Wednesday, November 30, 2011


Think before you click! There is a new Trojan making the rounds on Facebook. It is a variant of the Zeus Banking Trojan. Zeus is capable of key stroke logging and data mining to find your banking usernames & passwords.

The method of delivery is by way of a .jpeg attachment, a common photo attachment. What happens is one of your "friends" accounts become compromised. The person that gained control of that account sends this infected .jpeg photo attachment to everyone on the compromised accounts friends list.

You, not thinking that your friend would send you a Trojan, happily click on the photo attachment. The rest is history. Once the attachment is open various Trojans are downloaded to your machine. Quite often by this point your AV software may not have reacted fast enough to stop it.

Here is an article from

I would recomend that you like their Facebook page. They deliver posts on current threats on a daily basis that are usually easy to read and understand, even for the casual computer user. 

Think before you click!

Thanks for reading,

Anthony C. Goodwin

Tuesday, November 29, 2011

HP TouchSmart IQ504 Tune-Up of Salem MA

Recently a client came in with a fairly new HP TouchSmart IQ504 with Vista 64Bit and 4GB of RAM. Chief complaint was pop-up windows and a general state of “slowness”. Other complaint was an issue with dead & duplicate bookmarks in Firefox. First step was to verify that these issues were not caused by Malware, Virus’s or a Trojan by running the clients own Norton AV program as well as Trends HouseCall  and Malwarebytes.

Next step was to conduct very simple benchmarking test.

Pre-Performance Tuning Bench Mark Tests:

·         6 Minutes 21 Seconds from Cold Boot until Hard Drive activity stopped and Network Connection was available. OVER SIX MINUTES! 
·         21 seconds to load Firefox.
·         30 seconds to load IE.
·         40 seconds for complete shutdown.

As always I backup all music, photo & documents to an external hard drive before going any further. Call me paranoid, but better safe than sorry.

Now we move on to the core of performance tuning to address the client’s complaints.

Performance Tuning:

·         Disable HP Advisor from sending data to HP. Impacts performance and may be a privacy concern.  Data sent is of little to no use to user.
·         Stop the following Services from automatically starting at boot:
·         Apple Mobile Device
·         Bonjour Service
·         HP Health Check Service
·         iPod Service
·         Lavasoft Ad-Aware Service
·         Stop the following Startup Items from starting at boot:
·         HP Health Check Scheduler
·         Microsoft Windows Mobile Device Center
·         Microsoft Security Essentials.
·         HPSmartCenterBoot
·         Skype
·         MobileMe
·         RealPlayer
·         Ad Muncher
·         hpwuSchd Application
·         Adobe Acrobat
·         QuickTime
·         iTunes
·         Backup Firefox Bookmarks. Install CheckPlaces Add-on to Firefox. Run CheckPlaces to eliminate “bad” & duplicate book marks. Find that of 286 bookmarks there were 95 bookmarks that were either not valid web pages any longer and of those 95 there were 65 that mostly led to eBay search pages. All were removed.
·         Remove Microsoft Security Essentials. Should not have two AV products installed & running at same time. Norton360 is installed and running correctly.
·         Clean exterior of case. Use compressed air to blow dust out of cooling vents/

Remove HP “crapware”

§  HP Customer Experience Enhancements. Never used.
§  HP Product Detection. Never used.
§  HP Total Care Advisor. Last used 3/29/09.
§  HP Update. Last used 4/20/10.
§  Shop for HP Supplies. Last used 12/18/09.
§  HP TouchSmart. Last used 8/29/09.
·         Run Disk Cleanup to remove unneeded files and compress old files.
·         File system on hard drive badly defragmented. Run defrag utility.
·         Remove 1000+ invalid registry entries.
Following the above work I again do my simple bench-marking test with what I thought were dramatic results.

Post-Performance Tuning Bench Mark Tests:

·         1 Minutes 27 Seconds from Cold Boot until Hard Drive activity stopped and Network Connection was available. 5 minute improvement!
·         3 seconds to load Firefox. 18 second improvement!
·         2 seconds to load IE. 28 second improvement!
·         30 seconds for complete shutdown. 10 second improvement!
When the client came to pick it up I showed them the pre & post benchmark test results and even just booting the machine up for them was enough proof for them that the machine now worked much better. I then showed them how to open the Control Panel and instructed them on how to run disk clean up and disk defrag. Told them to do that once a month or so and they should be all set for some time to come.

Dell Inspiron 6000 is Baaaaaack. AGAIN! of Salem MA

Third visit by the Dell Inspiron 6000. This time it can't boot at all. Well not totally true, it boots to an XP splash screen then loops back through BIOS screen in an endless loop. Stop it with F8 and get into boot options, try Safe Mode boot, just keeps looping. Disable automatic restart on failure and try again. Nothing. Just keeps looping.

Insert the OEM XP disk and get to the command prompt run chkdsk /r. Took about 4-5 hours to run. Surprisingly long for an 80GB drive IMHO. Did end up finding and repairing many bad sectors.

Once chkdsk was done it rebooted, went straight to a log on prompt and was able to log in and use the machine without issue.

I suspect that the laptop HDD was in the process of being read from or written to and was jostled about causing physical damage to the platter(s). I have had similar cases before. One which caused the very famous mup.sys error on another machine I worked on before. Just one forum on the mup.sys issue that started in 2004, and continues to have active entries to this day is 42 pages long and 825 replies and 742729 views! Link to that forum:

Thanks for reading,


Anthony C. Goodwin

Dell Inspiron 6000 is Baaaaaaack.

The Dell Inspiron 6000 I repaired a while ago is back. It had to be wiped and have XP re-installed as it was just too blown away by malware and her efforts to DIY it. 

Fast forward a couple months and now the machine can only boot into Safe no network and Safe with CMD prompt. If you boot regular you get this warning: "This copy of Windows must be activated before you can log on". Options are yes or no. If you select no the machine shuts down. If you select yes the desktop appears, no start/task bar, some HDD activity then nothing. Leave it for hours and nothing. (of course this was all my fault. must have been something I did to the machine when I first repaired it.)

Next I go to Safe mode and run this: rundll32.exe syssetup,SetupOobeBnk
That resets the 30 day activation clock. I can now boot regular, log on and get start/task bar.

Next I try to run the activation wizard. Click on it all you want, nothing happens. I go to open IE, going to browse to Microsoft site and see how to activate. I notice that it is IE6 that opens. Come to find out, Activation Wizard rely's on IE to run. But it would seem it has to be IE7 or 8.

So that leaves me with asking, what happens when a user removes IE? I know from my own experience that if I remove IE8 and reboot the machine, IE7 will then be in Add/Remove. Did this user remove IE7 which then caused issues with Windows Update, Windows Validation, and somehow screwed up the previously activated license? 

Finally got machine back up to IE8 and had to run Windows Updates to get everything from SP2 to SP3 and the most recent updates re-installed. It would appear that with the removal of IE by the user it had also somehow removed all Windows Updates.

I still have not found a definitive answer on this and maybe some day I will try removing all IE versions off a machine and see if I can duplicated this situation.

Oh, as a side note, when I first worked on this woman's machine she had renamed the IE start menu icon: "DO NOT USE MESSES UP COMPUTER". 



Anthony C. Goodwin

HP Pavilion dv8000 Repair or Replace? of Salem MA

Recently had an HP Pavilion dv8000 come in with vertical lines and blank spaces displaying on the screen. Client was willing to pay me a reasonable assessment fee just to advise her on how to proceed. 

Obvious first test was to connect to an external monitor. Video displayed without issue on the external monitor. This led me to think that the LCD panel was damaged or the video cable that connects the panel to the system board was chaffed. A common problem I see in laptops of all makes. 

I didn't shoot any video or take any pics of this operation. If you Google this model you will see plenty of videos of it being taken apart. I took apart the lid/screen then had to remove five hundred screws from the base just to get the keyboard and palm rest out of the was so I could check the video cable connection the the system board. The cable appeared to be attached properly. I could not see any signs of chaffing on the video cable, but as they are wrapped in a nylon "sock" it is difficult to see the actual cable itself.

With the unit disassembled I discovered that both the left and right hinge assemblies were cracked. The cost of those parts added to the cost of even a used screen pushed the repair to the point where it just wasn't cost effective to repair.

I showed user how to connect an external monitor and how to set it as the primary monitor. She was more than happy with that temporary work around until she picks out a new unit.

Thanks for reading,


Anthony C. Goodwin

Dell Inspiron 6000 Windows XP Media Center 2005 Repair of Salem MA

Client brought in an older Dell Inspiron 6000 with Windows XP Media Center 2005. Chief complaint was that they could no longer browse the internet and when they would open IE or Chrome they would get many porn site pop ups.

Based on the client’s description I didn’t even try to boot the machine. Instead I removed the hard drive and connected to my desktop with one of these adapters. This allows me to retrieve the client’s photos, music, documents and move off to an external drive. It also allows for the ability to run multiple AV cleanup tools. I tried RU Botted, Avira Rescue Disk, Malwarebytes and several others. With each run of the AV tools more and more instances of malicious software are found. I return the hard drive to the laptop and while it appears to operate a bit faster than before, I still cannot browse the internet.

There are differing thoughts on how to best handle a machine that has become infected. Some are ardent proponents that as soon as a machine is infected, wipe the disk clean and reinstall the operation system. And there are others, like myself that thinks some machines that are not heavily infected can be cleaned and perfectly safe to continue on using. This Dell was not one of those! It was totally hosed. The boot sector had also been corrupted.

As the client did not have the original Dell OEM disks for the operating system I called Dell and luckily they still had this particular disk in stock and for only $20.00 with shipping!

Re-installed the OS and got the machine up to XP Service Pack 3 and brought up to date on current Windows Updates. Client had already purchased AV that they would then install on their own.
I then moved clients’ photos, music & documents back to the laptop.

As this machine had LimeWire on it I can only assume that the user had downloaded malicious software from LimeWire which introduced the Trojan’s, Malware. LimeWire was a peer to peer file sharing service. LimeWire has since been shut down.

Thanks for reading,


Anthony C. Goodwin