Trend Micro Page
After all the problems I had with Cryp-TAP-2 (here) I’m going strait for the COMBOFIX option! I’ll update with how I get on.
UPDATE: Everything looks good so far, booted into safe mode, and ran combofix, the system is now rebooting normally, now waiting on the log report.
UPDATE2: Combofix did the job YET again! getting a popup or too still about the system restore volume, from the look of the report this little bugger hooks itself into system processes (explorer.exe svchost.exe)
Tags:
cryp_xed-3,
Virus
1 Comment »
Posted by Buzz in Windows
Oh dear oh dear, MS at it again.
Accoding to this story: here
SP3 has caused a huge rollout headache including screwing MS’s Point Of Sale application …
See now this is what happens when you FORCE users to have to install SP3 before they can get any more updates ><
Admitedly the users experiancing the problems all using Automatic Update …
So my advise is to grab the complete Network distribution (about 319mb).
Update if you are having problems and are using an AMD machine read this: here
Tags:
sp3,
Windows,
xp
No Comments »
Just a quick blog about this …
Ever had the problem of having to assign a DHCP reservation with no mac address resolving software on your laptop? (NOOB! haha)
Well … you have software built in if you are using windows XP anyway …
“arp -a” (without quotes)
this will list your current local interfaces and thier MAC addresses.
“arp -a xxx.xxx.xxx.xxx” (without quotes) Where xxx.xxx.xxx.xxx is the target IP address on your LAN, this will resolve the MAC address for that interface.
Nice quick and simple.
Enjoy!
UPDATE: If you get an error “NO Arp entries found” when doing this, just ping the IP address first, assuming you get a response you _should_ be able to use arp to lookup the mac address!
Tags:
ARP,
MAC address,
Windows XP
1 Comment »
Posted by Buzz in Windows
After much argument with the resident Microsoft Zealot over the exploitability of IIS, words of sarcastic wisdom came from a third party (Lee) and sufficently ended the argument.
“You know what IIS Stands for?”
“Internet Information Services…”
“No! Is Inherently Sh*t”
Discuss 
No Comments »
Posted by Buzz in Windows
Nasty little bug this one, it’s a mutator, and despite having booted the machine into safe mode, used process explorer to kill every process it hooked into and finally having to use a command window to remove the offending .dll, once this thing got an active internet connection the fun and games started again!
The best thing you can do is go strait for the removal tool here
There is also links on that page for more information on the virus.
I suggest you remove the infected machine from having any network connection, download the removal tool to a known “good” workstation, and load the .exe onto removable storage (usb), to be run on the infected machine.
UPDATE: Just using the tool for me at least isn’t working! I am now trying this in safe mode.
UPDATE2: OK! Wonderfull the symantec removal tool is not working at all I am trying another tool VundoFix
I’ll post anoth update once the scan has finished
UPDATE3: Nope, role on tool #3 COMBOFIX
UPDATE4: Combofix did the job, this tool does advertise the fact that 1/100 machines die from running this tool, so if the symantec tool doesn’t work use combofix (at your own risk). NOTE: I ran this in safe mode, it then rebooted windows normally and ran the log dump, the system may hang while it does this, mine recovered after about 5 mins, I also copied the program to C:\ prior to running.
Tags:
Cryp_Tap-2,
Virus
4 Comments »
Posted by Buzz in ordb, Windows
Well this is a barrel of laughs...
"The problem is that the ORDB blacklist (which was decommissioned on Dec 18 2006) has been reactivated, but in such a way that it returns a positive match for every query. The operators have done this in order to prompt people who were still using the list to remove it from their configuration."
Source: http://forums.whirlpool.net.au/forum-replies-archive.cfm/944800.html
At the moment this is effecting our exchange servers, and it's unclear if this is a legacy smtp event or part of the anti spam software...
Everything is being bounced, needless to say I can tell you working for a company that has over a million emails a day this is NOT GOOD!
If your clients are receiving bounce backs I suggest you contact them immediately, and inform them of the situation.
ORDB SORT YOUR ACT OUT!
I will update as I find a workaround!
UPDATE!!!!
For exchnage 2003 use the following article as a guide (Thanks KERM!):
http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html
Remove ORDB! (see below)
(UPDATE: OR remove wirehub: see new post)
Slashdot article
Tags:
blocked,
exchange,
ordb
21 Comments »
Yes the title seems a little weird, but it’s a little problem that has been the bane of my and a fellow techs existence for a couple months now.
An international office on permanent VPN connection to where I work would experience extremely slow load times of office documents even if they were local to the machine, strangely this only occurred when connected to the network (and hence to the domain).
What was eventually found by the afor mentioned fellow tech was that every time an office application would load (i.e. open a new document) it was “polling” the entire domain for listed printers and folders, not a problem in the local office with Gigabit connectivity, but a major problem for an international office with several employees over a low bandwidth line …
So how to fix this?!?
(Assuming windows XP & Classic Menu)
START > CONTROL PANEL > Folder Options > View
Uncheck “Automatically search for network printers and folders” > OK
Now make sure you exit all office applications (better yet just reboot)
If this does not solve the issue, or only provides a slight gain it’s time to remove the “recent files” list, from within excel
TOOLS > OPTIONS > General
Uncheck “Recently use file list” … Exit all office apps (or reboot).
And try again, this _appears_ to solve the slow down.
Any problems drop me a comment.
Tags:
domain,
excel,
Microsoft office,
network,
outlook,
slow,
word
22 Comments »
Posted by Buzz in Windows
This error as of late has been driving me nuts!
Whilst I have still to resolve the issue, I can offer advice to those using ntbackup to diagnose this problem on windows 2003 server or SBS (Small Business Server).
First you will need to stop _ALL_ BackupEXEC services, now try to run a backup to the tape device using ntbackup.
More than likely you will get the following error.
When attempting to run a backup with the Backup Utility for Windows, an error: “The device reported an error on a request to MS_UpdateNtmsOmidInfo. Error reported: 11. There may be a hardware or media problem. Please check the system log for relevant failures” (Figure 1) is displayed.
This is because BackupEXEC 9.1 has not copied a dll to the right location.
Typically this is: %systemroot%\System32\mll_BE.dll
Be sure to check your registry to make sure: \\HKEY_LOCAL_MACHINE\SYSTEM\Currentcontrolset\control\NTMS\OMID\tape\be
Simply copy the dll from Program Files\VERITAS\Backup Exec\NT\mll_be.dll (or your relevant installation directory), to %systemroot%\System32\mll_BE.dll.
Reboot and ntbackup should run without error, (If of course you remembered to stop the BackupEXEC services again).
UPDATE:
This was eventually resolved by replacing the faulty scsi controller.
Tags:
a00084ca,
backup exec,
symantec
No Comments »
Entries (RSS)