How to gain access to system account the most powerful account in Windows.

There is an account in Microsoft Windows that is more powerful than the Administrator account in Windows Operating Systems. That account is called System account it is similar to the root OR super user in the Linux/Unix world . I will show you how to access this system account in this article.

You can use this facility for removing programs that are causing problems to your system, malware etc.

Introduction

If you look at the task manager (which can be launched by pressing [CTRL]+[ALT]+[DEL]) you will see some processes that are running with System level privileges. Even the Administrator account is unable to do some of the things a system account can do.

System is the highest account in Windows (like root),You can be a super power user by accessing the system account (even while you are logged in as a restricted user)

Note: Accessing system account may cause serious problems.
Leave this tread and don’t follow the rest of this topic
if you don’t know what you are doing. I am not liable for any problems caused by accessing the system account

Local system differs from an administrator account in that it has
full control of the operating system, similar to root on a Unix
machine. Most system processes are required by the operating
system, and cannot be closed, even by an administrator account;
attempting to close them will result in an error message.
In Windows NT and later systems derived from it (windows 2000,
Windows XP, Windows servers 2003 and Windows Vista), there may
or may not be a superuser. By default, there is a superuser named
Administrator, although it is not an exact analogy of the Unix
root superuser account. Administrator does not have all the
privileges of root because some superuser privileges are assigned
to the Local System account in windows NT/XP.
What you gain by accessing System account?
Local privilege escalation is useful on any system that a hacker
may compromise; the system account allows for several other
things that aren’t normally possible (you can reset passwords, resetting administrator passwords is also possible)
You can even login to System and lock administrator account out by
editing group policy or other tools in windows.
How to access System:
Note : Don’t follow the procedure bellow if you don’t know what you
are doing. You may harm your PC. If you follow, Do it on your own risk.

1. Check the name of the account you’ve logged into (Click start. You
   will see the name of the account you’ve logged in.)
2. Launch the command prompt. (Start | Run | cmd | [Enter] )
   in command prompt, create a schedule to run cmd.exe.
   To create a schedule type the following line and hit enter.
   at 10:41 /interactive “cmd.exe”
   this will create a schedule to run cmd.exe at 10:41.
   (Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
   Hint: you can check if the schedule is placed by typing “at”
   and hitting enter after the above step.
3. Wait for the time you set for the schedule.
   cmd.exe would be launched at the specified time.
4. After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
   Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
   You will receive a confirmation dialogue. Click “Yes” to end the process.
5. Close task manager by clicking the close (X) button.
   Close the first cmd window (be careful to close the first one not the second one.)
6. Now you have only the second command prompt window and an empty desktop.
   In command prompt type the following line and hit “Enter”
   cd ..
7. In command prompt type the following line and hit “Enter”
   explorer.exe
   If this is the first time you do it, windows creates the necessary
   components for you to access System ( Desktop, start menu,
   My document)
   when it’s finished you will have a new desktop.
8. Close command prompt window. Click start and check your username.
   It’s changed to System.
   Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.

Am once again saying, don’t attempt accessing system account, unless you are an experienced Windows user.

System Account : Further Links

1. How the System Account is used in Window
2. What is Local System Account
3. User account control step by step guide

Reading/Writing Data from NTFS drives using DOS

If you need to copy a file to a NTFS partition using DOS you can’t do that directly but there is a way to do it.

NTFS4DOS 1.8 (read/write NTFS from DOS)

NTFS4DOS Private is the only free for private usage tool that allows unrestricted full read and write access to NTFS volumes. Thereby it is the ideal solution for offline AV scanning, backups or it might be used as an ERD solution.

Download IT

 

Technorati tags: DOS, NTFS, Drive

HijackReader analyses your Hijack This log

HijackReader is a free program which reads HijackThis log files and tries to give advice on what to fix. It is based on Merijn’s tutorial on the subject, and automatically searches in Pacman’s startup list as well as Tony Klein’s Browser Helper Object (BHO) list.
It’s main features are:
* Automatically reads HijackThis logs
* Gives advice on what to fix
* Can output the report to text (txt) or web (html) format
* The web report includes a link, for quick Google searching, based on the object in question
* Requires no installation or DLL files. Does not write any settings to the registry or create any files, unless the user wants it to
* Completely portable. Can be run from a USB-flash drive, CD, etc.
* No Internet connection required (unless you want to check things using the Google function)
USERS OF AVAST ANTIVIRUS AND/OR TROJANHUNTER: Some users of these two software products may receive a virus/Trojan warning when using HijackReader. This warning is a false positive, caused by the compression used by this program. To my knowledge, no other antivirus software will give you trouble

http://www.hollmen.dk/content/view/69/31/

Microsoft Developing its own CPU for XBOX

MOUNTAIN VIEW, Calif., Oct. 16 — For more than two decades, Microsoft’s software and Intel’s processors were so wedded that the pairing came to be known as Wintel. But as that computing era wanes, Microsoft is turning to a new source of chip design: its own labs.
The design effort will initially be split between research labs at the company’s headquarters in Redmond, Wash., and its Silicon Valley campus here. Tentatively named the Computer Architecture Group, the project underscores sweeping changes in the industry.
One reason for the effort is that Microsoft needs to begin thinking about the next-generation design of its Xbox game console, said Charles P. Thacker, a veteran engineer and Microsoft engineer who will head the Silicon Valley group. Voice recognition may also be an area where the research could play a significant role.

NYTIMES

Turn Off your monitor using shortcut from desktop

There’s an option in Windows XP power management that allows you to set a period of time, after which your monitor will be turned off. (which is more like Standby given that a shake of the mouse will awaken it).
Here is a way  about creating a shortcut that will allow you to do the same?

OK you can have two ways to do this

1.Use this widget for Yahoo! Widgets Engine OR Konfubulator

2.Another way is to download a standalone program that is built for this

Check out the page http://www.nirsoft.net/utils/nircmd.html
1. Download the ZIP file (link is at the end of that page).
2. Extract it to a temp folder.
3. Run nircmd.exe file.
4. Click “Copy to Windows directory”, click Yes.
5. Now, right-click desktop (or inside any folder like Start Menu, Programs, Quick Launch) and select New>Shortcut.
6. Enter “nircmd monitor off” or “nircmd monitor low” (no quotes please) (I don’t know the difference between them. Experiment.).
7. Click Next, and enter “Turn Off Screen” or anything you like as shortcut name. (no quotes). Click Finish.
8. Right-click the shortcut you created, and click “Properties”. Click “Change Icon”
9. If a message “The file %windir%\nircmd.exe contains no icons.” (or similar) appears, click OK.
10. Choose a nice icon (In WinXP, I use the “blue power icon” of shell32.dll file).
11. Click OK. Click OK again.
12. Try out the new shortcut to get a feel of it!

 

Technorati tags: Moniter, turn off, power saver, standby, Yahoo! Widget, Konfubulator, Moniter OFF

5 anti rootkit scanning checking software tools

I was browsing through Neowin today I saw a help query on deleting (read removing) a rootkit virus called BKDR_HAXDOOR.GP and BKDR_HAXDOR.AU

Then he wanted to delete the two keys in the registry which he suspects that the rootkit is supposedly using

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet\Enum\Root\LEGACY_YCSVGD
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet\Enum\Root\LEGACY_YDSVGD

But he was unsuccessful in that so I am now trying to list some tools that will help to get rid of rootkits but not sure it will help.

RootkitRevealer 1.7

Publisher : Sysinternals

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits lik

RootKit Hook Analyzer 1.01

Publisher Resplendence

RootKit Hook Analyzer is a security tool which will check if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. This program will display all kernel services and the responsible modules for handling them, along with company and product information

Primary Response SafeConnect 2.0.1.87

Publisher Sana Security

Primary Response SafeConnect provides instant and constant protection for PCs by detecting and completely removing spyware, rootkits, and adware without the need for signatures or scanning. Remove spyware and other malicious software from your PC in real time. Primary Response SafeConnect does not require you to scan your PC, and it can clean up your PC after it has been infected.

ProcessGuard 3.15

Publisher DiamondCS

ProcessGuard is a powerful new type of security system that secures Windows at the lowest (kernel) level, allowing it to provide the maximum possible security. An intuitive interface makes the program very easy to use, and a comprehensive help file explains everything in full detail for those wanting to know more. ProcessGuard gives you full control over which programs are allowed to run and prevents even the stealthiest rootkit Trojan horses from being able to install malicious drivers. Virtually all known code/process-related attacks can be prevented, including keyloggers, firewall leak tests, process termination, code and DLL injection, thread hijacking, and Windows File Protection attacks.

Ashampoo AntiSpyWare 1.50

Publisher Ashampoo

Ashampoo AntiSpyWare protects you against more than 500,000 security threats. Ashampoo AntiSpyWare can monitor and protect your computer continuously. A small background program checks every suspicious file for potential hazards before it is opened, making it impossible for Trojans to install themselves on your computer. Ashampoo AntiSpyWare is a brand-new tool. Building on existing solutions combined with intelligent new strategies and algorithms it provides exceptional protection against spyware and other malware. Its advanced heuristic search and analysis system can actually identify and block new and unknown threats before they can do any damage. It can even detect the highly dangerous Rootkits.

Version 1.50 detects more than 500,000 threats, features improvements to the license server and much better AntiSpyWare Guard. The “Tools” menu now contains the task planner in all languages.

I will reccomed Rootkitrevelaer anyway because I have so much trust in the company that produces…the software Sysinternals really Rocks…

Check the following Links too for some more info on rootkits

http://en.wikipedia.org/wiki/Rootkit
http://www.antirootkit.com/
http://en.wikipedia.org/wiki/Chkrootkit

http://www.rootkit.com 

Root kit detectors

Technorati tags: Rootkit, Virus, Format, Tools, Anti rootkit, Spyware, Trojan, HAXDOR, Malware, Malware removal