Top of Page Sunday Monday Tuesday Wednesday Thursday Friday Saturday
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Sunday, 29 July 2001
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
No entry.
Top of Page Sunday Monday Tuesday Wednesday Thursday Friday Saturday
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Monday, 30 July 2001
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Today our Exchange server began giving some problems. Remote users trying to get their email via Outlook Web Access got the message that their password was expiring in zero days. Hey, I set all the passwords not to expire, because this is a little company where everybody knows everybody, and half the people know their coworkers' passwords anyway. I also checked the anonymous internet user's account, to make sure its password was also set not to expire. No joy, still got the error message. I reapplied Exchange 5.5 Service Pack 4, still no joy. I reapplied a web client hotfix, MS Exchange 5.5 Update Q301361, but still no joy. I actually uninstalled the Exchange 5.5 RPC Patch 2654.51, wondering if it had munged something up. Nope. So just for fun, I applied the MS NT4 Security Rollup Package update, which was scheduled to be included in the stillborn NT4 Service Pack 7. No joy some more. As I left at night, I was expecting to have to reinstall IIS on the server.
Top of Page Sunday Monday Tuesday Wednesday Thursday Friday Saturday
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Tuesday, 31 July 2001
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
It pays to know smart people. My smart friend Daryl pointed me to the MS Support Knowledge Base, and suggested a couple of articles. The first one actually had a workable fix for my Outlook Web Access problem. It involved editing an ASP file on the Exchange server. Well, here's what the article recommended:
To resolve this behavior, first attempt to use the resolutions that are suggested in the articles referred to in the "Cause" section of this article. If you are still unable to resolve the behavior, or if the articles to not apply to your particular situation, follow these steps:
Go to the C:\Exchsrvr\Webdata\USA folder.
Open the Root.asp file, and then edit it:
Look for the line that reads:
if cint(days) < 0 then days = 10000
Change the line to:
if cint(days) < 1 then days = 10000
Save, and then close the file.
And that was it. Kludge? Maybe. Quick-n-dirty? Unquestionably. Effective? You betcha.
Top of Page Sunday Monday Tuesday Wednesday Thursday Friday Saturday
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Wednesday, 1 August 2001
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
At client site all day wrestling with Sir Cam. Woo-hoo!
Top of Page Sunday Monday Tuesday Wednesday Thursday Friday Saturday
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Thursday, 2 August 2001
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
A sardonic tip of the virtual hat to Sir Cam, the most annoying, difficult-to-eradicate virus I've come across to date. Kudos to the smarmy (of low sleazy taste or quality) weasel boy who stitched this together. The best analogy I can find for it is dandelions in your lawn. Cut 'em, dig 'em up, spray 'em with poison... and there they are again next week. This is one persistent critter. So without further ado, here's the best way I've found to tweeze the thing out of Windows 9x machines (and another tip of the hat to www.virus.com):
IN THE REGISTRY —
1. Boot clean to safe mode, or at least boot without logging into a network
2. Run REGEDIT
3. Go to HKCR\exefile\shell\open\command. On the right panel, double click on the Default value and remove "C:\Recycled\SirC32.exe" leaving only “%1” %* (double quote, percent one, double quote, space, percent asterisk)
4. Go to HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
5. On right panel delete the value "Driver32"
6. Go to HKLM\Software\Sircam and delete the key "Sircam"
IN THE FILE SYSTEM —
7. Open a command prompt window in C:\WINDOWS
8. Type ATTRIB RUN*.* and look for hidden files.
9. If RUN32.EXE exists, then type ATTRIB -H RUN*.*, delete RUNDLL32.EXE, and rename RUN32.EXE to RUNDLL32.EXE
10. Type CD SYSTEM
11. Type ATTRIB SC*.* and look for more hidden files, especially SCAM32.EXE
12. If hidden files exist starting with SC* then type DELTREE SC*.* and enter Y to delete each hidden file, and N to ignore normal each file. Typically there's just SCAM32.EXE, but sometimes another hidden SC* file exists
IN THE RECYCLE BIN —
13. Type CD\RECYCLED and then DELTREE /Y *.* to make sure that there's no copy of SIRC32.EXE left in there to be relaunched later
IN AUTOEXEC.BAT —
14. Edit AUTOEXEC.BAT
15. Delete any line that reads "@win \recycled\Sirc32.exe"
16. Restart computer
That's it, as it evolved for me yesterday through a very long day. Doing these steps in this order cleans the PC effectively. Until the next time a clueless end luser valued IT client opens an infected attachment or connects to an infected file over the network.
***IMPORTANT*** — By default, antivirus programs such as McAfee SPECIFICALLY EXCLUDE checking the Recycle Bin when they scan. This behavior can usually be modified in the program's settings. Unless you change this setting, you can scan to your heart's content, successfully detect and handle infected files, and think your system is clean. But it's not, unless there's also no infected file in the Recycle Bin. Be advised.
Top of Page Sunday Monday Tuesday Wednesday Thursday Friday Saturday
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Friday, 3 August 2001
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
No entry.
Top of Page Sunday Monday Tuesday Wednesday Thursday Friday Saturday
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Saturday, 4 August 2001
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
No entry.