jeffbrand.net

tagline in progress

New Look

After a couple years with the dark look, I’ve upgraded the site theme to a newer cleaner one called HelloSexy. It does a much better job of working with the syntax highlighting enhancements so code samples should look much better.


Cleaning Up After Fake Antivirus Attacks

Lately there’s been a rise of “Scareware” – bad software that appears with some convincing error messages. The problems found will go away, but only if you install their cleaning software for a reasonable fee – usually around $80. The problem is that the only bad software on the computer is the one proposing to help you.

Some particularly vicious infections go the extra mile and use convincing error messages and try to recreate symptoms of a hard drive failure. Removal is fairly straightforward: a combination of Malwarebytes and Microsoft Safety Scanner take care of the the offending files, but often the symptoms of the infection can remain.

Hidden Files

For example, after removing WindowsRecovery, SystemRecovery, UltraDefragger, WinHDD or other variations of the same malware, files may still be hidden. You can either unhide all files manually using the file properties dialog, or use Unhide.exe from BleepingComputer. They also offer a lot of details on the malware itself. To run the tool, they provide the following instructions:

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

The hard drive error malware also moves files from the Start menu and Desktop. Here’s a pretty good step-by-step walkthrough from SmartestComputing, including the link to the Unhide utility above.

In my experience with the malware, no removal instructions addressed restoration of the Desktop. The files were there and unhidden on the drive, but not visible on the Desktop itself. The fix I used came in the form of a .reg file from pcrisk.com. Look for “Download fix_desktop.reg”. The downloaded file makes changes to your system registry, so be sure to review and/or backup before running it and accepting the modifications to the Windows registry.

Windows Update Won’t Activate

The final issue, perhaps caused by other malware, caused problems with Windows Update. During the final cleanup stages, I noticed a red shield from the Windows Security Center telling me that Windows Updates were turned off. Clicking the button as instructed to resolve the condition resulted in an error message: The security center could not change your automatic updates settings.” The following solution has worked on two different systems.

Try registering the following:
Click Start, select Run and type:

regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 atl.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
Press enter after each one and wait for the success message.

Thanks to Tom Rafferty’s link to the original Google Groups article.

Hopefully, collecting these small fixes into one location will prove helpful. Know of better resources? Leave a comment.


McAfee Antivirus freezes while scanning ProPrWW.cab and/or ProPrWW2.cab

While working on a customer laptop, I ran into an issue very similar to the one detailed on McAfee’s Community Forums.

As user Bemused writes,

Hi Tony

Ran another manual scan tonight. Got stuck on two files but left it alone for a while and the scan completed fine – albeit taking longer than usual.

The two stoppages were:

After 1% this file:
C:\…\ProPrWW.cab

And after 41% this file:
C:\Users…\OWP65A6.tmp\ProPlusr.WW\ProPrWW2.cab

As I say I left the computer alone and it restarted the scan and finished with no issues/problems/viruses etc.

I am up to date with Windows and McAfee.

I have just installed Microsoft Office 2010 Professional Plus via Microsoft’s Home Use Program and I also installed the latest iTunes a couple of weeks back, so I expected the scan to take a bit longer due to the increase in files.

But I am now thinking the size of the Office files is maybe causing the lock-up. Does this sound feasible? I previously believed it was freezing permanently but the scheduled scan got to the end and now the manual scan has done the same once I left it alone.

I freely admit I may be being impatient and it just needs time to navigate the bigger files but I’d appreciate your feedback.

Thanks very much for your assistance

Bemused

After ruling out hardware issues and other infections, I realized that the file in question was located in a temporary file. After a quick disk cleanup in the C drive’s Tools section, I ran the scan again and it completed successfully.

Hopefully McAfee and Microsoft can collaborate and determine the precise cause. Until then, I hope this helps others who experience this problem.


The Twitter Firehouse In Action – Gauging the Automated Response

In case you thought no one read your tweets…

Following a tweet with a link that I posted earlier today, I checked my server logs to see what kind of response I got. I don’t have many followers.. the custom link shortening site gets little-to-no traffic.. it’s a sleepy Sunday and I don’t expect many people to be trolling for tech tweets.. So what did I find?

  • 2 HEAD requests: one from Twitterbot from an address inside of their data center, and another from Kosmix “Voyager”
  • 1 pair of requests from Google: A query to robots.txt to query indexing rules for the site, and another for the content.
  • 2 pairs of requests from Yahoo: Same pattern, robots.txt and then the actual content
  • 2 single requests from addresses owned by Microsoft.
  • 1 request from Topsy.com
  • 1 request from Tweetmemebot

All of these hits arrived within a few seconds of my post. In general, the requests made sense: HEAD requests ensure that the link exists, robots.txt verifies the site policies on crawling and indexing, and each service did a reasonable job of identifying themselves. However, the traffic from Microsoft was suspiciously generic, reporting a User-Agent string of “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0).”

As a fairly insignificant blip on the twitterscape, I find this traffic telling. The big boys – Google, Yahoo, Microsoft – are sensible customers for the Twitter Firehose and understandably want to grab all traffic whenever possible. I know very little about the others. I’m also curious about how the volume of the automated response changes with one’s reputation on Twitter. Specifically, what happens when a poster/post grows to a level that passes the filters governing the sampling stream API method, available to the average developer?

This is definitely a topic to revisit and explore in greater depth.