• Category Archives Windows

  • Remotely Setting the Time on a Windows Machine

    Posted on by Craig Szymanski

    Use psexec.exe from an admin account on a remote system and send this command below. This can be from a Domain Admin account or if the machine you are logged onto has the same exact Admin account…
    psexec \\MachineName w32tm /resync

    PsExec v1.98 – Execute processes remotely
    Copyright (C) 2001-2010 Mark Russinovich
    Sysinternals – www.sysinternals.com

    Sending resync command to local computer…
    The command completed successfully.
    w32tm exited on MachineName with error code 0.

    Then check time with…
    net time \\MachineName

    Note: You can specify a username to execute this command as, but the password will go over the wire in plain text.

    References

    http://technet.microsoft.com/en-us/library/cc773263%28WS.10%29.aspx
    http://technet.microsoft.com/en-us/sysinternals/bb842062
    http://technet.microsoft.com/en-us/sysinternals/bb897553

     


    Windows

  • Can the Conflicker Worm be removed?

    Posted on by Craig Szymanski

    By crmanski

    Over the last few months I have seen and heard or quite a few computers infected with the “Conficker” worm ( also know as Downup, Downadup and Kido). It is truly a nasty piece of software that ingrains itself so far into the system that it has been impossible to remove from any of the systems that I had not personally secured myself with the steps I outline here. That one machine the person had actually clicked on the “yes” button to install the worm. Luckily it was with the non-administrative account and I was able isolate the files and remove them.

    I did some research around the web on so called removal instructions and came across Microsofts…

    microsoft.com – “How do I remove the Conficker worm? If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you can’t access those tools, try using the Windows Live OneCare Safety Scanner.”

    This is totally useless. I’ve spent hours using a manually downloaded MSRT and the Live OneCare Scanner. It might tell you that it cleaned the machine and the everything will look good, but after a couple reboots and even opening Internet Explorer once will bring it right back. You might be able to “remove” it, but the problem of Windows XP or Vista setting up all home user account as administrators of the local machine still exists. The point of infection is still available and any account that uses the computer can infect the system. Try to remove this infection is an exercise in futility.

    If you have been infected I think it is best if you backup your documents and re-install the Operating system from scratch (Don’t forget to scan them with an updated Antivirus before putting them back on your computer). This way you can be truly sure that there is no infection. It is not wise to trust a machine that has had such a bad infection. This is especially true for someone who does online banking or conducts other business transactions on the Internet. It is better to start fresh and make sure that the system is secure. Follow the steps on the checklist. If you cannot, then find someone that can.

    Technology:


    Security Windows