tidystorm

random techno-gab

Category Archives: App repair and hacks

Image backup to a network drive with Windows Home Premium

I don’t use the Windows system image backup because half our computers have Windows 7 Home Premium, which is too stingy to offer system image backups to a network drive. Sadly, we do our system image backups to a network drive, specifically, the USB hard drive that’s connected to our router.

So instead I use the free Macrium Reflect, which does a great job. I still had to map the router’s hard drive on my computer, but at least Macrium Reflect recognizes it, which Windows does not.

I already have all the rescue disks created, which are the device we use to initiate “restore” of a system image backup if one is needed.

To create a new system image backup on a new computer, this is what I did:

1. Run Macrium Reflect
2. Click on “create a backup image of an entire disk or selected partition”
3. Follow the wizard’s instructions
4. Choose network and type in the network address
5. Check the box for “use the image ID as the file name” which should already be checked
6. Use “advanced” to choose “make an exact copy.” Leave the compression level at medium
7. Use the same nickname for the job that we used for the other computers, which is ”Medium Compression and Cloned Copy”
8. Be sure and schedule it so it will run again in the future

To create a new system image backup on a computer for which the job has already been defined:

1. Run Macrium Reflect
2. Click on the “scheduled backup” tab
3. Right-click on the job. It should be titled “Medium Compression and Clone xml.job”
4. Click on “run now”
5. Click OK. The job will run hidden, but you can unhide it to view progress. Find the icon in the system tray

About the rescue disks:

We currently have one disk per computer in the house, but we can always create another new rescue disk for any new computer that comes into the house.

The rescue disk does the job of locating the system image for the computer that needs rescuing.

In the event that we buy a replacement computer for someone in the house, we can create a new restore disk for that new computer, then use it to prime the new computer with the system image from the old computer (provided that the new computer’s hard drive is the same size or bigger than that of the old computer.)

To create a rescue disk:

1. Insert a disk
2. Run reflect
3. Choose the function for creating a bootable rescue disk
4. For rescue CD type, choose Linux
5. Select the drive that you had put the CD in
6. Click Finish

When disaster finally strikes

When disaster strikes or you’ve gotten a new hard drive or a new computer, it’s time to dig up the rescue disk.

To restore the system image backup:

1. Boot to the rescue disk
2. The restore wizard will run and will eject the disk
3. Now you don’t need the disk. In the dialogue box, look for the location of your system image backup. We have it under “network neighborhood.”
4. Click on “map share.” Type in the IP address and folder where the system image backup is stored. Open the location
5. You should see the date of the backup and the partitions that are included in the backup. Highlight the backup you want and click next.
6. Choose the partition you want to restore. You can restore one partition at a time without ever leaving the dialogue.
7. Follow the rest of the instructions.

I must say, however, the need for Marcium Reflect for system image backup is, so far, the only flaw I see to using Windows Home Premium. You can see in the ads above the difference in price between Home and Ultimate. You can guess that the middle one, Windows Professional, is priced somewhere in the middle.

Backing up my router’s hard drive with Crashplan

I use Crashplan to backup the data from nine computers to Crashplan Central. It works great.

Recently I plugged an external USB hard drive into my router. I use this particular hard drive to store system image backups. I wanted it to be swept up by Crashplan, but even though I have it mapped as a network drive on my computer, Crashplan does not recognize it.

After some research, I realized I need to use the mklink command to create a symlink.

Here’s what I did:

1. Open command prompt as administrator
2. Type in: mklink /d C:\symlink_for_willow R:\
3. The response I got was: symbolic link created for C:\symlink_for_willow <<===>> R:\
4. The result is that I have created a symlink at the root of my c drive called “symlink_for_willow.” (Blue Willow is the name of my router, so I named the symlink after my router. Go figure.) The symlink points to my R disk, which is the router’s hard drive.
5. Close the command prompt
6. Now Crashplan will find the symlink

The redirect virus was in my router

Solved! The redirect virus was in my router

Does your redirect virus keep coming back, after appearing to be solved by conventional means? It could be in your router. Here’s a possible explanation for what’s happening out there in cyberspace.

Perhaps this virus attacks routers first, and then finds its way onto your computers. If that’s true, it would explain why it keeps coming back. You must get rid of it in your router.

In our case, we think our computers never actually had the virus, because we did a good job at securing them. But it was in our router, so we saw the symptoms. That’s why no amount of extra anti-anything ever made a difference in the symptoms we were seeing.

Our configuration

We have a mix of Windows 7 Professional, Windows 7 Home, and XP computers. Some of them are Lenovo, but not all. Some are laptops. We have both an ethernet connection and a wireless connection. We were using the Linksys WRT350N router. We use a mix of Firefox and Internet Explorer, but mostly Firefox.

Our Security

We always keep our computers clean and secure with:

  1. Avast Free
  2. Malwarebytes Anti-malware
  3. Spybot
  4. Secunia (on the advanced level)
  5. Windows Defender
  6. Ccleaner
  7. Windows cleanup!
  8. Disk cleanup
  9. Process Explorer
  10. Passworded hard drives on the laptops
  11. Windows update
  12. Lenovo Toolbox tests and updates on our Lenovo computers (equivalent on the others)
  13. Crashplan

Google Redirect Virus and its alternative names

The virus is often referred to as the Google Redirect Virus. It also goes by “search redirect,” “browser redirect,” “tdss rootkit” and probably some others I can’t remember now. It infected all of our computers. These could actually be separate viruses. Remember that once you’re infected with a virus, the door opens for other infections.

More still seems unknown than known about this virus. Generally, you go to a web page, either by means of search or directly, and you see the web page, but then it redirects somewhere else, or to a blank page. Sometimes you see a message about google analytics loading. Other times you might see an inappropriate site or an advertising site.

Curiously, the web is rife with a variety of solutions which only work for some people. It seems like a lot of people find an answer that works for them, which appears to eradicate the virus from their computer.

Our test cases

Three web pages that failed on my computer and which became my test cases:

1. Open www.lenovo.com, look for the support section of links at the bottom of the page, then click on the warranty link. You either get redirected now, or if you successfully reach the warranty page, click on the link for “detect” (if it’s there.) It then fails.

2. Type into google “ehow fix google redirect virus” and then click on the ehow article that comes up at the top of your search results. Give the page some time to load. Either it will eventually redirect, or will do so after you touch your keyboard.

3. Open www.filehippo.com and click on “view more” at the bottom of the right-hand box. It will eventually fail.

We tried

We tried everything we could find pertaining to this virus on one’s computer. In fact, we worked on it for about fourteen people-hours total. Our idea of a good time. The list includes but is not limited to (we can’t remember it all):

  1. Superantivirus
  2. Unhackme
  3. Clear cache, cookies, and history
  4. Remove all browser plug-ins
  5. A TDSS removal procedure
  6. Avast Pro (trial version)
  7. Trojan remover
  8. Some gnarly instructions for mucking with the registry
  9. Combofix (not for the faint of heart)
  10. Unique wep key for the router
  11. Check for bad hard drive sectors

Still no joy.

Time to reinstall?

Then we tried reinstalling Windows 7 on one of our computers, and the virus was back. Exhausted, we concluded (wrongly, it turns out) that this was a hack on the web sites we were visiting, and not in our home.

New Theory — maybe it’s the router

Then we theorized that the virus could be in the router’s operating system. So we tried this suggestion we found on the web for our router: Update the firmware on the router. (The firmware is the router’s operating system.)

Still no joy. We concluded that it must be that the web sites were hacked into — in other words, there’s nothing wrong with the patient.

Then we learned that a router can be hacked, probably by the following means:

The hacker creates a false DNS (domain name server) out on the web, and then stuffs the IP of their fake DNS into your router.

Well, if this is true, then HOW DID THE HACKER GET INTO OUR ROUTER? Probably they got in there because we didn’t change the default password of the router when we got it. This is a lame excuse for sure, but looking back, the reason we never changed our password is because we couldn’t figure out how. (The router password is for changing router settings. It’s not the same as the WEP key.)

So we looked at the IP address in our router, and looked it up on the web. We learned that it’s a Russian IP address, and that it’s malware. Bang.

Fixing the Router — Part One

We followed this procedure to update the password in our router:

1. Fix the IP address. We did this by looking up a good DNS server IP address. A place to google is “opendns” where you can find IP addresses that are well known to be safe

2. Open your browser

3. Type in http://192.168.1.1 which will bring up the administration panel of your router

4. Then follow the instructions for your particular router to find the bad IP address and replace it with a safe one.

So we tried that.

JOY! Yay!

Fixing the Router — Part Two

But we had to do more. Just as we suspected, not all our test cases passed the test. The google analytics test still failed, while the others passed.

Then we looked up that particular problem, and found a suggestion to “hardware reset” the router to factory settings, followed by a change in password. That’s the paper clip procedure. Not sure if it’s the same on your router, but here’s what we did on ours:

1. With the router turned on, shove a paper clip into the reset button and hold it for a few seconds.
2. Then run your test case again.

JOY JOY JOY. All three test cases passed after we did the paper clip trick.

Fixing the Router — Part Three

You might not need to do part three, but here’s what happened to us: We lost access to our wireless network after the hardware reset. We’ve heard that “hardware resetting” your router can burn it out, so maybe that’s what happened. Probably the card in the router that controls the wireless connection got fried during the reset. That’s a guess.

So we figured we’d just go out and buy a new wireless router, as a way of seeing if this was so. We could always return it, as we use Best Buy, and they have no restocking fee on small electronics like a router. In the store, we discovered a new kind of router. It’s the Linksys E3000.

Why our new router is better

What’s good about this new router:

1. It has an automated setup for all your computers
2. It comes already uniquely passworded, and with an easier user interface to update the password if you so choose
3. It has a higher level of encryption than our old router (it’s using WPA2 instead of WEP).

However, buying a new router is perhaps not necessary. We only did it because we fried our wireless.

All problems solved

So we set up our newly bought router, and now our wireless works.

The order in which to try and solve the problem

If you think you may have the redirect virus, try these steps in this order, based on what we’ve learned:

1. Get rid of it in your router first, by following what we did for ours.

2. Then, with only one computer on, and not connected to the router, follow all the conventional suggestions for getting rid of it (except combofix). Now connect that computer to the router and test.

3. Turn on the next computer, and repeat step 2. Continue until you have treated all your computers. We suggest only using combofix as a last resort, and only with the help of the folks at bleepingcomputer.com. See if you can get rid of the virus without it. We think your chances are pretty good.

4. Reinstalling your OS is a last resort, and probably wouldn’t solve the problem. If you had what we had, you really have to attack this both on your computers and in your router.

Our new Linksys router acknowledges the hacker vulnerability

Yes indeed folks. There was a label covering the CD drive on our new router. It says it all.

In case it’s hard to read here, this is what it says:

“FOR YOUR SAFETY. During the setup process your Linksys router will be assigned a unique password to help protect its wireless signal from unauthorized access. If you wish to change this password, please follow the instructions in the User Guide at linksys.com/support.”

Our grand conclusions

1. Our computer security had been fine all along. It’s still true that you can fully protect your computer with free stuff. I’ve even become brand-loyal about it. I’ll stick with my list.
2. Routers need protection too. They’ve been woefully ignored (well, at least by us!)

Those pesky IP addresses we found on our router

Here is the post we found about the Russian malware sites with the exact IP addresses we found on our router. The IP addresses are:

213.109.65.40
and
213.109.75.90.

Installing Adobe CS4 on Windows 7

Solved! After three days of failures trying to install Adobe Creative Suite 4 on Windows 7, I ended up with a procedure that amassed data not unlike “Vger,” the lost Star Trek space probe that gathered intelligence from all corners of the universe in search of its creator. Therefore I am certain that some steps in my conglomeration are unnecessary, but the point here is that the list below did work.

The failures I encountered along the way included:

  • cs4 freezes on “preparing to install”
  • “setup has encountered an error and cannot continue”

I also don’t claim that a smarter user would flail around for three whole days. However, the guidance I found by googling was also of the flailing type, so maybe you’re no worse off following my procedures than someone else’s.

I especially suspect that some of it is not necessary, as the last change I made in my routine that resulted in success was to be more thorough about turning off all the components of the resident shield of my anti-virus. Maybe that’s all that was needed. I use Avast, and realized after three doltish days that you have to turn off seven separate components of the resident shield, not just one. Turning off your anti-virus is one of few procedures that seem to be unanimously agreed upon out in the geeky cyberworld regarding the install of Adobe (which I’ve affectionately renamed “Adopee.”)

But anyway, the list below worked. Note that it includes a thorough cleanup of prior attempts at install.

Also noteworthy is that I had been trying to install CS3 first, and then CS4, but discovered in the end that I don’t have to install CS3 in order to install CS4. I just have to have the serial number handy for both. This set of procedures is the more streamlined of the two. That is, it goes straight to CS4.

  1. Run cleanup (I use ccleaner, disk cleanup, and Windows cleanup)
  2. Uninstall CS4 using Revo Uninstaller with advanced options
  3. Uninstall CS3 using Revo Uninstaller with advanced options
  4. Run the CS4 cleanup utility that you can find online
  5. Run the CS3 cleanup utility that you can find online
  6. Turn off the UAC completely
  7. Reboot
  8. Turn off security, firewall and all components of the resident shield in your antivirus
  9. Turn off programs running in the background or that could suddenly start running. I turned off Crashplan, Argentum, Secunia, and Logmein
  10. Run cleanup again
  11. Run CMD as administrator
  12. Type this into CMD: regsvr32 jscript.dll
  13. Run the setup.exe of CS4 as administrator. Say yes to Adobe Creative Suite Premium 1
  14. I chose the easy install, but I regret it due to the amount of space it takes up.
  15. Turn all your security back on, the UAC, the antivirus and the firewall

This procedure worked for me, with the exception of an Indesign failure, but I don’t currently need Indesign so I didn’t deal with it.

Notes:
1. Don’t install CS4 Flash. It’s flagged by Secunia, and I couldn’t figure out how to successfully uninstall it. I ended up deleting just the exe file that Secunia flagged. (And deleted it from recycling too.)
2. On a second Windows 7 computer, I installed only Photoshop using my procedures, which went smoothly.

Itunes eating CPU’s — SOLVED

Got Itunes blues? My kid’s Itunes were freezing up and playing scratchy. I found two problems, each of which make Itunes slow to a crawl. You can see it by running Process Explorer.

Malwarebytes Anti-malware
Every time Malwarebytes Anti-malware runs, Itunes spikes its CPU usage, with gusts up to 90 percent. On that computer I do have my Itunes on an external USB drive. Interestingly, even scanning the internal drive, not the external drive, causes the spike.

On another computer, Malwarebytes Anti-malware runs at around 3 percent. That computer has Itunes music on the internal hard drive.

Having Itunes music on the external drive could be the culprit, but I don’t plan on debugging any further.

Instead I tried Spybot and Windows Defender. Spybot seems to bog down Itunes on startup and shutdown, so I nixed that. Windows Defender seems fine.

Avast Anti-virus
Avast was also slowing Itunes to a crawl. I fixed it without changing antivirus software. I clicked on settings, then exclusions. I excluded the Itunes Music folder. Then I told my kid to be wary of music given to her on a memory stick.

You do not have permission

Excuse me, but it’s my computer. I can delete anything I want. Today I wanted to delete Windows Live, as I could find no easy way to uninstall it from my Windows 7 laptop. I don’t have all day.

NOT! I “do not have permission,” yada yada yada. So I whipped out my handy dandy Malwarebytes AntiMalware, and ran its dirty little function called “File Assasin.” I had to delete one file at a time, but it took only a few minutes.

So there, Microsoft. Take that!

Oh, and shouldn’t I be concerned about those dll files? Well…umm…do as I say, not as I do. But at least a dozen times (or admittedly more) I have deleted programs that I couldn’t seem to uninstall, and never ran into a problem over having deleted some pesky little dll’s.

And I always run ccleaner registry cleanup afterward.

ABC Amber Image Converter

Got WMF files? Don’t know what to do with them?

A tidystorm reader had one of those years-old clipart libraries. It was Art Explosion 800,00, containing 19 gigabytes on 34 CD-Roms. The idea at its inception was to find your picture from their big fat book, then find which disk to load, every time you wanted some clipart.

Art Explosion is still worth its cost.

But computer hard drives offer far more space than they used to. No need to load and execute their cataloging program. And no need to keep loading separate clipart disks every time you want to find some art.

Instead, just copy all the good stuff (not the catalogs) from those disks to your hard drive or an external drive once, and you’re done.

However, some of the files are of type WMF. For that you need a converter. Google searches churned up none that are actually free. Even CNET said one was free, but you get a gad-blame watermark over each image. The real one’s not free. And not all of them had batch conversion.

There was one out there, with batch conversion, for fifty bucks. But no tool should cost more than around twenty bucks. More searching.

Then ABC Amber Image Converter emerged in the search results. For the full version, it’s $23.45, which includes the “Manual Processing Surcharge” (whatever that is) of $3.50. It takes credit card or paypal.

Four minor glitches, though:

  1. They don’t tell you ahead of time about the surcharge. So you think you’re paying 19.90.
  2. It took nearly twenty-four hours to receive the registration key. Hence the “manual” in in the surcharge?
  3. When using the batch function, rest assured — it will process all the files you want at once, in spite of that grayed out button.
  4. The registration key is a download that invokes regedit for you. Some users may find this disconcerting, but it does work.

The converter does it job. It seems its developers applied their talent to the utility, not their marketing. If you want better marketing, you’ll probably have to pay more elsewhere.

But for a cheap converter, nothing wrong here. ABC Amber Image Converter


Why won’t notepad preserve my php file?

Hacking a PHP file, and too lazy to even download notepad++? (Yes, that’s pretty lazy.) Then use notepad, but don’t forget to save as UTF-8.

According to its author, “Notepad++ is a free (as in “free speech” and also as in “free beer”) source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License.”