(Fix) r3953724.cn Malware/Adware Redirections

Quick Fix: have a program named procmon.exe running (copy of notepad.exe) to disable malware temporarily. This should let you run searches & download fixes. This is only temporary while you clean the system. Read this post for more details and please let me know in comments if this does or does not work for you.

Update/Fix:

The system did indeed have a corrupted atapi.sys file as noted in the comments, though I did not end up using ComboFix to clean it – I was able to replace the file with the identically-sized but binary-different one from the most recent service pack (C:\Windows\ServicePackFiles\i386\atapi.sys) and have not seen the same problem recurring.

In addition, if you need to prevent it from redirecting while you download fixes, you may be able to simply copy notepad.exe (or another common executable) to the name procmon.exe and run that. Last night while I still had the infection active it did not seem to redirect while procmon was running under that name, possibly as a measure to avoid detection.

At this point (several days after initial infection, more than a week after initial reports in the wild) I suspect that many of the tools linked below are updated with definitions that cover this malware so you can probably get by with simply running updated versions of those.

Continue reading (Fix) r3953724.cn Malware/Adware Redirections

Fix for Outlook 2007 Trying to Load InfoPath (Error 1605)

Just ran into this situation after a client uninstalled & reinstalled Office 2007 Pro. When Outlook was opened, it complained twice about being unable to open InfoPath because it wasn’t installed.

I found multiple other complaints about this, but no solutions (though some suggested removing and reinstalling Office). A bit of digging with SysInternals’ Process Monitor, turned up mention of not finding the somewhat promising value “DisableInfopathForms,” so I took a stab and created the value as a DWORD under the location ProcMon was reporting. Setting the value to 1 cleared the problem on Outlook startup.

Continue reading Fix for Outlook 2007 Trying to Load InfoPath (Error 1605)

Winlogon.exe at 50% or 100% CPU (Fix)

There are apparently a variety of things that can cause the winlogon.exe process on Windows PCs to consume all available CPU, but I’ve found few references to this cause – corruption in Offline Files, even when Offline Files is disabled on the PC, on the server and on the domain (via Group Policy). Depending on the age of the PC, this will consume either 50% of the CPU (on newer dual-core systems) or 100% of the CPU (on older systems). This is the only non-malware winlogon.exe problem that I recall personally encountering.

Update: The original title & article indicated that this applied to Windows PCs on domains only, but Offline Files is available to non-domain PCs as well as long as Fast User Switching is not turned on.

Continue reading Winlogon.exe at 50% or 100% CPU (Fix)

SETPWRCG.EXE - Dell Power Management component

My antivirus reported an infected file (setpwrcg.exe) this morning, with a file date of 7/19/2004.

There were a few things that struck me as odd about this:

It didn’t seem like a randomly-generated name, Most viruses/worms don’t seem to bother to set their file dates, particularly not to 5 years ago, I haven’t been […]

NEVER Give Out Your Password

IF support staff for a service you are using need access to your account or information within it, they can get that access without needing your password. Nobody should be asking for your password.

This applies to email (e.g. Hotmail/Windows Live, Yahoo, Google and many others), social networking (Facebook, LinkedIn, MySpace, etc.), online photos (Flickr, etc.), and especially applies to your banking and finances. NO bank or financial services employee should ever ask for your password – bank policies generally prohibit them from doing so as a firing offense.

Think of someone asking for your password the same way you’d think about a stranger walking up to you on the street and saying “Hi, I’m with the village. I need your home address and your house keys.” No matter how friendly and professional looking, would you just give your keys to a stranger like that?

Continue reading NEVER Give Out Your Password