Tag Archives: issues

A Computer Recovery Walkthrough With Free Trinity Rescue Kit

Popular guest writer Mark Schneider, walks you through a computer recovery operation using the Trinity Rescue Kit, which, as he puts it, “saved my bacon”.

image Today, I was doing a little maintenance on my daughters Gateway laptop, uninstalling one anti-spyware program, and upgrading another to real-time protection. It seemed to go fine – I ran the Uninstall from Programs and Features in Vista, and enabled the full time protection in Malwarebytes, with the registration codes and rebooted.

When the computer shut down, I noticed it installing several updates. I didn’t think much of it at the time but when the machine restarted, the brown stuff hit the fan. I didn’t have any mouse! Even the Track pad was totally unresponsive. So, I plugged in a old USB trackball mouse, success!

I then clicked on the admin account I keep on the machine and went to type my password – nope, the keyboard didn’t work either. So I rebooted after plugging in my USB keyboard. Windows went through its usual routine and told me the keyboard had installed and was ready to use, except, it wasn’t. It wouldn’t work at all.

Basically, I was hosed! I couldn’t run the device manager from the limited account, or do a system restore. I had to get into the admin account, or I was stuck.

So I did what any red-blooded geek would do, I Googled “resetting a password in Vista”. I came up with usual Microsoft solution, you know the one where you use the password reset CD you made when you set up the computer, yep that one, the one no one ever makes!

Fortunately for me, I also found a reference to TRK or the Trinity Rescue Kit. TRK is a Linux based bootable CD, that can be used for resetting passwords, recovering files and a few other things relating to Windows calamities.

Publisher’s description: Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Once the CD booted normally, I typed in “winkey u admin” – this started TRK searching, and mounting all the files in the system. I choose “Enter” in the next dialog, and then typed an “*” confirmed this with a “y”, and this created a new administrator account with no password.

I was able to log into the Administrator account and then began the next phase of fixing the corrupted drivers. This took a little longer than I anticipated. I tried deleting the Track pad and keyboard in Device Manager , both had the little caution signs next to them indicating a damaged or corrupted driver; rebooted but this didn’t work.

I finally resolved the problem by using a restore point. Fortunately, you can get there with just a few clicks of the mouse. So I got lucky; the USB mouse worked, and the TRK worked after some trial and error.

Get the Trinity Rescue Kit here. I recommend it for your toolkit, it definitely saved my bacon.

image

Fast facts:

TRK is a complete command line based distribution, apart from a few tools like qtparted, links, partition image and midnight commander.

Full read/write and rpm support (since build 333)

Easily reset windows passwords (backup and restore option)

Four different virus scan products integrated in a single uniform command line with online update capability

Full ntfs write support thanks to ntfs-3g (all other drivers included as well)

Clone NTFS file systems over the network

Wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)

Easy script to find all local file systems

Self update capability to include and update all virus scanners

Full proxy server support

Run a samba fileserver (windows like file sharing)

Run an ssh server

Recovery and un-deletion of files with utilities and procedures

Recovery of lost partitions

Evacuation of dying disks

UTF-8 international character support

Powerful multicast disk cloning utility for any file system

Two rootkit detection utilities

Elaborate documentation

It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable iso file.

From a USB stick/disk (optionally also a fixed disk), installable from Windows, or from the bootable TRK CD.

From network over PXE, which requires some modifications on your local network (version 3.2). Has the ability to act as a network boot server itself, without any modifications to your local network.

Trinity Rescue Kit is now in Version 3.4, and is better than ever before.

Getting started with TRK.

Download at: Developer’s site.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world. Why not pay a visit to Mark’s site today.

This article was originally posted here on March 11, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under CD/DVD Recovery Tools, computer repair, Computer Tools, downloads, Free Password Recovery Software, Freeware, Geek Software and Tools, Manual Malware Removal, Portable Applications, Software, System Recovery Tools, System Utilities, Utilities, Windows Tips and Tools

Update Firefox – Firefox 3.6.13 Released – Fixes 11 Critical Issues

imageFirefox 3.6.13 was released by Mozilla on Thursday (December 9), which addresses 13 documented issues, 11 rated as critical – including a vulnerability which can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.

If you haven’t updated your version of Firefox yet, then go to Help – Check for updates. Not all users allow automatic updates and installation – I’m one, as the following (older), graphic illustrates. However, I do allow the update to download.

image

Fixed in Firefox 3.6.13

MFSA 2010-84 XSS hazard in multiple character encodings

MFSA 2010-83 Location bar SSL spoofing using network error page

MFSA 2010-82 Incomplete fix for CVE-2010-0179

MFSA 2010-81 Integer overflow vulnerability in NewIdArray

MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver

MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh

MFSA 2010-78 Add support for OTS font sanitizer

MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree

MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element

MFSA 2010-75 Buffer overflow while line breaking after document.write with long string

MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

For an overview of Browser security add-ons you should consider installing, read – An IT Professional’s Must Have Firefox and Chrome Add-ons, here on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Browsers, Don't Get Hacked, downloads, Firefox, Firefox Add-ons, Freeware, Internet Security Alerts, Online Safety, Software, System Security, Windows Tips and Tools

Cleanup Your Startup with Free MSConfig Cleanup

MSConfig (System Configuration Utility), is a small Windows applet launched from the Run command, when the user enters “msconfig”.

MSConfig 5

MSConfig is a great checkbox driven tool for diagnosing Windows configuration issues – including system services, modifying startup programs,  gaining access to the Windows Boot Manager/Boot Configuration Data, and more.

As well, the Tools menu is a relatively complete set of system tools, as the following screen capture indicates.

MSConfig 4

I test a lot of applications, many of which like to auto start on boot up. At some point, after completing testing,  I need to stop these applications from auto starting or, I’d be facing some serious system resources issues.

It’s in this role of denying an application auto start privileges, that MSConfig gets a real workout around here. But, here’s the problem. While MSConfig will disable items, it continues to list them in the Startup tab as the following screen capture shows. Noticed the unchecked/disabled applications.

MSConfig 1

So what’s the big deal, I hear you saying? Well, here’s the deal – if you are a highly active user who likes to test software, the Startup tab can soon become an unmanageable mess. An unmanageable mess is an accident waiting to happen.

MSConfig Cleanup is a neat little free system utility that does just one job – it cleans out the Startup list. You’ll notice in the following graphic, the disabled items from the previous screen capture are listed and ready to be deleted.

MSConfig 2

The Startup list, after running MSConfig Cleanup, is shown in the following screen shot. Neat and tidy –  and unlikely to lead to confusion!

MSConfig 3

After you make the changes, your computer will need to be rebooted for the changes to take effect.

A caveat: Do not disable programs you don’t know. Do a search on Google if you are not certain what an application does.

System requirements: Windows XP, Vista, Win 7.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under downloads, Freeware, Geek Software and Tools, Microsoft, Software, System Tweaks, System Utilities, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Another Day in the Trenches: Killing XP Antivirus 2010

Popular guest writer Mark Schneider, walks you through a computer recovery operation, following an infection by a rogue security program, XP Antivirus.

I hate rogue antivirus programs. They seem to be getting more numerous and harder to get rid of all the time. Case in point: At work, I noticed a shared computer suddenly popped up a Window announcing it was doing a scan, and that I was infected with over 4,000 Trojans and other forms of malware.

Nice try I thought, so I used Control Alt Delete to start task manager, and I closed Internet Explorer and all running processes involved. Fortunately, it was a limited user account that was infected, and that turned out to be a important factor in removing it.

I immediately ran Malwarebytes from that user and found a number of infections including the rogue antivirus product I was afflicted with. These cretins that come up with this crap can’t even come up with something creative – we’ve seen XP Antivirus for a few years now; each year they just tack on a year to make it look current.

image

image

Sad thing is, I’m sure somewhere out there is someone who renews this crap every year. Imagine paying yearly to be infected – oh right, we already do that it’s called McAfee, but don’t get me started.

Well back to the task at hand: I rebooted the machine and logged into an administrator account, updated Malwarebytes and ran it again… and found more junk, actually the same junk. Malwarebytes found it, but could not kill it.

Next, I downloaded Superantispyware, a great application that I always run at home but it wasn’t on the work machine. The first thing I do now after I download a anti-malware application is rename the installer. I do this because I often find the malware knows how to prevent anti-malware from installing – these guys aren’t creative, but they’re getting smarter.

To rename a file, right click on the file and select rename and type anything.exe and install the program. Superantispyware did its thing and found a ton of additional files. I removed the infected files and rebooted again, and ran both my programs again. I still found junk!

I repeated the sequence two more times until nothing was found. I then ran a scan in all user accounts to confirm “the kill”. So far so good, until I went into the user account where the infection had started, now whenever I tried to launch any program from the desktop I’d get the “Choose what Program you want to use to Open this File” message. This means I had to fix file associations and a great site with XP file association fixes is here. I used the .exe file association fix and it worked great.

The last thing I did was to run Process Explorer, and Autoruns from Syinternals. These utilities give a great in-depth look at what is currently running and starting on your machine at boot-up. Finding nothing suspicious I deemed the computer clean, for now.

So a few lessons I learned on this one: Don’t use IE – this was caused by a flaw in Internet Explorer I believed it was just fixed this week. Second, running as a limited user is still far safer than running as an administrator, even though its trivial to elevate to administrator level, most malware seldom does, and this makes cleaning an infected PC much easier.

Next, running your cleanup tools multiple times and rebooting after each scan is the only way to give the anti-malware tools a chance against the bad guys.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

18 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Guest Writers, Internet Security Alerts, Manual Malware Removal, Rogue Software Removal Tips, Scareware Removal Tips, Software, Windows Tips and Tools

Firefox 3.6.3 Released – Fixes Critical Security Issue

image If you don’t have Firefox’s automatic update feature turned on, then you need to manually update your version immediately, to Version 3.6.3.

According to Mozilla “A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest.” Apparently, this exploit only affects Firefox 3.6 and not earlier versions.

Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.

Some time back, I took a running shot at Firefox (this was one of my very infrequent “the glass is half empty” days), when I wrote here, “For the umpteen time, in just a short time frame, Mozilla has released a patched version of Firefox ….. this is a continuing saga with Firefox and its not getting better. If anything, its getting worse.”

I felt justified in chastising Mozilla for what I perceived to be, a series of continuing flaws in Firefox, leading to very frequent updates. Until, that is, I received an email from Mozilla’s Christopher Blizzard, in which he pointed out the following –

“Our goal is to try and update as quickly as possible to get fixes into user’s hands. Sometimes this means that we update frequently. As an example 3.5.1 was turned around in 48 hours from the release of an proof of concept exploit. And we had no warning before it was public.

So we worry about the time-to-fix as opposed to the number or frequency of releases. Firefox’s userbase happens to update pretty quickly when we release an update and this often means that our users are also the safest.

The faster you can get fixes into people’s hands, the less likely they are to run into something that’s exploitable.”

We also schedule releases every few weeks to fix known problems and fix non-severe and non-critical security fixes. But sometimes we get something that causes us to release early.”

Christopher’s sensible explanation removed a certain anxiety, and a sense of worry, that I would have to give up my beloved FF, and my stable of crucial add-ons.

To paraphrase Winston Churchill – “This was not my finest hour”. In fact, my tech friends are still laughing at me over that one.

If you have ever questioned Firefox’s frequent update history, then consider Christopher’s closing statement –

“I would point out that all browsers have security problems. And it’s how you respond to them that counts. So that’s why you’re seeing frequent updates from us.”

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Browsers, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox, Freeware, Online Safety, Software, Windows 7, Windows Vista, Windows XP

Trinity Rescue Kit – Recovery From a Windows Calamity

Popular guest writer Mark Schneider, walks you through a computer recovery operation using the Trinity Rescue Kit, which, as he puts it, “saved my bacon”.

image Today, I was doing a little maintenance on my daughters Gateway laptop, uninstalling one anti-spyware program, and upgrading another to real-time protection. It seemed to go fine – I ran the Uninstall from Programs and Features in Vista, and enabled the full time protection in Malwarebytes, with the registration codes and rebooted.

When the computer shut down, I noticed it installing several updates. I didn’t think much of it at the time but when the machine restarted, the brown stuff hit the fan. I didn’t have any mouse! Even the Track pad was totally unresponsive. So, I plugged in a old USB trackball mouse, success!

I then clicked on the admin account I keep on the machine and went to type my password – nope, the keyboard didn’t work either. So I rebooted after plugging in my USB keyboard. Windows went through its usual routine and told me the keyboard had installed and was ready to use, except, it wasn’t. It wouldn’t work at all.

Basically, I was hosed! I couldn’t run the device manager from the limited account, or do a system restore. I had to get into the admin account, or I was stuck.

So I did what any red-blooded geek would do, I Googled “resetting a password in Vista”. I came up with usual Microsoft solution, you know the one where you use the password reset CD you made when you set up the computer, yep that one, the one no one ever makes!

Fortunately for me, I also found a reference to TRK or the Trinity Rescue Kit. TRK is a Linux based bootable CD, that can be used for resetting passwords, recovering files and a few other things relating to Windows calamities.

Publisher’s description: Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Once the CD booted normally, I typed in “winkey u admin” – this started TRK searching, and mounting all the files in the system. I choose “Enter” in the next dialog, and then typed an “*” confirmed this with a “y”, and this created a new administrator account with no password.

I was able to log into the Administrator account and then began the next phase of fixing the corrupted drivers. This took a little longer than I anticipated. I tried deleting the Track pad and keyboard in Device Manager , both had the little caution signs next to them indicating a damaged or corrupted driver; rebooted but this didn’t work.

I finally resolved the problem by using a restore point. Fortunately, you can get there with just a few clicks of the mouse. So I got lucky; the USB mouse worked, and the TRK worked after some trial and error.

Get the Trinity Rescue Kit here. I recommend it for your toolkit, it definitely saved my bacon.

image

Fast facts:

TRK is a complete command line based distribution, apart from a few tools like qtparted, links, partition image and midnight commander.

Here ‘s a sum up of some of the most important features, new and old:

Full read/write and rpm support (since build 333)

Easily reset windows passwords (backup and restore option in 3.3)

Four different virus scan products integrated in a single uniform command line with online update capability (5 in version 3.3)

Full ntfs write support thanks to ntfs-3g (all other drivers included as well)

Clone NTFS file systems over the network

Wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)

Easy script to find all local file systems

Self update capability to include and update all virus scanners

Full proxy server support

Run a samba fileserver (windows like file sharing)

Run an ssh server

Recovery and un-deletion of files with utilities and procedures

Recovery of lost partitions

Evacuation of dying disks

UTF-8 international character support

Powerful multicast disk cloning utility for any file system

Two rootkit detection utilities (version 3.3)

Elaborate documentation

It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable iso file.

From a USB stick/disk (optionally also a fixed disk), installable from Windows or from the bootable TRK CD.

From network over PXE, which requires some modifications on your local network (version 3.2). Version 3.3 has the ability to act as a network boot server itself, without any modifications to your local network.

Although version 3.3 is still beta, it is recommended that you download this version, as most features which were included in version 3.2 are still running just fine (and are more up-to-date) and the new stuff is presumed to be running fine too.

Download at: Developer’s site.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

9 Comments

Filed under CD/DVD Recovery Tools, CD/DVD Tools, computer repair, downloads, Freeware, Geek Software and Tools, Software, System Utilities, Utilities, Windows Tips and Tools

ANOTHER Firefox Patch – Update Now!

Mozilla likes to advertise Firefox as “The faster, more secure, and fully customizable way to surf the web”. Obviously, Mozilla doesn’t subscribe to the principle of truth in advertising.

In the first place Firefox is NOT the fastest browser available; it may be the most customizable, but it is a long way from being the most secure.

Until recently, any mention of Internet Explorer’s safety record, amongst my techie friends, was sure to draw a huge round of laughter when compared with Firefox’s record. But, no longer.

For the umpteen time, in just a short time frame, Mozilla has released a patched version of Firefox – this one is version 3.5.2, to address the following issues:

Fixed in Firefox 3.5.2

MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

In just over a month, since the release of version 3.5, we have had to download and install two patched versions due to severe, or critical, security issues. I’m not laughing; this is a continuing saga with Firefox and its not getting better. If anything, its getting worse.

The only thing that keeps this unreliable browser on any of my systems is the add-ons.  Without this customizing ability, Firefox – you’d be gone!

If you haven’t updated yet, I strongly urge you to do so.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

25 Comments

Filed under Browsers, Don't Get Hacked, Firefox, Freeware, Internet Safety, Internet Security Alerts, Open Source, Software, Windows Tips and Tools