Are En Pointe and Consistent Computer Bargains Inc. shilling reviews on Microsoft’s Website?

I’ve been checking out Office 365 as I mentioned in this post.  Part of that is finding the right Microsoft Partner to help me out.  When I click on “Top Cloud Partners” I get a list of MS partners.  In that list it tells you how many reviews they have and the star rating.  En Pointe has 207 reviews.  CCB has 153.  If you look that’s far more than anyone except two other companies which also have suspect reviews.

What do En Pointe and CCB have in common and why do I think someone is shilling?  They have lots of reviews in the last couple months.  They have multiple reviews every few days.  The reviews are completely positive with nothing negative to say.  They are almost all 5 stars.  And in En Pointe’s case, the usernames mostly follow the same pattern of names and numbers (name1234).

I’m not saying they are shilling, but shilling is a common game on the internet.  En pointe’s reviews sure do quack like a duck and walk like a duck.

Microsoft should pay attention to their review system to make sure that companies aren’t fraudulently boosting themselves.

Advertisement

Office 365: First Impressions

I’ve been hearing about Office 365, so I signed up and am giving it a whirl.  There’s much to talk about, but here’s some notable first impressions:

• BES is not supported.  I don’t know if there’s a way to integrate BES servers into your environment, but MS doesn’t support BES.  You can connect a Blackberry using IMAP.  If you do that, you have to sync contacts and calendars manually.  ActiveSync is fully supported.
• If you have Office 2010 Professional Plus installed and integrated with Office 365, you cannot use web apps.  You have to use the installed apps and then save into Sharepoint.
• Office Web Apps are significantly stripped down versions of the Office Apps.  They will probably be fine for most Office users, but this should be understood before making choices.
• Office Web Apps can be used in IE, Firefox,  and Safari.  I haven’t tested Chrome, but I’m sure that works too.
• It appears that Live Meeting has been rolled into Lync.  That’s great!
• Lync can be accessed using OWA, but it’s a stripped down version.
• Sharepoint Workspace is probably the best way to connect into Sharepoint file stores, but it is possible to map drives into the file stores.  I doubt this is advisable.
• It’s possible to pick individual Office 365 services instead of the designated “plans.”  This ala carte ordering system allows you to spend as little as $2 a month for Lync only or as much as you’d like.  The nice thing about this is that if you are already licensed for Office 2010 Professional Plus, you can pick plan E2 and add-on services thus saving $12 per user per month (for Office).
• Exchange Online Archiving is $4 per user per month.  I think that’s a good price.
• Office 365 is a very powerful service.  It enables organizations to quickly put up Exchange and Sharepoint environments in very little time.  Office 365 can be about as simple or as complex as the user needs.

That’s pretty much it for now off the top of my head.  I recommend organizations of all sizes become knowledgable in the capabilities of Office 365.  It gives companies the ability to replace significant amounts of infrastructure with a very capable service.  And for small companies it puts them on a level playing field with the big boys.  I hate to say it, but once it’s rolled out, it requires very little back-end IT attention.

www.office365.com

Office 365 Buyers Guide (in .xps format for some bizarre reason)

Another day, another problem with a third party free application (iTunes)

I feel like I’m spending too much time tending to the Flash player, iTunes, and AIM’s of the world.  My company allows some of this stuff because there’s a legitimate business need.  Managing these apps have become an unnecessary time drain.

Flash player stops working on its own.  AIM threatened users with loss of service for weeks unless they upgrade.  Apple has done both of those in the past with iTunes.  Now they seem to be going for a more passive aggressive route.  They throw up an error when users try to access the iTunes store that has nothing to do with the store and with upgrading.  The only (easy and obvious) way to access the store is upgrading to the latest version.

The error is “Your request cannot be completed.  The item you’ve requested is not currently available in the US store.”  This line of BS translates to “Upgrade or Else.”  So if you find this post after hours of trying to figure out why you can’t access the iTunes store, the answer is that you must upgrade iTunes.

Adobe Download Manager is a WASTE OF TIME!

Dealing with Adobe’s freebee products has always been a pain.  This goes back to the Macromedia days.  It periodically and unpredictably stops working because it needs to update.  This process has always been annoying, but manageable when I could just download the installer.

Now Adobe forces you to install a “Download Manager.”  The installation of the “Download Manager” is slow on its own, but the installation of the software I ACTUALLY WANT (ughhhh) is even slower.  It takes several minutes to install PDF Reader and Flash instead of seconds without the Download Manager.

Adobe is wasting peoples time with this Download Manager scheme.  I am a lot more sympathetic to Steve Jobs view of Flash than I used to be.

I went head to head with a version of the “Internet Security 2010” virus. (SMSS32.exe)

My machine got infected with a version of the “Internet Security 2010” virus.  It was a nasty little critter.  I’ve seen it a bunch of times over the years.  It keeps getting smarter and smarter.  It used be possible to remove it by killing the process it started and deleting the files.  Now, there’s a lot more steps.  

The virus came from clicking on a link on a mainstream website.  McAfee popped up right away and said it caught two files (warning.html and IS2010.exe).  Unfortunately that didn’t matter.  The virus installed itself and McAfee proved once again that it’s a useless piece of crap.  Here’s what I did to get rid of it.

I first tried getting “Task Manager” to pop up.  That wouldn’t work.  I checked the folder that the virus created in program files (c:\Program Files\Internet Security 2010).  It was empty.  That’s probably because the IS2010 file was deleted by McAfee.  I shut the machine down and restarted.  The “Task Manager” item was grayed out.  I tried launching it by typing in taskmgr.exe.  Windows popped up a message stating that Task Manager was disabled.  I knew that it was something I could fix in the local group policy editor.  I ran gpedit.msc and enabled it.  Instructions are here.

Method 4:  Using Group Policy Editor – for Windows XP Professional

• Click Start, Run, type gpedit.msc and click OK.
• Navigate to this branch:

User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager

• Double-click the Remove Task Manager option.
• Set the policy to Not Configured.

It says that you can set it to “Not Configured.”  In my case it was already set that way.  I set it to “Disabled.”  I had to reboot the machine a couple times before the virus was cleaned up.  Task Manager was disabled every time.  Switching between “Not Configured” and “Disabled” seems to be good enough.

I then tried to run Task Manager.  The virus itself would pop up an error saying that’s not allowed.  I found instructions saying that if I hit cntl-shift-esc over and over Task Manager will pop up.  That worked!!!

Follow these instructions to continue:

1. Open Task Manager by continually pressing Ctrl+Shift+Esc.
2. Navigate to the Processes tab.
3. Locate for the processes called IS2010.exe, winlogon86.exe, winupdate86.exe and 41.exe. End their processes one at a time by click the End Process button at the bottom left hand corner of Task Manager and click Yes.
4. Continue with the instructions listed below to remove Internet Security 2010 completely.

I didn’t have any of those files running in Task Manager, Processes, so I looked for those files in c:\Windows\System32.  I found some of the files there and deleted them.  I also saw a file called “winlogon32.exe.”  It didn’t look right, so I checked it out.  I found out that file was a virus, so I deleted it.  Big Mistake….Sorta.  I decided to install MalwareBytes and then reboot in Safe Mode to run it.  I rebooted into safe mode.  I logged into the machine.  It accepted the password and tried to load my profile, but it would just log itself right out.  I suspected that it had something to do with the file I deleted.  I tried to login in normal mode and had the same problem.  I found this site saying that the problem was either with the userinit.exe file or the registry entry that points to it. 

1. C:\WINNT\system32\userinit.exe , this file is corrupt or invalid or infected.
2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit, This registry key is tempered by virus/spyware.

At this point I’m stuck with a machine that’s infected and I can’t log into it.  I tried to use an XP disk to repair it, but my drive is encrypted, so the repair disk couldn’t see the hard drive.  The other suggestion the site gave was accessing the registry from a remote machine.  That WORKED!!!  I went to another machine and ran regedit.  I then clicked on “File, Connect Network Registry” and inserted the name of my machine.  I was able to connect.  If the name doesn’t work for you, try the IP address.  I found that the registry key and it was incorrect. 

I found: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit = “C:\WINDOWS\system32\winlogon32.exe”

I changed it to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit = “C:\WINDOWS\system32\userinit.exe”

I rebooted and it worked.

So I got logged back into the machine.  At this point I had pinpointed most of the files that were causing the problem.  I knew not to mess with the winlogon file just yet.  I also know I needed to get MalwareBytes running ASAP.  I decided to run Task Manager again to see if I could find and kill “winlogon32.exe.”  Something better happened.  I hit cntl-shift-esc a few times to get Task Manager up.  The virus pops up an error saying something about the administrator disabling Task Manager.  Do not close the error!  I noticed that the error message was loaded as an “Application” in Task Manager.  I had a feeling that the application would lead me back to the “process” and it did.  I right clicked on the application and selected “Go to process.”  That took me to a file I previously hadn’t noticed called SMSS32.exe.  And that’s the key to this whole ridiculous incident.  I searched Google for SMSS32.exe and found this post from McAfee.  I killed the process and the virus finally stopped.  I then ran MalwareBytes.  It found a bunch of infected files and registry entries.  Here are the results:

Malwarebytes’ Anti-Malware 1.44
Database version: 3680
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2/2/2010
mbam-log-2010-02-02 (16-16-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 268870
Time elapsed: 59 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 12
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\%username%\Local Settings\Temporary Internet Files\Content.IE5\C2XSPTAA\SetupIS2010[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAD358BA-17F3-4527-AB8D-40D9BEF7514D}\RP533\A0065516.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAD358BA-17F3-4527-AB8D-40D9BEF7514D}\RP533\A0066516.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAD358BA-17F3-4527-AB8D-40D9BEF7514D}\RP533\A0071545.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IS15.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\%username%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\%username%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\%username%\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Here’s what I learned.  I’m posting this before the removal instructions because there are so many versions of this virus that your version of the virus might be different than mine.

• This version didn’t hijack my browser or search results.  That allowed me to easily download MalwareBytes.  I’ve seen other versions hijack the browser or search results.
• This version didn’t mess with the MalwareBytes installer.  Some versions of the virus will not run the installer.  You can run it if you rename it to something else.  (From mbam-setup.exe to somethingelse.exe).
• This version disabled Task Manager instead of just hijacking it.
• The core to this virus is still a process that can be killed in task manager.
• I’ve seen versions mess with Safe Mode.  One time I had to use “Last Known Good” to allow me to log into the machine.
• I’ve seen it prevent regedit from running.

Here are my instructions on dealing with this.  Their usefulness will vary depending on what you’re dealing with.

1. Don’t panic
2. Don’t reboot if you can avoid it because of the winlogon32.exe issue.
3. Right click the task bar and try to run task manager.  If that doesn’t work, hit control-shift-escape a few times until Task Manager comes up.  If Task Manager is disabled, type in gpedit.msc.  Navigatio to User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager.  Double-click the Remove Task Manager option. Set the policy to Not Configured or Disabled.
4. Run Task Manager using the control-shift-escape method.  Don’t close any errors that pop up.
5. Go to Applications and look for any applications that look like they are the virus.  The application comes from the warning message, so it’s important to leave the warning message up.  In my case it was called “Warning.”
6. Right click on it and select “go to process.”
7. This will take you to the process that’s running the virus.  In my case it was SMSS32.exe.  Kill the process.
8. Download MalwareBytes and run it.
9. MalwareBytes should clean this thing up and you should be able to go on with your life.  If it doesn’t, then you either have a different version of the virus, or you missed a step, or something else is going on.

I hope this post helps people that are dealing with this virus.  Please post any questions and I’ll try to help.  I just cannot understand how the anti-virus companies can’t prevent people from getting infected.  I know of people using supposedly updated versions of McAfee and Kaspersky get infected.  I’m not surprised about McAfee.  It’s always been bloated garbage.  Good luck!

http://bytes.com/topic/windows/answers/752011-xp-logs-off-immediately-after-log/2#post3384974

http://www.bleepingcomputer.com/tutorials/tutorial44.html

http://community.mcafee.com/thread/20943

http://majorgeeks.com/download.php?det=5756

The whole Bing thing is contrived

Microsoft rolled out a new search engine last year.  Of course, it needed marketing pizzaz that was Focus Group Approved®.  They decided to call it “Bing.”  God knows that the technology is unimportant as long as the name is catchy.  /sarcasm off

It stinks of Steve Ballmerism who apparently fired someone for not being “Bing” enough.  

What really set me off today was an ad like the one below where the user sees the Bing page and comments on how beautiful it is. 

I find Microsofts attempt to promote a search engine with a cheesy name and pretty pictures contrived, disingenuous, and vomit inducing.

That said, Bing actually has actually attracted Googles attention acording to this post on InfoWorld. 

Google announced last Friday that its search engine will highlight structured data in order to provide direct, factual answers to search queries instead of merely pointing the user to a site that may contain the answer. If this all sounds familiar, it’s because Microsoft introduced the same feature when it rolled out its Bing search engine.

We’ll see if Microsoft’s strategy of throwing $80-$100 Million of marketing while having a catchy name and flashing lights is enough to make a dent in the search market.

Corporate Lawers at Creative and T-Mobile are like Dumb and Dumber

 Credit to Ryan Block for the image.

Just when I thought corporations and their lawyers couldn’t get any dumber, I’m proven wrong.  There’s been two incidents in the last few days that show just how out of touch most corporations care.  First, Creative sent a Cease and Desist to an independent developer for writing working Vista drivers for some of their products.  (Warning: This post is high on internet dramaboy-ism.)

Then our friends at T-Mobile send a Cease and Desist to Engadget for using the color magenta.  Apparently the color magenta is trademarked property of Deutsche Telekom.  Who knew?  Anyway, Engadget and the Internets are fighting back.  Engadget is “Painting the Town Magenta”  and others are joining in solidarity.  I’m joining in on the fun because I can’t resist a meaningless internet revolt.  Besides, someone has to stand up against the over-excited corporate lawyers. 🙂

So for today, I’m painting the blog magenta.  And I’d like to say to Creative and Deutsche Telekom in the words of Ben Stern: “Don’t be stupid you morons.”

Where do the candidates stand on technology? Most of them won’t tell you.

It’s extremely important for IT guys and gals to understand where the candidates stand on technology issues.  I am going to link to each of their technology pages here.  Overall, I am disappointed with the lack of focus on technology.  The Democrats are much better than the Republicans.  All of the Democrats except Kucinich make a mention of technology or “innovation.”  Barack Obama is the only candidate to feature technology as an issue on his website.  Mitt Romney is the only Republican to have information about technology on his website, but it’s not an issues page.  I linked to it anyway.  Have a look:

Democrats

• Barack Obama: http://www.barackobama.com/issues/technology (Includes speech at Google)
• John Edwards: http://www.johnedwards.com/issues/innovation  (A few sparse comments) 
• Hillary Clinton: http://www.hillaryclinton.com/feature/innovation (Only a couple paragraphs)
• Dennis Kucinich: I can’t find anything obvious or through search.

Republicans

• Mitt Romney: http://www.mittromney.com/News/In-The-News/TechCrunch (Interview with TechCrunch) 
• Rudolph Giuliani: I can’t find anything obvious or through search.  Did somebody say 9/11?
• Mike Huckabee: I can’t find anything obvious or through search.
• Duncan Hunter: I can’t find anything obvious or through search.
• John McCain: I can’t find anything obvious or through search.
• Ron Paul: I can’t find anything obvious or through search.
• Fred Thompson: I can’t find anything obvious or through search.

Based on whether the candidates feature technology, Obama and Romney are the leaders for their party.  Obama is the only candidate to feature technology as an issue, so he is the leader.  If you can find information that should be added, let me know.

Trend Micro sends an alarmist email that looks more like a hoax than a warning

Check this email out.  It came from our Trend Micro support rep.  They are acting like the reported Electronic Jihad virus might be catastrophic, even though they don’t know if it will work.  Their last sentence is the most bizarre because of its alarmist overtone and misspelling.  Let paranoia reign!

Dear PSP Customer,

Real-world terrorists are once again threatening to take their jihad (Holy War) to cyberspace. The notorious Al-Qaeda has threatened to launch a Web attack on Western anti-Muslim Web sites on the 11th of November, according to DEBKAfile, an online military intelligence magazine. An attack like this could be unleashed via the Electronic Jihad Version 2.0 software, which is not actually new and has been around for about three years now. The said software is capable of distributed denial-of-service (DDoS) attacks. It is also configurable and flexible, which makes it easy for cyber-terrorists to be more effective in the said attacks. Detailed Malware description: http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=HKTL%5FDAHIJ%2EA&VSect=Td
Researchers across the industry have raised quizzical eyebrows as similar threats have turned out to be a dud, like the cyber attack that never happ ened against U.S. banks and financial institutions in December 2006. However, such software was recently discovered by Trend Micro researchers. The hacking tool, which is detected as HKTL_DAHIJ.A, arrives as an installer package and may be downloaded from a remote site. This hacking tool connects to a URL for verification purposes. After successfully establishing a connection, it downloads a list from several URLs. The said list, which contains another set of URLs, is used by the affected system to launch Denial-of-Service (DOS) attacks for the so-called e-jihad.

Law enforcers and other experts say that threats such as these should not cause much of a fuss as Web threats happen on a regular basis. Eli Alshech, Director of the Jihad and Terrorism Studies Project at the Middle East Media Research Institute, considers these e-jihadists as more of a nuisance than a threat. But with these terrorists, we will never know what they will do next. Is 11/11 going to be another date to remember?

The next big Web attack may unfold on the 11th of Novemb

Thank you,
Trend Micro Premium Support

Microsoft is stalling in the SaaS area

I received an InfoWorld article called “Microsoft exec: Desktop application software is not dead.”  The short story is that Microsoft claims that Google and others cannot provide the same level of service and quality through web based apps as Microsoft can through installed apps.  While Microsoft is technically correct in the short term, this will change.  Let me predict what Microsoft is going to do right now.  Microsoft will develop a fully functioning version of Office.  Then they will market it as a brilliant idea that they thought of and perfected.  Microsoft will claim that they did it first and they did it best, when in reality neither will likely be true.  Until then, expect Microsoft to deride Google, IBM, Sun, and others.  What’s new?