“I Can Remote Desktop (RDP) into a Computer but I can’t Ping it”

If you encounter this problem where you can’t ping the computer, but you can RDP or remote into the computer, one of thing you might want to check is Firewall.

Microsoft has build in firewall that might of prevent you from pinging the computer or accessing computer files remotely.

OS: Windows XP SP3

1. RDP into the computer you can not ping
2. Go to start – control panel – windows firewall
3. Check windows firewall setting to Off
4. Click Ok
5. Re-ping the computer again to make sure its working
6. Done!

System Security 2012 Malware Removal & Rootkit Removal

System Security 2012 is a FAKE anti-malware/anti-virus scanner that takes control of your computer and force you to buy fake products that will not help you. If you see something call “System Security 2012″ please follow this instruction to remove this malware product.

One of my client reported that his computer was infected and his computer was running very slow. Since this was done remotely over logmein, I am limited in what I can do, which means I will not be booting into safe mode and most of the files need to be download online.

OS: Windows XP SP3

1. The computer was running very slowly, first thing I did was open task manager and end task any unimportant process running and look for suspicious process.
2. Discovered ping.exe which look suspicious and a cqjycekibznx1v.exe which also look suspicious
3. Ping.exe constantly comes back after end tasking, suggesting this is a malware of some type
4. cqjycekibznx1v.exe end task closed the system security 2012, suggesting this has to do with system security 2012 program.
   
5. I started out running malwarebytes, but since the CPU was running constantly at 100%, malwarebytes would hang every single time it tried scanning.
6. Download Tdsskiller from (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) if your internet browser it hijacked, please type in the link manually
7. Since CPU is running constantly at 100%, everything is running very slowly, it took about 2 min for the browser to start up. (use other browser other than IE if possible)
8. Run the Tdsskiller anti-rootkit scanner to scan for rootkit
9. tdsskiller found two different rootkit, rootkit.win32.zaccess.j under service cdrom.sys file and rootkit.boot.wistler.a under physical drive \device\harddisk0\DR0
   
10. Select Cure for both rootkit malware and select continue
11. Tdsskiller will attempt to cure the malware, reboot when its done
12. Once the computer has rebooted, I went ahead and login remotely again using logmein and started malwarebytes since the computer was running faster now.
13. Update malwarebytes and run a quick scan
14. Discovered additional files that needs to be removed (malware.packer) dwme.exe
    
15. Click “Remove selected” and restart computer again after the process is finished
16. Once the computer has rebooted, start malwarebytes again and run a full scan
17. Remove any additional malware  items – malware.packer, trojan.downloader
    system security 2012.ink (rouge.systemSecurity)
    ldr.ini (malware.trace)
    
18. Click “remove selected” and reboot computer when finished
19. Log into the computer and delete temporary internet setting
20. Restore IE setting by going to Tools – Internet Options – Advanced – Reset
21. Restore IE advanced setting by going to  Tools – Internet Options – Advanced – Reset Advance Setting
22. Check to make sure your not connected to a proxy server by going to  Tools – Internet Options – Connection – Lan Setting and make sure Proxy Server is not checked
23. Done!

*You might get faster results if you boot into safe mode to take care of this issue

*If you have a clean computer, use the clean computer to download the required program and use a usb stick to transfer the program over to save time or if your browser is hijacked.

Microsoft Security Essential Blocking Host File from being modified / changed

an IT admin would usually modify the host file to prevent certain computer from accessing a specific website.  The fastest way would to be access the computer through \\(computer name)\C$\Windows\System32\Drivers\etc and modifying the host file. However, with the new changes MS security essential did to their virus scanner, any time the host file is modified, MS security essential would flag it as a potential problem and prevent any changes to the host file.

Here are the step you need to solve this problem:

System: Windows XP Sp3 (Host file is in a different location for Windows 7 and Vista)

1. Remote into the client’s computer using RDP
2. Go to My Computer – C: – windows – System32 – Drivers – Etc – Host
3. Open with and select notepad
4. Add in the website you wish to block and click save
5. a Microsoft Security Essential popup would appear that looks like this
   
6. Click on show details
7. The detected items should be a settingmodifier:win32/possiblehost change
   
8. Change the recommended action to Allow
9. Click Apply Action
10. Once the action is complete, click Close
11. Save the Host file and re-open the file again to verity the changes has been made
12. Test the website to make sure the website/webpage has been blocked
13. Done!

SBS 2003 to SBS 2011 Migration – Migration Preparation Tool Error

During the migration process from SBS 2003 to SBS 2011, we encounter this error while running the migration preparation tool. Even though the migration preparation tool run without any error on the SBS 2003 server, the SBS 2011 did not detect it. If you are encountering this problem, try this solution first.

1. Login or Remote into SBS 2003
2. Click on Start – Run – “dcmcnfg”
3. Expand Component Services – Computers – My Computers
4. Right click on my computer and select properties
5. Select the Default Properties tab
6. Check mark “Enable Com Internet Service on this computer”
   
7. Click Apply and Ok
8. Restart the server
9. Log into SBS 2011 and check again

Can’t open exe files | Malware and Virus prevent me from opening exe files

Some of the new malware and virus designer are getting smarter, disabling the ability to open executable files  to prevent users from running scans or install scanners.   Even after the virus/malware removed, this issue will still happen because of the registry changes.

OS: Windows XP SP3

a client’s computer was infected by a fake windows security 2012 malware . After removing the malware, I notice that it will not open any executable files or installation files. When you attempt to open them, an “Open With” windows opens up. Here is how I solved the issue.

1. Start – Run – Cmd
2. Open with windows will pop up, select browse and go to C:\windows\system32\cmd.exe
3. Once cmd windows is open, type in regedit to run the regedit program
   
4. Starting from my computer , expand HKEY_CLASSES_ROOT-exefile-shell
5. click on the open – command
6. make sure the (default) data look like this:    ”%1″ %*            if not, change it.
   
7. click on runas-command  folder under shell and make sure it looks exactly the same as open-command folder, if not change it to “%1″ %* (there is a space between 1″ and %*)
   
8. close regedit
9. open exe files to verify that windows can now open exe files
10. done!

How to unlock Excel files currently in use

OS: Windows XP , Office 2003

Got a call from a client who said that one of the excel file is currently in used by him even though he has already  restarted the computer. He only has read-only option or cancel.

1. Since he has already restarted his computer, we can rule off him having the excel file still open
2. Log into the server where the  actual file is stored
3. Right click on My Computer – Manage
4. Select Shared Folders – Open Files
5. Locate the file that is having the issue
   
6. I notice that the file is being opened by another user, since I know who the user is, I was able to contact the user to have him close the file. If you do not know who is the user, right click on the file and select “Close Open File”
7. Test to make sure the file can be open for edit.
8. Done

How to change file to a different file type?

OS: Windows XP SP3

One of the client wants to change the file to a different file type , usually you would do this by removing the file type extension and replace it with another one. For example, if the file was music1.zip and you wanted to change to music1.rar,  you would right click on the file, select rename and remove the “.zip” and add in the “.rar”

In cases where the file extension does not appear, would you need to the following:

1. Identify the current type of file, right click on the file and select properties
   
2. Open My Computer and select Tool on the top window – Folder Options… – File Types Tab
3. Scroll down the file type that matches the current type of file and click on the Advanced Button
   
4. Checkmark “Always show extension” and click Ok
   
5. The file extension should now appear and you can change the file type to whatever file type you want.

Mac OS X Lion will not sync to Exchange 2003

A client who recently bought a new iMac wanted to have the lion mail sync with his exchange server. However, since the exchange server is running exchange 2003, it will not sync. With the new OS X update, Apple has decided to use the new EWS technology for syncing instead of activesync.

Since EWS technology is only in Exchange 2007 and higher, the only work around this would be to download Office for Mac 2008.

Office for Mac 2008 is a older version of Office for Mac,  the Microsoft entourage 2008 will work with exchange 2003, allowing you sync with all your contacts/Email/Calendar.

For anyone who is thinking about getting a mac computer for their business, please make sure you have at least updated the exchange server to 2007 SP1 and above.

Slow Excel load time after Microsoft Office File Validation Add-In for Office 2003 and 2007

How the problem first started…

1. User reported opening excel files on Office 2003 with a 2-3min load time that did not happen before
2. the excel file has very large, about 1.3mb in size with multiple sheets
3. I remember installing some office add-in updates for Windows prior to this issues.
4. a quick google search shows that other users are having the same issues.
5. One of the solutions offers was applying the update http://support.microsoft.com/kb/2570623
6. The update only partially solve the issues, I had to do a Excel detect and repair to completely solve the issue.

Problem using Widnows 7 to VPN into Windows 2003 Servers

Since windows 7 has been so well received, some of my clients has already switched over to windows 7 for their personal computers. However, one of the client had a problem with VPN using Windows 7. According to the client, he was able to VPN into the network without any problems, however, he was  unable to perform a remote desktop connection to his computers. Here is how I solved this problem

1. Make sure Windows 7 is up to date on all the updates
2. Right click on VPN connection and select properties
3. Click on the “Security” tab
4. Under Type of VPN, click and select “Point to Point Tunneling Protocol (PPTP)”
   
5. Click on the “Networking” Tab
6. Uncheck “Internet Protocol Version 6 (TCP/IPv6)
   
7. Press Ok
8. Done

With these setting changes, you should be able to perform a remote desktop connection with connected to a VPN.