Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
User Journal

Journal: HOSTS file for the Win! 2 2

My Malware protection a 144267 line HOSTS file (called that on any operating system
https://tools.ietf.org/html/rfc1122) and a very outdated version of Comodo firewall.

I've always been curious why my postings of the C:\Windows\System32\CWX\*.* files didn't receive more attention than it did, as the littlest of such types of it's nature activity are being reported. Surly the anti-maleware ware companies are aware of this and a + to their product when listed as being caught.

I was even banned from the website sevenforums.com After posting about it.

You have been banned for the following reason:
Posting crap
Date the ban will be lifted:Never

You can't stop this kind of stuff from happening
http://www.bloomberg.com/news/articles/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms other than using a HOSTS file. Yet even then may of no use which according to APK Microsoft can disabled. From day one I've never seen what the right side of /. holds.

User Journal

Journal: CWX directory, what it did, u got hosed

The refusal I've encountered of even considering such a thing caught me off guard,
My first post got me banned from sevenforum three days after I registered for posting crap -claim- I think it was really when someone posted their services I mentioned what AVG has done is a crime - it's like 10 services now, I hit on a sponsor. It's been so long since I've used any av program but 8-10 services are too much for a program

This type of thing (CWX) comes in three phases, one the alert there might be a problem with xxx and what you or they found.

Two is verification that it is indeed it's not wanted. In this case I'm might know where I can get it, and if not be very disappointed in them.

Three what it really does as your findings are coming together and making since and
normally the removal and repair if needed.

I'm at three - I know all who have a CWX directory have sent a scan like I posted just with their cache files. It ran for 24 hours then left so less than 25 hours. Your protection didn't have time to get anything to you. So why even mention it. I know how I screwed up and it went from 500 to 7 K (it got sent), I know why I alone came across it. Pretty much any question about about it now I can answer, FWIW I fairly sure to a high degree what directory it used to hide it's activity, come on it's an easy one, considering what it sent. I know Microsoft didn't do this alone, a third party collected the config.xml files who? don't need to know, and I'm sure nobody else does either. but it's not over, expect this again as from the post I've read if you read this your one of the few who know what it did, Microsoft got away with it.

apk scores one here, he's not a spammer while the post are long even for me and overkill they can be much shorter (just tell me if my post are too long), he's really giving you a clue, if you just listen to what he supports above all - is better than anything else you can run then your close to understanding the clue.

And while I did everything right I did it wrong. 15 days after it's installation and still nobody knew what it really does was a red light for me and why I was removing it.

Oh and the fact I sent a scan to someone I could care less - I'm sure I've sent worse. My post were to alert u, but hell it happened over 10 days ago so my post were useless.

My protection: very old version of Comodo firewall, if it works as well has all this time it stays, what I know, HOSTS file and autoruns to tell me what I need to know.

  would suggest you remove the CWX directory, even if it's other function is "prep you for an update" hell easier and to introduce you to the only tool you need (for most functions) just use autoruns and disable it,

https://technet.microsoft.com/en-us/sysinternals/bb963902
An option is to: Hide Signed Microsoft Entries you can't trust them anymore I'd have those in the view. (unhide MS entries)

User Journal

Journal: Follow up: I now feel it important enough that you know of and remove this item, 2 2

Disconnect yourself from the Internet. I now feel it will send the results itself if tampered with.

To remove the directory (many ways I'm sure, I just did it the way I always do) boot up with another OS

The config.xml in question I found and copied when I first found it (Powerpro keeps the last 100 clips (a clip - anytime time a copy command is used from any application or keys PowerPro keeps a copy) I can go back later to find something that's now of importance in some manner - a recently used username and password (security, lot of sites on the internet to visit till the right one is found), So a feature always waiting through PowerPro (been using it since Win95) I'm just used to copying stuff, it does no harm and available later if needed.

I was in no hurry, the directory was protected and I was going to remove it no big deal.

Booted into MiniXP and moved the directory to a pen drive.

From the time I found the config.xml file, to logging off the config.xml became a 7K config.xml file (default size), down from over 500K

Damn, I went to the PowerPro to see if I had copied it and found I had, whew not a dream. I have to assume is was sent within being found and shutting down I have no clue the time, but not long after finding the CWX , I use Agent Ransack alone for my system searches I haven't run MS search since Win98?? when the cache collector took up all the resources rendering ones computer fairly useless. Once burnt shame on u, twice burnt situation, I've disabled it since. Agent Ransack (Ctl+Alt+F) is all I've used, it searches everything as opposed to just certain file types. files strings, by file name, the desperate act of three letters, regular expression, over a span of months, to hours (as low as I'd go). Being free you can use it yourself, if you want it Agent Ransack will find it by offering more than a few ways to search

Agent Ransack and I looked hard for anything related to the original config.xml or any parts of the file, I wanted to find that file or any parts of it anywhere on my system, if for no other reason help explain the existence of the CWX directory.- Yet I alone seem to know of the cache scan and a 500K file that left without a trace as my firewall should of warned me (I don't use the windows firewall)

I felt a need to issue a warning, it's what I do, help others I spent 7 years in the newsgroup: 24hoursupport.helpdesk cause I could do just that, no question was off limits but 99% of them were computer related. It's turned political and has been for years

I would of appreciated a warning found nothing in any config.xml file and questioned the poster myself but removed it as something I had no use for it from what I found. I have to wonder if others scans had already left as a 15 day wait between capture and it's disappearance is damn odd as well, I block a hell of a lot of sites, causing it stick around is not far fetched.

I don't see the post with the scan and wouldn't be surprised if it has been deleted. This CWX and what I know has caused me nothing but problems.
I'll send the scan to anyone who wishes to view it, even post it to a newsgroup just not on any web sites again.

User Journal

Journal: I now feel it important enough that you know of and remove this item,

it has the potential of causing some major problems for you (or anyone).

Update notice: https://support.microsoft.com/en-us/kb/3035583/ Opening a + will show you the files involved. Do noticed your told nothing of what it's suppose to do.
Update reference #: KB3035583

The directory in question is located at Windows/System32/GWX. You can't read the files where they are, most will give wrong path errors (at least what I was getting). The files are protected, and best left alone.
.
Disconnect yourself from the Internet. I now feel it will send the results itself if tampered with.

To remove the directory (many ways I'm sure, I just did it the way I always do) boot up with another OS (I use MiniXP supplied with Hiren's boot disk 15, in a pinch you can cobble a Boot CD/pen drive using www.Bootdisk.com). Just boot into MiniXP (or other) go to the GWX directory and move it to a Pen Drive (or where ever, just off your system - as it's possible for Win7+ to find and use it from any location (maybe not, but possible)).

Picture shows location of the collected scanned results (UrFile - Config.xml)).
http://i57.tinypic.com/2q3u079.jpg

(What was found on my system Apr 3rd and 4th - it was sent after I found the directory Apr 19th - no edits) -log not included this post

Win7+ = Win7 and anything above

Scanned results = Your broswer(s) caches are recorded verbatim, then appended to a log file (config.xml), just over a days worth of activity (in my case).

User Journal

Journal: Don't need any fancy phone after all.

I have a Samsung S5 ($700) for it's 17.9 MegPix camera, problems with the bill forced me to get a back up phone. I picked up a "track phone"; a Samsung "Gusto 3" and while it won't do anything special it's a damn nice phone and once my contract is up I'll be getting a track phone from now on. S5=$100 a month with limits, Gusto=$35 a month, the phone itself cost $10 with unlimited texting and phone calls. I purchased the cheapest one I could find.

All is fine now but have to carry two phones.
S5 battery last half a day, the "Gusto 3" weeks. And if your into photography you'll know of my disappointment of the S5's ISO of 40.

User Journal

Journal: Murder is such a thin line, with two sides.

If you commit such an act your condemned by the legal system for the rest of your life. If in the "line of duty" not a problem at least for the last three that got away with it (read article under video). This happened just last night in my fair city.

https://www.youtube.com/watch?v=y-0uqFTBclo one question: why didn't they tackle him? I was told (so hearsay) that he took 16 bullets, everybody wanted in on it.

This happened last night and is part of a larger Mexican "center" - those who live there and those who cater their wares to the Mexicans in particular. I shop the Mexican stores as it's authentic, so my Coca-Cola contains sugar and not that corn syrup crap.

http://www.tri-cityherald.com/2015/02/10/3403817_witnesses-pasco-police-kill-rock.html?rh=1

So I get pulled over more now, but this just isn't right, so many options available and they chose wrong.

User Journal

Journal: Opera 12 with flash support, and edit "hidden" Opera 26+ settings.

No flash support forced me update to Opera 26 while keeping Opera 12 installed. Opera 26 got it's own program directory Opera26, but both versions share a common directory, .ini, or registry/registries settings. While both also have different Appsdata directories (both local and roaming) they meet up some place (I haven't dug too deep, it just works and I'm good with that).

I now have the use of Opera 12 with flash support, it took /. to show me Opera 26 no longer allows me to reply to messages (requires flash) yet Opera 12 will, giving me my old and fav browser back.

Fluke? Yes. Can you do the same thing? No clue. Security issues? ?

To edit "hidden" settings in Opera 26 and higher use the address - Opera:flags
I was able to edit the tabs to open as the far right tab (old Opera default), instead of every other browser style, being next to the tabbed window your viewing.

User Journal

Journal: Adobe releases emergency Flash update 2-20-14

ASLR vastly decreases the chances that a remote-code-execution attack will succeed by loading downloaded scripts in a different memory location each time the computer is rebooted. The attackers behind the campaign discovered by FireEye found a way to bypass ASLR on computers running older software. Specifically, PCs running Windows XP, Windows 7 with the now-unsupported 1.6 version of Oracle's Java, and Windows 7 with a now out-of-date version of Office 2007 or Office 2010 don't benefit from the protection of ASLR.
http://arstechnica.com/security/2014/02/adobe-releases-emergency-flash-update-amid-new-zero-day-drive-by-attacks/

Readers should remember that versions 12.0.0.44, 11.7.700.261, or earlier of Flash, regardless of the platform they run on, contain the underlying vulnerability.

User Journal

Journal: BF3's window disappearing, appears BF3 has crashed, or BF3.exe stops

As you can see I'm awful wordy this is no exception, I had thought it already posted here...

---First you can fix BF3 very easily by reinstalling your audio drivers. (not so weird if you think about it.)

---- BF3's window disappearing or appears BF3 has crashed. ----

I couldn't play two or three maps of BF3 in a row without the BF3's window
turning Gray then disappearing, "BF3 window" because I thought it was due
to being full screen (in a way it was).

I didn't know if it was my setup, even server side or client side - the opportunity
to find that out was...blocked.

Understand my games ran just fine, then all of a sudden Gray, Black, and I'd
reboot myself to reset what might of been wrong (flush the ram).

I use the Event Viewer (eventvwr.msc) all the time. Win7's is much more useful
than the past Windows OS's but it was only showing a "0 (zero) bit bucket error" (nothing).

So took another approach, debugging the only .DMP file left from a crash and found my problem:
VIDEO_TDR_ERROR,
yep a "Windows User Experience Enhancement".

A Timeout Detection and Recovery error, in other words my video card was so busy it didn't
have time to report back it's well being - So the system would reset the video card, taking BF3 with it. While my video card is top of the line, BF3 graphics are rather intense.

My .dmp file was located here X:\Windows\LiveKernelReports\WATCHDOG\

There are registry entries that can fix this at:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\GraphicsDrivers
the keys must be entered as they aren't there by default

TdrLevel - turn on and off Timeout detection
TdrDelay - change the time out period
TdrDdiDelay - time to reset the graphics stack
TdrLimitTime - time limit TDR's are allowed ( I'll be tweaking)
TdrLimitCount - number of TDR's are allowed ( I'll be tweaking)
[url]http://msdn.microsoft.com/en-us/library/windows/hardware/ff569918.aspx[/url]

Taking the easy way out I just disabled the TDR,

Recently I had rebooted and entered a map with the same players,
I had left. All the chat's were about the lag they were seeing, lot's of people,
lots of lag - not me, the game played just fine. Seems to be just a matter of time
before most are hit with the same problem, just they didn't crash or online to say
they had.

Collected at different times my Event Viewer error messages claimed:
I had run out of Graphic memory or so fragmented it was unusable, another:
"ReportDescription=A problem with your video hardware caused Windows to stop working correctly.",
yet another:
"The Desktop Window Manager is experiencing heavy resource contention.
Scenario : Video memory resources are over-utilized and there is thrashing happening as a result.

Quote
"Ultimately, this crash is due to game/software developers and graphics card
manufacturers (such as ATI/AMD and NVidia) developing buggy devices and
software and not playing by the rules and standards dictated for a specific
platform like Windows. There are many cases of similar events happening on
UNIX/Linux systems, so this problem is not specifically isolated to Windows." /Quote
[url]http://www.mikemstech.blogspot.com/2011/12/troubleshooting-0x116-videotdrerror.html[/url]

My system:
COOLER MASTER HAF 922 case
ASUS P6X58D Premium MotherBoard
Intel Core i7-950 3.8Ghz 1.2 Volts
CORSAIR DOMINATOR 6GB TR3X6G1600C8D Memory 1806Mhz at 1.60volts
EVGA GTX 570 video card (not overclocked)
CORSAIR H-50 Cooling Hydro (CPU water cooler)
CORSAIR HX850 Silver Certified, Modular power supply
3 HD - 2 CD all unspectacular :}

References
[url]http://www.mikemstech.blogspot.com/2011/12/troubleshooting-0x116-videotdrerror.html[/url]
where one should start - also a copy of what my debug output looked like (guess how I found the site).

TDR explanations, registry settings (Win7 and above)
[url]http://msdn.microsoft.com/en-us/library/windows/hardware/ff569918.aspx[/url]

User Journal

Journal: Solved windows 7 event viewer not working

Working on a web site with kompozer, until then figured I'd place things that could help others here.

Like Windows 7's Event Viewer not working anymore, claiming the service isn't running

Bottome line:
The trick is to rename
X:\Windows\System32\LogFiles\WMI\RtBackup
to say:
X:\Windows\System32\LogFiles\WMI\RtBackup42

RtBackup will recreate itself and everything will be back to normal.
----

Windows 7 event viewer (eventvwr.msc) has grown up.

Understand Win7 is a new OS for me installed for BattleField3. BF3 is also what I'm
mostly fixing or tweaking the OS for as well. This is also the first time I've ever used
permissions always installing windows on a FAT 32 format

XP and below you would use the event viewer to get a clue to your problem, with Win7 it
actually helps a lot.

I was using the event viewer to track down my problem of not being able to play BF3 2 or 3 games
in a row without the BF3 screen fading to gray then disappear, of course near the end where I'd
lose everything I'd gained.

Now weirdness enters the very day I took a serious approach at this problem.
I kept track of the times I was in game, it ended, the next started, and time of crashes
so I could track the times later in the Event Viewer.

Down to work I opened the Event Viewer and it won't, it quit working, claiming the service
needed to be running first, the service was indeed running.

The event viewer is dependent upon the Task Scheduler and it the event viewer, and between the two
there was a time I wasn't sure what if any services were working.

I tried a repair install of Win7 and couldn't because of SP1 - rough day I have another version of Win7
and two versions of XP I can boot into as well as the CD drives, I think I used them all to attack
the problem from the outside. Working with permissions (sidestepping them) and trying to get a copy
of Win7 to install. While maintaining everything or no data loss, I'm not one to format and start over.

Next day different approach - I finally found the answer at
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/cannot-start-windows-event-log-service-on-windows/e2c218ad-8637-49ee-8023-50eae0e4ddcb

The trick is to rename
X:\Windows\System32\LogFiles\WMI\RtBackup
To say:
X:\Windows\System32\LogFiles\WMI\RtBackup42

RtBackup will recreate itself and everything will be back to normal. Simple as that.

I couldn't rename RtBackup. Working with permissions for so long I went into my XP64 OS to
work with it, only to find the directory was "Read Only" sigh...

BTW my cure all ERUNT wouldn't work (permissions) or this post would be much shorter or not at all.
Before I do anything I'll run ERUNT just in case. http://www.larshederer.homepage.t-online.de/erunt/

User Journal

Journal: BF3 - how to cripple or crash any Windows OS with it.

Looking for a post I posted I came across this article (not the right one):

Battlefield 3 Performance: 30+ Graphics Cards Tested http://games.slashdot.org/story/11/10/29/1922214/battlefield-3-performance-30-graphics-cards-tested

I know how to crash a system with any video card running BF3, Bold statement as it's not totally the video cards fault and a crash isn't always the result; but you will have a lot of problems until you reboot.

Running BF3 without pagefile.sys or disk cache, will crash or or severely cripple the OS.

After playing for a while you will be asked politely to quit BF3 as your running out of resources - windows 7 also request shutting down it's charm (DMV.exe) and other services.

Thing here is all the requests are behind the BF3 game screen, you'll start loosing control of any equipment your in, or other odd stuff pertaining to input.

I have 6 Gigs of ram and BF3 is the only application where a Pagefile is required, even Photoshop runs without one now.

Yet for all it's problems BF3 is a very enjoyable game that I play daily but now with a pagefile on a slow drive. My video card: EVGA GTX570

There is very little future in being right when your boss is wrong.

Working...