This recipe tells windows to clear the page file during reboot or shutdown.The Windows page file contains the system's virtual memory. Therefore, it could contain sensitive information including passwords. Many security experts suggest having windows clear the page file during shutdown. This involves editing your registry. One should always export your current registry to backup and save it before editing. Make this simple change: Hive: HKEY_LOCAL_MACHINE Path: SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management Key: ClearPageFileAtShutdown Type: REG_SZ Value: 1... Read More

 Printer drivers can contain trojans. The default level user should not have the ability to intall drivers on a secure system. This recipe closes this hole.Block Users From Installing Printer Drivers On Win2k, WinXP, and WinNT the default level user can install (potentially trojan) printer drivers. This involves editing your registry. One should always export your current registry to backup and save it before editing. Make this simple change: Hive: HKEY_LOCAL_MACHINE Path: System\CurrentcontrolSet\Control\Print\Providers\LanMan Print Services\Servers Key: AddPrinterDrivers Type: REG_DWORD Value: 1... Read More

 Blocking right clicks (or displaying of the context menus) on the desktop is vital method in securing public desktops.I first noticed this hack at a local computer store where I couldn't access the screen saver because they had blocked the ability to pull up context menus on the desktop via right click. Since then I have used this often as a way to secure desktops that are open to public use. 1. Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer 2. Find the DWORD value NoViewContextMenu 3. If it doesn't exist, create it through the edit menu->new->DWORD 4. By setting this value to 1, the right click is turned off. 5. Allowing right clicks can be reset by setting this value to the default of 0. Remember to back up your registry before making any changes.... Read More

 Microsoft has made available a free network security analyzer.Microsoft has released a security analyzer that allows one to check local or remote computers for security issues. Mainly, this is the quickest and easiest way to scan to see which of your systems need to be patched or updated. The package includes a GUI and command line interface. The information page states that the following products are scanned: Quote: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS), SQL Server, Internet Explorer, and Office. MBSA 1.2 will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL Server, IE, Exchange Server, Windows Media Player, Microsoft Data Access Components (MDAC), MSXML, Microsoft Virtual Machine, Commerce Server, Content Management Server, BizTalk Server, Host Integration Server, and Office. You may download it from here: Microsoft Baseline Security ... Read More

 By using this technique you can limit when your children or employees are able to use a system.I have used this multiple times. Two examples... My children have personal accounts on our home box and log-in to the internet from these accounts. Using this technique I can make sure that they can only log-in during certain times of the day (as in when I can supervise them.) Several computers at my office had been getting crazy stuff installed on them at night. Some employees were staying all night surfing and absorbing bandwidth. This technique limits their use to more appropriate hours. Here are the steps to activate limitations: 1. Click on the Start Menu 2. Click Run 3. Type CMD in the Open textbox and click OK 4. In the command window type: net user accountname /times:M-F,8am-8pm; Sa,8am-5pm;Su,8am-1pm Replace accountname with the name of the account you wish to limit. The time command is a bit tricky, but the above example is easy to replace with the appropriate values. Here's microso... Read More

 Regardless what operating system you use, it is a dangerous practice to login and perform normal (non-administrative) tasks with administrative privileges. Unwittingly executing a program concealing a trojan horse as an administrator will provide administrative rights to that program and the impact may be much greater. However, increased security generally causes increased inconvenience. The runas command provides a convenient means of running a program with different credentials, typically as administrator, while working as a less privileged user.The runas command has many options for its operation. The simplest example is running the command regedit as the user administrator on the local system (which should always be referrable by the name localhost): runas /user:localhost\administrator regedit You will be prompted for the password for administrator. If you provide the correct password, the regedit command will start. To further accomodate laziness, the runas command can be used... Read More

 This recipe might prove tasty to those of us who have a 'public' pc. This recipe explains how to edit almost every aspect of windows xp and tighten security/access to the whatever flavor one would like.Requirements: Windows XP Professional First we will need to access the Snap-in via MMC. Go to Start Menu > Run > type: mmc This will bring up a console screen. Click File > Add/Remove Snap In This will now bring up a Add Standalone Snap In Window. Click the Add button, Select the Group Policy item and click the Add button. Then on the next windows just click Finish (confirms your modifying the local computer's group policy). Then click the Close button on the Add Standalone Snap In screen. And then Click OK on the console window. Now the console window will open. With the Local Computer Policy Item on the Left. Expand the item, there will be two sets of options: -Computer Configuration -User Configuration In these options, you can set tons of windows xp items and rules and polic... Read More

 The net command provides an easy way to view and set account policies from the command line.To view the current account policy settings, run the command net account from a command window. The output will look something like this: Force user logoff how long after time expires?:     Never Minimum password age (days):                        30 Maximum password age (days):                        90 Minimum password length:                            8 Length of password history maintained:              3 Lockout threshold:                                  Never Lockout duration (minutes):        &nbs... Read More

 The new AIM virus/trojan installs the lockx.exe rootkit. Here is how to uninstall it.This new AIM trojan installs a bunch of junk. The hardest thing to get rid of is the lockx.exe rootkit. Here's how to do it. This is a summary of all the recent lockx.exe installs I have fixed recently. Many of them are not exactly the same. So if you can't find all the files, you probably do not have them. 1. Download and Run AIMfix. 2. Download Hijack This 3. Run it and do a system scan 4. Check the following and have the program fix them. Just select the ones you have: O4 - HKLM\..\Run: [stratas] lockx.exeO4 - HKLM\..\RunServices: [stratas] lockx.exeO4 - HKCU\..\Run: [stratas] lockx.exeAny entry with pokapoka in itR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = htp://ww.clickhere4search.com/sp2.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = htp://ww.clickhere4search.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt://ww.clickhere4search... Read More

 The sony rootkit opens up a huge security problem on your system. However, sony's rootkit uninstaller installs software that can open up your system to security exploits as well! Here is how to remove the uninstaller.When news of sony's rootkit first was made public, sony released a rootkit uninstaller. The problem is that this rootkit uninstaller had security problems as well. Here is the proof. Here is how to get rid of this security problem. 1. Browse to this folder: \windows\Downloaded Program Files\ 2. Find the file named CodeSupport Control 3. Right-click on it and select Remove 4. Confirm that it is okay for removal. 5. The software will be removed If in step one, you do not find the file... you should search you system to make sure it is not there. If you have more than one installation of windows, I would search in all installations. My vista installation had the codesupport software installed too... although I never installed the rootkit uninstallation software there. I imagi... Read More

 The latest version of daemon tools contains evil. Here's how to install this nice program without the spyware.Daemon tools is an excellent program that allows one to use CD/DVD images/ISOs without burning them. Microsoft has developed free, unsupported software that does this as well. The problem with the latest version of Daemon Tools is that it contains spyware/adware. First notice that you can get older, nonspyware versions at the bottom of their download page. If you have to use the latest version, here's how to install it without installing the spyware. The SaveNow and WhenU.com software it installs is obviously not friendly. Although it is not obvious, NOT installing the adware is actually very easy. During the installation process, just make sure the Tools Search Bar checkbox is not checked.... Read More

 Remove spyware that is running on your PC. Numerous applications and web pages install spyware without your knowledge or permission. Spyware collects and disseminates information about those using them. They can track your surfing habits, abuse your Internet connection by sending this data to a third party, profile your shopping preferences, hijack your browser start page or pages, alter important system files, and can do this without your knowledge or permission. Editor note: A more complete list of instructions and suggestions are found here: Spyware and Malware Links and Removal Hints 1. Download Lavasoft's Adaware and/or Spybot. Download Spybot Download Adaware2. Install Adaware and/or Spybot. 3. Run Adaware and/or Spybot. 4. Follow the instructions and remove the spyware components. 5. Reboot your PC. mike... Read More

 So you have spyware on your system? Here are some suggestions for removal... and how to keep it off in the future.Spyware is everywhere. These evil people use internet explorer exploits, viruses, and lies to get their software on your computer. If you are here, you probably have spyware already. Here's some common tools to help you remove the evil. Removal Tools: Bazooka Spybot Adaware AboutBuster SpywareBlaster SpywareGuard A-Squared Free Hijack This CoolWebSearch - CWShredder BSO Demon WinPatrol Stinger Removal After you install the program, make sure you update it to the latest version. If you don't have success installing or running the above programs... or if the programs do not completely clear the bugs, you should try again after Booting Into Safe Mode Tutorials For Installing, Updating, and Using Spybot and Adware can be found here Online Trojan Scanners: WindowSecurity Trojan Scan A-Squared Online Scan Suggestions for Keeping Spyware Off: 1. Keep your computer up to date: http... Read More

 How to use the KILL (NT/2000) or TSKILL (XP) command. Many spyware programs now come in twos, so that if one is killed the other will restart it. They also set up blocks to prevent other programs such as Spybot or AdAware from launching. In order to remove the infection, you must kill both processes in rapid sucession. On NT and 2000, you first need the NT Resource kit, availible at http://www.microsoft.com/ntworkstation/downloads/Recommended/Featured/NTKit.asp. Go to start->run and type in KILL * (NT/2000) or TSKILL * (XP). This will have the effect of killing all running processes, including the explorer bar. This is useful as many spyware programs cause explorer to load their components when any directories are viewed. From here, you can use AdAware or Spybot at will... Read More

 Why the user should never click on the opt-out link in SPAM.The majority of spam messages contain a link that says something like the following: "Click Here to Be Removed From the List" "Click Here to Opt-out of More Email" "Click Here if you Don't Wish to Receive More Email from US" These are all lies. Yes, lies. By clicking on any of these, you send a message to the spammer's server which says that your email is valid. You have just proven to the spammer that your email address works. If nothing else, the spammer can now sell your email address to other spammers because he/she has proven that there is a real person behind your email address. That's the old reason not to click on those links. Here is the new, worse reason. Clicking on this link exposes you to an Internet Explorer exploit that allows trojans/spyware to be installed on your system... without you knowing it. Here the original article about this: http://www.theregister.co.uk/2004/09/22/opt-out_exploit/ Here's the CERT inf... Read More

 How to turn off the system restore feature that many spyware programs use to keep returning even if you delete them.I have found that many spyware programs will hijack the windows restore feature so that even if you have a good spyware removal program (My favorite is: SpySweeper.) Here's how to turn off the system restore feature: Goto your desktop. Select My Computer. Right-click and choose properties. Select the tab: system restore. Select the option: Turn off System restore on all drives. Press: OK Run your spyware removal tool Reboot You should be good to go now.... Read More

 Hijack This is a powerful tool against spyware. Here's some hints for using it.You will see Hijack This used in many forums (including ours) for fixing spyware. Most systems infected with spyware DO NOT NEED Hijack This. Most systems infected can be cleaned with the common powerful spyware removal tools such as adaware, spybot, and others. Hijack This should only be used when multiple antispyware tools have not been successful. Therefore, before thinking about using Hijack This, you should download, install, update, and execute several of the common antispyware tools that exist. You may find links to them here: http://www.tech-recipes.com/windows_tips674.html After you install the antispyware program, make sure that you update it! After you scan your system with these tools, make sure you tell the tools to fix any problems that they find. You should also download, install, update, and run a good antivirus program. You'll never clean a system without removing the viruses as well. If all... Read More

 Spyware and spyware removal often will break your internet connection. Here are some suggestions.Spyware will often screw with your dns, name servers, and TCP/IP stack. Removing the spyware may completely kill your internet connection. Here are some suggestions. Most of these are collected from other recipes on this site. This is the order I would do things. If one works, don't do the rest. First remove all viruses and spyware from your computer: http://www.tech-recipes.com/windows_spyware_tips674.html Reset the stack: 1. Left click the Start button 2. Select run 3. In the open box type: netsh int ip reset c:\resetlog.txt Reset the winsock catalog: 1. Left click the Start button 2. Select run 3. In the open box type: netsh winsock reset catalog Download and use winsockxpfix: http://www.spychecker.com/program/winsockxpfix.html Desperation: Use hijack this to delete any references to name servers. An example would be: O17 - HKLM\System\CCS\Services\Tcpip\..\{079ECE21-2D77-4A31-B64C-... Read More

 When fixing computers I often take for granted that people understand how to install, run, update, and use popular antispyware programs. Here are some good hints and links for those who do not.In our antispyware forums, I will frequently say something like this: Download, install, update and run spybot and adaware. Of course, I am assuming that people are familiar with these programs and know how to follow all of these steps. For those who do not, this recipe should give you some good starting points. Spybot Links: Download mirrors Download mirrors (if the above link doesn't work Official Spybot Tutorial Step by Step Tutorial on Spybot Adaware Links: Adaware Download Mirrors Adaware Tutorial in Gladiator-antivirus Forums Adaware SE Tutorial Great Step by Step Tutorial on Adaware Good Step by Step Tutorial on Adaware... Read More

 When trying to delete spyware files, users will often get errors. Here is how to overcome the spyware's protection over these files.I hate this error -- Access Denied. Damn spyware has got the file locked... and now I've got to figure out how to unlock it. This is much more art than science but I'll tell you how I typically walk through the program. If you can't even find the file that you need to delete, you might want to try this trick: http://www.tech-recipes.com/windows_tips736.html 1. Change your system so you can view and edit your hidden and system files: http://www.tech-recipes.com/windows_tips685.html 2. Close all programs. Sometimes a currently running program will have locked the file. Typically this won't work, but you'll feel silly missing it. 3. Boot to safe mode. Booting to safe mode will often disable spyware programs that might be holding access to the files in question. You might as well stay in safe mode for the rest of the process. 4. Force stop unknown programs and... Read More