Absoblogginlutely!

Latest malware removals.

By Andy on Saturday, February 7, 2009

I had two pc’s given to me last weekend to fix various speed issues. Thankfully I had downloaded the AntiMalwareToolkit from Lunarsoft recently so I did a quick update which meant I had a lot of antivirus and antispyware tools with up to date definitions ready on a cd.
The first machine was pretty straightforward and just needed ad-aware removing and reinstalling to fix ad-aware crashing on bootup. At the same time I scanned for virus and was pleasantly surprised to see none on the machine. The combination of Norton 360, adaware and malwarebytes had done a good job. Norton was crippling the speed of the machine though and I had to disable Norton whilst I ran other diagnostics on the machine as it was just painfully slow whilst running.

The other machine was a whole other story. Norton AV2004 does not do a good job of keeping machines protected when the definitions were last updated in 2005, although I think you’d all agree that no other product would either! Running MalwareBytes detected 400 antivirus files ranging from vundo,trojans, spyware2009 and other infestations. My initial scan was run after booting the machine into safe mode – normal mode was unusable, taking 6 minutes to launch regedit after eventually managing to hit start/run and type in regedit.
The initial scan took over 8 hours to run. Unfortunately I had not cleaned out the temporary internet files on the machine – all 18gb of them! After the first scan completed I selected all the temporary internet files and deleted them. It took about 20 minutes for windows to finish the “preparing to delete” stage. I’m not sure what exactly it is doing, but it is incredibly annoying to hit delete, walk away from the computer and come back 20 minutes later to see it then popup and say “are you sure you want to delete these files?”. I could have deleted the files from a dos prompt but it was taking forever to do anything, so opening a dos prompt and then navigating would have been very painful.
So after 3 hours of deleting files, a reboot I did another scan. This time it took 2 hours. So the moral of the story is to delete temporary internet files first. Interestingly I later ran AdAware and that actually asked me if I wanted to delete these files before it did the scan.
The machine was now fairly responsive…..in safe mode, but still took forever to do anything in normal mode. Scans were coming up clean so the configuration was obviously still screwed up somewhere. I tried to uninstall symantec using their uninstall package but that just hung using no cpu usage so it was a hard reboot and I tried the Norton Removal Tool. The first time it would unpack the self extracting exe but do nothing after that.
At this point I came across a thread in software tips and tricks with the same symptoms of the machine running slowly and the start button being unavailable. This thread was started in 2004 so I was a bit pessimistic about the solution of running a reg cleaner (as most of them are not really worth bothering with). However several people had responded saying that the solution worked, with a couple of posts from Jan 2009 so I figured it was worth a try. I had never heard of the registry cleaner, but I had heard of Jv16 Powertools, so I downloaded RegSupreme and let it do it’s registry cleanup. I looked briefly through the results and could see nothing really unusual so I rebooted and was really surprised that the machine started to respond normally. I was then able to run the Norton Removal Tool and remove Norton from the machine completely.
I haven’t completely finished with the machine yet, but I’m nearly there. You may be wondering why I took so long on this machine. To be truthful, if it was mine I’d have wiped it straight away, but as the issues got harder to fix, my stubbornness and curiosity got the better and I needed to know how to fix the problem and retain the data on the machine. After all, formatting is the easy way out and one day I’ll have a machine that I MUST repair in order to get data and this experience will have given me some helpful experience and preparation for that day.

AntiVirus Symantec

64bit Symantec Antivirus does not update from Management Server

By Andy on Monday, February 2, 2009

Discovered that 64bit clients of Symantec Antivirus have to be set to get their updates from Symantec servers using LiveUpdate, not from the Management server (as you would normally set the configuration to be). This may involve creating a new management group in Symantec’s Administration console and setting the update to not use the parent server as per the screenshot below.

Backup BackupExec Symantec Windows 2008 Work

BackupExec 12 fails to LiveUpdate on Windows 2008

By Andy on Monday, February 2, 2009

When trying to run LiveUpdate from within BackupExec v12 running on Windows 2008 you may get the error message “To receive updates, Backup Exec must be registered with LiveUpdate. To automatically register now, Click Yes. If you choose not to register now, you will be prompted again when you click LiveUpdate.” The solution is to right click the BackupExec icon and run as Administrator. LiveUpdate will work.

Dell Work

Quick way to get BIOS information without rebooting

By Andy on Monday, January 19, 2009

If you want to get the BIOS version of a pc without rebooting or the Dell service tag then use the following useful command(s)
wmic bios >c:\temp\1.txt
notepad c:\temp\1.txt

The reason I pipe to 1.txt and then display in notepad is that the formatting looks all messed up in a dos prompt due to line wrapping but looks ok in notepad. The BIOS version and service tag will be displayed (among other things).
This beats my previous preferred method when doing remote support of going to Dell’s support site, going to warranty information and then loading their activex component to detect the hardware information.
Update: You do need to have admin rights to run this command.

Exchange / Outlook exchange2007 Microsoft ScreenCaptures Search Engines

-1056749164 when exporting a mailbox in Exchange 2007

By Andy on Saturday, January 17, 2009

Trying to export an Exchange2007 mailbox using the export-mailbox cmdlet I was getting the error message “Failed to copy messages to the destination mailbox store with error: MAPI or an unspecified service provider. ID no: 00000000-0000-00000000, error code: -1056749164”

A lot of the tips online suggested that I excluded the inbox folder, but that doesn’t help as I needed to export the entire mailbox as this was for a user who had left the company.

Microsoft has a kb article on this and states the problem is fixed with Rollup4 for Exchange, but I was already on Rollup5.

Thanks to kyBOSH on the Technet forums , it turns out that I needed to give my account FullAccess to the mailbox using the command “Add-mailboxpermission account -accessrights fullaccess -user myaccount” Obviously you need to replace account with the accountname of the user that is being exported and myaccount is the accountname that is doing the export.

Whilst searching for these results I discovered how bad Microsoft’s Live Search is.

The initial search for “-1056749164” on Technet came up with 619000 results (although when I reran it later it dropped to 512000!).

As the results were completely useless I expanded the search to the entire internet – this time the search returned zero results!

Photos Shopping

Sigma flash almost here….

By Andy on Saturday, January 17, 2009

The only downside with the various tracking systems that UPS,DHL and other companies provide is that they provide a tantalising glimpse into the fact that shipments are SOOOO close but not quite here! I purchased a flash for my camera and got notice from UPS that it arrived in Columbus yesterday evening but I have to wait until Monday before they attempt to deliver it. The weird thing is that I actually got the tracking information the day before UPS even had it in their online system.

Hyper-V Microsoft

Windows7 installs fast.

By Andy on Monday, January 12, 2009

I downloaded Windows7 as part of my technet plus subscription and got a few minutes to try the installation whilst listening to the Hyper-V deep dive training session this evening. The time taken to install from my iso image to a running installation was 31 minutes – thats VERY good going.

The client not surprisingly uses ie8 which was a bit of a pain for me. I use SGP for my online password management and that relies on the links bar within the browser. Now called the Favorites bar, for some reason this would not allow me to save the SGP bookmarklet in the bar – instead I had to add it to my favourites and then drag it into the bar afterwards.

It is too soon to make any more comments on it at the moment as it is time for bed, but so far it looks nice.

The one big plus is that Microsoft have FINALLY got the time zone problem fixed. Now they actually remember the timezone preference set during the installation and keep it afterwards rather than setting it to GMT-8 which theyhave been doing ever since Windows95!

I am getting some quirky things going on with my keyboard missing some characters, but I’m not sure if that is due to my bluetooth keyboard, ie8 or the fact I’m running in a hyper-v client where the parent server has been up for several days now.

Blogging MovableType Wordpress

Why I moved from MovableType to WordPress

By Andy on Monday, January 5, 2009

I was asked in the comments why I migrated from MovableType to WordPress. There were several reason why I decided to make the switch. The primary reason was the incredibly long time it would take to publish a post in MT. I could actually hit Post in MT, fire up a new web page, connect to my testing WP site, create a new post, enter the title, paste the content in, hit publish and then view the website. In the meantime MT would still be thinking about saving the original post.

The time taken to republish the site after a change such as a design change was so great that some of my older posts still had old styles as the republishing system would time out before it could complete the task.

One of the other things I really like about WordPress is the ease of upgrading the software to the latest version. Yes, WordPress has had more releases, but when it takes about 2 minutes to upgrade the system its really not a problem (especially now that there is an automatic upgrade function). MovableType has also just released a new security release which is one of the reasons why I made the switch *now*.

I was also hoping that the spam filtering would be better on WordPress than MovableType. I’ve had several idiots spamming the blog with russian comments in MovableType – they wouldn’t get through but I would have to go and delete them. In the one day that I’ve had WordPress up I think I’ve had more spam comments get through to the spam queue, but again it was easy to delete them all – a “select all” option and then delete, followed by an “all done” about 3 seconds later.

Themes in WordPress seem to be a lot cleaner and there are a lot more themes out there to pick from – MT’s selection was pretty small. This wasn’t that much of an issue to me as I was pretty pleased with my existing theme in MT (and have had it copied by a few people so it couldn’t have been that bad!)
The big concern about switching from MT to WP is typically due to the fact that WP is database driven and therefore doesn’t have any of the pages (by default) saved on the machine so if the database is down, then so is the website. This site doesn’t have that many visitors so I don’t see this as being that much of a problem and normally if the sql database is down, then its probably likely that the web server is going to be down too.

I’ve not looked at the various caching plugins as I doubt I’m going to need it, but it is nice to know this option is available. I may switch it on later once I’ve got the site up and running and I’m not making many design changes to it.

For those of you interested, I will also be posting my experience about the upgrade and some hints and tips – the existing WordPress migration documentation is in dire need of being updated!

Blogging MovableType Wordpress

Now using WordPress!

By Andy on Sunday, January 4, 2009

I was hoping to get the switch from MovableType to WordPress up and running for the 1st of January but I didn’t want to go live until I was ready and near a keyboard in case there was problem. I’ve spent several hours this weekend getting the layout and stuff ok to go live. For those of you using feed readers to see this, you probably won’t see much difference although I have added a few options to the feedburner feeds and also include my delicious saves now. Do stop by the main website and let me know what you think though. Any issues then let me know, most of the work and testing was done with firefox as that is what most of you use. There are a few cosmetic issues with internet explorer that I’ll work on over the next week or so.

I’ll also be posting some hints and tips on the migration steps too.

Wordpress

Wordcamp Columbus, Ohio.

By Andy on Monday, December 29, 2008

There’s finally a Wordcamp coming to Columbus, Ohio on the 16th May 2009. There’s not a lot of news on the Wordcamp Columbus blog at the moment but I’m sure that will change as the date gets closer. I’m looking forward to this, especially as I’ve just switched from MT to WordPress! This is in addition to the Podcamp Ohio in June 2009