In February 2012, after 3 years of establishing our business in Dundalk, our Dundalk only workshop business has been sought out and acquired by Image IT Group from Drogheda.

I rebooted a few times.  System was fine until about 1 minute after I opened Outlook.  My PC is also the host for our database so I had to be careful.  There’s no wipe and reload option due to time stamps and BCM 2007 file creation dates.  Mid 2008 we had a melt down and after a full restore we discovered that all customer profile dates was set to the date of the restore and there was no way to recover their originate date of creation to see when a customer had first joined us…  Anyhooo….

Rather then spending ages I decided to launch Acronis and roll back a few times (I have a nightly drive image which is a snap shot of my C Drive).  Strangely after going back a week there was no change.  I didn’t want to go back too far as others had mentioned using my PC and the database in the preceding few days and everything was fine.  I considered going back another week or more in a few jumps (bearing in mind the database would also be rolled back with all recent entries erased so I’d have to roll forward again once I found a solution (a bit like Back To The Future but less exciting even though my CoolerMaster case does look a bit like a DeLorean).  I decided to hold off for the desperation to set in and see if I could diagnose the properly in case it ever arose again.  I had a few days to play with before things got busy for me.

So, I researched and tested, and CTRL-ALT-DEL’d and End-Task’ed to my hearts content.  Basically, using the Task Manager in XP Pro (and most versions of windows) you can go into processes and see what’s hogging the systems resources.  Outlook.exe was fine for about 60 seconds but almost to the second would kick up in 3 or 4 jumps to 99% and the system would slow to a CRAWL.  Clicking repeatedly over and back between Task Manager and Outlook give it a little freedom to process what you clicked on, as when you clicked on something outside of Outlook it was de-prioritised in Windows and therefore was being forced back down the priority list which freed up a little processor time for the next click.

I tried all the following:

Outlook /safe (outlook safe mode) = no change

Ran the Office Diagnostics = no change, nothing wrong

ScanPST.exe = (Should be on your hard drive (Use Search Everything to find it and everything else)) found 4 errors but after backing up and repairing there was no change, but it did indicate a .PST file problem

Disabled all Plugins = No Change

Disabled Spell Checking and Grammar = no change

Disabled AVG scanning & plugin = no

Checked for any relevant updates = no change

I edited Outlook registry entries = no change

I removed all the personalisation files = no change

I disabled all the 10 email accounts I use on this system = no change

I removed the PST file and created a new empty one = SUCCESS – Hurrah!  Kinda…

All I had to do now was fix my own…

I followed every tip and trick and patch and update and anything I could find online to see if it worked as I could always roll back to last night erasing all the rubbish attempts and only implement the final working fix.  Lots of other people had success with many of the above options so you can google them if you’re not sure how to follow them.  But my own personal Outlook 2007 Purgatory was solved as follows.

I created a Virtual Machine and loaded up Windows XP Mode.  I installed a clean copy of Office 2007.  Backing up at every step I copied the PST file from my failing setup to the new virtual environment expecting it to be bogged down as per my PC.  However my PST file worked fine in this new setup.  Aaargh!  Didn’t make sense.

Remove the PST file from my other one and it works indicating my PST file.

Copy in my PST file to a clean environment and it works.

Problem = conflict between my existing PST file which worked fine for the last 3 or four years on my solid system running my up till now solid Outlook and BCM.

Solutions = start hacking away at the PST file.

Bear in mind that every click took a painstaking 1 to 2 minutes to respond and you can imagine my agony at this.  I was also on my 19th hour dedicated to attempting to repair it outside of office hours as I couldn’t be interfering with our database entries which happen all through the day.  I guessed it was something that happened in the last 14 to 21 days and it appeared to be within my PST file…

So I repaired it again via ScanPST and if fixed a few more bugs = no change.

I opened it parallel to the new clean PST file as a secondary file = system worked as long as my PST file wasn’t the primary file

I dumped the clean PST file and put mine back as primary = no change

I copied my PST file to a backup folder and deleted my entire current inbox with over 200 new emails (could be a virus maybe?  Or a currupt link or exploit).  Quit and restarted =  no change

I hacked out my entire folder structure of emails (over a gig of my 1.3gb PST file) and quit / restarted = no change

I emptied the Deleted folder = no change

I emptied the sent folder = IT WORKED!!!!!!!!!!!!

Finally.  It was something in the sent folder.  Unbelievable.

I restored a good copy of the PST file and dumped the Inbox, archive and sent folder = it worked

I resorted last nights backup, backed up the PST file and dumped the inbox, archive and sent folder = it still worked!  But had no emails in there!

However, I needed my inbox, my archive and some of my sent emails for reference.  All of the first two and the last 6 months of sent mails would be enough.  I compacted my ran ScanPST, suprise suprise a few more errors found.  I compacted my PST file which took ages to get the first few hundred meg down (since it was now practically empty bar contacts, reminders, etc.) I renamed a good backup of the untouched PST file and loaded it parallel to my working PST file.  I copied the Inbox over (working), the archive over (working) and the sent folder over (just to see) and it broke it.  So I considered leaving the primary PST file with Inbox and archive and the second PST running parallel with just the sent folder and everything else removed but it was too untidy.  Who knows what that would cause in the future (bubonic plague to my database maybe?).

So I copied from one month back to six months back into my  and it worked.

THE END.

That’s it.

Go away.

Why are you still reading, there’s your fix.  Did you want to know what email broke it?  I have to admit, I was curious.  Since it came into my inbox and allowed me to open it in the first place.  Then it allowed me to edit it and send it to someone else.  Before it turned on me and decided some days later that it would screw with my system.  But no, 22 hours was enough of my life wasted on the latest MS bug.  I decided against restoring my last 3 weeks of sent emails one at a time (only about 300 since it’s off peak time) to see exactly which one broke it.  I’m happy enough that the solution was finally uncovered and I was free to enjoy the thrills of Outlook 2007 with it’s glorious idiosyncrosasies!

And that really is the end.  Although I’d still love to know which email broke it…  Still life has few remaining mysteries these day!

]]> http://www.evolveonline.ie/timetoevolve/?feed=rss2&p=917 0 http://www.evolveonline.ie/timetoevolve/?p=912 http://www.evolveonline.ie/timetoevolve/?p=912#comments Thu, 21 Jul 2011 11:49:08 +0000 e:volve http://www.evolveonline.ie/timetoevolve/?p=912

Google has begun issuing warnings to millions of people that their PC has been infected with a virus.

The malicious code pipes browser traffic through sites that promote the scammers’ wares which include fake security programs.

Those hit by the virus will be warned with a message that will appear at the top of searches carried out via Google.

The search firm estimates that more than two million people have been hit by the infection.

Stolen traffic

Google uncovered the huge number of infected machines while doing routine maintenance on a data centre.

During maintenance, Google servers get taken offline and typically this means search traffic for that cluster of machines dries up.

However, wrote Damian Menscher on the official Google blog, switching off one cluster did not stop all traffic.

Investigation revealed that the traffic was being generated by a virus on perhaps a million Windows machines. The virus bounced packets of data off the net address of the Google servers to find out if they were online.

“The malware appears to have gotten onto users’ computers from one of roughly a hundred variants of fake anti-virus, or ‘fake AV’ software that has been in circulation for a while,” wrote Mr Menscher.

The main effect of the virus seems to be to funnel search requests through intermediate sites that promote fake security programs and other scams.

Google will be putting a warning at the top of search results seen by people with a machine known to have bounced data off the Google servers. The warning contains a link to advice pages that help people update their anti-virus and clean up their PC.

So far, said Google, it has warned “hundreds of thousands” of users and expects to notify many more.

I won’t bore you with the details but after realising that the backed up Dell drivers on the hdd didn’t work, we searched the Dell website here, and countless other websites for the drivers for this device. We spent quite a few hours trying to forcibly add or coax the laptop into accepting the ‘correct’ drivers.

The problem was, the drivers on the hard drive and the drivers on the website are the wrong drivers. To correct that statement, some of the drivers worked (chipset, audio, WIFI and a couple of others inc PCMCIA (Generic CardBus, auto-installed with chipset I think), but the sticklers were VGA, LAN & O2Micro SmartCardBus_Reader.

Much searching later I decided to fall back on an old reliable tool, the Unknown Device Identifier. A good piece of software unlike all those bogus apps out there like Drive Detective etc. I wish I’d ran it earlier. It pointed out that the VGA driver wasn’t an embedded Intel chip but a Mobility Radeon 9000 (driver works after a reboot), the LAN was a Broadcom 5702 Gigabit, and the O2Micro, well it didn’t lead me directly to the solution for it but I found it after a short search based on info it provided.

So, for anyone else in an Inspiron 500m Driver Dilemma, here’s all you need to know:

ATI Radeon Mobility 900 Driver Link
Broadcom 5702 Drivers Link
Audio, Chipset & MousePad Drivers were here

The troublesome O2Micro device was definitely linked to Generic Card Bus (installed twice under PCMCIA) but wouldn’t pick up any drivers. Unknown Device Identifier showed it as ok even though it had an exclamation mark (!).   So armed with the model no I set off searching for a generic piece of software which I eventually found here.

The actual download link.
And the parent link from CNET (which I was sure I visited earlier and it gave me nothing worth using).

And finally my headache was gone.  Leave a message if this helped you.  No registering or login required.

It’s time to e:volve.

More than four million PCs have been enrolled in a botnet security experts say is almost “indestructible”.

The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down.

Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.

Security researchers said recent botnet shutdowns had made TDL’s controllers harden it against investigation.

The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.

The changes introduced in TDL-4 made it the “most sophisticated threat today,” wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.

“The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies,” wrote the researchers.

Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec.

A botnet is a network of computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims’ PCs or use the machines to send out spam or carry out other attacks.

The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files.

The virus installs itself in a system file known as the master boot record. This holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.

The biggest proportion of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.

However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down.

The makers of TDL-4 have cooked up their own encryption system to protect communication between those controlling the botnet. This makes it hard to do any significant analysis of traffic between hijacked PCs and the botnet’s controllers.

In addition, TDL-4 sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines.

“For all intents and purposes, [TDL-4] is very tough to remove,” said Joe Stewart, director of malware research at Dell SecureWorks “It’s definitely one of the most sophisticated botnets out there.”

However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.

RANT:

Here’s a question for all the good FaceBook-ers of Dundalk, Co. Louth & Cootehill CO. Cavan…

Just how much is Facebook going to be worth by the time it eventually IPOs (goes public)? Who knows?

If we take recent movements we can still come up with any number we like:

“As for the valuation spurts, Facebook was said to be worth $23bn in June 2010, nearly as much as UK retail monster Tesco at $50bn in January this year, and was then plumped up to a $60bn golden goose in February,” noted The Register’s Kelly Fiveash earlier this week.

Add $10bn a month for a year and we’re racing through $170bn in January 2012. Add 20 per cent a month and Facebook becomes one of the most valuable companies in the world at $450bn and rising. Clearly ridiculous, as Felix Salmon has been pointing out for some time now.

Think back to the dot com boom and yes, there was indeed a Google that came out of it. As well as an Amazon, eBay, Pets.com, Webvan and numerous other now happily forgotten names. For this is what bubbles do: produce a plethora of wannabes before the rather brutal culling down to that femtopercentage that weren’t complete lunacy in the first place. Salmon makes the point that yes, we do want to value all those wanna- and would-bes as if one or two of them was going to become a Google or an Amazon – but we really don’t want to be valuing all of them as if all them them are going to be.

Which is why there are more than a few raised eyebrows out there about Pandora’s recent IPO. A couple of $ billion for an internet radio station? OK, sure, people will like to listen to music, sure, advertising spots and rates could rise but, umm, where’s the lock-in? There’s not even an obvious set of economies of scale: Pandora’s major cost is royalties and those get charged not per-play but per-person-per-play.

Is LinkedIn really worth whatever vast number of spondoolies the market says it is today? Well, yes, of course, because things in markets are worth what markets say they are worth, but beyond that? There are mutterings that they might be able to use that network (for they do at least have a network effect working for them) to get into the recruitment business but it’s a lot to be valuing a possibility at.

Groupon, the “fastest growing company in the history of capitalism”, is internally valued at $30bn last I saw. More by the time it IPOs, obviously: but is flogging coupons in the USA really, even at 50 per cent margins, going to remain a high growth high margin business? It’s not even that this is a new business: margins didn’t stay high in newspaper coupons even back when they really were delivered to every home in the country.

It’s a fair old bet that at least some of this is going to end in tears: unfortunately, knowing which bit is going to be a little more difficult.

But then that is the way with booms and bubbles in investment markets and one of the reasons given at times as to why markets are so bad at allocating investment. We’ve centuries of evidence to look at: not just the dot bomb that most (Many? Some? Just how old are you guys anyway?) here will remember from personal experience but secondary banking before that, car companies before that, railways, canals and all the way back to Thales cornering the olive presses in Miletus. Huge over-investment, precious capital sprayed all around at anyone with a half-plausible idea and most of it wasted. Surely it would be better for such things to be planned, for the wise bureaucrat to organise this for us?

That has also been tried and strangely the results seem not to be as good as those from these splurges. Yes, fortunes were lost building the canals, most of the railway companies went bust at one time or another. Dotcommery brought us such delights as Global Crossing (just, finally, RIP’d) which was going to build a whole new fibre-optic backbone. But here’s the thing. The investors in all of those projects lost most/all their money. Capital was undoubtedly wasted. If it had all been spent sensibly we probably would now be better off.
Yet define “sensibly” before we know what we’re going to do with the infrastructure that results? The railways really started as a way to get coal to people (it’s one of the defining characteristics of the English railways boom, that delivered coal prices slumped along each newly completed line) but much to the capitalists’ surprise they really made their money by providing cheap transport to the working man. The railways were the reason for the invention of the day trip and commuting. Before the building of the lines, no one had any clue that this was where the money was going to be. Indeed, it took some of them a couple of decades (and a bankruptcy or two) before they got it.

Global Crossing was a disaster for anyone who put money into it and held on: yet the growth of things like YouTube (for whatever benefit that might have, little perhaps) was in part based upon all those thousands of miles of dark or light but hardly used fibre that had been laid in that orgy of let’s piss away the shareholders’ money.

And that’s the little secret about infrastructure that is so little understood. It is not true that having infrastructure makes us or the society richer. It is rather that using it does. And we usually don’t know how to use it until someone has gone and built a lot of it, people do that curious shaved monkey thing of experimenting with it and then we all find out. This is true of most inventions: it has been said that the biggest social change that the Model T brought was that women were less likely to be virgins at marriage. People worked out what to use the back seats for pretty quickly. The bicycle has been called the greatest contribution to the health of the working classes ever: it allowed courting outside the home village for the first time (amazing how inventions and sex seem to go together, eh? The first social network, Friends Reunited, is said to have caused a bubble in the divorce rate) to the benefit of the next generations’ genes.

So these bubbles, they’re not all bad. They provide an excess of whatever it is, which we then play with until we’ve worked out what to do with it. What we do with it is what allows the advance in wealth, even if those who built it for us have gone bust.

Back to Facebook though, and those projections of its future worth. One story says that in the rich world Facebook’s number-growth has stopped, even gone into reverse. Hot growth stocks that aren’t growing tend to be valued, as ex-hot growth stocks, not all that highly. And there’s even a law change possible in the US that means that Facebook won’t have to go public at all.

All of which means that not only do I not know what Facebook will be worth at IPO, I don’t even know whether there will be a Facebook IPO. Which is exactly what your stockbroker will tell you (only more expensively).

This kind of software is also known as “Fake Antivirus” or “rogue security software.” Cybercriminals use it to scare people into downloading more malicious software onto their computer or pay for a fake product. For more information, see Watch out for fake virus alerts.

Here are examples of the graphics used by cybercriminals trick you into downloading their security software.

The Security Intelligence Report features a video that explains how one popular piece of fake software works and how you can get rid of it. To watch the video:

Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

• Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
• Take control of your computer remotely and adjust settings to leave your computer vulnerable.
• Request credit card information so they can bill you for phony services.
• Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Telephone tech support scams: What you need to know

Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you’re using.

Once they’ve gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Do not trust unsolicited calls. Do not provide any personal information.

Here are some of the organizations that cybercriminals claim to be from:

• Windows Helpdesk
• Windows Service Center
• Microsoft Tech Support
• Microsoft Support
• Windows Technical Department Support Group
• Microsoft Research and Development Team (Microsoft R & D Team)

Report phone scams

Contact your local authorities.

How to protect yourself from telephone tech support scams

If someone claiming to be from Microsoft tech support calls you:

• Do not purchase any software or services.
• Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
• Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
• Take the caller’s information down and immediately report it to your local authorities.
• Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.

What to do if you already gave information to a tech support person

If you think that you might have downloaded malware from a phone tech support scam website or allowed a cybercriminal to access your computer, take these steps:

• Change your computer’s password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
• Scan your computer with a good Internet Security package such as AVG Internet Security to find out if you have malware installed on your computer.
• Contact e:volve

Will Microsoft ever call me?

There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

More information

For more information about how to recognize a phishing scam, see Avoid scams that use the Microsoft name fraudulently.

Sometimes, after extended periods of time when a computer which is a member of an Active Directory domain was taken offline and then brought online, or when some sort of cloning or imaging method or even a virtualization software snapshot mechanism was used on a domain member, you may get an error similar to this:

Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance.

No matter what you do, you will not be able to log on to the computer by using a domain account. The only possible solution for logging on could be to use a local user account.

Note: In most cases, unless this has been specifically disabled by the administrator, you may be able to log on using a domain user account if you disconnect the network cable from the computer. This will only work if you’re using a user account that has successfully logged on to that computer in the past, and again, unless it has been specifically disabled by the administrator.

Note: If you’ve used a cloning software and cloned a computer that was a member of a domain you should know 2 things:

1. Cloning a domain member doesn’t always work.
2. Never clone a Windows-based computer that is supposed to operate in an Active Directory domain and/or on any type of network, without properly using SYSPREP on the computer PRIOR to cloning it.

After logging on you may see some or all of the following events in the Event Viewer.

NETLOGON 3210This computer could not authenticate with \\WIN2003-SRV1.yourdomain.local, a Windows domain controller for domain your domain, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

LSASRV 40961

The Security System could not establish a secured connection with the server cifs/WIN2003-SRV1.yourdomain.local.  No authentication protocol was available.

W32Time 18

The time provider NtpClient failed to establish a trust relationship between this computer and the yourdomain.local domain in order to securely synchronize time. NtpClient will try again in 15 minutes. The error was: The trust relationship between this workstation and the primary domain failed. (0×800706FD)

And possibly others.

So why does this error happen?

The short story is that somehow there is a computer account password mismatch. The Windows-based domain member thinks that its machine account password is something X, while the domain controller believes it to be something Y. Because of this, the computer cannot authenticate itself to the domain controller(s), and thus you get this error.

How do I fix this error?

Well, there are basically 2 methods of fixing it.  We’re going to look at the first here.

Method #1 – Using the GUI

This method may be the easiest one to perform, and it requires a double reboot of the client computer.

Note that the following screenshots are taken on a Windows XP Pro machine, but other Microsoft-based operating systems are pretty much similar.

1. Right-click My Computer (or simply Computer in the Start menu, depending on your version of OS), select Properties.

2. In the Computer Name tab, click on the Change button. Then change the Member of option from the AD domain to a Workgroup.

3. Enter a workgroup name. Any name. Press Ok.

4. You’ll be prompted to enter the credentials of a user with administrative rights.

5. You’ll get a confirmation message.

6. You’ll need to reboot the computer.

After rebooting, you need to login locally to the computer, and join it to the domain. Basically, same procedure as above, but if you feel you don’t remember the exact steps please read  Joining a Domain in Windows XP Pro and/or Joining a Domain in Windows 7 articles.

Hundreds of people who installed the software have turned to Apple’s forums for help to remove it.

The program’s tactic of peppering screens with pornographic pictures has made many keen to get rid of it.

MACDefender seems to have been successful because of the work its creators did to make it appear high up in search results.

The number of people seeking help was uncovered by ZDNet journalist Ed Bott. In a blog post, he wrote about finding more than 200 separate discussions on Apple’s official forums about MACDefender.

The volume of reports about the problem was “exceptional” in his experience, he said.

The fake Mac anti-virus software, which goes by the name of both MACDefender and Mac Security, began circulating in early May and has steadily racked up victims.

Such programs, often called scareware, urge people to install software that then pretends to scan a machine for security problems. It then fabricates a list of threats it has found and asks for cash before it will fix these non-existent problems.

Graham Cluley, senior technology consultant at Sophos, said the scareware’s creators had turned to search engines to get the program in front of potential victims by linking it with innocuous phrases such as “Mother’s Day”.

“You search for something on Google Images, and when you click on an image you are taken to a webpage which serves up the attack – regardless of whether you are running Mac OS X or Windows,” he said.

One trick the software uses to make people cough up cash quicker was to fire up the browser of unattended machines and call up one of several different pornographic websites.

Mr Cluley said the vast majority of malware that Sophos and other security firms see is aimed at Windows users. About 100,000 novel malicious programs for Windows are detected every day, he said.

“Although there is much less malware in existence for Mac OS X than there is for Windows, that’s no reason to put your head in the sand and think that there are no Mac threats out there,” he said.