Category Archives: Vista

Just the Fax – Where did it go? Pt. 2 …as in ‘why isn’t the default viewer opening up my .tif?’ – Vista edition

 

Just the Fax – Where did it go? Post Office 2003 SP3 Blues – **note** this former blog entry pertained to XP and its instructions are still relevant; however, Vista presents its own unique challenges

Just the Fax – Where did it go? Post Office 2003 SP3 Blues « Upwards with SBS – SBSisyphus’ Weblog

The above link is from XP and Office 2003 days gone bye.  In the new era of Vista we have a new problem, .tif files are not opened by this same program and registering the .dll mentioned in the former blog article won’t set thing straight.  Instead you will have to attempt to open a .tif and then choose the correct program file along with “always” to set this as the default program for .tif viewing going forward.

The default should be the Windows Photo Gallery.  To choose this to open the single targeted file and not a whole gallery, rather than select the Windows Photo Gallery program instead choose to browse to %systemdrive%\Program Files\Windows Photo Gallery\PhotoViewer.dll.

A Microsoft KB has come out with a fix:  http://support.microsoft.com/kb/967054/en-us

You can also do this without invocation by instead opening Default Programs (Winkey – Default Programs) and then specifying by file type association the above path and file.

**note** Quicktime seems to like to set itself to open .tiff files so just change that one too why you are at it.

ShadowProtect Success – Vista and Server 2008 Restores – Phillip is THE Man

Tomorrow morning some of the good folks from ShadowProtect are in town buying me and many colleagues breakfast and Molly Malone’s Irish Pub and having a nice presentation.  So I thought I’d publish this topical reference I found this past week.

Found this great article by accident and wanted to say thanks to Phillip Elder for figuring this out and sharing this information.  I know a few colleagues that will appreciate learning this ShadowProtect trick.

**below from the linked post***

First Successful Windows Vista ShadowProtect Restore! No Winload.exe Error!

We have had a very disappointing series of problems with restoring any Windows Vista images made by ShadowProtect.

Many black screens later, there is finally information out there on the “why” the problem happens. The main reason has to do with the way Vista keeps track of the system’s partitioning and OS location.

Apparently the newer versions of Acronis’ imaging product compensates for this new partition management structure in Windows Vista. Unfortunately, the folks at StorageCraft are a little behind the game on this topic.

The last restore attempt we made with a client’s system failed with a WinLoad.exe error.

So, it turns out, after a lot of searching, that one needs to perform a preparatory step on the Windows Vista box before creating the ShadowProtect image:

bcdedit /set {default} device boot
bcdedit /set {default} osdevice boot
bcdedit /set {bootmgr} device boot
bcdedit /set {memdiag} device boot

Place the above series of commands into a batch file and run the batch file As Administrator on the soon to be imaged Windows Vista box.

Today was a Sisyphus Day

Carrying the boulder up the hill again …this time doing an endless SBS 2008 migration the “Microsoft Way”. Not that I didn’t know in advance that it would be daunting. I’m just saying after 5 sleepless days the d#@! boulder is starting to get annoying.

After a very simple third party certificate installation process – Kudos to SBS developement team magic on that one – now onto why XP client are unable to use RWW even though they are on SP3, while Vista clients are no prob.  (http://www.sbslinks.com/fixmyrww.htm ) This is killing me!

Laptop PC Price Perfect and Under Budget

Antivirus 2008 or was it 2009 or was it…? a Malware Removal Tool Discussion

Last month’s Microsoft Malicious Software Tool cleans this threat (Win32/FakeSecSen – Microsoft naming):

http://blogs.technet.com/mmpc/archive/2008/11/12/win32-fakesecsen-a-nasty-piece-of-work.aspx

…and Microsoft has had a great amount of success as reported by the tool:


From Sandi @ Spyware Sucks this business perspective breakdown in $

Fraudware detected on 994,061 computers

As reported by Microsoft:
http://blogs.technet.com/mmpc/archive/2008/11/19/msrt-review-on-win32-fakesecsen-rogues.aspx

The figures relate to what Microsoft has labeled “Win32/FakeSecSen”.  That figure does not (I think) encompass all of the fraudware (fake security software) products that are out there.

Just imagine, if you will, if just 1% of the owners of those detected machines were fooled into buying the fraudware software at $40 a pop – that’s $397,624.40 in illicit income garnered by the crooks.  When we take into account the fact that billing services such as the (now defunct?) Bucksbill were regularly accused of double-charging victim’s credit cards, then we’re looking at an illicit income of $795,248.80.

Scary, isn’t it.  Is it any wonder the crooks behind malvertizing are so persistent?

Published Friday, November 21, 2008 9:53 AM by sandi


Here’s a word on the tool from Microsoft’s Steve Riley including some information I found uniquely valuable:

Steve Riley [MSFT]

Newsgroups: microsoft.public.security.virus

From: “Steve Riley [MSFT]” <steve.ri@microsoft.com>

Date: Mon, 1 Dec 2008 14:15:34 -0800

Local: Mon, Dec 1 2008 5:15 pm

Subject: Re: Alerting – Malicious software removal tool (MSRT)

When the MSRT runs, if it finds what it looks for, it removes it and reports that removal to Microsoft. If it finds nothing, it exits. Neither I nor the
tool nor the SIR make any claims that the MSRT completely cleans a machine. As others have pointed out, it is one element of an effective arsenal of
tools to help improve security.

Here’s something interesting, which might even surprise you: this month (November 2008) the single most prevalent piece of malware the tool detects
is Win32/FakeSecScan (rogues that mimic the Security Center). As of 13 November, we’ve tracked 811,000 removals. This includes some FakeSecScan
threats that were no longer active when detected — meaning that they were incompletely cleaned manually or by other AV products, and the MSRT
successfully cleaned out the remaining bits.

I have a proposal for you — actually, for everyone reading this thread. The MSRT creates a log file in %WINDIR%Debug. KB 890830 describes its output.
If you ever encounter an instance of where the tool fails to properly clean a machine, the Microsoft Malware Protection Center is ready to help. Go to
http://www.microsoft.com/security/portal, click on “Submit a Sample,” and please send us your MRT.LOG file and a sample of the malware, if you can.
We’d love to work with everyone to make sure the tool is as effective as possible.


Steve Riley
steve.ri@microsoft.com
http://blogs.technet.com/steriley
Protect Your Windows Network: http://www.amazon.com/dp/0321336437


You may not be aware, but you can run that Microsoft tool manually.  ‘Run-> MRT’  It of course runs in the background quietly after you download it’s latest version via MU or WSUS each Patch Tuesday.  To learn more on running this manually and an in depth guide on the tool look here:  http://www.vista4beginners.com/Windows-Malicious-Software-Removal-Tool

clip_image001

Another tool I heard recommended that I’d never heard of before (much like it was with the ever successful against this threat – Malwarebytes) is SuperAntiSpyware:

Here’s some very interesting background on the bad guys behind this threat from security super-friend (think Hall-of-Justice) Jesper:

http://msinfluentials.com/blogs/jesper/archive/2008/11/07/xp-antivirus-in-the-news.aspx

If you want to be knowledgeable and prepared for this ever adapting malware threat, read the above and follow the references on how this elaborate shakedown scam got hacked.  It is very impressive to see how they have been so successful at their nefarious deeds due to capitalism in the black market.  Basically they have implemented a franchise business model of sorts founded on social engineering piggy-back attacks.