Saturday, January 23, 2010

Skype Virus Automatically Sends Facebookgallery.info links

Here's how you get infected: 

One day you're on your computer and you get a message from a friend asking you to look at these crazy pictures of them, making sure they look okay (there are other variants of this message).  The links points to a site called facebook.info, in the example below it's http://srv06.facebookgallery.info:89/.  You click the link and accept all the prompts after that and the next think you know, those same messages are being sent from you to friends on your Skype list.

The following example says "I can't believe I got tagged in this picture!!  Do you think I look ok?"






What's worse it that you can't download the regular virus-removal tools because when you click to download one, you get a page that says "Google Error.  Not Found.  The requested URL /Files/ProcessExplorer.zip was not found on this server".  NOTE:  This came up when I tried to download Process Explorer to stop services.  See below:









Also, if you already have tools available, they close shortly after opening. 

Here's how to remove it:

1)  Edit the hosts by going to Start > Run... and entering the following:
 notepad "C:\Windows\System32\drivers\etc\hosts"

2)  Scroll down a little ways and delete everything at the bottom.  It's going to be a bunch of garbled text.  After deleting, then save the changes. 

NOTE:  If you're not comfortable with this, you can try HostXpert, but you'll have to download it on another computer and transfer it to the infected computer before you can use it.  Just run it and click "Restore MS Hosts File"

3)   The above steps get rid of the Google Error pages, so now you're free to download any tool you wish to fight this thing.  I used ComboFix to get rid of this thing.  Download it to your desktop and rename it to "nothing.exe" -- otherwise the virus will recognize it and close it automatically.

4)  Run "nothing.exe" and accept everything it wishes to do and you'll be virus-free soon.  It may require a restart.

Sometimes an extra step is needed if you lose your internet connection after performing these steps.  Right-click the My Computer icon and go to Properties.  Click on the Hardware tab and click the Device Manager button.  In the list under Network Adapters you'll see two copies of each of your network devices.  Uninstall the copy without the exclamation point next to it -- it'll remove both copies from the list.  Then go to Action > Scan for hardware changes.  Windows should detect your network device drivers and get you going again.

Tuesday, January 19, 2010

Locate Link Browser Box Opens When Clicking E-Mail Link in Outlook 2003

Problem:  You receive an email with a "mailto:" link to someone's email address.  When clicking it, a new email window should open.  Instead, a "Locate Link Browser" windows opens asking you to locate a file.

There are several suggestions saying to modify the URL:HyperText Transfer Protocol file type behavior, but I found this to be the easiest solution:

Open Internet Explorer and go to Tools > Internet Options > Programs tab.

Change your default email client to Outlook Express and hit Apply.

Now change your default email client back to Outlook 2003.  Hit OK.

Everything should be working now.

Wednesday, January 13, 2010

Spam from Skype

Skype does not scan your system or Skype itself for viruses.  This simple statement will help you deal with messages you receive on Skype similar to the following:

[Time] System Monitor ® says: WINDOWS REQUIRES IMMEDIATE ATTENTION

=============================

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair
utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

Just ignore it.  Or better yet, prevent these messages from reaching you (or someone who just doesn't seem to get it).
 
This is how:
 
1.  In Skype, go to Tools > Options. 
 
2.  Click on "Privacy"
 
3.  Select "Only allow people in my Contact list to contact me. 
 
There.  No more anonymous people sending messages about viruses that aren't on your computer.

How to Recover Hard Deleted Items using Outlook Web Access 2003

You've accidentally deleted a message permanently and you don't see it listed when you go to Tools > Recover Deleted Items.  What do you do?  Well, if you're on Exchange 2003, there's a little workaround through Outlook Web Access (OWA).

1.  Use this address as a model:  https://ServerName/exchange/Username/inbox/?cmd=showdeleted


Change "ServerName" to the name of your exchange server and "Username" to the user account you're trying to recover deleted items from.  You can also change "inbox" to any folder you have on your mailbox, such as Sent Items and Calendar.

2.  Log in with the user's credentials.

3.  Check the box next to the message(s) you need to recover and click "Recover."

4.  Messages should start appearing in Outlook and on OWA.

Friday, January 8, 2010

How to Find Outlook's Temporary Folder

It happens all the time:  a user opens an attachment in Outlook, edits the document and then saves it.  Sounds okay, right?  The problem is, they never told the document where to save it to and Outlook automatically saved it to the temporary folder.  A temporary folder you can't browse to.  So what do you do?

Method 1 (The Easy Method):

Download OLK Finder 2.0. Run it, select which version of Outlook you are running and watch the OLK Content window fill with your temporary files.  From this window you can right-click and copy the file you are looking for and paste it into another folder for future use.

This handy tool works for several versions of Outlook.

Method 2:

In the Registry Editor, browse to one of the following keys:

Outlook 2003:  HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
Outlook 2007:  HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security

Double-click "OutlookSecureTempFolder" and copy the value data.   Go to Start > Run... and paste the data to open the folder.

Thursday, January 7, 2010

Outlook 2003 Out of Office Assistant - "The command is not available"

When trying to adjust setting in the Out of Office Assistant, you get the following error message:

The command is not available.  See the program documentation about how to use this.

To fix:

Go to Help > About Microsoft Office Outlook and click on the "Disabled Items..." button.  You will see outex.dll listed.  Click on it and then click the Enable button.  Fixed!

NOTE:  For this fix to work, you must be connected to an Exchange server.  If you are using Outlook for personal, then this error is expected since the Out of Office Assistant is not usable without Exchange.

Word Cannot Start the Converter mswrd632

Problem:  You try a .doc file and get the error message "Word cannot start the converter mswrd632" and nothing opens.

Microsoft states this happens because "...a file has the ".doc" file name extension, but the content is a plain text file or another kind of file that is not a Microsoft Word binary file, and that file is opened in Microsoft Word..."

This problem appears after installing Microsoft's security update 973904.

How to "fix" it:

1.  Open the Registry Editor and browse to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Text Converters\Import\

2.  Delete "MSWord6.wpc"

If you are not familiar with the Registry Editor:

1.  Go to Start > Run... and type:  notepad

2.  Click OK.

3.  Notepad will open.  Copy and paste the following lines.  Make sure you copy all three lines, meaning there should be a blank line in between the two lines with text.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Text Converters\Import\MSWord6.wpc]



4.  Go to File > Save As... and save the file to your Desktop as:  AllowImport.reg


5.  Click Save.  Locate the file "AllowImport" on your desktop and double-click it.  Click Yes and OK and you should be able to open those files.

Update:  Microsoft provided a "Fix it for me" solution for this issue.

How to Make iPhones Work with Exchange 2003 without a Front-End Server

The popularity of iPhones can't be ignored and with its marketing heavily promoting its compatibility with Microsoft Exchange, users think they have all the info they need to insist that their iPhone should operate flawlessly with their employer's email server.  In reality, an organization needs more than just a single Exchange server to serve the iPhone users in the most secure fashion.  A front-end server will get you up an running easily, but what if you only have a single Exchange server?

The reason a single server model doesn't work is because ActiveSync doesn't work with forms-based authentication and SSL.  (In reality, this is a fix for all ActiveSync devices, not just for iPhones).  There is a workaround, however:

Note:   This process will interrupt Outlook Web Access service.  Be sure to plan accordingly, though it should take very long to complete these steps.

1.  On the Exchange 2003 server, open the System Manager.

2.  Expand Administrative Groups > (first group listed) > Servers > (your Exchange server) > Protocols > HTTP.

3.  Right-click "Exchange Virtual Server" and select "Properties"

4.  Click the Settings tab and uncheck "Enable Forms Based Authentication.  Click OK and close System Manager.

5.  Restart IIS.
  • Option 1:   From Computer Mangement, right-click "Internet Information Services (IIS) Manager" and go to All Tasks > Restart IIS...
  • Option 2:  Go to Start > Run.. and enter:   IISRESET /NOFORCE
6.   In IIS, go to Web Sites > Default Web Site.

7.  Right-click the "Exchange" virtual directory, go to All Tasks > Save Configuration to a File...

8.  For a File Name, you can use whatever you want (ExchangeVDir is in Microsoft's example).

9.  Right-click "Default Web Site" and select New > Virtal Directory (from file).

10.  Click "Browse" and locate the file you created in step 8, click "Open" and then "Read File.

11.  Under "Select a configuration to import" click "Exchange" and then OK.

12.  A message will indicate that the directory already exists, so select "Create a new virtual directory" and type "exchange-oma" in the "Alias" box.  Click OK.

13.  Right-click the "exchange-oma" virtual directory and select "Properties."

14.  Go to the Directory Security tab and click the Edit button under "Authentication and access control."

15.  Make sure only Integrated Windows authentication and Basic authentication are enabled.  Click OK.

16.  Under the Directory Security tab, click the Edit button under "IP address and domain name restrictions."

17.  Select "Denied access," click "Add," click "Single computer" and enter the IP address of your Exchange server (the one you're making all these changes on).  Click OK twice.

18.  Under "Secure communications" click the "Edit" button and verify that "Require secure channel (SSL) is not enabled.  Click OK.

19.  Close IIS Manager.

20.  In the registry, browse to this location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

21.  Right-click "Parameters," click New > String Value. 

22.  Type "ExchangeVDir" (without quotes and exactly as capitalized).  Then modify "ExchangeVDir" and give it a value of "/exchange-oma" (again, without the quotes).

23.  Restart IIS (see Step 5).

24.  Re-enable forms-based authentication for Outlook Web Access, if desired, by re-checking the box in steps 1-4.

25.  Restart IIS once again and you should be able to connect to your Exchange server using Activesync!  If you see some glitches, try restarting the server.