How to fix McAfee VirusScan Corporate update error.

McAfee Update Issue – Affecting corporate users world wide

McAfee released an Anti Virus update early morning on Wednesday 21st April that falsely detects a core windows file, svchost.exe as a virus. It then quarantines or deletes the file causing windows to become essentially useless.

This problem seems to be only affecting Windows XP SP3 machines at the moment.

Some of the symptoms of the affected PC’s are:

  • Loss of Task Bar and Start Menu
  • Unable to connect to the network or internet

This has been a major problem for many companies as the current fix, at least right now, requires each machine to be touched by IT, in person, to repair the bad update as well as the svchost.exe file. As can be imagined, when faced with automatic updates across a company of hundreds or thousands of users, an IT department quickly has a major headache on their hands.

This is adding to the frustration and is causing delays resolving the problem.

If you are struck with this problem, and feel confident enough, you can fix this problem yourself, taking the strain off of your IT department and also getting yourself back up and running again.

Please note: Although straight forward, you will be accessing windows system files and as such due care and caution are advised. Please read through this guide thouroghly before attempting to perform this fix. If at any stage you are unsure, seek professional advice.

This guide has been adapted from the official McAfee Document – False positive detection of w32/wecorl.a in 5958 DAT (for Corporate/Business users) – VirusScan Enterprise found at http://vil.nai.com/vil/5958_false.htm

To fix the problem

What you need:

  • A working PC with internet access
  • A usb stick/pendrive

Step 1 – Download

  1. Then download the Updated DAT file which is available from the McAfee Security Updates page at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp?region=us&segment=enterprise and save it to your USB Stick

Step 2 – Recovery

  1. Boot up the affected PC and insert the USB Stick
  2. Access Windows Task Manager by pressing Ctrl – Alt – Del on the keyboard
  3. From the File menu choose New Task (Run…)
  4. In the Create New Task box, Type explorer.exe and then press Enter
  5. This should bring up a windows explorer window that you can then use to navigate to the file system.
  6. Navigate to your USB Stick and double Click on the DAT update file that you downloaded earlier.
  7. Follow the instructions on screen to complete the update.
  8. Once complete, using the Windows Task Manager, once again from the File menu choose New Task (Run…)
  9. In the Create New Task box, Type “C:\program files\mcafee\virusscan enterprise\mcconsol.exe” /standalone and then press Enter
  10. This will bring up the management console for McAfee Virus Scan
  11. Double-click Quarantine Manager Policy, then click the Manager tab.
  12. Right-click the detection and select Restore.
  13. Restart your computer by using Windows Task Manager and from the file menu choosing Shutdown > Restart

That should get you up and running. If you are still having problems or would like someone else to do this for you, please get in touch

How to upgrade a Jailbroken iPhone 3Gs to 3.1.2

If your SHSH hashes for your iPhone have been logged to Cydia, you can upgrade your iPhone firmware to 3.1.2 with a bit of hacking.

Step 1

Check to make sure that your SHSH files are logged with Cydia

If this is the case, you are in luck and should be able to upgrade you iPhone.

Step 2

Download the iPhone 3.1.2 firmware from http://www.felixbruns.de/iPod/firmware/

Step 3

Edit your hosts file (usually located in C:\Windows\System32\drivers\etc\hosts) using notepad and add the following line to the bottom of the file.

74.208.105.171           gs.apple.com

This fools iTunes into pointing to the Cydia servers for the verification codes to confirm that the 3.1.2 firmware is allowed to be applied to your iPhone.

Step 4

Make sure your iPhone is fully charged (this reduces the risk of it turning off mid upgrade), plug it into your PC and fire up iTunes

Step 5

Once connected, in iTunes, click on your iPhone in the side bar Shift+Click on restore and browse to the 3.1.2 firmware that you downloaded.

Click OK and wait for iTunes to go through its motions.

Step 6

Once complete your iPhone will reboot and you will be given the option to restore your files and settings from a backup.

Choose your backup and then click continue.

iTunes will now restore your files and settings to your iPhone.

Make a cup of tea or something whilst waiting…

Step 7

Download your Jailbreak of choice. I use blackra1n – http://blackra1n.com/

Step 8

Jailbreak your iPhone following the instructions of the jailbreak program. For blackra1n, just launch the program and click “make it ra1n”

Job done!

Useful links:

iPhone Firmwares – http://www.felixbruns.de/iPod/firmware/

Blackra1n – http://blackra1n.com/

Pwnage Tool – http://blog.iphone-dev.org/

Youtube Video by tysiphonehelp for blackra1n – http://www.youtube.com/watch?v=u7DnqOS1njU

Exchange Activesync not working on WM6

I just had a problem where one of our user’s HTC tytn ii phones was refusing to sync with exchange over the mobile network. I conducted the usual action of veryfying the password but could not find the problem. So I googled for the error code 85010014 which came up with loads of articles about resetting outlook – but I wasn’t using outlook, I was using activesync.
Back on the device I checked to see if I could navigate to OWA in Internet explorer which pulled up an error 500 code. This made me think that it could be the Internet connection but everyone else was connecting fine.
The next step was to doable the hspda connection and connect the device to the internal wireless – still not syncing!
Could it be the user account? I removed the exchange account from the device and set up mine in it’s place to test my theory. Mine synced fine and I could even connect to OWA as well.
I set the users account back up and got the user to enter their password and straight away the device started syncing!

The moral of the story is – if exchange activesync is playing up, it only takes a few mins to delete the account and start again as opposed to troubleshooting less likely suspects. The error code produced is a ‘general error’ so use a ‘general’ fix to rectify it.

Some Windows VPN connections through ISA 2006 failing

Having successfully set up our company’s ISA 2006 Server, tested it from home and on a few mobile networks, I confidently distubuted the instructions to the staff of how to set up and gain acces to the VPN.

A few days later, I was sitting back and admiring my success, when i recieved a phone call from a user stating that they are connected to the VPN but cannot access our terminal server.

A bit confused, I asked the user to disconnect and then try again, walking me through what they were doing. The user was not doing anything wrong!

It’s connecting to the network but it cannot see the network.

An nslookup confirmed that the connecting device was trying to use their local broadband router as the primary name server – no wonder it cannot see the devices on our network!

I assumed that windows would change the binding order and place the VPN connection to the top of the list allowing it first choice for name resolution.

Aparrently i assumed wrong and it does not work like that!

After some research and googling, i found a solution to the problem in a form of the Microsoft KB311218 (http://support.microsoft.com/kb/311218) unfortunately the solution provided was not adequate for an end user and also ad to be used everytime the connection VPN was established. What i needed was a script that could do this on the fly and also some way of packaging it up in a user friendly way.

This lead me to Connection Manager Administration Kit (CMAK) which is something i was looking into for when I implemented IPsec, which was the next stage of the VPN rollout.

Basicly CMAK is a way for administrators to preconfigure VPN settings and package them up to a neat executable that end users can install without having to mess about with the settings. It also has the ability to run pre, post and disconnect scripts automatically making it ideal if I actually had the script to fix the problem.

I performed a search for CMAK scripts and KB311218. After a while I found an amazing script by Torgeir Bakken, a Microsift MVP in Scripting and WMI at http://www.ureader.com/message/89324.aspx it seemed to me that someone else was in the same boat as me back in 2005!

Here is the script:

Const HKLM = &H80000002

sComputer = “.”

Set oReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” _

& sComputer & “\root\default:StdRegProv”)

sKeyPath = “SYSTEM\CurrentControlSet\Services\Tcpip\Linkage”

sValueName = “Bind”

oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues

arValuesNew = Array()

For i = 0 To UBound(arValues)

If i = 0 Then

If LCase(arValues(i)) = “\device\ndiswanip” Then

‘ entry is alredy first in the list, no point in continuing

Exit For

Else

‘ put NdisWanIp in the first element in the new array

ReDim Preserve arValuesNew(0)

arValuesNew(0) = “\Device\NdisWanIp”

End If

End If

If LCase(arValues(i)) <> “\device\ndiswanip” Then

iCountNew = UBound(arValuesNew) + 1

ReDim Preserve arValuesNew(iCountNew)

arValuesNew(iCountNew) = arValues(i)

End If

Next

If UBound(arValuesNew) > -1 Then

oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew

End If

By running this script, the VPN connection is placed at the top of the list. Excellent! Now just package it up with the rest of the settings using the CMAK and you are good to go!

A bit more searching and I found a tutorial that explians everything, and even uses the script, with step by step guides.The title is a bit misleading but the content is sound.

I discovered it a bit late but i’m glad i worked things out for myself. However, in the future i will probably just refer to this article as it takes the guesswork out of things.

http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html

Setting up WSS3 email support and recieving SMTP error: missing adsiisex.dll

The time has come to set up our Windows Sharepoint Services installation to receive emails. One of the first things that you need to do is install the SMTP service on the sharepooint server using add/remove windows components.

So you go through the motions:

  1. Click Start, Control Panel, Add or Remove Programs.
  2. Click the Add/Remove Windows Components button.
  3. Select the Application Server component and click Details.
  4. Select the Internet Information Services (IIS) component and click Details.
  5. Scroll down through the list and check the box next to SMTP Service, as shown in. Click OK, OK, and Next.

But instead of a nice and quick install you are presented with:

setup-cannot-copy-adsiisex.dll
setup-cannot-copy-adsiisex.dll

Setup cannot copy the file adsiiex.dll

No problem, just point the browser to your i386 folder on your win 2003 cd and all is well – Wrong! It’s not there!

You need to Extract the file from the cab file IMS.CAB and then point the browser to that file instead. The quickest way to do that is to fire up a command prompt and run the following command.

expand -F:* D:\I386\IMS.CAB C:\temp\ims

where D:\i386\IMS.CAB is the path to the CAB file and C:\temp\ims is a temp folder (which needs to exist before running the command)

This will solve your problem and allow you to complete your install of the SMTP Service

Edit Sharepoint sites for free!

A bit late but still worth a post, Microsoft has announced (in April 2009) that Microsoft SharePoint Designer 2007 is now free!
Go over to SharePoint Designer 2007 Download to get your free copy.

For those who don’t know much about SharePoint Designer, here is an excerpt from Microsoft:

Build solutions faster to enhance team productivity and efficiency

Use Office SharePoint Designer 2007 to create and deploy interactive solutions on the SharePoint platform, without having to write code.

  • Automate business processes such as document approval, custom event notification, and other collaboration tasks with the Workflow Designer.
  • Create reporting and tracking applications using data views and forms to easily gather and aggregate data from outside your site and from SharePoint lists and document libraries on the Web site.
  • Get started fast with pre-built Microsoft Windows SharePoint Services Application Templates, which are fully customizable and extensible using Office SharePoint Designer 2007.
  • Extend your solutions by building advanced interactive Microsoft ASP.NET pages. Insert and edit controls with the same powerful activity menus and control property grid previously found only in development tools such as Microsoft Visual Studio 2005.

Continue reading “Edit Sharepoint sites for free!”

Hard times and tightening budgets…

Money is tight, redundancies are possible and projects postponed.  Whilst budget cuts by some degree are inevitable, careful planning for the downturn will impact your business in a positive way.

Being forced to ‘do more with less’, forces you to look at problems in new ways and take an approach that you may not have looked at, wielding innovative results.

Often regarded as an area with high running costs, IT is likely to be one of those areas where businesses will look at in order to try and shave a few zeros off their overheads.

Faced with the prospect of reduced resources it can be daunting to cut back on IT, an area that integrates with the business on so many levels, but it is possible to cut back without cutting out.

Continue reading “Hard times and tightening budgets…”

Microsoft Distributed Transaction Coordinator Warning

Well I got a new error today other day on one of our domain controllers after doing a restart. A bit of a bug in Windows 2003 SP1 and easy enough to fix. The error is:

Event Type:    Warning
Event Source:    MSDTC
Event Category:    SVC
Event ID:    53258
Date:        05/01/2009
Time:        08:23:06
User:        N/A
Computer:    APOLLO
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Continue reading “Microsoft Distributed Transaction Coordinator Warning”

Investigating! See, I have these feet…

“I’m telling you about my feet! My investigating feet.”

Feet in the sense that i have just installed ubuntu on my laptop which comes pre configured with gnome which has a footprint as it’s logo – yes very loose link but i felt the need to reference red dwarf and it’s my blog so i will do as i please :p

Although my feet (sorry – laptop) is not my primary machine, it is my most used machine for general surfing of the interwebs and word processing, mainly due to the ease of working anywhere around the house etc. Its the kind of pickup and go element that makes it so handy.

Continue reading “Investigating! See, I have these feet…”

Outlook failed to start correctly last time. – and it goes on forever!!

I had this problem a about half a year ago where Outlook 2003 on terminal server would come up with a safe mode message for every user everytime they started it. At the time i solved the problem however a few weeks ago it came back and I couldn’t for the life of me remember how to fix it.

One of the uses of my blog is to document any bits of obscure IT related problems and their solutions so that if they happen to me again in the future i can just look up the solution without having to trawl google and waste time sifting through all the crap. Kinda like an IT helpdesk knowledgebase but for me.

So here goes:

When using Outlook 2003 on a Windows 2000 terminal server, you may receive the following error:

Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

No matter what you click Outlook opens – Yay.

No! The next time you launch Outlook you get the prompt again. And so on….

This is because when Outlook 2003 crashes or fails to load, the program generates this error message when you restart it. Safe Mode is a special operating mode that disables several of Outlook’s features but at least lets the program load so you can see existing emails and access other elements of the software.

What is happening here is that the program is not clearing the entry in the computer’s registry so it continues to display the error message.

To fix the problem you need to go into the registry on the server and do a search for “Resiliency” there will be quite a few entries (dependant on the number of terminal server users), you need to delete every entry that referrs to Outlook it should be something along the lines of:

HKLM\Software\Microsoft\Windows NT\Current Version\Terminal Server\Install\Software\Microsoft\Office\11.0\Outlook\Resiliency

and

HK_USERS\S-x-xxxx….\…..\Software\Microsoft\Office\11.0\Outlook\Resiliency

Once these keys have been deleted the message should go away.