Friday, February 27, 2009

Windows XP common errors and their fixes

1.Hal.dll missing or corrupt.

If you get an error regarding a missing or corrupt hal.dll file, it might simply be the BOOT.INI file on the root of the C: drive that is misconfigured
1.Insert and boot from your WindowsXP CD.
2.At the first R=Repair option, press the R key
3.Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4.Type bootcfg /list to show the current entries in the BOOT.INI file
5.Type bootcfg /rebuild to repair it
6 Take out the CD ROM and type exit
OR
Better solution: This seems to always work
expand x:\i386\hal. dl_ y:\windows\system32 \ X= cd rom drive letter

2.Corrupt or missing WINDOWS\SYSTEM32\ CONFIG

If you get the error:
Windows could not start because the following files is missing or corrupt
\WINDOWS\SYSTEM32\ CONFIG\SYSTEM or \WINDOWS\SYSTEM32\ CONFIG\SOFTWARE
1.Insert and boot from your Windows XP CD.
2.At the first R=Repair option, press the R key
3.Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4.Enter in the administrator password when requested
5.cd \windows\system32\ config
6.Depending on which section was corrupted:
ren software software.bad or ren system system.bad
7.Depending on which section was corrupted
copy \windows\repair\ system
copy \windows\repair\ software
8.Take out the CD ROM and type exit

3. NTOSKRNL not found
If you get an error that NTOSKRNL not found:
1.Insert and boot from your WindowsXP CD.
2.At the first R=Repair option, press the R key
3.Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4.Change to the drive that has the CD ROM.
5.CD i386
6.expand ntkrnlmp.ex_ C:\Windows\System32 \ntoskrnl. exe
7.If WindowsXP is installed in a different location, just make the necessary change to C:\Windows
8Take out the CD ROM and type exit

4. NTLDR NOT FOUND DURING BOOTUP

If you have FAT32 partitions, it is much simpler than with NTFS. Just boot with a Win98 floppy and copy the NTLDR or NTDETECT.COM files from the i386 directory to the root of the C:\ drive.
For NTFS:
1.Insert and boot from your Windows XP CD.
2.At the first R=Repair option, press the R key
3.Press the number that corresponds to the correct location for the installation of Windows you want to repair. Typically this will be #1
4.Enter in the administrator password when requested
5.Enter in the following commands (X: is replaced by the actual drive letter that is assigned to the CD ROM drive)
COPY X:\i386\NTLDR C\:
COPY X:\i386\NTDETECT. COM C:\
6.Take out the CD and type exit


5. Isapnp.sys error message at startup:

To replace the Isapnp.sys file in Windows XP, follow these steps:1. Start the computer from the Windows XP CD-ROM.
2. At the Welcome to Setup screen, press R to start Recovery Console.
3. If you have a dual-boot or a multiple-boot computer, type the number that corresponds to your Windows XP installation when you are prompted to select the Windows installation to log on to, and then press ENTER.
4. When you are prompted for the Administrator password, type the password, and then press ENTER.
Note If the administrator password is blank, just press ENTER.
5. At the C:\Windows prompt, type the following command, and then press ENTER:
ren c:\windows\system32 \drivers\ isapnp.sys isapnp.old
Note The steps in this article assume that you installed Windows XP to the C: drive. The actual location of your Windows installation may vary.
6. At the C:\Windows prompt, type the following command, and then press ENTER:
expand cd-romdrive: \i386\isapnp. sy_ c:\windows\system32 \drivers\ isapnp.sys
For example, type:
expand d:\i386\isapnp. sy_ c:\windows\system32 \drivers
7. After the file is successfully expanded, type exit, and then press ENTER to exit Recovery Console.
8. Restart the computer.

6. ntfs.sys missing or corrupt error message:

To resolve this problem do the followings:-
1] Boot computer with the Windows XP CD-ROM in the CD-ROM drive.
2] To repair a Windows XP installation using Recovery Console, press R.
3] At the command prompt, type the following commands:-

cd \windows\system32\ drivers [Press the ENTER Key]
ren ntfs.sys ntfs.old [Press the ENTER Key]

If the ntfs.sys file is there and corrupt it will rename it. If it is not there then it was missing.

4]At the command prompt, type the following command, and then press ENTER:
copy X:\i386\ntfs. sys drive:\windows\ system32\ drivers [Where X=CD-ROM Drive]

5]Remove the Windows XP CD from CD-ROM drive, type quit, and then
press ENTER to quit the Recovery Console.

6. Restart the system.


7. Windows XP Will Not Start


System files may be corrupted.

1.Start the Operating System from the CD-ROM
When the computer starts from the CD, the system checks your hardware and then prompts you to select one of the following options:
2.To set up Windows XP now, press ENTER.
3.To repair a Windows XP installation using Recovery Console, press R.
To quit Setup without installing Windows XP, press F3.
4.Press ENTER.
5.Press F8 to accept the Licensing Agreement.
A box lists your current Windows XP installation, and then the system prompts you to select one of the following options:
6.To repair the selected Windows XP installation, press R.
To continue installing a fresh copy of Windows XP without repairing, press ESC.
7.Press R to start the automatic repair process.
Note: After repairing Windows XP, you may need re-download all updates.


8. Error message: Unmountable boot volume

When booting up to Windows XP you may get an error that reads: Unmountable Boot Volume.

This is probably because your boot.ini file is messed up. Here is a possible remedy:
1. Start Windows XP with the Windows XP CD in your CD/DVD drive.
Once you see the "Welcome to setup" message, press the letter 'R' on your keyboard to enter the Recovery Console.
2. Select the Windows installation to be repaired (you will need to know the administrator password.
3. You will then get a DOS prompt. from here, type: chkdsk /p [Enter]
4. When that is done type: fixboot [Enter]
5. Type: Y at the next prompt [Enter]
6. Then type: exit [Enter]
The system will now reboot into Windows.
If for some reason that didn't work, you can boot to the recovery console (example above).
Type: "chkdsk /r" [Enter]
When done type: exit [Enter].
This takes a bit longer, but the system should boot back into Windows.
If none of these work do a repair, follow the directions from previous solution.# 7

Tuesday, February 24, 2009

Excel is on risk

For the second time in the past five days, security researchers are warning that hackers are exploiting a critical unpatched vulnerability in widely-used software.

Attackers are exploiting a "zero-day," or unfixed, flaw in Microsoft Corp.'s popular Excel spreadsheet, using the bug to hijack select systems in Asia, many of them in government offices and high-profile corporations, said Vincent Weafer, vice president of Symantec Corp.'s security response group.

Hackers have been using another unpatched vulnerability in Adobe Reader for several weeks in a similar fashion, although now that the exploit code has gone public, experts expect to see attacks quickly increase.

The newest vulnerability, which is in all supported versions of Excel, including the latest -- Excel in Office 2007 on Windows and in Office 2008 for the Mac -- is in the program's file format, said Weafer.

"This is very similar to the Adobe [Reader] vulnerability we found earlier in that it's being used as a targeted threat," said Weafer. He said Symantec's researchers first came across attack code yesterday, and reported their findings to Microsoft the same day.

Today, Microsoft issued a security advisory with more information about the bug; that's typically a first step toward releasing a patch when a vulnerability goes public.

Microsoft spokesman Bill Sisk downplayed the threat to most users, repeating Weafer's comment that attacks have been seen in only limited numbers. But he promised that the company would patch the problem. "Microsoft is currently working to develop a security update for Microsoft Office that addresses this vulnerability and will release it after it has completed testing," he said in an e-mail.

According to Microsoft's advisory, Excel 2000, 2002, 2003 and 2007 on Windows, and Excel 2004 and 2008 on Mac OS X, are affected by the vulnerability.

Until a patch is produced, Microsoft said users could protect themselves by blocking Excel files from opening, a process that requires editing the Windows registry, normally a chore that's beyond the ability of most users. Alternately, users can run Excel 2003 documents through the Microsoft Office Isolated Conversion Environment (MOICE), a tool the company launched in 2007 that converts those files into the more-secure Office 2007 formats to strip out possible exploit code.

It's not clear how effective MOICE will be in stymieing attacks, however, since the exploit now circulating was crafted with Excel 2007 in mind, said Weafer. According to additional analysis by Symantec, the exploit works on PCs running that version of Excel but fails against earlier editions.

Hackers are using the Excel bug to deliver a Trojan horse to targeted machines, added Weaver. The Trojan acts as a downloader that is capable of retrieving and installing additional malware on the hijacked computer.

Weafer declined to draw a line between the recent zero-day dots, noting that attacks -- particularly targeted attacks like those triggering the Excel and Adobe Reader vulnerabilities -- often come in waves. But he was less hesitant to speculate on the near future.

"As soon as you talk about an [unpatched] vulnerability, people start looking at it for use in broad-based attacks," he said.

Sunday, February 22, 2009

Hackers are exploiting Unpatched adobe reader

Hackers have been exploiting a critical bug in Adobe Reader, the popular PDF-viewing software, for at least nine days, researchers said Friday, but a patch may not be ready for another three weeks.

"We reported this to Adobe on Feb. 12," said Kevin Haley, a director in Symantec Corp.'s security response group. "That was the same day that we had a sample of the exploit."

Attacks have been spotted in Asia, primarily in Japan, said Haley, as well as in a few other countries. But their small number led him to characterize them as "targeted," meaning the victims had been specially selected.

"But this [bug] is not hard to exploit," he added, indicating that Symantec expects the attacks to spread.

So does Andrew Storms, director of security operations at nCircle Network Security Inc. "If the history of Adobe Reader vulnerabilities shows us anything, it's probably just a number of days before this takes off," Storms said.

In a security advisory released yesterday, Adobe acknowledged the bug and the ongoing attacks, and said that both Reader and Acrobat, an advanced PDF-creation and edit application, are vulnerable. Versions 7, 8 and 9 of both programs, and on all platforms, contain the flaw, the company confirmed. Adobe Reader, by far the more popular of the two applications, is available for Windows, Mac OS X and Linux.

Adobe plans to patch Reader 9 and Acrobat 9 -- the most current versions -- by March 11, and will then follow with fixes for Reader/Acrobat 8 and Reader/Acrobat 7, in that order. It did not spell out a timetable for updates to Versions 7 and 8, however.

In the meantime, both Haley and Storms expect hackers to take advantage of the bug, possibly by integrating new attack code into the multistrike exploit kits that are frequently used by cybercriminals to launch attacks against users who are duped into visiting malicious Web sites. "There's no reason to think that that won't happen," he said. "Reader is a very popular application."

The in-the-wild attacks trigger the bug with a Trojan horse that Symantec has pegged "Pidief.e," which then installs several additional components to open a backdoor on the compromised computer. That backdoor can later be used to inject additional malware into the machine.

Attacks could be initiated by spam messages that trick users into clicking through to a malicious site, or by packing exploit code in a file attachment.

Although neither Adobe nor Symantec provided details of the vulnerability, the Shadowserver.org site posted a partial analysis that claimed the bug was in a non-JavaScript function call.

"I had completely expected that this would be yet another JavaScript vulnerability in Reader," said Storms, who has blasted Adobe in the past for what he has called an "epidemic" of JavaScript bugs.

Shadowserver.org's write-up recommended that users disable JavaScript in Reader and Acrobat because, although the flaw is not in that code, turning off the feature helps protect against the current exploit. "The exploit can be effectively mitigated by disabling JavaScript," said Shadowserver. "In this scenario, Adobe [Reader] will still crash, but the required heap spray will not occur and code execution is not possible."

Storms had no better advice, but wondered if that would be enough. "What do we do in the meantime, between now and March 11, when Adobe patches this?" he asked. "Is the [disabling JavaScript] mitigation a good step or the only step? Without a look at the exploit, we can't be sure."

To disable JavaScript in Adobe Reader, Windows users should select "Preferences" from the Edit menu, then click on "JavaScript" in the ensuing list and uncheck the box marked "Enable Acrobat JavaScript." Mac users will find Preferences under the "Adobe Reader" menu.

Adobe Reader and Acrobat are no strangers to exploits. Last November, attackers jumped on a just-patched vulnerability in Reader 8.1.3 within days.

Wednesday, February 18, 2009

Google's own Operating System

Google has been slowly, but surely, displacing Microsoft as the number one PC technology company. Google has done it by misdirection. Instead of taking Microsoft head-on in desktops, Google first consolidated their hold on Web search and only then started moving into Web-based desktop applications. Then, in 2008, they made their first direct strike at the desktop with the release of their own Web browser: Google Chrome. Now, Matthaus Krzykowski and Daniel Hartmann, founders of the stealth startup Mobile-facts, have found that you can take Google's smartphone operating system, Android, and use it as a desktop operating system.

In fact, the dauntless duo found that it took them only "about four hours of work to compile Android for the netbook. Having done so, we (Daniel Hartmann, that is) got the netbook fully up and running on it, with nearly all of the necessary hardware you'd want (including graphics, sound and the wireless card for internet) running." In short, they found that Android was already a desktop operating system.

This didn't come as a surprise to either of them. They'd been expecting Google to use Android for more than mobile phones for months. What I find a bit surprising is that it was already so easy to port Android to a PC. Heck. I could have done it, and my coding skills are really rusty.

Specifically, the two got Android running in desktop Linux mode on a netbook, the Asus Eee PC 1000H. This is a pretty standard netbook. If you can get Android to run on it, you shouldn't have much trouble getting it to work on any desktop.

What's even more interesting though isn't that technically you can get Android to work on a desktop. Android is, after all, a Linux operating system and it's always been easy to move Linux from one platform to another. No, what I think is telling is that they found that Android has "two product 'policies' in its code. Product policies are operating system directions aimed at specific uses. The two policies are for 1) phones and 2) mobile internet devices, or MID for short. MID is Intel's name for 'mobile internet devices,' which include devices like the Asus netbook we got Android running on."

In other words, Google, not just some technically adept users, is already thinking about using Android as a desktop operating system. Krzykowski and Hartmann don't see Google making its desktop move very quickly though. They believe that Android-powered netbooks, thanks to Android's already existing hardware partners in the Open Handset Alliance, could arrive as early as spring this year.

They don't expect that to happen though because "One important part of the ecosystem would be to have a set of well-functioning applications (an office productivity suite, for example). Google is mostly leaving applications development for Android to third parties (applications which run in the browser like Google Docs being the notable exception). At the rate things are going, we don't see enough of these third parties developing applications for Android netbooks in the next 12 months."

I disagree. I don't see it taking 12-months at all. While it is true that Android's applications are written in the JVM (Java Virtual Machine, Dalvik, instead of Linux developers' eternal favorites, Gnu C or C++, Android already includes a set of C/C++ libraries. So, porting GCC (GNU Compiler Collection) shouldn't be that difficult. After that's done, bringing over OpenOffice 3.0 or the like would be trivial.

But, why bother? Google already has a host of Web-based applications that run great on Chrome. With Windows continuing to lose ground on the desktop, Vista a non-starter, and Windows 7 being rushed out the door, I could see official Google Android netbooks appearing in say the middle of the year. With Microsoft beginning to stagger -- will or won't Microsoft lay off employees this month? -- 2009 might be the perfect year for Google to take Microsoft head on.

IE7 is under attack

Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft Corp. patched just last week, security researchers warned today.

Although the attacks are currently in "very, very small numbers," they may be just the forerunner of a larger campaign, said Jamz Yaneza, threat research manager at Trend Micro Inc. "I see this as a proof-of-concept," said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time.

"I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits," he added.

The new attack code, which Trend Micro dubbed "XML_Dloadr.a," arrives in a spam message as a malicious file masquerading as a Microsoft Word document. If the fake document is opened, the exploit hijacks PCs that have not been patched with the MS09-002 security update Microsoft issued last Tuesday as part of its eight-patch February batch of fixes.

That update, which plugged two holes in IE7, was rated "critical" by Microsoft at the time.

"We first saw this over the weekend," said Paul Ferguson, an advanced threat researcher at Trend Micro. "But we're not sure if it's just a targeted attack or they're staging for something larger. It's hard to tell at the moment."

It's not unusual for hackers to swing into action with a new exploit only days after Microsoft has patched a previously-unknown vulnerability. "They know it takes users a while to patch," Ferguson added. "Even months after Microsoft patched, the Conficker worm was still able to infect millions of PCs because of lousy patching. That's not lost on the bad guys."

The "Conficker" worm, also known as "Downadup," continues to compromise millions of machines daily, even though, as Ferguson noted, Microsoft patched the vulnerability exploited by the worm nearly four months ago.

Yaneza and Ferguson speculated that the current attacks are precursors to a much larger assault that will revive a campaign that tempted users with news about Tibet. Those attacks, which Trend Micro reported in January 2008, share some characteristics with the newest exploits, including malware disguised as Word documents. Yaneza also said that it appears as though the hacker's command-and-control server is based in China, lending more credence to their theory.

"This is the 50th anniversary of the Tibetan freedom movement," said Ferguson, who said it's likely that a large-scale attack based on this exploit would use that news as bait. In 1959, when the People's Republic of China took full control of Tibet, the Dali Lama fled to India, where he is the head of a Tibetan government-in-exile.

One security expert has called on Microsoft to sever the links between IE and Windows to better protect users from attack. According to Wolfgang Kandek, the chief technology officer at Qualys Inc., people plug IE holes no faster than other critical Microsoft vulnerabilities, something that might change if Microsoft split the browser from the operating system and increased the frequency of its IE patches.

Cisco upgrade security in home wifi routers

Cisco Systems Inc. is building a Trend Micro Inc. Internet security service into some home Wi-Fi routers to help protect families and small businesses from fraud, phishing and predators.

Through a partnership announced Tuesday, two models of Linksys by Cisco Wireless-N routers will come with software for the Home Network Defender service. The service will also be available for some other Wireless-N routers. Customers will be able to try the service free for 30 days and then sign up for an annual subscription.

Home Network Defender evaluates security risks in real time as users surf the Web. When it detects malicious Web sites or legitimate sites that contain threats, the service blocks them. There are three levels of protection to choose from, and parents can set rules for their children, even detailing the settings based on the time of day.

The companies claim that locating Web security on the router both saves the trouble of installing software on each PC and prevents children from hacking into policy settings. Cisco's move with Trend Micro continues the company's push to build more functions into network infrastructure, a theme it is extending all the way up to power management and multimedia conversion in enterprise and carrier networks.

The announcement came as Symantec Corp.'s Norton division announced a free beta version of Norton Online Family, a software product for parents to monitor their children's online activities and generate reports that highlight questionable behavior. Online Family can analyze chat and social networking activity as well as Web surfing, and it is expected to ship in the second quarter for Windows and Mac.

Operating on a router, Home Network Defender can protect a variety of devices on a home wireless network, including connected game consoles, Wi-Fi-capable phones and personal media players, according to Cisco and Trend Micro. It can detect and prevent a wide variety of attacks, including online fraud, phishing schemes, viruses and online predators, the companies said. In addition to keeping users from going to dangerous sites, the product can prevent them inadvertently giving up valuable information to scammers.

Parents or network administrators can manage the software and set policies through a graphical interface in the Linksys Easy Link Advisor software. The service can also help to detect intruding devices and keep them off the network, as well as provide reports on violations of parental policies, Cisco and Trend Micro said.

Home Network Defender will come in WRT310N and WRT610N routers, sold in North America under the Linksys by Cisco brand. The regular price of Home Network Defender is $59.99 per year, but for the next 60 days, it will be available for $49.99.

Tuesday, February 17, 2009

"IE8" Another milestone for Microsoft

Microsoft Corp. will finish Internet Explorer 8 (IE8) next month, according to a Web site that has accurately predicted other moves by the company.

TechARP.com, a Malaysian Web site that has reported on Microsoft's plans to offer free upgrades from Windows Vista to the newer Windows 7, said today that Microsoft will reach IE8's "release to manufacturing" milestone, also known as "RTM," in March.

"Microsoft will RTM Internet Explorer 8 in March 2009, most likely sometime during the last two weeks," the site said, citing unnamed sources. "This is because Microsoft plans to announce the final details of the IE8 RTM schedule and available language versions by March 5, 2009."

In development parlance, RTM means that the software has been finished and that the vendor is ready to ship it to partners, release it to the public, send it to duplicators for retail distribution, or all of the above.

Microsoft declined to confirm or deny the TechARP account. "Out time line is driven by the quality of the product," said a spokeswoman today in an e-mail reply to a request for comment. "Microsoft is deliberate in our approach to releasing new products, and we feel a strong obligation to our customers to do so in a responsible manner that ensures they are getting the safest, most reliable product possible."

TechARP said that once Microsoft declares IE8 has reached RTM, it will offer it to computer makers, which can then add it to machines they ship with either Windows Vista or the older Windows XP operating systems. At the moment, the former comes with IE7, while the latter is bundled with IE6.

IE8 is also slated to be a cornerstone of Windows 7, the successor to Vista.

TechARP had no information on when Microsoft would post the final version of IE8 for public download. But the site's late-March RTM timetable meshes with past IE release schedules.

In 2006, there was a gap of eight weeks between IE7's first release candidate (RC1) and the public posting of the browser. A similar eight-week stretch from Microsoft's delivery of IE8 RC1 in late January 2009 would put the final build's availability at around March 23.

IE8 includes new Web standard compatibility features, performance improvements, a revamped address bar and private browsing tools.