CATEGORY: Security

How to Copy and Paste into the Digital Ocean VNC Console

I recently signed up for Digital Ocean to test droplets for my development and linux management testing. I was securing the server and setup fail2ban, disabled the root login, and created a user account but forgot to change the user name from root to the user name I selected in my SSH client profile. I ended up locking myself out of the server and had to resort to logging into the admin panel on Digital Ocean’s website and use their browser embedded VNC client to restore my access. I quickly discovered that one of the downsides of using this panel is that you can’t copy and paste commands. Luckily there’s a workaround and you can use the browser console to do sendkeys through Javascript.

Bring up the console in the browser developer tools. Here’s a cheat sheet for keyboard shortcuts:

BrowserDescriptionWindowsMac
ChromeOpen Developer Tools and bring focus to the consoleCtrl + Shift + JCmd + Opt + J
FirefoxOpen ConsoleCtrl + Shift + KCmd + Opt + K
Internet ExplorerAfter hitting F12, you have to click the console tab.
There’s no direct shortcut to the console tab.
F12N/A

Paste this snippet into the textbox in the console window:

Chrome console

 

Update 9-21-16

Ruden and Sebastiaan’s pointed out there was a bug in the code above. This updated snippet has support for characters when using shift characters like !@#$%^&*()_+

You’ll receive a dialog prompt to enter the copy to paste in. Please note that you need to click on the VNC console and hit enter to execute the command.

Javascript Prompt

 

 

 

 

 

If you need to enter more than one command, just hit the up arrow on your keyboard in the console to get the script again for easy reuse.

ESET AntiTheft Causes Dell Machines to Lose Permissions on C:

Eset Logo

I just spent the past two days complaining about Windows 8 to everyone I know because of how awful the experience is. I installed Windows updates, rebooted, and the system stops working.

It turns out it wasn’t Windows causing the problem but ESET AntiTheft on Dell laptops. It turns out there’s a permission bug specific to Dell machines when ESET creates it’s ghost account and instead of giving it restricted access, the system essentially copies the permissions and then changes everything on the C: drive to a state where the permissions are no longer accessible.

Unfortunately, the only known fix at this point is to contact ESET support. I called their support line in North America and the tech knew about the issue right away. You’ll have to reboot into safe mode, and then get them to remote in to install a utility that runs a script that resets the permissions.

Contact Info here: http://www.eset.com/us/about/contact/

The tech assured me they are working with Dell to get this issue resolved so until they do, make sure you don’t activate ESET’s AntiTheft on the Dell machine.

How to remove win64/sirefef.AE trojan & c:\windows\system32\services.exe win64 patched b.gen trojan

I’m kind of the default “go to” guy for all PC issues with friends and family. One of the most common problems people bring to me is malware. Going forward, I’m going to document the removal process for some of the more difficult ones I encounter.

The most difficult trojan I’ve encountered thus far is the sirefef.AE trojan. It infects the PC by replacing c:\windows\system32\services.exe which is pretty ingenious in that it’s extremely difficult to remove since Windows requires it and it’s always in use which keeps the antiviruses and applications from being able to remove it.

I just spent a few days battling this one and successfully cleaned it off the system.

To remove it:

  1. Run the ESET Online Scanner (http://www.eset.com/us/online-scanner/). Have it scan archives and let it remove whatever it finds.Side note: If you use Norton or McAfee for antivirus protection, now’s a good time to dump them for an antivirus that actually works and doesn’t hog resources: http://go.eset.com/r/7NQZN
  2. Run ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) in safe mode. It will find and remove some of the trojans already downloaded. Instructions are on the bleepingcomputer page on how to use it but for the most part it’s mostly automated.
  3. Download and install MalwareBytes (http://majorgeeks.com/download.php?det=5756). The free version will suffice. Run a full system scan and remove whatever it finds.
  4. You will need a Recovery Disc from Windows 7 for the next step. Make one on a non-infected computer if you don’t have one already.
  5. Download Farbar Recovery Scan Tool x64 (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save to a flash drive.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt

Uninstalling Trend Micro Client/Server Security without a Password

Lost or forgot your Trend Micro Client/Server Password? How about inheriting a computer that had the software installed by an IT team or consultant that won’t give up the password? I had to work on a network with the latter and it’s rather annoying. The product is utter crap as the machine is spyware infested even though the antivirus is running and present. I went to uninstall it but can’t because the previous person/company password protected it and nobody has it.

Here’s how to bypass the protection:

  1. Load up Regedit and browse to:
    HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Allow Uninstall
  2. Change the value to 1.

Now you can uninstall TrendMicro’s crappy product and replace with a real solution like Eset.

Drobo Dashboard Can’t Connect to Drobo when ESET Firewall is Active

Have a Drobo storage unit? If you have ESET Smart Security Firewall enabled, you’ll probably find Drobo Dashboard can’t connect while the firewall is on even after adding all the required ports and services to ESET’s rules from the Drobo online help site (http://goo.gl/iVKVU).

After enabling the detailed logging in ESET, I found that ESET’s firewall was flagging Drobo Dashboard as an intrusion attempt and blocked it. From the Drobo help page (http://goo.gl/iVKVU):

Drobo Dashboard connects to port 5000 and then randomly picks a port in the range for broadcasting.

This is definitely not the most intelligent way to build a product when users who are trying to secure their home or business network and it’s no wonder that ESET flagged the behavior as suspicious. Luckily there’s a fix to keep ESET from blocking the Drobo connection:

  1. Make sure you add the rules as per Drobo’s site (http://goo.gl/iVKVU).
  2. Open the main program window by clicking ‘Start’ -> ‘All Programs’ -> ‘ESET’ -> ‘ESET Smart Security’.
  3. Click on ‘Setup’ on the left, and then click ‘Enter Advanced setup’ on the right to open the Advanced Setup tree.
  4. From the Advanced Setup tree on the left, Expand ‘Network’, and Click on ‘Personal Firewall’, and then select ‘Interactive mode’ from the Filtering mode drop-down menu on the right.
  5. From the advanced setup tree, click ‘Personal Firewall’ -> ‘Rules and zones’. Click the ‘Setup…’ button in the Trusted zone section and then choose ‘Allow sharing’. Click ‘OK’.
  6. Click ‘Personal Firewall’ -> ‘IDS and advanced options’. In the ‘Allowed services’ section, make sure all services are selected. Click ‘OK’.

Drobo Dashboard should now be able to connect to the unit with no issues.

Drobo Dashboard Can’t Connect to Drobo when ESET Firewall is Active

Have a Drobo storage unit? If you have ESET Smart Security Firewall enabled, you’ll probably find Drobo Dashboard can’t connect while the firewall is on even after adding all the required ports and services to ESET’s rules from the Drobo online help site (http://goo.gl/iVKVU).

After enabling the detailed logging in ESET, I found that ESET’s firewall was flagging Drobo Dashboard as an intrusion attempt and blocked it. From the Drobo help page (http://goo.gl/iVKVU):

Drobo Dashboard connects to port 5000 and then randomly picks a port in the range for broadcasting.

This is definitely not the most intelligent way to build a product when users who are trying to secure their home or business network and it’s no wonder that ESET flagged the behavior as suspicious. Luckily there’s a fix to keep ESET from blocking the Drobo connection:

  1. Make sure you add the rules as per Drobo’s site (http://goo.gl/iVKVU).
  2. Open the main program window by clicking ‘Start’ -> ‘All Programs’ -> ‘ESET’ -> ‘ESET Smart Security’.
  3. Click on ‘Setup’ on the left, and then click ‘Enter Advanced setup’ on the right to open the Advanced Setup tree.
  4. From the Advanced Setup tree on the left, Expand ‘Network’, and Click on ‘Personal Firewall’, and then select ‘Interactive mode’ from the Filtering mode drop-down menu on the right.
  5. From the advanced setup tree, click ‘Personal Firewall’ -> ‘Rules and zones’. Click the ‘Setup…’ button in the Trusted zone section and then choose ‘Allow sharing’. Click ‘OK’.
  6. Click ‘Personal Firewall’ -> ‘IDS and advanced options’. In the ‘Allowed services’ section, make sure all services are selected. Click ‘OK’.

Drobo Dashboard should now be able to connect to the unit with no issues.

There are no more results.