Category Archives: Uncategorized

  • -

15 Windows Command Prompt (CMD) Commands You Must Know

Category:Uncategorized

The command prompt is still a powerful Windows tool. Here are the most useful CMD commands every Windows user needs to know.By Tina Sieber Nov 12, 2018

Microsoft has slowly pushed aside CMD commands in the Windows interface. This is not without reason; it is an antiquated and mostly unnecessary tool from an era of text-based input. But many commands remain useful, and Windows 8 and 10 even added new features.

Here we present the essential commands every Windows user needs to know.

In case you’re not sure how to access the Windows command prompt, forgot basic Windows commands, or would like to know how to see a list of switches for each command (aka prompt codes), you can refer to our beginners guide to the Windows command line for instructions. The Essential Windows Run Commands Cheat Sheet

Access Windows apps, files, settings, and more without taking your hands off the keyboard.

Windows Command Prompt Commands

1. Assoc

Most files in Windows are associated with a specific program that is assigned to open the file by default. At times, remembering these associations can become confusing. You can remind yourself by entering the command “assoc” to display a full list of file name extensions and program associations.

You can also extend the command to change file associations. For example, “assoc .txt=” will change the file association for text files to whatever program you enter after the equal sign. The “Assoc” command itself will reveal both the extension names and program names, which will help you properly use this command. You can probably do this more easily in the GUI, but the command line interface is a perfectly functional alternative.

2. Cipher

Deleting files on a mechanical hard drive doesn’t really delete them at all. Instead, it marks the files as no longer accessible and the space they took up as free. The files remain recoverable until the system overwrites them with new data, which can take some time.

The cipher command, however, wipes a directory by writing random data to it. To wipe your C drive, for example, you’d use the command “cipher /w:c”, which will wipe free space on the drive. The command does not overwrite undeleted data, so you will not wipe out files you need by running this command.

You can use a host of other cipher commands, however, they are generally redundant with BitLocker enabled versions of Windows.

3. Driverquery

Drivers remain among the most important software installed on a PC. Improperly configured or missing drivers can cause all sorts of trouble, so its good to have access to a list of what’s on your PC. That’s exactly what the “driverquery” command does. You can extend it to “driverquery -v” to obtain more information, including the directory in which the driver is installed.

4. File Compare

You can use this command to identify differences in text between two files. It’s particularly useful for writers and programmers trying to find small changes between two versions of a file. Simply type “fc” and then the directory path and file name of the two files you want to compare.

You can also extend the command in several ways. Typing “/b” compares only binary output, “/c” disregards the case of text in the comparison, and “/l” only compares ASCII text.

So, for example, you could use the following:

fc /l "C:\Program Files (x86)\example1.doc" "C:\Program Files (x86)\example2.doc"

The above command compares ASCII text in two word documents.

5. Ipconfig

This command relays the IP address that your computer is currently using. However, if you’re behind a router (like most computers today), you’ll instead receive the local network address of the router.

Still, ipconfig is useful because of its extensions. “ipconfig /release” followed by “ipconfig /renew” can force your Windows PC into asking for a new IP address, which is useful if your computer claims one isn’t available. You can also use “ipconfig /flushdns” to refresh your DNS address. These commands are great if the Windows network troubleshooter chokes, which does happen on occasion.

6. Netstat

Entering the command “netstat -an” will provide you with a list of currently open ports and related IP addresses. This command will also tell you what state the port is in – listening, established or closed.

This is a great command for when you’re trying to troubleshoot devices connected to your PC or when you fear a Trojan infected your system and you’re trying to locate a malicious connection.

7. Ping

Sometimes, you need to know whether or not packets are making it to a specific networked device. That’s where ping comes in handy.

Typing “ping” followed by an IP address or web domain will send a series of test packets to the specified address. If they arrive and are returned, you know the device is capable of communicating with your PC; if it fails, you know that there’s something blocking communication between the device and your computer. This can help you decide if the root of the issue is an improper configuration or a failure of network hardware.

8. PathPing

This is a more advanced version of ping that’s useful if there are multiple routers between your PC and the device you’re testing. Like ping, you use this command by typing “pathping” followed by the IP address, but unlike ping, pathping also relays some information about the route the test packets take.

9. Tracert

The “tracert” command is similar to pathping. Once again, type “tracert” followed by the IP address or domain you’d like to trace. You’ll receive information about each step in the route between your PC and the target. Unlike pathping, however, tracert also tracks how much time (in milliseconds) each hop between servers or devices takes.

10. Powercfg

Powercfg is a very powerful command for managing and tracking how your computer uses energy. You can use the command “powercfg hibernate on” and “powercfg hibernate off” to manage hibernation, and you can also use the command “powercfg /a” to view the power-saving states currently available on your PC.

Another useful command is “powercfg /devicequery s1_supported”, which displays a list of devices on your computer that support connected standby. When enabled, you can use these devices to bring your computer out of standby — even remotely. You can enable this by selecting the device in Device Manager, opening its properties, going to the Power Management tab and then checking the Allow this device to wake the computer box.

“Powercfg /lastwake” will show you what device last woke your PC from a sleep state. You can use this command to troubleshoot your PC if it seems to wake from sleep at random.

You can use the “powercfg /energy” command to build a detailed power consumption report for your PC. The report saves to the directory indicated after the command finishes. This report will let you know of any system faults that might increase power consumption, like devices blocking certain sleep modes, or poorly configured to respond to your power management settings.

Windows 8 added “powercfg /batteryreport”, which provides a detailed analysis of battery use, if applicable. Normally output to your Windows user directory, the report provides details about the time and length of charge and discharge cycles, lifetime average battery life, and estimated battery capacity.

11. Shutdown

Windows 8 introduced the shutdown command that—you guessed it!—shuts down your computer.

This is, of course, redundant with the already easily accessed shutdown button, but what’s not redundant is the “shutdown /r /o” command, which restarts your PC and launches the Advanced Start Options menu, which is where you can access Safe Mode and Windows recovery utilities. This is useful if you want to restart your computer for troubleshooting purposes.

12. Systeminfo

This command will give you a detailed configuration overview of your computer. The list covers your operating system and hardware. For example, you can look up the original Windows installation date, the last boot time, your BIOS version, total and available memory, installed hotfixes, network card configurations, and more.

Use “systeminfo /s” followed by the host name of a computer on your local network, to remotely grab the information for that system. This may require additional syntax elements for the domain, user name, and password, like this: “systeminfo /s [host_name] /u [domain]\[user_name] /p [user_password]”

13. System File Checker

System File Checker is an automatic scan and repair tool that focuses on Windows system files.

You will need to run the command prompt with administrator privileges and enter the command “sfc /scannow”. If SFC finds any corrupt or missing files, it will automatically replace them using cached copies kept by Windows for this purpose alone. The command can require a half-hour to run on older notebooks.

14. Tasklist

You can use the “tasklist” command to provide a current list of all tasks running on your PC. Though somewhat redundant with Task Manager, the command may sometimes find tasks hidden from view in that utility.

There’s also a wide range of modifiers. “Tasklist -svc” shows services related to each task, use “tasklist -v” to obtain more detail on each task, and “tasklist -m” will locate .dll files associated with active tasks. These commands are useful for advanced troubleshooting.

15. Taskkill

Tasks that appear in the “tasklist” command will have an executable and process ID (a four- or five-digit number) associated with them. You can force stop a program using “taskkill -im” followed by the executable’s name, or “taskkill -pid” followed by the process ID. Again, this is a bit redundant with Task Manager, but you can use it to kill otherwise unresponsive or hidden programs.


  • -

Windows 10 Security Alert As Microsoft Says: ‘Do Not Install This Update’

Category:Uncategorized

By Davey Winder

Microsoft appears to have been really struggling to get updates for Windows 10 users right of late. What with advising Windows 10 users to install a critical update before any others to avoid potential problems, and then confirming the Windows Update Assistant itself had a security vulnerability. However, just days after the latest Windows 10 update, KB4520062, was released, Microsoft is advising that some users, “should not install this update,” as it can break the Windows Defender Advanced Threat Protection (ATP) service. So, what’s gone wrong this time and who needs to avoid this latest Windows 10 update?

What is the Windows 10 KB4520062 cumulative update?

This is the second cumulative update for Windows 10 to hit users in October, and it’s not a particularly important one from the security perspective. Or, rather, it shouldn’t be. The update, KB4520062, or OS build 17763.832 if you prefer, has several highlights, according to Microsoft. These include preventing blank tiles from appearing in the Start menu when upgrading to version 1809 from any other previous version of Windows 10 and fixing an issue with the settings app failing if you change a theme. Other “highlights” include fixing a power consumption issue in standby mode and stopping a black screen from appearing after the first sign in following an update installation. There is one notable lowlight though, as Microsoft itself has now stated:

“After installing this update, the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer in MsSense.exe.”

Who is impacted by this Windows 10 update security issue?

While this won’t impact Windows 10 consumer users, it’s something of a big deal as far as those business users who rely upon Windows Defender ATP to protect them are concerned. Windows 10 Enterprise edition has this built-in, and it’s an excellent and highly recommended set of antivirus and security tools. Or at least it is if you don’t install this cumulative update. Although Microsoft said that it is “working on a resolution and estimate a solution will be available in mid-November 2019,” that doesn’t help in the meantime. “At this time, we suggest that devices in an affected environment do not install this update,” is the workaround warning that Microsoft stated to mitigate the issue. Affected environments being those running either Windows 10 version 1809 or Windows Server 2019 along with Microsoft Defender ATP. Today In: Innovation

The only good news here is that not all 900 million users of Windows 10 are impacted by this Defender-breaking update and that it’s not a mandatory one either.

I’ve said it before, and I’m going to say it again: Please don’t think that I’m a Microsoft hater as that is very far from the truth. I am a Windows 10 user myself, and I appreciate the complexity of maintaining such a behemoth of code. However, that doesn’t stop me from thinking that Microsoft can surely do better.


  • -

Windows 10 Security Alert: Hidden Backdoor Found By Kaspersky Researchers

Category:Uncategorized

By Davey Winder

A notorious hacking group known as Platinum, for once deserving of the “advanced” in the advanced persistent threat (APT) label, has developed a backdoor security threat that hides in plain sight on Windows 10 systems. The Platinum APT group, also known as TwoForOne, is thought to have nation-state backing and has been actively operating for the last ten years at least. Eugene Kaspersky has said that Platinum is “one of the most technologically advanced APT actors.” The discovery of the Windows 10 Trojan-backdoor, named Titanium after a password that unlocks one of the self-executable archives in the infection chain, is just the latest threat to emerge from this always evolving group.

The Titanium Windows 10 backdoor

The pernicious and technologically advanced piece of APT malware was discovered by researchers at security vendor Kaspersky during a recent analysis of Platinum APT group activity. The Titanium backdoor itself is the final act of a complicated infection sequence. The infection vector is thought use malicious code within local intranet websites, but the actual seven-step sequence itself is the same in every case analyzed by the researchers. 

First, there is the use of an exploit that is capable of executing code as a “SYSTEM” user. Think of this as being the same as admin in terms of privilege but used by the Windows 10 operating system and the services that run under it. For most intents and purposes, SYSTEM is to Windows what Root is to Linux. Today In: Innovation

This is followed by shellcode, literally code that starts a command shell to execute a list of instructions, injected into the winlogon.exe process. The Kaspersky analysis confirms that it is not currently known how the shellcode was injected. What is known, is that the shellcode downloads a downloader; in turn, this executes step three in the sequence, the download of a self-extracting (SFX) archive containing a Windows task installation script.

The SFX archive, protected by a password, then opens to reveal the Trojan-backdoor installer itself. Onto step five, which is running that installer script which initiates phase six, the registration of a .dll “loader” that pretends to be a legitimate DVD creation software help service. And finally, the backdoor itself.

“Titanium uses several advanced techniques, such as encryption, steganography and fileless malware, to try to hide its activities from anti-virus products,” a Kaspersky spokesperson says, “it also uses exploits to inject its payload into processes that are running with system privileges.” In the case of Titanium, security and DVD creation software along with audio drivers are amongst the processes mimicked to remain stealthy at every step.

This isn’t the first Windows threat to hide in plain sight by using a fileless strategy; the “Great Duke of Hell” malware used similar invisible man methodologies, as did the Nodersok zombie attack. However, combining living-off-the-land binaries (LOLBins) that are from the system itself with added encryption and steganography, whereby Titanium hides command and control data within an image file, reveals just how technically competent this attack group is.

Mitigating the Titanium backdoor security threat

Unless you are running the kind of corporate-grade security solution that monitors networks for system-wide behavioral indicators of a targeted attack, the chances are that Titanium could make it onto your system without detection. While I have focused on Windows 10 in my reporting, a Kaspersky spokesperson says that “the new Titanium APT threat infects systems with any modern Windows OS,” to add to the misery. Linux and macOS users are in the clear as Kaspersky says that Titanium only executes on Windows systems.

The good news, however, comes on two fronts. First, Kaspersky researchers have said that “we have not detected any current activity related to the Titanium APT,” which could be because Platinum hasn’t started a Titanium-based campaign as of yet, or that it hides so well that nobody has detected campaigns that are active. Threat intelligence would suggest that many Platinum attacks have gone undetected for years, as befits the “P” in the APT moniker. Secondly, and reassuring for consumers at least, is the Platinum group specializes in highly targeted attacks like most APT actors. In the case of Platinum, history suggests government targets are in the crosshairs, along with related organizations in the supply-chain that can help infiltrate them. Primarily, it would seem, these government targets have been in APAC countries.

Titanium is, as I have already mentioned, far from being the only malware that can infiltrate systems in a stealthy manner and grant control to a threat actor, advanced and persistent or otherwise. So, consumers are not out of the woods here; ensure that good cyber hygiene, in terms of clicking links or downloading attachments, is practiced at all times. Also, make sure both your Windows system is kept updated, despite the well-publicized issues there have been with Windows updates of late, and your security solution of choice likewise.


  • -

Common Reasons and Fixes for Cloned Hard Drive Won’t Boot

Category:Uncategorized

There are lot of reasons would cause the HDD or SSD won’t boot after clone. And here we concluded part of reasons. Please go through all of them and try the one that fits your situation best.

Trying wrong disk cloning software

EaseUS Disk Copy is a powerful and easy-to-use disk cloning program that can help you safely copy a hard drive. It enables a wide range of cloning activities, including hard drive cloning and partition cloning. As it has been around for many years, providing reliable service for the lowest cost imaginable, that reputation is deserved.

Bad sectors on the source disk

If the source disk you cloned has bad sectors, it may cause cloned drive won’t boot. So, please check and repair bad sectors using EaseUS Partition Master before the disk cloning.

Missed cloning the “system reserved” partition.

There is a high possibility that you have a system reserved partition or EFI system partition located on your system disk. Please make sure you are cloning the whole system instead of cloning the C partition only.

Set the wrong drive to boot from.

If there are more than one hard drive on your computer, when you boot failed, you need to consider whether it is wrong of your boot device. Just go to BIOS utility and make sure the new target disk is recognized and is set as the default boot disk.

GPT/MBR conflict

As you may know, some software allows you to clone MBR to GPT disk without disk conversion. However, the computer is not using the correct boot mode is one of the reasons why cloned SSD won’t boot in Windows. So, if your target drive is a GPT disk, make sure the UEFI boot mode is enabled, and if it is an MBR disk, then set it to Legacy boot mode. To change the boot mode, you can refer to the following to configure it:

Step 1. Continuously press a specific key (usually F2, F8, F12,Del) to enter BIOS Setup;

Step 2. Then, use the arrow keys to select Boot tab. Here, you can select UEFI/BIOS Boot Mode as Legacy or UEFI;

Step 3. Press F10 to save the settings and then exit, restart your computer from the cloned SSD.

f your computer does not support UEFI boot mode, the target disk cannot employ the UEFI boot mode. In this case, you need to convert GPT to MBR using EaseUS Partition Master, and then your disk can boot successfully in Legacy boot mode.

The cloned drive is externally connected via USB

Make sure the target disk is internally connected to your computer via IDE/SATA/M.2/PCIe instead of externally connected via USB.

Run Bootrec.exe

If all goes well, you can try to use Bootrec.exe to fix the problem. Boot your computer from the Windows installation media. Select Troubleshoot -> Advanced Options -> Command Line. In the pop up command prompt, run the following commands and then restart your PC.

bootrec /fixmbr
bootrec /fixboot
bootrec /scanos
bootrec /rebuildbcd


  • 1

Windows 10: Why it’s finally time to upgrade from Windows 7

Category:Uncategorized

From CNET:
Support for Windows 7 ends in January 2020. For security, software updates and other reasons, it’s time to stop procrastinating.

The end is near for Windows 7 users: After 10 years, Microsoft will stop supporting the OS on Jan. 14, 2020, which means it’s time to upgrade to Windows 10 to keep your PC running smoothly and securely. (Extended support for Windows 8.1 users ends in January 2023.) 

Security

The need to upgrade to Windows 10 is “primarily a security issue,” said Forrester Research analyst Andrew Hewitt. If you are still using Windows 7 or earlier versions come January, Microsoft will not provide security updates or fixes, or technical support for any issues — leaving your computer at greater risk from viruses and malware

Windows 10 includes the built-in Windows Defender Antivirus to protect against malware and spyware across email, apps, the cloud and the web. Windows Hello offers a password-free sign in option to unlock your devices with your face or a fingerprint reader. And a Find My Device service can lock and erase your Windows device remotely, or map the location of your device. 

Read more: 6 simple security changes all Windows 10 users need to make 

User experience features

Windows 10 offers a better user experience thanks to a number of features, Kleynhans said. One is the Your Phone app, which allows you to access texts, notifications and apps on your phone using your PC — similar to Apple’s Continuity features. A feature called Calls allows you to place and answer Android calls on your PC as well (and you can connect your iPhone to your Windows PC as well). A dictation feature lets you easily record ideas. 

Microsoft’s digital assistant Cortana is also available on Windows 10 PCs. The OS also integrates better with Microsoft OneDrive and other cloud tools, Kleynhans said. 

The most recent Windows 10 November 2019 update includes some new features such as changes to notifications that will make them easier to configure and manage from an app or website, and the ability to create events directly from the Calendar flyout on the Taskbar, instead of opening the app. 

Automatic updates

Unlike previous versions, Windows 10 offers automatic updates by default, to keep systems more secure. (You can turn these off if you want to, by going to Windows Update Settings > Advanced Options and changing from Automatic to another option in the drop-down menu.) 

“While some users might actually think that getting no more annoying updates is a blessing, it actually would pretty quickly expose the user to all sorts of potential malware attacks,” Kleynhans said. “The good news is that for the most part Windows 10 is a pretty smooth upgrade for the vast majority of users.”

You can expect updates to happen fairly frequently, Hewitt said, “almost as if you’re using an Android or an iOS device and getting prompts to continuously update the operating system.” 

How to upgrade to Windows 10

You can download Windows 10 via Microsoft’s website. While Microsoft technically ended its free Windows 10 upgrade program in July 2016, our sister site ZDNet reported that at least as of September, the free update was still available for Windows 7, 8, and 8.1 users.