Removal instructions for Easy Deals

What is Easy Deals?

The Malwarebytes research team has determined that Easy Deals is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F159538-removal-instructions-for-easy-deals%2F

PowerShell 5 – zip and unzip

One the extras in PowerShell 5.0 is a couple of cmdlets for workign with zip archives. Actually, you’ll find they are PowerShell advanced functions if you look in the module which you’ll find at C:WindowsSystem32WindowsPowerShellv1.0ModulesMicrosoft.PowerShell.Archive

 

You get 2 cmdlets:

£> Get-Command *archive | ft CommandTYpe, Name -a

CommandType Name
———– —-
   Function Compress-Archive
   Function Expand-Archive

 

To compress

$files = Get-ChildItem -Path C:Scripts -Filter *.csv | select -ExpandProperty Fullname
Compress-Archive -Path $files -DestinationPath C:Scriptst1.zip -CompressionLevel Optimal

 

or a single file

 

Compress-Archive -Path c:scriptstest.csv -DestinationPath C:Scriptst2.zip -CompressionLevel Optimal

 

To uncompress

Expand-Archive -Path C:Scriptst1.zip  -DestinationPath c:scripts

 

if you need to overwrite files:

 

Expand-Archive -Path C:Scriptst1.zip  -DestinationPath c:scripts -Force

Removal instructions for System Support

What is System Support?

The Malwarebytes research team has determined that System Support is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F159488-removal-instructions-for-system-support%2F

Weekend reading

Update for Outlook Junk E-mail Filter – October 2014

Microsoft has recently released the October updates for the Outlook 2007/2013 Junk E-mail Filter.

‚ÄúThis update provides the Junk E-mail Filter in Microsoft Office Outlook with a more current definition of which e-mail messages should be considered junk e-mail.‚ÄĚ

The update is available for Outlook 2007 and Outlook 2013 (32-bit, 64-bit) or you can use Microsoft Update. As usual the update comes with the corresponding Knowledge Base article:

Visual Studio crashes when trying to add an item to a TFS build workflow

There has for a long time been an issue that when you try to add a new activity to the toolbox when editing a TFS build workflow Visual Studio can crash. I have seen it many times and never got to the bottom of it. It seems to be machine specific, as one machine can work while another supposedly identical will fail, but I could never track down the issue.

Today I was on a machine that was failing, but …

But I found a workaround in a really old forum post. The workaround is to load the IDE from the command line with the /safemode flag

C:Program Files (x86)Microsoft Visual Studio 12.0Common7IDEdevenv.exe /safemode

Once you do this you can edit the contents of our toolbox with crashes, and also your template if you wish. The best part is that once you exit the IDE and reload it as normal your new toolbox contents are still there.


No perfect, but a good workaround


Source: Rfennell

Credit Card Fraud – Tips to spot Credit Card Skimmers

Credit Card skimmers are devices designed to intercept credit cards, allowing thieves to create a fake duplicate copy of the original and rack up unauthorized charges. Kim Komado highlights these dangers in one of the daily security tips.

http://www.komando.com/tips/278304/how-to-spot-credit-card-skimmers

 
One of the more successful tools of 21st century crooks is the skimmer. Thieves attach them to ATMs, gas pumps and other places people swipe their credit and debit cards. It’s quite ingenious.¬† Once in place, this sneaky bit of electronics steals the magnetic strip information from your card. Once the thieves have the information, it takes just moments for them to copy or clone it.¬† And once they have a clone, they can drain your bank account or run up huge bills and trash your credit before you even know it!

Windows 10 Technical Preview–Build 9860

Bonjour tout le monde,

Microsoft s’est beaucoup appuy√© sur les commentaires re√ßus pour produire cette nouvelle premi√®re mise √† jour de Windows 10 Technical Preview.
C’est en fait plus de 250000 messages via Windows Feedback, plus de 25000 messages du forum communautaire qui ont √©t√© pris en compte pour cette nouvelle build.
Microsoft pr√©cise √©galement qu’il peut se passer un certain temps avant de voir les modifications bas√©es sur les commentaires.

Cette premi√®re mise √† jour, build 9860, a d√©j√† commenc√© √† √™tre d√©ploy√© via Windows Update avec le plein de nouveaut√©s, changements et am√©liorations. Bien s√Ľr, il y a encore quelques bugs et des fonctionnalit√©s pas tout √† fait termin√©es mais le produit est d√©j√† bien avanc√©.

Si vous ne voulez pas attendre la mise à jour automatique, vous pouvez toujours effectuer "Rechercher des mises à jour" depuis Panneau de configurationSystème et sécurité.
Le volume √† t√©l√©charger "p√®se" entre 2 et 2,74 Go selon la langue et l’architecture du processeur.
Une fois la build 9860 install√©e, la machine devra red√©marrer et cela durera un peu plus long qu’habituellement; mais il ne faudra pas s’inqui√©ter plus que cela ;-)

La premi√®re ouverture de session sera un peu plus longue √©galement √† cause du re-param√©trage des applications, index de recherche, Synchronisation OneDrive, etc…

Certains problèmes connus
Dans cette version, la connexion à un réseau Wi-Fi est moins aisée mais cela sera corrigé dans une prochaine build.
Le design des fen√™tres n’est pas encore stabilis√© mais l’√©quipe en charge travaille sur l’aspect final.
L’interface d’Internet Explorer peut pr√©senter un fonctionnement hasardeux avec des √©l√©ments du menu disparaissant pendant l’utilisation, tout cela en fonction du pilote d’affichage.
C√īt√© alimentation, il pourrrait √©galement se produire quelques soucis sur mise en veille ou sur red√©marrage apr√®s mise en veille.
L’utilisation avec 2 moniteurs peut poser un probl√®me d’√©cran bleu √† la d√©connexion; un correctif est √† venir.

Finalement, qu’est-ce qui est nouveau dans cette build 9860 ?image
Microsoft parle de plus de 7000 am√©liorations et correctifs apport√©s – dont la plupart sont invisibles √† l’utilisateur – gr√Ęce aux rapports soumis par les utilisateurs de la build 9841. Comme quoi Microsoft s’est r√©ellement appuy√© sur le travail de chacun pour am√©liorer Windows 10.

L‚ÄôAction Center de Windows Phone arrive sur Windows 10. Il sert de centre de notification pour rep√©rer les √©l√©ments nouveaux, autant syst√®mes qu’applicatifs : nouveaux e-mails, messages Facebook, LinkedIn…, changement de statuts, √©v√®nements de calendriers; bref, tout cela en un seul et m√™me endroit.

D√©placer facilement les applications d’un moniteur √† l’autre : lorsque vous travaillez sur plusieurs moniteurs, utilisez WIN + CTRL + <arrow> pour d√©placer l’application active vers un autre moniteur. Vous pouvez trouver une liste de nouveaux raccourcis clavier pour la navigation et la gestion de vos postes de travail multiples en ici dans ce blog post.

Une nouvelle option est pr√©sente dans le panneau de configuration au niveau des mises √† jour : la vitesse √† laquelle vous souhaitez obtenir les nouvelles build. Option "Low" par d√©faut, cela donnera le temps d’utiliser une build pendant que les autres utilisateurs testeront la ou les nouvelles; "Fast", vous installerez les nouvelles builds d√®s leur disponibilit√©.

En attendant son arrivée et la découvrir ensemble, bon weekend.
Patrice.

October patch status report – 10 days past release

Issues we are still tracking:

**** KB30000061 is a kernel update:
KB3000061 fails to install on Server 2012:   Also impacting Windows 8.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/f77691d8-a9d0-4714-98ad-71665cfa8965/kb3000061-fails-to-install-on-server-2012?forum=winserver8gen   Cases opened: 114101711916740 and 114101711915623

Status:  See in that thread, Microsoft engineer in the forum is asking for cbs.log files from impacted machines.  Some recommendations have been made, no solution at this time.

****
Two¬†issues with KB2984972 ‚Äď this is a patch to update the RDP restricted admin mode

‚ÄúHeads up, KB2984972 on Server 2008R2 RD server caused issues with our Wyse thinclients ‚Äď it caused them all to span desktops across multiple monitors rather than presenting multiple monitors to the host OS. After uninstalling & rebooting clients are presented with multiple monitors again.‚Ä̬† <<<< will impact MultiPoint Server as well too <<<<<

Another thread on the issue here: http://forums.mydigitallife.info/threads/57448-KB2984972-breaks-concurrent-RDP-patch?p=960999#post960999

Status:¬† Unknown if this is being investigated by Microsoft.¬† Have seen some updates from the thin client vendors, so unsure if this will be patched from the vendor side or from the Microsoft side. https://serverfault.com/questions/637251/what-would-cause-wyse-c10le-thin-clients-to-suddenly-be-unable-to-use-dual-displ/637429#637429?newreg=ab71e335f34e48c2b161992751a39282¬† ¬† If someone has a serverfault reputation of greater than 50 can you post in there and ask them to email me at susan-at-msmvps.com (change the -at- to @) to set up a support case?¬† I really am unsure if there are cases being worked on regarding the thin client impact and I’d love to make sure they are.
****
App v and KB2984972 impact:
https://social.technet.microsoft.com/Forums/en-US/c90212b0-b32c-4488-9753-fb952112828c/warning-kb2984972-and-autodeskrelated-46-appv-packages?forum=mdopappv   << case opened on this issue SRX 114101611907865.

  Status:  Known issue now documented

Known issues with this security update

  • Symptoms After you install this security update, virtualized applications in Microsoft Application Virtualization (App-V) versions 4.5, 4.6, and 5.0 may experience problems loading. When the problem occurs, you may receive an error message that resembles the following:
    Launching MyApp 100%
    Note In this error message, MyApp represents the name of the App-V application. Depending on the scenario, the virtualized app may stop responding after it starts, or the app may not start at all. Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756 How to back up and restore the registry in Windows
    Resolution To resolve this known issue, configure the TermSrvReadyEvent registry entry on the computer where the Microsoft Application Virtualization Client is installed. For Microsoft Application Virtualization 5.0
    • Registry Key: HKLMSoftwareMicrosoftAppVSubsystemObjExclusions Value name: 93 (Or any unique value) Type: REG_SZ Data: TermSrvReadyEventExample For example, type the following command at an elevated command prompt to add the entry to a system running Application Virtualization 5.0:
      reg add HKLMSoftwareMicrosoftAppVSubsystemObjExclusions /v 93 /t REG_SZ /d TermSrvReadyEvent
    For Microsoft Application Virtualization 4.6
    • For all supported x86-based systems Registry Key: HKLMSOFTWAREMicrosoftSoftGrid4.5SystemGuardObjExclusions Value name: 95 (Or any unique value) Type: REG_SZ Data: TermSrvReadyEvent Example For example, type the following command at an elevated command prompt to add the entry to an x86-based system running Application Virtualization 4.6:
      reg add HKLMSOFTWAREMicrosoftSoftGrid4.5SystemGuardObjExclusions /v 95 /t REG_SZ /d TermSrvReadyEvent
    • For all supported x64-based systemsRegistry Key: HKLMSOFTWAREWow6432NodeMicrosoftSoftGrid4.5SystemGuardObjExclusions Value name: 95 (Or any unique value) Type: REG_SZ Data: TermSrvReadyEvent Example For example, type the following command at an elevated command prompt to add the entry to an x64-based system running Application Virtualization 4.6:
      reg add HKLMSOFTWAREWow6432NodeMicrosoftSoftGrid4.5SystemGuardObjExclusions /v 95 /t REG_SZ /d TermSrvReadyEvent

******
KB2949927 ‚Äď the SHA-2 update: Also¬†seeing issues with KB2949927 getting installed:¬† https://social.technet.microsoft.com/Forums/en-US/bc191121-94ab-483f-ae9f-d5056ca3aae5/kb2949927-fails-to-install-if-bitlocker-fvevol-service-is-disabled?forum=w7itproinstall ¬†and http://www.bobistheoilguy.com/forums/ubbthreads.php/topics/3511807/KB2949927_failing_to_install

STATUS:  KB2949927 has been pulled from Microsoft update on 10/17/2014

****
Then KB2995388 8.1 cumulative update causing issues with VMware workstation:

Workstation 10 issue with recent Microsoft Windows 8.1 Update | VMware Workstation Zealot ‚Äď VMware Blogs:
http://blogs.vmware.com/workstation/2014/10/workstation-10-issue-recent-microsoft-windows-8-1-update.html
We noticed that a recent Windows 8.1 Update (KB2995388) may cause issues when running VMware Workstation on a Windows 8.1 host with this update installed. User will see an error message ‚Äúnot enough physical memory‚ÄĚ when booting up a virtual machine

STATUS:  per the thread reinstalling vmware 10 will fix the issue, unsure if this patch will be redone or merely the recommendation will be to reinstall VMware

***
2990942 ASP. MVC security update
Microsoft Asp.Net MVC Security Update MS14-059 broke my build! – .NET Web Development and Tools Blog – Site Home – MSDN Blogs:
http://blogs.msdn.com/b/webdev/archive/2014/10/16/microsoft-asp-net-mvc-security-update-broke-my-build.aspx

Windows Azure Pack: Cannot create Plans.:
https://social.technet.microsoft.com/Forums/en-US/b60f7840-7da9-41f1-a896-b6875c6a925f/windows-azure-pack-cannot-create-plans?forum=windowsazuremanagement

Status:  Lots of upset developers.

***
Driver Patch released by vendor bricks users chips

http://www.zdnet.com/ftdi-admits-to-bricking-innocent-users-chips-in-silent-update-7000035019/

FTDI appears to have used a recent Windows update to deliver the driver update to brick all cloned FTDI FT232s.

FTDI’s¬†surprise new driver reprograms the USB PID to 0, killing the chips instantly.

The hardware hackers at Hack A Day first reported that a recent driver update deployed over Windows Update is bricking cloned versions of the very common FTDI FT232 [USB to UART] chip

Status:¬† A driver update delivered through Windows update supplied by a vendor was designed to nuke non genuine chips.¬† If suddenly your clients/customers start complaining that their USB devices are missing/won’t work, it may be due to this.¬† The vendor used the MU driver update channel to nuke unlicensed chips ¬†(Susan note:¬† despite what the Microsoft folks say I use the driver updates offered up to me via MU as indicators I need to look for vendor drivers, I do not install them on production machines due to too many years of being burnt by them)

 

***

Adobe update 11.0.9 causes problems with opening files across network shares.  Error message received is
“There was an error opening this document. The network path was not found.”

https://forums.adobe.com/message/6860536#6860536

Status:  Workaround to issue Рdisable protected mode (which is not acceptable), otherwise use Foxit or CutePDF reader as an alternative.

Removal instructions for Auto Cinema

What is Auto Cinema?

The Malwarebytes research team has determined that Auto Cinema is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F159478-removal-instructions-for-auto-cinema%2F

Got a few hours to watch some videos?

Lots of great videos here on this page:

Derbycon 2014 Videos (Hacking Illustrated Series InfoSec Tutorial Videos):
http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist

I highly recommend spending a few hours looking around the videos here!

 

 

How to Open and Use Notification Center in Windows 10

The Notification Center is a new addition to Windows 10 Preview build 9860. The Notification Center collects and shows toast notifications and alerts from traditional Windows applications and system notifications, alongside those generated from Windows 8-style apps. Toast and notifications are then grouped in the Action Center by app and time. It will show you all of your past notifications until you clear them.

Microsoft has said that they plan to make this Notification Center feature in Windows 10 similar to the one in Windows Phone so there can be a unified experience for notifications.

Microsoft isn’t sure if they are going to go with the name Action Center or Notification Center for this feature yet, so it may change names in a future build of Windows 10.

“This build is focused ONLY on enabling basic notifications ‚Äď quick actions and cleaner UI will come later,” explains Microsoft‚Äôs Gabe Aul.

This tutorial will show you how to open and use the Notification Center in Windows 10 build 9860.

Read more…

Removal instructions for Shop For Rewards

What is Shop For Rewards?

The Malwarebytes research team has determined that Shop For Rewards is adware. These adware applications display advertisements not originating from the sites you are browsing.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F159417-removal-instructions-for-shop-for-rewards%2F

Windows 8.. Virus ridden and not working..

When I took this job on yesterday evening, it should have been relatively simple.

The machine had picked up a variation of the FBI virus plus other stuff no doubt, but as it was to be used by somebody other than the original user and nothing had been saved, I elected to do a back to factory reset.

The first part ran well, and it wasn’t long before I had a working Windows 8. The next job was to update it to the level where I could get it up to 8.1, and this is where the the first problem hit.

Checking for updates, it showed that there were 121 of them, so I set it to install. After two hours of downloading and installing, the machine rebooted and put up the message relating to FAILED updates and REVERTING back.

This morning, I decided to have another go and now there are 133 updates, so I set it to install them. Progress is slow but it accepted the first round of updates, upgraded to 8.1, ..

What really annoys me is that we sit in the MS Forums handing out advice to hapless end users that should work without a hitch, ESPECIALLY on a fresh install of Windows, and it DOESN’T work, and for no good reason.

OK.. so finally the HP is up to 8.1 Update and appears to be stable.. Smile

I have another machine here form the same client,  a  Toshiba laptop running Windows 7 which also needed junk removing from it. The job seemed to go well, but the system is so badly corrupted that it will hardly do anything in under 5 minutes and the HDD light is PERMANENTLY lit up. I saved all user data from it and as I type here, it is recovering back to factory default software.

Before I started the recovery, I did try restore points and noticed one which said ‚Äėremove PCBooster‚Äô. So now I have an idea of what screwed the OS, but who installed it?  I shouldn‚Äôt worry really, but I charge very little for what I do and it always includes the backing up of data because most of my clients and many more besides have no intention of ever learning how.

After having run one lot of updates after another, the Toshiba is now looking perilously close to being finished and in a state good enough to return to it’s rightful owner.. Smile

Removal instructions for Object_Browser_v1

What is Object_Browser_v1?

The Malwarebytes research team has determined that Object_Browser_v1 is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements

https://forums.malwarebytes.org/index.php?%2Ftopic%2F159409-removal-instructions-for-object-browser-v1%2F

Windows 10 Feature Request (and Interim Solution): Wildcard HOSTS file entries

Be sure to check out my recent blog post regarding my Windows 10 Feature Request (and Interim Solution): Wildcard HOSTS file entries. Here is an excerpt:

As a consultant building multiple web applications, especially solutions built with the Sitecore Experience Platform, I would spend too much time adjusting entries in my C:WindowsSystem32driversetchosts file. If you are unaware of what the hosts file is, you can find out all about it and it‚Äôs history in this Wikipedia article: wikipedia.org/wiki/Hosts_(file). Some time ago I started implementing what should be a simple standardization best practice: all my local development sites utilize a common top level domain ‚Äď .local instead of .com. I have seen others use .dev and any other non-typical top level domain would work just as well.



Source: ASPAdvice Blog

Windows 10 Feature Request (and Interim Solution): Wildcard HOSTS file entries

Be sure to check out my recent blog post regarding my Windows 10 Feature Request (and Interim Solution): Wildcard HOSTS file entries. Here is an excerpt:

As a consultant building multiple web applications, especially solutions built with the Sitecore Experience Platform, I would spend too much time adjusting entries in my C:WindowsSystem32driversetchosts file. If you are unaware of what the hosts file is, you can find out all about it and it’s history in this Wikipedia article: wikipedia.org/wiki/Hosts_(file). Some time ago I started implementing what should be a simple standardization best practice: all my local development sites utilize a common top level domain – .local instead of .com. I have seen others use .dev and any other non-typical top level domain would work just as well.



Source: ASPAdvice Blog

Run with PowerShell

Came across  something new today ‚Äď Run with PowerShell.

 

if you have PowerShell 3.0 or later installed ‚Äď right click on your script and select ‚ÄúRun with PowerShell‚ÄĚ

 

A few rules though ‚Äď The script can‚Äôt take parameters or output anything to the prompt. You can‚Äôt interact with the script or the console window.

 

Execution policy is set to Bypass ‚Äď not sure I like that idea  – unless the ExecutionPolicy is Allsigned in which case only signed scripts can be run this way.  See about_Run_With_PowerShell for more details

DSC for Exchange

A series of posts on using the Exchange DSC resources ‚Äď starts here

http://blogs.technet.com/b/mhendric/archive/2014/10/17/managing-exchange-2013-with-dsc-part-1-introducing-xexchange.aspx

Removal instructions for CinemaxME

What is CinemaxME?

The Malwarebytes research team has determined that CinemaxME is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F159353-removal-instructions-for-cinemaxme%2F

Recent Comments

Archives

ÔĽŅ