November 2009 – Absoblogginlutely!

Antivirus plus removal during Thanksgiving.

By Andy on Monday, November 30, 2009

It’s been a busy Thanksgiving weekend – I spent a lot of time on Thanksgiving working on a relative’s EEE netbook which had “problems”. That was about as technical as you get for the error report but on seeing the “windows security center” program that popped up on initial login I knew I was in for some fun.

The fake av software Antivirus plus was removed with the help of the BleepingComputer Antivirus plus removal guide but there were a few oddities in the process.

One of my favourite tools is a removable usb thumbdrive with a write protect switch so I can update the thumbdrive, set it to readonly and then use it on an infected pc without worrying about infecting my thumbdrive – incidentally I tried to find another one of these on Black Friday at Microcenter but was unable to do so. Anyway, prior to going to Thanksgiving dinner I updated my Ketarin Whatsmypass setup so I would have all of the av tools I needed (or so I thought)

Following the removal process I needed to download the rkill.com file which killed the virus process’ and malwarebytes was installed. I needed to download the random filename for malwarebytes and oddly enough the documentation doesn’t mention that if you download this on the infected pc then you are likely to kick off the antivirus plus program due to it’s hooks into ie that have not been cleaned up yet. I know this is common sense for the seasoned av cleaner, but newbies following the steps blindly may get reinfected during the process.

It would be really nice if malwarebytes would include the latest definitions as part of the install when you download the original file but I guess they don’t want to rebuild their setup program every night. After a bit of research today I’ve found that you can get the latest definition updates online so I’ll be updating the ketarin for that too.

After the virus was removed it was time to update the pc for windows updates. The first round was 72 windows patches. I couldn’t use my autopatcher/offline patcher cd as the eee pc did not come with an external drive so I had to wait about an hour to install them. After a reboot, there were another 34 to download – by this time my relative had to leave to drive home so I gave her instructions on what to do – the first two were to buy a router so her pc is not directly attached to the internet and to boot the machine up and leave it on overnight at least once a month for the windows updates to install.

Hopefully she’ll get used to firefox as her default browser 😉

The funny thing is I was asked how much they owed me for the work… I spent 5 hours (on and off) on the machine all told – they purchased it for $150. I know it would be hard to find it for that price again, but they could have purchased 2 of them and had change left if I had charged them the going rate.

As to the pc itself, this was my first exposure to the eee pc – I was pretty impressed. It wasn’t too slow (although the scan took forever) so would make a good portable pc for web browsing use. At this point I didn’t have my Chromium OS thumb drive or I’d have given that a go to see how Chromium performed on the machine.

Imagemaps (navigation) broken in IE8 – fix

By Andy on Tuesday, November 24, 2009

We rolled out IE8 to a customer earlier this week and promptly found their company website didn’t work in ie8 (despite some users having had IE8 for several months). An imagemap that they use for navigation did not show up in IE8 on internal computers. The weirdest thing is that all the computers at their office had the problem yet none of our computers or some other computers we tried could reproduce the problem.

After trying many technical solutions I passed it to our web developer who very quickly came up with a bug in ie8 and content produced by Publisher

“Publisher HTML output uses some very large numbers for object coordinates. This behavior has worked in the past. However, Internet Explorer 8 does not support such large coordinates. This is because some precision was moved from the most significant end to the least significant end of the coordinate variables to allow for sub-pixel layouts. Therefore, when large coordinate values in Publisher HTML output are run through Microsoft Dynamic HTML, the values are truncated. This behavior causes significant problems when Publisher HTML is rendered in Internet Explorer 8.”

Sure enough – saving the files within Publisher 2007 sp2 fixed the issue.

Bugs Utilities

Alternative to windirstat?

By Andy on Sunday, November 22, 2009

We’ve used windirstat for a long time when investigating why server or desktop hard drives suddenly fill up. It’s a very quick way of finding out who has just synched their ipod to the server network share. Earlier this week though we found that it was reporting a drive had 40gb used out of 115gb yet the OS was showing 2gb free. Obviously this is a rather large discrepency and was the second time we’d had windirstat not match the information that Windows was reporting. After a bit of digging around, I checked the volume shadow copy settings, set it back to a more reasonable 10gb instead of 99.2% of the disk and our free space went back to about 70gb in windows – now matching what windirstat was reporting.

So it looks like windirstat does not take into account files such as the VSS cache location.

So we’re looking around for an alternative – I’d really like it to be a standalone application – if you know of anything then please add something in the comments and I’ll add a new post with my preferred solution.

Bugs Exchange / Outlook exchange2007 Hotfixes Microsoft Work

Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later – fixed

By Andy on Tuesday, November 10, 2009

“Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later” occurs when trying to access out of office onwith outlook2007. The strange thing is that the out of office functionality through the Outlook Web Access page works as expected.
There are several documented ways to fix this, mainly ensuring that the various autodiscover urls are correct. See Proexchange.be – Your out of office settings cannot be displayed for the best document on this.
Interestingly is that if you enable debugging in outlook and try to access the Out of Office you do see the settings being pulled across in the logfile.

However I was still having this issue. From Microsoft forums on Exchange Server Clients I found that various patches to the dot net framework (oh how I hate thee) being discussed and http://support.microsoft.com/kb/952883 was the first patch that was discussed. Sure enough, installing this patch fixed the problem and what is more I didn’t even have to reboot.

The annoying thing is that the first time I had this problem (on this server) was due to a typo in the autodiscover service, then the .net framework patches were applied and the problem re-occured.

Blogging Wordpress

Lifestream functionality is now working properly.

By Andy on Sunday, November 8, 2009

I’ve been playing around with Lifestream over the past few months and now have it working properly. It seems that there was a clash with the plugin upgrade notifier and as that didn’t work anyway, I disabled it and now the cron jobs run successfully and update my lifestream page – that pulls together all the various updates from various internet sites and blogs that I make.

Backups Hosting

Geocities recovered at reocities.com

By Andy on Saturday, November 7, 2009

I’ve talked before about geocities closing down but now most of the geocities content (about 2million accounts) has been backed up and restored at reocities.com. The making of webpage makes interesting reading – the guy doing the mirror obviously has some serious network bandwidth and hard disk space available (although the latter is cheap nowadays!).

My old website is there at Hollywood/1880

Thanks to jmattheij for doing all the hard work.

Month: November 2009