2014/08/05

Windows 7 64-bit does not install printers shared from XP 32-bit? Here is the solution!

When a LAN (Local Area Network) has many Personal Computer (PC) associated with different operating systems (Windows XP, VISTA, SEVEN) may arise some problems with the printer drivers. When S.O. are part of the 32-bit and 64-bit part, it may cause incompatibility problems between printers, when you try to put them into sharing. 
In the Windows world for "shared printer" refers to a printing device is physically connected to a PC, but visible and usable by other PCs on the common local area network (LAN). 
Specifically, if in a system with Windows 7 64-bit you try to install (with the classic "Connect") a shared printer that is physically connected to a PC using Windows XP 32-bit, usually the process does not go to successful, and it appears the error message "No driver found". 

In essence, the printer is not correctly detected when you mix Windows drivers of 32 and 64 bit! 

As long as it does not receive an official solution (patch) from Microsoft, here is the solution provided by Arthur Xie on technet, to be taken on a PC that uses Windows SEVEN 64-bit

1. Click Start, click Control Panel and double click Devices and Printers.
2. Click Add a Printer. 
3. Select "Add a local printer". 
4. Select "Create a new port". Choose "Local Port" as the type of the port.
5. In the box "Enter a port name", type the address as the following format.
\\[IP address of the host computer]\[The Share Name of the printer]
Then click Next, (for example, \ \ PC1XP \ hplaserjet).
6. Click the button Windows Update, wait for the process finishes and then look for the driver again.
7. Finish the installation.

PERSONAL EXPERIENCE: 
Printer sharing with the combination Windows SEVEN 64-bit + XP 32-bit gave me a lot of problems with printers of different brands. 
While Windows 7 32-bit + 32-bit XP normally not one problem. 
Of course the real network printers, ie those that have a built-in Ethernet port and can be configured with a specific IP address, of course, are immune to this problem! 
© ALL RIGHTS RESERVED

2014/08/04

Corrupted file system ... how to retrieve data from file.CHK? 5 software to repair the damage!

Sometimes, unfortunately, it may happen that the operating system (Windows) is no longer able to read some files. This typically happens because the file system has been damaged because of a problem software and / or hardware.
Unfortunately it is not always possible remedy easily and, depending on the files or folders that have been damaged, it may become impossible booting the operating system!
Example: Checking the File System on Disk C:
The various versions of Windows (98, XP, VISTA, SEVEN, 8) over time have increased their level of security, and in the meantime the file system has changed (from FAT, FAT32, exFAT to NTFS) and has increased the its robustness to errors.

reliability
"Under FAT or HPFS (1), if a sector that is the location of one of the file system's special objects fails, then a single sector failure will occur. NTFS avoids this in two ways: first, by not using special objects on the disk and tracking and protecting all objects that are on the disk. Secondly, under NTFS, multiple copies (the number depends on the volume size) of the Master File Table are kept." Microsoft Source
Note (1): HPFS file system is introduced with OS / 2. HPFS is only supported in Windows NT versions 3.1, 3.5 and 3.51. In Windows NT 4.0 is not supported, nor is it allowed to access HPFS partitions.

Even today, some computers have storage devices that use File System older and less secure (FAT). More simply, many of us often use USB keys that are usually pre-formatted with FAT32 (not NTFS).

When problems occur in the file system, often already during system startup or when you insert a USB flash drive, the operating system performs automatic procedures that attempt to correct errors using the controls and procedures are already in Windows:

1) Chkdsk: from a DOS command that checks and tries to repair the file system. For example chkdsk c: / ​​F / R

2) Scandisk: a Windows program that checks and tries to repair the file system. For example Scandskw.exe

If these steps fail to "fix" the file system often creates a hidden folder FOUND.000 that contains all the files or file fragments recovered. They are renamed in the form FILExxxx.CHK, where xxxx is a sequential number.

Files with the extension .CHK (Checkpoint) identify precisely lost file fragments and often contain files mixed together so unusable.
Unfortunately, this type of extension does not facilitate the inspection of the files to see if they are still usable or not, but they can rush to the aid specific software (some free) that help in retrieving data such as:


2) FileCHK Martin Kratz (download from the website of Eric Phelps)

3) CHK-Mate of DIY DataRecovery 


All these software examine and replace the extension of file.CHK with the most appropriate depending on the nature of the files (photos, documents, music, etc..). In this way it is easier to open and check if they are valid.
In some fortunate cases the file is in fact intact and usable!

There are also other Shareware software (for a fee), but for which I have NOT been able to verify the effective capacity ...

5) CHK File Recovery of CHEAP Recovery Solutions

Finally, for those who want to examine the contents of your files manually (eg with Notepad) I recommend watching the first few characters of the file and compare them with the legend below to understand the nature of the files examined and associate the correct extension.

PK: compressed file (.ZIP)
MZ: executable (.EXE,.DLLs, .OCX)
BM: image (.BMP)
GIF89: image (.GIF)
II: image (.TIF)
Rar!: Compressed file (.RAR)
By: Microsoft Office files (.DOC, .XLS)
ITSF: compiled HTML file (.CHM)
% PDF: Adobe Acrobat file (.PDF)
‰ PNG: image (.PNG)

PERSONAL EXPERIENCE:
Supports most fragile and sensitive to problems of file system are USB flash drives and external USB hard drives, especially when using the old FAT system. Often the errors on the file system appear after you have removed the USB stick from your PC without first having "disconnected" with the specific function of Windows system tray, especially when the operating system was still copying or saving data on the stick or still had open files on it.

I remember one day in a USB flash drive (FAT32) used with Windows XP, I happened to lose the contents of an entire sub-folder (which showed "strange" characters instead of the name of the file). By inserting the same key on a PC with Windows 7, the OS I was properly warned of the problem and unfortunately "correct" File System automatically transforming however corrupt files on more than 1300 files with .CHK!
Thanks to the above mentioned software are quickly able to recover at least a portion of the documents from 1300!
Then I used a utility for Low Level Formatting (Low Level Format) to clear the entire contents of the key, and reuse the usb stick, see here: HDD LLF: how to low level format the hard drive.

Council No. 1: when you buy a new USB stick, which occurs with the operating system will use mainly:
  • If you use them only as a support for exchange between multiple PCs with different operating systems (XP, VISTA, SEVEN) then you need maximum compatibility then leave it as it is (pre-formatted FAT32).
  • If instead you use to store important data (such as backups) and mostly with 1 PC and 1 single operating system (eg Windows 7) then re-format it immediately into NTFS (New Technology File System), as the latter is more robust to errors. It 's true that NTFS loses compatibility with some older PCs, but there is for them a special reading software (NTFS Reader for Win 95, 98, Me).

Council No. 2: If you have hard drives or USB PC that already contain some data (FAT32 file system), you can convert it to NTFS without losing data by using the system command convert. For example, to convert the C: drive just write from the command prompt: convert c: / fs: ntfs
© ALL RIGHTS RESERVED

2014/07/30

Everything you wanted to know about Ransomware. How to remove it?

What is?
This computer fraud, known as "RANSOMWERE", is a new type of malware that spreads like a virus or worm. 
It locks the computer displaying a notice on the screen, and then, taking advantage of the fear of people and claiming to be a POLICE department (or FBI, or CIA, etc..), it requires the payment of a fine (but it would be better to call it "ransom") to unlock the user's computer.
The malware relies on the user's fear, accusing him of having committed illegal activities, such as downloading material protected by copyright like software or music, or be viewed and downloaded child pornography, and requires the payment of a fine (normally € 100,00) to remedy the alleged wrongdoing. 
Typical screen of Virus "Police"
A typical example of this malware displays a screen that reproduces the header of the Police (logo or emblem) and usually shows the IP address of the user's computer. In some cases even show the user's photo taken with the webcam of his own PC or notebook. 
It also requires the payment of a fine through fake websites (legal) specialized in making payments online without credit card or debit card, such as www.ukash.com or www.paysafecard.com (in whose pages a message indicates the existence of this type of scam). 
This malware, due to the payment system used, it is also known as "ukash virus" (but the ukash site has nothing to do with the creator of the virus). 
An other name of this malware is "Reveton" that is based on Trojan Citadel (which itself, is based on the Zeus trojan).
When the malware is active you can not exit the screen even with the keyboard shortcut CTRL + ALT + DELETE, and you are unable to freely use your PC. 

As you take? 
As with many other virus infection the possibility are: 
  • pure and simple navigation of  compromised websites, 
  • receiving emails with infected attachments or links to infected sites, 
  • exchange of infected USB sticks, 
  • installing cracked software, 
  • etc. 
Who does it affect? 
Windows systems are the first to be affected, but now even the Apple MAC OS X are targeted by Ransomware, fortunately in this case the solution is simple, just do a reset of the SAFARI browser. 

Even Smartphone and Android tablets are attacked by ransomwere
An Android Cryptolocker version was discovered in 2012, but it  did not crypt the files like the Windows Version!
ESET has discovered a dangerous new type of malware (Android / Simplocker.A) that is able to encrypt the data / files in your SD card expansion of Android devices and then asks for a "ransom" for decryption. 
[Source] ESET Blog 
Android-Trojan.Koler.A

Android-Trojan.Koler.A is a type of Ramsomware that attacks Smartphone and Tablet Android. Use GPS to understand where is the victim and simulate local authorities more plausible. Android-Trojan.Koler.A is not dangerous, because it do not completely block the device, but only in the foreground holding a browser window with a threatening message. Bogdan Botezatu of Bitdefender says that you can manually uninstall the malware with the standard procedure, stating - "but only if the application icon is in the first row. Otherwise you would not have the time necessary to drag the icon to uninstall." 
[Source] ARSTECNICA 

The Blog Malware do not need Coffee illustrates in detail the technique of propagation and the operation of this type of Ramsomware. 
[Source] Malware do not need Coffee: Police Locker land on Android Devices 

How to prevent "ransomware" infection? 
The best way is to keep updating the software on your PC: Use Windows Update to the operating system, carry out security updates of the browser, email client and the main software used as Adobre Reader, OpenOffice, Microsoft Office, etc.. 
Also it is good to install a good antivirus (even free) and keep constantly updated virus signatures. 

The variants that encrypt the data: 
Who has the PC infected with variant Tojan-Ransom-digit .Win32.Rannoh which crypt some files so that they can not be legitimately opened and edited, it can groped to recover them using special software developed by Kaspersky. It is RannohDecryptor.exe and is a tool that attempts to decrypt the files affected by this variant of ransomware. 

A new ransomware Trojan.ArchiveLock.20 (Dr.Web) affects primarily corporate networks by infecting the system and remaining invisible. Once activated remotely, malware and figure with WinRAR compresses several files through passwords and then shows a screen (which blocks the interface) with instructions to recover your data in exchange for money. In addition, the ransomware can delete any backup in the system. 
Trojan.ArchiveLock.20 (Dr.Web) 

But how to remove the "Police-themed" virus 
Depends on the model, some are easy to eliminate other more resistant. Later in this article I have included some information on how to eradicate the most stubborn variants. 
Specific Antivirus and Ransomware removal tools 
The anti-malware software HitmanPro.Kickstart has a specific form against the Police Ransomware. And 'possible to create a bootable USB stick with HitmanPro.Kickstart and use it to disinfect your PC. 
Even the software house PANDA security (anti-virus manufacturer) has developed a specific tool for the "Police Virus" is called PANDA RescueDISK. It 'a file with the extension. ISO (that is the image of a CD) and must be burned to a CD and booted at boot windows. 
This type of ransomware is also known as Trojan.Win32.Urausy and can be identified and eliminated, for example through Microsoft Security Essential
The Antivirus software company BitDefender, has created a special free Removal Tool (See: "How to remove ransomware infection FBI"). 
TrendMicro has released a free removal tool designed to detect and remove malicious software like ransomware: TrendMicro AntiRansomware Tool 3.0 

On 02.15.2013 Europol has vanquished the band of cyber criminals who had designed (at least) a type of malware RAMSOMWARE (with several variations). Source: Europol. Unfortunately, there are new sophisticated variations. 


PERSONAL EXPERIENCE:
Unfortunately, in the case that I have personally verified the malware has NOT been detected neither by 2 active anti-virus nor virus scanner and subsequently downloaded even by a couple of scans conducted via the Internet. This is symptomatic of the lack of preparedness of many antivirus towards this new type of scam. However, the malware variant that I faced, was not very insidious and it was very simple to remove it manually, here are the instructions: 

[Method 1 - By working Safe Mode] 
Start Windows in "safe mode" (press F8 when the PC) and click with the mouse on START (or START or the Windows icon) at the bottom left of the task bar. 
When you open the drop down menu vertical click "All Programs.
Look for the folder "Startup" and, once detected, click with the mouse on the corresponding icon that will display the list of programs configured to start automatically whenever the computer. 
Select the files that have names "strange" as sequences of characters and numbers 
(in the specific case was fir0.exe or WBT0.D
, And remove them by pressing the "DELETE" or "DEL". 
Select with the mouse the "Recycle Bin" on the desktop and click with the right button when the dialog at the bin, select "empty trash" to permanently remove the malware from your PC. 
reboot the PC. 

[Method 2 - With safe mode running] 
An alternative method to easily remove the executable file from the automatic can be to use CCLEANER (if already installed) and select the "Tools" menu, then "Start" and then deleting the row that contains the executable in order to exclude the next boot. 
In the event that not enough simply removing the file you can switch to a more radical action using the "Restore System Configuration" in Windows XP, Vista and Seven. In this case, just go back a few days when you think your PC is not infected yet. 

N.B. Of course, to eliminate "physically" the virus must also delete the file responsible for the malfunction (making sure to write down the full path) and not only limited to the sole exception of the file from autorun malware is otherwise idle but still this disc fixed! 
I have also read most tenacious of variants that are activated already in "safe mode", however they have not yet addressed these variants can only suggest the methods they would adopt (already used for other viruses) and shown in this study: 

[Method 3 - With safe mode running] 
Download CCleaner and Malwarebytes and copy them to a USB stick to be inserted in the PC started. 

Start your PC in 'PROVISIONAL MODE WITH COMMAND PROMPT "by holding down the F8 key in the ignition phase. 
Once at the Command Prompt, press CTRL + ALT + DEL to start Task Manager
Insert the USB stick with the software already loaded. 
Go to File - New Activity Run .... Locate the USB memory and install both programs 
Install CCleaner and run it to perform a thorough cleaning of the system files. Then proceed to scan your registry and repair of items found. In Tools - Start off ALL entries. 
Install and Launch Malwarebytes (also from New Activity Run ... and looking in the Program Files path) and perform a full scan. At the end restart your PC. 
Once you have removed the threat the desktop returns to normal and you can make a "clean-up" more in-depth. 
Disable the System Restore (XP) / Protection System (Vista, 7, 8) and delete all restore points created previously - Step essential to prevent the virus manages to recur in what is present in some file recovery 
Locate the folder for temporary files: 
XP - C: \ Documents and Settings \ <username> \ Local Settings \ Temp 
Vista, 7, 8 - C: \ Users \ <username> \ AppData \ Local \ Temp 
... and delete ALL files present 
Empty the trash immediately 
Run CCleaner again (Cleaning Files and Registry) 
Run Malwarebytes again - Full Scan 
restart 
Run CCleaner again click "Tools - Start" and reactivate the items you want, then reboot. 
Now the PC is  clean! 

As already indicated, there are many variants of this malware. For example, I recently met with the variant of the virus that displays a screen with the logo of the "Police State", like this: 

In this specific case the file was auto-start "ctfmon.lnk" (files with the extension. Lnk are shortcuts or links to other files and facilitate the opening or running). It pointed to the executable file "C: \ windows \ system32 \ rundll32.exe" which sent him running the malware. In this case it was probably a variant of "Trojan.Win32.FakeGdf" and side effects were (task bar unusable and some system services turned off). Even after the automatic removal since there have been problems in the repair of certain services (in particular Windows Update). The use of Malwarebytes Anti-Malware has allowed us to discover and automatically remove additional services "malware" that were installed always start automatically. Another anti-virus software to use with variants "resistant" is definitely Combofix. Typically, the name of the file in "autostart" is a random numeric name (for example, in another case it was 0.751225951242083.exe.lnk name at least suspect!). 

PS: if you can not solve by following these directions leave me a comment indicating more problems. 

© ALL RIGHTS RESERVED
Yandex.Metrica