Friday, December 30, 2011

Death match me vs XP Antispyware 2012

Recently received computer that was previously infected with some strain of XP Antispyware 2012.

Ok, set, fight!

1. Computer was previously infected with the above said virus and previous user had made all sort of attempts to fix it - probably not good things.
2. Avast had been the first sentry on duty and was completely mutilated by virus.
3. Malwarebytes, second sentry on duty - dead as a door nail.
4. Windows Firewall - third sentry also disabled by virus.
5. TCP/IP stack corrupted.
6. Blue Screens.
7. No Window Updates functional.

My turn:
1. Follow Bleeping Computer web site steps: virus-removal of xp-antispyware-2012
2. After I did the above, I was still not satisfied because I could run Malwarebytes in Safe mode, and it found one Trojan, but just did not feel it was good enough.  So I took the drive out of the PC, plugged into my laptop with especial adapter that allows me to connect SATA drives as USB, and proceeded to scan with Malwarebytes, but lo and behold, my Microsoft Security Essentials found 8 viruses just by plugging it in and removed the viruses.  I still finished scanning with Malwarebytes - came clean.  Scanned again with two more scanners.  All clean.
3. So I put the drive back in but even though I felt it was not infected, it was still corrupted.
4. Chkdsk fixed some more files.
5. TCP/IP stack was corrupted, and you could not get the PC on the network.  Also Windows Repair was not working, so I followed these steps:
a. Locate the Nettcpip.inf file in %winroot%\inf, and then open the file in Notepad.
b. Locate the [MS_TCPIP.PrimaryInstall] section.
c. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.
d. Save the file, and then exit Notepad.
e. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
f. On the General tab, click Install, select Protocol, and then click Add.
g. In the Select Network Protocols window, click Have Disk.
h. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.
i. Select Internet Protocol (TCP/IP), and then click OK.
Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.
j. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
k. Restart
Succesfull uninstallation of TCP/IP will remove numerous keys from the registry including:
These represent various interconnected and interdependant services.
For good measure you should delete the following keys before reinstalling TCP/IP in step #2:
Step #2
Reinstall of TCP/IP
Following the above substep #3, replace the 0×80 back to 0xa0, this will eliminate the related “unsigned driver” error that was encountered during the uninstallation phase.
Return to “local area connection”> properties > general tab > install > Protocol > TCP/IP
You may receive an “Extended Error” failure upon trying to reinstall the TCP/IP, this is related to the installer sub-system conflicting with the security database status.
To check the integrity of the security database
esentutl /g c:\windows\security\Database\secedit.sdb
There may be a message saying database is out of date
First try the recovery option
esentutl /r c:\windows\security\Database\secedit.sdb
If this don’t work for you, you needthe repair option
esentutl /p c:\windows\security\Database\secedit.sdb
Rerun the /g option to ensure that integrity is good and database is up to date.
Now return to the “local area network setup”
Choose install > protocol > TCP/IP and try again

Please see: Smokey's Security Web Log for a reference
6. Awesome, now I had network access again, but still had some blue screen issues so I had to reboot into safe mode and what I noticed was that Avast was still trying to load, so I uninstalled Avast and rebooted into normal mode.
7. I disabled all add-on toolbars in Explorer, and I also made sure that I looked for all residue Regentries and files left over by the virus these you can find on the clean up instructions of the Bleeping computer step by step.  I did not find reg keys, but did find a bunch of suspicious files lurking in the profile folders.
8. Now the Firewall worked so I disabled all exceptions.
9. Also could not run windows update, so after a couple of failed attempts, this finally worked (error was 0x80070424):
a. turned on the service Background Intelligent Service
b. regsvr32 wuaueng.dll
10. Pulled a bunch of updates from Microsoft - Including service pack 3 even though it was a service pack three version of XP - so a lot was corrupted on it.  Also made sure the video driver was updated also.
11. Re-installed Malwarebytes - ran scan good!
12. I had installed as part of the Windows Updates, Windows Defender - ran scan - clean!

This was a great match which I was not defeated.  I have had many a fight this year with viruses, and so far I am 100% victorious.  So I had to as part of my last Blog Entry of 2011, write something about it. Go to love it :)


Tuesday, December 27, 2011

Data Backup for normal humans and other lesser beings

You know I like to blog about tech things; especially about "how to go about doing certain tech things;" but sometimes I am willing to just pass on what others have written in the spirit of sharing.  And now, I have passed on a few of the blog entries from Jeremy because he writes really well.  I have his book and I think it is a must for any Windows Administrator.  No, he is not giving me any kickbacks, but he should :)

He recently wrote an article about how to backup your home data which I thought was excellent advise.  I got to admit, that even I as a techie do not do all 8 steps; but I want to thank him for a reminder that I also need to beef up my home backup strategy a bit.  This is at the top of my tech things to do in 2012.

Here is the link.  Pass this on to anyone in your family and friends, not as Spam, but as a gift.  Jeremy recommends you print it out, which, if you think about it, it would probably be more effective as many emails make for easier discarding.

8 Things you need to do to keep your data safe. 


Wednesday, December 21, 2011

Problems installin Lync Office 365

I have not had this problem but thought I would pass on a possible work around in case anybody runs into it.  Got tip from Jeremy over at -