Run mystery

I use the Run command selom and unually only for Msconfig and Regedit.
However, sometimes I find in the 'memory' other commands, like the one for
the Firewall. I assume that these are acused by viruses/malware. Is that
common? Is there a way of blocking the Windows Firewall so that no
introsuion is possible?

Thank you

JB

"Jorge Bravo" wrote in message
...
I use the Run command selom and unually only for Msconfig and Regedit.
However, sometimes I find in the 'memory' other commands, like the one
for the Firewall. I assume that these are acused by viruses/malware.
Is that common? Is there a way of blocking the Windows Firewall so that
no introsuion is possible?

One does not block a firewall. Rather, one allows a firewall to block
intrusion attempts from hackers. To see if you are protected, go to this
site:

https://www.grc.com/x/ne.dll?bh0bkyd2

Scroll down and click Proceed. On the new page, click on the grey
buttons, especially All Service Ports. If you don't pass, let us know.
If everything is green, you are successfully in Stealth Mode, which is
what you want.

Regarding commands being memorized (as well as Web sites visited,
doucments opened, etc.), this is a function of Windows. If you would
like to erase your tracks, I recommend using Ccleaner:

http://www.ccleaner.com/

When you install it, you will probably want to avoid installing any
toolbar add-ons. When you run it, you may configure it to delete
different items, including what you described above -- under Windows
Explorer there is item called "Run (in Start Menu)." Some people are
just interested in regularly cleaning out temp files and choose to leave
the other items, including paswwords. If your firewall is doing its job
and no one else uses your PC (or account), this should not be a problem,
but it's your call.

Since cleaning registry items does not noticeably improve a PC's
performance and might even do some amount of damage (including
preventing you from booting up!), be sure to avoid, Ccleaner's registry
"cleaning" function. Otherwise, it's a great program.

Thanks

Everything is green in stealth mode.

But I don't think I explained myself well.. When I go into the Run command
box and attempt to typr something a scroll-down list of past commands
appears. Sometines, in the past, I found strange commands which I never
typed. Just recently there was one about firewall.cpl (I think) and at that
time I had a virus that opened up Internet Explorer in the Firewall without
my permission.

So, I ant to know how it is that commands can appear in the 'past commands'
in the Run box if I did not type them myself; and if thre is a way of
stopping intrusions in this way that access the Firewall without my knowing.

JB




"Daave" escreveu na mensagem
...
"Jorge Bravo" wrote in message
...
I use the Run command selom and unually only for Msconfig and Regedit.
However, sometimes I find in the 'memory' other commands, like the one for
the Firewall. I assume that these are acused by viruses/malware. Is that
common? Is there a way of blocking the Windows Firewall so that no
introsuion is possible?

One does not block a firewall. Rather, one allows a firewall to block
intrusion attempts from hackers. To see if you are protected, go to this
site:

https://www.grc.com/x/ne.dll?bh0bkyd2

Scroll down and click Proceed. On the new page, click on the grey buttons,
especially All Service Ports. If you don't pass, let us know. If
everything is green, you are successfully in Stealth Mode, which is what
you want.

Regarding commands being memorized (as well as Web sites visited,
doucments opened, etc.), this is a function of Windows. If you would like
to erase your tracks, I recommend using Ccleaner:

http://www.ccleaner.com/

When you install it, you will probably want to avoid installing any
toolbar add-ons. When you run it, you may configure it to delete different
items, including what you described above -- under Windows Explorer there
is item called "Run (in Start Menu)." Some people are just interested in
regularly cleaning out temp files and choose to leave the other items,
including paswwords. If your firewall is doing its job and no one else
uses your PC (or account), this should not be a problem, but it's your
call.

Since cleaning registry items does not noticeably improve a PC's
performance and might even do some amount of damage (including preventing
you from booting up!), be sure to avoid, Ccleaner's registry "cleaning"
function. Otherwise, it's a great program.

Jorge,

The memory for the Run option on your start button window is contained in
the registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\RunMRU.
In the right pane, there will be up to 26 entries named with single alphabet
letters (hence the limit of 26) and one named MRUList. The data for the
keys named after small alpha characters should be command lines that you've
previously entered at 'Start Run'. The MRUList value has a series of
letters that determines the age sorting of the other values to enable
bumping the least used when you need to make room for new command lines.

Writing a script or program to edit entries under this registry key is quite
simple but I'm not sure why anyone creating malware would want to do so. If
some hacker can get you to run a script on your PC, it would be easier to
simply run an executable from the script rather than modify listings under
the 'Start Run' option and wait for the user to try it. I can see how
someone providing you with an application might add their own entry to the
registry so that if a user deleted whatever shortcut they provided to launch
their application it would be simpler for the user to use "Plan B' and
launch from the Run line. The only code I've written to alter that key were
scripts to purge the clutter and trip the list to half a dozen rather than
26.


Steve Yandl



"Jorge Bravo" wrote in message
...
Thanks

Everything is green in stealth mode.

But I don't think I explained myself well.. When I go into the Run command
box and attempt to typr something a scroll-down list of past commands
appears. Sometines, in the past, I found strange commands which I never
typed. Just recently there was one about firewall.cpl (I think) and at
that time I had a virus that opened up Internet Explorer in the Firewall
without my permission.

So, I ant to know how it is that commands can appear in the 'past
commands' in the Run box if I did not type them myself; and if thre is a
way of stopping intrusions in this way that access the Firewall without my
knowing.

JB




"Daave" escreveu na mensagem
...
"Jorge Bravo" wrote in message
...
I use the Run command selom and unually only for Msconfig and Regedit.
However, sometimes I find in the 'memory' other commands, like the one
for the Firewall. I assume that these are acused by viruses/malware. Is
that common? Is there a way of blocking the Windows Firewall so that no
introsuion is possible?

One does not block a firewall. Rather, one allows a firewall to block
intrusion attempts from hackers. To see if you are protected, go to this
site:

https://www.grc.com/x/ne.dll?bh0bkyd2

Scroll down and click Proceed. On the new page, click on the grey
buttons, especially All Service Ports. If you don't pass, let us know. If
everything is green, you are successfully in Stealth Mode, which is what
you want.

Regarding commands being memorized (as well as Web sites visited,
doucments opened, etc.), this is a function of Windows. If you would like
to erase your tracks, I recommend using Ccleaner:

http://www.ccleaner.com/

When you install it, you will probably want to avoid installing any
toolbar add-ons. When you run it, you may configure it to delete
different items, including what you described above -- under Windows
Explorer there is item called "Run (in Start Menu)." Some people are just
interested in regularly cleaning out temp files and choose to leave the
other items, including paswwords. If your firewall is doing its job and
no one else uses your PC (or account), this should not be a problem, but
it's your call.

Since cleaning registry items does not noticeably improve a PC's
performance and might even do some amount of damage (including preventing
you from booting up!), be sure to avoid, Ccleaner's registry "cleaning"
function. Otherwise, it's a great program.

"Jorge Bravo" wrote in message
...

So, I ant to know how it is that commands can appear in the 'past
commands' in the Run box if I did not type them myself; and if thre is
a way of stopping intrusions in this way that access the Firewall
without my knowing.

If you didn't enter it, someone else did.

Make sure others don't use your PC; that will stop this from happening.
Also make sure you are malware-free. See:

http://www.elephantboycomputers.com/...iruses_Malware

That's what I meant. Nobody uses my computer; only me!

JB



"Daave" escreveu na mensagem
...
"Jorge Bravo" wrote in message
...

So, I ant to know how it is that commands can appear in the 'past
commands' in the Run box if I did not type them myself; and if thre is a
way of stopping intrusions in this way that access the Firewall without
my knowing.

If you didn't enter it, someone else did.

Make sure others don't use your PC; that will stop this from happening.
Also make sure you are malware-free. See:

http://www.elephantboycomputers.com/...iruses_Malware

Thank you very much Steve, for the very clear and informative reply.

JB



"Steve Yandl" escreveu na mensagem
...
Jorge,

The memory for the Run option on your start button window is contained in
the registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\RunMRU.
In the right pane, there will be up to 26 entries named with single
alphabet letters (hence the limit of 26) and one named MRUList. The data
for the keys named after small alpha characters should be command lines
that you've previously entered at 'Start Run'. The MRUList value has a
series of letters that determines the age sorting of the other values to
enable bumping the least used when you need to make room for new command
lines.

Writing a script or program to edit entries under this registry key is
quite simple but I'm not sure why anyone creating malware would want to do
so. If some hacker can get you to run a script on your PC, it would be
easier to simply run an executable from the script rather than modify
listings under the 'Start Run' option and wait for the user to try it.
I can see how someone providing you with an application might add their
own entry to the registry so that if a user deleted whatever shortcut they
provided to launch their application it would be simpler for the user to
use "Plan B' and launch from the Run line. The only code I've written to
alter that key were scripts to purge the clutter and trip the list to half
a dozen rather than 26.


Steve Yandl



"Jorge Bravo" wrote in message
...
Thanks

Everything is green in stealth mode.

But I don't think I explained myself well.. When I go into the Run
command box and attempt to typr something a scroll-down list of past
commands appears. Sometines, in the past, I found strange commands which
I never typed. Just recently there was one about firewall.cpl (I think)
and at that time I had a virus that opened up Internet Explorer in the
Firewall without my permission.

So, I ant to know how it is that commands can appear in the 'past
commands' in the Run box if I did not type them myself; and if thre is a
way of stopping intrusions in this way that access the Firewall without
my knowing.

JB




"Daave" escreveu na mensagem
...
"Jorge Bravo" wrote in message
...
I use the Run command selom and unually only for Msconfig and Regedit.
However, sometimes I find in the 'memory' other commands, like the one
for the Firewall. I assume that these are acused by viruses/malware. Is
that common? Is there a way of blocking the Windows Firewall so that no
introsuion is possible?

One does not block a firewall. Rather, one allows a firewall to block
intrusion attempts from hackers. To see if you are protected, go to this
site:

https://www.grc.com/x/ne.dll?bh0bkyd2

Scroll down and click Proceed. On the new page, click on the grey
buttons, especially All Service Ports. If you don't pass, let us know.
If everything is green, you are successfully in Stealth Mode, which is
what you want.

Regarding commands being memorized (as well as Web sites visited,
doucments opened, etc.), this is a function of Windows. If you would
like to erase your tracks, I recommend using Ccleaner:

http://www.ccleaner.com/

When you install it, you will probably want to avoid installing any
toolbar add-ons. When you run it, you may configure it to delete
different items, including what you described above -- under Windows
Explorer there is item called "Run (in Start Menu)." Some people are
just interested in regularly cleaning out temp files and choose to leave
the other items, including paswwords. If your firewall is doing its job
and no one else uses your PC (or account), this should not be a problem,
but it's your call.

Since cleaning registry items does not noticeably improve a PC's
performance and might even do some amount of damage (including
preventing you from booting up!), be sure to avoid, Ccleaner's registry
"cleaning" function. Otherwise, it's a great program.