Tech Geek and More

Technology Explained for All

Sponsor Ad IDrive Remote Backup

Monthly Archives: August 2009

Soapbox: Thank You to all the Visitors of TechGeekandMore

     On this late evening of Aug 31, 2009 I just wanted to say Thank you to everyone who has been visiting my blog for the past 7 months. When I started this, it was because a lot of people (Family, Co-Workers, and Clients I support as part of my “real” job) all kept asking basically the same Tech and Geek questions, in March it was Conflickr, last couple of months it was virus removal, now its all about Windows 7.  So I figured if enough people kept asking me about the same thing, maybe I could post answers online and make it easy for the people with questions to get answers and more importantly to get informed.

TGM Blog Stats 8 31 09

     The 1st month I did this, I had 87 people visit TechGeekandMore, and honestly, I wasn’t ever expecting much more than that.  I haven’t done much of any advertising for TGM(other than whatever links are either posted directly by WordPress or by Bing or by Google), and when I write my posts, I try to write them in as much simple English as I can as opposed to Tech speak or Geek Speak.  I’m no formal writer, and had no idea where this whole blog thing was going to go when it started.

    However, a couple of minutes before September 1, and I’m happy to say (and a little shocked too in a good way) that every month TechGeekandMore has been around it has received more views than the month before and as of this writing for the month of Aug 2008, TechGeekandMore has received 1513 visits.  I know to some of you, those who also write blogs or those who like to read a lot of blogs, that 1500 visitors may not be a lot, but to me it is an incredible feeling.

     So with that to those of you who have visited, I say Hello and Thank you……I didn’t start with any formal written plans for this blog, just an idea, and the rest I have learned along the way. I now see more interesting posibilities in the near future of TGM.  So please come back and visit TGM often, I may not post every single minute (as it was never my idea to post just for posting sake), but I do plan to post as often as I can, things that I hope will help those who do not understand the foreign languages of Tech and Geek, how to communicate and survive in a Tech and Geek world.

Sincerely

Alex (In charge of this crazy thing called TechGeekandMore)

Tech: Your CD or DVD drive no longer appear in Windows and you get an error that Your device failed to start – Here is how to fix it.

     computer_cartoon This one actually happened to me over the weekend.  I’m still finishing getting everything loaded on my Windows 7 (RTM) pc and somewhere in all those installs (Still haven’t figured out exactly what triggered it), both of the DVD-RW’s installed on the pc stopped appearing in windows and during the boot up I would get a message that my DVD device failed to initialize (start).

     I had seen this one in the past ( a couple of years ago) when uninstalling early versions of iTunes you would lose your drives, however, in this case I don’t use iTunes so I know that wasn’t it.  I found a Microsoft article that has information on exactly what happens to trigger this issue, the article for Windows XP, Vista, and 7 (It doesn’t say 7 but that’s what I used and it worked) you can find it at http://support.microsoft.com/default.aspx?scid=kb;EN-US;314060 (http://support NULL.microsoft NULL.com/default NULL.aspx?scid=kb;EN-US;314060) and for Windows 2000 you can find it at http://support.microsoft.com/kb/270008/ (http://support NULL.microsoft NULL.com/kb/270008/)

From the Microsoft Article –

“Your CD drive or DVD drive is missing or not recognized by Windows or other programs, so you cannot play or access a CD or DVD. This issue might have occurred after you installed, uninstalled, or updated a program or Windows Vista.
See the “More information (http://support NULL.microsoft NULL.com/#moreinfo)” section for detailed information.
This article helps you fix the problem. To have us fix this problem for you, go to the "Fix it for me" (http://support NULL.microsoft NULL.com/#fixit4me) section. If you would rather fix this problem yourself, go to the "Let me fix it myself" (http://support NULL.microsoft NULL.com/#letmefixit) section.”

     In my case, I just used the “Fix it for me” (Note the link here is for XP/Vista/7, you need to look at the Windows 2000 page if you have a Windows 2000 system, do NOT use this link for Windows 2000 as there are changes in the registry in 2000 that will be badly affected if you use the wrong fix it). It took all of a 2 minutes and the issue was resolved and my DVD-RW’s were showing again. Additionally, if you want to see what the manual steps are, if you want to do it yourself, you can click on the “Let me fix it myself” link for complete step by step info.     

Alert: Another Fake Anti-Virus program

     If anything can get under my skin, this will do it.  It seems we have another “Anti-Virus” program out there who’s only goal is to scare the user (who probably doesn’t know any better) into believing that the “sky is falling” and then requiring them to give up their credit card number in order not to get hit with the “falling sky”.  I’ve have had to spend a lot of my time this past week cleaning this one up because a couple of clients didn’t know any better. There have been numerous versions of this malware scam over the past few years, some examples are

A

* Ad-Protect
* AlfaCleaner
* Antispyware Soldier
* Anti-virus 2008  * Anti-Virus 2009
* AntiVermins
* AntiVirGear
* AntivirusGold

B

* BraveSentry
* BreakSpyware

C

* CmdService
* ContraVirus
D

* DeluxeCommunications
* Dr. AntiSpy

E

* ErrorSafe

M

* MalwareWipe
* MrAntispy
* Mirar
* Movieland
* MySpyProtector

P

* PestCapture
* Pest Trap
* Popcorn.net
* PSGuard
S

* Seekmo
* Smitfraud
* SpyAxe
* SpyCrush
* SpyDawn
* SpyFalcon
* SpyHeal
* SpyLocked
* SpyLocker
* SpyMarshal
* SpySheriff
* SpyShield
* SpySoldier
* SpywareKnight
* SpywareLocked
* SpywareQuake
* SpywareStrike
* Starware
* SystemDoctor
T

* Toolbar888

U

* UnSpyPC

V

* VirusBlast
* VirusBurst
* VirusBurster
* VirusRay
* VirusRescue

W

* Winfixer

Z

* Zango Search
* Zlob

    and now joining the list is a Rogue Anti-Virus programs comes SaveSoldier. Here is information on the malware from the Panda Website ( http://www.pandasecurity.com/homeusers/security-info/212755/SaveSoldier (http://www NULL.pandasecurity NULL.com/homeusers/security-info/212755/SaveSoldier) ).

Effects

SaveSoldier is an adware (http://www NULL.pandasecurity NULL.com/glossary/glossary NULL.aspx#ADWARE) program that carries out the following actions:

  • It reaches the computer downloaded from the following website:
  • When the file is run, it is installed in the affected computer and starts scanning the system in search for possible malware.
  • Once ended, it displays a warning message like the following, informing users that their computer is infected:
  • If the button "Remind me later" is clicked, the interface of the program is displayed, which is like the following image:
  • If users decide to follow the program’s instructions and remove the threats, the program will require a registration code:
  • This code is obtained after purchasing the antivirus solution. Therefore, the user will be redirected to a website where it can be purchased:
  • On the other hand, if users do not follow the program’s recommendations, it will display warning messages like the following to make them think their computer is infected:

<?xml version="1.0" encoding="utf-8"?>

Infection strategy

SaveSoldier creates a directory called SaveSoldier in the folder SaveSoldier Software (created by itself) of the Program Files directory and a group of programs with the same name in the Start menu.

SaveSoldier creates the following files in the folder SaveSoldier Software\SaveSoldier of the Program Files directory:

  • SAVESOLDIER.EXE, which is a copy of itself.
  • SAVESOLDIERSVC.EXE
  • UNINSTALL.EXE

SaveSoldier creates the following entries (http://www NULL.pandasecurity NULL.com/glossary/glossary NULL.aspx#CLAVE) en el Windows Registry (http://www NULL.pandasecurity NULL.com/glossary/glossary NULL.aspx#REGISTRO):

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    SaveSoldier = C:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldier.exe – min
    By creating this entry, SaveSoldier ensures that it is run whenever Windows is started.
  • HKEY_LOCAL_MACHINE\SOFTWARE\SaveSoldier
    Install_Dir = C:\Program Files\SaveSoldier Software\SaveSoldier
    By creating this entry, SaveSoldier creates a new directory.
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ SaveSoldier
    DisplayName = SaveSoldier
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ SaveSoldier
    UninstallString = C:\Program Files\SaveSoldier Software\SaveSoldier\uninstall.exe
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_SAVESOLDIERSVC\ 0000
    Class = LegacyDriver
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_SAVESOLDIERSVC\ 0000
    ClassGUID = {8ECC055D-047F-11D1-A537-0000F8753ED1}
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_SAVESOLDIERSVC\ 0000
    DeviceDesc = SaveSoldier Security Service
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_SAVESOLDIERSVC\ 0000
    Service = SaveSoldierSvc
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_SAVESOLDIERSVC\ 0000\ Control
    ActiveService = SaveSoldierSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SaveSoldierSvc
    DisplayName = SaveSoldier Security Service
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SaveSoldierSvc
    ImagePath = C:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldierSvc.exe
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ SaveSoldierSvc\ Enum
    0 = Root\LEGACY_SAVESOLDIERSVC000
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ SaveSoldierSvc
    Start
  • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ SaveSoldierSvc\ Security
    Security

<?xm
l version="1.0" encoding="utf-8"?>

Means of transmission

SaveSoldier can be voluntarily downloaded from the website belonging to the company that has developed it.

<?xml version="1.0" encoding="utf-8"?>

Further Details

SaveSoldier is 712,704 bytes (http://www NULL.pandasecurity NULL.com/glossary/glossary NULL.aspx#BYTE) in size.

As additional information, a website that promotes another fake antivirus has been detected. In this case, it is called TrustNinja. The interesting thing is that both the format and content of this website is the same as the website of SaveSoldier . Only the references to SaveSoldier have been replaced with TrustNinja.

The file downloaded from this website is called TRUSTNINJA.EXE and once run, a program with the same interface and functions as SaveSoldier is installed on the computer. Even the fake results displayed when the scan is finished are the same. The only thing that changes is the name of the program.

As always, the 1st line of defense is to not click on every pop up that you see without reading it 1st.  Additionally, if your not sure what the message or the pop up is for, its always better to click on deny or no on a pop up if your not sure what its for or at least take the time to run a quick search on Bing or Google with the name of the pop up.  There are many sites out there that will tell you what the pop up is and if it is safe.

Software: Panda AV offering FREE USB Vaccine to help stop malware from spreading via external drives

     As a tech, one of the biggest headaches involves someone bring there USB key (or external hard drive) from home, full of malware infections because the user doesn’t know how to protect their home pc.  They go to the office and start “Copying that Excel sheet” or even better “The cute pictures of their kids” so that it can be seen on every pc.  Unfortunately as that drive keeps getting plugged in, every machine it goes into get infected with malware because of what is know as the autorun feature.

     Panda Labs is offering a FREE download (http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ (http://www NULL.pandasecurity NULL.com/usa/homeusers/downloads/usbvaccine/) ) that can be used on your external drives and on each pc, which will basically disable the autorun feature.  With the feature disabled, you should be able to scan your external drive, and make sure its ok, prior to it being able to cause malware havoc.

********************************************************************

   From the Panda Website

There is an increasing amount of malware which, like the dangerous Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players, digital cameras, etc. To do this, these malicious codes modify the AutoRun file on these devices.


Panda USB Vaccine is a free solution designed to protect against this threat. It offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices:

Vaccine for computers: This is a ‘vaccine’ for computers to prevent any AutoRun file from running, regardless of whether the device (memory stick, CD, etc.) is infected or not.

Vaccine for USB devices: This is a ‘vaccine’ for removable USB devices, preventing the AutoRun file from becoming a source of infection. The tool disables this file so it cannot be read, modified or replaced by malicious code.

This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows. This provides users with a simple way of disabling this feature, offering a high degree of protection against infections from removable drives and devices.

*********************************************************************

Just remember that this needs to be used both on the external drives and PC.  Even if you don’t have an external drive yourself, its a good thing to run it on your pc, in case some one visits (or your kids or co-workers) and brings an external drive with them.

Software: Windows Live Messenger will require a mandatory upgrade in the next couple of weeks.

WLM For those who use Windows Live Messenger, there is a post on the Windows Live Blog ( http://messengersays.spaces.live.com/ (http://messengersays NULL.spaces NULL.live NULL.com/) ) from yesterday that will interest you.  It seems that in the next couple of weeks a mandatory upgrade will be imposed on Windows Live Messenger, those who do not upgrade will be blocked from signing on to messenger with the older versions. Here is a portion of the post ( http://messengersays.spaces.live.com/Blog/cns!5B410F7FD930829E!82557.entry (http://messengersays NULL.spaces NULL.live NULL.com/Blog/cns!5B410F7FD930829E!82557 NULL.entry) )

“8/27/2009

Upgrade your Windows Live Messenger Service

We are committed to providing a safe, secure and positive experience for our more than 300 million customers across the globe using Windows Live Messenger every month. To deliver on that commitment, beginning on August 25, we started asking our customers using versions 8.1, 8.5 and 14.0 to upgrade to the newest version of Messenger. The upgrade will provide customers with the latest software updates including code fixes and feature enhancements, as well address vulnerabilities discussed in the Microsoft Security Advisory 973882 (http://www NULL.microsoft NULL.com/technet/security/advisory/973882 NULL.mspx) that existed in previous versions of Windows Live Messenger.

The upgrade process will take place in a phased approach over the next several weeks:

First Phase, Optional Upgrade:
The optional upgrade will happen in two stages:
Starting Aug. 25, customers using versions 8.1 or 8.5 were asked to upgrade their client.
Starting early Oct., all customers using versions 14.0 (but not the latest release 14.0.8089) will be asked to upgrade their client.
The upgrade at this time is optional. Customers who haven’t upgraded during the optional phase will be required to do so during the second phase. 

Second Phase, Mandatory Upgrade:
The mandatory upgrade will happen in three stages:
Starting mid-Sept., all customers using Messenger 8.1 or 8.5 will be required to upgrade their version of Windows Live Messenger.
Starting late Oct., all customers using Messenger 14.0 will be required to upgrade their version of Windows Live Messenger.
To ensure that we are protecting customers, those who do not administer the upgrade will not be able to sign in to Messenger after this time.

Please Note: It will take several weeks for the upgrade process to be completed, as the upgrade will be rolled out to customers over the course of several weeks. 

Below are some examples of the prompts that you will encounter during the upgrade process. 

Notification to upgrade.

image

image

Want to upgrade now?  You don’t have to wait for the notification. In fact, we encourage you to download the updated version of Messenger right now by visiting http://download.live.com (http://download NULL.live NULL.com) . “

      As of now it looks like Windows Messenger users will have 2 choices, upgrade or find an alternative to WLM if you don’t like the upgrade. There are many alternatives that will connect to your WLM (Trillian  http://www.trillian.im/ (http://www NULL.trillian NULL.im/) is one of many that come to mind.)

Software: ZoomIt for Training or Presentations

MS logo      All techs have to do either Staff Training sessions or Presentations in front of Management or Clients at one point or another.  During these meetings, it would be a great help if you could “Zoom” to specific parts of your screen or write on the screen to emphasize a specific issue or item your showing. 

     ZoomIt allows you to do that and a whole lot more.  From the ZoomIt Web page (  http://technet.microsoft.com/en-us/sysinternals/bb897434.aspx (http://technet NULL.microsoft NULL.com/en-us/sysinternals/bb897434 NULL.aspx) )

Introduction

“ZoomIt is screen zoom and annotation tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations”.

“ZoomIt works on all versions of Windows and you can use pen input for ZoomIt drawing on tablet PCs”.

Using ZoomIt

“The first time you run ZoomIt it presents a configuration dialog that describes ZoomIt’s behavior, let’s you specify alternate hotkeys for zooming and for entering drawing mode without zooming, and customize the drawing pen color and size. I use the draw-without-zoom option to annotate the screen at its native resolution, for example. ZoomIt also includes a break timer feature that remains active even when you tab away from the timer window and allows you to return to the timer window by clicking on the ZoomIt tray icon.”

You can download ZoomIt from the Sysinternals page http://technet.microsoft.com/en-us/sysinternals/bb897434.aspx (http://technet NULL.microsoft NULL.com/en-us/sysinternals/bb897434 NULL.aspx) or You can even run ZoomIt directly** from the Sysinternals live page http://live.sysinternals.com/ZoomIt.exe (http://live NULL.sysinternals NULL.com/ZoomIt NULL.exe)

**If you choose to try ZoomIt from the Systernals Page you will see

run box zoomit live

Click on Run, then you will see

ZoomIt Run

Click on Run Again

At this point either by downloading and installing or by running ZoomIt from the Live page you will see

     That will show the following Icon in your Systray (The systray are the ICONs next to the clock)

Zoomit iconAnd will also show you the following window

 zoomit4

This is where you configure what short cut keys you want to use to start each of the ZoomIt features.  It will list a default set of keys that you can either leave or change to your own short cut keys.

ZoomIt has the following features as shown by the Tabs in the configuration window.

  • Zoom – Where after toggling ZoomIt you can Zoom in with the mouse wheel or up and down arrow keys to any part of your screen.
  • Live Zoom – which allows you to change screen and continue your presentation while in zoom mode
  • Draw – Which allows you to write on the screen without affecting your actual presentation or training material
  • Type – Which allows you to type (instead of write) on your screen again with affecting your presentation or training material.
  • Break – Which allows you to set a specific countdown timer, which is great for giving 10 min breaks and being able to show everyone how much time they have left.

In all cases you can close or get out of your Zoom mode by either pressing the ESC (Escape) key or by right clicking on your mouse.

Google Ads