Friday, December 03, 2010

Spyware Removal for today - what’s good right now for getting rid of nasty spyware

Spyware/Malware/Rootkits are a nightmare for any IT department big or small, when you have the option i almost always just prefer to re-image a machine to be 100% sure of removing the nasties as rootkits can embed themselves so deep in the OS its just a hopeless battle where you end up destroying the install and wasting alot more time just trying to remove it than a re-image would take. Your milage may vary and this is obviously a situational decision as you may not have the resources to re-image at will and get someone up and running again in an hour.

Should you be in that situation where getting rid of the offender is your chosen plan of attack then here is some newer tools that may help you down that road.

I have had people ask me my thoughts on safety.live.com, to me it seems like just a baby web based MSE alternative and whilst MSE is quite good for prevention I’m not confident of its abilities to remove harsh infections that are already present.

So heres my list of removal tools and the order in which I would use them (sites hyperlinked for your convenience):

1. ComboFix - Freeware and quite compact, it seems to be VERY affective at getting some of those common and really stubborn system based attacks, always a first port of call.

2. Super Anti Spyware and MalwareBytes are on par for me as paid secondary cleanup apps, I don’t use them as much since the paid versions are where its really at for long-term assistance. but if you need to be sure that a system is clean it is definitely worth using a second scanner on top of combofix to be 100% sure, SAS has a solid reputation and would be the one I would go to first in most situations.


Platform(s) Affected: Windows XP, Windows 2000, Windows Server 2003 32-bit

Posted by admin in • Windows 7Windows Server 2008Windows Vista
Permalink
Tuesday, July 13, 2010

The master browser is stopping or an election is being forced

One, or both of the following may be present in a clients events. If so then the solution is to alter the registry keys as listed to resolve the messages continual appearance.


Error Message:

The browser has received a server announcement indicating that the computer

is a master browser, but this computer is not a master browser.

The master browser has received a server announcement from the computer

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{000000000000000000. The master browser is stopping or an election is being forced.


In order to stop this error from occuring, use Regedit and set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList from Auto or YES to FALSE

System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters]
Value Name: IsDomainMaster, MaintainServerList
To prevent an NT Workstation or Server (non-PDC) from acting as a browser, create a new string value, or modify the existing value, named “MaintainServerList” and set it “No”, the other options are “Yes”, “No” or “Auto”.


EventID:

Log Name:    System
Source:      bowser
Date:      13/07/2010 3:56:00 PM
Event ID:    8005
Task Category: None
Level:      Warning
Keywords:    Classic
User:      N/A
Computer:   

Description:
The browser has received a server announcement indicating that the computer

is a master browser, but this computer is not a master browser.


Log Name:    System
Source:      bowser
Date:      13/07/2010 3:56:00 PM
Event ID:    8003
Task Category: None
Level:      Error
Keywords:    Classic
User:      N/A
Computer:   

Description:
The master browser has received a server announcement from the computer

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{. The master browser is stopping or an election is being forced.


Monday, July 07, 2008

Microsoft Desktop Search AddOns

So Microsoft Downloads gave me some interesting links this morning, addons to desktop search that actually look half useful(makes me wonder why they aren’t just part of the search to begin with).

Desktop Search Add-ins

Outlook Saved Mail
This one looks good, a brief quote from the download page.
“This iFilter allows you to perform a search on all elements of your MSG (.MSG) files including Message Body; Subject; From; From Name; From Address; To Name; To Address; CC Name; CC Address; Doc Title Prefix; Sent Date; Received Date; Primary Date; Conversation ID; Attachment Names and will indicate if an attachment is present within the .MSG. Additionally, content within attachments are indexed and searched.”

http://www.microsoft.com/downloads/details.aspx?FamilyID=134ECBB0-C162-4D07-BEF3-0B602C4A79DD&displaylang=en

MS Networks Search
However great this sounds I’m wary of the bandwidth and load on fileservers by having this installed, with no central management you could accidentally DOS your own file servers. Not to mention gig to the edge, wan based file servers and vpn users will all suffer if this just treats servers as local resources.

http://www.microsoft.com/downloads/details.aspx?FamilyID=F7E981D9-5A3B-4872-A07E-220761E27283&displaylang=en

IE History Search
I personally don’t use IE for my primary browsing so this addon doesn’t appeal to me, it may be up your alley though so here’s the link.
http://www.microsoft.com/downloads/details.aspx?FamilyID=EA7F95D9-69AE-4639-9D76-A44F51109053&displaylang=en


Posted by admin in • Windows Vista
Permalink
Tuesday, June 10, 2008

Handy Vista Commands

I noticed a handy article come through techrepublic today with some nifty vista commands to have on hand.

aero on and off
Right click the desktop and select new shortcut, where it says “type the location” put the following in their own shortcuts.

aero off
Rundll32 dwmApi #104

Aero on
Rundll32 dwmApi #102

Note: aero on will make your screen blink but aero off will do nothing so it just happens.

Task mgr
Bring up task mgr instantly

Ctrl+shift+esc

Shell Commands
This article also had some useful tips on shell commands that may come in handy, shoot through to see them.
http://blogs.techrepublic.com.com/window-on-windows/?p=713&tag=nl.e132


Posted by admin in • Windows Vista
Permalink
Monday, April 07, 2008

Deploying Vista Service Pack 1 (Vista SP1) via WSUS

Well I luckily upgraded our WSUS Server to 3.0 SP1 and ran into a snag where I couldn’t deploy SP1 to our Vista test machines, after some digging I found out that under that version you need to run a patch on the WSUS server retrieving the update. Updating the WSUS server that connects to the internet for updates would never actually retrieve the vista SP1 so you have to run through this.


The full step by step is here http://blogs.technet.com/wsus/archive/2008/03/24/deploying-vista-sp1-into-a-wsus-3-0-server-part-ii.aspx
Or for my trademark cliff notes.
Get this Patch http://support.microsoft.com/kb/938759
Patch your wsus server that connects to the internet for updates (I patched all my WSUS servers to be safe) NOTE: Requires a reboot
Then in the WSUS console under your server right click “Updates” choose “Import”
This will redirect you to the website where you can search for Vista SP1
Pick the standalone pack, click view basket at the top of the page and then import.
Voila Vista SP1 in your shiny new WSUS box.


Posted by admin in • Windows Vista
Permalink
Page 1 of 1 pages