Statler’s Rogue Valley Views

http://www.myantispyware.com/2010/08/26/how-to-remove-fake-microsoft-security-essentials-alert/

=======================

Fake Microsoft Security Essentials Alert removal instructions (using HijackThis):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).

http://free.antivirus.com/hijackthis/

Launch the iexplore.exe and click “Do a system scan only” button.

If you can’t open iexplore.exe file then download explorer.scr and run it.

2. Search for these entries in the scan results:

O4 – HKCU\..\Run: [tmp] %UserProfile%\Application Data\hotfix.exe

O4 – HKCU\..\RunOnce: [SelfdelNT] cmd /C del “%UserProfile%\Desktop\antispy.exe”

Select all these entries and click once on the “Fix checked” button. Close HijackThis tool.

===========

Associated Fake Microsoft Security Essentials Alert Trojan and AntiSpySafeguard Files:

%UserProfile%\Application Data\PAV\

%UserProfile%\Application Data\antispy.exe

%UserProfile%\Application Data\defender.exe

%UserProfile%\Application Data\tmp.exe

%UserProfile%\Local Settings\Temp\kjkkklklj.bat

File Location Notes:

%UserProfile% refers to the current user’s profile folder. By default, this is C:\Documents and Settings\<Current User> for Windows 2000/XP, C:\Users\<Current User> for Windows Vista/7, and c:\winnt\profiles\<Current User> for Windows NT.

Associated Fake Microsoft Security Essentials Alert Trojan and AntiSpySafeguard Windows Registry Information:

HKEY_CURRENT_USER\Software\PAV

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = “0″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnPostRedirect” = “0″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “tmp”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “SelfdelNT”

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\antispy.exe”

===========

I think it was just listed as C:\Program Files\Common Files\PSecurityUninstall

Doing this single step worked for me.

However, I have also seen recommended the 3 step action below:

Delete directories:

C:\Program Files\PSecurity

C:\Program Files\Common Files\PSecurityUninstall

C:\Documents and Settings\All Users\Start Menu\PSecurity

==

http://majorgeeks.com/UnHackMe_d4563.html

=============

To fix the problem of Logitech Vid HD giving a firewall error call failure. It is typically due to a router issue, and the link below indicates there is a way to fix it.

Scroll about three windows down until you get to the post that reads

08-11-2011 10:20 AM
Hello bjackson;

http://forums.logitech.com/t5/Logitech-Vid/Firewall-blocks-incoming-Vid-Chat/td-p/360663

Well, it was a nightmare trying to figure out how to use Win7 Sysprep. The documentation is poor and the interface for creating the automated answer file (in xml) is horrible. I would have prefered the old text document version of an answer file and can’t for the life of me understand why they used xml.  But they did, and the bull-dog in me wouldn’t let go of the fight to figure it out, even though it was not possible to charge my client for the effort beyond the first few hours. So I’m putting what I figured out here. I hope to keep this as simple as possible, but it’s such a mess that simple is going to be unobtainable I fear.

The main value of using sysprep on a machine is that it can produce an install file with answers to basic questions and it can do more than just the basic install  of Windows. A syspreped machine will allow not only additional software to be installed but also drivers and settings.

For instance, we might want to have various utilities (defrag, maybe ccleaner, etc) and Office 2010 installed at the same time. A sysprep setup can install automatically with the right answer file

This is a work in process, so if you’re viewing this statement know that it’s not done. I published it anyway just so I’d have easier access to it. I hope to have links and even a sample to copy, but it will take a few days to finish this article.

There are 11 steps to the creation of a custom unattended Windows7 install in it’s most basic form.

1. Copy the Win7 CD files to a networked drive custom folder.
2. Create or modify an answer file (unattend.xml or a variation of that name).
3. Copy the answer file to root of the networked drive custom Win7 CD files folder (same location as setup.exe).
4. Create a Win7PE boot disk ???with imagex added???.
5. Create a base-install machine (load the programs and files you want replicated in future installs, do not join a domain).
6. Make an image of your base install machine for safety reasons (probably to the same networked drive but in a different folder from the Win7 CD files) — make sure you have a boot disk for the image program.
7. Sysprep the base-install machine (not using audit mode, but saving drivers).
8. ??? Boot from a WinPE disk and ??? run imagex to create an image of the sysprep’ed base-install machine (imagex will create a install.wim file).
9. Copy the sysprep-created install.wim file from the base-install machine to the /sources sub-folder of your custom Win7 files on the network (you’ll be replacing the /sources/install.wim file).
10. Test the install by mapping to the networked drive, changing to the Win7 folder created in step 1 and running, on the base-install machine, <setup.exe /unattend:unattend.xml> without the <> and all one line.
11. Log in, reboot with ???oob??? and give the computer a name.

Thereafter, booting with Win7PE CD and running steps 10 and 11 is all that’s necessary to do a clean install on any other machine. If it all fails, there’s always that image you created in step 6 — you did create the image didn’t you? If it didn’t work then there was a failure in either the answer file or the sysprep stage.

Now for the details:

Gather:
Install disk for Windows version to be installed (need install.wim from \source folder)
Sample …install.xml file for the Windows version?
Windows Automated Installation Kit (WAIK) DVD
Windows PE boot disk
Technician computer (for WAIK)
Model computer (to install programs)

Create Technician’s computer by installing WAIK
Copy “install.wim” to root folder on Technician’s computer
Open WAIK Management window
Right click in … window and direct to the install.wim file
Accept the creation of a catalogue of the install.wim file
Wait 10 minutes for completion
Open Walk-through file
Follow directions to create a new install.xml file
Note: there are two places for license keys. The first place
is for normal keys, the second place is for MAK keys. Don’t put
any in the first if you will be using a MAK key.
…..more about MAK key….

Alternatively, if you are just making a slightly different xml file, just copy the existing model and make changes directly with notepad. For instance, you might want to just change the product key or add/change default user/password.

Install on new machine:

Boot new computer with Win7PE
Map network drive where Win7 CD files folder exists
Clear and format the hard drive if you want

diskpart
select disk 0
clean
create partition primary
select partition 1
format fs=ntfs label=”system”
assign letter=C
active
exit

Change drive to mapped network location of Win7 CD files folder
Change directory to Win7 CD files folder
Run <setup.exe /unattend:unattend.xml> or use whatever unattend file you created.
Reboot
Login
Window appears — select OK to reboot to Out-of-box experience
Answer a few questions, give computer a name
If you are joining a Win2008 domain then open IE and type into address bar <connect> without the <> and follow those directions.

End

It is possible to have concurrent users on XP by adjusting the terminal services settings. Once that is done it is also possible to have multiple RDP connections to the local host (the same computer).

I found that information at:

http://www.mydigitallife.info/2008/06/13/workaround-for-remote-desktop-client-to-connect-to-localhost-local-terminal-server-service/

That article lists 3 ways to get it to work. The way I would expect to use is:

Workaround 2: Connect to RDC Terminal Services at Different Non Standard Port

Another workaround to the blockage of local host Remote Desktop connection in Windows XP is to connect to localhost (127.0.0.1) address on another port other than the default (3389). The hack is especially useful in Windows XP SP2 and SP3 where 127.0.0.2 forwarding IP address for localhost connection no longer work. By default, Remote Desktop listens and connects on port 3389. See the guide to change default Remote Desktop Terminal Services listening port, and how to connect using non-default port in Remote Desktop Connection.

That second link basically says:

For example, to connect to port 7777 on a computer that is named “remote.computer”, type the following information into the Computer box in Remote Desktop Connection as shown in the illustration:

remote.computer:7777

Or, I would say in the RDP GUI computer name box put <computername:portnumber>. Of course, that port has to be open in the first place.

I haven’t tested any of this out, I’m just keeping it for the future.

This relates to my problems with using AutoIt3 scripts on some programs while not interfering with current work on the same computer.

I was having this terrible problem with connecting to the office router via PPTP. It would say connected but I couldn’t ping the office router or any office computers.

Thanks to http://en.kioskea.net/forum/affich-67204-vpn-connects-but-no-remote-lan-access

I did, to quote one of the commenters:

I had a similar issue… What I had to do was tell the connection to not use the remote gateway to connect through internet. On the XP machine (works on Vista and 7 also) go to the properties of the VPN connection. Click on the Networking tab and double click Internet Protocol Version 4 (TCP/IPv4). Click Advanced and uncheck the box for “Use default gateway on remote network.” This will route all of your local traffic through whatever network you’re locally connected to, and any remote traffic through the VPN connection. This also assumes that you’re not trying to route your internet traffic through the VPN. If you leave this option set, then you will not be able to access any local network resources without manually specifiying routes to get to them. This is the default design of VPN . I know this post is old, but I figured I’d put in what I discovered it to be, maybe it can help somebody down the road.

Yeah!!! Through the hoop!

Now if I could just figure out why the Cisco QuickVPN client won’t connect I’d be all cool.