Archive for January, 2009

OMG – Microsoft Songsmith

Okay – thanks to Leo and the gang at TWIT for opening my eyes to this one. Your first reaction might be to think this is a fake … but it isn’t. Once you have enjoyed this video, I encourage you to search Youtube for other Songsmith wonders (like “Roxanne” by the Police). Where can you download this magical application you ask? Click here to download from CNET.

Comments (3)

The President’s PDA

It has been reported by several of the major media franchises that President Obama is getting a new “secure” PDA to replace his Blackberry.  That new device is either a standard Blackberry that has been modified with additional encryption technology or the Sectéra® Edge™ by General Dynamics.  Either way, with a price over $3K, he better not drop that one in the toilet of Air Force One!  Have a look …

Comments (2)

W32.Downadup.B

Out IT team has been fighting a worm outbreak for more than 13 hours now.  We are seeing the W32.Downadup.B worm spreading like a disease.  This worm exploits a Microsoft RPC vulnerability (MS08-067).  Symptoms included AD account lockouts, RPC services on servers becoming unresponsive, client machines getting pop-ups about attempts to infect them, etc.  Even machines that have the MS08-067 patch seem to be getting infected in varying degrees.

The first step was to set AD policy to not lock out accounts with too many bad password attempts.  That provided some relief.  “Fixing” a machine is a bit more difficult.  The Symantec removal instructions are not complete by any stretch.  The Windows service that gets added shows up as set to “Automatic” start but is not running.  Attempts to set it to disabled or manual are met with an access denied message.  This is because the registry settings for the service are not set to inherit permissions (and they are set to read only).

So the first thing to do is a full virus scan (with current defs).  This will usually find one DLL file in the windows system32 file that is infected (and requires a reboot to fully resolve).  Before rebooting, you need to find the service.  Open it up and get the exact (strange) name listed at the top.  Search the registry and find those “protected” keys and set them to inherit permissions.  Then you can delete the keys.  Now reboot.  When you come back up, you will need to set the Automatic Updates and BITS services back from disabled to automatic and start them.  Process and critical updates and then you SHOULD be okay.  An easy way to check is to see if you can hit the Microsoft website.  The virus blocks that access, so if it works – you are probably done.

More details later (perhaps).  I am still cleaning infections, and I drafted this in between machines while I was waiting.

Comments (5)

World of Warcraft – Level 80

Comments (1)

Creative Commons License Creative Commons License