PGP Whole Disk Encryption for Mac OS X Released!

I recieved the Email below in my inbox this Evening – Can’t wait to try it out!

The wait is over! PGP Corporation has released PGP Whole Disk Encryption for Mac OS X.

This much-anticipated application is part of a major release enhancing the award-winning PGP® Encryption Platform, which includes general availability of PGP® NetShare 9.9, PGP Universal™ Server 2.9, PGP® Whole Disk Encryption 9.9, and the all-new PGP® Whole Disk Encryption for
Mac OS X.

As we outlined in our June 2008 announcement, the latest release of PGP Whole Disk Encryption 9.9 adds pre-boot authentication to the proven PGP Corporation data encryption technology for Intel-based Macs. PGP Whole Disk Encryption is the only product available today for both Windows and Mac OS X that is also FIPS 140-2 validated for use by the U.S. government.

To learn more about this application, visit http://na.store.pgp.com/whole_disk_encryption_mac.html#

Microsoft SBS 2008 has been RTM’d

While on a Windows SBS 2008 Core Training Call this afternoon it was announced that SBS 2008 has been released to manufactur as of today – Great News!

More info found here: http://blogs.technet.com/sbs/archive/2008/08/21/sbs-2008-released-to-manufacturing.aspx

And here: http://sbs.seandaniel.com/2008/08/windows-small-business-server-2008-rtms.html

Removing WinAntivirus Pro Malware

Yesterday I was presented with another opportuntiy to remove malware from a client computer – It was infected with a number of items however WinAntivirus Pro was the trickiest of this bunch.  Currently my malware removal steps typically are as follows:

Boot into Safe mode and Run SmitFraudFix.exe
If prompted reboot into normal mode and Login as the SAME user you ran it above (usually local admin)

Boot into Safe mode and Run SDFix.exe
Reboot into normal mode and Login as the SAME user

Download and Run RogueRemove Free Edition from MalwareBytes (this is the key to removing some of the trickier items as of Late)

Run TrendMicro Housecall – I do this even if I have local antivirus or an AV of choice – Usually I end up running this and follow it up with a Sophos Antivirus install once the system is mostly clean.

*Most malware these days resets security policy to lock users out of things such as running regedit, changing IE settings, or getting into key areas.

In this case the malware locked me out of IE Options – I was able to launch Internet Explorer in Safe mode from Start, Programs, Accessories, System tools and disable any suspicious addons.  Then open IE in normal mode and Goto Tools, Internet Options, Advanced, and perform the reset option – This resets the entire IE setup to default factory settings – I reccomend this with any malware infection.  This solved my lock down issues but more often it’s a registry setting that prevents you from accessing something.

Often I will also run WinsockFix as this resets the TCP IP stack and removes anything that might be tied into my network stack. (this may be redundant as some of the above tools do some of this as well – I’d rather over do it)

Once things seem clean I will often do a system file check by going to Start, Run and typing “SFC /scannow” – you will need your XP disk handy – this checks your core system files to ensure they are not modified or corrupt.

Finally I download Dial-A-Fix and run the complete range of utiltiies with the exception of flushing the software cache.  This fixes windows installer and windows updates as well as several other aspects of the windows system.

At one point in the process I reran rogue remove and it kept finding a C:\WAP6 folder on my hard disk – I went and looked manually and found there was actually a hidden folder.  In my case the malware actually removed administrator rights from the folder so I was unabled to retake ownership, change permissions or modify the folder either by traditional means or using CACLS in the command line.

As a last ditch effort to get permissions back on the folder I reset NTFS permissions on the entire drive (be careful of this as it will overwrite any custom permissions you have setup).

To do this goto start, run, and type “cmd”
In the command windows type “CD C:\WINDOWS\SECURITY\TEMPLATES”
Verity that “Setup Security.inf” exists in the folder
Type “SECEDIT /CONFIGURE /CFG “SETUP SECURITY.INF” /DB WAISAW.SDB /VERBOSE”
Wait for the process to complete and reboot your system.

You should now be able to rerun Rogue Remover and complete the cleanup of the malware folder.

These steps are by no means comprehensive for a cleanup but are meant to give ideas – In general I reccomend that a system have all software reloaded after a malware infection – with the sophistication of malware these days we can never be sure it is completely gone and even when a user thinks their system is fine there may be code hidden away capturing bank information or credit card data.

How to Patch Vmware ESXi 3.5 Update 2 using RCLI

If your like me and are running the newly free VMware ESX 3.5 Update 2 you’ve probably heard by now about the notorious bug that caused vmware servers to stop booting and completing vmotion on August 12th, 2008.

When I heard about the issue I took care not to shut down my server and earlier today Vmware finalized it’s patch to correct it.  I started researching the udpate process for my server and because vmware would really like you to be using their VMware Infrastructure they’ve left it a bit tricky to update a client in a standalone environment.

To start with you’ll need to obtain the VMWare ESXi RCLI (Remote Command Line Interface).  Vmware ESXi does not contain the normal console VM like ESX does and does not allow SSH or command line access by default so the RCLI is your way to perform some of these more advanced functions.

Next download the VMware ESXi 3.5 Patch Here.

Before applying the patch place your server into maintenance mode – to do so launch the vmware infrastructure client and suspend or shutdown any guests.  Right click on the host and select enter maintenance mode.

Launch command line from the Vmware menu in your start menu (in linux launch terminal)

Next Enter:
C:\Program Files\VMware\VMware VI Remote CLI\bin>vihostupdate.pl –server 10.10.10.10 -i -b C:\ESXe350-20080712-0-BG.zip

Enter your username and password when prompted.

You should see ouput as it unpacks the bundle and as it uploads the packages to the server.  If your watching in the infrastructure client you’ll see the install progress.

Once finished the command window prompted for a server reboot – typing yes initiates it.  After the reboot completes your server should be corrected.

Turn any USB Flash drive into a USB Login Key for your Mac

Secure your mac using the new Rohos Logon Key.  This new software locks down your mac by enabling a flash drive to act as a security device.  It waits at your logon screen requiring you to insert the specified USB drive before allowing login.  Check it out at Here.

How to Configure a custom domain name for the Autotask Client acess portal

Our company is a recent convert to Autotask, a practice management software for the IT consulting industry.  One of the great features is the ability for us to deploy a customer portal to view tickets, invoices, and other information regarding their service.  Because autotask is hosted we end up with a long URL to hand to customers similar to https://clientaccess.autotask.net/client=881920 – This is a problem for me because I like to keep things simple for the client.  I thought about a cname but because it isn’t just a hostname this won’t work.   Digging around my domain at Godaddy I noticed that they had a feature called “forwarding” – It only works for parked domains so making a third level domain or cname was not an option.  This wasn’t a huge problem for me so I bought a new domain name and enabled forwarding . . . a short 24 hours processing time later it was up and functioning perfectly.

Malware Removal Tool – SmitFraudFix Updated

The malware removal Tool “smitfraudfix” has been updated to v2.334 – This tool to be used with Windows XP and Windows 2000 has saved more than a few computers for clients, friends, and relatives recently.  Grab the Updated Download Here

Drupal Image Gallery Images only viewable when logged in

While working on a drupal site for a client I ran into an issue where Images were viewable while logged in as admin but not as an anonymous web user.  This appears to be by design however did not suit the use the client required.

Upon looking in the drupal recent log I saw several “access denied” warnings referencing the images and their thumbnails.

After digging through the drupal forums it appears there is an issue with the Drupal “Upload” module and disabling that solved the issue.  I wasn’t using upload features anyway but transferring via FTP so this wasn’t a problem.  I suspect playing with Uploaded files permissions may solve it as well.

Exchange SP2 Install Fails while installing Exchange Activesync

While performing a reinstall of Exchange SP2 I was presented with the following Error:

“Setup failed while installing sub-component Exchange ActiveSync with error code 0xC0070643 (please consult the installation logs for a detailed description).  You may cancel the installation or try the failed setup again.”

I took a look in the Exchange Server Setup Progress.log and found the following errors:

[10:30:57] Calling MSXML installer with command line:  “msiexec /i msxml3.msi /q reboot=”ReallySuppress””
[10:30:57] Process created … waiting (-1)
[10:30:58] Process has exited with 0x000643
[10:30:58] The command

msiexec /i msxml3.msi /q reboot=”ReallySuppress”

failed, returning error code 1603 (Fatal error during installation.). — ID:31136 — ScCreateProcess (f:\tisp2\admin\src\libs\exsetup\hiddenw1.cxx:1821)
Error code 0XC0070643 (1603): Fatal error during installation.

After a few Google searches I found the following forum Posting Here

In short – MSXML3 is already installed on the Server – The post outlines the following steps.

  1. Get a copy of the Windows Installer package for the version of MSXML 3 you have installed.
  2. Place a copy inside Exchsrvr\bin
  3. Rename the existing msxml3.msi to msxml3.msi.backup
  4. Make a copy of the latest version MSXML Windows Installer file and rename it to msxml3.msi.  This will leave you with msxml3.msi and msxml3sp?.msi (in my case msxml3sp7.msi).
  5. Click Retry on the error and it should continue as planned.

In my case I didn’t show MSXML 3 Installed – I had the following packages:

MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB33579)

I tried a number of things but eventually came to the conlusion that I did in fact have MSXML 3.0 SP7 installed and it simply did not show in add remove programs.  I replaced the MSI with the download from this link:

http://www.microsoft.com/downloads/details.aspx?familyid=28494391-052b-42ff-9674-f752bdca9582&displaylang=en

After that I hit retry on the install and still had no luck – I then gave a reboot and a fresh attempt at the install a try using the updated MSI and it proceeded fine.