Network Tools
Instructions and command line tool references to diagnose DNS problems, etc.
Friday, November 26, 2004
Monday, November 22, 2004
Spyware removal tools - ArsTechnica Dsicussion Posting
Spyware removal tools - Topic Powered by Infopop: "I have to deal with this crap every day. I have made up a CD with all the good programs and do them in a certain order.
Posting by Derek Nicolette, November 22, 2004:
I have to deal with this crap every day. I have made up a CD with all the good programs and do them in a certain order.
Here are the steps I use to get rid of spyware on most machines. This is a repair shop environment, so we see it all. You may not need all this. It takes a long time, until you do it enough...
Make sure computer is disconnected from internet!! Super important!
1. Install adaware, use a bat file to load updated defs, install vx2 cleaner plugin.
2. Install spybot and manual updates.
3. Install spyware blaster
4. Run DSO stop
5. Run CWShredder, run it again until it comes up clean.
6. Run hijackthis for the first time. Sometimes you take things out and they come back. This is an advanced program, so be careful what you take out. You can kill norton by taking out the CC files.
7. VX2, there are 2 tools, Kill2ME and VX2 finder. VX2 finder is only for NT systems. I use Kill2ME on 9x, and sometimes if the other things can't remove it. VX2 is hard to clean.
8. LSPfix to check networking layers. You can remove spyware all day long but if you have new.net or LSpack, or whatever else, your internet will not work. This is an advanced tool, and will make a mess if you do not know what you are doing.
9. Run spyware blaster.
10. Run adaware and remove all, in full scan mode. May need to re-run in safe mode.
11. Run spybot and remove all. May need to re-run in safe mode.
12. If all spyware is clean now, rerun hijackthis to make sure nothing got put back.
13. Delete offending folders from:
C:\program files
C:\temp, C:\temporary,
C:\Docs and Settings...\user\local settings\TEMP
C:\Docs and Settings...\user\local settings\temporary internet files
Also, if you had ISTbar, there is a folder called Wintools. Search for it and delete.
Check in C:\, and C:\windows for suspicious exe files.
Anything you can check after the spyware scans identify the folders will help, but is not critical. I just like to get rid of all I can. NO spyware removal program is 100%. Many entries are still in the registry after S&D and Adaware declares it clean.
14. Internet explorer > Tools menu > Internet Options
Set your home page, delete cookies, temp int files, go to security tab and set defaults on all zones. Check trusted sites for spyware URLs. Delete them from there. VERY IMPORTANT!!
Privacy tab, set cookies to default.
Content tab, clear auto complete.
Connections tab, check for dialers and delete all but your ISP.
Advanced tab, set defaults.
15. Now, you can plug in your internet connection, and update adaware, spybot, and spyware blaster. Re-run adaware and spybot in full modes. Immunize in Spybot, and double check spyware blaster for block status.
16. Now, you should be clean. Get a good firewall, I use kerio 2.1.5. I use Proxomitron for an ad/spyware filter. I also use a host blocking file. You must put the host file in last, because some spyware will delete/change it, and redirect searches. Install XP SP2, but ONLY AFTER the spyware has been removed, or else you run the risk of killing the installation, and getting a blue screen. Make sure to have an up to date AV program. Norton 2003 is very good, keep it updated. I do not like Norton 2004-2005 at all.
17. A few final notes. Kazaa. If you have it, back up your music, and use the tool kazaabegone. It deletes Kazaa from registry, and all files on the HD, including your shared folder. DO NOT REINSTALL KAZAA. If you must, use K-lite.
Hotbar, there is a tool called hotbaruninst, I think I got it from them. It helps to kill the process to assist in removal.
There is also a program called startup list that lists all startup entries. Hijack does a good job, but sometimes there is something hiding that even that cannot find.
Here are some useful links, I omitted the obvious:
DSO Stop: http://www.nsclean.com/dsostop.html
CWShredder: http://www.intermute.com/spysubtract/cwshredder_download.html
A Few utilities are here:
http://www.spywareinfo.com/~merijn/downloads.html
VX2 Finder: http://www.pchell.com/downloads/vx2finder.exe
Hosts file: http://www.dozleng.com/hpguru/
Proxomitron: http://www.proxomitron.info/
Process explorer: I forgot to mention this very useful tool. Use it to kill stubborn spyware processes and watch them restart themselves. With this, you will know what is running, and what company made it. VERY VERY USEFUL!
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
This is about all I can say. I have not seen any thread that even comes close to this level of removal. If you do not do every step, you are wasting your time. You really should do them in this order. It may save time to just start in safe mode. Between scans, and updates, this is easily a 2-4 hour job for me, being experienced. It is an all day affair for most people. Most users cannot do all of this. This is a huge problem, and I cannot think of a good solution. It feels like I am wasting my time everyday, when it is so easy for someone to download one "free" program and to wipe out all the work.
I personally use firefox, and I also tell people about it, but its not really a cure. It won't be long until its just as bad as IE, I think.
Posting by Derek Nicolette, November 22, 2004:
I have to deal with this crap every day. I have made up a CD with all the good programs and do them in a certain order.
Here are the steps I use to get rid of spyware on most machines. This is a repair shop environment, so we see it all. You may not need all this. It takes a long time, until you do it enough...
Make sure computer is disconnected from internet!! Super important!
1. Install adaware, use a bat file to load updated defs, install vx2 cleaner plugin.
2. Install spybot and manual updates.
3. Install spyware blaster
4. Run DSO stop
5. Run CWShredder, run it again until it comes up clean.
6. Run hijackthis for the first time. Sometimes you take things out and they come back. This is an advanced program, so be careful what you take out. You can kill norton by taking out the CC files.
7. VX2, there are 2 tools, Kill2ME and VX2 finder. VX2 finder is only for NT systems. I use Kill2ME on 9x, and sometimes if the other things can't remove it. VX2 is hard to clean.
8. LSPfix to check networking layers. You can remove spyware all day long but if you have new.net or LSpack, or whatever else, your internet will not work. This is an advanced tool, and will make a mess if you do not know what you are doing.
9. Run spyware blaster.
10. Run adaware and remove all, in full scan mode. May need to re-run in safe mode.
11. Run spybot and remove all. May need to re-run in safe mode.
12. If all spyware is clean now, rerun hijackthis to make sure nothing got put back.
13. Delete offending folders from:
C:\program files
C:\temp, C:\temporary,
C:\Docs and Settings...\user\local settings\TEMP
C:\Docs and Settings...\user\local settings\temporary internet files
Also, if you had ISTbar, there is a folder called Wintools. Search for it and delete.
Check in C:\, and C:\windows for suspicious exe files.
Anything you can check after the spyware scans identify the folders will help, but is not critical. I just like to get rid of all I can. NO spyware removal program is 100%. Many entries are still in the registry after S&D and Adaware declares it clean.
14. Internet explorer > Tools menu > Internet Options
Set your home page, delete cookies, temp int files, go to security tab and set defaults on all zones. Check trusted sites for spyware URLs. Delete them from there. VERY IMPORTANT!!
Privacy tab, set cookies to default.
Content tab, clear auto complete.
Connections tab, check for dialers and delete all but your ISP.
Advanced tab, set defaults.
15. Now, you can plug in your internet connection, and update adaware, spybot, and spyware blaster. Re-run adaware and spybot in full modes. Immunize in Spybot, and double check spyware blaster for block status.
16. Now, you should be clean. Get a good firewall, I use kerio 2.1.5. I use Proxomitron for an ad/spyware filter. I also use a host blocking file. You must put the host file in last, because some spyware will delete/change it, and redirect searches. Install XP SP2, but ONLY AFTER the spyware has been removed, or else you run the risk of killing the installation, and getting a blue screen. Make sure to have an up to date AV program. Norton 2003 is very good, keep it updated. I do not like Norton 2004-2005 at all.
17. A few final notes. Kazaa. If you have it, back up your music, and use the tool kazaabegone. It deletes Kazaa from registry, and all files on the HD, including your shared folder. DO NOT REINSTALL KAZAA. If you must, use K-lite.
Hotbar, there is a tool called hotbaruninst, I think I got it from them. It helps to kill the process to assist in removal.
There is also a program called startup list that lists all startup entries. Hijack does a good job, but sometimes there is something hiding that even that cannot find.
Here are some useful links, I omitted the obvious:
DSO Stop: http://www.nsclean.com/dsostop.html
CWShredder: http://www.intermute.com/spysubtract/cwshredder_download.html
A Few utilities are here:
http://www.spywareinfo.com/~merijn/downloads.html
VX2 Finder: http://www.pchell.com/downloads/vx2finder.exe
Hosts file: http://www.dozleng.com/hpguru/
Proxomitron: http://www.proxomitron.info/
Process explorer: I forgot to mention this very useful tool. Use it to kill stubborn spyware processes and watch them restart themselves. With this, you will know what is running, and what company made it. VERY VERY USEFUL!
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
This is about all I can say. I have not seen any thread that even comes close to this level of removal. If you do not do every step, you are wasting your time. You really should do them in this order. It may save time to just start in safe mode. Between scans, and updates, this is easily a 2-4 hour job for me, being experienced. It is an all day affair for most people. Most users cannot do all of this. This is a huge problem, and I cannot think of a good solution. It feels like I am wasting my time everyday, when it is so easy for someone to download one "free" program and to wipe out all the work.
I personally use firefox, and I also tell people about it, but its not really a cure. It won't be long until its just as bad as IE, I think.
Monday, November 15, 2004
Spyware Free Spy Software Blocking Tool
Spyware Free Spy Software Blocking Tool: "Spyware Block List File"
"Blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the 'Kill bit'."
"Blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the 'Kill bit'."
Tuesday, November 09, 2004
IE-SPYAD: Restricted Sites List for Internet Explorer
Resources: Ad Blocking Resources: "IE-SPYAD"
"IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC."
"IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC."
Friday, October 22, 2004
Sunday, October 17, 2004
Optimize XP - A Windows XP Optimization Guide
Optimize XP: "Optimize XP - A Windows XP Optimization Guide"
"Optimize Windows XP to improve both work and gaming performance safely."
"Optimize Windows XP to improve both work and gaming performance safely."
Wednesday, September 29, 2004
Tuesday, September 28, 2004
Exchange logs MSExchangeAL Event ID 8331
837444 - Users do not appear in the Global Address List, users cannot connect to their Exchange mailboxes, event ID 8331 is logged, and e-mail names cannot be resolved in Exchange Server 2003
I have seen this a few times. I usually see it just after I add a new user via the SBS add users wizard. The wizard takes FAR longer than normal to add the user and when it completes the new account has no e-mail information shown under the appropriate tab. Restarting the Exchange System attendant service resolves the problem. Looks like I should try to find an appropriate time to install Exchange SP1 . . .
I have seen this a few times. I usually see it just after I add a new user via the SBS add users wizard. The wizard takes FAR longer than normal to add the user and when it completes the new account has no e-mail information shown under the appropriate tab. Restarting the Exchange System attendant service resolves the problem. Looks like I should try to find an appropriate time to install Exchange SP1 . . .
Saturday, September 25, 2004
Sam Spade
PCWorld.com - Sam Spade v1.14
Want more information about a Web domain, an e-mail address, or an IP address? Sam Spade can sleuth it out.
"Many server-finding tools, such as nslookup, whois, and traceroute, have been previously available, but only from a command line. Sam Spade lets you use these tools from a graphical interface, and information found with one tool can be queried using another. Its SMTP Verify tool helps you check on the validity of an e-mail address, which is good for finding out if mail is being sent from that address or forwarded from another address to cover the spammer's tracks."
Want more information about a Web domain, an e-mail address, or an IP address? Sam Spade can sleuth it out.
"Many server-finding tools, such as nslookup, whois, and traceroute, have been previously available, but only from a command line. Sam Spade lets you use these tools from a graphical interface, and information found with one tool can be queried using another. Its SMTP Verify tool helps you check on the validity of an e-mail address, which is good for finding out if mail is being sent from that address or forwarded from another address to cover the spammer's tracks."
Thursday, September 23, 2004
"not enough storage is available to process this command" - Outlook 2003
Computing.Net Posting
I have been stricken with this problem as well. Hopefully, a solution will be forthcoming from Microsoft . . .
I have been stricken with this problem as well. Hopefully, a solution will be forthcoming from Microsoft . . .
CachePal
CachePal
"CachePal lets you clear your Internet History, Temporary Internet Files and Cookies from one click on your Internet Explorer toolbar. Simply install, add to your toolbar and click whenever you need to dump your past or see a web site with a clean cache. Perfect for Web or Flash developers who constantly need to clear the browser environment to view changes."
"CachePal lets you clear your Internet History, Temporary Internet Files and Cookies from one click on your Internet Explorer toolbar. Simply install, add to your toolbar and click whenever you need to dump your past or see a web site with a clean cache. Perfect for Web or Flash developers who constantly need to clear the browser environment to view changes."
Belarc Advisor
Belarc Advisor
"The Belarc Advisor builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your web browser"
Provides a handy summary. Freeware.
"The Belarc Advisor builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your web browser"
Provides a handy summary. Freeware.
Lavalys Everest Home Edition
Lavalys - Everest Home Edition
Everest is a freeware system diagnostic and benchmark tool and provides both hardware and software reports and diagnostics.
Everest is a freeware system diagnostic and benchmark tool and provides both hardware and software reports and diagnostics.
Wednesday, September 22, 2004
Internet Explorer Saves Images As Bitmaps (.bmp Files)
810978 - Internet Explorer Saves Images As Bitmaps (.bmp Files)
"When you save an image in Microsoft Internet Explorer, the image is saved by default as a bitmap (.bmp). You do not have the option to save the image by using an extension other than .bmp. You experience this behavior even when the image uses a different format (such as .gif or .jpeg).
For example, when you right-click an image on a Web page, and then click Save Picture As, the file name that appears in the File name box is Untitled, and the file type that appears in the Save as type box is Bitmap (*.bmp). "
I experienced this inOutlook 2003 -- and this KB article didn't help! In fact, I didn't have enough time (or ambition maybe?) to solve the problem so I saved as a bitmap and then converted to the image to jpg.
"When you save an image in Microsoft Internet Explorer, the image is saved by default as a bitmap (.bmp). You do not have the option to save the image by using an extension other than .bmp. You experience this behavior even when the image uses a different format (such as .gif or .jpeg).
For example, when you right-click an image on a Web page, and then click Save Picture As, the file name that appears in the File name box is Untitled, and the file type that appears in the Save as type box is Bitmap (*.bmp). "
I experienced this inOutlook 2003 -- and this KB article didn't help! In fact, I didn't have enough time (or ambition maybe?) to solve the problem so I saved as a bitmap and then converted to the image to jpg.
Tuesday, September 07, 2004
Remote Desktop Connection Client
Download details: Remote Desktop Connection for Windows Server 2003 [5.2.3790]
Remote Desktop Client aka Terminal Services Client.
Remote Desktop Client aka Terminal Services Client.
Server Performance Advisor
Download details: Server Performance Advisor: "Performance diagnostic tool for Windows Server 2003"
Haven't tried it yet but looks interesting . . .
Haven't tried it yet but looks interesting . . .
MS Exchange - MSExchangeIS event ID 1022
I disable a couple of user accounts on the weekend and when I came back in today found thousands of event ID 1022 filling the logs.
Solution:
System Admin - Problem accessing diabled accounts mailbox
Ensure that the "SELF" built-in group has "Associated external account" permission.
Solution:
System Admin - Problem accessing diabled accounts mailbox
Ensure that the "SELF" built-in group has "Associated external account" permission.
Monday, September 06, 2004
McAfee AVERT Stinger
McAfee Stinger
A simple stand alone anti-virus tool that searches for a specific list of viruses and their varients and removes them if found. The stinger is in response to viruses that look for anti-virus processes running on a machine and terminate them. The stinger allows you to remove the infection update (or install!) anti-virus software and then clean house.
Note: On one occasion, I've had to rename the stinger program before it would run.
A simple stand alone anti-virus tool that searches for a specific list of viruses and their varients and removes them if found. The stinger is in response to viruses that look for anti-virus processes running on a machine and terminate them. The stinger allows you to remove the infection update (or install!) anti-virus software and then clean house.
Note: On one occasion, I've had to rename the stinger program before it would run.
DirGraph v2.0
DirGraph v2.0
"Disc Usage Analyser
For when you need to know where all those Gigs have vanished to...
DirGraph provides a graphical view of the space used by your files and directories. It allows you to navigate around this view - zooming in to see greater detail and zooming out to see the bigger picture."
Freeware.
"Disc Usage Analyser
For when you need to know where all those Gigs have vanished to...
DirGraph provides a graphical view of the space used by your files and directories. It allows you to navigate around this view - zooming in to see greater detail and zooming out to see the bigger picture."
Freeware.
Friday, September 03, 2004
Network Load Balancing service failed to start - after installing Veritas Backup Exec
After installing Veritas Backup Exec, I am getting a device or driver failure message on start up. The event log shows:
Event ID: 7000 Event Source: Service Control Manager Description: The Network Load Balancing service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
To fix, remove the two registry sub keys as described in this Veritas support atricle:
http://seer.support.veritas.com/docs/263037.htm
A similar Microsoft KB article:
http://support.microsoft.com/default.aspx?scid=kb;[LN];833375
Event ID: 7000 Event Source: Service Control Manager Description: The Network Load Balancing service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
To fix, remove the two registry sub keys as described in this Veritas support atricle:
http://seer.support.veritas.com/docs/263037.htm
A similar Microsoft KB article:
http://support.microsoft.com/default.aspx?scid=kb;[LN];833375
Thursday, September 02, 2004
BgInfo - Freeware Utility from Sysinternals
Sysinternals Freeware - Utilities for Windows NT and Windows 2000 - BgInfo
BgInfo takes key system information and turns it into a background image for your computer.
"This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more. "
Props to Ron Washburn!
BgInfo takes key system information and turns it into a background image for your computer.
"This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more. "
Props to Ron Washburn!
Wednesday, September 01, 2004
Configuring the Time Service to Log When the Time Is Changed
307937 - Configuring the Time Service to Log When the Time Is Changed: "Configuring the Time Service to Log When the Time Is Changed"
This article describes how to force the W32time service to log an event in the event log when the time has been adjusted.
When the time is adjusted, event ID 61 is logged in the System log. The text for this event is similar to:
The Time service synced time from time source (SOURCE)
This article describes how to force the W32time service to log an event in the event log when the time has been adjusted.
When the time is adjusted, event ID 61 is logged in the System log. The text for this event is similar to:
The Time service synced time from time source (SOURCE)
Office 2000 Error 1706 on Win2K
258847 - OFF2000: Error Message: "The Feature You Are Trying to Use Is on a Network Resource That Is Unavailable" or "Error 1706"
I have been getting "Error 1706. No valid source could be found for product Office 2000 Standard. The Windows installer cannot continue.
The work-around using system policies works.
I have been getting "Error 1706. No valid source could be found for product Office 2000 Standard. The Windows installer cannot continue.
The work-around using system policies works.
Tuesday, August 31, 2004
Keep your activation status intact when reinstalling XP
From a TechRepublic News Letter:
Have you ever wanted to reformat the hard disk and reinstall Windows XP on a system but you didn't want to mess around with Microsoft's Product Activation after the reinstall? Fortunately, you don't have to.
As long as you aren't making any hardware alterations, you can back up the activation status files before you reformat the hard drive and then restore them after you reinstall the operating system.
To perform the backup, follow these steps:
Have you ever wanted to reformat the hard disk and reinstall Windows XP on a system but you didn't want to mess around with Microsoft's Product Activation after the reinstall? Fortunately, you don't have to.
As long as you aren't making any hardware alterations, you can back up the activation status files before you reformat the hard drive and then restore them after you reinstall the operating system.
To perform the backup, follow these steps:
- Use Windows Explorer to open the C:\Windows\System32 folder.
- Copy the Wpa.dbl and Wpa.bak files to a floppy disk or CD.
To perform the restore, follow these steps:
- Decline the activation request at the end of the installation procedure, and restart Windows XP.
- During bootup, press [F8] to access the Windows Advanced Options menu.
- Choose the Safe Mode (SAFEBOOT_OPTION=Minimal) option.
- Use Windows Explorer to open the C:\Windows\System32 folder.
- If they exist, rename the new Wpa.dbl and Wpa.bak files to Wpadbl.new and Wpabak.new.
- Copy the original Wpa.dbl and Wpa.bak files from the floppy disk or CD to the C:\Windows\System32 folder.
- Restart the system.
Edit: I'm getting conflicting info here . . . . this article (http://aumha.org/win5/a/wpa.php) states that this procedure will NOT work after a format and reinstall.
VolumeID utility to allow you to change the volume ID of hard drives: http://www.sysinternals.com/ntw2k/source/misc.shtml#volumeid
Download more than two things at a time in Internet Explorer
From a Steve Bass article in the June 2004 PC World:
http://www.pcworld.com/howto/article/0,aid,115606,pg,4,00.asp
(Edited)
To increase the number of IE download streams in Windows XP, add a couple of registry entries under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings.
1. Back up the key before you proceed!
2. Choose Edit, New, DWORD Value
3. Type MaxConnectionsPer1_0Server=Dword:0000000a, and press Enter.
4. Right-click the new entry, choose Modify, check the Decimal radio button, enter 10 under 'Value data', and click OK.
5. Repeat these steps to create a DWORD Value in the same key named MaxConnectionsPerServer=Dword:0000000a with the same settings as the first one you created
6. Close the Registry.
http://www.pcworld.com/howto/article/0,aid,115606,pg,4,00.asp
(Edited)
To increase the number of IE download streams in Windows XP, add a couple of registry entries under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings.
1. Back up the key before you proceed!
2. Choose Edit, New, DWORD Value
3. Type MaxConnectionsPer1_0Server=Dword:0000000a, and press Enter.
4. Right-click the new entry, choose Modify, check the Decimal radio button, enter 10 under 'Value data', and click OK.
5. Repeat these steps to create a DWORD Value in the same key named MaxConnectionsPerServer=Dword:0000000a with the same settings as the first one you created
6. Close the Registry.
First Post! (aka what am I doing here?)
Well, this is the first posting to my shiny new blog.
The blog is intended to become a personal knowledge base for IT problems and solutions I come across. I often find myself staring at a familar problem and vaguely remembering that there was a solution. Hopefully, my blog will reduce the search time involved in finding the same solution subsequent times.
The blog is intended to become a personal knowledge base for IT problems and solutions I come across. I often find myself staring at a familar problem and vaguely remembering that there was a solution. Hopefully, my blog will reduce the search time involved in finding the same solution subsequent times.
Subscribe to:
Posts (Atom)
