-
Stupid is as stupid does
If you’re on my Facebook friends list you’ll have got this message over the weekend
Hello All
If you’ve had a weird message from me (other than this one!) today please delete it
I got the same message from a friend and while allowing my curiosity to get the better of me i managed to infect myself
Highly highly embarrassed
Feel free to message me with abuse
AndySo I thought I’d explain what I meant when I said I’d allowed my curiosity to get the better of me
On Saturday morning I got a message from a friend via Facebook. The English was terrible (the subject was – Gt you! Ha-ha, now watch and cr!) and the link certainly looked “dodgy”. I figured my friend had his PC compromised and it was sending messages from his Facebook account
It was the first time I’d seen this type of malware attack so I thought it might make an interesting blog post so followed the link
It took me to a page that looked like YouTube (if YouTube was broken!) and I got a message displayed telling me that my flash player needed updating and I was prompted to download a file
I downloaded the file and uploaded it to VirusTotal for analysis which then identified the file as being the “KoobFace” worm
Koobface.worm – McAfee
Win32.Worm.KoobFace.A – Bitdefender
W32.Koobface.A – Symantec
Koobface Family – CA
This was where I made a stupid mistake
In my attempt to select the file so I could delete it I inadvertently double-clicked the file and it ran
As you can imagine my language was colourful at this point
I got a message on screen
“Error installing Codec. Please contact support”
Using the information links above I managed to remove the main worm program and a browser add-in it had loaded to Internet Explorer (I’ve since flattened the machine and reloaded from a backup)
Unfortunately it had sent messages using my Facebook account by the time I’d cleaned up.
I didn’t know who exactly it had messaged hence the warning to everyone in my list
Highly highly embarrassing as there are a lot of IT pros in my friends list!
Some of you may be thinking,
“What was your anti-virus doing during all of this?”
Good question, but I’ve got a little confession
I’m not running any at the moment
Just before Vista was released, Jim Allchin (co-president of Microsoft’s platform division) was quoted as saying Vista’s increased security meant he wasn’t running any anti-virus on a PC his 7-year old uses at home (Techweb reported about it here – he changed his viewpoint slightly afterwards)
When I recently made the switch to Vista 64-bit as I was installing all my usual programs and thought it would be an interesting experiment to run without any anti-virus software (and blog about it here later!)
I’ve been running without any anti-virus since mid-July. I use some of the well known on-line scanners as well as some offline tools twice a week to check all is ok and until yesterday everything appears to have been fine
That said all the anti-virus software in the world can’t protect you from being stupid!
So what have I learnt from this debacle?
1) It may be a good time to end my experiment
2) I rarely allow websites to keep me signed in but Facebook had been an exception. I’ll be going back to how I usually run!
3) If you tell friends it’s ok to abuse you, then they will
As a side note it looks like Facebook have been doing some work too. When I now click on the original link Facebook blocks the page with a warning the site is dangerous
-
Installing Windows Live Writer on Vista 64-bit
I’m running Vista 64-bit so tried to install Live Writer a while back and got the following error
From what I’ve read it’s to do with the unified Live installer and not Live Writer
I’ve seen a couple of blog posts that mention if you can get the MSI file you can install it ok. Most of these posts had a link to a german site that has the file on it. I wasn’t too keen to download an MSI file from a site I knew nothing about so decided against that.
Another post suggested installing Live Writer on a 32-bit system and copy the MSI from there. I tried that and couldn’t find the MSI so that was scuppered
So I thought I’d try something obvious – what did I have to lose?
Download the installer file (WLInstaller.exe) from the Live Writer site, right click on the file and click properties then click the compatibility tab
Put the tick in the box to run in compatibility mode and click ok
![clip_image001[8]](http://parkesy.files.wordpress.com/2008/09/clip-image0018-thumb.png)
Then run the program as an administrator and it should work!
I’m posting this on my Vista 64-bit system from Live Writer so it worked for me!
-
Screensaver does start with a wireless mouse plugged in
Very strange one today
I took a call a few days ago from a client who “wasn’t asked for her password anymore when she’d been away from her desk”
My initial thought was that her screensaver had been disabled or the password option had been turned off
I logged in and everything was as I’d expected it be
I asked her when it had started happening and if anything had changed and she said she wasn’t sure but thinks it was about the time she got her new wireless mouse
I initially dismissed it and tried one or two other things with little success
I was on site today for another reason so thought I’d take another look
Turns out the screensaver wasn’t starting at all. Hence the reason why it wasn’t asking for a password
It did a quick search and I found this knowledge base article
The screen saver does not start after you install a wireless pointing device
Basically if your using a wireless mouse AND CyberLink PowerDVD or CyberLink PowerCinema it will stop the screensaver from starting
From what I can figure out it’s a piece of software that can used with a remote control so you can pause, rewind DVD’s
The software think the wireless mouse is the remote control so tries to communicate with it (the KB article itself is very vague as to WHY?)
Anyway there are two workarounds and a fix
Workaround 1: Stop the service from running
Workaround 2: Remove PowerDVD (drastic!)
Fix: Use windows update to install the latest “Microsoft HID Non-User Input Data Filter”
To to make sure this was the problem I used MSConfig to figure out which program is was (it was different to the one reported in the article) and I shut it down using Task Manager
After I’d done this the screensaver started ok..WHOOP!
Never seen anything like this before
Was also a spooky coincidence that the mouse she purchased was the exact same one I’ve just picked up to replace the ailing HP mouse that came with my PC
-
Missing Server Disk Space
Yesterday we got an alert from a client’s server that it was a running low on disk space.
This particular server has a data partition that is about 44GB but in the past they have never got anywhere near this much data
I logged onto the server and yes indeed they were pretty low on space. I did a bit of house keeping and deleted some old backup/image files on the server to free up about 7GB
While I was looking at the folders something didn’t quite add up
I selected all the folders and checked the properties and the size totaled to about 9GB.
Strange. The server was reporting 35GB had been used.
I’d come across a similar probably in the past where you have to allow for the space used by shadow copies but on checking this it was only using about 2GB…where had the other 25GB gone?
I’ve used TreeSize Free a couple of times in the past and this told the same story (just in a nice graphical fashion!)
So I did a bit of searching and found the DIRUSE utility and used the following
DIRUSE /s /m /, E:\ > c:\sizelog.txt
This gave me a text file with a complete a list of every folder on the partition with usage in megabytes with larger figures nicely separated by a comma
I was able to open the file in excel and sort by the file size with the largest at the top
I spotted a couple of subdirectories that were quite large where Treesize and Explorer had reported the containing folder as being quite small
The name of the folder gave it away for me: PROFILES
On this particular server each user has a roaming profile so they can log onto any PC in the office.
But the way this had been setup meant that as an administrator, by default I didn’t have permission to view those files…even to check the file size
When your logged on as an administrator DIRUSE gives you the file sizes regardless of permissions and surprise, surprise the profiles directory was 25GB
Looking down the list the it turns out that someone must of had this bright idea,
“I’ll install iTunes and rip some music to the PC, that way I can listen to music no matter which PC i’m on”
Then everyone else had caught on to the idea and the re-directed My Documents folders were full of MP3′s
There was a little while where this had me completely stumped and all sorts of ideas running through my head about file corruption and similar nightmares. Thankfully it wasn’t anything of the sort but i learnt all about a very useful command!
-
Action Pack Changes
Not that long ago Microsoft made changes to the way we got desktop operating system in the action pack. They moved to “non-oem” media and there was an awful lot of complaints at the time
Thankfully they have taken all the feedback on board and made some changes.
Check out the official line here.
We’ll be getting Vista Business (SP1), a copy of Vista Ultimate, a stack of “readiness resources” and some incentives for selling Vista SP1
Looks like Microsoft are going to use the launch of Service Pack 1 to give Vista a big push and it’s good they are listening to partner feedback
Big thanks to Dave Overton for taking time out of his weekend to share this information. His post on this is here
-
Running at higher DPI
A couple of days ago i spotted a blog post by Daniel Moth called 10 Tips on How to Setup Your Laptop before a Demo
10 pretty solid tips but what caught my eye was the second one.
“Run at (120) High DPI.Task Subject Start Date Reminder Time Due Date In Folder Categories
Expo Bespoke None None None Tasks To-Do I cannot stress this enough. If you are on Vista this requires a reboot but give it a try now and you’ll never look back (all icons suddenly come alive)”Since I’m so easily influenced
i decided to try it outIt wasn’t immediately obvious (to me anyway) where to do this but eventually i found it
Goto to control panel, select the personalization option (or just click start, and start to type personalization). On the left hand side of the windows, under tasks you’ll have an option “Adjust font size (DPI)”. You’ll need admin rights to change this
Change from the default setting of 96DPI to the larger 120 size and reboot your PC. You can set a custom setting if you want but i wouldn’t recommend it.
So why did i do this?
Well i’m firmly in the multiple monitor camp and consider it a serious fetish of mine where bigger and more is better! I’m currently running two 19 inch screens. I’d love to get a couple more screens and up the sizes to 22-24inch but money and office space are sort of stopping me at the moment.
I digress.
I’m running both screens at 1280 x 1024 so anything to make the most of those pixels is good in my eyes (pun not intended)
As daniel mentions in his blog the icons look great and a lot of text becomes much more readable. Outlook almost looks like a completely different app!
However, there is a downside which means i don’t quite agree when Daniel says “you’ll never look back”
The problem is that applications have to be “DPI aware” (as i understand it)
This means Outlook, Word, etc all look fine
Web browsing is a different matter.
I’m currently typing this in a form field on the wordpress site. The control itself must be DPI aware as the text it’s in the larger font size i’ve seen over the last few days. However the rest of the site is rendered normally. This means i have lots of small text in amongst larger text. If i visit the BBC website after reading some emails it throws the eyes slightly as your switching between the text sizes
Also some sites render “correctly” in the new large size as they must be DPI aware. This seems to throw the layout all over the place and sites don’t always display as expected.
Vista sidebar items also stays it’s normal size so my gadgets are tiny in comparison
I’m sure this will improve over time as screen sizes are getting bigger and prices are getting smaller so applications will need to be more intelligent
I decided to run in this mode for a couple of weeks as the stuff that does work, works really well so i might be happy to sacrifice the little annoyances
Note: Couple of good posts explaining this more
Nice visual demo of how it looks in different DPI settings here
Some screenshots of how to change the settings with some good developer information
-
Vista Service Pack 1 – installed
I don’t normally post about this sort of news as i haven’t exactly got the scoop on it and there is nothing worse than reading the same thing over and over again when your going through your feeds! But thought i’d post on this from a personal point view
So as i’ve mentioned above, i’m sure your aware Vista SP1 is available to download if you’re a technet or MSDN subscriber
I decided to go for it this afternoon and i can report the installation appeared to go smoothly. I ran the setup, let it do it’s thing and an hour later it reported a successful upgrade
I plan to upgrade the home systems over the weekend and i’ll report back in about a week with my experiences
I read here (and varous other places) that the SuperFetch data will get trashed on installation so in some situations performance may seem worse for a little while until it’s figured out your “habits”
I’ve got a performance issue with my home PC where the CPU gets pegged at 100% for about twenty minutes when i first turn the system on (task manager reports TrustedInstaller.exe, i understand this is to do with Windows Update) and i’m hoping the service pack will sort this out.
I’ve been running with the service pack in the office for a couple of hours now and it does seem more responsive but i haven’t given it my usual hammering yet so we’ll see how i get on over the next week
Have a good weekend!
-
Weird Printing Problem – Port Monitors
Just thought i’d quickly share this.
One of our clients has a couple of photocopiers they installed before we came on board.
We made sure that we had the information to connect to them when setting up new PC’s so we new what driver to use, which options to select, tray types, etc
Last week we put some new PCs so we setup the connections to the photocopiers
I got a call today to say that they couldn’t print to one of them
I logged in to have a look and when i sent a test page the job just sat in the queue doing nothing.
After i’d tried just about every avenue i started over and decided to think about the process.
I clicked the print option and the job is submitted to the spooler ok (i can see this in printer list and also in C:\Windows\system32\spool\printers where you can see the files appear)
So what should happen next is the print monitor on the PC should pick this up and communicate with the printer over the desired port (parallel, USB, TCP/IP). Since this was a network photocopier it was TCP/IP so went into the printer monitor settings (in the print driver, select the ports tab, click the port and then click CONFIGURE PORT)
I spotted something that normally i would have glossed straight over but as i was getting a little frustrated i was checking every single setting
RAW Settings, Port Number: 9100
This is the port on which the TCP/IP communication occurs between the PC and the printer. 9100 is the standard setting but i noticed on the existing PC it was 10001
I set this to the new value and it all started working
I don’t think I’ve every come across a printer that uses a non-standard port so that’s something I’ve learnt today
The second thing I’ve learnt is that it’s obvious test pages weren’t run off at the time of installation! Looks like there is a process hole to fix
-
KB929729 Windows Update Failure on Vista
I meant to blog about this at the time but forgot until i was just reminded about it
I was over at my parents house and my dad had been trying to run Windows Update.
He had one update that just wouldn’t install – KB929729 Security Update for .NET 1.1
I found a very helpful post by Peter Broomberg that pointed me in the right direction.
The steps you need to follow are:
1) Instead of using Windows Update, download the KB929729 package from here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EEA368D-7B82-4583-8537-30351718A4E9&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=281FB2CD-C715-4F05-A01F-0455D2D9EBFB&displaylang=en
Do not install yet.2) Run cleanup tool:
http://astebner.sts.winisp.net/Tools/dotnetfx_cleanup_tool.zipand select remove (cleanup) .NET Framework 1.1 from the dropdown list.
3) Download the .Net framework 1.1 redistributable package from here
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=262d25e3-f589-4842-8157-034d1e7cf3a3and install it.
4) Download the .Net Framework 1.1 Service Pack 1
https://www.microsoft.com/downloads/details.aspx?familyid=A8F5654F-088E-40B2-BBDB-A83353618B38&displaylang=en
and install it.5) Finally, launch the KB929729 installer and it will work:
As far as i can tell the problem is because of previous versions of the framework being installed
My dad got a Dell PC last year and was part of the Vista Express Upgrade programme
So the PC came installed with XP which was then upgraded to Vista
The problem is to do with 1.1 framework still hanging around after the upgrade.
I followed the steps and the his windows update looks much healthier now
Hope this helps!
-
Resetting Vista Offline Files
A little while back i posted about resetting the offline file cache in XP.
I had a comment left by Rick asking how to do this in Vista
After a little digging the initial answer is…..you can’t
Well not quite (just not as easily)…things like csccmd.exe don’t apply anymore as the offline files functionality has been overhauled in Vista.
Maniuplation of offline files can be done via WMI so expect to see lots of vbscripts pop up
A good place to start is the “Filing Cabinet” blog where there are a couple of WMI example scripts (here and here)
So anyway…reseting the cache….one of those Filing Cabinet posts talks about moving the cache location and mentions a FormatDatabase registry key
So after a bit of searching i found a kb article that suggests the following (do this at your own risk!)
“add the FormatDatabase registry entry to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Csc\Parameters
Then, set the FormatDatabase registry entry to 1.
The restart your computer”
It doesn’t mention if you need to reset the key back to 0 when your done
Will it reset the database after every reboot? or does the reset process change the entry for you? Need to check that out
The article wasn’t easy to find as it’s not specifically about resetting offline files but does talk about a corrupt offline cache
P.S Some other good Vista offline cache resources include:
Jonathan Hardwick and The Windows Vista blog
![clip_image001[8]](http://parkesy.files.wordpress.com/2008/09/clip-image0018.png)
![[This is a SBS Community blog you are reading. Are you subscribed to the Official SBS blog?]](http://www.sbslinks.com/images/sbsblogweb.jpg)
Recent Comments