Archive for October, 2012


Why I Hate Windows 8

This entry has been updated for the 10th time. Last update was 10/7/2014.

Continue reading

Recently I encountered a computer that would not let me turn on the file and printer sharing in Vista. When attempting to turn on printer sharing, there was a message. Everytime I tried, I was giving a message that said something I can no longer remember. If I do, I will update this post.

Through a little work, I discovered that the Base Filtering Engine service was deleted. This was done by malware. The fix was easy enough. I just followed the instructions at the link below. It has registry files to repair the BFE service for Vista and Windows 7.

http://www.hageltech.com/blog/2012/02/07/base-filtering-engine-problems.html

This would be a good place to also provide two other commands that can fix network problems. Both must be run as an Administrator.

  • netsh int ip reset resetlog.log
  • netsh winsock reset

Also be sure to use Kaspersky’s TDSSKiller because if BFE is missing, chances are good the computer has a rootkit or an infected MBR.

 

So here is my problem. I just built a new computer with the AMD A10-5800K. When I tried to install Windows 7, the process would start and then the Windows logo would become distorted. I tried booting the Windows XP disc and all that came up on the screen was a non-flashing cursor but I could tell the boot process was working. I put in an old NVidia video card I pulled from an old computer and there were no video problems. So I went ahead and installed Windows 7. Then I removed the NVidia video card and tried booting the installed Windows 7 and the same video problem. It appears the video adapter on the CPU is not initializing properly.

I then tried to boot to the Windows 8 DVD. It worked. Although I will not install Windows 8 — anybody who knows me knows I think Windows 8 is far FAR worse than Windows ME because at least Windows ME gave you a start button — the fact that the Windows 8 DVD works with the integrated video tells me the CPU/GPU is not bad.

I fixed the problem by updating the UEFI firmware to the latest version. Once I did, everything worked fine. Without the extra video card, this would have been a classic Catch-22: I can’t update the UEFI without Windows, I can’t get into Windows to update the UEFI without the video working.

But at least I learned that these new APU’s (CPU/GPU on one chip) can be affected by the UEFI or BIOS. From now on, if I ever build another computer with an APU and no external video card, I will update the UEFI or BIOS right away.

A Windows Vista laptop is currently not booting. System Restore did not work. The customer said the blue screen of death appeared but I never saw it. The system file checker in the recovery console did not work, even though it said it found corrupt files but was unable to fix them. I tried chkdsk and bootrec /fixboot and bootrec /fixmbr from the recovery console already on the computer. When I was attempting to boot in safe mode, the boot process stops after loading hal.dll.

Because bootrec did not work and because safe mode stopped after hal.dll, I thought it was a virus infecting one of the Windows files. That is why I ran the system file checker. So I decided to scan the hard drive for viruses.

I pulled the hard drive and scanned with Eset on my computer. Eset discovered a boot sector rootkit and several other rootkit files on the computer, but didn’t clean any of them. (If I copied some of the files to my hard drive, Eset removed the file of my hard drive. Eset tends to be better for keeping things off rather than getting things off.) I found this interesting because I ran bootrec already which should have cleared and recreated the Master Boot Record and boot sector. Since Eset didn’t clean the boot sector, I ran Kaspersky’s TDSSKiller and that cleaned the boot sector.

I didn’t try to run the bootrec or bootsect commands from the Windows 7 disc. I wonder if these new rootkits alter the built-in recovery console so that the bootrec command does not clear the boot sector rootkit. From now on, if I suspect there is a rootkit I will boot using the Windows DVD and then try to fix the boot sector.

These are malware types Eset identified: (Eset tends to use their own name and not an industry standard name.)

  • Kryptik.AGVE trojan
  • Kryptik.AHVU trojan
  • Olmarik.AXY trojan – This is Eset’s name for the TDSS rootkit