Win 7 login issues to Windows 2000 workgroup share

Posted at 1:13:30 PM in Installations (47)

Windows 7 is here and we have to learn how to connect it to old legacy systems. I have several old MS 2000 servers running in workgroup mode and need to connect the Windows 7 machine to those PCs.

In order to find the server, I had to go into advance settings in the Network and Sharing Center panel (found on the control panel) and change the settings to allow shares. These are the settings

  • Turn on network discovery
  • Turn on file and printer sharing
  • Turn off Public folder sharing (may need to be turned on if you want to share the folders on the windows 7 PC)
  • Media streaming - didn't touch
  • File sharing connections - didn't touch - set  to 128-bit encryption
  • Turn on password protected sharing
  • Allow windows to manage homegroup connections

This allowed me to find the name of the server in the windows explorer, but still couldn't connect. A system window pops up and asks for a username and password. The domain always defaults to the name of the computer windows 7 is installed on. Using domain/user name will change the domain name, but that didn't help either.

The solution that worked for the connection and I didn't have to reboot for it to work was to go to control panel / Administrative Tools / Local Security Policy / local Policies / Security Options  and find Network security: LAN manager authentication level. It is set to "Not defined" by default which I believes means that Windows 7 will use it's new authentication level of NTLMv2. Edit this and set it to "Send LM & NTLM - use NTLMv2 when negotiated." Click the share and presto, you're in without the system window.

Written by Leonard Rogers on Wednesday, August 17, 2011 | Comments (0)

Windows 7 Printer install error 0x0000001c

Posted at 6:46:26 PM in Installations (47)

I just finished a windows 7 printer installation and at first got an error 0x0000001c. I wasn't able to find any good information. I did find an error wiki site, but after reviewing it, it appears to only be a gimmick to sell an error checker.

In any case, I had downloaded the driver for another windows 7 PC and had no problems installing it. My printer is a networked Sharp copier/printer MX-M503N. The problem I found was that I was installing a 64bit driver on a 32bit PC. Once I attempted this install, Windows 7 remembered the attempt to install to that port address and every subsequent attempt bypassed the opportunity to pick the correct driver. I was able to over come this problem by selecting print server properties, selecting the ports tab and removing the port identified by the IP address I was installing the printer too. I also found that every attempt to install the printer created a new port entry with and underscore followed by a number incremented for each attempt.

Once I removed the old ports, I was able to install the printer with the correct 32 bit driver without errors.

One final note on this model of printer and the installation process. Windows update did not have the driver required for this printer. I had to find it on the manufacturer's web site. It listed the Windows 7 driver, but when extracted, the program name indicates the driver is for a Winxp/Vista/server2003. I'm can't remember if I was able to install the drivers using "have disk" and selecting the location. I used the setup.exe in the root folder to install the drivers for this printer. Sharp creates their own named port, but those ports don't look any different that the generic port that you can create from the windows driver itself. 

Written by Leonard Rogers on Tuesday, August 9, 2011 | Comments (0)

hello4 and Blankwindow2 virus issues

Posted at 5:38:51 PM in Recovery (43)

I just received a laptop that had a virus on it. At first it appeared to be the standard rogue virus that displayed a message Windows Antivirus 2012 has found 34 problems on your PC. This type of virus isn't hard to get rid of, but after removing that virus, I started getting pop up windows that said hello4 and blankwindow2. I could also tell a process was continually spawning new processes. When I looked in the taskmanager, I found several ILO.exe programs running and new ones spawning. I couldn't stop them and so rebooted.  Then I got the message that hello4 wasn't responding and I couldn't shut down windows. I forced it off by holding the power button down for 10 seconds.

All my work from this point was done in safe mode. I ran Malwarebyte's Anti-malware which required and extensive update. (note: any installation before June of 2011 downloads the updated signatures and then a 9 meg file which is a new release of Malwarebyte's I believe version 1.51.1. This new version offers a trial of the full version and also tells you how old the signature's database is) After the update completed, it required a reboot, which I didn't want to do, but I got an error that it couldn't connect to the internet, so did the reboot anyway. After the reboot, the Malwarebyte's icon lost it's picture and appeared to be an empty link.  Then I check the properties and used the find target, which took me to the correct location, but I found there 2 mbam.exes, but one had a space between the mbam and .exe and that one had the icon.

I ran kapersky's tdskiller and removed 2 rootkits. Installed Malwarebyte's again and ran it removing 5 infections. Then rebooted the machine and got infected again right away.  This time I ran combofix and was alerted that I might have the virut virus which I've run across before which required that I scrape the hard drive and start over. Looking on the internet for virus's that put a blank between the original file name and the .exe is very hard to find. In fact, I found it looking hello4. The writer there was very helpful stating that the infection came back because all the programs that run at start up had been renamed just as I found mbam.exe had been renamed.  Apparently, there was a rootkit that was doing the renaming on any program that was run, which would include all of the startup programs and any that I ran to try to fix the problem, including combofix. He said he looked for all the .exe programs and renamed them back to the way their were before, since the program renames them and leaves the original in the same directory. I modified my search for all .exe's created on the date if the infection or later.

During the process, one of my reboots was in the non-safe mode because I thought I was clear. AVG's resident shield showed nearly every necessary startup file being infected. This also led me to believe the renaming process is just as was mentioned by the users on this forum: http://forums.g4tv.com/showthread.php?t=164532

Since combofix won't run with AVG installed, I uninstalled it amidst all the pop ups from the resident shield and went back into safe mode (it is possible to remove avg with the avgremover while in safe mode, but I wanted to see if I was clear of the virus and check avg at the same time. With the virus still there, I uninstalled it so I could use combofix). After getting back into safe mode, I went through all the exe's that had been modified since the infection and cleaned those up. I did find that one registry entry did not get modified. It had some switches following the .exe portion of the registry entry. Apparently the writer just performed a rename without checking if the name was actually a file name or had parameters. Then I ran combofix and discovered yet another rootkit and removed several files, including the xlo.exe file which I had renamed.

 I further read the information on the link I provided. A couple of people suggested using Superantispyware. It's the first time I used this product, but I ran it just to be safe. It did find additional infections and removed those as well.

For now, this machine looks like it's working clean.

Note: Virus is still present in the PC. After booting clean and installing AVG, several programs popped up with the resident shield detection showing a virus Win32/Katusha.A. Can't find any info on the virus.  The files infected showed as iPodService.exe, RegSrvc.exe, NicConfigSvc.exe, MDM.exe, jps.exe, iDriverT.exe, mDNSResponder.exe, AppleMobileDeviceService.exe, WLKEEPER.exe, S24EvMon.exe, EvtEng.exe and some game programs. I ran the Superanitspyware.exe after the updates completed for AVG. It ran all the way through, then closed automatically without letting me make any selections. When I tried to run the program again, it was unusable and the icon changed to an empty link.

Frustrating.

Written by Leonard Rogers on Tuesday, August 9, 2011 | Comments (0)

hp Laser Jet 3380 All-in-one (AIO) printer

Posted at 11:36:20 AM in BP Blog (7)

We installed this printer on a PC that had 3 other HP printers. One was an HP AIO that was installed over the network and one was a  Inkjet that had been physically removed from the computer a long time ago, but the software drivers were still there. And there was an HP 6000 printer that we were replacing. During the installation of the HP 3380 AIO, we got an error 97 on the printer itself.  There isn't any help for that error message.  It seems to be general error message for anything HP doesn't know what to do with.

After the error message displayed, the old printer wouldn't work anymore either. The printer spooler kept crashing. I came in and when into the spool directory under system32 and then into the printers folder and removed all the spooled files and was able to get the spooler to start and then the old printer worked fine.

I decided the only way to get around the problem was to uninstall all the other HP devices. The process was rather lengthy with many error messages on the way.  After removing all the other HP devices (all printers), we attempted to install the HP Laserjet 3380. The install with the full version of the software went through in less than a minute. I knew something was wrong because HP software has a huge overhead of software for even the simplest printers. Sure enough, the printer printed, but none of the other functions worked.

One note on the install was an error message about a program called scrubber that kept crashing with a message to send the info to Microsoft. It allowed the HP install to continue. I found out later that this scrubber was an HP product that supposedly checks the installed software and makes adjustments accordingly. The HP Laserjet 3380 is an older printer and doesn't have the imagining monitor software as well as a lot of the huge unknown HP overhead the new models have.  Apparently there was a lot of HP junk still installed in the computer.  

I used this hp removal utility: http://h10025.www1.hp.com/ewfrf/wc/genericSoftwareDownloadIndex?lc=en&cc=us&softwareitem=mp-24061-2 as suggested by bleepingcomputer. I didn't know if this was the HP software we had. Everything was uninstalled, so I wasn't certain how to tell the version that was stuck in the PC.  This removal tool worked however. I ran it 4 times consecutively. Each time, it gave a message that it was running a different level of clean up and each one took a little longer. The final run required a reboot.

After finishing with that utility, the HP LaserJet 3380 still crashed on the scrubber issue. It still installed in less than a minute. At the end, it gave me a message that it did not install properly and to run setup again. I immediately ran the setup again and got no error on the scrubber. The software took a little longer to install, but still didn't have the indications that new installs give (I've seen HP installs take over 10 minutes to complete). The install ended stating that it was successful and to reboot. After rebooting, there was still no image monitor. There is a toolbox that installs which gives http access to a local port number that updates the printer.  I opened the HP program folder and found the HP LaserJet 3380 and inside that folder was the scan tool. This tool is a little awkward. It asks if you want to print to file or email. Then you name the file and click okay. After that the scanner shows up. The first time we ran this install that didn't work, I got the same message, but when clicking the okay button, we got an error message stating that no twain compliant scanners were installed. This time, the HP scanner program did start up and the scanner worked fine.  

Setting the output requirements needed to be done through the hp toolbox. This version does scan to PDF.

Written by Leonard Rogers on Wednesday, August 3, 2011 | Comments (0)

Peachtree Visual C++ 2008 SP1 error message

Posted at 10:31:55 AM in Software (15)

Right after the August update for Peachtree Complete 2009, the first attempt to run the Payroll tax forms for city taxes, an error message popped up indicating that a Microsoft Visual C++ SP1 runtime files needed to be upgraded.  The error message provided a link to install those runtime files.  

I was surprised by the pop up and looked up what I could find, but all I found was entries poking fun at C++ from back in 2007.

The message say "Microsoft Visual C++ 2008 SP1 runtime files required" and then provides a link to download it. The file that you download is named vcredist_x86.exe from http://www.microsoft.com/download/en/confirmation.aspx?id=5582

I didn't have to exit Peachtree.  After installing that program from Microsoft, I went back to printing the tax forms and didn't get the error message the second time around.

Written by Leonard Rogers on Wednesday, August 3, 2011 | Comments (0)

Outlook, IMAP and Gmail google

Posted at 10:33:51 PM in Installations (47)

I had a problem today where Outlook 2007 kept giving an access error for a gmail account on both the SMTP and IMAP connections.  The error message always popped up requesting the password be entered again and a message indicating that the user should login to their gmail web interface. Calling the company that setup the account didn't do any good. They could see no problems and said they didn't change anything. We didn't get a chance to call Google about the issue.

The user was able to login to the web account, and we check the settings to ensure that IMAP was set up properly. We changed the password anyway because we thought the password strength wasn't strong enough as indicated might be the problem on the Google trouble page.  That didn't do anything to fix the problem. The the user connected using a different computer and had no problems. This ruled out the internet connection, gmail and her account settings.

Microsoft's implementation of IMAP in Outlook is sad at best. The plus side is that deleting the account and reinstalling it won't hurt anything because the email is managed at the server. After rebooting, turning off the firewall and other useless activities, I uninstalled the account and re-installed it again. Apparently some configuration setting associated with the account was corrupt and setting up the account again fixed it. 

Written by Leonard Rogers on Monday, August 1, 2011 | Comments (0)