login', 'Account is locked out', 'User Must Change Password at Next Logon' and 'Logon Hours' can be changed or reset.
With Active@ Password Changer you can log in as a particular user with a blank password.
$49.95 Personal use
Sounds like the free one I use all the time, not this one though.
Password reset pro.
$19.95
Reset password thru command line interface. Simpler to use but I'll stick with the free one. I still do not see one that works on a raid array though.
19-4 Managing User Accounts
The standard user account is supposed to restrict amatuer from installing malicious software.
Sometimes it does, a lot of times it doesn't. It is also supposed to stop malicious software from installing itself. They found ways around that too, or else the world of Windows would be virus and malware free.
In this case windows blocked the install and access to the admin account. As well as blocking setup of an admin and standard user account although it didn't come right out and say it. (see bottom pic). Whatever I typed in the name for the account I kept getting that error message.
.
Sometimes it does, a lot of times it doesn't. It is also supposed to stop malicious software from installing itself. They found ways around that too, or else the world of Windows would be virus and malware free.
In this case windows blocked the install and access to the admin account. As well as blocking setup of an admin and standard user account although it didn't come right out and say it. (see bottom pic). Whatever I typed in the name for the account I kept getting that error message.
Subscribe to:
Posts (Atom)