Perform a System Restore Rollback on a Non-Bootable Windows XP Computer



Has your Windows XP system become unbootable after making some configuration changes, and you want to perform a System Restore rollback to a previous date? Windows Vista has the Startup Repair feature using which you can restore the system to an earlier restore point. But no such feature exists in Windows XP. After searching around the internet, I came across a great tool to recover Windows 2000/XP/Server 2003 PCs.


Microsoft Diagnostics and Recovery Toolset


Microsoft Diagnostics and Recovery Toolset (MSDaRT) from Microsoft provides powerful tools to help administrators recover PCs that have become unusable, and easily identify root causes of system issues. This toolset is part of the Microsoft Desktop Optimization Pack.


Microsoft DaRT includes the following tools:

- Emergency Repair Disk (ERD) Commander
- ERD Commander Boot Media Wizard
- ERD Help
- Chkdsk
- Command Line
- ERD Explorer
- File Search
- Notepad
- Unzip
- Windows Shell
- Crash Analyzer Wizard
- Disk Commander Wizard
- Disk Wipe
- ERD Registry Editor
- ERD System Restore Wizard
- File Restore
- Hotfix Uninstall Wizard
- Locksmith Wizard
- Solution Wizard
- System File Repair Wizard
- Autoruns
- Disk Management
- Event Viewer
- Services and Drivers
- System Information
- File Sharing
- Map Network Drive
- TCP/IP Configuration


The ERD System Restore Wizard can be used to restore a system that cannot be started to a previous restore point.

Note: All of the utilities provided with ERD Commander, except ERD System Restore Wizard, are compatible with Windows 2000, Windows XP, and Windows Server 2003. ERD System Restore Wizard is compatible only with Windows XP. Do not use the ERD Commander Boot CD in Windows Vista systems.

Limitations of ERD System Restore Wizard: [Quoted from MSDaRT Release Notes] The ERD System Restore Wizard does not perform a complete System Restore operation as the Windows System Restore of Windows XP SP2. The ERD System Restore Wizard does NOT restore the following information:


- ACL changes on files and folders support
- SAM Password hashes
- Attribute changes
- Alternate data streams


Therefore, once the Windows XP SP2 system is back online, it is recommended that you execute a Windows System Restore from a restore point of your choice. The ERD System Restore Wizard should be used to perform the bare minimum of actions that will enable a Windows XP system to start.

Note that the ERD System Restore Wizard is only supported on Windows XP SP2. Windows Server 2003 does not implement the Windows System Restore.

Editor’s note: ERD System Restore Wizard worked just fine when used in a Windows XP SP3 system.




System Restore rollback using ERD Commander


Using another computer, create a Boot CD for ERD Commander. Follow these steps:

1. Download and install MSDaRT

2. Read the MSDaRT CHM Help file, Release Notes (recommended) and the License agreement. The help file and release notes are available in the Microsoft Diagnostics and Recovery Toolset folder under the Program Files folder.

3. If you don’t already have a third-party CD Recording software to burn ISO image to CD, then download the free ISO Recorder PowerToy.

4. After installing the ISO Recorder PowerToy, open the following folder


Code:
C:Program FilesMicrosoft Diagnostics and Recovery Toolset



5. Right-click the file erd50.iso and click Copy image to CD







6. Follow the onscreen instructions and burn the ISO to a CD. This is the ERD Commander Boot CD

7. Insert the ERD Commander Boot CD into the drive and restart the system

8. Boot the computer using ERD Commander Boot CD. You may have to set the boot order in the BIOS first.

9. From the ERD Commander menu (Start menu) that is displayed, click System Tools, and then click System Restore.







10. Click Next when you see the Welcome to the ERD System Restore Wizard screen







11. Select Roll back to an existing restore point created by Windows. ERD System Restore Wizard only performs a partial rollback. (For more information, see paragraph "Limitations of ERD System Restore Wizard" above.)







12. Select the date, and pick a Restore Point from the list.






13. Click Yes to perform System Restore rollback.






14. To view the change log (optional), click the View Details button. This opens a log file using Notepad, which contains the list of changes made to the registry and the file system. To close the dialog, click Finish. The system will restart to complete the System Restore rollback operation.








More Information


When creating the ERD Commander Boot CD, you can add additional files (such as Scripts, stand-alone executables etc). For more information about this option, and to learn about other great tools included in ERD Commander, read the MSDaRT Help (.chm) file. Another excellent tool in this suite is the Crash Analyzer Wizard, using which you can debug crash dump files.
Have No fear,
AT & IRD -The Hell Bringer is here.

http://www.goodpeoplewithgoodhearts.co.nr/
http://www.innovationredefined.blogspot.com/

Ubuntu Update

Update Now
NewlyDiscoveredKernelVulnerabilitiesAffectAllUbuntuUsers2.jpg" target="_blank">
On November 27th, the Ubuntu developers announced the availability of a major security update for the following Ubuntu distributions: 6.06 LTS, 7.10, 8.04 LTS and 8.10 (also applies to Kubuntu, Edubuntu and Xubuntu). The update patches nine security issues (see below for details) discovered in the Linux kernel packages. Therefore, it is strongly recommended to update your system as soon as possible!
The following Linux kernel vulnerabilities have been discovered:
1. The Xen hypervisor block driver couldn't accurately validate incoming requests. Therefore, a user with root privileges could crash a system and cause a DoS (Denial of Service) attack by executing malicious I/O requests. This issue affects only Ubuntu 7.10.
2. The i915 video driver couldn't accurately validate memory addresses. Therefore, an attacker could remap memory and cause a system crash, leading to a DoS (Denial of Service) attack. Ubuntu 6.06 LTS, 7.10 and 8.04 LTS users are not affected by this issue. Ubuntu 8.10 users should update their systems to correct this vulnerability!
3. When files were created in the setgid directories, the Linux kernel package couldn't accurately strip permissions. Because of this, a local user could gain extra group privileges. This issue was discovered by David Watson and it affects only Ubuntu 6.06 LTS users!
4. When file splice requests were handled, the Linux kernel package couldn't accurately reject the "append" flag. Therefore, a local attacker could create changes to random locations in a file by bypassing the append mode. This issue was discovered by Olaf Kirch and Miklos Szeredi, and affects only Ubuntu 7.10 and 8.04 LTS users!
5. The SCTP stack couldn't accurately handle INIT-ACK. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
6. The SCTP stack couldn't accurately handle the length of bad packets. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
7. The HFS+ filesystem had several flaws. Because of this, a user could be tricked to mount a malicious HFS+ filesystem, which could lead to a DoS (Denial of Service) attack and crash the system. This issue was discovered by Eric Sesterhenn, and affects all Ubuntu users!
8. The Unix Socket handler couldn't accurately process the SCM_RIGHTS message. Therefore, a local attacker could create a malicious socket request and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
9. The i2c audio driver couldn't accurately validate several function pointers. Therefore, a local users could obtain root privileges and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
The above Linux kernel vulnerabilities can be fixed if you update your system today to the following specific packages:
• For Ubuntu 6.06 LTS, users should update their kernel packages to linux-image-2.6.15-53.74
• For Ubuntu 7.10, users should update their kernel packages to linux-image-2.6.22-16.60
• For Ubuntu 8.04 LTS, users should update their kernel packages to linux-image-2.6.24-22.45
• For Ubuntu 8.10, users should update their kernel packages to linux-image-2.6.27-9.19
Don't forget to reboot your computer after this update! You can verify the kernel version by typing the sudo dpkg -l linux-image-2.6.27-9-generic command in a terminal (the example is for Ubuntu 8.10 users).
ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.
Get the latest version of Ubuntu right now from here. Don't forget to share it with your friends and family.

Have No fear,
AT & IRD -The Hell Bringer is here.

http://www.goodpeoplewithgoodhearts.co.nr/
http://www.innovationredefined.blogspot.com/

Firefox users at Threat

The first malware directly targeting Mozilla's browser has been discovered
Researchers from the anti-virus vendor BitDefender have come across an innovative piece of malware that hides itself and functions as a Firefox extension. The malicious add-on is a trojan that monitors user activity on numerous banking sites and steals the login credentials.
In order to fly under the radar, this trojan, identified by BitDefender as Trojan.PWS.ChromeInject, registers itself to the browser as “Greasemonkey.” Greasemonkey is actually the name of an advanced and legit Firefox extension that allows users to modify the appearance and rendering of visited web pages, through local JavaScript files.
The malware consists of a DLL file, called npbasic.dll that is dropped into the Firefox plugins directory and a JavaScript file, browser.js, that sits in the chrome folder. Finding these two files on a computer in the respective locations is an indication of an infection with this trojan. Fortunately, this malicious piece of software does not feature self-replication, and is not available in Mozilla's official add-ons repository. Instead, it is downloaded and installed by other malware.
BitDefender has assigned a “very high” damage level for this threat, mainly because of the over 100 banking websites it filters. The likes of US Bank, PayPal, Bank of America, E-Gold are on the list, along with tens of banks from the UK, Spain, Italy, Germany, Australia, France, and even one from the Isle of Man. The trojan forwards the collected data to a server located in Russia.
This new type of attack comes after a November in which Firefox's market share reached the 20% marker, for the first time in the browser's history. A lot of professionals estimate that this number will increase even more with the release of Firefox 3.1, which will bring unprecedented JavaScript performance. This could mean other similar threats might be taking off, with malware authors trying to benefit from the increasing popularity of Firefox and the general users' belief that it's safer than Internet Explorer.
Signatures for the detection of the ChromeInject trojan are likely to be released by the other antivirus vendors as well, so keeping your security solution updated is very important, as Viorel Canja, head of BitDefender anti-virus lab, points out. “In order to stay safe, home computer users are advised to install effective Internet Security protection and make sure they are updated regularly, to ward off these attempts,” says Mr. Canja.
If this malware running as a Firefox plugin technique takes off, it will be interesting to see Mozilla's response. Maybe providing an option to restrict installation of add-ons from the interface only would be a solution to mitigate this new type of attack.
Have No fear,
AT & IRD -The Hell Bringer is here.

http://www.goodpeoplewithgoodhearts.co.nr/
http://www.innovationredefined.blogspot.com/