Offline install of .NET Framework 3.5 in Windows 10

Windows 10 comes with .NET framework 4.5 pre-installed, but many apps developed in Vista and Windows 7 era require the .NET framework v3.5 installed along with 4.5. These apps will not run unless you will install the required version. When you try to run any such app, Windows 10 will prompt you to download and install .NET framework 3.5 from the Internet. However, this will take a lot of time. You can save your time and install .NET Framework 3.5 from the Windows 10 installation media. This method is much faster and does not even require an Internet connection. Here is how to install it.

To install .NET Framework 3.5 in Windows 10, do the following:

  1. Insert your Windows 10 DVD, or double click its ISO image, or insert your bootable flash drive with Windows 10, depending on what you have.
  2. Open ‘This PC’ in File Explorer and note the drive letter of the installation media you have inserted. In my case it is disk F:
  3. Now open an elevated command prompt and type the following command:

Dism /online /enable-feature /featurename:NetFX3 /All /Source:F:\sources\sxs /LimitAccess

Replace F: with your drive letter for Windows 10 installation media.

You are done! This will install .NET framework 3.5 in Windows 10.

credit to :


Having trouble copying from XP Pro to Vista ??

The permissions that Vista requires seem more stringent than in XP Pro. I have happily copied from XP Pro to XP Pro for years. When copying from XP machine to Vista machine, files will copy; but when on Vista machine and trying to copy from XP, some files copied and other s didn’t.
I tried about 50 different solutions – none worked! The XP machine has not set the permissions in a way that Vista can copy from, so you need to set them up on the XP machine.
1. Go to the folder (not file) that stores the files that won’t copy (eg. the yellow My Documents folder).
2. Right click on the folder and select PROPERTIES.
3. Select the SECURITY tab.
4. Select ADVANCED (bottom right).
5. Make sure you select the PERMISSIONS tab if it isn’t already selected.
6. Click on “Allow _ Everyone _ Modify _ ….” the lines with MODIFY on, are the ones that are preventing the files from transferring.
7. Now that the “Allow _ Everyone _ Modify _ ….” line is selected, click EDIT.
8. In the list of permissions in the next window, you’ll see some UNSELECTED boxes under the heading ALLOW.
9. SELECT each of these to give full control to the EVERYONE name.
10. Click OK
11. Place ticks in both boxes at the bottom left of this window (Advanced Security Settings window)… Box headings are …(INHERIT FROM PARENT THE PERMISSION ENTRIES and REPLACE PERMISSION ENTRIES ON ALL CHILD OBJECTS)
12. Click OK
13. Click OK
Now the XP machine will give full rights to the VISTA machine to copy files over.
My VISTA machine has File Sharing switched on. To check this select CONTROL PANEL, then select NETWORK AND SHARING CENTRE. Under this window you can turn on a number of actions including FILE SHARING (it should be ON).
Hope this helps.

Move over Stuxnet, Say Hello to the new Cyberweapon: “Flame”

(Screenshot of Iran CERT warning for “Flame” Malware)

Yesterday Iran’s Computer Emergency Response Team released a warning about a new modular malware that resembled Stuxnet and Duqu. Dubbed “Flame”, the new cyberweapon is causing quite a stir in the media with it’s “advanced features and complexity”.

But looking at the malware’s features disclosed by Iran’s CERT team, it doesn’t seem very game stopping:

  • Distribution via removable medias
  • Distribution through local networks
  • Network sniffing, detecting network resources and collecting lists of vulnerable passwords
  • Scanning the disk of infected system looking for specific extensions and contents
  • Creating series of user’s screen captures when some specific processes or windows are active
  • Using the infected system’s attached microphone to record the environment sounds
  • Transferring saved data to control servers
  • Using more than 10 domains as C&C servers
  • Establishment of secure connection with C&C servers through SSH and HTTPS protocols
  • Bypassing tens of known antiviruses, anti malware and other security software
  • Capable of infecting Windows Xp, Vista and 7 operating systems
  • Infecting large scale local networks

All of these “threats” have been seen before. I especially liked the “bypassing tens of known anti-viruses…” line.

But there are several features that do set “Flame” apart from the pack. First of all the malware is very large, a whopping 20MB. Also, it contains several files and seems to be able to attack using swappable modules. But there is more.

According to an article on The Register, Flame has the following features:

  • It has been active for at least 2 years, but possibly 5-8 years
  • Contains exploits for known and fixed vulnerabilities
  • Uses open source libraries
  • Uses a SQLlite database
  • Uses some Scripts written in Lua (of Angry Birds fame)

All the big name security companies that have analyzed it seem to agree that with it’s complexity, it was most likely written by a Nation State and not individuals or small groups.

The malware could have been created by Israel (and possibly the US) as many of the countries that have detected infection would be logical targets for them.

As according to Symantec:

Initial telemetry indicates that the targets of this threat are located primarily in Palestinian West Bank, Hungary, Iran, and Lebanon. Other targets include Russia, Austria, Hong Kong, and the United Arab Emirates. The industry sectors or affiliations of individuals targeted are currently unclear.”

I am not sure of it’s “CyberWeapon” title, as it seems to be an information gatherer. Definitely worth keeping an eye on, but as with “APT” and “Stuxnet”, I am sure the media will beat this topic to death.


p/s: Credit to

Mapping Network Drive in OSX


1 – 
Click on the “Finder” icon in the dock at the bottom of the screen.

2 – 
Open the “Go” menu at the top of the screen and choose the “Connect to Server” option.

3 – 
Enter the address of the network drive that you want to map in the text field at the top of the pop-up window. If you plan to map this network drive on a regular basis, you can click on the plus symbol to add it to your list of favorite servers.

4 – 
Press the “Connect” button to initiate a session with the specified server.

5 – 
Enter your domain, username and password in the appropriate fields and then click “OK” to log in to the server.

 – Double-click on the network drive icon that appears on your desktop to access the shared folder through the Finder application

Extra Repositories on N900


Maemo, the operating system of Nokia N900, has 3 repositoriesof applicationsRepositories are ExtrasExtras-Devel, and Extras-Testing and in each are grouped the applications according to their compatibility and the result of the test in Maemo.

Repository Extra.

In the N900 the repository Extras is pre-configured but is not compatible with the current firmware. The user has to allow this repository before use. Extras is a repository where they are applications that are tested properly and compatible, with a perfect functionality.

If you erase this repository you can return to install it. In applications manager we create the catalogue with the following information:

Also you can do click here on your N900 to install it automatically.

Repository Extra-Testing.

Extra testing Repositories Extras, Extras Devel and Extras Testing for Nokia N900

This repository adds manually. Extras-Testing contains the new applications that have not yet been tested and verified.

In applications manager we created the catalog:

Also you can do click here on your N900 to install it automatically.

Repository Extra-Devel.

Extra devel Repositories Extras, Extras Devel and Extras Testing for Nokia N900

This repository also adds manually. In Extras-Devel we find applications in the early stages of development or version “alpha”. This repository is the least indicated for the end users, since its operation can have too many problems.

To install the repository Extras-Devel we are going to applications manager and created the catalog with the following information:

Also you can do click here on your N900 to install it automatically.

Have a nice day!!!

How to remove the “” malware

Here the instructions :-

  1. Open Add/Remove Programs by going to Control Panel in Windows (or type ‘control‘ in the Run prompt and press enter).
  2. Uninstall the PDFforge toolbar and/or Search settings listed as applications using Add/Remove Programs.
  3. Well done! Get yourself a victory coffee for delivering your browser from Internet AIDS.


Installing PDFCreator also installs the PDFforge toolbar, which intentionally misdirects 404 URL navigations in Internet Explorer and Mozilla Firefox. Thanks to James for posting about similar problems caused by Search settings.

Son of Stuxnet

The security industry is currently buzzing with talks about a threat dubbed as the precursor to the next STUXNET.

According to a Symantec analysis, portions of the code are very similar to STUXNET, and was likely written by the same cybercriminals as the well-known threat. Unlike STUXNET, however, Duqu does not have code that suggests it was developed to access SCADA systems. Instead, its final payload appears to be inclined toward information theft.

Duqu is made up of several components. The SYS file, which is detected as RTKT_DUQU.A, is responsible for activating the malware, and triggering the execution of its other routines. Based on analysis, however, the main goal of the said files is to establish a connection with its C&C server. It is said that Duqu delivered an information-stealing malware, detected as TROJ_SHADOW.AF, into the affected systems through this connection. We have also verified that DUQU has codes very similar to that of STUXNET.

Upon execution, TROJ_SHADOW.AF enumerates the processes currently running on the system. It also checks if it matches any of the following security-related processes:

avp.exe (Kaspersky)
Mcshield.exe (McAfee)
avguard.exe (Avira)
bdagent.exe (Bitdefender)
UmxCfg.exe (CA)
fsdfwd.exe (F-Secure)
rtvscan.exe and ccSvcHst.exe (Symantec)
ekrn.exe (ESET)
tmproxy.exe (Trend Micro)
RavMonD.exe (Rising)
If found, TROJ_SHADOW.AF launches the same process in a suspended state, then patches the malware code before resuming the execution. In effect, there will be two AV processes; the first being the original, and the second being the patched one.

TROJ_SHADOW.AF requires command lines in order to execute properly. Available commands include: collecting information on the affected system, terminating malware processes, and deleting itself. It can steal a wide array of information on any affected system, such as:

1. Drive information such as:

Drive device name
2. Screenshots
3. Running Processes and Owner of Running Processes
4. Network Information such as

IP address
IP routing table
TCP and UDP table
DNS Cache table
Local Shares
5. Local shared folders and connected users
6. Removable drives serial number
7. Window names
8. Information on open files on local computer using NetFileEnum

Upon execution, RTKT_DUQU.A decrypts a configuration file in its body to get the registry path containing the location of TROJ_DUQU.ENC, and the process where to inject the DLL. From our analysis, the decrypted registry path in the two samples are HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JmiNET3 and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmi4432, respectively.

These registry paths contain the “FILTER” entry, which contains encrypted data which RTKT_DUQU.A will decrypt to get the path of TROJ_DUQU.ENC, as well as a process name where TROJ_DUQU.ENC will be injected.

Decrypting TROJ_DUQU.ENC results into a DLL file that is injected in the process specified in the registry. The decrypted DLL is detected as TROJ_DUQU.DEC. Once TROJ_DUQU.DEC is loaded, it accesses TROJ_DUQU.CFG to get configuration information.

Information contained in the configuration file include:

Service registry key
File path of component files
Websites it will try to connect to for DNS checking
Processes wherein TROJ_DUQU.DEC will inject itself into
TROJ_DUQU.DEC communicates with the C&C server to receive and execute commands. These commands include downloading other malicious files, which in this case, appears to be the infostealer TROJ_SHADOW.AF.

Enterprise networks are also protected from DUQU through the Trend Micro Threat Discovery Appliance, which detects the malware’s connection to the C&C server through the rule 473 TCP_MALICIOUS_IP_CONN. Also, Deep Security is able to detect the changes made inside the Drivers folder (%Window%\system32\drivers) by DUQU variants,through the rule Integrity Monitoring Rule: 1003517 – Microsoft Windows – System driver files modified.