Skip to content

Archive

Category: Windows 7

Cryptolocker: How to avoid getting infected and what to do if you are.

 The details are sorrid, but in a nutshell what happens is a crytolocker virus gets onto your computer, locks all your pertinent files and demands a ransom amount so you can get your files back. Those who pay the ones delivering the virus will become more bold and will start demanding more money.

What can you do to protect your company?
Create some Group Policies to lock down likely places for Malware / Spyware / Grayware / Cryptodefense and other likely .exe programs from running:

– Open up Group Policy and create new GPO
– Title this policy Disable .exe from %appdata% and click OK
– Right click on this policy and select Edit
– Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
– Right click on Software Restriction Policies and click on ‘New Software Restriction Policies’
– Right click on Additional Rules and click on ‘New Path rule’ and then enter the following
information and then click OK

Path: %localAppData%\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData (Win 7)

Path: %localAppData%\*\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData subfolders (Win 7)

Path: %localAppData%\Temp\*.zip\*.exe
Security Level: Disallowed
Description: Prevent unarchived executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\7z*\*.exe
Security Level: Disallowed
Description: Prevent 7zipped executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\Rar*\*.exe
Security Level: Disallowed
Description: Prevent Rar executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\wz*\*.exe
Security Level: Disallowed
Description: Prevent Winzip executables in email attachments from running in the user space (Win 7)

The following paths are for Windows XP machines (if you still have them; I put these in just in case with the same disallow security settings)
%AppData%\*.exe
%AppData%*\*\*.exe

Create your new path rules as seen above

 

The snapshot of the issue,

Error 0x800070718

you may get this problem in Windows 7 or Windows 8 PCs when you set offline files. There is a limit in the local computer that causes the issue to save all files. You can change the setting in the control panel,

Control Panel –> Sync Center –> Offline Files –> Manage Offline Files

Disk Usage tab –> Change Limits

Change Offline Settings

 

How to reclaim space after a service pack installation in Windows 7 or 2008 R2 SP1

Dism.exe /online /Cleanup-Image /SPSuperseded

More Details: http://technet.microsoft.com/en-us/library/dn251565.aspx

DISM.exe /Image:C:\test\offline /Cleanup-Image /spsuperseded /hidesp

NOTE: This command is from the help file and might not be the command you need.  For example, if you’re running against an online installation, the command is dism /online /cleanup-image /spsuperseded

You can also use the disk clean up wizard to remove the service pack files.

Either of these will make the service pack permanent which means that you cannot uninstall it from the system once you do this.  So, use this with caution.  As in previous cleanup commands, this will remove any superceded package from the system on the next scavenging pass and reclaim your space.