Run mystery

  • Thread starter Thread starter Jorge Bravo
  • Start date Start date
J

Jorge Bravo

Guest
I use the Run command selom and unually only for Msconfig and Regedit.
However, sometimes I find in the 'memory' other commands, like the one for
the Firewall. I assume that these are acused by viruses/malware. Is that
common? Is there a way of blocking the Windows Firewall so that no
introsuion is possible?

Thank you

JB
 
Re: Run mystery

"Jorge Bravo" <open@closed.com> wrote in message
news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...
>I use the Run command selom and unually only for Msconfig and Regedit.
>However, sometimes I find in the 'memory' other commands, like the one
>for the Firewall. I assume that these are acused by viruses/malware.
>Is that common? Is there a way of blocking the Windows Firewall so that
>no introsuion is possible?

One does not block a firewall. Rather, one allows a firewall to block
intrusion attempts from hackers. To see if you are protected, go to this
site:

https://www.grc.com/x/ne.dll?bh0bkyd2

Scroll down and click Proceed. On the new page, click on the grey
buttons, especially All Service Ports. If you don't pass, let us know.
If everything is green, you are successfully in Stealth Mode, which is
what you want.

Regarding commands being memorized (as well as Web sites visited,
doucments opened, etc.), this is a function of Windows. If you would
like to erase your tracks, I recommend using Ccleaner:

http://www.ccleaner.com/

When you install it, you will probably want to avoid installing any
toolbar add-ons. When you run it, you may configure it to delete
different items, including what you described above -- under Windows
Explorer there is item called "Run (in Start Menu)." Some people are
just interested in regularly cleaning out temp files and choose to leave
the other items, including paswwords. If your firewall is doing its job
and no one else uses your PC (or account), this should not be a problem,
but it's your call.

Since cleaning registry items does not noticeably improve a PC's
performance and might even do some amount of damage (including
preventing you from booting up!), be sure to avoid, Ccleaner's registry
"cleaning" function. Otherwise, it's a great program.
 
Re: Run mystery

Thanks

Everything is green in stealth mode.

But I don't think I explained myself well.. When I go into the Run command
box and attempt to typr something a scroll-down list of past commands
appears. Sometines, in the past, I found strange commands which I never
typed. Just recently there was one about firewall.cpl (I think) and at that
time I had a virus that opened up Internet Explorer in the Firewall without
my permission.

So, I ant to know how it is that commands can appear in the 'past commands'
in the Run box if I did not type them myself; and if thre is a way of
stopping intrusions in this way that access the Firewall without my knowing.

JB




"Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem
news:%235Jgpw3NJHA.1896@TK2MSFTNGP02.phx.gbl...
> "Jorge Bravo" <open@closed.com> wrote in message
> news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...
>>I use the Run command selom and unually only for Msconfig and Regedit.
>>However, sometimes I find in the 'memory' other commands, like the one for
>>the Firewall. I assume that these are acused by viruses/malware. Is that
>>common? Is there a way of blocking the Windows Firewall so that no
>>introsuion is possible?
>
> One does not block a firewall. Rather, one allows a firewall to block
> intrusion attempts from hackers. To see if you are protected, go to this
> site:
>
> https://www.grc.com/x/ne.dll?bh0bkyd2
>
> Scroll down and click Proceed. On the new page, click on the grey buttons,
> especially All Service Ports. If you don't pass, let us know. If
> everything is green, you are successfully in Stealth Mode, which is what
> you want.
>
> Regarding commands being memorized (as well as Web sites visited,
> doucments opened, etc.), this is a function of Windows. If you would like
> to erase your tracks, I recommend using Ccleaner:
>
> http://www.ccleaner.com/
>
> When you install it, you will probably want to avoid installing any
> toolbar add-ons. When you run it, you may configure it to delete different
> items, including what you described above -- under Windows Explorer there
> is item called "Run (in Start Menu)." Some people are just interested in
> regularly cleaning out temp files and choose to leave the other items,
> including paswwords. If your firewall is doing its job and no one else
> uses your PC (or account), this should not be a problem, but it's your
> call.
>
> Since cleaning registry items does not noticeably improve a PC's
> performance and might even do some amount of damage (including preventing
> you from booting up!), be sure to avoid, Ccleaner's registry "cleaning"
> function. Otherwise, it's a great program.
>
 
Re: Run mystery

Jorge,

The memory for the Run option on your start button window is contained in
the registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU.
In the right pane, there will be up to 26 entries named with single alphabet
letters (hence the limit of 26) and one named MRUList. The data for the
keys named after small alpha characters should be command lines that you've
previously entered at 'Start > Run'. The MRUList value has a series of
letters that determines the age sorting of the other values to enable
bumping the least used when you need to make room for new command lines.

Writing a script or program to edit entries under this registry key is quite
simple but I'm not sure why anyone creating malware would want to do so. If
some hacker can get you to run a script on your PC, it would be easier to
simply run an executable from the script rather than modify listings under
the 'Start > Run' option and wait for the user to try it. I can see how
someone providing you with an application might add their own entry to the
registry so that if a user deleted whatever shortcut they provided to launch
their application it would be simpler for the user to use "Plan B' and
launch from the Run line. The only code I've written to alter that key were
scripts to purge the clutter and trip the list to half a dozen rather than
26.


Steve Yandl



"Jorge Bravo" <open@closed.com> wrote in message
news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...
> Thanks
>
> Everything is green in stealth mode.
>
> But I don't think I explained myself well.. When I go into the Run command
> box and attempt to typr something a scroll-down list of past commands
> appears. Sometines, in the past, I found strange commands which I never
> typed. Just recently there was one about firewall.cpl (I think) and at
> that time I had a virus that opened up Internet Explorer in the Firewall
> without my permission.
>
> So, I ant to know how it is that commands can appear in the 'past
> commands' in the Run box if I did not type them myself; and if thre is a
> way of stopping intrusions in this way that access the Firewall without my
> knowing.
>
> JB
>
>
>
>
> "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem
> news:%235Jgpw3NJHA.1896@TK2MSFTNGP02.phx.gbl...
>> "Jorge Bravo" <open@closed.com> wrote in message
>> news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...
>>>I use the Run command selom and unually only for Msconfig and Regedit.
>>>However, sometimes I find in the 'memory' other commands, like the one
>>>for the Firewall. I assume that these are acused by viruses/malware. Is
>>>that common? Is there a way of blocking the Windows Firewall so that no
>>>introsuion is possible?
>>
>> One does not block a firewall. Rather, one allows a firewall to block
>> intrusion attempts from hackers. To see if you are protected, go to this
>> site:
>>
>> https://www.grc.com/x/ne.dll?bh0bkyd2
>>
>> Scroll down and click Proceed. On the new page, click on the grey
>> buttons, especially All Service Ports. If you don't pass, let us know. If
>> everything is green, you are successfully in Stealth Mode, which is what
>> you want.
>>
>> Regarding commands being memorized (as well as Web sites visited,
>> doucments opened, etc.), this is a function of Windows. If you would like
>> to erase your tracks, I recommend using Ccleaner:
>>
>> http://www.ccleaner.com/
>>
>> When you install it, you will probably want to avoid installing any
>> toolbar add-ons. When you run it, you may configure it to delete
>> different items, including what you described above -- under Windows
>> Explorer there is item called "Run (in Start Menu)." Some people are just
>> interested in regularly cleaning out temp files and choose to leave the
>> other items, including paswwords. If your firewall is doing its job and
>> no one else uses your PC (or account), this should not be a problem, but
>> it's your call.
>>
>> Since cleaning registry items does not noticeably improve a PC's
>> performance and might even do some amount of damage (including preventing
>> you from booting up!), be sure to avoid, Ccleaner's registry "cleaning"
>> function. Otherwise, it's a great program.
>>
>
>
 
Re: Run mystery

"Jorge Bravo" <open@closed.com> wrote in message
news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...

> So, I ant to know how it is that commands can appear in the 'past
> commands' in the Run box if I did not type them myself; and if thre is
> a way of stopping intrusions in this way that access the Firewall
> without my knowing.

If you didn't enter it, someone else did.

Make sure others don't use your PC; that will stop this from happening.
Also make sure you are malware-free. See:

http://www.elephantboycomputers.com/page2.html#Viruses_Malware
 
Re: Run mystery

That's what I meant. Nobody uses my computer; only me!

JB



"Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem
news:OfqEw17NJHA.4544@TK2MSFTNGP03.phx.gbl...
> "Jorge Bravo" <open@closed.com> wrote in message
> news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...
>
>> So, I ant to know how it is that commands can appear in the 'past
>> commands' in the Run box if I did not type them myself; and if thre is a
>> way of stopping intrusions in this way that access the Firewall without
>> my knowing.
>
> If you didn't enter it, someone else did.
>
> Make sure others don't use your PC; that will stop this from happening.
> Also make sure you are malware-free. See:
>
> http://www.elephantboycomputers.com/page2.html#Viruses_Malware
>
 
Re: Run mystery

Thank you very much Steve, for the very clear and informative reply.

JB



"Steve Yandl" <syandl_nospam_@comcast.net> escreveu na mensagem
news:kOednfV8eKahSJnUnZ2dnUVZ_tbinZ2d@giganews.com...
> Jorge,
>
> The memory for the Run option on your start button window is contained in
> the registry key
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU.
> In the right pane, there will be up to 26 entries named with single
> alphabet letters (hence the limit of 26) and one named MRUList. The data
> for the keys named after small alpha characters should be command lines
> that you've previously entered at 'Start > Run'. The MRUList value has a
> series of letters that determines the age sorting of the other values to
> enable bumping the least used when you need to make room for new command
> lines.
>
> Writing a script or program to edit entries under this registry key is
> quite simple but I'm not sure why anyone creating malware would want to do
> so. If some hacker can get you to run a script on your PC, it would be
> easier to simply run an executable from the script rather than modify
> listings under the 'Start > Run' option and wait for the user to try it.
> I can see how someone providing you with an application might add their
> own entry to the registry so that if a user deleted whatever shortcut they
> provided to launch their application it would be simpler for the user to
> use "Plan B' and launch from the Run line. The only code I've written to
> alter that key were scripts to purge the clutter and trip the list to half
> a dozen rather than 26.
>
>
> Steve Yandl
>
>
>
> "Jorge Bravo" <open@closed.com> wrote in message
> news:ub10Cc4NJHA.1144@TK2MSFTNGP05.phx.gbl...
>> Thanks
>>
>> Everything is green in stealth mode.
>>
>> But I don't think I explained myself well.. When I go into the Run
>> command box and attempt to typr something a scroll-down list of past
>> commands appears. Sometines, in the past, I found strange commands which
>> I never typed. Just recently there was one about firewall.cpl (I think)
>> and at that time I had a virus that opened up Internet Explorer in the
>> Firewall without my permission.
>>
>> So, I ant to know how it is that commands can appear in the 'past
>> commands' in the Run box if I did not type them myself; and if thre is a
>> way of stopping intrusions in this way that access the Firewall without
>> my knowing.
>>
>> JB
>>
>>
>>
>>
>> "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> escreveu na mensagem
>> news:%235Jgpw3NJHA.1896@TK2MSFTNGP02.phx.gbl...
>>> "Jorge Bravo" <open@closed.com> wrote in message
>>> news:eJAUbR2NJHA.1488@TK2MSFTNGP03.phx.gbl...
>>>>I use the Run command selom and unually only for Msconfig and Regedit.
>>>>However, sometimes I find in the 'memory' other commands, like the one
>>>>for the Firewall. I assume that these are acused by viruses/malware. Is
>>>>that common? Is there a way of blocking the Windows Firewall so that no
>>>>introsuion is possible?
>>>
>>> One does not block a firewall. Rather, one allows a firewall to block
>>> intrusion attempts from hackers. To see if you are protected, go to this
>>> site:
>>>
>>> https://www.grc.com/x/ne.dll?bh0bkyd2
>>>
>>> Scroll down and click Proceed. On the new page, click on the grey
>>> buttons, especially All Service Ports. If you don't pass, let us know.
>>> If everything is green, you are successfully in Stealth Mode, which is
>>> what you want.
>>>
>>> Regarding commands being memorized (as well as Web sites visited,
>>> doucments opened, etc.), this is a function of Windows. If you would
>>> like to erase your tracks, I recommend using Ccleaner:
>>>
>>> http://www.ccleaner.com/
>>>
>>> When you install it, you will probably want to avoid installing any
>>> toolbar add-ons. When you run it, you may configure it to delete
>>> different items, including what you described above -- under Windows
>>> Explorer there is item called "Run (in Start Menu)." Some people are
>>> just interested in regularly cleaning out temp files and choose to leave
>>> the other items, including paswwords. If your firewall is doing its job
>>> and no one else uses your PC (or account), this should not be a problem,
>>> but it's your call.
>>>
>>> Since cleaning registry items does not noticeably improve a PC's
>>> performance and might even do some amount of damage (including
>>> preventing you from booting up!), be sure to avoid, Ccleaner's registry
>>> "cleaning" function. Otherwise, it's a great program.
>>>
>>
>>
>
>
 

Similar threads

C
The huge mystery surrounding Marvel’s penultimate ‘What If…?’ episode
Replies
0
Views
90
Chris Smith
C
C
‘Spider-Man: No Way Home’ trailer has a mystery everyone’s talking about
Replies
0
Views
75
Chris Smith
C
C
‘Spider-Man: No Way Home’ trailer release mystery finally addressed by Marvel’s boss
Replies
0
Views
78
Chris Smith
C
D
CreateFileMapping; possible memory leak?
Replies
0
Views
900
DonDilworth
D
C
The biggest mystery in episode 3 of Marvel’s ‘Loki’ might already be solved
Replies
0
Views
73
Chris Smith
C
Back
Top