Today I ran into a problem while repairing a computer that had a partially cleaned up virus. I completed the cleanup that my client attempted, ran all my antivirus tools, and thought I had everything working. That is, until I noticed the little red shield for Windows Security Center. It said, “We’re Sorry. The Security Center could not change your Automatic Updates settings.”

I then tried to turn the updates on in the Automatic Updates settings, but they were already turned on and enabled.

Next, I wanted to see if I could just run Windows Update. It, however, fails immediately if you try to run Express, and gives me Error number: 0×80070424. (below)

So… we have this problem. We can’t run or enable updates in Windows XP. They show enabled, but Security Center think otherwise.

Ok, so let’s fix this. First, make sure you’ve cleaned up any viruses. Once you are sure you are working on a clean system, then try the fixes below.

We need to create at least one batch file (below) and re-register all the components.

Step 1:

Let’s try this one first. Create a file called reg-wu1.bat. (call it whatever you want though, it doesn’t matter.) Copy the text below and paste it into the file. NOTE: you may need to enable file extensions in Windows Explorer so you can rename it to a “.bat” file.

regsvr32 c:\windows\system32\vbscript.dll
regsvr32 c:\windows\system32\mshtml.dll
regsvr32 c:\windows\system32\msjava.dll
regsvr32 c:\windows\system32\jscript.dll
regsvr32 c:\windows\system32\msxml.dll
regsvr32 c:\windows\system32\actxprxy.dll
regsvr32 c:\windows\system32\shdocvw.dll

It should look like this:

Save the file and double click to run it. A DOS box will pop up and execute all the commands. You’ll get several “Succeeded” messages that you need to click “OK” on. Shown below, I received 1 or 2 that didn’t succeed:

I ran the above, attempted to run Windows Update again, but still received the error. Maybe it will work for you though. If not, try Step 2.

Step 2:

Then I created another batch file and called it reg-wu2.bat and pasted the text below into it:

regsvr32 /s Softpub.dll 
regsvr32 /s Mssip32.dll 
regsvr32 /s Initpki.dll
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll
regsvr32 Urlmon.dll
regsvr32 Shdocvw.dll 
regsvr32 Msjava.dll 
regsvr32 Actxprxy.dll 
regsvr32 Oleaut32.dll 
regsvr32 Mshtml.dll 
regsvr32 msxml.dll
regsvr32 msxml2.dll
regsvr32 msxml3.dll
regsvr32 Browseui.dll
regsvr32 shell32.dll
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wuweb.dll
regsvr32 jscript.dll
regsvr32 atl.dll 
regsvr32 Mssip32.dll

Should look like the image below:

Again, as you did in step 1 above, save the file and double click to run it. A DOS box will pop up and execute all the commands. You’ll get several “Succeeded” messages that you need to click “OK” on. I receive 1 or 2 that didn’t succeed:

Here are one of the messages that did not succeed on this system:

Once this operation was complete, I went to Windows Update again and attempted to run the Express setup. EVERYTHING WORKED!!! YAY!! Even the Security Center showed updates were enabled and turned on again!

If you need further help, I found some of these repairs on the Microsoft Knowledge base article link below.

http://support.microsoft.com/kb/555989

Good luck!

Had a fun time today cleaning off some trojans and rootkits.  On this one client system, while trying to go online, the Internet  turned into the Inertnet! (Hahahha! I love that one!)  As usual, I have lots of ideas why, but no real evidence and clients saying “I don’t know how it got there.”  Doesn’t really matter though, it’s there and I am going to clean it off.  I managed to easily scan for and clean off a couple of them, but one would’t detect with any scanner.  AV.exe kept popping up, showing the fake windows security center and Antivirus 2010.  I used Process Explorer to see the offender, but I couldn’t find the file, it was hidden.

I rebooted with UBCD4Win, found the file and deleted it.  Problem is, this caused a mess in Windows. Nothing would load, I always got a “Open With” dialog box.  After some Googling, I found out where to fix that in HKCR in the registry.  In there, there was a setting for .exe files to open, and it was set to use av.exe in the user profile to open them!  How do you like that?!!

I wasn’t able to fix that in the current user profile, it was locked down somehow.  Opening in the Administrator account of XP allowed me to fix it though.  The default value for “exefile” should be set to:

“%1″ %*

(Just google that for more info.)

Ok, so got that all fixed.  Fun how you clean off these bugs, only to leave windows all messed up after!  Next, did all my final scans, tweaks and other items. (lock down IE, disable scripts/Flash/Adobe, add a windows update to Trusted Sites, and force user to use Firefox.  I also changed the icon on Firefox to the one for IE so the user will pretty much always use it!)  Then I tried to get all the updates caught up, only no go!  Wait, I am on the same Internet connection as my system, and it works for me, why not the client system?  Hmm… well they are on an isolated subnet, going through the firewall separately. (keeps their bugs off my systems!)  But, wait, those are the same DNS settings?

AH! Take a look at those NIC properties in XP.  DNS is hard set to 93.188.x.x!  Nslookup shows that as some place at a .com.ua domain. Well, let’s fix that one, and set to DHCP like it should be!  Problem solved, Windows Update works!

Fun stuff!  I’ve cleaned a lot of bugs over the years, and I’ve heard of DNS hijacking, but that’s the first one I’ve seen like that.

So I never took the time to look these up, but I just heard about them recently.  I always wanted to know how to create a new folder in Windows Explorer without having to use menu’s, by just using a keyboard shortcut.

In the right side of the Explorer window, where you want the new folder, press your “CTL+SHIFT+N” keys.  You’ll get a new folder ready to type in a new name.

Also, you can hit “CTL+N” to get a new window in the same location.

Go to C:\windows\pchealth\helpctr\binaries.

helpsvc.exe /regserver /svchost netsvcs /rainstall

Run that.
Now we have Help and Support available again.

This is just another one of those things that didn’t make any sense and only partially does now. At least NOW I know there is more at play here than the simple solutions in Samba using create mask and create directory mask. In Linux, that’s how I would get around the issues of Windows directory permissions running on a Linux SMB share.

Now, I am learning to do things the OpenSolaris way. I am loving OpenSolaris and ZFS! However, coming from a Linux and Windows “way of life”, there are some differences that just aren’t clear. What kills me is, I try the RTFM thing, and somehow completely miss that one little thing that makes it all work. Off topic, but an example, coming from Linux, I would just type “su” and get root access. In OpenSolaris, that won’t work. Neither will “pfexec su”, nor “sudo su”. Then one day, after dealing with it for a week or so, I stumble upon a post where someone in an unrelated sample script typed “pfexec su – root”. There ya go! Argh!

Anyway, back on the ZFS/CIFS/ACL thing. It was driving me nuts that I couldn’t figure it out. I wanted a folder with this setup:
/pool/sharefs – owner:greg – group:domusers
greg and domusers should have full control and all folders under “sharefs” should inherit that.

So under linux/samba, that’s where I would do like “create mask = 770″ or simlar, and “force create group = domusers”. Something like that, can’t remember exactly. made it simple actually. It always wrote files with the right perms and ownership and other people in that group could read/write just fine.

Problem is, you can’t get very specific about who get’s what, where, and you can’t use more than one group. Well, sure enough, there’s a thing called “ACL” that handles that stuff now. It’s been around for a while now, but I never even heard of it until I started using OpenSolaris. I like how it seems to be more compatible with the way Windows handles ACL’s. What I don’t like is, it’s confusing. I get the NTFS/Share perms in Windows, been doing that a long time now. The CIFS/ZFS ACL thing kind of makes sense, and it will “click” at some point the more I use it.

After spending hours on this, I reached a point where I had to figure it out. Here’s what I did.

On the ZFS file system, create it normally for SMB access. Then I changed some properties for aclinherit and aclmode. Change those to “passthrough”:
zfs set -o aclinherit=passthrough -o aclmode=passthrough pool/sharefs

Then chmod/chown. OH! That’s another thing. You need to use /bin/chmod and /bin/ls! Not just type: chmod … That wont work. In OpenSolaris the default path points to /usr/gnu/bin/chmod, which doesn’t have the “A” or “V” options to set/view ACL’s. That was another thing that DROVE ME CRAZY!!! I read the man pages and manuals and docs online and I didn’t catch anything that said, “Hey, there are different versions of chmod and ls here!” I can’t believe the time wasting here! Back to the point, do this to put your own default perms on:

/bin/chmod 2774 /pool/sharefs
(I actually am not positive that is needed, but I think it set group as inheritable)

/bin/chmod -R A- /pool/sharefs
(that will wipe out the current perms)

/bin/chmod -R A=owner@:full_set:fd:allow /pool/sharefs
(resets perms with only that acl)

/bin/chmod -R A+group@:full_set:fd:allow /pool/sharefs
(that appends the group perms, full control)

/bin/chmod -R A+everyone@:read_set:fd:allow /pool/sharefs
(above appends everyone read access)

In all the above that will preset INHERITABLE permissions for the subdirectories.  Notice above there is one with “A=” on it?  That will reset the perms and set only that perm.  So I guess you may not even need the previous line for “A-” to reset.  (I am just learning here ya know!)

It looks as if that makes a little sense now.  You can view the current ACL’s like so:  ”/bin/ls -V /pool/sharefs”

In my case, I might want to add another user or group:

/bin/chmod -R A+user:stacy:full_set:fd:allow /pool/sharefs
/bin/chmod -R A+group:othergroup:full_set:fd:allow /pool/sharefs
/bin/chmod -R A+group:yetanothergroup:read_set:fd:allow /pool/sharefs

So with this setup I can now open the share on the server and create a file or folder with inherited permissions.  It does, however, save my username as a new owner, so keep that in mind.  But if the group stays in there with “domusers” as full read/write access, I am happy.

Well, now I get it just a little and it makes more sense compared to Windows ACL’s.  I didn’t go over any share specifics and authentication issues, this was just ACL’s!  I still have to RTFM my way around that for a while.  Next project, join OpenSolaris to a Windows domain.  (Which, BTW, does not work in NT Domain style connections, you have to use Active Directory.)

When you run mstsc.exe, the Remote Desktop Connection client to connect to a virtual machine VRDP or other RDP connections, it’s not exactly clear how to enter the CTL+ALT+DEL keystroke to login. Do this:

CTL+ALT+END

:)

Man, I haven’t posted in ages! Well, here’s something I want to remember for later. Force a computer to logoff at a particular time, but still allow logons later. Using Active Directory, I think, will force a logon schedule and dissallow users from logon if not within scheduled times.

On the computer you want to force logoff, open the C: drive and create a text file. Then rename it to, force-logoff.bat
Be sure you can view the extensions, or it will hide the .txt at the end and this wont work. (it can’t be force-logoff.bat.txt, which is what you’ll get if you have “hide extensions of known file types” selected)
Then right click, edit.
Put this in the file and save it.

PsShutdown.exe -o -f

After that, find PsShutdown.exe and copy/paste it into the C:\Windows dir on that system. Get it from here:
http://download.sysinternals.com/Files/PsTools.zip
You’ll have to unzip that and get the Psshutdown tool out of it.  I usually just put all the Pstools in the Windows directory anyway, it’s handy to have.
Then to test, just double click the force-logoff.bat file and it should log you out.  NOTE: The first time you run any of the PSTools, you’ll get a little EULA and you’ll need to agree to the terms.  Not big deal, then after that you won’t get a popup.

Last, make a schedule for it to run every day at your desired time.

Here’s the link to the Microsoft site regarding PsShutdown command line usage.

http://technet.microsoft.com/en-us/sysinternals/bb897541.aspx