Skip to main content

How to enable Process Monitor on Windows XP Embedded SP2?

You would like to use the ProcMon tool in order to troubleshoot complicated issue on Win XP Embedded; however that tool fails with an error similar to: “Unable to load Process Monitor device driver”. Note: The ProcMon will not run on Windows XP Embedded due to the fact that it requires Microsoft Filesystem Filter Manager […]

Read More

Malware – Common LoadPoints

This document describes the most common load points that are used by malicious software. These files or registry locations allows running the malware automatically once you log on or start the machine etc.            ## Startup folders (including all users)- The file stored inside of these folders will be executed after user logs on. -#HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User […]

Read More

Process Explorer – Useful options while searching for virus samples.

Process Explorer – Useful options while searching for virus samples.

Process Explorer highlights packed processes with purple (violet) color. Note: very often the packed processes are malicious. Check for file/process signature. Process Explorer has an option called “Verify Image Signatures“. This option automatically checks the CRL (Certificate Revocation List) of the file’s signature. It allows verifying whether that file is valid and if it has […]

Read More

Specifying username/password in a FTP url.

Specifying username/password in a FTP url.

When you open an ftp url into your browser, it automatically logs in as “Anonymous” user to the FTP server being connected to. You can specify a different username to use with the following syntax: Note: Only alphanumeric [0-9a-zA-Z] and the special characters “$-_.+!*'(),” [not including the quotes – ed] and reserved characters used for […]

Read More