Archive for the ‘Windows’ Category
Find malicious system entries with HiJackThis for Windows
HiJackThis is a software that is able to detect unusual entries on your registry and hard drive and create a log file with the information it gathered about the running processes. This log file can either be analysed by the user himself or be copied into an automatic analyser that shows if the entries are rated safe or dangerous.
You can download HiJackThis here: http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi
If you made the program create a log file after scanning, it is recommended to copy and paste it into an automatic analyser such as the one you can find here: http://www.hijackthis.de/en. The analyser will then give you an overview of the scanned files combined with a rating given by visitors.
If you find any unsafe entries, you are given the option to fix them in the program’s window. Be cautious what you delete however, inform yourself about the stated entries and do not rely on information provided by a single source. Always double-check before you delete an entry.
Shortcuts for creating System Restore Points on Windows 7
On every Windows system able to create system restore points that undo any configuration changes made after their creation, there is also the possibility to create simple quick-link icons, consisting of a few line of code, that enable you to create restore points with a double-click. On Windows XP this is achieved with only two lines of code. Learn in this post, how it is done. In Windows Vista and 7 however, there are a few problems that stand in the way of our (automatic) one-click system restore point. First one is, that the script we need to run to create system restore points can only be run with administrative powers, so we need a way to get those. Second is the annoying User Account Control that asks as if we really want to run that script. This would not be such a great deal, but if you are the kind to create restoration points quite often or after a time schedule, the UAC may become a great pain.
To start with the administrative rights, there are more than one way to get those. The probably least complex one is to add the Run as administrator option to the menu appearing upon right-clicking the script:
This is done by adding the appropriate keys to the Windows Registry. To open that, open Run… by entering run into the Windows search bar in the main menu and clicking on the program. Type in regedit into Run and the Windows Registry will open. It consists of two columns, one on the left, containing the key directories, and one on the left, showing the keys’ values. Take on the left column and browse the HKEY_CLASSES_ROOT\VBSFile\Shell directory. Right-click it and select New > Key. Name it Runas and leave its values as they are (there is only one). Now right-click the Runas key and again select New > Key. Name the newly created key Command and leave the values as they are. Right-click the Command key and select Export…. Give it a name and save it somewhere you will find it. Go to the directive you saved it and open it with notepad. Erase all of its contents and paste this:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\VBSFile\Shell\Runas\Command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,\
53,00,63,00,72,00,69,00,70,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,22,\
00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00
Save the file and double-click to merge it with the registry. The Open as administrator option should now be available to all Visual Basic Scripts (you can use the one from the linked XP tutorial with this option enabled).
However, this option neither is automatic nor does it circumvent the UAC. An option that enables creating a restoration point on double-click (but still, without disabling UAC) is to alter the script that you use for this. Open a new notepad (it has to be notepad) and paste the following code:
if wscript.arguments.count = 0 then
set objshell = createobject(“shell.application”)
objshell.shellexecute “wscript.exe”, wScript.scriptfullname & ” run”, , “runas”, vbnormalfocus
else
getobject(“winmgmts:\\.\root\default:systemrestore”).createrestorepoint “Automatic Restore Point (Win7 Script)”, 0, 100
end if
Save the script as *.vbs and make sure to select All files from the dropdown menu before saving! With this, you have enabled administrative rights beforehand every time you run the script. Now there still is a slightly circumstantial method to also disable the UAC prompt. To achieve this, you need to have a desktop shortcut pointing to a scheduled task that runs the script with highest privileges grantable. To access scheduled tasks, browse Menu > Control Panel > System > Administrative Tools > Scheduled Tasks. Create a new one without any trigger, executing your script (be sure to remember the task’s name, you will need it once more) and check the Run with highest privileges box on the first tab.
Now right-click your desktop and create a new shortcut. Let it point to following location (enter your own task-name in the last option):
C:\Windows\System32\schtasks.exe /run /tn “EnterYourTaskNameHere”
Upon opening, it should execute the script without asking for anything.
Unlock and Delete Any File (Windows)
Sometimes it is necessary to just put a file that does not want as you want in the trash can. And sometimes doing this simple thing is not possible, because the file is being used by another program or is bound to other processes . If this is the case, the file is treated as if it was “locked” and changes cannot be done to it. If you are sure that the file needs to be deleted anyway, there is a tool called Unlocker that is able to cut off any file from its bonds so that it can be moved, renamed or even deleted. This can be pretty handy if your computer too stubborn to see its mistakes.
Unlocker is available for both 32 bit and 64 bit systems on the emptyloop homepage: http://www.emptyloop.com/unlocker/#download
To be able to use Unlocker with a rightclick, make sure that the Explorer extension is checked during the installation process.
To delete files afterwards, rightclick them and select Unlocker. The opening window will tell you if the selected file is locked or not and gives you the option to move, rename or delete it instantly.
Reset Folder Options on Windows XP
If you have ever tried to set another default application for opening file folders on Windows XP and to turn it back afterwards, you will have run into a really nasty bug.
If you try to restore the default settings of an application to open a folder, the folder will no longer open as before (normal explorer window, further folders open in the same window) but will open a search window on doubleclick.
You cannot achieve the former behaviour by trying to reset it in the control panel. What you have to do is to create a new opening action for File Folder and set it as default. Afterwards, open Run… and enter regedit to open the Windows Registry. On the left side of the registry, there is a list of directories. Browse this list to HKEY_CLASSES_ROOT > Directory > shell and click on the plus-button next to shell to unfold the actions to open file folders with. Now look for the new opening action you have previously created and set as default. Rightclick it, choose Delete and confirm your choice. It is not enough to delete this entry in the Control Panel, it has to be done in the registry. Close the registry after deletion and try out doubleclicking a folder. It should now open like it usually used to.
Free Your Windows 7 Desktop While Drag&Dropping
There is a feature added to the Show Desktop panel in the bottom right corner of the screen that enables you to free the desktop of all windows instantly if you want to drop an item upon it. To do so, just drag the desired item on the panel, hold it a split-second and all open windows will minimize, allowing you to drop the item on the desktop.
Detailed Control Panel Overview (Windows 7)
If you know the feeling of browsing the default Windows Control Panel for half an hour and still not having found the option settings you looked for, there is a solution that might ease your life: There is a hidden option that lets you view all of the Control Panel’s categories and more in a detailed and well structured overview, it’s just not that obvious to access. To do so, open any Windows Explorer window and enter following in the top bar, that usually shows the directory path of your current folder:
shell:::{ED7BA470-8E54-465E-825C-99712043E01C}
Upon entering the input will change into All Tasks and you will be shown a huge list of settings:
If you do not want to type in the code again and again to access the list, just drag the icon on the far left of the browser bar and drop it anywhere on the desktop to create a link.
Clean Up Your Windows System (CCleaner)
The common computer user often does not know that a simple uninstall of a software he or she is no longer in need of will not erase the program completely but will leave traces on your hard disk. These may stack up to a fairly high size and can slow your computer down. The same goes for all kind of temporary files your system stores, the most common being temporary internet files. Deleting these files manually can be a hard thing to do, especially if you do not know where to find those and how to recognize them. That is why there are plenty of tools on the internet that allow you to search for and erase them automatically.
One of these helpful tools is CCleaner.
CCleaner is a tool that allows you to clean up your Windows Registry (the key storage that is responsible for every kind of configuration on your system), uninstall software properly without leaving any traces, disable autostart processes, delete all kinds of temporary files and even format your hard drives and overwrite them up to 35 times so that your old files will no longer be accessible by any usual means.
CCleaner for Windows can be downloaded here: http://download.piriform.com/ccsetup311.exe
It is also available for Mac on: http://download.piriform.com/mac/CCMac1.00.077.dmg
CCleaner’s menu is divided into four main options, being Cleaner, Registry, Tools and Options. The Cleaner section is there for deleting temporary files, cookies, recent documents and other stored files of that kind. The Registry section searches the registry for disposable entries such as missing shared DDLs, unused file extensions or obsolete software and gives you the option to delete these entries. In the Tools section you can uninstall software, delete system restore points and wipe your hard drives empty. Options, speaking for itself, lets you configure your settings, mainly to include or exclude data from being deleted.
Back up Files on Windows with HoboCopy
HoboCopy is a commandline program that lets you copy large amounts of data in a comparatively short time to other copy functions. However, the clue is that it takes a snapshot of the file system before copying, making it possible to copy files that are being used without having to close them or end processes. It can be downloaded here:
https://github.com/candera/hobocopy/downloads
Extract the files to any directory (preferably one that is easy to access). To use it, open a Command Prompt (or cmd on Windows XP) and direct it to the directory where you have extracted the Hobocopy files to by using the cd (change directory) command. In my case, I have extracted the files onto a folder on my Desktop (the directory must be specified in double quotes if a space character was used in any of the folders’ names):
cd “C:\Users\howtoforge\Desktop\HoboCopy stable”
This is necessary if you want to run HoboCopy because it is only running through a command prompt and the command prompt cannot start it without knowing where it is located. If you doubleclicked on the HoboCopy icon in the explorer, it would only blink up for a split-second and vanish after that, and if you started it with the command without directing the prompt to its location it would only give you:
C:\Users\howtoforge>hobocopy
‘hobocopy’ is not recognized as an internal or external command,
operable program or batch file.
C:\Users\howtoforge>
The basic structure of the command looks like this: hobocopy “C:\source\directory” “C:\destination\directory”
However there are a lot of useful extra options available, as for example incremental copying, meaning it only copies the files that are new to the destination folder. A full list of options can be found here (scroll down to the USAGE section):
https://github.com/candera/hobocopy/
As example of how to use HoboCopy I am going to show you how to copy your Windows Live Mail folder to another directory to back it up (backups usually only make sense on different partitions or external hard drives, but for demonstrational purposes I am going to copy it to a folder on the same hard drive).
The Windows Live Mail folder on Windows 7 is located in “C:\Users\howtoforge\AppData\Local\Microsoft\Windows Live Mail” (the AppData folder is hidden, you may have to make it visible through the folder options in the Control Panel first). Open up a command prompt and direct it to the location of your HoboCopy file with the cd command as shown above. I want to do an incremental (includes a statefile, as said in the usage section of the project page), recursive copy of the folder, meaning that it only copies the files that are new to the destination folder and includes all subdirectories of the chosen folder, not just the files. To accomplish that, my command has to be this:
hobocopy /statefile=state.txt /incremental /recursive “C:\Users\howtoforge\AppData\Local\Microsoft\Windows Live Mail” “C:\Users\howtoforge\Desktop\destination”
Encrypt Files With Axcrypt on Windows
AxCrypt is a software giving you the possibility to encrypt files with a password and a keyfile which you both need to decrypt it again. You can either encrypt the file itself or a copy of it, in case you choose the latter the encryption output can be an executable file which does not need the AxCrypt software to be decrypted (but still the password and/or the keyfile).
You may ask what kind of file the keyfile is – in case you let AxCrypt itself produce a keyfile, it is a simple text document with a short code in it. You can however choose any file you want as your keyfile (I have tested it with a .vbs script and a .wav file, both work) which offers a great deal of security especially against non-professional attackers.
Upon decrypting you need all info you used when encrypting a file – the password as well as the keyfile, depending on which of them you used. If you send encrypted files to other people, the receiver will need AxCrypt installed if you have encrypted your files without choosing the option to produce an executable file. If you did however, the receiver will only need the keys to open the file, but no additional software installed.
Download AxCrypt on http://www.axantum.com/axcrypt/
Skip time on Multiboot Screen (Win XP)
If you install multiple operating systems on one machine, usually you are shown a screen on startup where you are asked to choose the operating system you would like to use. If you do not push a key on that screen, the default OS will be booted after 30 seconds (sometimes it is 28 or 27 that are displayed). Now I find that this is a pretty long time since you usually know what operating system you would like to use, plus, this screen may also occur after a simple reinstallation of windows in some cases and thus is really annoying since it lengthens your boot time for a good 30 seconds if you are not present to hit the return key. However there is an option to shorten this time in the Windows Control Panel.
To access it, browse start > Control Panel > Performance and Maintenance > System. Open the Advanced tab and click on Settings in the Startup and Recovery field.
To alter the time to wait, change the value of Time to display list of operating systems. Click on OK on every window you opened and the time should now be applied to our settings!