Most Popular Posts

Sunday 17 April 2011

No mapping between account names and security IDs was done!

Sunday morning and I am busy setting up a SQL 2008 R2 in a VM but get this error message when trying to add in my service accounts, I checked and double checked the accounts, passwords etc with no luck and then wondered was it something to do with the fact that I had cloned these Virtual machines?.....

I then ran psgetsid.exe on my SQL server and DC and found the problem... duplicate machine Sids :'(

Moral of the story is always use sysprep before cloning a VM :)
which is really obvious when you think about it, oh well...

Friday 8 April 2011

Firefox Profiles for home and work

Just a quick one about firefox profiles..... I wanted a way to get to all of my work related bookmarks at work and from home without mixing them with my personal ones. Here's how to do it:

create 2 new shortcuts as follows:
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -P WorkProfile -no-remote
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -P HomeProfile -no-remote

set up the new "Sync" feature in Firefox 4 and your all done! :)

Monday 4 April 2011

vbma92a1.sys

So I was looking at another infected laptop *sigh*......

This one was redirecting web traffic to all sorts of places and stopping processes such as rootkit revealer, process explorer dead in their tracks. Since I couldnt see nothing obvious in services, the run key or Task manager I suspected a driver based rootkit... and I was right :)

I looked in system32\drivers and noticed a file called vbma92a1.sys that was dated a few days ago so I renamed it to .old and it recreated itself on next reboot, aha!

I then booted into an offline environment and deleted it and created a dummy vbma92a1.sys file in its place, denying everyone and everything access to it.

Upon rebooting all of my tools now worked :)

just gotta give it a quick scan with something other than what is installed and it should be good to go ;)

hope this helps!