Shell commands

Home | NewsGroups | Search | About

microsoft.public.security.virus

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject

Author

Date

Shell commands

dos

03-02-2008

David H. Lipman

David H. Lipman

Mil

David H. Lipman

Posted by dos on March 2, 2008, 4:50 pm

Please log in for more thread options

"dos" wrote:

> "David H. Lipman" wrote:

> >

> > | Hi,

> > | should all shell commands have this "%1" %*? Can a virus modifie this

value?

> >

> > Yes. Viruses have ben know to modify them.

> >

> > What the exact shell command syntax would be depend upon which one.

> >

> > --

> > Dave

> > http://www.claymania.com/removal-trojan-adware.html

> > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

> >

> > Hm,

> what do you think about this two?

> .scr - - "%1" /S

> .txt - Text Document - C:\WINDOWS\NOTEPAD.EXE %1

Sorry for double post!

Posted by Milo on March 2, 2008, 8:49 pm

Please log in for more thread options

can you complete the line
.scr and .txt is being called to execute or to do a tandem action with
another file that is can you please include the entire line thanks
--
Milo

"dos" wrote:

> "dos" wrote:

> >

> > "David H. Lipman" wrote:

> >

> > >

> > > | Hi,

> > > | should all shell commands have this "%1" %*? Can a virus modifie this

value?

> > >

> > > Yes. Viruses have ben know to modify them.

> > >

> > > What the exact shell command syntax would be depend upon which one.

> > >

> > > --

> > > Dave

> > > http://www.claymania.com/removal-trojan-adware.html

> > > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

> > >

> > > Hm,

> > what do you think about this two?

> > .scr - - "%1" /S

> > .txt - Text Document - C:\WINDOWS\NOTEPAD.EXE %1

> >

> Sorry for double post!

Posted by dos on March 3, 2008, 3:33 am

Please log in for more thread options

"Milo" wrote:

> can you complete the line

> .scr and .txt is being called to execute or to do a tandem action with

> another file that is can you please include the entire line thanks

> --

> Milo

> "dos" wrote:

> >

> > "dos" wrote:

> >

> > >

> > > "David H. Lipman" wrote:

> > >

> > > >

> > > > | Hi,

> > > > | should all shell commands have this "%1" %*? Can a virus modifie this

value?

> > > >

> > > > Yes. Viruses have ben know to modify them.

> > > >

> > > > What the exact shell command syntax would be depend upon which one.

> > > >

> > > > --

> > > > Dave

> > > > http://www.claymania.com/removal-trojan-adware.html

> > > > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

> > > >

> > > > Hm,

> > > what do you think about this two?

> > > .scr - - "%1" /S

> > > .txt - Text Document - C:\WINDOWS\NOTEPAD.EXE %1

> > >

> > Sorry for double post!

In registry looks like this.
HKEY_CLASSES_ROOT\scrfile\Shell\config\command "%1"
HKEY_CLASSES_ROOT\scrfile\Shell\install\command rundll32.exe
desk.cpl,InstallScreenSaver %l
HKEY_CLASSES_ROOT\scrfile\Shell\Open\Command "%1" /S

HKEY_CLASSES_ROOT\txtfile\DefaultIcon %SystemRoot%\system32\shell32.dll,-152
HKEY_CLASSES_ROOT\txtfile\shell\open\command C:\WINDOWS\NOTEPAD.EXE %1
HKEY_CLASSES_ROOT\txtfile\shell\print\command
%SystemRoot%\system32\NOTEPAD.EXE /p %1
HKEY_CLASSES_ROOT\txtfile\shell\printto\command
%SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"

Posted by David H. Lipman on March 3, 2008, 4:33 pm

Please log in for more thread options

|
| In registry looks like this.
| HKEY_CLASSES_ROOT\scrfile\Shell\config\command "%1"
| HKEY_CLASSES_ROOT\scrfile\Shell\install\command rundll32.exe
| desk.cpl,InstallScreenSaver %l
| HKEY_CLASSES_ROOT\scrfile\Shell\Open\Command "%1" /S
|
| HKEY_CLASSES_ROOT\txtfile\DefaultIcon %SystemRoot%\system32\shell32.dll,-152
| HKEY_CLASSES_ROOT\txtfile\shell\open\command C:\WINDOWS\NOTEPAD.EXE %1
| HKEY_CLASSES_ROOT\txtfile\shell\print\command
| %SystemRoot%\system32\NOTEPAD.EXE /p %1
| HKEY_CLASSES_ROOT\txtfile\shell\printto\command
| %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"

Let's get to the root...

What is the problem you are having and why are you asking ?

I don't see anything wrong in the above...

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Similar Threads	Posted
On shell code of DCOM	February 23, 2006, 10:16 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

XML Sitemap