Solved

deactivating a Vxd

Posted on 2000-05-04
23
249 Views
Last Modified: 2013-12-28
I am having trouble with a VxD on my computer. I want to know how to decactivate a VxD after it has been loaded.
0
Comment
Question by:scibberme
  • 9
  • 4
  • 4
  • +3
23 Comments
 
LVL 1

Expert Comment

by:tjoiner
Comment Utility
Best not to load it at all. What .VXD file is giving you trouble, and what is it doing?

0
 

Author Comment

by:scibberme
Comment Utility
It is a VXD from a renegade security program. basically, it locks down my system and won't let me unlock it. I can still run programs off of the CD, but I can't edit anything on the hard drive like autoexec.
0
 
LVL 1

Expert Comment

by:tjoiner
Comment Utility
Can you access programs from a floppy? Copy regedit to a floppy from someone else's machine (or boot to DOS and do it) then run regedit from the floppy, pointing it to your C: drive for the .dat files. Search for the .vxd file and zap it from your registry, reboot, and you're set.

Tim
0
 

Author Comment

by:scibberme
Comment Utility
Will removing it from the registry stop it if the computer tries to load it from the autoexec?
0
 
LVL 1

Expert Comment

by:tjoiner
Comment Utility
You are loading a vxd from your autoexec? Never heard of that.

In that case, copy a generic autoexec.bat file to a floppy then copy it to your C: drive, overwriting the existing one.

TIm
0
 

Author Comment

by:scibberme
Comment Utility
I am blocked from even seeing that there is an autoexec. Actually, the autoexec calls a program that loads the VxD, I believe.
0
 
LVL 1

Expert Comment

by:tjoiner
Comment Utility
Booting from a floppy will keep this thing from loading then. You should be able to insert a bootable floppy and then do whatever you want to do. You could just delete c:\autoexec.bat or rename it or copy another version over it, etc.

Are you certain this is loading in your autoexec.bat? VXD files are generally loaded during the windows start up, after your autoexec.bat has finished processing. Something just doesn't sound right here.

Tim
0
 
LVL 6

Expert Comment

by:reghakr
Comment Utility
What's the name of the security program?

It would help.

reghakr
0
 
LVL 1

Expert Comment

by:LadyKath
Comment Utility
To determine if the vxd is loading on start up create a bootlog text by holding down cntl and selecting "create a  boot log". This will show you everything including the vxd's that load. You will also find the path for the vxd, if you are confident about wanting to delete it.
0
 

Author Comment

by:scibberme
Comment Utility
I can't boot off of a floppy because I have that disabled and I forgot my CMOS password. Fortres
0
 
LVL 6

Expert Comment

by:reghakr
Comment Utility
Are you trying to hack into Fortres at your school?

reghakr
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:scibberme
Comment Utility
No.
To tell, the truth, I already have.
I found out alot about how it works and know I'm just interested in what its pieces do and how to control them.
0
 
LVL 6

Expert Comment

by:reghakr
Comment Utility
Loading a vxd from the autoexec.bat? tjoiner caught that one.
You don't know much, because Fortres doesn't even use any .vxd's and it hooks into the system well before autoexec is executed and registry is read.

For those who don't know, Fortres is THE choice among schools and libraries for preventing people like him from getting in and changing settings and making the computer unusable.

By default when you install Fortres and reboot all the icons on the desktop are locked except for Internet Explorer. Right-click doesn't work. Tray icons don't work, and when you click on the StartButton, you get Logoff, Restart, or Reboot. That's it. Windows keys are suppresed and CTL_ALT_DEL doesn't work.

If the administrator has set it up correctly, he can't run programs from the floppy or even execute programs on the harddrive unles they're privileged, he can't overwrite files, he can't rename or delete files.

Maybe you got into the file system,not a big accomplishment hacker. but you can't do much, can you? Why all the questions then, you can't even open the autoexec.bat. Have you found system.ini? Can't be found anywhere, Geez where'd it go?

The first thing I do on a new machine is set the Supervisor password on the BIOS, Oh but you forgot it. Whats the matter is 3 letters to hard to handle.


I administer Fortres at work. Please don't give this fool any more ideas. He's the kind that makes my job a nightmare at times. Can we close this question?

reghakr
0
 

Author Comment

by:scibberme
Comment Utility
This message is for reghakr. Please read the whole thing.

I know exactly where all of the files are. Exactly where there supposed to be. I just can't seem them unless I work at it. I can also do most of the other things you claim are impossible because windows is so full of loopholes. I am offended by your defensiveness. I could have made the computers in the library nothing more than space heaters, but I didn't. I simply changed the background of the desktop. As you seem to think that I am retarded and Fortres is invincible, let me detail how it was defeated. First, I know you can't run anything off of the floppy. Thats why I used the CD. I used a program run off of a burned CD to corrupt the checksum of the CMOS which reset it to its defaults. I then simply booted off of the floppy, as so many of the polite members of the exchange have suggested, and REMed the line that read something to the effect of "C:\FGC\F101\FGSA.EXE". This disabled Fortres. Then I exchanged the background file with my own, but did not update the desktop. Windows did that for me the next time it booted and I was far away. I realize what a pain it may be for you if people change settings and damage your systems, things I do not condone or participate in. I do, however, accept and enjoy challeges and the chance to learn. I will remove this question so that others will not copy my methods as soon as you acknowlege this message.
0
 

Author Comment

by:scibberme
Comment Utility
I would also like to add that, yes it is a virtual device driver, unless the extension on fgcfs.386 means something else. This is called by the aforementioned FGSA.exe. I know this because its path is recorded in the string table at the end of the file. There I also learned that it was compile with Borland v3, unlike most of the other Fortres files that where made with Microsoft Visual C++, and found the strange reference "Former President Johnson's cat" (??)
0
 

Expert Comment

by:blackc
Comment Utility
this is not scibberme, just so you all know that.  i just read over his comments, and would like to add one of my own to this question.  ok, first of all, you all are nice and helpful.
Reghakr, you are a dick. i don't like people that assume to much or are cockey, becuz you have a whole system to manage, and other people have nothing better to do than try to bust it.  so please don't be quite so pompus, and just believe, because i have found a few ways around fortress myself.  Have a nice day, all!
0
 
LVL 6

Expert Comment

by:reghakr
Comment Utility
My mistake about the vxd, but I assummed you were running a newer version than 2.5 of Fortres since version 4 is now out.

You've already proved you're a liar, by saying it was YOUR PC. Do you think it's right to corrupt the checksum of the CMOS on someone elses computer without their knowledge? If you just changed the background of the desktop, why are you continuing to experiment and how are you going to find out what happens unless you try it.


I too enjoy challeges and the chance to learn, but YOU need to learn to experiment on your own PC, not computers that don't belong to you.



0
 

Expert Comment

by:blackc
Comment Utility
well, i hate to say it, but it was v.4 of fortress that was busted.  (I am scibberme's little brother, and i helped him out)  what did it hurt resetting the checksum?  exact same thing as just popping the jumper on the motherboard, just quicker.  if you were a golfer and hit the ball 400 yards in a straight line for the first time in your life, wouldn't you want to know what you did differently to acheive that?  can you supply us w/ a full functional version of fortress?  it would be installed on our computer for us to mess w/ and then the software would be the challenge, not the other computer it is on.  the only way for us to do it on our computer is w/ the software.  if you can hook us up, you ought to be happy, and so would we.  considering the harm that can be done w/o unlocking fortess, resetting the bios was harmless.  
0
 

Expert Comment

by:blackc
Comment Utility
it was clever of fortress to hide .exe's on a floppy, but it can't on a cd.  so all you have to do is burn a program or 2 onto the cd, and use internet explorer to run it.  just type "C:\" in teh adress bar, and it takes you right to c drive, w/ all right clicks enabled.  not a real good idea, huh?  reghakr, do you honestly use three letter passwords?  anything under 7-8 is absurd.  if they are all the same,  then YOU are the fool.  you call my brother a fool, yet he is the one that defeated your magic barrier.  what is your official job title?
i would just like to know out of curiosity.  thanx again!
0
 
LVL 4

Expert Comment

by:abaldwin
Comment Utility
ScriptKiddies at work.....

Blackc and Scrib......If you are truely wanting to learn how the software works then BUY it.  

Andy
0
 

Author Comment

by:scibberme
Comment Utility
You can't buy it unless you are an organization and it costs hundreds of dollars. My brother miss spoke. I would be interested in a code to install the trial version of the software that is free to download.
0
 
LVL 4

Accepted Solution

by:
abaldwin earned 80 total points
Comment Utility
So make your own business and BUY it.  I think that you guys sound like pretty literate individuals and I think you could make a good living doing legitimate work.  

My final word on the subject is this.

Welcome to EE.  As I can see that you have not been here long I would like to remind you that this is not a Hack site.  Most individuals here are very professional and are not going to assist you in hacking or cracking anything.  If you need legitimate information then folks here are more than happy to help.  Read the terms of use that you agreed to before using the site.


Andy
0
 

Author Comment

by:scibberme
Comment Utility
Why, thank you, Andy Baldwin! (That is your name, right?) I'm kinda sorry that I ever asked this question, as I brought the almighty wrath (he he) of reghakr down on myself. But, more importantly, I may have alienated some of the members of the exchange. You seem very friendly and I appreciate your kind words.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Update 11/3/2014 - Although the below article will get you to relocate the WINSXS folder, Microsoft has finally released a utility to reduce the size of the WINSXS folder. For some reason, it's not that straightforward. It only works on Windows 2008…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now