New Tech Tool: D7

Discussion in 'malware problems & news' started by FoolishTech, May 9, 2011.

Thread Status:
Not open for further replies.
  1. FoolishTech

    FoolishTech Registered Member

    Joined:
    May 9, 2011
    Posts:
    19
    With the cancel button, it will just cancel D7's former action of resetting those REG values to defaults, but still continues to load D7.

    Quick option to fix the messed up keys that ScriptDefender uses would be System Restore ;)

    Exporting those keys from another known-good machine would be another option. Basically each value should be "%1 %*" on a clean system.

    So, if you were to rename the attached file as .REG and double click it, that should take care of that; I think! (This is the same file you attached to the other post, just updated with default values.)
     

    Attached Files:

  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Ideal :thumb:

    Indeed, but i wanted to try & learn a bit more ;)

    Good idea :thumb: but don't have one handy.

    Thanks :thumb: :)
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ FoolishTech

    Well after all that reg stuff i found the test .VBS files still do trigger ScriptDefender, but allowing still doesn't launch them = same results ? So i did a System Restore as you suggested, back to before D7. Strangely i'm experiencing exactly the "same results" ! Not sure why, but it's not your problem ;) Not that i'm aware i've ever needed those extensions anyway, but ideally they should be able to work, if i allow them :thumb:

    Anyway as soon as the new D7 gets listed i'll DL it & test again, but in ShadowDefender mode as i said :D
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Managed to locate v3.04.0005 ;) enabled ShadowDefender & ran it.

    This time i didn't see the original scan ? I expected i would though, but that the CANCEL would now work, if it had shown up.

    I see the tabs, but as before, apart from the check boxes etc, they are blank ?

    Also i had the same problem trying to close the App. It visably disappeared, but the icon remained on my taskbar ? Relaunching another 2 times & then closing resulted in a further 2 icons remaining on my taskbar. Once again Only by using TM was i able to shut all 3 instances down !

    d7-3.gif

    Whilst as was at your www i DL'd FindQs.txt & converted it to FindQs.bat to test ScriptDefender with it.

    FindQs.bat.gif

    As only these are in ScriptDefender at the moment * .VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB * FindQs.bat was able to launch CMD

    qs-sd.gif

    cmd.gif

    cmd-qs.gif

    I pressed Any Key & it immediately closed ? I know FindQs.bat has got nothing to do with D7, but i just used it to test ScriptDefender, which is still not fixed ? Not your problem though. Just posted as a FYI.

    Maybe there is some incompatability with my system & D7 if it works on others ? Sorry if i'm being a pain, only trying to help sort it, if possible :)
     
  5. FoolishTech

    FoolishTech Registered Member

    Joined:
    May 9, 2011
    Posts:
    19
    I didn't show up because I whitelisted your ScriptDefender in D7's startup check, it no longer thinks ScriptDefender is a rogue value, and therefore doesn't show you the prompt.

    Uhh... blank? Skipping that for the moment, I can say that sometimes my tray icon doesn't disappear, because the notification tray must be refreshed which D7 doesn't do well - however you could move the mouse over the tray icon and it will disappear, if D7 has shut down...

    Except in your case D7 is still running. Again, that's so odd. I have code in place that runs on startup so that D7 cannot run multiple copies of itself - any new copies launched will detect itself as an already running process and immediately shuts down. Perhaps one of your apps prevents D7 from doing it's process check - among other things - I've not seen any issues like you've had before!

    I'm glad you're exploring my warez! ;) Actually, FindQs is an integral part of D7's Pre-Malware Scan. But on it's own, it won't run unless you launch it with a drive letter & colon as a parameter. Ex:
    Code:
    FindQs.bat C:
    That's why it closed down.

    It's an interesting bit of batch and usually produces results that are file names (e.g. shortcuts, docs, usually links to websites, etc.) which are in some other language - AND/OR - it finds malware using unicode tricks to hide or mimic another legitimate file name. The crazy characters FindQs searches for turn up at a non-unicode console window as a "?" Ex. userinit.exe might appear twice in Explorer, one is illegitimate, and FindQs would discover it as user?nit.exe or whatever.

    Just as an FYI, if FindQs continually pops up a notepad window with results that are legitimate, it can be stopped simply by closing the console window it is running in.

    At this point, NOTHING would surprise me :) I wouldn't be surprised if something you have on the system is throwing a wrench in the works. I also wouldn't be surprised if it's just my poor coding going wrong in one specific scenario I haven't anticipated or seen before.
     
  6. FoolishTech

    FoolishTech Registered Member

    Joined:
    May 9, 2011
    Posts:
    19
    If anyone knows of a great, free, hosted message board system - where I could have a hosted D7 support forum, please let me know! Thanks!
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ FoolishTech
    Or a Spanner ;)

    Wish i knew :D anyway thanks so far the the assist :thumb: If you release a new version please pop back & let us know :)
     
  8. FoolishTech

    FoolishTech Registered Member

    Joined:
    May 9, 2011
    Posts:
    19
    I have a newly created support forum for D7 here, if anyone needs help or has any questions ... (I don't want to start cluttering others' forums with my own D7 support!)

    Thanks!
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    good luck with your new forum even if the name is a bit odd ;)
     
  10. FoolishTech

    FoolishTech Registered Member

    Joined:
    May 9, 2011
    Posts:
    19
    Thanks! Actually, I'm hoping no one ever needs to post there!
     
  11. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Indeed! Haha :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.