March 2011 Entries

I have had to rebuild my Windows 7 PC and all has gone fairly well until I tried to connect to a Samba share on a legacy Linux box running Redhat 8.

No matter what combination of domain / user /password I would just see the same message of:
"The specified network password is not correct."

This is a misleading error, very annoying and a little confusing until I found a hint that Windows 7 default authentication was not supported on older Samba implementations.

I guess I figured this out once before as it used to work before the rebuild! Anyway here is the solution:

1. Control Panel->System and Security->Administrative Tools->Local Security Policy (or run secpol.msc).
2. Select Local Policies->Security Options->Network security: LAN Manager authentication level.
3. Select 'Send LM and NTLM - use NTLMv2 session security if negotiated' and click OK.



I spent most of yesterday removing an annoying virus from my PC. I feel slightly foolish for getting one in the first place, but after so many years I guess I was always going to eventually succumb. I was also a little surprised at the failure of various tools at removing it.

The virus would redirect the browser to websites including ‘licosearch’, ‘hugosearch’ and ‘facebook’, and the disk would be thrashing away infecting dlls in some way.

I had the full up to date version of McAfee installed. This identified that there was an issue in some dlls on the system and was able to ‘fix’ them. But they kept getting re-infected. So I installed Microsoft Security Essentials and this too was able to identify and ‘fix’ the infected dlls.

The system scans take forever and I really expected better results. I also tried Malwarebytes, Hitman Pro, AVG and Sophos to no avail.

Eventually I thought I’d investigate myself. It turned out that on reboot, the virus would start 3 instances of Firefox.exe which I’m guessing would do bad things including infecting as many dlls on the system as possible.

I removed Firefox and the virus cleverly then launched 3 instances of Chrome! So I uninstalled Chrome and yes, it then started to launch 3 instances of iexplore.exe. If I’m honest, by this stage I was just seeing if it would be able to use any of the browsers!

As it was starting these on reboot, I looked in my User Startup folder and there was a <randomly named>.exe and several log files. I deleted these and rebooted. When I looked they had been recreated. So I then looked in the registry Run and RunOnce entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Sure enough there were entries to run a file in C:\Program Files\<random name folder>\<random name file>.exe.

I deleted this and rebooted and it was fixed. I also looked in the event log and found a warning that Winlogon had failed to start the file C:\Program Files\<random name folder>\<random name file>.exe

So I also checked HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and this entry had also been changed.

Finally I ran a full system scan to clean up any infected dlls. I hope it’s gone for good!


Unfortuately this is the ramnit virus and there are too many infected files to trust that it will be gone for good, so only one solution...format hard drive and start again.

Note: reports about w32.ramnit.a / w32.ramnit.b say that only .dlls, .exes and .html files are compormised, however, my svn source cotrol is showing .doc and .xls files have also changed.

Fortunately I have recent backups which I feel slightly *smug* about as my work colleagues have been less than sympathetic!



Looking in Web Analytics I could see several external sites pointing at an old .htm file on my web server that no longer existed, so I thought I would get IIS to redirect to the new .aspx replacement. How hard could it be?

This has annoyed me for quite a while today so here is the answer.

1. Install the Http Redirection module - this is not installed by default!!

Windows 7
Start->Control Panel->Programs and Features->Turn Windows Features on or off.
Internet Information Services->World Wide Web Services->Common Http Features->HTTP Redirection.

Windows Server 2008
Start->Administrative Tools->Server Manager.
Roles->Web Server (IIS).
Role Services->Add Role Services.
Common Http Features->HTTP Redirection.

2. Edit your web.config file

    <location path="oldfile.htm">
            <httpRedirect enabled="true" destination="/newfile.aspx" exactDestination="true" childOnly="true" httpResponseStatus="Permanent" />

When a user clicks or Google crawls ‘oldfile.htm’ it will get a permanent redirect to ‘/newfile.aspx’ - and should take any Page Rank to the new file.