Fun with Viri!

First of all, I do know that the plural of virus is not viri, but that really is the fault of Merriam-Webster not me. As we know America doesn't actually have a regulatory agency to standardize the language like many other countries do, so in all fairness I am doing my part to advance the evolution of the English language.

Back to the viri, I was given the opportunity to treat an XP computer that "was running really slow." If no one has told you already, allow me to inform you that diagnostically that means absolutely nothing. Nothing. Once I started up the computer and logged in, I realized the problem almost immediately. The computer booted slower than the hardware should have (roughly 10min for a 2.8ghz Pentium 4 with 1gb of RAM) and never fully loaded some windows components. The layers of command prompts were just the icing on the cake for my diagnosis.

 Viruses.

The computer was running too slowly to remove the viruses normally due to the rampant amount of programs running at the same time, not to mention the fact that all of the security and restore recourses had been disabled by at least one of the viruses on the computer.

rundll32.exe not found

Services disabled

(To fix the rundll32 error, look at my last post with the same title.)

So there I was with very few options, where could I turn? Well, I turned to linux. In this case I used the linux based Avira Rescue System which essentially scans and removes all viruses it finds.

All that is necessary to use it is to
1)Download the CD image
2)Use a burning program(like ImgBurn)
3)Set your BIOS to boot to the CD drive
4)Plug it in and let it run

In my case I let it run for roughly 12 hours unsupervised (I am fairly sure it didn't need nearly that much time) and returned to it to find that it had removed 72000 instances of viruses. Most of them were copies of a trojan that had copied itself nearly everywhere, but there were probably over 15 separate infections.

Once the scanner finished, I rebooted the computer, removed the CD, and let it try for Windows once more. Faster this time, but some of the infections had not been caught by the linux scanner and all of the security that was disabled was just that, disabled. How did I know? More command prompt popups. So first things first, I uninstalled McAfee Security Center (which had not been updated in quite awhile) and installed Microsoft Security Essentials. Why Essentials? It is free and not too heavy. I ran a scan with MSE and found another 90 or so infections and was able to remove them. Rebooted. Most of the 90 stayed gone, but more still remained.

I ran msconfig from the run dialog.

And found under the startup tab somewhere around 1000 unintelligible entries with file paths that directed to the "C\Documents and Settings\User\Local Settings\Temp\" folder (which is a common hideout/infection point for viruses).

The computer almost crashed from removing all of the entries at once, but it came back, just barely. I then ran Piraform CCleaner to delete the temporary files and hopefully get rid of this last set. I scanned with MSE after the clean and it reported with no detections. Sadly, I trusted that little green checkmark loitering on the screen.

After a reboot, all looked fine and good. After scanning through for a moment, the foreboding command prompts reappeared. In case you don't know, whenever those command prompts appear, it means that in the background some program is running code, likely undoing work one has just completed. 

I was done with this. I restarted the computer in safe-mode (which worked well at this point) and both installed Malwarebytes and ran a quick scan. 26 more threats (including trojans, viruses, and adware) were detected and quarantined. Happy with myself, I rebooted the computer and ran a full scan. 36 more threats removed.

Now to fix the damage caused. During the infection process, the entire control panel had been consecutively unlinked from the programs that the icons represented and disabled administratively. Thanks to google I found Re-Enable which did exactly what I needed it to. Between Re-Enable, CCleaner(for deleting all of those pesky startup entries) and Malwarebytes everything was back to normal. Just to be sure, I copied the I386 folder to the C:\ drive and ran "sfc /scannow" which made sure that no other system files had been corrupted or deleted. Once that was done, I could move on to the next and final pass-through.

After that I simply ran Windows Update, updated, scanned one more time, and deemed this machine clean!

One computer down, 10000 botnets to go.

The Good, the Bad, and the Capacitors

Clint Eastwood and I have been good friends for a long time now. But by friends I just mean I decide to like his movies despite their critical response. Especially anything made before he started looking over 50, which doesn't cover too much of his acting career honestly. Anyhow, recently I have been working on a few computers to fix them up. The first would be my uncle's.

Abit NF-M2S V 1.0

His computer, once fought with, decided that it no longer wanted to boot past the windows loading screen. My uncle was having one issue or another, reached safe mode, attempted a system restore which then rendered the computer unbootable -- even to safe-mode. An attempt to repair with a windows disk resulted in consistent BSOD's with the error of UNMOUNTABLE_BOOT_VOLUME going into windows and another about INITIALIZATION when trying to get into the windows setup area. After eliminating the video card, hard drive, dvd drive, and power supply, I decided the motherboard was at fault.
I probably could have jumped to that had I been more confident in my analysis of the motherboard in the first place, but skipping steps is always a bad idea in computer troubleshooting. Anyhow, look closely at that picture again. Yes, the close up on the capacitors.

Bulging Caps beside the CPU

Discolored Cap by the PCI Express Slot

Notice the nice little bulge on the tops of some, and the fun discoloration on one of the others? That was our problem. Dead caps == bad data between the CPU and the hard drive. Bad data == corrupted date == no boot. With a new motherboard from Newegg.com (represent.) most of our issues were resolved.

New Motherboard Installed

A chkdsk run on the hard drive inside another working computer brought it back to booting, and after installing the motherboard driver, life returned!

Rundll32.exe not found!!??

Pretty much just how it sounds. I was working on a computer that had been infested with viri and the entire control panel was kaput. Every time I tried to open up a system app(cmd.exe, msconfig, help and support) I would get the "rundll32.exe not found" error. After fighting and fighting, I found a solution. It seems this is a registry issue, so I followed the instructions here to

Simply follow the bellow step... ur problem will be solved
Try it.Click Start, Run. Type command and press Enter. Type notepad and press Enter.Notepad opens. Copy all the text below into Notepad.
Code: Select allWindows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\exefile\shell\open\command]@="\"%1\" %*"


Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)Double Click fix.reg and click YES for confirm.Reboot your computer. 

Worked like a charm.

Victory Over Itunes (Or why Itunes skips podcasts in a playlist)

http://www.mariasguides.com/2006/09/26/podcast-playlists-no-longer-play-continuously/
Essentially here is the entire explanation of what I had to fight to search for and find, but hopefully it will help others.And Apple, there is nothing wrong with mixing podcasts with music. Period.

Wifi with the Dell e1505

So there I was, running a fresh install of Ubuntu 9.10 Karmic Koala on a nice little Dell laptop when I realized something. The wifi (BCM4311 chip) was not being found. First I checked the network settings, and tried to add a network manually and looked for toggles for the wifi as I saw the light was not on and the Bluetooth was. A quick google search lead me indirectly to This Site which stated the files needed to get it all working dandy. Strangely, the files he mentioned didn't exist on the hard drive install, so I ventured over to Synaptic, and lo, there were the three files.

1. /pool/main/p/patch/patch_2.5.9-5_i386.deb
2. /pool/main/d/dkms/dkms_2.1.0.1-0ubuntu1_all.deb
3. /pool/restricted/b/bcmwl/bcmwl-kernel-source_5.10.91.9+bdcom-0ubuntu4_i386.deb

I found each in synaptic, with only the last installed under a slightly different name, but the same version and type. I then installed the other two dependencies, and let her fly. Rebooted, went to System, Administration, Hardware Drivers, Ta-da! Just have to activate and it is good to go!

Windows Update Issues

Got an issue with Windows Update Installations? Best bet is a reinstall after a reboot. Updates don't redownload and fail again? Clear the update cache. How?

1. Open Command Prompt by Start -> Run and type "cmd"
2. On the Command Prompt, type "net stop wuauserv". This is done so that you will terminate the windows automatic update service to allow us to delete the cache files
3. Still on the Command Prompt, type "cd /d %windir%" or "cd\windows"
4. Type "rd /s SoftwareDistribution"
5. Thats it, the cache has been purged. Now we need to restart the windows automatic update service again. To do that, type "net start wuauserv"

Not hard, quite simple. What are you doing? Deleting the folder C:\Windows\SoftwareDistribution\, and making sure that the Update service is stopped. That's it. Good luck.

How to force HTTPS

I used to wonder why anyone would log in to Facebook, Myspace, or any of the other websites with personal information with HTTP. Every time I saw someone do it, I would let them know that with a simple packet sniffer just about anyone could read their messages, user and password, and plenty more that I'm sure that they would rather not show to the world. Sure, maybe that is a long shot to some of you that someone would be sniffing your traffic and even remotely care about what you are sending. Let me make it less of a long shot, from here on, think banking information and identity theft. Closer to home now? Most people either didn't know or didn't care it seemed. Well, after a stint on retyping HTTPS in the address bar every time I went to one of those sites, I realized that it was just simply a pain. Not the worst fate of all if Atlas is in the mix, but still, very agitating. Thus I began my search.After playing with some Firefox add-ons and some unsuccessful attempts at googling for the answer, I stumbled across the solution to my problem. NoScript. Really. I install this add-on every time I install Firefox for someone who won't get too messed up by it. And now I find that it is the response to one of my newest pet peeves. Awesome. Okay, so how do you do this? It's not too bad. Just right click the NoScript icon, go to options, then click on the Advanced tab, and then the HTTPS tab. Type in the websites that you would like to force HTTPS and those that you want to force HTTP. Easy. Done. That is all. Oh, quick note, don't force HTTPS for a site that doesn't have it. According to my in-depth Google search, that could lead to a bad un-ending loop. Just FYI.

Source:http://noscript.net/features