• WSR2

    WSR2

    @wsr2

    Viewing 5 replies - 2,116 through 2,120 (of 2,120 total)
    Author
    Replies
    • in reply to: Error in Woody’s Level 1 extensions. #527738

      Mary, no, I jumped the gun once — I won’t do it again! I verified this myself. See the pc-help reference I included above. The .shb extension can be used EXACTLY like .shs. Simply create an .shs file (as pc-help describes) and rename it with a .shb extension. Double-click it and the SAME result will occur. The risks are real. ZoneLabs missed this one.

    • in reply to: Error in Woody’s Level 1 extensions. #527701

      OK, I was inappropriately harsh on Woody. He seems to have taken his list almost directly from Microsoft: http://support.microsoft.com/support/kb/ar…s/Q262/6/31.ASP

      The Shortcut to Document IS related to Scrap Objects! Check out the Open command for DocShortcut:

      [HKEY_CLASSES_ROOTDocShortcutshellopencommand]
      @ = “c:windowsrundll32.exe shscrap.dll,OpenScrap_RunDLL /r /x %1”
      ___________________________

      Here is more information on the potential dangers of the .shs and .shb extensions: http://www.pc-help.org/security/scrap.htm

      Especially note these lines:

      By The Way…

      There is another “scrap file” type. The .SHB extension marks a file type called “Shortcut into a document,” intended to point to an embedded object within a document. You can see it listed in the illustration just above.

      …if a .SHS “object” is renamed to carry the .SHB extension, *it will behave exactly the same way*. The NeverShowExt Registry value (this time located in HKEY_CLASSES_ROOTDocShortcut) prevents the .SHB extension from being displayed.

      *Everything you are reading here about the behavior of .SHS applies equally to .SHB.*
      _______________________

      So NOW I turn the tables. Why did ZoneAlarm MailSafe EXCLUDE this potentially dangerous extension? It protects you against 37 extensions — but NOT 38! The problem with .shs should extend to .shb!

      What this an over site by ZoneLabs??

      The good news is that ScriptSentry does quarantine .shb files. But, if you don’t use ScriptSentry and are only relying on ZA MailSafe, you should disable the Open command for “DocShortcut”.

      ~~~~~~~~~~~~~~~~~~~~~~~~~~

      I keep finding more info… Outlook 2002 apparently has an larger list even still! It is printed here:
      http://www.microsoft.com/Office/ORK/xp/FOUR/outg03.htm

      .ade Microsoft Access project extension
      .adp Microsoft Access project
      .asx Windows Media Audio / Video shortcut**
      .bas Microsoft Visual Basic class module
      .bat Batch file
      .chm Compiled HTML Help file
      .cmd Microsoft Windows NT command script
      .com Microsoft MS-DOS program
      .cpl Control Panel extension
      .crt Security certificate
      .exe Executable program
      .hlp Help file
      .hta HTML program
      .inf Setup information
      .ins Internet naming service
      .isp Internet communication settings
      .js Jscript file
      .jse Jscript-encoded script file
      .lnk Shortcut
      .mda Microsoft Access add-in program **
      .mdb Microsoft Access program
      .mde Microsoft Access MDE database
      .mdz Microsoft Access wizard program **
      .msc Microsoft Common Console document
      .msi Windows Installer package
      .msp Windows Installer patch
      .mst Visual Test source files
      .pcd Photo CD image or Microsoft Visual Test compiled script
      .pif Shortcut to MS-DOS program
      .prf Microsoft Outlook Profile Settings **
      .reg Registration entries
      .scf Windows Explorer Command **
      .scr Screen saver
      .sct Windows script component
      .shb Shortcut into a document **
      .shs Shell scrap object
      .url Internet shortcut
      .vb VBScript file
      .vbe VBScript-encoded script file
      .vbs VBScript file
      .wsc Windows script component
      .wsf Windows script file
      .wsh Windows script host settings file

      This brings the total of potentially harmful extensions to 43. The ones that ZA MailSafe does NOT protect you from have two asterisks after them.

      I would argue that ZA MailSafe should be upgraded to provide this improved level of security.
      ___________________

      I found that “.scf Windows Explorer Command” is also an ‘extremely hidden’ File Type. So you need to delete the NeverShowExt entry for that also. That advice appies to .pif, .shs, and .shb extensions.

      Strangely, for .prf, I found this:

      [HKEY_CLASSES_ROOT.prf]
      @=”prffile”
      “Content Type”=”application/pics-rules”
      _____________

      [HKEY_CLASSES_ROOTprffile]
      @=”PICSRules File”

      [HKEY_CLASSES_ROOTprffileDefaultIcon]
      @=”msrating.dll,3″

      [HKEY_CLASSES_ROOTp rffileShell]

      [HKEY_CLASSES_ROOTprffileShellOpen]

      [HKEY_CLASSES_ROOTprffileShel lOpenCommand]
      @=”rundll32.exe msrating.dll,ClickedOnPRF %1″
      __________

      This certainly does NOT look like a “Microsoft Outlook Profile Settings” File Type… So I have to wonder if this extension was changed for Outlook 2002?

      I hope this diatribe is helpful… I just wanted to let you know I investigated this further.

    • in reply to: Error in Woody’s Level 1 extensions. #527642

      Gotcha. It is the same icon — except for the ‘shortcut arrow’. Thanks for the explanation. Very helpful.

    • in reply to: Conventional Memory in DOS #526856

      Thanks for the responses. Let me jump back in and tell you that I have a lot more data — but I am no less confused. Here is a relevant MSKB article ( http://support.microsoft.com/support/kb/ar…s/Q187/6/80.ASP ) however, it does not help me! I have tried all of that.

      When I say pure DOS, I mean booting to option “5” in Win98 Startup — as Windows starts, I have it set up so I can choose how it boots. The default is option 1 – Windows, but I can choose Bootlog (2), Safe Mode (3), Step-by-step (4), DOS (5), and DOS in Safe Mode (6). However, you should reach the SAME DOS no matter how you choose to boot to DOS, shouldn’t you?

      Also, the paths are correct. Windows is in C:/Windows (default). These are my memory statistics in DOS:

      Modules using memory below 1 MB:

      Name | Total | Conventional

      MSDOS | 18,160 (18K) | 18,160 (18K)
      HIMEM | 1,168 (1K) | 1,168 (1K)
      DBLBUFF 2,976 (3K) | 2,976 (3K)
      IFSHLP | 2,864 (3K) | 2,864 (3K)
      COMMAND | 7,328 (7K) | 7,328 (7K)
      Free | 620,656 (606K) | 620,656 (606K)

      Memory Summary

      Type of Memory | Total | Used | Free
      Conventional | 653 ,312| 32,656 | 620,656
      Upper |0 | 0 | 0
      Reserved| 0| 0 | 0
      Extended (XMS) | 233,832,448 | 69,632 | 233,762,816
      Total memory | 234,485,760 | 102,288 | 234,383,472

      Total under 1 MB | 653,312 | 32,656 | 620,656

      Largest executable program size | 620,640 | (606K)
      Largest free upper memory block | 0 | (OK)
      MS-DOS is resident in the high memory area.
      __________

      That should be PLENTY of memory for scanreg /fix. The MSKB says it only needs 340K…

      Here is more info:

      If I boot to Safe Mode DOS, regscan does NOT run at all. I get this message:

      Not enough memory

      There is no extended memory driver loaded on your computer.

      Make sure that you have a HIMEM.SYS file on the disk from which you are starting your computer, and then restart using the ‘Command prompt only’ option (not ‘Safe mode, command prompt only’). Depending on the location of the HIMEM.SYS file, you may need to add a line such as DEVICE=A:HIMEM.SYS or DEVICE=C:WINDOWSHIMEM.SYS in the CONFIG.SYS file on your boot drive.

      Fine, so I boot to DOS (command prompt) and try to run scanreg /fix. It does run. In fact it gets all the way through user.dat without problem. However, it gets about 2/3 of the way through system.dat and it stops cold turkey and announces the memory problem.

      Here is my config.sys file:

      DEVICE=C:WINDOWSHIMEM.SYS
      DEVICE=C:WINDOWSEMM386.EXE noems
      DOS=high,umb
      DEVICEHIGH=C:WINDOWSCOMMANDDRVSPACE.SYS /MOVE
      FILES=60

      If I rename autoexec.bat and config.sys and reboot to DOS, the same thing happens.

      Any takers?? Thanks.

    • in reply to: Monitor throughput? #524513

      I think this is one way to do it:
      http://www.zdnet.com/downloads/stories/info/0,,001B3Y,.html

      Hmmm… I thought that anyone could get this in the past. It looks like you MAY have to sign up as a ZDNet member to get their FREE downloads now…

    Viewing 5 replies - 2,116 through 2,120 (of 2,120 total)