Discussion in 'other security issues & news' started by Paul Wilders, Mar 12, 2002.
FYI: Wayne Langlois is the CEO form Diamondcs.com.au, authors from TDS and WormGuard.
Well, I am probably the only one to experience the mpr.dll name change thus when I ran passlock.exe I got the following error message:
error 70 at pgm-ctr:2123
Then the message read 'could not find mpr.dll'.
Then I checked the dll at the MS dll check location and sure enough the name had changed from mpr.dll to Mpr.dll. My version is different from the one at MS dll check 188.8.131.528 to mine 4.10.1998 and the size is bigger from 57,344 bytes to 65,536.
As I stated in the Wilders TDS-3 forum under the only thread I started more then half of my dll's in Windows\System have had name changes and one I opened up, in properties, has been openly edited from the original version with no MS info in properties, all info is blank or missing in the tab.
(I use Win98SE by the way)
So, has anyone else's mpr.dll name changed as mine has?
How do I apply the patch since the name has changed, should I just change it back to the original name and then re apply the patch.
I am not crazy, I am not crazy, I am not crazy.
im sorry but pass lock is a bit more work for us newbys who are computer ilitirate lol.
its instalation and back up and how to install makes newbys nerviouse.
I think you guys have been security guerues for way to long and forgot what it was like to be a newby confused and affraid.
so i wrote to firstname.lastname@example.org
blaze letter lol
Dear Kevin of psc my name is Blaze i love the small freebie utlitys you make like HTA STOP & DSO STOP it is a great service to the public and so easy to use many of us Newbys dont know much about security but with utlitys like that its easy as 1,2,3 thank you so much.
Ho w ever im concernd about something i read about MPR.DLL thats on Windows95/98/ME WNetEnumCachedPasswords. It is officially undocumented, but enough unofficial documentation has been created so that trojan authors can easily call this DLL from their own trojan - indeed, many popular trojans such as Sub7 have taken advantage of this API for a long time, and even the safe passdump.exe demo program that accompanies this patch uses this unofficial documentation to call the function.
A google.com search at March 12 2002 for "WNetEnumCachedPaswords" found 316 results.
this is very scary as it can easly single API call by displaying all cached passwords. Passwords include modem/dialup passwords, URL passwords, share passwords and more
I ask you make a simple utlity that temperorarely fixs this problem like you did with hata a stop turn it off and on with a click protect or unprotect simplicity.
even tds company made a patch for this called pass lock but its to complicated and not newby frindly.
thats why i ask you if you can make a patch for it like you did hta stop so that it encrptys the MPR.DLL entrypoint to the WNetEnumCachedPasswords function, and patches the first 3 bytes randomely so hackers cant simply guess the code.
a verstion from you would be better then from tds more info can be found here http://www.diamondcs.com.au/web/patches/enhancer.php3?patch=passlock but there verstion sucks lo for newbys loll.
ok the problem with my letter it dont make any sence i have bad spelling but you get the jest of it if some one could revamp it and send it to ns clean for me id alprechiate it i relly would its just i suck at e-mails and often leave people confused pleas help lol.
no offensie to tds dimonds but from a newbys perspective who dosent have a clue of what he or she is doing that intall step by step thing scares me.
we the newbys are mainly aol do it for us dummys who literly buy computers for dummys books so pleas understand i wasnt trying to be mean just looking out for my stumbleing computer ilitirate brothers aqnd sisters lol.
MRBLAZE buddy! it is never too late to improve your grammar and spelling. An easy way (if you have MS word) is to write everything there and let it suggest fixes for spelling and grammar. Then cut and paste it where you want it. I do that when I am unsure how to spell a word. Some of your spelling is so hideously disfigured that even MSword may not be of much help though. I read every post I write and edit them for poor grammar and spelling. It takes longer but it is worth it.
It is unlikely many people are going to email things such as this for you. I recommend giving it a shot yourself if you feel it is important.
As for the clarity, I will admit it can be difficult to discern your meaning sometimes, but I can almost always "get the jist" as you say. So I bet the help desk will too.
=) thx UNICRON