Saturday, September 13, 2008

Go.Google - Trojan - Malwarebytes - link replacement

There seems to be a new malware player that hasn't been very well documented yet. This Trojan replaces hyperlinks in Internet Explorer so that when you click on a link you are redirected to a site of their choosing (or an error page). I think the links contain a code that gives the creator of the Trojan a pay-per-click reward. At least this one has a motive.By the time I got the PC with this Trojan, it had been infected with hundreds of spyware items and the AVG antivirus was compromised. After a couple of passes with SuperAntiSpyware, SpyBot and AdAware the PC was behaving normally except for the redirected links. I manually removed or renamed dozens of suspicious files in the System32 directory, removed all suspicious files with HijackThis, checked the Hosts file and monitored activity with Process Explorer and still couldn't get rid of the Trojan. I also installed Bit Defender after reading some articles stating that they had discovered such a Trojan a few months ago. It turns out...

...see complete post with comments

Friday, August 22, 2008

Outlook 2007 Security Alert - Exchange

A customer e-mailed today about an Outlook Security Alert that was showing up on one of their workstations. I used Remote Desktop to log in to the PC to check on the error.Since this was one of my customers using my hosted Exchange service I first checked the certificate to make sure it was from our Exchange provider. It looked fine, so I clicked the 'Yes' option and all worked well. The problem was that the alert box still came back each time they open Outlook. After a few minutes away from the issue, I realized that the problem must be in the Outlook settings because we're not using encryption and shouldn't need a certificate at all. I reconnected with the PC and went to the 'Security' tab in the account settings, unchecked the 'Encrypt data....' box and the warning went away and stayed away.I know there are lots of different causes and solutions to this but most are related to the Exchange Server setup. Since this is a hosted service, the best solution was a quick fix on the client...

...see complete post with comments

Saturday, October 20, 2007

Spyware - can't use Control Panel

One of the frustrations in removing spyware is that some varieties disable the tools you might use to remove it. I ran into one of these that couldn't be removed by the usual spyware tools (see other entries). This one corrupted and blocked the Control Panel. I found that there are a few registry entries that can make or break the Control Panel. Following is how they should look in a working environment.[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]Start_ShowControlPanel=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WebView\BarricadedFolders]shell:ControlPanelFolder=dword:00000000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Policy\NoControlPanel]@=[HKEY_USERS\S-1-5-21-1645522239-1580436667-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]Start_ShowControlPanel=dword:00000002If you find that regedit is also broken here are some...

...see complete post with comments

Friday, August 31, 2007

Windows XP - Hard Drive Space - Performance

All PC's will run a bit faster if there is plenty of room on the main ''C'' hard drive. Fifty percent free space would be nice but you really need to keep at least 20% free to avoid noticeable performance degradation. Here are a few ideas to help clear up space for you; First reduce the space allocated for ''System Restore''. This is nice tool but it tends to use up too much drive space if left on default settings. Right click ''My Computer'' > ''Properties'' > ''System Restore'' > ''C'' drive > ''Settings'' > set the slider to about 5% but no more than 2000 MB. Next, if you have a drive or partition other than ''C'' we'll move your Virtual Memory to a secondary drive. This must be an internal drive or partition, not a USB or Firewire drive. Click the ''Advanced'' tab then under ''Performance'' > ''Settings'' > ''Advanced'' tab > under ''Virtual Memory'' > ''Change'' > select a drive other than ''C'' > click ''Custom size'' > enter ''1024'' in the...

...see complete post with comments

RAID 0 or 1 - Data Recovery

Once in a while I come across a PC with RAID0. This is a 2 disk array with striping - the data is interleaved between 2 hard drives and neither drive has all the data. There must have been a reason for this in the past but in my experience it can cause a lot of problems without any benefits. If the PC won't boot and defies all efforts to be revived, it is very difficult to recover data. With RAID1 (mirrored) or without RAID, I can usually recover data by connecting the drive to another PC with an external enclosure and then either drag and drop files as needed or run a relatively inexpensive data recovery software. With RAID0 only a data recovery specialist with a bench full of equipment can get at the data. The cost goes from the $100-200 range to the $500-$1,000 range.

...see complete post with comments

Seagate - SeaTools - Hard Drive - SATA

If you're having problems with your hard drive; noisy, read/write errors etc. then you should download SeaTools for Windows. It can test USB, 1394, ATA (PATA/IDE), SATA and SCSI drives - Seagate, Maxtor and others (use DOS version for RAID drives). You may want to run Windows Chkdsk first to resolve any file system problems.

...see complete post with comments

Motherboard Battery

Since the life of the 3 volt motherboard battery is so much better than it was a few years ago, I don't often need to replace them. However, a client called today and said her PC had been starting with the wrong year after a cold reboot for a few weeks and now it wouldn't boot at all. The boot process froze showing a checksum error and offering an F2 option to load defaults - this didn't actually work. I replaced the battery and now it's working fine.

...see complete post with comments

XP - Raid - SATA

Helped a friend this afternoon that was trying to install a new SATA hard drive in his son's PC. The PC is about 4 years old and one of the earlier models with onboard SATA and RAID. XP did not recognize the hard drive. I tried to walk him thru the BIOS setting to enable the drive and disable RAID (he didn't want it) but there were no settings for the SATA connectors. We tried a BIOS update and that failed. At last I sent him the RAID drivers for his motherboard and asked that he use the F6 option to install these on his next attempt - this worked and now he's finishing the install.

...see complete post with comments

Things to Do
John's business web site
Google RSS and Gadget

Visit or Join Blog Catalog
Things to Buy

Nice tool to speed up your PC

Look for Pocket Controller Pro
Things to Read
Mezzanine View
Politics - Environment - Technology
Bridging the Gap...
to better writing
Autorotate's Flying Circus
Politics with humor - enjoy
Things to Buy

Best for Windows on Mac

Great backup software - low price
'Who sent you' top 10
Shameless Plugs
VBS Reachout Adventures
Vacation Bible School Program
Keep'n' Safe
Good deals on gun safes
Screw Outfitters
Complete line of Faspac fasteners
Tom Haseltine Photography
Note cards and more
East Point Seafood
Order canned seafood from cannery