March 2009 Archives

Conflicker virus - hoax or what?

By Tom Fitzgerald on March 30, 2009 9:19 PM | No Comments
I've been reading a lot about the conflicker virus that is out there and soon to unleash fury on everyone on Wednesday. This is going to be a really short post but I just want to point out the highlights.

This virus has been patched in October in 2008.
If your Windows updates are up to date you're probably ok.
If your virus protection is installed and up to date, you are probably ok.
If you are concerned, download the removal tool and run it.
Complete information can be found here.
The bottom line is every few months I hear about  something like this. In this case there is absolutely no evidence anything will happen on Wednesday so like all other virus warnings - take them seriously and patch your systems. I'll make a post Thursday assuming Skynet hasn't taken over.

Server 2003 - C Drive Full?

By Tom Fitzgerald on March 26, 2009 9:20 PM | No Comments
Many system administrators have had this problem. Your server was preconfigured with only 10GB for the primary parition where Windows is installed. Meanwhile the secondary partition has 36 Terabytes of free space. WTF? Yeah it sucks and of course the admin before you installed Backup exec and virus protection to c:\program files - nice. Anyway I've been there and the answer is to move important programs off asap. Fortunately for my experiences I never had to take it to the next level.

Tonight I had an issue where the C: drive was almost full and there really wasn't much else I could remove. I was thinking of using Partition Magic or some other 3rd party software. First of all let me say 'Why does Windows not have this support just built in?' It would be so great to have Windows allow me to only the fly adjust and resize partitions. Next version of Windows server... PUT THAT IN!!

Anyway I should also mention that on this server we use Symantec Endpoint protection. So I do my search for any files over 10MB and I find a huge problem - Symantec was flooding my hard drive with log files. If you use Symantec Endpoint protection this is a major tip for you or if you run IIS on a server. Make sure for the love of god you mind your IIS logs. When I looked in C:\WINDOWS\system32\LogFiles\W3SVC2 I found literally 3GB of logs. Delete them! Then go into IIS and turn off logging (unless you need it). If you run a web server and actually host a web site (install of just use it for Symantec Endpoint protection) you may want your log files, thats fine - but move them off the C drive.

So that's my tip : If you are running out of hard drive space and use IIS please check your logs, if you don't need them - delete them. Good night.

Spyware Quake Removal

By Tom Fitzgerald on March 21, 2009 10:54 PM | No Comments

It's very important that if you have not already done so that you visit http://windowsupdate.microsoft.com and keep your computer up to date. There is an very important update that fixes a flaw in Windows operating system that allows hackers to execute code on your computer when you visit an infected website.

Spyware Quake is fake antispyware 'tool' that comes up after you are infected. This program is totally false and needs to be removed as soon as possible. This virus is very simliar to Trojan.Spaxe

You will know if you are infected if you see a ballon at the bottom of your screen that says the following

Your computer is infected!
Critical System Error!
System detected virus
activities.  They may cause
critical system failure. Please
use antimalware software to
clean and protect your system
from parasite programs.
Click here to get all available
software.

Removal Directions

  1. Download and save smitRem.zip
  2. Reboot and start into Safe mode
  3. Extract smitRem.zip
  4. Open folder where smitRem.zip extracted then double click on RunThis.bat
  5. Remove the following files, (You may have to use KillBox to remove stubborn files that are in use. You may not have all of these files.)
    • c:\windows\system32\nvctrl.exe
    • c:\windows\system32\dfrgsrv.exe
    • c:\windows\system32\mssearchnet.exe
    • c:\windows\system32\stickrep.dll
    • c:\program files\spywarequake\
  6. After program runs you can safely restart the computer and the infection is gone! Be sure to always keep your Windows up to date! 

Coming Soon(ish)

By Tom Fitzgerald on March 21, 2009 9:21 PM | No Comments
Hope everyone is doing ok out there, its been a while since I've had time to make a post. I've been very busy on some exciting projects. I'm getting closer to sharing them with you. Some of the projects fit better on my other blog (thesearchengineoptimizationexperts.com and websitedesigntutorials.net). Just to give a little sneak peek some of the projects I'll be sharing are:

Facebook Applications

Yea I've been getting into FB programming pretty hard core. It's very addicting. Any programmer loves to program but when you can access users information and incorporate that into your program - its amazing. I'll be sharing my source code for a few applications. Some of which I threw together pretty quickly and others I spend a good amount of time on.

Ruby on Rails

This language and framework is just incredible. I'll go over some basics and show advantages when moving from a previous language (PHP / Coldfusion).

jQuery

jQuery is amazing, as Rails made Ruby amazing - jQuery makes JavaScript even more amazing. At its core it makes things a lot easier to make happen and code more friendly to read. I'll show you some real examples and source code how I use jQuery with  mashups with Google's Map API.

Anyway so I'll be sure to post soon.

Removing a virus

By Tom Fitzgerald on March 5, 2009 9:57 PM | No Comments

Talk about frustration! You found the virus files using HiJack This, you remove them. Yet when you restart they reappear. When you try and manually delete the file you get an 'Access is denied' or something simliar. So what gives? Today we'll be going over some tactics on how to remove files that are in use and are  hard to delete.

Move It!

The first and easier way to remove hard to delete files is to use a program called OTMoveIt! This thing is great, you type in the file name and then most of the time it deletes the file. Another great program is killbox. A great thing about both these programs that is if the program cannot be deleted, it will try and remove it on the next reboot. Something very useful for those hard to delete files.

Just to be safe

Sometimes even those great programs won't cut it. For extreme cases you may have to add an extra step or two. Fortunately its really easy - boot into safe mode. Yep when you are in safe mode Windows disables almost all functionality so hopefully that means these virus programs too.

Boot into Safe Mode by:

  1. Restarting your PC
  2. Press F8 until a menu comes up asking you to make a selection
  3. Choose Safe Mode and press enter

You're in. Now try the same process as above using the removal tools and good luck. If you still have problems leave us a note in our Ask A Question section.

« February 2009 | Main Index | Archives | April 2009 »

Search