I knew it would be possible to write a program to run as a system service and allow me bypass NTFS file permissions, but I hoped I could find a way to do it a lot simpler, and I've finally found it.
CREATE THE SERVICE WITH THIS COMMAND: (Copy and paste this as one line)
sc create SuperCMD binPath= "C:\WINDOWS\system32\cmd.exe /c c:\windows\system32\cmd.exe" type= own type= interact
START THE SERVICE WITH THIS COMMAND:
sc start SuperCMD
The first command pretty much registers CMD.exe starting CMD.exe as a system service, and allows it to interact with the desktop so you can see it. The second command starts the service, which really opens up a command prompt running with system privileges, thus allowing you to navigate into folders that you don't have permission to enter. The second command will give an error, but as long the little black box is open, it doesn't matter.
You can also run programs as the system account by typing the name of the program (sometimes you'll need the full path), but explorer.exe will open as your regular user account, so if you want a GUI file manager, you'll have to find something else. I actually used 7-Zip since since it was already installed on my computer and it worked fine.
This is a big help when working with customer's hard drives as I can easily go through their profiles to remove malware files (with some special vb scripts I will release open sourced someday) or for copying their files to a FAT32 partition when Windows needs re-installed from scratch or a blank hard drive.
Wednesday, March 11, 2009
Thursday, March 5, 2009
AntiVirus 2009 Removal AND AntiVirus XP Removal !!
I got a laptop in yesterday with both Antivirus 2009 and Antivirus XP. Those are both actually malicious programs and it looks like they came in from Limewire. The laptop had been infected for about 2 months and I could tell the owner had tried a lot of the 'fixes' on the internet, but rarely do those solve the problem. With the laptop being infected for 2 months, it definitely required the manual touch.
I noticed upon running our home-made 'virus inspection' the virus had modified a critical system file that, if removed, the system would not let a user log in. I made note of this and restored the file with a 'clean' file.
I'm nearly done with the clean-up, I just need to go through and enable some of the features the virus disabled, such as changing the wallpaper and using Microsoft's registry editing tools. It will only take me a few minutes, but it was closing time.
This will be another customer happy that we were able to disinfect the computer rather than using the so-call 'nuke and pave' method that many other shops use. I haven't had to resort to that method yet this year actually. :)
I noticed upon running our home-made 'virus inspection' the virus had modified a critical system file that, if removed, the system would not let a user log in. I made note of this and restored the file with a 'clean' file.
I'm nearly done with the clean-up, I just need to go through and enable some of the features the virus disabled, such as changing the wallpaper and using Microsoft's registry editing tools. It will only take me a few minutes, but it was closing time.
This will be another customer happy that we were able to disinfect the computer rather than using the so-call 'nuke and pave' method that many other shops use. I haven't had to resort to that method yet this year actually. :)
Subscribe to:
Posts (Atom)
