Thread: help help help!!!!
View Single Post
  #6 (permalink)  
Old 03-19-2008, 01:58 PM
lurkswithin's Avatar
lurkswithin lurkswithin is offline
Senior Member
  
About:
Join Date: Jan 2008
Location: Texas
Posts: 1,233
lurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura aboutlurkswithin has a spectacular aura about

Default

HyperTerminal is an application that you can use to connect to other
computers, to Telnet, to sites, to bulletin board systems (BBSs), to online
services, and to host computers, by using your modem, a null modem cable,
or and Ethernet connection.

If the hyperterminal application was set as the default telnet client then it can become vulnerable or currupted and may cause loss of control during start-up as it performs scanning of telnet urls..or opening .ht sessions automatically!

It is built in to windows but has a major vulnerability issues where it can be used to take over someones computer. Also saving certain .ht files or sessions can cause havock to your computer. This is especially true for .ht extensions in emails.

This might be what has happened to you!

Microsoft had a fix for this in SP2 but could still be problematic if you were linked to a website and tricked into a few keystrokes to activate the hyperlink activity on that site.

Sometimes removing hyperlink will stop the applications depending upon it but you may not be able to remove it without a full restoration of the operating sytem.
************************************************** *******
To remove hyperterminal requires registry editing and if done wrong could make your computer un-operatable
************************************************** *******
To stop hyperterminal:
* Disable the handler for HyperTerminal session files (.ht files) by
removing the following key:
HKEY_CLASSES_ROOT\htfile

* Click Start, click Run, type "regedt32" (without the quotation
marks), and then click OK.
* In Registry Editor, locate the following registry key:
HKEY_CLASSES_ROOT\htfile
* Click on htfile, and then press the Delete key on the keyboard.
* In the Confirm Key Delete dialog box, click OK. For Windows NT 4.0
Server: In the Warning dialog box, click Yes.
************************************************** ********
It is reccommended that htperterminal be removed as default setting for Telnet

Un-register the HyperTerminal client as the default Telnet client
If HyperTerminal cannot be removed, to help prevent attacks that use
Telnet URLs, make sure that HyperTerminal has not be set as the default
Telnet client. The following steps can help you determine whether
HyperTerminal has been set as the default Telnet client. These steps also
describe how to un-register HyperTerminal.

* Click Start, click Run, type "regedt32" (without the quotation
marks), and then click OK.
* In Registry Editor, locate the following registry key:
HKEY_CLASSES_ROOT\telnet\shell\open\command
* If the value C:\Program Files\Windows NT\hypertrm.exe /t %1 exists,
change it back to the following default value: rundll32.exe
url.dll,TelnetProtocolHandler %l
* In Registry Editor, locate the following registry key:
HKEY_CURRENT_USER\Software\Netscape\NetscapeNaviga tor\Viewers\telnet
* If the value C:\Program Files\Windows NT\hypertrm.exe /t %1 exists,
delete this key. By default, this key does not exist. When you delete this
key, you help prevent HyperTerminal from being used by Web browsers other
than Internet Explorer as the default Telnet client.
************************************************** ******

If you are not comfortable about using registry editing then I would recommend that you do a complete reinstallation of the operating ststem. You might need to do this anyway if it is determined that you were hacked instead of just having hyperterminal corrupted in your system!

Either way you must stop the application first..one way or the other!



Reply With Quote