Jump to content

Run mystery

Guest Jorge Bravo

By Guest Jorge Bravo
in Windows XP

 Share

Recommended Posts

Guest Jorge Bravo

Guest Jorge Bravo

Posted
Posted

I use the Run command selom and unually only for Msconfig and Regedit.

However, sometimes I find in the 'memory' other commands, like the one for

the Firewall. I assume that these are acused by viruses/malware. Is that

common? Is there a way of blocking the Windows Firewall so that no

introsuion is possible?

 

Thank you

 

JB

  • Replies 6
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Daave

Guest Daave

Posted
Posted

Re: Run mystery

 

"Jorge Bravo" <open@closed.com> wrote in message

news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...

>I use the Run command selom and unually only for Msconfig and Regedit.

>However, sometimes I find in the 'memory' other commands, like the one

>for the Firewall. I assume that these are acused by viruses/malware.

>Is that common? Is there a way of blocking the Windows Firewall so that

>no introsuion is possible?

 

One does not block a firewall. Rather, one allows a firewall to block

intrusion attempts from hackers. To see if you are protected, go to this

site:

 

https://www.grc.com/x/ne.dll?bh0bkyd2

 

Scroll down and click Proceed. On the new page, click on the grey

buttons, especially All Service Ports. If you don't pass, let us know.

If everything is green, you are successfully in Stealth Mode, which is

what you want.

 

Regarding commands being memorized (as well as Web sites visited,

doucments opened, etc.), this is a function of Windows. If you would

like to erase your tracks, I recommend using Ccleaner:

 

http://www.ccleaner.com/

 

When you install it, you will probably want to avoid installing any

toolbar add-ons. When you run it, you may configure it to delete

different items, including what you described above -- under Windows

Explorer there is item called "Run (in Start Menu)." Some people are

just interested in regularly cleaning out temp files and choose to leave

the other items, including paswwords. If your firewall is doing its job

and no one else uses your PC (or account), this should not be a problem,

but it's your call.

 

Since cleaning registry items does not noticeably improve a PC's

performance and might even do some amount of damage (including

preventing you from booting up!), be sure to avoid, Ccleaner's registry

"cleaning" function. Otherwise, it's a great program.

Guest Jorge Bravo

Guest Jorge Bravo

Posted
Posted

Re: Run mystery

 

Thanks

 

Everything is green in stealth mode.

 

But I don't think I explained myself well.. When I go into the Run command

box and attempt to typr something a scroll-down list of past commands

appears. Sometines, in the past, I found strange commands which I never

typed. Just recently there was one about firewall.cpl (I think) and at that

time I had a virus that opened up Internet Explorer in the Firewall without

my permission.

 

So, I ant to know how it is that commands can appear in the 'past commands'

in the Run box if I did not type them myself; and if thre is a way of

stopping intrusions in this way that access the Firewall without my knowing.

 

JB

 

 

 

 

"Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem

news:%235Jgpw3NJHA.1896@TK2MSFTNGP02.phx.gbl...

> "Jorge Bravo" <open@closed.com> wrote in message

> news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...

>>I use the Run command selom and unually only for Msconfig and Regedit.

>>However, sometimes I find in the 'memory' other commands, like the one for

>>the Firewall. I assume that these are acused by viruses/malware. Is that

>>common? Is there a way of blocking the Windows Firewall so that no

>>introsuion is possible?

>

> One does not block a firewall. Rather, one allows a firewall to block

> intrusion attempts from hackers. To see if you are protected, go to this

> site:

>

> https://www.grc.com/x/ne.dll?bh0bkyd2

>

> Scroll down and click Proceed. On the new page, click on the grey buttons,

> especially All Service Ports. If you don't pass, let us know. If

> everything is green, you are successfully in Stealth Mode, which is what

> you want.

>

> Regarding commands being memorized (as well as Web sites visited,

> doucments opened, etc.), this is a function of Windows. If you would like

> to erase your tracks, I recommend using Ccleaner:

>

> http://www.ccleaner.com/

>

> When you install it, you will probably want to avoid installing any

> toolbar add-ons. When you run it, you may configure it to delete different

> items, including what you described above -- under Windows Explorer there

> is item called "Run (in Start Menu)." Some people are just interested in

> regularly cleaning out temp files and choose to leave the other items,

> including paswwords. If your firewall is doing its job and no one else

> uses your PC (or account), this should not be a problem, but it's your

> call.

>

> Since cleaning registry items does not noticeably improve a PC's

> performance and might even do some amount of damage (including preventing

> you from booting up!), be sure to avoid, Ccleaner's registry "cleaning"

> function. Otherwise, it's a great program.

>

Guest Steve Yandl

Guest Steve Yandl

Posted
Posted

Re: Run mystery

 

Jorge,

 

The memory for the Run option on your start button window is contained in

the registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU.

In the right pane, there will be up to 26 entries named with single alphabet

letters (hence the limit of 26) and one named MRUList. The data for the

keys named after small alpha characters should be command lines that you've

previously entered at 'Start > Run'. The MRUList value has a series of

letters that determines the age sorting of the other values to enable

bumping the least used when you need to make room for new command lines.

 

Writing a script or program to edit entries under this registry key is quite

simple but I'm not sure why anyone creating malware would want to do so. If

some hacker can get you to run a script on your PC, it would be easier to

simply run an executable from the script rather than modify listings under

the 'Start > Run' option and wait for the user to try it. I can see how

someone providing you with an application might add their own entry to the

registry so that if a user deleted whatever shortcut they provided to launch

their application it would be simpler for the user to use "Plan B' and

launch from the Run line. The only code I've written to alter that key were

scripts to purge the clutter and trip the list to half a dozen rather than

26.

 

 

Steve Yandl

 

 

 

"Jorge Bravo" <open@closed.com> wrote in message

news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...

> Thanks

>

> Everything is green in stealth mode.

>

> But I don't think I explained myself well.. When I go into the Run command

> box and attempt to typr something a scroll-down list of past commands

> appears. Sometines, in the past, I found strange commands which I never

> typed. Just recently there was one about firewall.cpl (I think) and at

> that time I had a virus that opened up Internet Explorer in the Firewall

> without my permission.

>

> So, I ant to know how it is that commands can appear in the 'past

> commands' in the Run box if I did not type them myself; and if thre is a

> way of stopping intrusions in this way that access the Firewall without my

> knowing.

>

> JB

>

>

>

>

> "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem

> news:%235Jgpw3NJHA.1896@TK2MSFTNGP02.phx.gbl...

>> "Jorge Bravo" <open@closed.com> wrote in message

>> news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...

>>>I use the Run command selom and unually only for Msconfig and Regedit.

>>>However, sometimes I find in the 'memory' other commands, like the one

>>>for the Firewall. I assume that these are acused by viruses/malware. Is

>>>that common? Is there a way of blocking the Windows Firewall so that no

>>>introsuion is possible?

>>

>> One does not block a firewall. Rather, one allows a firewall to block

>> intrusion attempts from hackers. To see if you are protected, go to this

>> site:

>>

>> https://www.grc.com/x/ne.dll?bh0bkyd2

>>

>> Scroll down and click Proceed. On the new page, click on the grey

>> buttons, especially All Service Ports. If you don't pass, let us know. If

>> everything is green, you are successfully in Stealth Mode, which is what

>> you want.

>>

>> Regarding commands being memorized (as well as Web sites visited,

>> doucments opened, etc.), this is a function of Windows. If you would like

>> to erase your tracks, I recommend using Ccleaner:

>>

>> http://www.ccleaner.com/

>>

>> When you install it, you will probably want to avoid installing any

>> toolbar add-ons. When you run it, you may configure it to delete

>> different items, including what you described above -- under Windows

>> Explorer there is item called "Run (in Start Menu)." Some people are just

>> interested in regularly cleaning out temp files and choose to leave the

>> other items, including paswwords. If your firewall is doing its job and

>> no one else uses your PC (or account), this should not be a problem, but

>> it's your call.

>>

>> Since cleaning registry items does not noticeably improve a PC's

>> performance and might even do some amount of damage (including preventing

>> you from booting up!), be sure to avoid, Ccleaner's registry "cleaning"

>> function. Otherwise, it's a great program.

>>

>

>

Guest Daave

Guest Daave

Posted
Posted

Re: Run mystery

 

"Jorge Bravo" <open@closed.com> wrote in message

news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...

> So, I ant to know how it is that commands can appear in the 'past

> commands' in the Run box if I did not type them myself; and if thre is

> a way of stopping intrusions in this way that access the Firewall

> without my knowing.

 

If you didn't enter it, someone else did.

 

Make sure others don't use your PC; that will stop this from happening.

Also make sure you are malware-free. See:

 

http://www.elephantboycomputers.com/page2.html#Viruses_Malware

Guest Jorge Bravo

Guest Jorge Bravo

Posted
Posted

Re: Run mystery

 

That's what I meant. Nobody uses my computer; only me!

 

JB

 

 

 

"Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem

news:OfqEw17NJHA.4544@TK2MSFTNGP03.phx.gbl...

> "Jorge Bravo" <open@closed.com> wrote in message

> news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...

>

>> So, I ant to know how it is that commands can appear in the 'past

>> commands' in the Run box if I did not type them myself; and if thre is a

>> way of stopping intrusions in this way that access the Firewall without

>> my knowing.

>

> If you didn't enter it, someone else did.

>

> Make sure others don't use your PC; that will stop this from happening.

> Also make sure you are malware-free. See:

>

> http://www.elephantboycomputers.com/page2.html#Viruses_Malware

>

Guest Jorge Bravo

Guest Jorge Bravo

Posted
Posted

Re: Run mystery

 

Thank you very much Steve, for the very clear and informative reply.

 

JB

 

 

 

"Steve Yandl" <syandl_nospam_@comcast.net> escreveu na mensagem

news:kOednfV8eKahSJnUnZ2dnUVZ_tbinZ2d@giganews.com...

> Jorge,

>

> The memory for the Run option on your start button window is contained in

> the registry key

> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU.

> In the right pane, there will be up to 26 entries named with single

> alphabet letters (hence the limit of 26) and one named MRUList. The data

> for the keys named after small alpha characters should be command lines

> that you've previously entered at 'Start > Run'. The MRUList value has a

> series of letters that determines the age sorting of the other values to

> enable bumping the least used when you need to make room for new command

> lines.

>

> Writing a script or program to edit entries under this registry key is

> quite simple but I'm not sure why anyone creating malware would want to do

> so. If some hacker can get you to run a script on your PC, it would be

> easier to simply run an executable from the script rather than modify

> listings under the 'Start > Run' option and wait for the user to try it.

> I can see how someone providing you with an application might add their

> own entry to the registry so that if a user deleted whatever shortcut they

> provided to launch their application it would be simpler for the user to

> use "Plan B' and launch from the Run line. The only code I've written to

> alter that key were scripts to purge the clutter and trip the list to half

> a dozen rather than 26.

>

>

> Steve Yandl

>

>

>

> "Jorge Bravo" <open@closed.com> wrote in message

> news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...

>> Thanks

>>

>> Everything is green in stealth mode.

>>

>> But I don't think I explained myself well.. When I go into the Run

>> command box and attempt to typr something a scroll-down list of past

>> commands appears. Sometines, in the past, I found strange commands which

>> I never typed. Just recently there was one about firewall.cpl (I think)

>> and at that time I had a virus that opened up Internet Explorer in the

>> Firewall without my permission.

>>

>> So, I ant to know how it is that commands can appear in the 'past

>> commands' in the Run box if I did not type them myself; and if thre is a

>> way of stopping intrusions in this way that access the Firewall without

>> my knowing.

>>

>> JB

>>

>>

>>

>>

>> "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem

>> news:%235Jgpw3NJHA.1896@TK2MSFTNGP02.phx.gbl...

>>> "Jorge Bravo" <open@closed.com> wrote in message

>>> news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...

>>>>I use the Run command selom and unually only for Msconfig and Regedit.

>>>>However, sometimes I find in the 'memory' other commands, like the one

>>>>for the Firewall. I assume that these are acused by viruses/malware. Is

>>>>that common? Is there a way of blocking the Windows Firewall so that no

>>>>introsuion is possible?

>>>

>>> One does not block a firewall. Rather, one allows a firewall to block

>>> intrusion attempts from hackers. To see if you are protected, go to this

>>> site:

>>>

>>> https://www.grc.com/x/ne.dll?bh0bkyd2

>>>

>>> Scroll down and click Proceed. On the new page, click on the grey

>>> buttons, especially All Service Ports. If you don't pass, let us know.

>>> If everything is green, you are successfully in Stealth Mode, which is

>>> what you want.

>>>

>>> Regarding commands being memorized (as well as Web sites visited,

>>> doucments opened, etc.), this is a function of Windows. If you would

>>> like to erase your tracks, I recommend using Ccleaner:

>>>

>>> http://www.ccleaner.com/

>>>

>>> When you install it, you will probably want to avoid installing any

>>> toolbar add-ons. When you run it, you may configure it to delete

>>> different items, including what you described above -- under Windows

>>> Explorer there is item called "Run (in Start Menu)." Some people are

>>> just interested in regularly cleaning out temp files and choose to leave

>>> the other items, including paswwords. If your firewall is doing its job

>>> and no one else uses your PC (or account), this should not be a problem,

>>> but it's your call.

>>>

>>> Since cleaning registry items does not noticeably improve a PC's

>>> performance and might even do some amount of damage (including

>>> preventing you from booting up!), be sure to avoid, Ccleaner's registry

>>> "cleaning" function. Otherwise, it's a great program.

>>>

>>

>>

>

>

 Share
Go to topic listing
×
×
  • Create New...