umd internet "security" warning lotsa code
#1
Posted 14 August 2008 - 01:24 PM
what i managed to glean is that it basically makes sure file/printer sharing is off and that you're running symantec. yes people, symantec.
as i said, it's broken. it gives a script error in firefox. it refuses to run in ie (because i uninstalled ie =P)
the best part about this is that this high-security "wizard" (which umd bought from God-only-knows-who) is a script that sits there on your hd. not compiled. just source.
as i said, i think it's vbscript. right now because i got an exemption (from a bratty it kid that i wanted to attack) i can't access the script anymore. when my exemption runs out, i'll redownload. at that point, i'm hoping some of our more savvy hackers can help me figure out what to send to their server to get my thumbs-up. i might even be tempted to go wave it in their face =)
<pyro1588> "welcome to australia, can i help you find what you're looking for?"
<Tox> pyro1588, I'm giving you the most reproachful of glares right now.
--------
Go show those nutty Koreans what us crazy Europeans are made of pirate.gif pirate.gif pirate.gif - Saike
<exophase> The old Commodore strategy of, "Go friggin' bankrupt!"
<wervyn> Go away! I'm writing the same engine I always do!
#3
Posted 14 August 2008 - 05:28 PM
Serious damage to important body parts pretty much ruins any plans you had for living. Bummer.
#4
Posted 14 August 2008 - 05:36 PM
<img src="http://img223.imageshack.us/img223/2655/quakemarinepz1.gif" border="0" class="linked-sig-image" />
--------------------
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences."
- P.J. O'Rourke
--------------------
"Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good torment us without end, for they do so with the approval of their own conscience."
- C.S. Lewis
--------------------
This week, on LANCER PONDERS:
<lolilover> I notice alot of Japanese fiction involving kemono-mimi characters always has the main character saving an innocent animal and then the animal returns as a girl to reward him for his kindness.
<lolilover> Well there's a cat that is always wandering around in my backyard. Should I feed it in the hopes that one day a catgirl will show up at my door?
#5
Posted 15 August 2008 - 02:00 AM
- Bertrand Potato
#6
Posted 15 August 2008 - 12:50 PM
commodorejohn, on Aug 14 2008, 06:36 PM, said:
We all listen to the one known Weasel, for he is like one of the three wise men of DigitalMZX, compared to you, Goshi and Aise who are the three wise guys. I agree, i've never used this Symantec thingie, don't own a computer of my own, so i wouldn't. However, i havn't heared anything good from it, just random outbusts about how useless it is.
[18:02] <mira> Wait, jastiC! You forgot your lunchbag!
[18:02] <zamros> jastiC just got PWNz0ReD by scorchX3000 ! I kan haz another kick, scorchX3000 ?
[18:02] * jastiC (~bdauh@cloak-5F72C0EC.superkabel.de) has joined #idiots-club
[18:02] <crank[AWAY]> Remember jastiC?
[18:02] <Rogue_Robots> GOOOOooOOAAAAAAALLLL!!11!11
[18:02] <Fungahhh> Aww how sad jastiC got kicked..
[18:02] <gbelo-bot> Beep. jastiC is acting highly illogical.
[18:02] <coyote> jastiC presses the big red button!
[18:04] * jastiC was kicked by scorchX3000 (~IceChat7@cloak-D9B6A48B.mid d.cable.ntl.com) Reason (let's see what happens this time.)
[18:04] <mira> Ooh, that's gonna leave a mark, right on jastiC's backside
[18:04] <zamros> jastiC just got PWNz0ReD by scorchX3000 ! I kan haz another kick, scorchX3000 ?
[18:04] <coyote> jastiC spins out of control!
#7
Posted 15 August 2008 - 02:40 PM
This post has been edited by commodorejohn: 15 August 2008 - 02:41 PM
<img src="http://img223.imageshack.us/img223/2655/quakemarinepz1.gif" border="0" class="linked-sig-image" />
--------------------
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences."
- P.J. O'Rourke
--------------------
"Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good torment us without end, for they do so with the approval of their own conscience."
- C.S. Lewis
--------------------
This week, on LANCER PONDERS:
<lolilover> I notice alot of Japanese fiction involving kemono-mimi characters always has the main character saving an innocent animal and then the animal returns as a girl to reward him for his kindness.
<lolilover> Well there's a cat that is always wandering around in my backyard. Should I feed it in the hopes that one day a catgirl will show up at my door?
#8
Posted 15 August 2008 - 10:30 PM
commodorejohn, on Aug 15 2008, 09:40 AM, said:
Reminds me of Norton Crash Guard. My dad tried installing that once and it totally crashed Windows so bad he had to redo the entire system. Needless to say we told Norton (wasn't Symantec at the time) of the incident. If we paid anything for it, which I doubt, we got our money back.
#10
Posted 16 August 2008 - 09:17 AM
Also yeah that script seems bloody stupid.
#11
Posted 16 August 2008 - 12:04 PM
#12
Posted 17 August 2008 - 01:29 AM
<pyro1588> "welcome to australia, can i help you find what you're looking for?"
<Tox> pyro1588, I'm giving you the most reproachful of glares right now.
--------
Go show those nutty Koreans what us crazy Europeans are made of pirate.gif pirate.gif pirate.gif - Saike
<exophase> The old Commodore strategy of, "Go friggin' bankrupt!"
<wervyn> Go away! I'm writing the same engine I always do!
#13
Posted 17 August 2008 - 08:36 AM
<3 the vbscript.
#14
Posted 17 August 2008 - 07:59 PM
#15
Posted 18 August 2008 - 11:34 AM
Mr. Apol, on Aug 16 2008, 03:28 AM, said:
Yes, buy a Mac with the handle on top of the moniter, so you can use it as a anchor on the high seas.
[18:02] <mira> Wait, jastiC! You forgot your lunchbag!
[18:02] <zamros> jastiC just got PWNz0ReD by scorchX3000 ! I kan haz another kick, scorchX3000 ?
[18:02] * jastiC (~bdauh@cloak-5F72C0EC.superkabel.de) has joined #idiots-club
[18:02] <crank[AWAY]> Remember jastiC?
[18:02] <Rogue_Robots> GOOOOooOOAAAAAAALLLL!!11!11
[18:02] <Fungahhh> Aww how sad jastiC got kicked..
[18:02] <gbelo-bot> Beep. jastiC is acting highly illogical.
[18:02] <coyote> jastiC presses the big red button!
[18:04] * jastiC was kicked by scorchX3000 (~IceChat7@cloak-D9B6A48B.mid d.cable.ntl.com) Reason (let's see what happens this time.)
[18:04] <mira> Ooh, that's gonna leave a mark, right on jastiC's backside
[18:04] <zamros> jastiC just got PWNz0ReD by scorchX3000 ! I kan haz another kick, scorchX3000 ?
[18:04] <coyote> jastiC spins out of control!
#16
Posted 18 August 2008 - 01:23 PM
scorch3000, on Aug 18 2008, 12:34 PM, said:
My Classic // and I are going to thrash you good for that, boy.
<img src="http://img223.imageshack.us/img223/2655/quakemarinepz1.gif" border="0" class="linked-sig-image" />
--------------------
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences."
- P.J. O'Rourke
--------------------
"Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good torment us without end, for they do so with the approval of their own conscience."
- C.S. Lewis
--------------------
This week, on LANCER PONDERS:
<lolilover> I notice alot of Japanese fiction involving kemono-mimi characters always has the main character saving an innocent animal and then the animal returns as a girl to reward him for his kindness.
<lolilover> Well there's a cat that is always wandering around in my backyard. Should I feed it in the hopes that one day a catgirl will show up at my door?
#17
Posted 18 August 2008 - 10:59 PM
Moved here.
I'm a huge dumbass! Ban me! - let us infect your computer with our virus to keep you safe from other viruses.
<pyro1588> "welcome to australia, can i help you find what you're looking for?"
<Tox> pyro1588, I'm giving you the most reproachful of glares right now.
--------
Go show those nutty Koreans what us crazy Europeans are made of pirate.gif pirate.gif pirate.gif - Saike
<exophase> The old Commodore strategy of, "Go friggin' bankrupt!"
<wervyn> Go away! I'm writing the same engine I always do!
#18
Posted 19 August 2008 - 09:37 AM
[18:02] <mira> Wait, jastiC! You forgot your lunchbag!
[18:02] <zamros> jastiC just got PWNz0ReD by scorchX3000 ! I kan haz another kick, scorchX3000 ?
[18:02] * jastiC (~bdauh@cloak-5F72C0EC.superkabel.de) has joined #idiots-club
[18:02] <crank[AWAY]> Remember jastiC?
[18:02] <Rogue_Robots> GOOOOooOOAAAAAAALLLL!!11!11
[18:02] <Fungahhh> Aww how sad jastiC got kicked..
[18:02] <gbelo-bot> Beep. jastiC is acting highly illogical.
[18:02] <coyote> jastiC presses the big red button!
[18:04] * jastiC was kicked by scorchX3000 (~IceChat7@cloak-D9B6A48B.mid d.cable.ntl.com) Reason (let's see what happens this time.)
[18:04] <mira> Ooh, that's gonna leave a mark, right on jastiC's backside
[18:04] <zamros> jastiC just got PWNz0ReD by scorchX3000 ! I kan haz another kick, scorchX3000 ?
[18:04] <coyote> jastiC spins out of control!
#19
Posted 20 August 2008 - 03:29 PM
<@Tixus> Anyway, I set the year to 1988 for some reason.
<@Tixus> And set the microwave to run for a minute and 28 seconds.
<@Tixus> But it failed to send me back in time, and I was disappointed.
<Insidious> Tixus accidentally microwaved the 80s
<Insidious> that is my takeaway from this
#20
Posted 22 August 2008 - 02:29 AM
This post has been edited by zzo38: 22 August 2008 - 02:35 AM
"Potion of Confusing": Solve all the puzzles, hold second one as you hold a pencil, and save gibbering mouthers from the king's army.
#21
Posted 22 August 2008 - 03:20 PM
you see, i never saw a EULA or agreed to anything. i think i'm going to head over to IT and ask them just what the hell they think they're allowed to do.
<pyro1588> "welcome to australia, can i help you find what you're looking for?"
<Tox> pyro1588, I'm giving you the most reproachful of glares right now.
--------
Go show those nutty Koreans what us crazy Europeans are made of pirate.gif pirate.gif pirate.gif - Saike
<exophase> The old Commodore strategy of, "Go friggin' bankrupt!"
<wervyn> Go away! I'm writing the same engine I always do!
#22
Posted 22 August 2008 - 06:25 PM
someone posted a link to this thread on thedailywtf.com and being a good samaritan I thought I'd help. Unfortunately I only have a 20 minutes right now and I'll be away for the weekend so this is probably a time saver for whoever ends up helping you properly.
Here's the gutted version of the script which basically answers yes to all the checks. For the symantec bull it looks up versions which I don't know.
To run this script create a file something.vbs and paste it in there. Probably create the file in the same location as links.exe
If their back end doesn't do too many checks this ought to work.
This is all I can do in 20 min...
Regards
D
'_________________________Begin Global Vars________________________________________________ '#########Begin Version######### Const intVersionMajor = 1 Const intVersionMinor = 1 Const intVerisonSub = 35 '#########End Version########### Const strDelim = ";" '########################Begin Urls############################################### Dim strCmdSendErrUrl Dim strCkVersionUrl Dim strLoadNewVersionUrl Dim strWebIpUrl Dim strSendResultsUrl Dim strSendResultsUrl2 'Production Web Destination Const strURLBase = "http://yogi.d.umn.edu" '#########################End Urls############################################ Dim boolFirstRun Dim objDialogWindow Dim strAllSettings Dim strErrLine Dim strArr Dim strOS Dim strAdminAcctPwBlank Dim strOtherAcctPwBlank '_________________________End Global Vars________________________________________________ strCmdSendErrUrl = strURLBase & "/cgi-bin/qs/senderr-qsbasic.cgi?" strCkVersionUrl = strURLBase & "/qs/qsbasic.txt" strLoadNewVersionUrl = strURLBase & "/qs/qsbasic.exe" strWebIpUrl = strURLBase & "/cgi-bin/qs/addr.cgi" strSendResultsUrl = strURLBase & "/cgi-bin/qs/qs.cgi?" Const adVarChar = 200 Const MaxCharacters = 255 Const adInteger = 3 Const adBoolean = 11 Const strXP = "Windows XP" Const str2k = "Windows 2000" Dim strHTML Dim objRun Dim GetSettingsCMD Dim objFile Dim objFSO Dim objShell Dim strCompliant Dim strSDB Dim rsDataList Dim strMaxpasswdLen Dim strMaxpasswdAge Dim strComputer Dim objNetwork Dim strUserName Dim strDomain Dim strComputerName Dim strDy Dim strTme Dim intQVal Dim strHexQVal Dim dt Dim strTimeStamp Dim strSdbLog Dim str2kanalyzeCMD Dim strXPanalyzeCMD Dim strSysPath Dim oRegExp, colMatches, oMatch Dim objLogFile Dim strPattern Dim strOut Dim strLog Dim strCharacters Dim strClump Dim strBuff Dim strLogMismatch Dim longStrPosition Dim strStyle Dim strRegSettings Dim lngQVal Dim strOSfriendly Dim objWMIService Dim colOperatingSystems Dim objOperatingSystem Dim varTQVal Dim intFileAndPrintSh Dim intSuccess Dim intLMServer Dim intNoPw Dim strTest Dim strErrAdmin Dim objSdbLog Dim strFileSharingIndicator Dim strFWIndicator Dim strAccum Dim SAVinstalled Dim longDefTodayDiff Dim dateOldDef Dim dateLU Dim strAcctDelim Dim strBlankPasswdAcct Dim strLMhashAcct Dim strArrBlankPasswdAcct Dim strArrLMhashAcct Dim LongBlankPasswdSZ Dim LongLMhashSZ Dim strBlnkNTLMhash Dim strBlankLMhash Dim boolBailOut Dim intDecision Dim strPlaceHolder Dim intOS_VerSP Dim strAllTests Dim strNX Dim strPasswdTest Dim strXPHome Dim objMySAV Dim boolNoAUfix Dim strNoSP2mesg Dim intVerSP strAcctDelim = ":" strXPHome = "0" strAdminAcctPwBlank = "0" strOtherAcctPwBlank = "0" strNX = "0" boolFirstRun = True 'version ck boolBailOut = False On Error Resume Next strComputer = "." strOS = "XP" strXPHome = "1" intVerSP = 3 strDy = FormatDateTime(Now, vbLongDate) strTme = FormatDateTime(Now, vbLongTime) strComputer = "." strSysPath = objFSO.GetSpecialFolder(0).Path 'same as %systemRoot% dt = Now strTimeStamp = CStr(Year(dt)) & CStr(Month(dt)) & CStr(Day(dt)) & CStr(Hour(dt)) & CStr(Second(dt)) strSdbLog = strSysPath & "\security\logs\OITSEC_ck" & strTimeStamp & ".txt" intFileAndPrintSh = 1 '1=off , 0=on Set rsDataList = CreateObject("ADODB.Recordset") rsDataList.Fields.Append "SettingID", adVarChar, MaxCharacters rsDataList.Fields.Append "SettingName", adVarChar, MaxCharacters rsDataList.Fields.Append "PolicySetting", adVarChar, MaxCharacters rsDataList.Fields.Append "QueryValue", adVarChar, MaxCharacters rsDataList.Fields.Append "Compliant", adInteger '0 = not compliant, 1 = compliant -1 = error reading rsDataList.Fields.Append "FixIt", adInteger '0 = not fixable, 1 = fixable, -1 = error reading rsDataList.open strFWIndicator = "1" strRegSettings = GetRegs(strOS) strArr = Split(strRegSettings, strDelim, -1) SAVinstalled = True dateLU = GetLUrevDate() longDefTodayDiff = DefRevAge(dateLU) '********** 0 1 2-24 strAllSettings = intFileAndPrintSh & strDelim & strFWIndicator & strDelim & strRegSettings & strDelim '********** 25 26 27 strAllSettings = strAllSettings & CStr(DatePart("yyyy", dateLU)) & strDelim & CStr(DatePart("m", dateLU)) & strDelim & CStr(DatePart("d", dateLU)) & strDelim '********** 28 strAllSettings = strAllSettings & CStr(longDefTodayDiff) & strDelim '********** 29 strAllSettings = strAllSettings & GetSAVParent & strDelim '********** 30-36 strAllSettings = strAllSettings & GetIf() & strDelim '********** 37 strAllSettings = strAllSettings & UDate(dt) & strDelim '********** 38 39 40 strAllSettings = strAllSettings & intVersionMajor & strDelim & intVersionMinor & strDelim & intVerisonSub & strDelim '********** 41 42,43 strAllSettings = strAllSettings & UDate(CGmt(dateLU)) & strDelim & "forgot what this was" strArr = Split(strAllSettings, strDelim, -1) rsDataList.AddNew rsDataList("SettingID") = "XPfw" rsDataList("SettingName") = "Windows XP Firewall" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "AU" rsDataList("SettingName") = "Automatic Windows Updates" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "fpshr" rsDataList("SettingName") = "File and Print Sharing for MS Networks" rsDataList("PolicySetting") = "Uninstalled" rsDataList("QueryValue") = "Uninstalled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update SAVinstalled = True rsDataList.AddNew rsDataList("SettingID") = "SAVinstld" rsDataList("SettingName") = "Symantec AV Installed" rsDataList("PolicySetting") = "Installed or Managed" rsDataList("QueryValue") = "Version 1000.1000.1000 Installed" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "LUen" rsDataList("SettingName") = "LiveUpdate Enabled" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "DefVer" rsDataList("SettingName") = "Virus Definition File Version" dateOldDef = DateAdd("d", -8, dt) rsDataList("PolicySetting") = "Oldest Acceptable Date = " & CStr(Month(dateOldDef)) & "-" & CStr(Day(dateOldDef)) & "-" & CStr(Year(dateOldDef)) rsDataList("QueryValue") = "01-01-2020" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "DefAge" rsDataList("SettingName") = "Virus Definition File Age" rsDataList("PolicySetting") = "8 days or less" rsDataList("QueryValue") = 1 rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "LUfreq" rsDataList("SettingName") = "LiveUpdate Schedule Frequency" rsDataList("PolicySetting") = "Daily" rsDataList("QueryValue") = "Daily" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "AutoProtFS" rsDataList("SettingName") = "Auto-Protect: Filesystem" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update '''check if test fail then set to 0 strAllTests = "1" strPasswdTest = "1" ' strAllTests = 1 ----- all tests passed , strAllTests = 0 ----- at least 1 test failed ' strPasswdTest = 1 ---- blank passwd test passed ( no blank PWs found), strPasswdTest = 0 ---- blank passwd test failed ( blank PWs were found) 'step through tests table, rsDataList, and see if any tests show "compliant" = 0 ' '***********SHOWING PW TESTS DISABLED******************************************************* strBlankPasswdAcct = "-1" strNX = "-1" strPasswdTest = "-1" strOtherAcctPwBlank = "-1" strAdminAcctPwBlank = "-1" '***********SHOWING PW TESTS DISABLED '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 'THE MOST UGLY-ASS KLUDGE IN THE WORLD 'This is the continuation of strAllSettings ' settings after slot #44 will have to be dealt with and tacked on post slot #44 ' 0-43 44 45 46 strAllSettings = strAllSettings & strDelim & strAllTests & strDelim & strNX & strDelim & strPasswdTest _ & strDelim & strAdminAcctPwBlank & strDelim & strOtherAcctPwBlank & strDelim & "1" ' 47 48 49 SendResults strAllSettings 'close the progress dialog '* and resize the main window 'Call self.Focus 'self.ResizeTo 670, 550 'self.MoveTo 200, 200 '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Function AcctDisabled(strAcctNo, strComputer, strUser) End Function Function AuditStrSelect(intSetting) End Function Function ShowRow(rsDataList) End Function Function ShowTableHeader(strTblName, strStyle) End Function Function ShowTableFooter() End Function Function ShowLMhash(strArrLMhashAcct, LongLMhashSZ, strStyle) End Function Function ShowBlankPW(strArrBlankPasswdAcct, LongBlankPasswdSZ, strStyle, strXPHome) End Function Function IsFwOn() IsFwOn = True End Function Sub XPfwFixIt() End Sub Sub AUFixIt() End Sub Sub LUenFixIt() End Sub Sub LUfreqFixIt() End Sub Sub AutoProtEmailFixIt() End Sub Sub AutoProtFSFixIt() End Sub Sub Window_Onunload() End Sub Sub fpshrFixIt() End Sub Function HandleAnonEnum(Setting) End Function Function GetLUrevDate() GetLUrevDate = DateSerial(2010, 1, 1) End Function Function DefRevAge(dateDefRev) Const strInterval = "d" Dim dateToday Dim longLastLU dateToday = Now longLastLU = DateDiff(strInterval, dateDefRev, dateToday) DefRevAge = longLastLU End Function Function GetRegs(strOS) Const HKEY_LOCAL_MACHINE = &H80000002 Const strComputer = "." Dim strOut Dim objReg Dim strKeyPath Dim strValName Dim strVal Dim varVal Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\" strValName = "WUServer" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strVal strValName = "WUStatusServer" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strKeyPath = "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" strValName = "NoAutoUpdate" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "AUOptions" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "ScheduledInstallDay" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "ScheduledInstallTime" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "UseWUServer" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "NoAutoRebootWithLoggedOnUsers" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "RescheduleWaitTime" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'SAV LU settings strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\PATTERNMANAGER\SCHEDULE\" strValName = "Enabled" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "Type" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "MinOfDay" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "MissedEventEnabled" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "RandomizeDayRange" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "TimeWindowDaily" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'SAV RealTime scan settings 'filesystem strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\STORAGES\FILESYSTEM\REALTIMESCAN\" strValName = "OnOff" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "Heuristics" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "HeuristicsLevel" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'InternetMail strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\STORAGES\INTERNETMAIL\REALTIMESCAN\" strValName = "OnOff" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "FileType" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\" strValName = "PatternFileRevision" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "ProductVersion" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\" strValName = "AUOptions" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'MsgBox "End GetREGS" & strOut GetRegs = strOut End Function Function GetSAVParent() GetSAVParent = "something" End Function Function FandPS(strAction, strOS) End Function Function LmServer(strAction) End Function Sub CleanUp() End Sub Sub HandleError(objDialogWindow) End Sub Sub cmdSendErr() End Sub Function ckVersion() ckVersion = 1 End Function Sub LoadNewVersion() End Sub Function GetIf() GetIf = "127.0.0.1" & strDelim & "X" & strDelim & "X" & strDelim & "X" & strDelim & "X" & strDelim & "X" & strDelim & "1" End Function Function webIP() End Function Function Base64Encode(inData) 'rfc1521 '2001 Antonin Foller, Motobit Software, [url="http://Motobit.cz"]http://Motobit.cz[/url] Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" Dim cOut, sOut, I 'For each group of 3 bytes For I = 1 To Len(inData) Step 3 Dim nGroup, pOut, sGroup 'Create one long from this 3 bytes. nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _ &H100 * MyASC(Mid(inData, I + 1, 1)) + MyASC(Mid(inData, I + 2, 1)) 'Oct splits the long To 8 groups with 3 bits nGroup = Oct(nGroup) 'Add leading zeros nGroup = String(8 - Len(nGroup), "0") & nGroup 'Convert To base64 pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) + _ Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) + _ Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) + _ Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1) 'Add the part To OutPut string sOut = sOut + pOut 'Add a new line For Each 76 chars In dest (76*3/4 = 57) 'If (I + 2) Mod 57 = 0 Then sOut = sOut + vbCrLf Next Select Case Len(inData) Mod 3 Case 1: '8 bit final sOut = Left(sOut, Len(sOut) - 2) + "==" Case 2: '16 bit final sOut = Left(sOut, Len(sOut) - 1) + "=" End Select Base64Encode = sOut End Function Function MyASC(OneChar) If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar) End Function Sub SendResults(strResults) Dim objShell Dim objFSO Dim strUploadCmd Dim strLinks Dim strResultsEnc strResultsEnc = Base64Encode(strResults) strSendResultsUrl2 = strSendResultsUrl & strResultsEnc strLinks = ".\links.exe -dump " strUploadCmd = strLinks & strSendResultsUrl2 Set objFSO = CreateObject("Scripting.FileSystemObject") Set objShell = CreateObject("WScript.Shell") If MsgBox("Can I run the following command?" & vbNewLine & strUploadCmd, vbYesNo, "uploading results...somewhere") = vbYes Then objShell.Run strUploadCmd, 2, 1 End If End Sub Function makeUnixTime(strTime, mode) End Function Function CGmt(dateLocalTime) 'Given a time in the type date, returns the time of type date in timezone GMT Dim strComputer Dim objWMIService Dim colItems Dim objItem Dim intTimeBias strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_TimeZone", , 48) For Each objItem In colItems intTimeBias = -(objItem.Bias) Next CGmt = DateAdd("n", intTimeBias, dateLocalTime) End Function Function UDate(dateMs) UDate = DateDiff("s", "01/01/1970 00:00:00", dateMs) End Function Function isLsassCrashable() isLsassCrashable = False End Function Function PwdCk(objFSO, strComputerName) PwdCk = "" End Function Function SavOk(rsDataList) SavOk = "1" End Function Sub cmdNoSend() End Sub Sub RunPrint() 'window.Print End Sub
#23
Posted 22 August 2008 - 11:03 PM
Dima, on Aug 22 2008, 12:25 PM, said:
someone posted a link to this thread on thedailywtf.com and being a good samaritan I thought I'd help. Unfortunately I only have a 20 minutes right now and I'll be away for the weekend so this is probably a time saver for whoever ends up helping you properly.
Here's the gutted version of the script which basically answers yes to all the checks. For the symantec bull it looks up versions which I don't know.
To run this script create a file something.vbs and paste it in there. Probably create the file in the same location as links.exe
If their back end doesn't do too many checks this ought to work.
This is all I can do in 20 min...
Regards
D
'_________________________Begin Global Vars________________________________________________ '#########Begin Version######### Const intVersionMajor = 1 Const intVersionMinor = 1 Const intVerisonSub = 35 '#########End Version########### Const strDelim = ";" '########################Begin Urls############################################### Dim strCmdSendErrUrl Dim strCkVersionUrl Dim strLoadNewVersionUrl Dim strWebIpUrl Dim strSendResultsUrl Dim strSendResultsUrl2 'Production Web Destination Const strURLBase = "http://yogi.d.umn.edu" '#########################End Urls############################################ Dim boolFirstRun Dim objDialogWindow Dim strAllSettings Dim strErrLine Dim strArr Dim strOS Dim strAdminAcctPwBlank Dim strOtherAcctPwBlank '_________________________End Global Vars________________________________________________ strCmdSendErrUrl = strURLBase & "/cgi-bin/qs/senderr-qsbasic.cgi?" strCkVersionUrl = strURLBase & "/qs/qsbasic.txt" strLoadNewVersionUrl = strURLBase & "/qs/qsbasic.exe" strWebIpUrl = strURLBase & "/cgi-bin/qs/addr.cgi" strSendResultsUrl = strURLBase & "/cgi-bin/qs/qs.cgi?" Const adVarChar = 200 Const MaxCharacters = 255 Const adInteger = 3 Const adBoolean = 11 Const strXP = "Windows XP" Const str2k = "Windows 2000" Dim strHTML Dim objRun Dim GetSettingsCMD Dim objFile Dim objFSO Dim objShell Dim strCompliant Dim strSDB Dim rsDataList Dim strMaxpasswdLen Dim strMaxpasswdAge Dim strComputer Dim objNetwork Dim strUserName Dim strDomain Dim strComputerName Dim strDy Dim strTme Dim intQVal Dim strHexQVal Dim dt Dim strTimeStamp Dim strSdbLog Dim str2kanalyzeCMD Dim strXPanalyzeCMD Dim strSysPath Dim oRegExp, colMatches, oMatch Dim objLogFile Dim strPattern Dim strOut Dim strLog Dim strCharacters Dim strClump Dim strBuff Dim strLogMismatch Dim longStrPosition Dim strStyle Dim strRegSettings Dim lngQVal Dim strOSfriendly Dim objWMIService Dim colOperatingSystems Dim objOperatingSystem Dim varTQVal Dim intFileAndPrintSh Dim intSuccess Dim intLMServer Dim intNoPw Dim strTest Dim strErrAdmin Dim objSdbLog Dim strFileSharingIndicator Dim strFWIndicator Dim strAccum Dim SAVinstalled Dim longDefTodayDiff Dim dateOldDef Dim dateLU Dim strAcctDelim Dim strBlankPasswdAcct Dim strLMhashAcct Dim strArrBlankPasswdAcct Dim strArrLMhashAcct Dim LongBlankPasswdSZ Dim LongLMhashSZ Dim strBlnkNTLMhash Dim strBlankLMhash Dim boolBailOut Dim intDecision Dim strPlaceHolder Dim intOS_VerSP Dim strAllTests Dim strNX Dim strPasswdTest Dim strXPHome Dim objMySAV Dim boolNoAUfix Dim strNoSP2mesg Dim intVerSP strAcctDelim = ":" strXPHome = "0" strAdminAcctPwBlank = "0" strOtherAcctPwBlank = "0" strNX = "0" boolFirstRun = True 'version ck boolBailOut = False On Error Resume Next strComputer = "." strOS = "XP" strXPHome = "1" intVerSP = 3 strDy = FormatDateTime(Now, vbLongDate) strTme = FormatDateTime(Now, vbLongTime) strComputer = "." strSysPath = objFSO.GetSpecialFolder(0).Path 'same as %systemRoot% dt = Now strTimeStamp = CStr(Year(dt)) & CStr(Month(dt)) & CStr(Day(dt)) & CStr(Hour(dt)) & CStr(Second(dt)) strSdbLog = strSysPath & "\security\logs\OITSEC_ck" & strTimeStamp & ".txt" intFileAndPrintSh = 1 '1=off , 0=on Set rsDataList = CreateObject("ADODB.Recordset") rsDataList.Fields.Append "SettingID", adVarChar, MaxCharacters rsDataList.Fields.Append "SettingName", adVarChar, MaxCharacters rsDataList.Fields.Append "PolicySetting", adVarChar, MaxCharacters rsDataList.Fields.Append "QueryValue", adVarChar, MaxCharacters rsDataList.Fields.Append "Compliant", adInteger '0 = not compliant, 1 = compliant -1 = error reading rsDataList.Fields.Append "FixIt", adInteger '0 = not fixable, 1 = fixable, -1 = error reading rsDataList.open strFWIndicator = "1" strRegSettings = GetRegs(strOS) strArr = Split(strRegSettings, strDelim, -1) SAVinstalled = True dateLU = GetLUrevDate() longDefTodayDiff = DefRevAge(dateLU) '********** 0 1 2-24 strAllSettings = intFileAndPrintSh & strDelim & strFWIndicator & strDelim & strRegSettings & strDelim '********** 25 26 27 strAllSettings = strAllSettings & CStr(DatePart("yyyy", dateLU)) & strDelim & CStr(DatePart("m", dateLU)) & strDelim & CStr(DatePart("d", dateLU)) & strDelim '********** 28 strAllSettings = strAllSettings & CStr(longDefTodayDiff) & strDelim '********** 29 strAllSettings = strAllSettings & GetSAVParent & strDelim '********** 30-36 strAllSettings = strAllSettings & GetIf() & strDelim '********** 37 strAllSettings = strAllSettings & UDate(dt) & strDelim '********** 38 39 40 strAllSettings = strAllSettings & intVersionMajor & strDelim & intVersionMinor & strDelim & intVerisonSub & strDelim '********** 41 42,43 strAllSettings = strAllSettings & UDate(CGmt(dateLU)) & strDelim & "forgot what this was" strArr = Split(strAllSettings, strDelim, -1) rsDataList.AddNew rsDataList("SettingID") = "XPfw" rsDataList("SettingName") = "Windows XP Firewall" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "AU" rsDataList("SettingName") = "Automatic Windows Updates" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "fpshr" rsDataList("SettingName") = "File and Print Sharing for MS Networks" rsDataList("PolicySetting") = "Uninstalled" rsDataList("QueryValue") = "Uninstalled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update SAVinstalled = True rsDataList.AddNew rsDataList("SettingID") = "SAVinstld" rsDataList("SettingName") = "Symantec AV Installed" rsDataList("PolicySetting") = "Installed or Managed" rsDataList("QueryValue") = "Version 1000.1000.1000 Installed" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "LUen" rsDataList("SettingName") = "LiveUpdate Enabled" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "DefVer" rsDataList("SettingName") = "Virus Definition File Version" dateOldDef = DateAdd("d", -8, dt) rsDataList("PolicySetting") = "Oldest Acceptable Date = " & CStr(Month(dateOldDef)) & "-" & CStr(Day(dateOldDef)) & "-" & CStr(Year(dateOldDef)) rsDataList("QueryValue") = "01-01-2020" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "DefAge" rsDataList("SettingName") = "Virus Definition File Age" rsDataList("PolicySetting") = "8 days or less" rsDataList("QueryValue") = 1 rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "LUfreq" rsDataList("SettingName") = "LiveUpdate Schedule Frequency" rsDataList("PolicySetting") = "Daily" rsDataList("QueryValue") = "Daily" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update rsDataList.AddNew rsDataList("SettingID") = "AutoProtFS" rsDataList("SettingName") = "Auto-Protect: Filesystem" rsDataList("PolicySetting") = "Enabled" rsDataList("QueryValue") = "Enabled" rsDataList("Compliant") = 1 rsDataList("FixIt") = 0 rsDataList.Update '''check if test fail then set to 0 strAllTests = "1" strPasswdTest = "1" ' strAllTests = 1 ----- all tests passed , strAllTests = 0 ----- at least 1 test failed ' strPasswdTest = 1 ---- blank passwd test passed ( no blank PWs found), strPasswdTest = 0 ---- blank passwd test failed ( blank PWs were found) 'step through tests table, rsDataList, and see if any tests show "compliant" = 0 ' '***********SHOWING PW TESTS DISABLED******************************************************* strBlankPasswdAcct = "-1" strNX = "-1" strPasswdTest = "-1" strOtherAcctPwBlank = "-1" strAdminAcctPwBlank = "-1" '***********SHOWING PW TESTS DISABLED '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 'THE MOST UGLY-ASS KLUDGE IN THE WORLD 'This is the continuation of strAllSettings ' settings after slot #44 will have to be dealt with and tacked on post slot #44 ' 0-43 44 45 46 strAllSettings = strAllSettings & strDelim & strAllTests & strDelim & strNX & strDelim & strPasswdTest _ & strDelim & strAdminAcctPwBlank & strDelim & strOtherAcctPwBlank & strDelim & "1" ' 47 48 49 SendResults strAllSettings 'close the progress dialog '* and resize the main window 'Call self.Focus 'self.ResizeTo 670, 550 'self.MoveTo 200, 200 '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ '=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Function AcctDisabled(strAcctNo, strComputer, strUser) End Function Function AuditStrSelect(intSetting) End Function Function ShowRow(rsDataList) End Function Function ShowTableHeader(strTblName, strStyle) End Function Function ShowTableFooter() End Function Function ShowLMhash(strArrLMhashAcct, LongLMhashSZ, strStyle) End Function Function ShowBlankPW(strArrBlankPasswdAcct, LongBlankPasswdSZ, strStyle, strXPHome) End Function Function IsFwOn() IsFwOn = True End Function Sub XPfwFixIt() End Sub Sub AUFixIt() End Sub Sub LUenFixIt() End Sub Sub LUfreqFixIt() End Sub Sub AutoProtEmailFixIt() End Sub Sub AutoProtFSFixIt() End Sub Sub Window_Onunload() End Sub Sub fpshrFixIt() End Sub Function HandleAnonEnum(Setting) End Function Function GetLUrevDate() GetLUrevDate = DateSerial(2010, 1, 1) End Function Function DefRevAge(dateDefRev) Const strInterval = "d" Dim dateToday Dim longLastLU dateToday = Now longLastLU = DateDiff(strInterval, dateDefRev, dateToday) DefRevAge = longLastLU End Function Function GetRegs(strOS) Const HKEY_LOCAL_MACHINE = &H80000002 Const strComputer = "." Dim strOut Dim objReg Dim strKeyPath Dim strValName Dim strVal Dim varVal Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\" strValName = "WUServer" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strVal strValName = "WUStatusServer" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strKeyPath = "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" strValName = "NoAutoUpdate" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "AUOptions" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "ScheduledInstallDay" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "ScheduledInstallTime" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "UseWUServer" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "NoAutoRebootWithLoggedOnUsers" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "RescheduleWaitTime" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'SAV LU settings strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\PATTERNMANAGER\SCHEDULE\" strValName = "Enabled" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "Type" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "MinOfDay" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "MissedEventEnabled" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "RandomizeDayRange" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "TimeWindowDaily" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'SAV RealTime scan settings 'filesystem strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\STORAGES\FILESYSTEM\REALTIMESCAN\" strValName = "OnOff" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "Heuristics" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "HeuristicsLevel" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'InternetMail strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\STORAGES\INTERNETMAIL\REALTIMESCAN\" strValName = "OnOff" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "FileType" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strKeyPath = "SOFTWARE\INTEL\LANDESK\VIRUSPROTECT6\CURRENTVERSION\" strValName = "PatternFileRevision" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strValName = "ProductVersion" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\" strValName = "AUOptions" objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValName, strVal strOut = strOut & strDelim & strVal 'MsgBox "End GetREGS" & strOut GetRegs = strOut End Function Function GetSAVParent() GetSAVParent = "something" End Function Function FandPS(strAction, strOS) End Function Function LmServer(strAction) End Function Sub CleanUp() End Sub Sub HandleError(objDialogWindow) End Sub Sub cmdSendErr() End Sub Function ckVersion() ckVersion = 1 End Function Sub LoadNewVersion() End Sub Function GetIf() GetIf = "127.0.0.1" & strDelim & "X" & strDelim & "X" & strDelim & "X" & strDelim & "X" & strDelim & "X" & strDelim & "1" End Function Function webIP() End Function Function Base64Encode(inData) 'rfc1521 '2001 Antonin Foller, Motobit Software, [url="http://Motobit.cz"]http://Motobit.cz[/url] Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" Dim cOut, sOut, I 'For each group of 3 bytes For I = 1 To Len(inData) Step 3 Dim nGroup, pOut, sGroup 'Create one long from this 3 bytes. nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _ &H100 * MyASC(Mid(inData, I + 1, 1)) + MyASC(Mid(inData, I + 2, 1)) 'Oct splits the long To 8 groups with 3 bits nGroup = Oct(nGroup) 'Add leading zeros nGroup = String(8 - Len(nGroup), "0") & nGroup 'Convert To base64 pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) + _ Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) + _ Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) + _ Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1) 'Add the part To OutPut string sOut = sOut + pOut 'Add a new line For Each 76 chars In dest (76*3/4 = 57) 'If (I + 2) Mod 57 = 0 Then sOut = sOut + vbCrLf Next Select Case Len(inData) Mod 3 Case 1: '8 bit final sOut = Left(sOut, Len(sOut) - 2) + "==" Case 2: '16 bit final sOut = Left(sOut, Len(sOut) - 1) + "=" End Select Base64Encode = sOut End Function Function MyASC(OneChar) If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar) End Function Sub SendResults(strResults) Dim objShell Dim objFSO Dim strUploadCmd Dim strLinks Dim strResultsEnc strResultsEnc = Base64Encode(strResults) strSendResultsUrl2 = strSendResultsUrl & strResultsEnc strLinks = ".\links.exe -dump " strUploadCmd = strLinks & strSendResultsUrl2 Set objFSO = CreateObject("Scripting.FileSystemObject") Set objShell = CreateObject("WScript.Shell") If MsgBox("Can I run the following command?" & vbNewLine & strUploadCmd, vbYesNo, "uploading results...somewhere") = vbYes Then objShell.Run strUploadCmd, 2, 1 End If End Sub Function makeUnixTime(strTime, mode) End Function Function CGmt(dateLocalTime) 'Given a time in the type date, returns the time of type date in timezone GMT Dim strComputer Dim objWMIService Dim colItems Dim objItem Dim intTimeBias strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_TimeZone", , 48) For Each objItem In colItems intTimeBias = -(objItem.Bias) Next CGmt = DateAdd("n", intTimeBias, dateLocalTime) End Function Function UDate(dateMs) UDate = DateDiff("s", "01/01/1970 00:00:00", dateMs) End Function Function isLsassCrashable() isLsassCrashable = False End Function Function PwdCk(objFSO, strComputerName) PwdCk = "" End Function Function SavOk(rsDataList) SavOk = "1" End Function Sub cmdNoSend() End Sub Sub RunPrint() 'window.Print End Sub
whoa
#25
Posted 25 August 2008 - 12:03 AM
<pyro1588> "welcome to australia, can i help you find what you're looking for?"
<Tox> pyro1588, I'm giving you the most reproachful of glares right now.
--------
Go show those nutty Koreans what us crazy Europeans are made of pirate.gif pirate.gif pirate.gif - Saike
<exophase> The old Commodore strategy of, "Go friggin' bankrupt!"
<wervyn> Go away! I'm writing the same engine I always do!
#26
Posted 25 August 2008 - 12:39 AM
--ajs.
#27
Posted 03 September 2008 - 03:38 AM