Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
Shell commands
Shell commands

Shell commands
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Shell commands dos 03-02-2008
---> Re: Shell commands David H. Lipman03-02-2008
Posted by =?Utf-8?B?ZG9z?= on March 2, 2008, 4:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


"dos" wrote:

>
>
> "David H. Lipman" wrote:
>
> >
> > | Hi,
> > | should all shell commands have this "%1" %*? Can a virus modifie this
value?
> >
> > Yes. Viruses have ben know to modify them.
> >
> > What the exact shell command syntax would be depend upon which one.
> >
> > --
> > Dave
> > http://www.claymania.com/removal-trojan-adware.html
> > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
> >
> >
> > Hm,
> what do you think about this two?
> .scr - - "%1" /S
> .txt - Text Document - C:\WINDOWS\NOTEPAD.EXE %1
>
Sorry for double post!

Posted by =?Utf-8?B?TWlsbw==?= on March 2, 2008, 8:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
can you complete the line
.scr and .txt is being called to execute or to do a tandem action with
another file that is can you please include the entire line thanks
--
Milo



"dos" wrote:

>
>
> "dos" wrote:
>
> >
> >
> > "David H. Lipman" wrote:
> >
> > >
> > > | Hi,
> > > | should all shell commands have this "%1" %*? Can a virus modifie this
value?
> > >
> > > Yes. Viruses have ben know to modify them.
> > >
> > > What the exact shell command syntax would be depend upon which one.
> > >
> > > --
> > > Dave
> > > http://www.claymania.com/removal-trojan-adware.html
> > > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
> > >
> > >
> > > Hm,
> > what do you think about this two?
> > .scr - - "%1" /S
> > .txt - Text Document - C:\WINDOWS\NOTEPAD.EXE %1
> >
> Sorry for double post!

Posted by =?Utf-8?B?ZG9z?= on March 3, 2008, 3:33 am
If you were  Registered and logged in, you could reply and use other advanced thread options


"Milo" wrote:

> can you complete the line
> .scr and .txt is being called to execute or to do a tandem action with
> another file that is can you please include the entire line thanks
> --
> Milo
>
>
>
> "dos" wrote:
>
> >
> >
> > "dos" wrote:
> >
> > >
> > >
> > > "David H. Lipman" wrote:
> > >
> > > >
> > > > | Hi,
> > > > | should all shell commands have this "%1" %*? Can a virus modifie this
value?
> > > >
> > > > Yes. Viruses have ben know to modify them.
> > > >
> > > > What the exact shell command syntax would be depend upon which one.
> > > >
> > > > --
> > > > Dave
> > > > http://www.claymania.com/removal-trojan-adware.html
> > > > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
> > > >
> > > >
> > > > Hm,
> > > what do you think about this two?
> > > .scr - - "%1" /S
> > > .txt - Text Document - C:\WINDOWS\NOTEPAD.EXE %1
> > >
> > Sorry for double post!

In registry looks like this.
HKEY_CLASSES_ROOT\scrfile\Shell\config\command "%1"
HKEY_CLASSES_ROOT\scrfile\Shell\install\command rundll32.exe
desk.cpl,InstallScreenSaver %l
HKEY_CLASSES_ROOT\scrfile\Shell\Open\Command "%1" /S

HKEY_CLASSES_ROOT\txtfile\DefaultIcon %SystemRoot%\system32\shell32.dll,-152
HKEY_CLASSES_ROOT\txtfile\shell\open\command C:\WINDOWS\NOTEPAD.EXE %1
HKEY_CLASSES_ROOT\txtfile\shell\print\command
%SystemRoot%\system32\NOTEPAD.EXE /p %1
HKEY_CLASSES_ROOT\txtfile\shell\printto\command
%SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"

Posted by David H. Lipman on March 3, 2008, 4:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


|
| In registry looks like this.
| HKEY_CLASSES_ROOT\scrfile\Shell\config\command "%1"
| HKEY_CLASSES_ROOT\scrfile\Shell\install\command rundll32.exe
| desk.cpl,InstallScreenSaver %l
| HKEY_CLASSES_ROOT\scrfile\Shell\Open\Command "%1" /S
|
| HKEY_CLASSES_ROOT\txtfile\DefaultIcon %SystemRoot%\system32\shell32.dll,-152
| HKEY_CLASSES_ROOT\txtfile\shell\open\command C:\WINDOWS\NOTEPAD.EXE %1
| HKEY_CLASSES_ROOT\txtfile\shell\print\command
| %SystemRoot%\system32\NOTEPAD.EXE /p %1
| HKEY_CLASSES_ROOT\txtfile\shell\printto\command
| %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"

Let's get to the root...

What is the problem you are having and why are you asking ?

I don't see anything wrong in the above...

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Similar ThreadsPosted
On shell code of DCOM February 23, 2006, 10:16 pm

The site map in XML format XML site map

Contact Us | Privacy Policy