A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

SCR attack



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old December 2nd 19, 09:59 PM posted to alt.comp.os.windows-10,alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default SCR attack

Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.



Ads
  #2  
Old December 2nd 19, 10:25 PM posted to alt.comp.os.windows-10,alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default SCR attack

"Mayayana" on Mon, 2 Dec 2019 15:59:49 -0500
typed in alt.windows7.general the following:
Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.


You don't, but I'm sure that there are someones who still use
them. Default, habit, "no reason" not too.


--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
  #3  
Old December 2nd 19, 11:29 PM posted to alt.comp.os.windows-10,alt.windows7.general
Ken Springer[_2_]
external usenet poster
 
Posts: 3,817
Default SCR attack

On 12/2/19 2:25 PM, pyotr filipivich wrote:
"Mayayana" on Mon, 2 Dec 2019 15:59:49 -0500
typed in alt.windows7.general the following:
Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.


You don't, but I'm sure that there are someones who still use
them. Default, habit, "no reason" not too.


I like the slideshow! I downloaded some fantastic (to me) wall papers,
and I've got good monitors. :-)


--
Ken
MacOS 10.14.6
Firefox 70.0.1
Thunderbird 60.9
"My brain is like lightning, a quick flash
and it's gone!"
  #4  
Old December 3rd 19, 12:04 AM posted to alt.comp.os.windows-10,alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default SCR attack

Mayayana wrote:
Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.


Did you scan it on virustotal for fun ?

Paul

  #5  
Old December 3rd 19, 01:09 AM posted to alt.comp.os.windows-10,alt.windows7.general
J. P. Gilliver (John)[_7_]
external usenet poster
 
Posts: 603
Default SCR attack

In message , Ken Springer
writes:
On 12/2/19 2:25 PM, pyotr filipivich wrote:
"Mayayana" on Mon, 2 Dec 2019 15:59:49 -0500
typed in alt.windows7.general the following:

[]
I don't know of any reason for screensavers to still exist.
I certainly don't use them.


Certainly, the common reason - inherent in the name - went with CRTs; I
think an LCD _can_ develop burnin if driven hard for a _long_ time, but
it's a very minor effect. (I suspect plasma displays are more
susceptible, but I don't think many people use those now, outside sports
stadia and CSI.)

You don't, but I'm sure that there are someones who still use
them. Default, habit, "no reason" not too.


I like the slideshow! I downloaded some fantastic (to me) wall papers,
and I've got good monitors. :-)

And people like the animations; some are quite works of art. Not to
mention spending time teapot-spotting when you were supposed to be
working! Until the spoilsports at Microsoft took them out, I think
between '9x and XP.

A lot of the older 'savers wouldn't work on each new version of Windows
(and I don't think it was just 16/32/64 bitness). I did have a utility
that made them still work - I think it made '9x ones work under XP - but
I haven't bothered looking for similar for 7.

7 does still come with 7 savers, but I'm not aware of anyone writing
extra ones, either free or paid. (Yes, people used to actually pay for
them!)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

If something works, thank an engineer. (Reported seen on a bumper sticker.)
  #6  
Old December 3rd 19, 02:27 AM posted to alt.comp.os.windows-10,alt.windows7.general
knuttle
external usenet poster
 
Posts: 262
Default SCR attack

On 12/2/2019 4:25 PM, pyotr filipivich wrote:
"Mayayana" on Mon, 2 Dec 2019 15:59:49 -0500
typed in alt.windows7.general the following:
Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.


You don't, but I'm sure that there are someones who still use
them. Default, habit, "no reason" not too.


There is no need to download a screen saver program, as a screen saver
is part of Windows 10 Personnalization Background one of three choices
in that window. I use to use a screen saver when I would leave my
desktop on for extended periods. Because of life changes, I turn it
off when not in use.

I have always used my own pictures for wall paper. When I get tired of
the wall paper, I look at my old pictures and change to something else.
When we go some where like a vacation I always am thinking of what would
make goood wallpaper when I am taking photos.

  #7  
Old December 3rd 19, 02:34 AM posted to alt.comp.os.windows-10,alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default SCR attack

Mayayana wrote:

Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.


How many users lock their computer before leaving it powered? A
screensaver can be configured to lock the workstation after an idle
timeout. A password is required to exit the screensaver. No need to go
through a power cycle. Protects against forgetful users that walk away
from their active sessions. Yes, users could hit Win+L to lock their
session before they walk away, but few do. Think of it as a delayed
automatic lock on your house or car door. Still affords some
protection, and is better than no protection.

If you are far from the monitor but can still see the monitor, it is
unlikely that anything displayed on it has any value. You'll be too far
away to see your Calendar, Word, Outlook, web browser, or other program
and its content. But a large clock display that can be seen across the
room still has the computer afford something of value to you when you're
not at the computer.

Just because you have done so, the screensaver generates an event on
which scheduled events can trigger. That is, when the screensaver
fires, and event gets recorded. You can define an event in Task
Scheduler to fire on that event. For example, I don't like being
awakened during the night by sounds made by my computer, like for new
e-mails. When the screen lock occurs, my Task Scheduler event will mute
the speakers. That way, I'm not interrupted while sleeping. Yes, I
could schedule when the speakers get muted, but that assumes I'm an
automotron that keeps fixed hours of waking and sleeping. No, my hours
vary all over the place. The only way to know that I haven't been using
the computer for awhile is by the screensaver's idle timeout whereupon
the speakers get muted. I have another Task Scheduler event that
watches for the unlock event to unmute the speakers. I don't have to
remember to mute the speakers before walking away, nor have to remember
to unmute them upon my return.

Oh, by the way, burn in was a problem with CRTs, but it did not
completely disappear with LCDs. It just became longer before burn-in
got effected on an LCD monitor.

https://en.wikipedia.org/wiki/Screen..._OLED_displays
https://www.techhive.com/article/314...d-display.html
https://lifehacker.com/is-burn-in-st...nitors-5982108
https://lifehacker.com/remove-lcd-image-burn-in-146469

I've seen temporary burn-in with LCD monitors. You see the ghost for
awhile, but it fades over time, like hours or days. Remember that the
twisting of the lens (polarizer) for a pixel is a mechanical stress.
There's memory to that mechanical stress. This is why I may use a clock
for the screensaver, but the clock moves around. Perhaps most users
like to have light shining in their eyes. I can't see how it is
comfortable to have a flashlight in your eyes all the time. I prefer
dark themes. The light theme is traditional based on paper books that
had black ink on white paper (cheaper cost for ink, and white paper is
cheaper to produce than black). So monitors emulated the contrast used
by books, yet most documents or window are whitespace which means light
shone into your eyes. I find dark themes more relaxing on my eyes, and
I will more likely see ghosting than someone using a light theme. I use
a dark theme on my desktops, laptops, and smartphones. Not all apps
obey the OS configured theme, so you have to check if they have their
own dark theme, or if you can configure their colors.

CRTs had a burn-in problem because they used a chemical (phosphor) to
produce light. LCDs don't have burn-in, but they can be afflicted with
image persistence.
  #8  
Old December 3rd 19, 02:55 AM posted to alt.comp.os.windows-10,alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default SCR attack

Mayayana wrote:

Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.


An .scr is an executable file, just like an .exe file. A screensaver
file contains executable code. The only reason .scr was used as a
filetype was to allow Windows to search on that extension and presented
is a candidate screen saver program. As such, your e-mail client, if
properly configured, should have blocked the dangerous .scr attachment,
or any other executable attachment. A .scr file is a program aka
app[lication]. As I recall, MS Outlook used the registry to list which
extensions were dangerous. Other e-mail client should still have a
similar feature (integral, ini file, or registry entries) to denote
which extensions (level 1) for attachments it considers unsafe. No one
has been able to send me an .exe or .scr file for a long time, like
decades. Hell, the e-mail provider should already do the blocking (and,
if so, afford an override option).

Some users think a black (blank) screensaver consumes less power than an
all-white screensaver. They don't know how LCDs work. All all-black
screensaver consumes an itty bitty more power than an all-white
screensaver, because of the lack of having to apply power to twist the
polarizer to block the light from the LED. The backlamp is always on.
Whether you see it for a pixel depends on whether or not the polarizer
is energized. An energized polarizer consumes more power than a relaxed
polarizer.

Lots of users like to use their computers for entertainment. Many
screensavers are for entertainment. Instead of, say, playing a video
game, they want to watch a fireplace, aquarium, a light show, or flip
through a bunch of pictures (slideshow). After all, there are TONS of
tweaks to Windows that having absolutely nothing to do with using the
OS, but are for personalization (i.e., fluff). Screensavers, for those
users, would become worthless when wallpapers also become worthless.
  #9  
Old December 3rd 19, 03:22 AM posted to alt.comp.os.windows-10,alt.windows7.general
T
external usenet poster
 
Posts: 4,600
Default SCR attack

On 2019-12-02 17:34, VanguardLH wrote:
I don't know of any reason for screensavers to still exist.
I certainly don't use them.


How many users lock their computer before leaving it powered? A
screensaver can be configured to lock the workstation after an idle
timeout.


Vanguard has a point. And it is also part of by PCI (Payment
Card Industry) requirements

SAQ-C 8.1.8

If a session has been idle for more than 15 minutes,
are
users required to re-authenticate (for example,
re-enter the
password) to re-activate the terminal
or session?


A "no" fails you.

I set the screensaver to 10 minutes with a five minute
grace period before re-authenticate. That way when the
customer sees the screen saver come on, he can wiggle the
mouse and not have to re-authenticate if he gets to
it quick enough. It cuts down on the frustration.

Anyone who wants the directions on how to set up a
grace period, ping me on the subject line.

And on regular customers, I set up the screensavers because
they JUST LIKE IT. It feels like it is "their" computer
after they get to see endless pictures of their kids/grand
kids and/or their cars.

Me? Mine are endless pictures of trout. Now that feels
like it is MY computer (that and I build it with my own
two hands.)


  #10  
Old December 3rd 19, 03:23 AM posted to alt.comp.os.windows-10,alt.windows7.general
T
external usenet poster
 
Posts: 4,600
Default SCR attack

On 2019-12-02 14:29, Ken Springer wrote:

I like the slideshow!Â* I downloaded some fantastic (to me) wall papers,
andÂ*I'veÂ*gotÂ*goodÂ*monitors. :-)


No trout? I am heart broken!

Okay, maybe not ....

  #11  
Old December 3rd 19, 03:38 AM posted to alt.comp.os.windows-10,alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default SCR attack

VanguardLH wrote:

Just because you have done so, ...



Oops. Should be "Just becasue you have not done so, ..."
^^^
  #12  
Old December 3rd 19, 03:43 AM posted to alt.comp.os.windows-10,alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default SCR attack

"Paul" wrote

| Did you scan it on virustotal for fun ?
|

No. I saved it and converted the base-64 code,
rather than open the email. I opened that in HxD,
to see that it was an EXE. If I remember correctly
screensavers are EXEs, anyway.
Once I saw that I just deleted it.

I don't think I've ever actually used a screensaver.
These days I just put it on standby if I'm taking a
break.


  #13  
Old December 3rd 19, 03:49 AM posted to alt.comp.os.windows-10,alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default SCR attack

"VanguardLH" wrote

| How many users lock their computer before leaving it powered? A
| screensaver can be configured to lock the workstation after an idle
| timeout.

News to me. I've never worked in an office or
needed a computer anywhere but home. If I'm
using it it's on. If I take a break it's on standby.
Otherwise it's off. In none of those situations
would a screensaver be relevant. I've also never
had a computer configured to go into standby
or activate a screensaver after a period of inactivity.
I never used a screensaver with a CRT, either, but
I didn't leave it turned on. There was no reason
to do so. But I can see how it might be different
if you're not at home.


  #14  
Old December 3rd 19, 08:02 AM posted to alt.comp.os.windows-10,alt.windows7.general
JJ[_11_]
external usenet poster
 
Posts: 744
Default SCR attack

On Mon, 2 Dec 2019 15:59:49 -0500, Mayayana wrote:
Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.


I'd suggest not associate it with `txtfile`, since by default, it will be
opened using Notepad, and Notepad can be very slow when loading a binary
file. If the file is about half MB or more, you'll just get a frozen Notepad
- and you'll end up having to use Task Manager to terminate it. So, either
remove the SCR file association, or associate it with a non existing
program, or a program which simply display a message dialog saying that it's
not allowed to be run.
  #15  
Old December 3rd 19, 10:55 AM posted to alt.comp.os.windows-10,alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default SCR attack

JJ wrote:

remove the SCR file association


Run "assoc .scr" in a command shell. Should point at the 'scrfile'
handler. In the registry, it's the following key:

HKEY_CLASSES_ROOT\scrfile

under which the shell - open - command key says to load using:

"%1" /S

That means the .scr file is handled like an executable, passing the
program to the command interpreter along with the /S switch. If you try
to run the .scr like an .exe file (or rename .scr to .exe), nothing
happens. The /S switch is needed.

Do a find on .scr files in your Windows instance. One is mystify.scr.
Copy elsewhere (e.g., C:\Temp). Open a command shell and navigate to
C:\Temp. Run:

mystify.scr /S

and the screensaver runs ... just like any program.

You could use "assoc .scr=" to remove the filetype association, but that
won't prevent from running an .scr file as a program - which is what is
an .scr screensaver file. Only because of a change in some later
version of Windows that requires the /S command-line switch are users
prevented from accidentally double-clicking on an .scr file to run it.
I don't know which version of Windows added the /S requirement.

file.scr
Does nothing, or displays a list a settings dialog for the screensaver.

file.scr /S
Runs the code inside the .scr file.

See more command-line switches at:
https://en.wikipedia.org/wiki/Screen...rosoft_Windows.

Because screensavers are executable code, old screensavers may not run
because the WOW (Windows On Windows) emulator is missing. You cannot,
for example, run 16-bit code on a 64-bit Windows. 32-bit Windows can
run 32-bit apps, or 16-bit apps using the WOW32 emulator. 64-bit
Windows can run 64-bit apps, or 32-bit apps using the WOW64 emulator.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 03:34 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.