Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Process Explorer : VirusTotal, "a security error occurred"

October 26, 2014, 4:57 pm
$
0
0
Author: Callender
Subject: VirusTotal, "a security error occurred"
Posted: 26 October 2014 at 11:57pm

I can't provide the exact soluttion but can say that I experienced the same problem after disabling "weak" security protocols in Windows 7 via registry entires here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols


Suggestion: Backup the current settings then enable all protocols. Reboot.


If it's working disble weak protocols one at a time - rebooting each time until the error is reproduced.


Sorry but I don't have the time to do this myself at the moment.


Please post back here if:

a) Enabling all protocols fixes the issue.

b) If you are able to identify the protocol that caused the issue.


Thanks!



 

Search

Utilities Suggestions : Portmon for x64 (Win7)

October 27, 2014, 3:30 am
$
0
0
Author: xOLIVERx
Subject: Portmon for x64 (Win7)
Posted: 27 October 2014 at 10:30am

Hi,

it would be great, if you could upgrade the Portmon for x64 systems, especially for Win7.
THX.

Oliver

PsTools : PSExec -c -f does not overwrite remote file

October 27, 2014, 7:40 am
$
0
0
Author: john8oy
Subject: PSExec -c -f does not overwrite remote file
Posted: 27 October 2014 at 2:40pm

Can anyone confirm they can replicate this issue?

Cheers
John

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

October 27, 2014, 7:46 am
$
0
0
Author: Dron41k
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 27 October 2014 at 2:46pm

Hi! Having issues with high cpu usage, but only on the first core. After reboot it can work normal for days and even weeks, but eventually core#0 hits 100%. Using process explorer I`ve found that it is Ntoskrnl who causes this, so I installed WPT and did all the stuff. Here itis. https://www.dropbox.com/s/rd0o6qyx63ujj21/highcpuusage.7z?dl=0 I looked through it and thought that it can be ndis.sys/e1q60x64.sys, which are drivers for ethernet adapter, am I right?
Thank you for your help!

Miscellaneous Utilities : junction

October 27, 2014, 8:04 am
$
0
0
Author: MvdL
Subject: junction
Posted: 27 October 2014 at 3:04pm

Can someone explain why, after I do:
  mkdir test1
  mklink /j test2 test1
  junction test3 test1
using dir, it shows:
  10/27/2014  10:55 AM    <DIR>          test1
  10/27/2014  10:55 AM    <JUNCTION>     test2 [c:\test1]
  10/27/2014  10:55 AM    <JUNCTION>     test3 [\??\c:\test1]
Specifically, why the \??\ and what does that mean?

Thanks!

Malware : WiseUpdt.exe - spyware, or legit updater?

October 28, 2014, 1:26 am
$
0
0
Author: Xozerner
Subject: WiseUpdt.exe - spyware, or legit updater?
Posted: 28 October 2014 at 8:26am

It does seem weird for a normal program to keep on reinstalling it self .It has to be malware because it keeps on reinstalling it self but figuring out what type can be an issue.

Malware : Anti Viruses

October 28, 2014, 1:29 am
$
0
0
Author: Xozerner
Subject: Anti Viruses
Posted: 28 October 2014 at 8:29am

I have two bitdefender and symantec endpoint protection. They are really good and they don't block exe files but they aren't free either.

Development : Dll injection in kernel-driver

October 28, 2014, 1:56 am
$
0
0
Author: william87
Subject: Dll injection in kernel-driver
Posted: 28 October 2014 at 8:56am

Have you tried using Xenos injector v.2.0 ?

Can I ask what you need it for btw? Last time someone asked this they wantet to crack a game :)
(not assuming anything here)

Best regards.
Search

PsTools : PsInfo batch script - Output problem

October 28, 2014, 3:48 am
$
0
0
Author: mdk1981
Subject: PsInfo batch script - Output problem
Posted: 28 October 2014 at 10:48am

Hi guys,

I am using PSTools in order to query a list of remote machines for Service Pack/Software Version info, and I'm currently having problems with the output results. I would like the script to Output to a text file (or maybe html) with the following results:

Machine 1...   Service Pack .... Flash version *.... Silverlight Version *
Machine 2...   Service Pack .... Flash version *.... Silverlight Version *
Machine 3...   Service Pack .... Flash version *.... Silverlight Version *

etc, etc..

My batch script is below:

psexec @c:\machine-list.txt net start "Remote Registry"

psinfo service @c:\machine-list.txt >> C:\output.txt

psinfo.exe @c:\machine-list.txt -s | find /i "Adobe Flash Player" >> C:\output.txt

psinfo.exe @c:\machine-list.txt -s | find /i "Microsoft Silverlight" >> C:\output.txt

At the moment, no machine names are being populated in the output file. I would like to know how to add the machine name to the output results.

Any help would be greatly appreciated.


Edited by mdk1981 - 5 hours 10 minutes ago at 11:49am

PsTools : PsExec showing error through Informatica

October 28, 2014, 3:54 am
$
0
0
Author: ARUNG
Subject: PsExec showing error through Informatica
Posted: 28 October 2014 at 10:54am

Hi,

I am using Informatica 9.6. On running Command task having following command getting error:

C:\PSService\psexec.exe -d -u <Username> -p <passwd> \\computername "\\computername\foldername\batchfilename"

Its giving error message
-- command did not complete successfully exit code[2250].

Same command is running fine through windows command.

Also, able to connect to this comptername by clicking this \\computername in command task in informatica.

Could you please advise why I am getting this error message while executing same command through Informatica command task.

Thanks in advance.
Arun

Miscellaneous Utilities : My sdelete Script

October 28, 2014, 7:24 am
$
0
0
Author: war59312
Subject: My sdelete Script
Posted: 28 October 2014 at 2:24pm

Hi,

I have updated my script a bit..

@ECHO OFF

SETLOCAL ENABLEDELAYEDEXPANSION
REM COLOR FC

TITLE Secure File Deletion

GoTo FixPath

:Author
REM "CREATED BY WAR59312"
REM "WAR59312@GMAIL.COM"
REM "SEPT 1, 2014"

:ChangeLog
REM "UPDATED OCT 28, 2014"
REM "CHECKS IF INSTALLED BEFORE RUNNING AND IF NOT ATTEMPTS TO AUTOMATICALLY INSTALL FOR THE USER"
REM "SKIPS EULA"
REM "ADDED AN ADDITIONAL SAFETY WARNING"
REM "AUTOMATICALLY INSTALLS ITSELF TO THE USER'S SENDTO CONTEXT MENU"

:FixPath
REM "Change Directory To Virtual Drive As CMD Does NOT Support UNC Paths"
pushd "%CD%"
REM "CHANGE %CD% TO THE CORRECT NETWORK PATH IF RUNNING FROM A NETWORK DRIVE"
cls

:CheckIfInstalled
REM Check If sdelete Was Already Installed
IF NOT EXIST "%SystemRoot%\system32\sdelete.exe" (

REM Check If sdelete.exe Exists In Current Folder
IF EXIST "%cd%\sdelete.exe" (
	REM Attempt To Automatically Install
	copy "%cd%\sdelete.exe" "%SystemRoot%\system32\" /Y >NUL  2>NUL
) ELSE (
	REM Failed To Automatically Install
	ECHO You Must First Copy sdelete.exe To %SystemRoot%\system32\ Folder
	GoTo EOF
	)
REM sdelete Is Already Installed So Do Nothing
)

:SkipEULA
REM Don't Require The User To First Agree To The EULA
REG ADD HKEY_CURRENT_USER\Software\Sysinternals\SDelete /v eulaaccepted /t REG_DWORD /d 1 /f >NUL  2>NUL

:InstallToSendTo
REM Check If sdelete.cmd Was Already Installed To The User's SendTo Context Menu
IF NOT EXIST "%AppData%\Microsoft\Windows\SendTo\sdelete.cmd" (

REM Check If sdelete.cmd Exists In Current Folder
IF EXIST "%cd%\sdelete.cmd" (
	REM Attempt To Automatically Install
	copy "%cd%\sdelete.cmd" "%AppData%\Microsoft\Windows\SendTo\" /Y >NUL  2>NUL
	ECHO This Script Is Meant To Be Ran From The User's SendTo Menu
	ECHO.
	ECHO I Was Nice Enough To Automatically Add It To Your SendTo Menu :^)
	GoTo EOF
) ELSE (
	REM Failed To Automatically Install
	ECHO You Must First Copy sdelete.cmd To:
	ECHO.
	ECHO %AppData%\Microsoft\Windows\SendTo\
	GoTo EOF
	)
REM sdelete.cmd Is Already Installed To The User's SendTo Context Menu So Do Nothing
)

REM Used To Track If The File Or Folder Was Really Deleted
:COUNT
SET COUNT=0

REM Was A File Even Selected
:BLANK
if "%~f1"=="" (
   ECHO This Script Is Meant To Be Ran From The User's SendTo Menu
   ECHO.
   ECHO No File Was Selected
   GoTo EOF
)

:Safety
ECHO Be Sure You Really Want To Delete These Files - You Can NOT Undo This^^!
ECHO.
REM Safety First - Must Type In "YES" To Continue
SET INPUT=
REM SET /P INPUT=Are You Sure You Want To Delete "%~f1": (yes) %=%
SET /P INPUT=Are You Sure You Want To Delete The Selected Files: (yes) %=%
ECHO.

:INPUT
REM Only Run If User Types In "YES"
If /I "%INPUT%"=="yes" (
	GoTo DELETE
) ELSE (
	ECHO NO FILE DELETED & GoTo EOF
)

:DELETE
REM Make Sure Use Has Rights To Delete Selected Files
takeown /f %1 /r /d y >NUL  2>NUL
ECHO Y| cacls %1 /T /C /G %username%:F >NUL  2>NUL

REM Check If File Exists
IF EXIST "%~f1" (
	REM Securely Delete All Files Selected
	sdelete -p 3 -s -q "%~f1" >NUL  2>NUL
	REM How Many Delete Operations Took Place
	set /a count=count+1
) ELSE (
	REM ALL FILES BUT THE PARENT FOLDER HAVE NOW BEEN DELETED
	REM ALL DONE
	GoTo EXIT
)
GoTo Delete

:EXIT
REM Check If Any Files Were Deleted
ECHO.
IF NOT %COUNT% == 0 (
	REM Was A File Or Folder Deleted
	ECHO "%~f1" Was Deleted Securely
) ELSE (
	ECHO NO Files Deleted
)
ECHO.

REM DELETE NEXT FILE SELECTED
SHIFT

REM DID THE USER SELECT MORE THAN 1 FILE
IF EXIST "%~f1" (
GoTo Delete
)

:EOF
REM ALL DONE
ECHO.

REM ECHO Deleted %COUNT% Files

PAUSE
EXIT /b 0

Enjoy,

Will

Autoruns : select multi-lines

October 28, 2014, 9:10 am
$
0
0
Author: x-faktor
Subject: select multi-lines
Posted: 28 October 2014 at 4:10pm

I asked this serveral times and they dont seem to care:)

Autoruns : Autoruns 12.03 Analyze offline issue

October 28, 2014, 9:21 am
$
0
0
Author: x-faktor
Subject: Autoruns 12.03 Analyze offline issue
Posted: 28 October 2014 at 4:21pm

I have an issue with autoruns 12.03 and the "Analyze offline system" feature. It gives me this error:

"Cannot load registry hive 'system' of the selected system root"

I dont understand because i can load the offline registry hive without issue with regedit.
Have you ever encountered this problem?

Malware : WiseUpdt.exe - spyware, or legit updater?

October 28, 2014, 9:22 am
$
0
0
Author: MagicAndre1981
Subject: WiseUpdt.exe - spyware, or legit updater?
Posted: 28 October 2014 at 4:22pm

I doubt that the user still cares about this 8 years old question ;)

BgInfo : BGInfo - Wallpaper issue

October 28, 2014, 9:53 am
$
0
0
Author: jjwebster
Subject: BGInfo - Wallpaper issue
Posted: 28 October 2014 at 4:53pm

Windows 8.1 and experiencing the same issue.  Background has been set to a solid color.  The information ends up being near center of screen.  Once you log off and log back on the tile setting has been reapplied.  
Search

Utilities Suggestions : Sysmon v. backdoor

October 28, 2014, 10:33 am
$
0
0
Author: TheJamLab
Subject: Sysmon v. backdoor
Posted: 28 October 2014 at 5:33pm

Xozerner,
 
Yes, you are 100% correct. Deming has been foolishly rejected in favor of immediate profits by ignorant managers unable to see past the next profits forecast.
 
 
In my early days as an electrical engineer working for AT&T's Bell Labs, we took QA very seriously. QA was in fact independent of local management. We all feared random QA audits and the possible consequences. I was taught the 1/10/100 rule of costs if defective products shipped. The information market was quick to reject Deming. We the folks perform QA in real time at the 100 cost node for most computer/data products.
 
But, shipping products with backdoors is light years beyond Deming's worst fears. Welcome to the wild wild west of no consequences and those foolish enough to trade freedom for false claims of safety.
 
When the Constitution of the USA was rejected by unelected officials and CEOs, we lost the battle and perhaps the war. I will continue to fight evil when ever possible.
 
my $0.02
KA

BgInfo : Win 7 First login shows bginfo & black backgoud

October 28, 2014, 10:59 am
$
0
0
Author: WindowsStar
Subject: Win 7 First login shows bginfo & black backgoud
Posted: 28 October 2014 at 5:59pm

Did you force the software to save at: %USERPROFILE%\Local Settings\Application Data\Winternals\BGInfo\BGInfo.bmp?
BGInfo normally it saves the BMP into the users TEMP folder.
%systemdrive%\users\%username%\AppData\Local\Temp
 
-WindowsStar

BgInfo : How do I display the path of VMware VM?

October 28, 2014, 11:03 am
$
0
0
Author: WindowsStar
Subject: How do I display the path of VMware VM?
Posted: 28 October 2014 at 6:03pm

Note: The problem with doing this is that BGInfo is not dynamic enough to update the information as you switch VM's.
You will have to get that information out of the XML config file for the VM, it saves the path of where the file is stored. -WS

BgInfo : Win 7 First login shows bginfo & black backgoud

October 28, 2014, 11:12 am
$
0
0
Author: lahcbs123
Subject: Win 7 First login shows bginfo & black backgoud
Posted: 28 October 2014 at 6:12pm

Thanks. Unfortunately I tried that route by no joy.. Its a definitely a rights issue and I do not understand why no one else on the forum seems to getting. I might just  have so suffer with the black background, Thanks for trying. Larry

BgInfo : How do I display the path of VMware VM?

October 28, 2014, 11:59 am
$
0
0
Author: twalp
Subject: How do I display the path of VMware VM?
Posted: 28 October 2014 at 6:59pm

Originally posted by WindowsStar WindowsStar wrote:

Note: The problem with doing this is that BGInfo is not dynamic enough to update the information as you switch VM's.
You will have to get that information out of the XML config file for the VM, it saves the path of where the file is stored. -WS

Thank you for replying.

By your answer I wonder if you think I'm running BGInfo in my host machine. That's not the case here. I'm running BGInfo within the Windows VM that I open in Workstation or Player. So BGInfo is displayed in the VM's window, and since it just ran within the VM it seems like there should be an environment variable or WMI or whatever within the VM that shows the path to its virtual drive, settings, or something of that sort.
Viewing all 10386 articles
Browse latest View live
Search