Backup of my brain...

vbscript – Ensure single instance of the script running at time.

Following Sub allows to ensure that only one instance of the script is running at time. Usage: Call EnsureSingleInstance Code: Sub EnsureSingleInstance() dim svc, squery, ncount set svc=getobject(“winmgmts:root\cimv2″)     squery=”SELECT commandline FROM win32_process WHERE commandline LIKE ‘%” & wscript.scriptname & “%'”         ncount=svc.execquery(squery).count     set svc=nothing if ncount>1 then ‘ The script got executed […]

Read More

How to enable Process Monitor on Windows XP Embedded SP2?

You would like to use the ProcMon tool in order to troubleshoot complicated issue on Win XP Embedded; however that tool fails with an error similar to: “Unable to load Process Monitor device driver”. Note: The ProcMon will not run on Windows XP Embedded due to the fact that it requires Microsoft Filesystem Filter Manager […]

Read More

Malware – Common LoadPoints

This document describes the most common load points that are used by malicious software. These files or registry locations allows running the malware automatically once you log on or start the machine etc.            ## Startup folders (including all users)- The file stored inside of these folders will be executed after user logs on. -#HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User […]

Read More

Process Explorer – Useful options while searching for virus samples.

Process Explorer highlights packed processes with purple (violet) color. Note: very often the packed processes are malicious. Check for file/process signature. Process Explorer has an option called “Verify Image Signatures“. This option automatically checks the CRL (Certificate Revocation List) of the file’s signature. It allows verifying whether that file is valid and if it has […]

Read More

Extract Voice memo (Voice comment) from JPG to WAV

Birth of AudioNet. Recently I spent some time on Googling for Open Source or Free application or .dll able to extract voice comments (voice memo) from .jpg (jpeg) images. I found two programs, so I decided to share my findings since it took some time and maybe someone will find it useful. (Free version): – […]

Read More