Removal instructions for Happiness Infusion

What is Happiness Infusion?

The Malwarebytes research team has determined that Happiness Infusion is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F161538-removal-instructions-for-happiness-infusion%2F

How to Change Automatic Maintenance Settings in Windows 10

Windows automatically runs scheduled maintenance on a daily schedule when you’re not using your computer.

This includes tasks such as software updates, Windows Updates, security scanning, and system diagnostics. This maintenance will run daily if you aren’t using your computer at the time you’ve chosen. If your computer is in use at the scheduled time or maintenance is behind schedule, Automatic Maintenance will run the next time the computer is not being used.

The goal of Automatic Maintenance is to combine all background maintenance activity in Windows and help third-party developers add their maintenance activity to Windows without negatively impacting performance and energy efficiency. Additionally, Automatic Maintenance enables users as well as enterprises to be in control of maintenance activity scheduling and configuration.

This tutorial will show you how to change the Automatic Maintenance settings for what time to run the daily maintenance tasks, and if to allow the scheduled maintenance to wake the computer to run at the scheduled time in Windows 10.

Read more…

How to Backup and Restore Start Screen and Start Menu Layout in Windows 10

The layout of your Start screen and Start menu includes how the tiles of pinned items are sized, arranged into groups, and the group names.

This tutorial will show you how to back up and restore your Start screen and Start menu layout in Windows 10.

Read more…

How to Reset Start Screen and Start Menu Layout to Default in Windows 10

The layout of your Start screen and Start menu includes how the tiles of pinned items are sized, arranged into groups, and the group names.

This tutorial will show you how to reset your Start screen and Start menu layout back to the default layout in Windows 10.

Read more…

The little changes that make a difference

Each version of PowerShell introduces a new headline feature – remoting, workflows, DSC, OneGet in version 2,3,4 and 5 respectively. While this can change the way we work there are also a host of little changes that come along that are often overlooked.

 

One example is a change to Get-ChildItem introduced in PowerShell 3.0.

 

Consider getting a directory listing:

Get-ChildItem -Path C:Windows

 

This will give all subfolders and file in the given folder.

 

If you just wanted the files you had to do this:

Get-ChildItem -Path C:Windows | where {$_.PSIsContainer}

 

If you want just the files you use:
Get-ChildItem -Path C:Windows | where {-not $_.PSIsContainer}

 

or the slightly shorter but not as easy to read:
Get-ChildItem -Path C:Windows | where {!$_.PSIsContainer}

 

The PSIsContainer property name is not intuitive and I rarely remember the name exactly and try ISPSContainer first or some other variant.

 

Two additional filtering parameters were added to Get-ChildItem

Get-ChildItem -Path C:Windows –Directory

 

and
Get-ChildItem -Path C:Windows -File

 

produce listings of folders and files respectively.

 

A small simple change that makes life easier.

 

There are a lot of small changes like this scattered through the later PowerShell versions – I’d recommend going through the release notes to track down the ones that will be useful to you.

Wireless Clients fail to associate with SonicPoint

During a troubleshooting session a few months ago, we discovered on a SonicWall NSA-250M hotfix, that after this hotfix applied, several wireless devices couldn’t associate anymore. Mainly notebooks, but smartphones and wireless HP printer could associate.

During the above mentioned troubleshooting we decided to stay with the last firmware, as the SonicWall support could not discover what was causing this problem many wireless clients couldn’t associate anymore.

Now they released SonicOS Enhanced 5.9.0.7-17o and exactly this issue is occuring. We rollback to SonicOS Enhanced 5.9.0.6-3o (or any later does the same) and the issue is gone.

Will see what SonicWall will discover when they will face loads of tickets during the next months when people with SonicPoints attached to their SonicWall environment will update to this new released firmware.

 

Microsoft Security Updates – NOVEMBER 2014

Critical Security updates to Microsoft Windows, Internet Explorer,  Office and other products became available on Patch Tuesday. This is a large security update and users should promptly update to enjoy best levels of protection. So far, no issues encountered in early use after installation.  

https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941

http://technet.microsoft.com/en-us/security/bulletin/ms14-nov

Leadership – Thanksgiving reflections

For IT Project Managers, this the John Maxwell blogs are exellent resource

http://www.johnmaxwell.com/blog/happy-thanksgiving-1

QUOTE: Here in the United States, tomorrow is Thanksgiving. For most of us, that means time with family, great food, and a chance to reflect on what we’re thankful for from the past year. When I look back on this year, I can’t help but be thankful for some amazing blessings. Among them…

* Spend time with my 93-year-old dad and his wife, Betty.
* Healthy family and wonderful grandchildren.
* My team, who make me better than I am.
* The best year that my companies have ever had.
* Grateful for your support, your focus on personal growth, and your willingness to journey with me in creating lives of impact and significance.

Removal instructions for Linkey

What is Linkey?

The Malwarebytes research team has determined that Linkey is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F161502-removal-instructions-for-linkey%2F

Removal instructions for Windows AntiBreach Module

What is Windows AntiBreach Module?

The Malwarebytes research team has determined that Windows AntiBreach Module is a fake anti-malware application.  These so-called “rogues” use intentional false positives to convince users that their systems have been compromised.  Then they try to sell you their software, claiming it will remove these threats.  In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F161494-removal-instructions-for-windows-antibreach-module%2F

SimpleScript (3) El Parser, Expresiones y Comandos

Anterior Post

Veamos hoy parte del Parser, que es un módulo separado. Comienza con una declaración sencilla:

'use strict';

var lexer;

if (typeof lexer == 'undefined')
    lexer = require('./lexer');

var parser = (function () {
    var TokenType = lexer.TokenType;
    var binoperators = [ "+", "-", "*", "/", "==", "!=", "<", ">", "<=", ">=" ];

Usa a lexer, y lo requiere. Luego hay definidos expresiones y comandos. Por ejemplo, esta es la expresión para un simple nombre (por ejemplo, foo):

function NameExpression(name) {
    this.isLeftValue = true;

    this.compile = function () {
        return name;
    };

    this.getName = function () {
        return name;
    }

    this.collectContext = function (context) {
        context.declare(name);
    }
}

Veremos en el próximo post cómo se detecta y construye esta expresión. Una expresión cualquiera tiene que implementar por lo menos dos métodos: compile, que devuelve la expresión compilada a un string de código JavaScript, y collectContext, que permite descubrir las variables declaradas en un programa. En este caso, la NameExpression declara a su nombre (por ejemplo, “foo”), como una variable declarada en el programa (esto es necesario para tener implementado el “hoisting” como en JavaScript).


Veamos una IndexedExpression: compuesta de una expresión y otra expresión para el índice (representaría expresiones como foo[42+1]):

function IndexedExpression(expr, indexpr) {
    this.isLeftValue = true;

    this.compile = function () {
        return expr.compile() + '[' + indexpr.compile() + ']';
    };

    this.collectContext = function (context) {
        expr.collectContext(context);
    }
}

Vean como ahora el collectContext se toma el trabajo de visitar la expresión interna (no vi que fuera necesario visitar y descubrir variables en la expresión de índice, pero puede que lo agregue; esa expresión en general es simple, pero bien podría tener usada una variable).


Pero también hay comandos. Puedo poner como ejemplo el IfCommand:

function IfCommand(cond, thencmd, elsecmd) {
    this.compile = function () {
        var code = 'if (' + cond.compile() + ') { ' + thencmd.compile() + ' }';
        if (elsecmd)
            code += ' else { ' + elsecmd.compile() + ' }';
        return code;
    };

    this.collectContext = function (context) {
        cond.collectContext(context);
        thencmd.collectContext(context);
        if (elsecmd)
            elsecmd.collectContext(context);
    }
}

La distinción entre comandos y expresiones es por ahora puramente formal. Vean que este comando tiene que implementar cómo se compila a JavaScript un if, dado la cond (expresión de la condición), el thencmd (el comando de la rama then), y el elsecmd (el comando de la rama else, que es opcional). Y el collectContext deriva a esas subpartes.


Como siempre, desarrollo paso a paso, usando el flujo de trabajo de TDD (Test-Driven Development). Ejemplo parcial:

exports['Compile string without quotes inside'] = function (test) {
    test.equal(compileExpression("'foo'", test), "'foo'");
    test.equal(compileExpression('"foo"', test), "'foo'");
}

exports['Compile name'] = function (test) {
    test.equal(compileExpression("foo", test), "foo");
}

exports['Qualified name'] = function (test) {
    test.equal(compileExpression("foo.bar", test), "foo.bar");
}

exports['Indexed term'] = function (test) {
    test.equal(compileExpression("foo[bar]", test), "foo[bar]");
}

Ya saben ;-) Sin TDD no hay paraíso!


Próximos temas: cómo se reconocen las expresiones y comandos.


Nos leemos!


Angel “Java” Lopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Microsoft gives us another reason to be thankful! Cross-platform and Open Source .NET!

Be sure to check out my recent blog post regarding the most exciting news in .NET history! Microsoft gives us another reason to be thankful! Cross-platform and Open Source .NET!



Source: ASPAdvice Blog

Persisting PowerShell Objects

I was asked recently about persisting PowerShell objects. The idea was to test a particular property on a semi-regular basis and save the object with the highest value for the property.  If the next test has a higher value it is saved and overwrites the existing object.

 

There are a number of ways to do this – if you are running the test very frequently then you could keep the object in memory as a variable. If you are testing fairly infrequently then you may want to persist the object to disk.  The CliXml cmdlets are good for this.

 

Start by creating a reference object:

Get-Process -Name powershell | Export-Clixml -Path proc1.xml

 

Then run some more tasks in PowerShell to increase the CPU usage. You can do this with any property that will change over time.  CPU is an easy example. You can then run your test. I used an instance of ISE to do the test so I didn’t alter the value by running the test.

 

$proc = Get-Process -Name powershell

Get-ChildItem -Path .proc1.xml

$psp = Import-Clixml -Path .proc1.xml

if ($proc.CPU -gt $psp.CPU){

$proc | Export-Clixml -Path proc1.xml

}

Get-ChildItem -Path .proc1.xml

 

Get the current data and test the saved file. Import the saved file.  Test the CPU values and if the new value is higher save the object by overwriting the file.  Repeat as required.

 

The help files for Export-CliXml and Import-CliXml should be read.

1,000,000 hits on this blog this year

Yesterday this blog alone went over the 1,000,000 hits for the year – if you include its mirror sites that comes to over 1,240,000 in total for this year

 

Thank you to everyone who has taken the time to read my posts

Getting the Free Disk Space of Remote Computers

This started out as a simple script to try to get the free space on one of my servers, but I quickly discovered that using WMI’s Win32_LogicalDisk could only give me part of the solution. The catch is that Win32_LogicalDisk doesn’t return the information about volumes that aren’t assigned drive letters. Which is a problem if what you really need to know is how close to out of space your backup disk is! Because Windows Server Backup takes total control of the backup target disk, and doesn’t mount it as a drive letter, you need to use a different WMI Class to get the information you need. After asking some friends (PowerShell MVPs ROCK!), I was pointed to Win32_Volume, which returns all sorts of information about disk volumes whether they are assigned drive letters or not.

The next issue was how to get the actual information I wanted, and then to format it so that it actually made some sense. For example:
PSH> (Get-WmiObject –ComputerName Server1 –Class Win32_Volume).FreeSpace
21654667264
103541030912
75879378944
142417367040
5500928
565375053824
PSH>

This doesn’t really cut it. OK, let’s try at least getting it into a table:
PSH> Get-WmiObject –ComputerName Server1 –Class Win32_Volume | ft –auto DriveLetter,Label,FreeSpace
DriveLetter Label                               FreeSpace 
----------- -----                               --------- 
C:                                            21655351296 
D:          DATA                             103541030912 
E:          EXCHANGE                          75879378944 
F:          FILES                            142417367040 
Y:          New Volume                            5500928 
            Server1 2014_10_15 10:57 DISK_03 565375053824

Well, that’s a bit more useful, but frankly, that number for the backup volume seems big, but is it 500 GB, or 50 GB? At first glance, I have no idea. And if it’s 50 GB, I’m in trouble, but if it’s 500 GB, we’re fine. So, we need to do a bit of manipulation to the output from Format-Table, and the tool for this is to create an Expression that allows you to calculate and format a result in a way that makes more sense. For this, we use an expression as the property to display. So, for example, to display that “565375053824” as Gigabytes, we use:
PSH> Get-WmiObject –ComputerName Server1 –Class Win32_Volume `
       | ft –auto DriveLetter,Label,@{Label=”Free(GB)”;Expression={“{0:N0}’ –F ($_.FreeSpace/1GB)}}
DriveLetter Label                            Free(GB) 
----------- -----                            -------- 
C:                                           20 
D:          DATA                             96 
E:          EXCHANGE                         71 
F:          FILES                            133 
Y:          New Volume                       0 
            Server1 2014_10_15 10:57 DISK_03 527 
PSH>

Now we’re getting somewhere. But what did we do? We use the @{} to tell Format-Table that we were going to use an expression to define a column of data. The Label=”Free(GB)” creates a new column header, and the Expression={“{0:N0}” –F  means we’re going to have a numeric value (including thousands separators) with no decimal values. The calculated value for the column is ($_.FreeSpace/1GB).

So we now have a useful listing of free space on the remote server. Of course, it might be even more useful to know the percentage free. No problem, for that we use the formatting expression “{0:P0}” to express the column as a percentage, and use the calculation of ($_.FreeSpace/$_.Capacity), letting PowerShell do the work of converting that to a percentage. So:
PSH> Get-WmiObject –ComputerName Server1 –Class Win32_Volume `
       | ft –auto DriveLetter,Label,@{Label=”Free(GB)”;Expression={“{0:N0}” –F ($_.FreeSpace/1GB)}},`
@{Label=”%Free”;Expression={“{0:P0}” –F ($_.FreeSpace/$_.Capacity)}}
DriveLetter Label                         Free(GB)  %Free 
----------- -----                         --------  ----- 
C:                                            20      17 % 
D:          DATA                              96      48 % 
E:          EXCHANGE                          71      71 % 
F:          FILES                             133     18 % 
Y:          New Volume                        0       58 % 
            Server1 12014_10_15 10:57 DISK_03 527     51 % 
PSH>

Now we almost have it. Next, it would probably be useful to get the total capacity of the disk while we’re at it, and since I have more than one server, we should probably plan on passing this whole thing an array of computer names. So, the final script, at least for this first pass:
# ********************************************* 
# ScriptName: Get-myFreeSpace.ps1 
# 
# Description: Script to get the free disk space 
#            : on a remote computer and display it usefully 
# 
# ModHist: 26/11/2014 - Initial, Charlie 
#        : 
# 
# 
# ********************************************* 
[CmdletBinding()] 
Param ([Parameter(Mandatory=$False,Position=0)] 
         [String[]]$ComputerName = "Server1") 
Write-Host "" 
ForEach ( $Name in $ComputerName ) { 
   Write-Host "Disk Utilization for server $Name is: " 
   Get-WmiObject  -ComputerName $Name -Class Win32_Volume ` 
      | Format-Table  -auto ` 
         @{Label="Drive";` 
            Expression={$_.DriveLetter};` 
            Align="Right"},` 
         @{Label="Free(GB)";` 
            Expression={"{0:N0}" -f ($_.FreeSpace/1GB)};` 
            Align="Right"},` 
         @{Label="% Free";` 
            Expression={"{0:P0}" -f ($_.FreeSpace / $_.Capacity)};` 
            Align="Right"},` 
         @{Label="Size(GB)";` 
            Expression={"{0:N0}" -f ($_.Capacity / 1GB)};` 
            Align="Right"},` 
         @{Label="Volume Label";` 
            Expression={$_.Label};` 
            Width=25} 
}

You’ll see I tweaked the formatting to right align the calculated expressions, and gave my volume label column some extra space to improve readability. The result is:
PSH> Get-myFreeSpace.ps1 –ComputerName “Server1”,”Server2”
Disk Utilization for server Server1 is:
 Drive Free(GB) % Free Size(GB) Volume Label 
----- -------- ------ -------- ------------ 
   C:       20   17 %      120 
   D:       96   48 %      200 DATA 
   E:       71   71 %      100 EXCHANGE 
   F:      133   18 %      750 FILES 
   Y:        0   58 %        0 New Volume 
           527   51 %    1,024 Server1 2014_10_15 10:57 DISK_03 
   
Disk Utilization for server Server2 is:
Drive Free(GB) % Free Size(GB) Volume Label 
----- -------- ------ -------- ------------ 
             0   25 %        0 
   D:    1,697   53 %    3,214 Data 
   C:      484   95 %      512 
PSH>

Removal instructions for Savepass 3

What is Savepass 3?

The Malwarebytes research team has determined that Savepass 3 is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements

https://forums.malwarebytes.org/index.php?%2Ftopic%2F161457-removal-instructions-for-savepass-3%2F

Living with a DD-WRT virtual router – one month on

I posted a month or so ago about my ‘Experiences using a DD-WRT router with Hyper-V’, well I have been living with it over a month? How has it been going?

Like the curate’s egg ‘good in parts’. It seems OK for while and then everything would get a bit slow to stop.

Just as a reminder this is what I had ended up with

image

In essence, a pair of virtual switches, one internal using DHCP on the DD-WRT virtual router, and a second one connected to an active external network (usually Ethernet, as DHCP with virtual switches and WIFI in Hyper-V seem a very hit and miss affair).

From my Hyper-V VMs the virtual router seems to be fine, they all have a single network adaptor linked to the virtual switch that issue IP addresses via DHCP. The issues have been for the host operating system. I wanted to connect this to the internal virtual switch to allow easy access to my VMs (without the management complexity of punching holes in the router firewall), but when I did this I got inconsistent performance (made harder to diagnose due to moving house from a fast Virgin cable based Internet connection to a slow BT ADSL based link who’s performance profile varies greatly based on the hour of the day. I was never sure if it was problem with my router or BT’s service).

The main problem I saw was that it seemed the first time I accessed a site it was slow, but then was often OK. So a lookup issue, DNS?

Reaching back into my distant memory as network engineer (early 90s some IP but mostly IPX and NETBIOS) I suspected routing or DNS look up issue. Routing you can do something about via routing tables and metrics, but DNS is harder to control with multiple network connections.

The best option to manage DNS appeared to be changing the binding order for my various physical and virtual network adaptors so the virtual switches were the lowest priority.

image

This at least made most DNS requests go via physical devices.

Note: Also on my Virtual Network Switch adaptor on the host machine I told it not to use the DNS settings provided from the virtual router, but this seemed to have little effect as when using nslookup it still picked the virtual router, until I changed the binding order.

On the routing front, I set the manual metric on IP4 traffic via the virtual router adaptor to a large number, to make it the least likely route anywhere. Doing this should mean only traffic  to the internal 192.168.1.x network should use that adaptor

image

This meant my routing table on my host operating system looks as follows when the system is working OK

image

Outstanding Issues

Routing

I did see some problem if the route via the virtual switch appeared first in the list, this can happen when you change WIFI hotspot. The fix is to delete the unwanted route (0.0.0.0 to 192.168.1.1)

route delete 0.0.0.0 MASK 0.0.0.0 192.168.1.1

But most of the time fixed the binding order seemed enough, so I did not need to do this

External DHCP Refresh

If you swap networks, going from work to home, your external network will have a different IP address.  You do have to restart the router VM (or manually renew DHCP to get a new address)

DHCP and WIFI

There is still the problem getting DHCP working over Hyper-V virtual switched. You can do some tricks with bridging, but it is not great.

The solution I have used is to use Hyper-V checkpoint on my router VM. One set for DHCP and another with the static IP settings for my home network. Again not great but workable for me most of the time. I am happier editing the router VM rather than many guest VMs.


Source: Rfennell

Spybot Search & Destroy Weekly Update – November 26, 2014

2014-11-26

Adware
+ Babylon.Toolbar ++ BuenoSearchToolbar + Firseria + InstallMonetizer
Malware
++ Fraud.DiskClean + OneInstaller
PUPS
++ Down.MaxiGet + InffinityInternet
Trojan
+ Win32.Injector.bcc
Total: 2601868 fingerprints in 812674 rules for 7375 products.

http://www.safer-networking.org/about/updates/

Microsoft Security Advisory Notification Issued: November 25, 2014

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V32.0 (November 25, 2014): Added the 3018943
update to the Current Update section.

Security updates available for Adobe Flash Player – November 25, 2014

Summary


Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates provide additional hardening against CVE-2014-8439, which was mitigated in the October 14, 2014 release (reference http://helpx.adobe.com/security/products/flash-player/apsb14-22.html).

Adobe recommends users update their product installations to the latest versions:
  • Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.239.
  • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.258.
  • Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.424.
  • Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.

http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

Recent Comments

Archives