Fencepost Software & Consulting » Fixes & Troubleshooting

Simple Rules for Avoiding Malware in Email

Alan — Sun, 18 Dec 2011 06:04:38 +0000

Here’s a bit of a writeup I did for some folks who were being hit with a bout of malware email messages (the actual attachments were being removed by our filters).

The message(s) you received were an attempt to infect your computer with malware, the mail server on receiving the message removed the dangerous attachment but in general if you receive an attachment that you’re not expecting, do not open it – malware writers are creative and may come up with something that the mail server won’t block, at least not while the attack is new. This is the first attempt I remember seeing that pretended to be travel arrangements, but it’s not a surprising development.

(...)
Read the rest of Simple Rules for Avoiding Malware in Email (531 words)

© Alan Miller/Fencepost Software & Consulting, 2011. All Rights Reserved. | Permalink & Comments
Post tags: Email, Malware, Phishing, Scams, Security, Spam, Virus

USB Bluetooth on Kubuntu 11.04 (Natty)

Alan — Sat, 06 Aug 2011 04:44:19 +0000

I recently ended up with an ASUS Eee-PC tablet/netbook (T101MT) to play with. Reviews for the system were less than stellar, based in large part on it shipping with Windows 7 Starter edition (which is lacking in both features and good touchscreen/tablet support), so after a bit of partition rearrangement to free up space, I installed Kubuntu 11.04 Natty Narwhal on it – the same thing I’m using on my desktop.

The Ubuntu community has good support and documentation for both this machine and for running Ubuntu and Kubuntu on netbooks, so getting everything going was remarkably painless with two notable exceptions: getting a USB Bluetooth adapter working, and getting the screen to lock when I manually put the tablet to sleep (after a little fiddling with screen savers & settings, it locks fine if it goes to sleep due to idle timeout). I’ve seen some recommendations for the sleep locking issue and will pursue that later, but in this article I’ll do a bit of diagnosing and configuring to get Bluetooth working.

(...)
Read the rest of USB Bluetooth on Kubuntu 11.04 (Natty) (585 words)

© Alan Miller/Fencepost Software & Consulting, 2011. All Rights Reserved. | Permalink & Comments
Post tags: Bluetooth, Fixes, Linux, Troubleshooting

List of USB Flash Drives with Hardware Write Protection Switch

Alan — Sat, 13 Mar 2010 05:14:48 +0000

Frequently when troubleshooting or cleaning PCs (ah, the joys of small business IT) it’s useful to have a bundle of tools that you can use. I generally use multiboot antivirus CDs created with Shardana Antivirus Rescue Disc Utility (SARDU) with additional utilities put in the Extras directory, but sometimes it’s hard to beat the convenience of a USB flash drive. Unfortunately very few flash drives still have the hardware write protect switch that was common years ago.

Here’s a listing of drives that still include that hardware write protection, along with some other options that might work though not as well. This listing is based on reports from several discussion boards in 2009-2010 as well as a list prepared and maintained by c’t Magazine (German) (or via Google Translate). Where available I provide links to the manufacturers and possibly to stores where the drives are available. Please comment with any corrections or additional drives to be added to the list.

(...)
Read the rest of List of USB Flash Drives with Hardware Write Protection Switch (2,491 words)

© Alan Miller/Fencepost Software & Consulting, 2010. All Rights Reserved. | Permalink & Comments
Post tags: Hardware, Malware, Reference, Security, USB

(Fix) Postfix: Recipient address rejected: Domain not found

Alan — Sat, 06 Mar 2010 19:42:54 +0000

We had a problem last weekend with Postfix not accepting email for a single domain when it was coming from outside our network, while messages from hosts on the local network were accepted and routed with no problems. Messages from outside the network were rejected with a 450 (temporary) code and the error message “Recipient address rejected: Domain not found”. The cause did end up being a DNS problem (apparently the most common kind of issue with Postfix), but not one that I would have expected (a missing host entry for the top-level domain, so example.com wouldn’t resolve even though mail.example.com did). Finding the source of the problem was complicated because of a set of several changes during a weekend maintenance window.

(...)
Read the rest of (Fix) Postfix: Recipient address rejected: Domain not found (687 words)

© Alan Miller/Fencepost Software & Consulting, 2010. All Rights Reserved. | Permalink & Comments
Post tags: Email, Fixes, Linux, Troubleshooting

(Fix) OpenOffice.org Hangs When I Start Typing

Alan — Sun, 21 Feb 2010 05:21:03 +0000

I ran into a minor difficulty recently on a Linux desktop PC (CentOS 5.4) updated to the recently released OpenOffice.org 3.2, specifically the Go-Oo.org variant that includes some options and tweaks left out of the primary branch. OpenOffice.org 3.2 would start without difficulties, but as soon as I started to type the application would completely freeze up or hang. I only checked this in Calc and Writer, but I suspect that it applies to all of the other components as well and from what I’ve read it’s not specific to CentOS (or other RedHat-derived distributions).

After a bit of searching, I ended up at this thread: OpenOffice-3.0.1 hangs if SCIM is active. Boiled down to something for those not interested in the technical details, OpenOffice.org 3.x has problems with some configurations of SCIM, the “Smart Common Input Method platform.”
(...)
Read the rest of (Fix) OpenOffice.org Hangs When I Start Typing (371 words)

© Alan Miller/Fencepost Software & Consulting, 2010. All Rights Reserved. | Permalink & Comments
Post tags: Fixes, Linux, Troubleshooting

Slow Startup with Multiple ‘Starting’ Services After Malware

Alan — Mon, 23 Nov 2009 04:02:18 +0000

I had an interesting problem with a server (Windows 2003 Standard) at a small business (6 users total) the other day – a very long startup time. The server in question is a standalone domain controller/DC as well as a database/application server and file/print server. Terminal Services is installed & configured, but rarely used – mostly for access from outside the office. Database and domain services/authentication were available fairly quickly, as were console logins (via UltraVNC/uVNC) – probably 15-20 minutes to that stage, but more than an hour before terminal services/remote desktop was available.

Digging around on the console attempting to track down the source of the problems, I found multiple services listed as “Starting” – all of them malware-based, with the actual infection cleaned out. My suspicion is that these non-startable services were causing the startup of other services to be delayed, though in this case I’m not really planning on setting up a test system to verify that.

In the rest of this post I’ll give a bit more detail on the scenario, what I found, what was needed to clean it out, and a few more notes on what I suspect was happening.

(...)
Read the rest of Slow Startup with Multiple ‘Starting’ Services After Malware (612 words)

© Alan Miller/Fencepost Software & Consulting, 2009. All Rights Reserved. | Permalink & Comments
Post tags: Fixes, Malware, Office IT, Repair, Troubleshooting, Virus, Windows

(Fix) “Another Installation is Already In Progress’ installing Office 2007 over Office 2000′

Alan — Mon, 09 Nov 2009 05:43:34 +0000

Ran into an interesting problem this evening – I was helping someone who was having problems with installing Office 2007 on an XP system with Office 2000 (I believe Professional) installed. The problem was that when the actual installation process started, it would hang up because another installation was running.

The standard fix for that is restarting the system to let the in-progress installation do the processing that it needs a system restart for, but in this case that wasn’t the issue.

(...)
Read the rest of (Fix) “Another Installation is Already In Progress’ installing Office 2007 over Office 2000′ (510 words)

© Alan Miller/Fencepost Software & Consulting, 2009. All Rights Reserved. | Permalink & Comments
Post tags: Fixes, MSOffice, Repair, Troubleshooting, Windows

Avoid VBScript for Web Apps

Alan — Fri, 06 Nov 2009 14:40:32 +0000

Earlier this week I spent some time troubleshooting a browser-based application that a client is using. The problem cropped up on a PC with a clean install of Windows XP SP3 after assorted system corruption that wasn’t worth the time to repair.

(...)
Read the rest of Avoid VBScript for Web Apps (445 words)

(Fix) When DNS and ping Fail but nslookup Works (Windows)

Alan — Tue, 03 Nov 2009 02:59:07 +0000

Spent some time recently with a Windows XP laptop that would see networks fine (although IP address acquisition via DHCP seemed slower than I’d expect), but which was unable to resolve names with DNS. This was affecting IE, Firefox, ping, basically anything that used the built-in Winsock calls such as gethostbyname(). NSLookup, on the other hand, worked just fine.

The first thing to do when facing any computer problem is to figure out where the problem lies, so it was time for a bit of sleuthing.

(...)
Read the rest of (Fix) When DNS and ping Fail but nslookup Works (Windows) (926 words)

(Fix) r3953724.cn Malware/Adware Redirections

Alan — Thu, 29 Oct 2009 00:34:02 +0000

Quick Fix: have a program named procmon.exe running (copy of notepad.exe) to disable malware temporarily. This should let you run searches & download fixes. This is only temporary while you clean the system. Read this post for more details and please let me know in comments if this does or does not work for you.

Update/Fix:

The system did indeed have a corrupted atapi.sys file as noted in the comments, though I did not end up using ComboFix to clean it – I was able to replace the file with the identically-sized but binary-different one from the most recent service pack (C:\Windows\ServicePackFiles\i386\atapi.sys) and have not seen the same problem recurring.

In addition, if you need to prevent it from redirecting while you download fixes, you may be able to simply copy notepad.exe (or another common executable) to the name procmon.exe and run that. Last night while I still had the infection active it did not seem to redirect while procmon was running under that name, possibly as a measure to avoid detection.

At this point (several days after initial infection, more than a week after initial reports in the wild) I suspect that many of the tools linked below are updated with definitions that cover this malware so you can probably get by with simply running updated versions of those.

(...)
Read the rest of (Fix) r3953724.cn Malware/Adware Redirections (348 words)

Fix for Outlook 2007 Trying to Load InfoPath (Error 1605)

Alan — Fri, 17 Jul 2009 02:45:30 +0000

Just ran into this situation after a client uninstalled & reinstalled Office 2007 Pro. When Outlook was opened, it complained twice about being unable to open InfoPath because it wasn’t installed.

I found multiple other complaints about this, but no solutions (though some suggested removing and reinstalling Office). A bit of digging with SysInternals’ Process Monitor, turned up mention of not finding the somewhat promising value “DisableInfopathForms,” so I took a stab and created the value as a DWORD under the location ProcMon was reporting. Setting the value to 1 cleared the problem on Outlook startup.

(...)
Read the rest of Fix for Outlook 2007 Trying to Load InfoPath (Error 1605) (140 words)

© Alan Miller/Fencepost Software & Consulting, 2009. All Rights Reserved. | Permalink & Comments
Post tags: Email, Fixes, Microsoft, Repair, Troubleshooting, Windows

Winlogon.exe at 50% or 100% CPU (Fix)

Alan — Thu, 09 Jul 2009 19:43:30 +0000

There are apparently a variety of things that can cause the winlogon.exe process on Windows PCs to consume all available CPU, but I’ve found few references to this cause – corruption in Offline Files, even when Offline Files is disabled on the PC, on the server and on the domain (via Group Policy). Depending on the age of the PC, this will consume either 50% of the CPU (on newer dual-core systems) or 100% of the CPU (on older systems). This is the only non-malware winlogon.exe problem that I recall personally encountering.

Update: The original title & article indicated that this applied to Windows PCs on domains only, but Offline Files is available to non-domain PCs as well as long as Fast User Switching is not turned on.

(...)
Read the rest of Winlogon.exe at 50% or 100% CPU (Fix) (257 words)

© Alan Miller/Fencepost Software & Consulting, 2009. All Rights Reserved. | Permalink & Comments
Post tags: Fixes, Troubleshooting, Windows

SETPWRCG.EXE – Dell Power Management component

Alan — Sun, 28 Jun 2009 14:59:18 +0000

My antivirus reported an infected file (setpwrcg.exe) this morning, with a file date of 7/19/2004.

There were a few things that struck me as odd about this:

It didn’t seem like a randomly-generated name,

Most viruses/worms don’t seem to bother to set their file dates, particularly not to 5 years ago,

I haven’t been doing anything likely to get my system infected, and

I use a firewall that should’ve warned me if anything unusual was trying to make outbound connections from my computer (e.g. to try to spread an infection).

Searches via Google & Yahoo turned up nothing significant (mostly this file in lists of files and one warning that it had been found on infected systems), so I did a little more investigating at a very brute-force level.

The file in question doesn’t have any vendor information, version strings, etc. which is a bit suspicious, but looking at the actual content of the file, I found multiple strings tied to Dell power management configuration – hibernation, etc. Since this fits with the name “set pwr cg” I’m going to assume that the cg is short for something like “configuration” and that they were trying to stick with a DOS-style 8.3 name for this file. The reason it turns up on infected systems is that Dell computers get viruses too.

Almost certainly a harmless file, at least this version of it.
[contact-form-7]
No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

© Alan Miller/Fencepost Software & Consulting, 2009. All Rights Reserved. | Permalink & Comments
Post tags: Maintenance, Repair, Security, Virus

NEVER Give Out Your Password

Alan — Wed, 24 Jun 2009 15:31:34 +0000

IF support staff for a service you are using need access to your account or information within it, they can get that access without needing your password. Nobody should be asking for your password.

This applies to email (e.g. Hotmail/Windows Live, Yahoo, Google and many others), social networking (Facebook, LinkedIn, MySpace, etc.), online photos (Flickr, etc.), and especially applies to your banking and finances. NO bank or financial services employee should ever ask for your password – bank policies generally prohibit them from doing so as a firing offense.

Think of someone asking for your password the same way you’d think about a stranger walking up to you on the street and saying “Hi, I’m with the village. I need your home address and your house keys.” No matter how friendly and professional looking, would you just give your keys to a stranger like that?

(...)
Read the rest of NEVER Give Out Your Password (293 words)

© Alan Miller/Fencepost Software & Consulting, 2009. All Rights Reserved. | Permalink & Comments
Post tags: Email, Free Services, Passwords, Phishing, Scams, Security