Category Archives: windows

microsoft, software development, windows

Anti-virus failure leaves XP broken, DNS hijacked, user frustrated

3 Comments

A colleague had some problems with his Windows XP laptop while I was away last week, and I promised to look at it on my return. It’s a sad story, particularly as he is doing everything Microsoft recommends (aside from upgrading to Vista). His HP laptop was fully patched with SP3, and he had a commercial license for AVG anti-virus. He noticed that his system started running slowly when connected to a network, though it worked fine offline, and suspected a faulty network card. It sounded suspicious to me. I wondered if malware was causing heavy network traffic, and advised him to check that his anti-virus was up-to-date and to scan his machine.

It got worse. He ran AVG, which discovered two viral autorun.inf files that it quarantined, but the machine still did not work right. The AVG tech support could not see what was wrong, and suggested reinstalling AVG. Reinstallation failed because AVG could not get updates (this was actually a good clue). Tech support said maybe a firewall problem. Hmm.

The best solution in cases like this is to flatten the machine and reinstall everything, but I was intrigued. I booted from the Ubuntu 8.10 live CD and confirmed that the hardware was fine. I then tried a couple of anti-virus scans that run from boot CDs, which is safer than running from within an infected operating system – the Kapersky rescue disk and the Avira Rescue System. Kapersky identified and removed Trojan-Downloader.Win32.Agent.ahcg somewhere in temporary files. Antivir found nothing. I also ran the Malicious Software Removal Tool which found Trojan: win32/Alureon.gen. Funny how all these tools find different things. No, I don’t find that reassuring.

At this point I connected the machine to the internet. Tried re-installing AVG but it still would not update. Tried downloading a more recent AVG build. However, when I clicked to download, I got an advertisement page instead. Aha! I checked the DNS settings. Instead of being set to obtain the DNS automatically, it was hard-coded to a pair of DNS servers in Ukraine. Clearly the AVG download site was among the ones privileged with an incorrect entry.

Things looked up after I fixed that. Spybot found evidence of Zlob.DNSChanger.Rtk: a registry entry pointing winlogon\system to an executable with a random name somewhere in Windows\system32, but the file itself was not present. Fixed that entry, and Spybot was happy. AVG installed and updated sweetly and found nothing wrong.

I also noticed a hidden directory called resycled (sic) on the root of both partitions, containing the single file boot.com. Has to be a virus, and seems to be associated with the autorun.inf infection; but none of the clean-up tools detected it.

The machine seems fine now, though it should still be flattened as a precaution. I do find the DNS hijack spooky though. It means you can visit safe sites but get dangerous ones. Nasty.

What all this illustrates (again) is that even users who do everything as recommended still get viruses – in this case, probably from an infected USB stick, though I can’t be sure. Why didn’t AVG catch it? Good question. Why didn’t AVG tech support advise how to fix it? Another good question. Vista would have been a little more robust – you would have to pass a UAC prompt to write to the root of drive C, or to HKLM – but I imagine some users would click OK to a prompt after connecting a USB stick, presuming it to be a driver install or something like that.

And if you get ads or porn sites appearing unexpectedly when you browse the web, yes you should be worried.

Update

I sent the suspect file boot.com to Sophos for analysis. I would have sent it to AVG as well, but could find no easy way of doing so. I received an email informing me that this is a worm called W32/Autorun-NX. A filter to detect it was added to Sophos on 7th November at 20.27, which is about 4.5 hours after I submitted it. If mine was the first report, that is impressive speed; but bear in mind that the infection was over a week old when I encountered it, and had circulated for an unknown length of time before my colleague picked it up. Anti-virus software offers only limited and inadequate protection from malware.

Technorati tags: , , , ,

microsoft, multimedia, vista, windows, windows 7

Windows 7 media: AAC yes, FLAC no

4 Comments

Microsoft’s Larry Osterman is here at PDC 2008 and I took the opportunity to ask a couple of questions about media in Windows 7. Windows Media Player is getting built-in support for AAC (as used in iTunes – but not when DRM-protected) and H.264 – but not ALAC (Apple lossless) or FLAC (open-source lossless). What about DRM in Windows 7, any change to the Protected Media Path? No, he told me; adding how frustrated he was by the common supposition that DRM somehow slows everything down in Vista. His line is that Microsoft supports DRM content, but does not in any way impose it.

microsoft, vista, windows

Windows 7 unveiled; hands on report

3 Comments

Here at PDC in Los Angeles, Microsoft’s Chief Architect Ray Ozzie and Windows VP Steven Sinofsky are introducing Windows 7.  A couple of days ago, journalists were loaned Windows 7 laptops to try and I’ve been using this over the last day or so. Generally it’s been a pleasure; performance is great and it works well, aside from Internet Explorer 8 going into an occasional sulk.

A question though: does it merit a new major version number, or is this really a big Vista service pack? It’s a bit of both. Under the hood Windows 7 reports itself as version 6.1 (Vista is 6), and that’s about right.

I see Windows 7 as a reaction to Vista’s problems. Vista was too different from XP; Windows 7 makes small, generally pleasant but evolutionary changes. Vista was too incompatible; Windows 7 uses the same core architecture and pretty much everything that worked on Vista will also work here. Vista was too demanding on hardware; Windows 7 is said to perform better on the same hardware, and while I haven’t had a chance to make the comparison, I can well believe it. Vista won a reputation for prompting the user too much with User Access Control security dialogs and others; Windows 7 is designed to be “quieter” and UAC has been tamed.

The build I have been trying is not feature-complete, and I am sure it will look, cosmetically, more different from Vista in its final release. Nevertheless, the points above are stated goals. The business world will greet Windows 7 with relief, and consumers will, I suspect, enjoy this release – but don’t expect anything revolutionary.

My reflection: if Vista had not been disrupted by the false WPF-based trail shown at PDC 2003 but later abandoned, and also disrupted by Microsoft’s security push which saw the Windows team focusing for a period on XP SP2 rather than Vista, then Vista itself might have most of what is now coming in Windows 7.

That said, if you are a Windows user you are going to like this release.

Technorati tags: , , ,
.net, google, microsoft, salesforce.com, windows

PDC 2008: Microsoft attempts to remake its image

1 Comment

There are two big themes at Microsoft’s Professional Developer’s Conference, just getting under way here in Los Angeles.

One is cloud computing. At this morning’s keynote, Ray Ozzie and others will present Microsoft’s cloud computing strategy. If it’s right that IT is moving inexorably into the cloud, this could be make-or-break for the company. Truth is, despite huge number of users for things like Hotmail and Live Messenger, Microsoft is not perceived as a web or on-demand computing company. That space belongs to others, like Google or Salesforce.com. Further, Microsoft has a problem that those companies do not have: how to keep its partners happy while embracing a computing model that may severely reduce their role.

The other is Windows itself. Vista’s image is tarnished: the wow started badly, and although the OS itself now works better than it did at the launch, its negative perception is beyond rescue. Windows 7 is Microsoft’s next opportunity to generate some consumer and user enthusiasm for Windows, and to stem the flow towards Apple. Tomorrow is Windows 7 day.

We’re also going to get insight into the future of key technologies like .NET, the next version of C# and Visual Studio, the Oslo modeling platform, Microsoft’s plans for identity management, and plenty more.

I’ll be blogging and tweeting as I can during PDC. I’m also keen to know what you think, whether or not you happen to be here in LA (the keynotes are being streamed over the Internet).

Technorati tags: , , ,
.net, java, software development, windows

UK job stats show Java decline

2 Comments

Long-time readers of this blog may recall that I occasionally track IT job vacancies at Jobserve. There may be better sites to track; but it carries a lot of vacancies, and I need to be consistent. I started in early 2002 with the goal of seeing how much adoption Microsoft was winning for its .NET technology. In March 2002, there were 153 vacancies which mentioned C#, versus 2092 for Java.

Since then, C# has grown steadily. Today it overtook Java for the first time (in my random and infrequent visits). There are 2206 C# vacancies, 2066 Java.

I also noticed that the absolute number of vacancies has declined substantially since my last visit, but Java by more than C#. The economy, I guess.

Is Microsoft really sweeping all before it? Well, no. Vista has disappointed; Apple sales grow ever higher; Netcraft’s web server survey shows a decline in the percentage of IIS sites on the Internet in September 2008 and observes that 75% of new web sites coming online use Apache. So it is a matter of what statistic you want to pick. Nevertheless, there is clearly still a lot of C# development out there.

Technorati tags: , , ,
.net, microsoft, software development, windows

Tell me what’s wrong with Microsoft’s Team System

6 Comments

At Microsoft’s Remix08 in Brighton last month, a developer asked about Visual Studio Team System during a panel discussion. What interested me was not so much the question itself, but that after the session she was surrounded by other delegates advising her not to use it. These were people who had tried it, or were using it, but found it frustrating. The general proposal was to use open-source tools instead – things like Subversion and CruiseControl.NET.

I was surprised by the strength of feeling. I’ve looked in some detail at Team System and been reasonably impressed by what it does – but that’s not the same as using it in anger, of course. I admit, for my own work I do use Subversion, just because it is lightweight, works well cross-platform, and runs on my Linux web space as well as locally; but I am not part of a team of developers working on Microsoft platform projects, which is where Team System ought to make sense.

For the sake of balance, I’ll add that I met a developer at the airport on the way to Remix Las Vegas earlier this year, who loves Team System and told me that it is Microsoft’s best product.

I’d love to hear in more detail what users think of Team System. Is it broken, or does it depend on how it is set up and maintained? What are the key things that Microsoft needs to fix? Or is it just great, and those complainers in Brighton atypical?

microsoft, vista, windows

HP laptop go-slow caused by power supply

175 Comments

Wasted some time recently looking at an HP Compaq NX7300 laptop, with Vista, that was running very slow.

No, not just normal Vista sluggishness. Really slow, as in you click the Start menu, wait a bit, and eventually it opens.

Temporarily disabled everything we could think of using msconfig (System Configuration Tool), still slow.

Checked the event log for disk errors, nothing wrong.

All very tedious as any actions took much longer than usual.

Found someone with the same problem on HP’s support forum here – but as so often with the Web, no solution is reported – though the guy does say, “can I assume that the cooling / cpu / power is defective”?

Called HP, and the guy diagnosed a faulty hard drive, though I was sceptical since his argument was that the self-test completed more quickly than expected, though it did not report any errors.

While scratching my head over this, I recalled that this laptop has what HP calls a “Smart AC Adapter”, which has an annoying proprietary connector featuring an additional central pin. According to this thread it actually supplies two separate power lines. The discussion includes this remark:

I tried to substitute the original HP AC adapter, with a general purpose AC adapter, applying a resistor divider between input cylinder- central pin-output cylinder, in order to get the second voltage.  But the laptop did not function normally: it was very slow

and someone adds

The slow function of the system with the alternative power source may be due to the system’s picking up a low voltage on the ‘monitoring’ pin.  This would indicate a low battery or weak charger and the system responded by cutting back on CPU/mainboard frequency to conserve power.

Could this be a clue? We started the laptop on battery power; suddenly it worked fine again. Plugged in the power cable, it slowed down. Removed the power cable, it speeded up again. Bingo.

New power supply is on order. It occurs to me that this could still be a problem with some internal connection, but I’ll be surprised if the new mains adapter does not fix it. Just occasionally the reason for a slow computer is nothing to do with Windows.

Technorati tags: , , , , ,
microsoft, vista, windows

Vista even thinks Control Panel is photos

6 Comments

One of Vista’s most annoying features is the tendency of Explorer to decide, first, that all your documents are music or photos; and second, that if they are, you care more about metadata like “Rating” than humdrum details such as the date of the file.

I had thought that Vista only did this if it found at least one media file in the folder, but today it happened with Control Panel:

Notice how it highlights another user-hostile feature: the name of each applet is in a column too narrow to read, and several applets are indistinguishable from each other because they begin “Microsoft .NET Frame…” or “Internet Information S…”; another triumph of branding over usability.

What I wanted was the Event Viewer; and while I’m in ranting mode, let me add that I much prefer the old NT Event Viewer to the Vista effort. The new one takes ages to populate a clever multi-pane view, which presents too much information in tiny scrolling panels. In practice I use the tree view on the left to select the log I want, subverting the new design by doing exactly what I would have done in the old Event Viewer. Habit possibly; but there are real design problems with the new Event Viewer. Administrators will always choose practical over pretty.

See here for my earlier complaint about Explorer views and a partial remedy. Why wasn’t this fixed in SP1?

windows

Recovering data from a failed hard drive with ZAR

2 Comments

A friend’s computer would no longer boot. The problem turned out to be a failed hard drive. After five years’ service, this 40GB Western Digital is nearly dead. Replacing the drive is cheap; but what about the hundreds of family snapshots, for which no backup exists? Such data falls into an awkward category, of no financial value, not worth huge sums for professional data recovery, but sad to lose.

This drive is free of clicking noises (which are usually a very bad sign) and is recognized by the BIOS. My usual procedure in cases like this is to attach the drive to another working computer, do a backup image copy if possible, and then run utilities like CHKDSK as an attempted repair.

This one wasn’t easy. One problem is that the faulty drive slows down the whole system, presumably as Windows repeatedly queries it for information and gets a delayed response or a timeout. That makes for slow and frustrating work. Initially the drive was completely unreadable. Following several hours of CHKDSK, I could see the file system in Explorer, but directories took several minutes to open. I managed to copy a few files, but most of the images failed to copy; after a long pause Windows would report a file I/O error.

I tried the official Western Digital diagnostic and repair utility. It reported too many bad sectors to continue.

I had a quick look for utilities that might help, and came across ZAR, Zero Assumption Recovery. This is trialware, free for recovering up to 4 folders, or images from a memory card, and inexpensive for the full version. I ran it first in the free image recovery mode. It took 20 hours but recovered 55,000 image files, saved with random names in a single directory. I tried opening some of the JPEGs; some opened, some were corrupt. Still, better than nothing. I paid for the full version, and re-ran the utility. This time it was quicker. I was able to select the NTFS folders I wanted to recover – I chose all of Documents and Settings – and it retained the folders and filenames. After about 7 hours, it recovered most of the data successfully. I have not tested all the images, but the ones I have tried open fine.

There may be better utilities out there, but I was impressed with ZAR; it takes a long time, but since it works unattended that is not a problem.

Finally, a few words of general advice if you have a failing Windows drive containing important data. Disclaimer: this is based on my experience and might not work for you.

  • If you notice the problem when the drive is working, backup what you care about immediately. It may never spin up again.
  • Check the event log – if there are disk errors reported, such as ATAPI or SCSI errors, perhaps the drive is failing. I always replace the drive in these cases; keeping it is not worth the hassle.
  • If that’s not possible, stop working with the drive. Writing data to it may make it worse. Attach it to a different PC as a spare drive. Back it up as-is if possible, using something like Drive Snapshot.
  • Now, how much do you really care about that data? If it is business critical, just send it to someone like OnTrack. It will cost a fortune, but pretty much anything can be recovered.
  • If the drive won’t spin, or the BIOS won’t recognize it, you are on your own. Homely remedies include sharp taps or a dose of refrigeration; or maybe the skip beckons.
  • If it kinda works, try CHKDSK /R. This can take many hours with a bad drive, but often works well enough to recover data.
  • If that fails, get the drive manufacturer’s diagnostic utility. This will tell you if the drive is physically damaged, or just scrambled. A repair using this utility may also work – but could also make data harder to recover. That’s why you made the image backup.
  • If that fails, try ZAR or one of many other utilities out there. I noticed that OnTrack has some too. There are free ones as well. Good luck.
Technorati tags: , , ,
microsoft, vista, windows

Moving Vista to a new hard drive

I have a Toshiba Portege M400 which is a couple of years old now, but it is not too bad a spec (Core 2 Duo 2.00 Ghz and a Tablet), so when I ran out of disk space I decided to upgrade to a larger drive rather than looking for a new machine. The M400 is slightly unusual, in that you can install a second drive in place of the DVD (which I rarely use), so I was able to fit the new drive in this bay while booting into the old system. The old drive is 80GB, and the new one 250GB. My task was to clone the old Vista installation onto the new drive.

I decided to use Drive Snapshot, which is able to make an exact copy of a running Windows installation. I created two partitions on the new drive, one just a little bigger than the old drive, and one to hold the Drive Snapshot backup files. Then I backed up the old drive to the second partition, and restored it to the first. Next, I removed the old drive (which remains as a backup),  moved the new drive to the permanent internal position, and started the system.

No joy. Windows tried to boot but reported a missing winload.exe. I presumed it was looking in the wrong place. I booted from a Vista DVD and chose the Repair option. There was a slight complication: Vista setup needs to load the Toshiba RAID driver in order to see the drive, but fortunately I have this on another CD. The Vista repair fixed the boot configuration, and I restarted thinking all would be well.

Still no joy. Well, partial joy. Vista booted, and I logged on, but only to a blank light blue screen. Using Task Manager I could start Explorer, but Windows told me it was using a temporary profile. I figured out the problem: drive letters. The system drive was meant to be C, but when I created the partition I had assigned it the letter K. I though that Drive Snapshot’s sector copy would overwrite that assignment, but apparently not. In this state, Vista could boot OK but not much worked. Even RegEdit and the disk management utility failed to open, reporting a “path not found” error.

I found some useful information on the problem here. It looked as if I could fix it by editing the registry, if I could work out how to do so. I have a little experience with this, so I knew roughly what to do. I booted again from the Vista DVD, and opened a command prompt. The minimal system recovery version of Windows does have a registry editor, but if you run RegEdit you get the registry of the setup Windows, not the one in the system you are trying to fix. The solution is to use Load Hive to edit the target registry. I found the key HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices and deleted all the entries except Default. Rebooted, and everything worked perfectly.

One task remained. I ran Disk Management, and deleted the spare partition which contained the Drive Snapshop backup files. Next, I right-clicked the Windows partition, selected Extend Volume, and expanded it to fill the entire drive. Success – now I have 155GB free for new versions of Visual Studio, Adobe CS4, Delphi 2009, VirtualBox disk images, interview recordings, and all the other stuff which occupies my time.

Should I have done a clean install? Now I have a spare drive I might do one as an experiment, but considering the work involved in reinstalling everything, plus the fact that there is nothing really wrong with the current installation, I am not keen.

Overall it did not take long, and while there may be better utilities out there for this particular operation, I’m happy with the results from Drive Snapshot.

Technorati tags: , ,