Search Results

Search found 22267 results on 891 pages for 'org mode'.

Page 512/891 | < Previous Page | 508 509 510 511 512 513 514 515 516 517 518 519  | Next Page >

  • Need help identiying a nasty rootkit in Windows

    - by goofrider
    I have a nasty rootkit that not tools seem to be able to idenity. I know for sure it's a rootkit, but I can figure out which rootkit it is. Here's what I gathered so far: It creates multiple copies of itself in %HOME%\Local Settings\Temp with names like Q.EXE, IAJARZ.exe, etc., and install them as hidden services. These EXE have SysInternals identifiers in them so they're definitely rootkits. It hooked very deep in the system, including file read/write, security policies, registry read/write, and possibly WinSock/TCP/IP. When going to Sophos.com to download their software, the rootkit inject something called Microsoft Ajax Tootkit into the page, which injects code into the email submission form in order to redirect it. (EDIT: I might have panicked. Looks like Sophos does use an AJAZ email form, their form is just broken on Chrome so it looked like a mail form injection attack, the link is http://www.sophos.com/en-us/products/free-tools/virus-removal-tool/download.aspx ) Super-Antispyware found a lot of spyware cookies, in the name of .kaspersky.2o7.net, etc. (just chedk 2o7.net, looks like it's a legit ad company) I tried comparing DNS lookup from the infected systems and from system in other physical locations, no DNS redirections it seems. I used dd to copy the MBR and compared it with the MBR provided by ms-sys package, no differences so it's not infecting MBR. No antivirus or rootkit scanner be able to identify it. Most of them can't even find it. I tried scanning, in-situ (normal mode), in safe mode, and boot to linux live CD. Scanners used: Avast, Sophos anti rootkit, Kasersky TDSSKiller, GMER, RootkitRevealer, and many others. Kaspersky reported some unsigned system files that ought to be signed (e.g. tcpip.sys), and reported a number of MD5 mismatches. But otherwise couldn't identify anything based on signature. When running Sysinternal RootkitRevealer and Sophos AntiRootkit, CPU usage goes up to 100% and gets stucked. The Rootkit is blocking them. When trying running/installing HiJackThis, RootkitRevealer and some other scanners, it tells me system security policy prevent running/installing it. The list of malicious acitivities go on and on. here's a sample of logs from all my scans. In particular, aswSnx.SYS, apnenfno.sys and PROCMON20.SYS has a huge number of hooks. It's hard to tell if the rootkit replaced legit program files like aswSnx.SYS (from Avast) and PROCMON20.SYS (from Sysinternal Process Monitor). I can't find whether apnenfno.sys is from a legit program. Help to identify it is appreciated. Trend Micro RootkitBuster ------ [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg Root : 586bfc0 SubKey : Cfg ValueName : g0 Data : 38 23 E8 D0 BF F2 2D 6F ... ValueType : 3 AccessType: 0 FullLength: 61 DataSize : 32 [HOOKED_SERVICE_API]: Service API : ZwCreateMutant Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8061758e CurrentHandler : 0xaa66cce8 ServiceNumber : 0x2b ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateThread Image Path : c:\windows\system32\drivers\apnenfno.sys OriginalHandler : 0x805d1038 CurrentHandler : 0xaa5f118c ServiceNumber : 0x35 ModuleName : apnenfno.sys SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteKey Image Path : C:\WINDOWS\system32\Drivers\PROCMON20.SYS OriginalHandler : 0x80624472 CurrentHandler : 0xa709b0f8 ServiceNumber : 0x3f ModuleName : PROCMON20.SYS SDTType : 0x0 HiJackThis ------ O23 - Service: JWAHQAGZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\JWAHQAGZ.exe O23 - Service: LHIJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\LHIJ.exe Kaspersky TDSSKiller ------ 21:05:58.0375 3936 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine 21:05:59.0217 3936 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0342 3936 C:\WINDOWS\system32\BUFADPT.SYS - copied to quarantine 21:05:59.0856 3936 BUFADPT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0965 3936 C:\Program Files\CrashPlan\CrashPlanService.exe - copied to quarantine 21:06:00.0152 3936 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0246 3936 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine 21:06:00.0433 3936 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0464 3936 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine 21:06:00.0526 3936 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0604 3936 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine 21:06:01.0181 3936 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0321 3936 C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe - copied to quarantine 21:06:01.0430 3936 OTFSDMS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0492 3936 C:\WINDOWS\system32\DRIVERS\tcpip.sys - copied to quarantine 21:06:01.0539 3936 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0601 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - copied to quarantine 21:06:01.0664 3936 HKLM\SYSTEM\ControlSet003\services\TULPUWOX - will be deleted on reboot 21:06:01.0664 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - will be deleted on reboot 21:06:01.0664 3936 TULPUWOX ( UnsignedFile.Multi.Generic ) - User select action: Delete 21:06:01.0757 3936 C:\WINDOWS\system32\Drivers\usbaapl.sys - copied to quarantine 21:06:01.0866 3936 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0913 3936 C:\Program Files\VMware\VMware Player\vmware-authd.exe - copied to quarantine 21:06:02.0443 3936 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

    Read the article

  • 912 stream processor available in OpenCL

    - by tugrul büyükisik
    I am thinking of assembling this system: AMD CPU (A8-3870 APU which has Radeon HD 6550D inside: 400 stream processors:xxx GFLOPS) nearly 110$ AMD Graphics card: HD 7750 (512 stream processors:819 GFLOPS peak performance) nearly 170$ Appropriate ram (1600MHz bus) Mainboard What GFLOPS level can I reach as a stable mode with using OpenCL and similar programs? Can I use all 912 stream processors at the same time? I am not trying to do a VS question. I need to know what could be better for scientific computing (%75 of the time) and gaming (%25 of the time) because I have a low budget. With "scientific calculations" I mean fluid dynamics/solid state physics simulating; with games I mean those that need openCL and PhysX.

    Read the article

  • Copying windows 8 Users folder having long long paths

    - by bilal.haider
    I was trying to move my "Users" folder in Windows 8 as described here and here. But when I try to copy the folder using "xcopy" in Windows Installation Disk Repair Mode, after some files are copied, I get "insufficient memory". The files on which the error is given are like C:\Users\Bilal\Application Data\Application Data\Application Data.........Application Data\Application Data..... What is the point in such directories within directories? I also tried copying them using Mini Windows XP, but the problem was there too.. Also tried copying using Parted Magic Live CD... but still.. So now, how can I move them? Another Question. Is moving such/ system files using Linux a good idea? Does it do anything to permissions?

    Read the article

  • Firewalling a Cisco ASA Split tunnel

    - by dunxd
    I have a Cisco ASA 5510 at head office, and Cisco ASA 5505 in remote offices. The remote offices are connected over a split tunnelled VPN - the ASA 5505s use "Easy VPN" Client type VPN in Network Extension Mode (NEM). I'd like to set firewall rules for the non-tunnelled traffic only. Traffic over the VPN to head office should not have any firewall rules applied. I might want to apply different firewall rules to different remote offices. All the documentation I have been able to find assumes the Client VPN is a software endpoint, and all the configuration is done at the 5510. When using a Cisco 5505 as the VPN client, is it possible to configure any firewalling at the Client end, or does it all have to come from the 5510? Are there any other issues to look out for when split-tunnelling a VPN by this method?

    Read the article

  • Macvim lags while Vim on terminal is buttery smooth

    - by SaamJB
    I am running OS X Lion 10.7.3 and Macvim runs significantly slower than vim on the terminal for me. All movement commands in Macvim are much slower. Moving up and down in visual mode is equally as laggy. I see none of this lag when using vim from the terminal. Does anyone know what the reasons may be? I am running NERDtree on every open tab, and I know this contributes some memory overhead and potentially some slow down; but even when I don't run NERDtree Macvim runs much slower than vim from the terminal. Any help in solving this would be greatly appreciated.

    Read the article

  • unable to install oracle

    - by Mohamed Saligh
    I have installed oracle few months back. I was running fine in my local system. Unfortunately my friend has removed all the directories in safe mode. meaning to say it was not properly un-installed from my system. I tried to remove all the Registry keys, Services associated with oracle. Now, I can install it. Unable to use any sqlplus services or anything. How to completely remove my hidden old files and services if any. Need to install and use it. Any help indeed

    Read the article

  • IE8 complains about SSL name mistmatch

    - by Cerin
    When visiting an SSL protected website, IE8 complains about the certificate name not matching the website address, but gives no information about the certificate or what name it's looking for. Visiting the same site in IE9 (or IE9 in "IE8 mode"), Firefox, Chrome, and Safari shows no problems, and that the certificate matches the address. Certificate checkers indicate everything is installed and configured correctly. Does anyone know what might be causing this? Is this a known issue or bug in IE8? I've been Googling for similar issues, but due to the uncertainty as to what's actually going on, I'm not sure what to search for. My problem reads similar to this question. However, my server is running Apache2.

    Read the article

  • My computer resets when i try to install Windows 7 (USB/DVD)

    - by Ranhiru
    I had a troublesome software starting up when Windows 7 was starting and i had no way to remove it because i couldn't log in to Windows. Not even safe mode. But i used Hiren's Boot CD to edit the registry to stop that software from starting up... But my efforts were not useful as Windows kept on going to an ultimate freeze just before the login screen should have been shown. And just freezes and I cannot do anything. So i decided heck with it and i now want to format the disk and reinstall a fresh copy of Windows 7. But now regardless of USB or DVD i use to boot the setup, it loads fine till you see the animating Windows and it just resets the laptop! Just plain resets! Hiren's Boot CD and Mini XP, strange enough but still works :( Any ideas what might be causing the laptop to reset in Windows 7 setup?

    Read the article

  • forwardfor information is missing

    - by FAFA
    I use following configuration to load balance https connections, using haproxy 1.4.8. SSL offloading is done by apache. listen ssl_to_waf 192.168.101.54:443 mode tcp balance roundrobin option ssl-hello-chk server wafA 192.168.101.61:444 check listen ssl_from_waf 192.168.101.61:445 balance roundrobin option forwardfor server webA 192.168.101.46:80 check For HTTP requests this works great, requests are distributed to my Apache servers just fine. But for HTTPS request, I lose the "forwardfor" information. I need to save the client IP address. How can I use HAproxy to load balance across a number of SSL servers, allowing those servers to know the client's IP address?

    Read the article

  • Cross-forest GPO between 2003 and 2008 Denied Beacuse it's "Inaccessible"

    - by j.rightly
    I have a two-way, non-transitive trust between two forests and domains, "W2003" and "W2008". In W2008 I have a GPO with user settings linked to a machine OU containing machine "Server". The GPO applies to Authenticated Users. Cross-forest loopback processing is enabled in merge mode. When I log onto Server as User (whose account exists in the W2003 domain), the GPO does not apply. I run RSoP and see that the GPO is "Denied" for the reason "Inaccessible." The GPO name is not listed, but the GUID is. I have checked the file-level permissions on the DC to ensure that User has access to read the GPO's folder and all its contents. What is going on?

    Read the article

  • Redhat | error in mod_swgi installation

    - by MMRUSer
    I'm getting the following error when I try to install mod_wsgi ./configure checking for apxs2... no checking for apxs... /usr/sbin/apxs checking Apache version... 2.2.3 configure: creating ./config.status config.status: creating Makefile make /usr/sbin/apxs -c -I/usr/local/include/python2.6 -DNDEBUG mod_wsgi.c -L/usr/local/lib -L/usr/local/lib/python2.6/config -lpython2.6 -lpthread -ldl -lutil -lm /apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -I/usr/local/include/python2.6 -DNDEBUG -c -o mod_wsgi.lo mod_wsgi.c && touch mod_wsgi.slo sh: /apr-1/build/libtool: No such file or directory apxs:Error: Command failed with rc=8323072 . make: *** [mod_wsgi.la] Error 1 mod_wsgi 3.2 Apache 2.2 Python 2.6 apr-1.2.7-11 Is this error because of a missing package.. or else how do I solve this issue?

    Read the article

  • Using e-mail address as user name for SMTP and POP3

    - by PeterMmm
    I have a exim4 setup as SMTP. My user naming schema is to name all mail users for this server as m001, m002, m003, ... and then redirect to a real e-mail address with virtual domains. How can I allow my users to authenticate with exim to send mail using either their system user name (m001) or the email address ([email protected])? User login information for m001 are stored in linux system files (passwd, shadow). They are linked thru entries in a virtual address table for each domain that this server can serve: # /etc/exim4/virtual/example.com m001: [email protected] m002: [email protected] m003: john@mydomain.org The same can be applied to qpopper ?

    Read the article

  • Allow from referer for HTTP-basic protected SSL apache site

    - by user64204
    I have an apache site protected by HTTP basic authentication. The authentication is working fine. Now I would like to bypass authentication for users that are coming from a particular website by relying on the HTTP Referer header. Here is the configuration: SetEnvIf Referer "^http://.*.example\.org" coming_from_example_org <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Deny from all Allow from env=coming_from_example_org AuthName "login required" AuthUserFile /opt/http_basic_usernames_and_passwords AuthType Basic Require valid-user Satisfy Any </Directory> This is working fine for HTTP, but failing for HTTPS. My understanding is that in order to inspect the HTTP headers, the SSL handshake must be completed, but apache wants to inspect the <Directory> directives before doing the SSL handshake, even if I place them at the bottom of the configuration file. Q: How could I workaround this issue? PS: I'm not obsessed with the HTTP referer header, I could use other options that would allow users from a known website to bypass authantication.

    Read the article

  • TFTP PUT Failing Across Hosts

    - by Jason
    I have a TFTP server installed on a CentOS host. /etc/xinetd.d/tftp: service tftp { disable = no socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -c -s /var/lib/tftpboot per_source = 11 cps = 100 2 flags = IPv4 } If I try to PUT a file from a remote host to the host running the TFTP server, I get Transfer Timed Out - however, it does create the file in /var/lib/tftpboot but the file is empty. If I tftp from the tftp server to itself (localhost) and PUT a file, it works fine. I have verified that SELinux is disabled and IPTables are turned off. I can connect from the remote hosts with no issue - just seems to be the PUT I have issue with: [root@SVR01 TEST]# tftp 10.100.2.15 tftp> status Connected to 10.100.2.15. Mode: netascii Verbose: off Tracing: off Literal: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp>

    Read the article

  • ZFS SAS/SATA controller recommendations

    - by ewwhite
    I've been working with OpenSolaris and ZFS for 6 months, primarily on a Sun Fire x4540 and standard Dell and HP hardware. One downside to standard Perc and HP Smart Array controllers is that they do not have a true "passthrough" JBOD mode to present individual disks to ZFS. One can configure multiple RAID 0 arrays and get them working in ZFS, but it impacts hotswap capabilities (thus requiring a reboot upon disk failure/replacement). I'm curious as to what SAS/SATA controllers are recommended for home-brewed ZFS JBODs. In addition, how does battery-backed write cache (BBWC) play into the solution?

    Read the article

  • Windows program to remove titlebar, frame, etc from a window?

    - by Nelson
    I like playing computer games in windowed mode, as opposed to full screen. I don't like staring at the title bar, frame, and other UI junk. I also don't like seeing other stuff on my desktop around the window. Is there a simple Windows program that will strip the UI chrome off of an arbitrary window from some other application? Extra points for an easy way to put a black screen underneath the window, hiding the desktop. Note: I'm looking specifically to handle windows that are smaller than my desktop size. There's a variety of 'windowed maximized' options that make a window exactly the desktop size, and positioned so all the UI decorations are off screen. (E.g.: ShiftWindow). I'm trying to strip all the decorations away from a window that's smaller than desktop size.

    Read the article

  • Exim redirect all unexisting accounts for local domains to a specific account

    - by tntu
    I want to route all incoming emails for local domains only to a single account if an account is not setup for that user. I would also like each email to be written in it's own file in user folder. I have a catchall user with /home/catchall/ path where I have a mail folder made for this but so far emails wither fail to deliver (thus my rule did not work) or they do deliver to /etc/mail/catchall file. I have been trying to put something together from the Exim configuration but so far nothing seem to work. http://exim.org/exim-html-current/doc/html/spec_html/ch20.html

    Read the article

  • Openfire on Mac OS X: can't log in after setup

    - by Tom
    Hey all, I'm trying to set up Openfire (http://www.igniterealtime.org/projects/openfire/) on Mac OS X. The install goes well, and I can start the server and enter the admin console via its System Preferences pane. I run the setup, including specifying the password for the admin user. However, when I try to log into the admin console, I get the message "Login failed: make sure your username and password are correct and that you're an admin or moderator." What gives? I've tried to RTFM, but the documentation seems to be really sketchy. Nowhere is the setup process mentioned in the install docs.

    Read the article

  • Photoshop / Illustrator Fill text box with large string.

    - by Xetius
    I have a massive string (lots of Fibonacci numbers concatenated together). I don't know how much of this text I need to fill an A4 page. What I was hoping for was to paste a large block into a text box and have it display as much as possible, wrapping the text at the end of a line, but it is not doing that. It is just displaying a blank box (With the text overflowing into an awaiting textbox or something. I have tried pasting smaller amounts of text into the text box, and it appears that it will get about half way and then go into 'blank' mode. All I need is a simple way of creating a background of numbers which I don't have to type in. Any ideas?

    Read the article

  • What is the best way to run ClamAV on Windows Server 2008 R2

    - by gabbsmo
    I'm hosting a Wordpress-site on Windows Server 2008 RS and want to scan all files that are uploaded by users for viruses using this plugin http://wordpress.org/extend/plugins/upload-scanner/. I'm on a really tight budget (no profit) so ClamAV seem like a good choice. What is the best way to run ClamAV under these circumstances? I'm concidering the following options: Just running the raw windows build from http://sourceforge.net/projects/clamav/ an setup definition updates with task scheduler. Any way to automate updates of the scanner (binaries)? Using a "distro" like ClamWin or Immunet (advertised on clamav.net). Any suggestions are welcome.

    Read the article

  • Changed file and now I cannot access my SSH anymore

    - by Arnold
    I was trying to get my dedicated server to have a couple of VPS's installed using this tutorial: http://linux-vserver.org/Installation_on_CentOS In the process I had to change a file: /etc/ssh/sshd_config The documentation advises to change it into: ListenAddress <host IP address> Guess what? I literally added <host IP address> instead of the dedicated servers IP. I restarted the server and now I'm not able to access my SSH anymore. Can anyone help me to gain access to my SSH again? I'm using CentOS 6.

    Read the article

  • Restoring Mac-bootcamp-windows-partition image to Windows machine

    - by jpwagner
    Hi, I'm running Windows XP sp3 on my mac using bootcamp. Objective: I'd like to move this partition to a windows machine. This is what I tried: 1. create image using winclone 2. restore drive to disk partition on windows machine using paragon 3. reboot from new partition Results: it attempts to boot in XP (windows flag and progress bar load screen) but then gives me the old BSOD. safe mode just hangs while loading. (I then uninstalled KB977165 on a hunch, but that did nothing to help the issue.) Any ideas, advice, etc would be greatly appreciated. Thanks!

    Read the article

  • Restoring Mac-bootcamp-windows-partition image to Windows machine

    - by jpwagner
    Hi, I'm running Windows XP sp3 on my mac using bootcamp. Objective: I'd like to move this partition to a windows machine. This is what I tried: 1. create image using winclone 2. restore drive to disk partition on windows machine using paragon 3. reboot from new partition Results: it attempts to boot in XP (windows flag and progress bar load screen) but then gives me the old BSOD. safe mode just hangs while loading. (I then uninstalled KB977165 on a hunch, but that did nothing to help the issue.) Any ideas, advice, etc would be greatly appreciated. Thanks!

    Read the article

  • How likely can my data be recovered after Windows CHKDSK performed on a degraded RAID 5 array?

    - by chrisling106
    Hello there, We have a RAID 5 setup with 3 SATA disks, #2 went down as reported on the pre-POST screen. Unfortunately, for some reason out of my control, the system was rebooted with a degraded RAID :-O Windows XP (64-bit) loaded, CHKDSK ran automatically and done its recovery! From that point onwards, the following error prompts every time even in Safe Mode: lsass.exe - The endpoint format is invalid I took those 3 disks to the data recovery expert and need to wait at least 2-4 days for results. There are 2 VMs on multiple files stored in this RAID 5 array, and there's no backup! Sorry, I just inherited the system from an ex-staff who has left the company 2 months before I joined. How likely the data can be recovered?

    Read the article

  • Intel Rapid Storage Technology service always crashes

    - by Massimo
    I'm running Windows 7 x64 on a system based on an Asus Z87-Deluxe motherboard; the storage is configured for RAID mode; there is a single SSD drive for the O.S. and two 4-TB disks in a RAID 1 setup for the data. I've installed the latest version of Intel's Rapid Storage Technology drivers, 12.8.0.1016. The program complains about its service not being running, and the service is actually stopped; if I try to start it, it crashes. I've already tried reinstalling the package, but nothing changed. All the disks work correctly, but the RST program is unusable. How can I fix this?

    Read the article

< Previous Page | 508 509 510 511 512 513 514 515 516 517 518 519  | Next Page >