July 21st, 2009 by shiraj

That nasty worm have changed userinit value in Registry…

<long post>

“
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon”
Value: Userinit
Data: %system32%\wsaupdater.exe
“

%system32% represents the path to the System32 folder. For example, if the path is C:\Windows\System32, then the data would be: “C:\Windows\System32\wsaupdater.exe”

Instead of “wsaupdater.exe”, the data should contain “userinit.exe,”.
Using the example above, the data would be “C:\Windows\System32\userinit.exe,”
(!Note! the comma following the file path information.)

Using the XP’s recovery console, copy userinit.exe to wsaupdater.exe to allow log on capability to be restored, and correct the registry data manually.

In the following instructions, C:\Windows\System32 shall be used as the System32 location. Change the path accordingly to accommodate for your installation directory.

Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.

When the “Welcome to Setup” screen appears, press R to start the Recovery Console.
If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
When you are prompted to do so, type the Administrator password.

If the administrator password is blank (which is likely the case if Windows XP was preinstalled by your computer manufacturer), just press ENTER.

You should now be in the Windows installation folder (“C:\Windows”).
At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:

“
cd system32
copy userinit.exe wsaupdater.exe
exit
“

At this time, remove the startup floppy or CD-ROM from your system, and boot into Windows XP. Log on to the system using an account with administrator-level privileges, and edit the registry using this information. It is recommeded that a registry backup be created prior to continuing.

Click start, then run. Enter

regedit

and click OK. Using RegEdit, expand

HKEY_LOCAL_MACHINE
+Software
+Microsoft
+Windows NT
+CurrentVersion
+Winlogon

Locate Userinit in the value column, right-click this item, and choose modify. Replace
“wsaupdater.exe” with “userinit.exe,” (do not use quotes, and ensure the trailing comma is present as shown) and click OK.
Exit RegEdit.

Restart your computer, and log on to the system using an account with administrator-level privileges.

Go to My Computer, then to the System32 folder (usually C:, then Windows, then System32). If Explorer prompts that removing files from these areas is not recommended, click to continue. Locate and remove wsaupdater.exe, and delete this file.

</long post>

July 15th, 2009 by shiraj

How to install VNC version 3.3.7 on a remote PC

Introduction:

VNC is a free utility to remotely control another PC, see http://www.realvnc.com for details.

This article assumes that:

1. The remote PC is running Windows 2000, 2003, NT4 or XP Pro
   (XP Home does not have an IPC$ share as far as I know).
2. You have administrative rights to the remote PC.

This article also focuses on loading VNC on a remote PC as a service, not as an application.

Step 1: Install VNC locally and set the password.

Download Real VNC and install it on a local PC (for this article, version 3.3.7 was used).

During the installation process, make sure that you check both:

1. Register VNC Server as a system service
2. Start the VNC system service

Click here for a screen shot.

At the end of the installation process, you will be prompted to set a password.
The password that you set here will later be used to connect the remote PC.

If for some reason you aren’t prompted for the password, run the following from the command line:
“C:\Program Files\RealVNC\WinVNC\winvnc.exe” -defaultsettings

Also run net start from the command line and confirm VNC Server is running as a service

Step 2: Configure VNC on the remote PC using PsExec

PsExec is a freeware tool to execute processes on a remote PC and is needed for this procedure:
http://www.microsoft.com/technet/sysinternals/Utilities/PsExec.mspx

1. Login to the remote PC’s IPC$ share with an administrator account.

If you don’t include the password in plain text, you will be prompted to supply the password (which will not be displayed as plain text).

NET USE \\RemotePC\IPC$ /user:administrator password

2. Copy your local VNC files to the remote PC.

xcopy “C:\Program Files\RealVNC\*.*” “\\RemotePC\C$\Program Files\RealVNC\*.*” /r/i/c/h/k/e

3. Use Regedit to export the local VNC registry settings to the remote PC.

Note: If you prefer you can export the file locally and then copy it.

regedit /e “\\RemotePC\C$\vncdmp.txt” “HKEY_LOCAL_MACHINE\Software\ORL”

4. Use PsExec to import the above registry file on the remote PC.

psexec \\RemotePC -s -i -d %windir%\regedit /s C:\vncdmp.txt

Make sure to use the /s switch with regedit so that confirmation isn’t required on the remote PC.

You are using regedit on the remote PC to perform this command. If the path for regedit is different on the remote PC, use the exact path instead of %windir% (local, not remote environmental variable).

Example: If the local PC is running XP Pro and the remote PC is Windows 2000, use this command:
psexec \\RemotePC -s -i -d C:\Winnt\regedit /s C:\vncdmp.txt

5. Use PsExec to install the remote winvnc service.

psexec \\RemotePC -s -i -d “C:\Program Files\RealVNC\WinVNC\winvnc.exe” -install

6. Use PsExec to start the remote “VNC Server” service.

psexec \\RemotePC -s -i -d net start “VNC Server”

You should now be able to use VNC to control the remote PC.

July 10th, 2009 by shiraj

The reset command is available in the IP context of the NetShell utility. Follow these steps to use the reset command to reset TCP/IP manually:

1. To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
   cmd
2. At the command prompt, copy and paste (or type) the following command and then press ENTER:
   netsh int ip reset c:\resetlog.txt

   Note If you do not want to specify a directory path for the log file, use the following command:

   netsh int ip reset resetlog.txt
3. Reboot the computer.