----- Original Message ----- From: "Lincoln Yeoh" <lyeohat_private> Subject: Re: Shutting down windows NT remotely (without winnt toolkit)? > So is it impossible to remotely shutdown (properly) a default install NT > machine (no reskit stuff, just infected with codered/nimda)? It is possible to create a fake install on a single command line which forces a reboot (albeit properly). I have adapted some code I found elsewhere to illustrate: cmd /C @ECHO OFF & cd/d %temp% & echo [version] > z.inf & echo signature=$chicago$ >> z.inf & echo [defaultinstall] >> z.inf & rundll32 setupapi,InstallHinfSection DefaultInstall 1 %temp%\z.inf & del z.inf A cheap fix would be to modify the above example to also rename say the Winsock DLL's so when the box reboots, it is unable to start network services. regards. ---------------------------------------------------- Sign Up for NetZero Platinum Today Only $9.95 per month! http://my.netzero.net/s/signup?r=platinum&refcd=PT97
This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 16:13:04 PST