Skip to content

Archive

Category: Windows XP

Cryptolocker: How to avoid getting infected and what to do if you are.

 The details are sorrid, but in a nutshell what happens is a crytolocker virus gets onto your computer, locks all your pertinent files and demands a ransom amount so you can get your files back. Those who pay the ones delivering the virus will become more bold and will start demanding more money.

What can you do to protect your company?
Create some Group Policies to lock down likely places for Malware / Spyware / Grayware / Cryptodefense and other likely .exe programs from running:

– Open up Group Policy and create new GPO
– Title this policy Disable .exe from %appdata% and click OK
– Right click on this policy and select Edit
– Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
– Right click on Software Restriction Policies and click on ‘New Software Restriction Policies’
– Right click on Additional Rules and click on ‘New Path rule’ and then enter the following
information and then click OK

Path: %localAppData%\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData (Win 7)

Path: %localAppData%\*\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData subfolders (Win 7)

Path: %localAppData%\Temp\*.zip\*.exe
Security Level: Disallowed
Description: Prevent unarchived executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\7z*\*.exe
Security Level: Disallowed
Description: Prevent 7zipped executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\Rar*\*.exe
Security Level: Disallowed
Description: Prevent Rar executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\wz*\*.exe
Security Level: Disallowed
Description: Prevent Winzip executables in email attachments from running in the user space (Win 7)

The following paths are for Windows XP machines (if you still have them; I put these in just in case with the same disallow security settings)
%AppData%\*.exe
%AppData%*\*\*.exe

Create your new path rules as seen above

 

When you do physical to virtual migration or some other way that interface will hold the IP internally in the hidden NIC. So when you try to assign the same IP to a new interface you will get warning – DO YOU WANT TO REMOVE THE STATIC IP CONFIGURATION FOR THE ABSENT ADAPTER, you can continue the job by just clicking – YES but interface is still hidden.

If you want to permanently remove the hidden interface do the steps as below

Step 1: Open the command prompt – Run as Administrator

Step 2: Type the command,

set devmgr_show_nonpresent_devices=1

It will set to visible.

Step 3: Open the device manager, you can use this command in the same command prompt

devmgmt.msc

Step 4: In the device manager windows, On the MENU, VIEW –> Show Hidden Devices

Step 5: Find the hidden interface under the network adapters, select the adapter, right click and do the uninstall.

Job done.

Content Advisor is a tool for controlling the types of content that your computer can access on the Internet. After you turn on Content Advisor, only rated content that meets or exceeds your criteria can be viewed. You can adjust the settings to suit your preferences.

You can do the following:

  • View and adjust the ratings settings to restrict or allow content in each of the following categories: language, nudity, sex, and violence.
  • Create a list of websites that should always be blocked, regardless of how their content is rated.
  • Create a list of websites that can always be viewed, regardless of how their content is rated.
  • View and change the ratings systems Content Advisor uses.

Now let us see how to remove it.

1. Go to Start> Run > Type in regedit and press Enter. ( ie. Open Windows Registry
Editor. )

For Windows Vista / Windows 7, type in regedit in the Search box from Start orb and press Enter

2. Navigate to the following path in the left pane:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings

See the screenshot below:

See the screenshot below:

3. Click on the Ratings Key & you can see an entry named key in the right Pane. Just Delete it. See the screenshot below.


4. Reboot your PC & the Content Advisor Password will be reset.

5. In Internet Explorer Choose Tools> Internet Options . Switch to Content Tab.

6. Set a new password when asked. Use it to Disable the Content Advisor.