To Unlock Windows Update locked due to group policy.

To Unlock Windows Update locked due to group policy.

Open gpedit.msc and browse to the location /Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication Settings and double click "turn off access to all windows update features" and set it to disabled.



 Open regedit and back up the key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
and delete WindowsUpdate as it may contain your administrator settings for windows update which  includes a WSUS server address, this entry prevents your windows update from contacting windows update directly.

Repair windows update using the online troubleshooter for windows 7 from here
Open the Windows Update troubleshooter by clicking the Start button , and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Under System and Security, click Fix problems with Windows Update. 

Congratulations your windows updates are now unlocked, only until you reboot next of course.

Creating Unattended install for HP fortify:

 

So I was recently tasked with creating a silent install for HP Fortify 3.40 to 3.50.

The initial plan was to create a response transform using the MSI extracted from the EXE package using Installshield Editor. Then create a batch file to first import the certificate that was created for the group of users in our domain who were allowed this software.

But that did not work out as I was unable to create a response transform using the fortify MSI. Whenever I tried I kept getting this error message.

"An error occurred while generating a Response Transform. Would you like to open a blank transform instead of a Response Transform?"

After some googling I figured the best way to get past this was adding the ISSETUP=1 property using the property manager installshield editor and save the MSI and then try. As it happens it didn’t work out too well, I was able to get past the error but none of the binaries actually worked after install.

I tried a different tack and was succesful by creating an answer file for the setup itself. I used

which recorded a setup.iss file in the location specified.

The setup.iss file could then be edited in notepad to specify the location of the license

[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-DlgOrder]
Dlg0={945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdWelcome-0
Count=10
Dlg1={945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdLicense2Rtf-0
Dlg2={945899E4-57F5-47D2-B66A-17D9AD5146CE}-SelectDir-0
Dlg3={945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdAskDestPath-0
Dlg4={945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdComponentTree-0
Dlg5={945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdStartCopy-0
Dlg6={945899E4-57F5-47D2-B66A-17D9AD5146CE}-AskOptions-0
Dlg7={945899E4-57F5-47D2-B66A-17D9AD5146CE}-ServerSettings-0
Dlg8={945899E4-57F5-47D2-B66A-17D9AD5146CE}-AskOptions-1
Dlg9={945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdFinish-0
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdWelcome-0]
Result=1
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdLicense2Rtf-0]
Result=1
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SelectDir-0]
Result=1
szDir=C:\Users\tausifkhan\Desktop\installer
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdAskDestPath-0]
szDir=C:\Program Files\Fortify Software\HP Fortify v3.40\
Result=1
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdComponentTree-0]
szDir=C:\Program Files\Fortify Software\HP Fortify v3.40\
SCA-type=string
SCA-count=1
SCA-0=SCA\SCA_FILES
AWB-type=string
AWB-count=4
AWB-0=AWB\IDE
AWB-1=AWB\ScanWizard
AWB-2=AWB\AWB_FPR
AWB-3=AWB\ProcessDesign
Component-type=string
Component-count=2
Component-0=SCA
Component-1=AWB
Result=1
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdStartCopy-0]
Result=1
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-AskOptions-0]
Result=1
Sel-0=0
Sel-1=1
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-ServerSettings-0]
updateServer=https://update.fortify.com
updateProxyServer=' '
updateProxyPort=' '
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-AskOptions-1]
Result=1
Sel-0=0
Sel-1=1
[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SdFinish-0]
Result=1
bOpt1=0
bOpt2=0

 

The highlighted location was the part I needed to modify to pull the license off our fileshare. So instead of:

[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SelectDir-0]
Result=1
szDir=C:\Users\tausifkhan\Desktop\installer

I would modify it to :

[{945899E4-57F5-47D2-B66A-17D9AD5146CE}-SelectDir-0]
Result=1
szDir=\\myfileshare\licenselocation

Which very conveniently did not involve keeping the license on the same location as the binaries.

Now all I needed to figure out was a way to install the certificate and then run the setup unattended using the answer file.

Installing the certificate involved the use of certutil:

certutil -addstore -user -f ”My” %locationofcert%\certifictate.cer

next I had to run the install itself and keep the window open while it installed. So:

@echo off
setLocal
:: local variable %percent% is reserved!
@echo off

echo Importing digital licence...

certutil -addstore -user -f ”My” %locationofcert%\certifictate.cer

echo Installing HP fortify X64
start /w C:\Users\TausifKhan\Desktop\installer\x64\HP_Fortify_3.40_SCA_and_Apps_Windows_x64.exe /s /f1C:\Users\TausifKhan\Desktop\installer\x64\setup.iss
call :DisplayProgressBar %sProc% 3

:End of Batch

goto:EOF --------------------
:DisplayProgressBar SUBROUTINE
If not defined percent (
   setlocal
   echo.&echo/    * DO NOT CLOSE THIS WINDOW *&echo.
   Set "wait=ping -n 200000 127.0.0.1 > NUL"
   Set "monitoring=%1"
   Set /a n = %2
   set /a percent = 0
   <nul (Set /P j=Installing)
) Else ( <nul (Set /P j=.) )
>nul 2>&1 (
   title %percent% %%  Completed
   If %n% NEQ 1 (
      For /f %%# in (
        'tasklist.exe ^| find /i /c "%monitoring%"'
      ) Do if NOT %%# GTR 0 Set /a n = 1
   )
)
>nul (%wait% %n%) & set /a percent = percent + 1
If %percent% LEQ 100 (
   call:DisplayProgressBar
) Else (
title Done
<nul (Set /P j=) & echo/100%% Completed
>nul (%wait% 2)
EndLocal
)
goto:EOF --------------------

 

Which seemed to do the trick, the only problem was that I also needed to specify the location of setup.iss itself explicitly on the batch file. Apart from that this worked beautifully.

Symantec Endpoint Protection Client removal:

Symantec Endpoint removal tool:

Hi,
   Here's the CleanWipe version: 12.1.1101.401 :

https://safelinking.net/p/5b91a4034b

and here is the link to manual removal instructions for the SEP 12.1 MP 1 client:

http://www.symantec.com/business/support/index?page=content&id=TECH161956

 

Ping.exe Removal

 

Ping.exe shows up in the list of processes after a braviax family infection

Ie. Win7 antivirus 2012, vista antispyware 2012 etc… To remove the FAKEAV use the following codes to manually activate:

3425-814615-3990: Win7 antispyware 2012, XP security 2012, vista ||||

Y76REW-T65FD5-U7VBF5A: Privacy Protector…

LIC2-00A6-234C-B6A9-38F8-F6E2-0838-F084-E235-6051-18B3: Security monitor 2012…

remove manually and run the following as a reg file to fix shell corruption.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]

@="exefile"

"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]

@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]

@="Application"

"EditFlags"=hex:38,07,00,00

"FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\

00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\

32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\

00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]

@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]

"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

"HasLUAShield"=""

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]

@="\"%1\" %*"

"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runasuser]

@="@shell32.dll,-50944"

"Extended"=""

"SuppressionPolicyEx"="{F211AA05-D4DF-4370-A2A0-9F19C09756A7}"

[HKEY_CLASSES_ROOT\exefile\shell\runasuser\command]

"DelegateExecute"="{ea72d00e-4960-42fa-ba92-7792a7944c1d}"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers]

@="Compatibility"

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\Compatibility]

@="{1d27f844-3a1f-4410-85ac-14651078412d}"

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]

@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]

@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]

@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]

@="C:\Program Files\Mozilla Firefox\firefox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]

@="C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]

@="C:\Program Files\Internet Explorer\iexplore.exe"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]

[-HKEY_CURRENT_USER\Software\Classes\.exe]

[-HKEY_CURRENT_USER\Software\Classes\pezfile]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

After removal Open windows\system32 locate ping.exe change ownership to everyone. Right click ping.exeàPropertiesàsecurityàadvancedàowner and edit ownership to make the current user the owner. Close the properties windows and reopen them again….

Edit security as shown below to grant full permissions to current user from trustedinstaller. Then delete ping.exe.

This sort of infection can download anything from a hacktool to a rootkit. Use broad spectrum scanners to get rid of any other threats. This one has proved particularly useful..

http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe