Category Archives: Desktop Support

iTunes Error

Thanks Apple, this clears up a lot…


I should mention as well that it’s not very pleasing to have to put iTunes on a computer to support a user’s device, couldn’t Apple at least brew up a smaller sync app?  Though to be fair Blackberry’s sync app isn’t much better; Microsoft get’s the ‘best sync app’ prize in my opinion.

(Update: I forgot to mention that our fix for ‘could not sync calendars because the sync server failed to sync the iPod/iPhone’ was to uninstall and reinstall iTunes, though I was sure to delete ‘Apple’ registry keys and file folders in between).

Windows Activation

Ed Bott is digging into the technology behind Windows Activation, and one of the more amusing bits was when he had to use a cracking program to fix a file he had intentionally damaged since Microsoft’s own tool was unable to fix it.  My own amusing story was when I was trying to properly activate our work systems.  Since the volume management auto-registration program (KMS) won’t run until at least 25 Windows 7 systems have tried to register (why? I’ve no idea), I decided to fall back on our key (MAK) that we can use alternatively in limited use.  The key had worked for me fine before when I used the GUI, but when I used the command line ‘slmgr.vbs’ Windows still showed as being un-activated.  I wanted to use the command line so that I wouldn’t have to visit each system to register them, so I tried to force it on my own computer by using the undocumented ‘rearm’ switch.  I figured it would either work, or reset to default settings at which point I could try putting the key back in, but no, I got this instead:

Capture‘Unauthorized’?  By who?

It goes without saying that the OS in fact does NOT have to be reinstalled, but instead the licensing cache has to be cleared out (it also turns out that an extra command is required to register through the command line).  If Microsoft is going to be a bit overbearing in preventing piracy, couldn’t they at least make sure their anti-piracy protections work?  It aggravates me all the more since I’ve always made sure we are properly licensed and I would think that somewhere in the bucket of money we send them every year they could find the funds to fix stuff like this.

Let Down a Little by 7

Although my limited Windows 7 experience thus far has been largely positive, even my meager deployment of a half dozen PCs has turned up two irritations:

  • Firstly, I started up four of the HP systems we purchased and two of the systems started in a different manner than the other two.  The ‘different’ systems had startup menu options that appeared out of sync.  It still got the job done, but it was disconcerting that even such a limited number of Windows PCs couldn’t be bothered to start up in a consistent manner (“did someone use this before me?”).
  • Secondly, my user base is pretty anxious for their new PCs so I was hoping to avoid a time sink by simply upgrading Windows 7 Pro (the OEM version which ships on the units) to Windows 7 Enterprise (the SA version we’re entitled to run).  Doing this would save me time from having to rebuild the application and driver base to support the system.  Unfortunately I got a big old error message stating that ‘Windows 7 Pro cannot be upgraded to Windows 7 Enterprise’.  Why the frick not?  Is it that involved of a process to copy that small handful of code that differentiates the versions?  It can upgrade from Vista Business, why not 7?

My only other peeve is the nasty mess that is the control panel.  I figured this would be one of the big things addressed with the upgrade, but that half baked idea is a direct port of the original Vista implementation.  I wait with baited breath in anticipation of finding another landmine.

All for Naught

We’re going to be getting some very nice business desktops at work which will have quite a bit more CPU power and six (!) times the memory of our current systems.  This of course means that it will now take a little bit longer for my PC to be brought to it’s knees by the Java memory leaks that plague every web management app that I use.

Custom Virus Removal

Over the past several years I’ve had to clean malware from many PCs for friends and acquaintances.  This used to be rather trivial at first, but has grown to be a rather huge, complex undertaking as time has progressed with some cleanings taking several days.  The reason for this is two-fold.  First, malware writers have gotten much more clever and now put together software that is difficult to impossible to remove.  Secondly, attack vectors are much more ubiquitous.  At one point in time only ‘naughty’ computer users, those who trafficked in illegal software or pornography, got horrible malware infections but now the attacks are much more subtle.  Even though I consider myself somewhat wise in the area of computer security, I’ve seen a few phishing type emails that I’ve almost fell for, and that’s to say nothing a of the virus writers who infect normally safe web sites with their malicious code.

Typically when I get an infected machine it has either has no anti-virus package, or it has the original demo of an anti-virus package that came with computer and is now three years out of date.  Needless to say, the best thing that you can do to protect your computer is to have an anti-virus package installed and up to date.  I know they are overpriced packages of dreadful software that slows down your computer, but the cure is still better than the disease.  It’s worth pointing out as well, that many ISPs now offer a free anti-virus package for their customers to use.

Anyway, since the infected PCs I get have no anti-virus installed, and typically you cannot install much of anything on an actively infected system, the system needs to be manually cleaned to the point of making it operational.  What usually makes this easier is having an operational computer available to do web searches and other work on.  First, I reboot in Safe mode (press F8 just before XP boots). If possible, I’ll just use a ‘system restore point’ (you’re prompted on doing so when rebooting in Safe mode), but this is only possible if you know the approximate time range of the infection (as well, any apps installed after the restore point will be removed). If that’s not possible then, this is where it gets more painful, I first will manually clean out the ‘Run’ key of the Windows registry while making a note of what files are listed there.  More often than not I find myself doing web searches on some files to see if they are legit or not.  If they are not legit, I’ll make a note of those malware packages and what other files they rely on so that I can hunt them down in the system.  What I have found to be most effective in dealing with malware files is replacing them with an empty read-only file of the same name.  This way if the virus tries to recreate itself it will have trouble doing so.

So for instance, if a piece of malware has two files named ’PS1.exe’ and ‘winsysrun.exe’ I delete those two files and copy a blank text document in as those same names. This will confuse/corrupt most malware, particularly if the new files cannot be written to. In order to better ensure this I will (on systems not running XP pro) use a painful program called ‘cacls’ (or the related, very slightly less painful ‘fileacl’) to remove all access rights to the file.  The main problem with this whole procedure is that there are typically MANY file names so I’ll wind up creating a custom batch file to do most of the heavy lifting. I’ll do this one of two ways (or both).  On my extra, operational computer, I will download a list of files associated with the malware from an anti-virus site and plug those into a batch file and/or I will get a directory listing by date of the \windows\system32 directory where many virus files can be found.  To aid in that search I’ll  add the ‘company’ item to the columns in the detail view of the directory so that I can determine which date groupings to look for.  Any files that do not have a company listed should be viewed with suspicion and ‘googled’.

Once I have my lists of files I’ll then either manually copy in my ‘del’ and ‘copy’ commands (and ‘cacls’ and or ‘attrib’), use search and replace methods (adding in a comma where I want my commands to go and then search/replace the easier to type comma with the commands that I want), or as I did in one extreme case, compiling the list into Excel and adding the commands in columns and exporting it as a CSV and just ‘search/replace’-ing the commas with spaces.

At this point the viruses on the PC will typically be disabled enough that the computer can be booted up and an anti-virus package installed to clean off the system.  Typically you will want to do this with the computer NOT hooked to the Internet so that usually means porting the virus signature updates from the clean computer over to the ‘dirty’ computer via, ideally, CD media (as non-read only USB sticks can become infection vectors themselves).   I’ll often put the computer through two full scans of at least one package and a third scan through a different package just to verify it’s integrity (such as free web based scanners from Panda or even Adaware).

On a final note, if a computer has a ‘root kit’ malware installed, this means that portions of the OS itself have been replaced with malicious files.  Detection of this software is difficult to say the least and cleaning them off is virtually impossible.  The only real resolution for a root kit infection is to format the drive.  This makes it all the more important to get a system restore disk of some sort from the manufacturer.  Unfortunately a fair portion of the malware I have seen recently has been of this sort and the computers I have worked on that were in this state were ‘uncleanable’.