2Mar/100

How did I get these fake antivirus? How to keep from getting them.

Just in case you didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now. You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad. See the simple explanation below.

Here’s how Malvertising Works

A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
The ad goes live.
At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
Once an exploit is available the malicious ad injects malware into the clients PC.
The anti-virus may or may not detect it, it’s really just luck. If the threat is old, then there’s a good chance it will. If it’s just a few minutes old then there’s a good chance it won’t.
The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

Keep your Adobe Reader and Flash Updated. This is not exactly an easy task since Adobe seems to find security holes every other week. Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!). Both programs do automatic update checking, however a lot of people just cancel the update. Bad idea.
When Java alerts you that an update is available then yes…install it. Lot’s of my clients never install this update. It’s really important that you do.
Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
Browse the internet with Sandboxie as much as you can. That goes for everyone who uses the computer.
Always download and install your Windows Updates.
Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Sadly adobe and sun products are constantly getting new updates and do not uninstall the old updates so the potential for re-infection can still happen. If you don't need these applications or you do not use applications that require these updates then promptly remove them.

You have noticed that even Apple a large supporter of adobe has decided not to add flash or java to their latest OS updates.

Special thanks to the remove-malware.com people for the information.

Flickr Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

BuzzNet Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

Technorati Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

del.icio.us Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

IceRocket Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

LiveJournal Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

43 Things Tags: Why Do I get these Fake antivirus's, Virus that looks like a antivirus, Adobe and Sun to blame, Yes I said it Adobe

Tagged as: Fake Antivirus, Why Do I get these No Comments

1Mar/100

Moving IIS Install from one system drive to another.

So you have a beefy new server with multiple drives. Let’s just say you have a C, D and E Drives just for argument sake. You want to move “all” of your server based applications off the C drive since the operating system drive is typically the first to die crash or be at a loss for data.

IIS is typically by default installed and assigned on the system drive C:\inetpub. However you want to move it to D:\intepub. So you start down the whole copy and paste which may seem like it will work however you still have to touch multiple Registry keys and paths. Well here is a simple script to make your IIS moving a snap.

Also if you copy this make sure to name the file a .Bat file for Batch… Just in case.

REM PLEASE BE AWARE: SERVICING (I.E. HOTFIXES AND SERVICE PACKS) WILL STILL REPLACE FILES
REM IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE
REM TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES
REM IS NOT POSSIBLE.

@echo off
IF "%1" == "" goto err
setlocal
set MOVETO=%1:\

REM simple error handling if drive does not exist or argument is wrong
IF NOT EXIST %MOVETO% goto err

REM Backup IIS config before we start changing config to point to the new path
%windir%\system32\inetsrv\appcmd add backup beforeRootMove

REM Stop all IIS services
iisreset /stop

REM Copy all content
REM /O - copy ACLs
REM /E - copy sub directories including empty ones
REM /I - assume destination is a directory
REM /Q - quiet

REM echo on, because user will be prompted if content already exists.
echo on
xcopy %systemdrive%\inetpub %MOVETO%inetpub /O /E /I /Q
@echo off
REM Move AppPool isolation directory
reg add HKLM\System\CurrentControlSet\Services\WAS\Parameters /v ConfigIsolationPath /t REG_SZ /d %MOVETO%inetpub\temp\appPools /f

REM Move logfile directories
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.traceFailedRequestsLogging.directory:"%MOVETO%inetpub\logs\FailedReqLogFiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.logfile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralBinaryLogFile.directory:"%MOVETO%inetpub\logs\logfiles"
%windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralW3CLogFile.directory:"%MOVETO%inetpub\logs\logfiles"

REM Move config history location, temporary files, the path for the Default Web Site and the custom error locations
%windir%\system32\inetsrv\appcmd set config -section:system.applicationhost/configHistory -path:%MOVETO%inetpub\history
%windir%\system32\inetsrv\appcmd set config -section:system.webServer/asp -cache.disktemplateCacheDirectory:"%MOVETO%inetpub\temp\ASP Compiled Templates"
%windir%\system32\inetsrv\appcmd set config -section:system.webServer/httpCompression -directory:"%MOVETO%inetpub\temp\IIS Temporary Compressed Files"
%windir%\system32\inetsrv\appcmd set vdir "Default Web Site/" -physicalPath:%MOVETO%inetpub\wwwroot
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='401'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='403'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='404'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='405'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='406'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='412'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='500'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='501'].prefixLanguageFilePath:%MOVETO%inetpub\custerr
%windir%\system32\inetsrv\appcmd set config -section:httpErrors /[statusCode='502'].prefixLanguageFilePath:%MOVETO%inetpub\custerr

REM Make sure Service Pack and Hotfix Installers know where the IIS root directories are
reg add HKLM\Software\Microsoft\inetstp /v PathWWWRoot /t REG_SZ /d %mOVETO%\inetpub\wwwroot /f
reg add HKLM\Software\Microsoft\inetstp /v PathFTPRoot /t REG_SZ /d %MOVETO%\inetpub\ftproot /f
REM Do the same for x64 directories
if not "%ProgramFiles(x86)%" == "" reg add HKLM\Software\Wow6432Node\Microsoft\inetstp /v PathWWWRoot /t REG_EXPAND_SZ /d %MOVETO%inetpub\wwwroot /f
if not "%ProgramFiles(x86)%" == "" reg add HKLM\Software\Wow6432Node\Microsoft\inetstp /v PathFTPRoot /t REG_EXPAND_SZ /d %MOVETO%inetpub\ftproot /f

REM Restart all IIS services
iisreset /start
echo.
echo.
echo ===============================================================================
echo Moved IIS7 root directory from %systemdrive%\ to %MOVETO%.
echo.
echo Please verify if the move worked. If so you can delete the %systemdrive%\inetpub directory.
echo If something went wrong you can restore the old settings via
echo "APPCMD restore backup beforeRootMove"
echo and
echo "REG delete HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationPath"
echo You also have to reset the PathWWWRoot and PathFTPRoot registry values
echo in HKEY_LOCAL_MACHINE\Software\Microsoft\InetStp.
echo ===============================================================================
echo.
echo.
endlocal
goto success

REM error message if no argument or drive does not exist
:err
echo.
echo New root drive letter required.
echo Here an example how to move the IIS root to the F:\ drive:
echo.
echo MOVEIISROOT.BAT F
echo.
echo.

:success

This should take care of your IIS moving needs. Do not forget to reboot to make sure settings are happy.

Flickr Tags: IIS moving, Move IIS to another drive, IIS fun in movement, Happiness in IIS

BuzzNet Tags: IIS moving, Move IIS to another drive, IIS fun in movement, Happiness in IIS

Technorati Tags: IIS moving, Move IIS to another drive, IIS fun in movement, Happiness in IIS

del.icio.us Tags: IIS moving, Move IIS to another drive, IIS fun in movement, Happiness in IIS

IceRocket Tags: IIS moving, Move IIS to another drive, IIS fun in movement, Happiness in IIS

LiveJournal Tags: IIS moving, Move IIS to another drive, IIS fun in movement, Happiness in IIS

43 Things Tags: IIS moving, Move IIS to another drive, IIS fun in movement, Happiness in IIS

Tagged as: IIS, Moving IIS to another Drive No Comments

28Feb/100

Commerce Server 2007: Direct Mailer Is Not Working Please Help!

Cannot tell you how much fun this can be if it is not working correctly. First make sure SMTP is set up correctly in your IIS install (IIS6-IIS7.5(which uses IIS6 but thats for another story))

Direct Mailer Not working or not sending email or just needs to be configured correctly?

First lets make sure the server and users/groups are created right.

To grant the Marketing Web Service access to the Direct Mailer Service

1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.

2. In the Component Services window, expand Component Services, expand Computers, expand My Computer, expand DCOM Config, right-click Microsoft Commerce Server DirectMailer Service, and then click Properties.

3. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Launch and Activation Permissions section, select Customize, and then click Edit.

4. In the Launch Permission dialog box, click Add.

5. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.

6. In the Launch Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Launch and Local Activation check boxes for Allow, and then click OK.

7. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Access Permissions section, select Customize, and then click Edit.

8. In the Access Permission dialog box, click Add.

9. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.

10. In the Access Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Access check box for Allow, and then click OK.

11. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, click OK

To grant the Marketing Web Service access to the Direct Mailer Service

1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.

3. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Launch and Activation Permissions section, select Customize, and then click Edit.

4. In the Launch Permission dialog box, click Add.

5. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.

6. In the Launch Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Launch and Local Activation check boxes for Allow, and then click OK.

7. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, on the Security tab, in the Access Permissions section, select Customize, and then click Edit.

8. In the Access Permission dialog box, click Add.

9. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <data domain>\MarketingWebSvc, and then click OK.

10. In the Access Permission dialog box, in the Permissions for <data domain>\MarketingWebSvc section, select the Local Access check box for Allow, and then click OK.

11. In the Microsoft Commerce Server DirectMailer Service Properties dialog box, click OK

And verify that your web service identity is a member of the DML_SG group

Prepare the Members and Groups for COM component Services:

Member Manage:

Create the group DML_SG

Add the following users to the:

DML_SG

CSDMSvc

MarketingWebSvc

Add the following users to the:

MarketingAdminGroup

RunTimeUser

MarketingWebSvc

CSDMSvc

Add the following users to the:

Administrator

MarketingWebSvc

Go into services and make sure commerce server direct mailer is running and set to automatic.

Trouble Shooting

You can add the following registry change if these do not work.

Open Registry using regedit.exe.

Navigate to HK_LOCAL_Machine\Software\Microsoft\SchedulingAgent and give full control to NT account under which marketing system is working (or add authenticate users).

*Right click on the key and scroll down to permissions inside permissions add DML_SG and give full permissions.

Test Emailing by scheduling a DML run with dmlrun.exe:

dmlrun.exe /create:type=final;site="Buylifetime.com";id=30 /execute

If that doesn't work, try using the DirectMailer COM object to test your direct mail:

Dim dm

set dm = CreateObject("Commerce.DirectMailer", "<DML Server Name>")

call dm.TestDirectMail("StarterSite", 30)

save and do IIS reset

Last and most effective:

Open a Command Prompt go to (different for 32 and 64 bit servers(Provided is the 64bit version))) C:\Program Files (x86)\Microsoft Commerce Server 2007 Then run:

csconfig /r Feature.MS.CS.DirectMailer

Flickr Tags: Commerce Server DirectMailer, Issues with Direct Mailer, Fix Direct Mailer for me, Why Commerce Server Why?

BuzzNet Tags: Commerce Server DirectMailer, Issues with Direct Mailer, Fix Direct Mailer for me, Why Commerce Server Why?

Technorati Tags: Commerce Server DirectMailer, Issues with Direct Mailer, Fix Direct Mailer for me, Why Commerce Server Why?

del.icio.us Tags: Commerce Server DirectMailer, Issues with Direct Mailer, Fix Direct Mailer for me, Why Commerce Server Why?

IceRocket Tags: Commerce Server DirectMailer, Issues with Direct Mailer, Fix Direct Mailer for me, Why Commerce Server Why?

LiveJournal Tags: Commerce Server DirectMailer, Issues with Direct Mailer, Fix Direct Mailer for me, Why Commerce Server Why?

43 Things Tags: Commerce Server DirectMailer, Issues with Direct Mailer, Fix Direct Mailer for me, Why Commerce Server Why?

Tagged as: Commerce Server Direct Mailer, Help with Direct Mailer No Comments

27Feb/100

Windows will not launch an exe after virus removal. How to fix.

So you got one of those great little virus’s going around. You were able to clean it off after a bit of time and gnashing of teeth. However now you cannot launch any applications or more specifically any executables (.exe)

Fixing the association settings using Registry editor

Click Start, Run and type CMD

Type the following commands one by one:

cd\windows
regedit

If Registry Editor opens successfully, then navigate to the following key:

HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command

Double-click the (Default) value in the right pane

Delete the current value data, and then type:

"%1" %*
(ie., quote-percent-one-quote-space-percent-asterisk.)

*Interestingly some virus’s have changed the full path of default value to c:\users\HomerJSimpson<yourUserAccount>\appdata\local\happyvirus.exe /runas “%1” %*

Navigate to:

HKEY_CLASSES_ROOT\.exe

In the right-pane, set (default) to exefile

*Interestingly some virus’s have added things like “sfcfile”

Exit the Registry Editor.

Fix with a com executable

You can use a com object to run the fix

Download Fix from Ramesh

reboot and all should be happy. At least with Executables.

Special thanks to Ramesh for giving me the idea on how to do this.

Flickr Tags: Fix EXE after Virus, EXE not working, Cannot execute an executable, Why does the world have to have viruses?

BuzzNet Tags: Fix EXE after Virus, EXE not working, Cannot execute an executable, Why does the world have to have viruses?

Technorati Tags: Fix EXE after Virus, EXE not working, Cannot execute an executable, Why does the world have to have viruses?

del.icio.us Tags: Fix EXE after Virus, EXE not working, Cannot execute an executable, Why does the world have to have viruses?

IceRocket Tags: Fix EXE after Virus, EXE not working, Cannot execute an executable, Why does the world have to have viruses?

LiveJournal Tags: Fix EXE after Virus, EXE not working, Cannot execute an executable, Why does the world have to have viruses?

43 Things Tags: Fix EXE after Virus, EXE not working, Cannot execute an executable, Why does the world have to have viruses?

Tagged as: Exe not working, Virus Fix No Comments

10Feb/101

Windows 8 or Windows “Next”

On a blog post from: blogs.msdn.com/sharad/archive/2010/01/31/whats-in-store-for-the-next-windows.aspx+"Windows%208"

Which was taken down shortly after posting. Talks a little about the upcoming release.

Here is the post in its entire form:

31 January 2010

Whats in store for the next Windows?

One of the great (or maybe not so great) things of being at Microsoft is that every other person wants to ask you why Windows works the way it does. Since I'm part of the Windows update team I get asked even more why does my machnie reboot everytime there is an update and why are there so many updates. So naturally once Windows 7 shipped, my friends, neighbours, relatives, and whoever else you can imagine started asking me So whats next?

Folks started asking me whats in Windows 8 - and the first thing I have to say is that I resonate Steven Sinofsky's interview on who said we're calling it Windows 8? I agree with Steven that till things are baked there is no point floating ideas since it leaves people frustrated when things don't turn out the way they expected. The Windows team promised to deliver a smarter, faster and more user friendly OS with Windows 7 and they delivered just that - the latest quaterly results of Microsoft are a clear indication that Windows 7 has been a success and customers got what Microsoft had promised them! The plan is to use a similar approach for the next version of Windows and till things are finalized you're not going to get a "marketing" name from us:)

So how am I referring to the next version of Windows without saying that many words - well simple - Windows.next:) This is definitely not the official version but a version that is becoming common along my circle. So what are our plans for this next version...

The minimum that folks can take for granted is that the next version will be something completly different from what folks usually expect of Windows - I am simply impressed with the process that Steven has setup to listen to our customers needs and wants and get a team together than can make it happen. To actually bring together dozens and dozens of teams across Microsoft to come up with a vision for Windows.next is a process that is surreal! The themes that have been floated truly reflect what people have been looking for years and it will change the way people think about PCs and the way they use them. It is the future of PCs...

Thats about it for this post for the time being - I know I'm not sharing much at this point but right now I can't as we work towards finalizing that vision. Feel free to post your comments on what you think Windows.net should be like!

Kind of Vague but what do you expect from alpha planning post.

Flickr Tags: Windows 8, Windows Next, Does anyone really care?, Android will kill windows, Windows 8 happiness

BuzzNet Tags: Windows 8, Windows Next, Does anyone really care?, Android will kill windows, Windows 8 happiness

Technorati Tags: Windows 8, Windows Next, Does anyone really care?, Android will kill windows, Windows 8 happiness

del.icio.us Tags: Windows 8, Windows Next, Does anyone really care?, Android will kill windows, Windows 8 happiness

IceRocket Tags: Windows 8, Windows Next, Does anyone really care?, Android will kill windows, Windows 8 happiness

LiveJournal Tags: Windows 8, Windows Next, Does anyone really care?, Android will kill windows, Windows 8 happiness

43 Things Tags: Windows 8, Windows Next, Does anyone really care?, Android will kill windows, Windows 8 happiness

Tagged as: Alpha Windows, Windows 8 1 Comment

Older Entries »