Posted on

Blue screen of Death (BSOD) Fatal, but useful

We have all seen this screen before at some point in time – well if you use Windows anyway.

The BSOD shows when a system has had a fatal error of which it is unable to recover from. Sounds pretty nasty – it can be, but there is some useful information on the BSOD when it occurs.

Before I explain what this information is we need to know how to make it visible. Ever notice how when it occurs your computer generally reboots and tries to run as normal again?

Some years ago Microsoft changed the operating system to reboot whenever a bluescreen error was encountered – this was so that in public spaces such as airports instead of blue screens with white writing that said FATAL ERROR on them people would see the Windows logo with the loading bar.

Luckily, the ability to stop this behaviour was left in the operating system. Under Startup and recovery in the System properties found in control panel (Advanced System Settings in Vista and above) there is a check box under system failure for “Automatic Restart”. Simply uncheck this box and next time if your computer generates a BSOD – you will have the ability to read it.

Note though, this is only useful when the BSOD is occurring after windows has actually loaded. If it is occurring on boot there is a slightly different procedure.

Most of us will recall pressing the F8 key to get to the boot menu that allows us to go to Safe Mode. What most people never realise is another option that says “Disable automatic restart on system failure”

Selecting this option will attempt to boot your system as normal – However if a BSOD occurs the system will stop on the screen which will allow you to read its contents.

Now that we know how to make that screen stay visible, we can look at using it to determine what is failing.

A BSOD has a stop code, listed near the bottom of it an example is:

STOP 0X0000007B

This code can be one of the most important parts of the screen – another is any filenames that may occur e.g.

NTFS.SYS

If you have the information from the BSOD you can really drill down to what exactly is causing the error. Microsoft support site for example has articles for many of the known stop codes and these articles not only provide a description of the problem but in many cases ways of resolving the issue.

If you have a filename as opposed to a stop code – you can sometimes determine whether an application may be causing the issue. If you work in the tech industry you should know certain files are responsible for certain things e.g. in the example above NTFS.SYS – a system driver responsibly for accessing NTFS volumes. If this filename is on your BSOD it is likely you have an issue with your hard drive, it could be failing or corrupt.

Some virus scanners such as AVG have also been known to cause BSOD errors with there DLL files – try be aware of system files vs application files. In the case of application files in many cases it is possible to remove problem software in safe mode that will rectify your issue.

BSOD’s can also be used to determine issues with faulty memory. How? look at the stop code, if your system has a particular fault your BSOD Stop code will be consistent. If it has faulty memory – the stop code will be random.

So even though a BSOD indicates a severe system failure – it can indicate to you very precise information about what is causing the system failure.

Posted on

Virus Removal Tricks

Viruses are annoying. Now they are moving between all platforms as well – Apple, Microsoft, Linux even mobile operating systems have issues with bugs. This post will primarily focus on virus removal from Windows systems.

Recently there has been much more of occurrence of Malware – programs that appear to be safe but are actually malicious.

One of the keys to removing viruses is being able to find where they are running from. Some viruses are smart and limit your ability to use programs to find where they are running, or spawn randomly named processes that make it more difficult to find them.

Recently I came across a malware infections called Windows Protector SL, this program ran on boot and showed random messages saying there were infections and hardware failing.

To find the infections process, normally I attempt to run Task manager by pressing CTRL+SHIFT+ESC or right clicking the task bar and going to Task Manager and alternatively typing taskmgr into the Run dialog box.

This virus however prevented it from running – so I attempted to use regedit, same error occurred. Luckily in Windows the command prompt provides some useful commands that can help aid in finding at the least the name of the infection and sometimes can even stop the process from being active.

In this case, we use the command tasklist. This will give a list of the processes running on the system, and other useful details such as the Processor Identifier or PID and the name of the file running.

If you can identify the malicious process you can use the following command to stop it:

taskkill /pid XXXX /f

This command stops the process from running in a forceful manner. In some cases this will be enough to allow you to navigate around the computer using the GUI and possibly delete the virus file that has arisen.

There are a few known locations where they like to hide:
– All temp directories (Windows\Temp and Temp files within User folders)
– C:\Users\Username\Appdata\Local
– C:\Users\Username\Appdata\Locallow
– C:\Users\Username\Appdata\Roaming
– C:\ProgramData

***Please note the above paths refer to Windows Vista and above systems, XP uses “C:\Documents and Settings\Username\Applicaiton Data”***

If you have used taskkill to stop the process running, check these folders for a file with the same name as the malicious one you stopped earlier and DELETE it.

I also suggest you look in msconfig to see if there is a registry loading point for the virus and remove it, if you can not open regedit just disable the loading point in msconfig. Be sure to check the startup folder as well for any strange entries and remove them as well.

Once you reach this point, reboot your computer and see if the virus loads. If it doesn’t try and use a scanner to remove any further infections that may be present.

I generally use Malwarebytes Antimalware as it now offers a tool called Chameleon that is able to kill known malicious processes which then in turn allows Malwarebytes scanner to operate. This program has saved me a significant amount of time on several occasions as it not only removes malicious files but also malicious registry entries. I also use Combofix as it has great log files and an exceptional removal ability due to its process of killing the explorer.exe process to aid in removal.

There are other tools available, I have found though in most circumstances it is best to begin with a manual approach, without this manual approach it is likely you will need to run BartPE cd’s just to get a start, and who wants to wait for one of those things to load.

Posted on

NiNite Autoinstaller – Save time building new Windows Systems

If you are a system builder, you probably hate having to spend so much time downloading all those extra little applications that do not come bundled with Windows.

For example:

  • Adobe Reader
  • Windows Live Applications
  • Skype
  • Alternative Web Browsers
  • Adobe Flash (because you want YouTube right?)
  • Java

Luckily there is another way – using Ninite.

Ninite allows you to select the applications you would like to install and bundles them as a single package, you no longer have to go to each individual site and grab all the individual packages then install them one by one. Just go to NiNite, click the apps you would normally install, then click get installer.

Once downloaded, open the application and let it run, it will do all the work for you. You can now go something more important, and you have saved yourself a considerable amount of time in the build process.

Posted on

Firecore – Enhance your Apple TV 2

Last year, I had no idea what to purchase for my partner for christmas – so because she is a avid user of Apple products I thought I would purchase and Apple TV for her.

The device itself I found to be quite a good form factor, very small so it wont take up a lot of room.

Upon opening the present she was surprised and full of joy, then she asked can we use this instead of what we have now?

At that point in time we were using an old laptop connected to a TV and amplifier to stream things that we had downloaded – I thought to myself of course we can, and we can get rid of that eyesore of a laptop.

Then I began to think more of it and recalled that Apple tend to only support a limited number of playback formats, the majority of the files that we were currently downloading or had downloaded were not part of this list.

This was an issue, because it meant we would have this new device that basically wouldnt do what our old Dell laptop could.

However, after some google searches I happened to find http://firecore.com

Firecore really opens up the capabilities of the Apple TV whilst still leaving intact Apples own software. So you can still use Airplay, iTunes and everything you would normally expect of an Apple TV 1 or 2.

Firecore is not free, although depending on the software version of your Apple TV the jailbreak http://support.firecore.com/entries/387605-jailbreaking-101-seas0npass is.This will allow you to SSH into your ATV and start using things such as wget to obtain packages. Initially when I set my first device up, I used Seas0nPass to jailbreak, then SSH to gain command line access to download the packages required to install XBMC – if your ATV 2 is version 4.4.4 or 4.4.3 this is still possible. If you like me, unfortunately upgraded to iOS 5 without saving the SHSH blobs from your old software version, paying for firecore is the best option as XBMC for iOS5 is currently slow and buggy.

What about the Apple TV 3? – Firecore are working quite hard at implementing there system on the ATV3 but the ability to access the underlying system is proving to be a very daunting task.

So at this point in time, if you want to improve your playback capabilities and functionality of your AppleTV 1 or 2 check out firecore, and possibly in the future they could even have software for the ATV 3.

 

Posted on

Error 9004 MYOB Accounting Plus 17

I recently encountered this error when transferring MYOB Accounting Plus from an old 32 bit XP machine to a new Windows 7 x64 Bit machine.

The error occurs after you try to open the Company File and says something about M-Powered services not being found.

Initially I thought I would probably need to have the Installation CD, as the user looked for this I continued to look at why this error may be occurring.

M-Powered services references a Java environment stored in C:\Program Files\MYOB

In my case I had only copied the myob17 folder. You also need to copy the folder mentioned above to the same location on the new computer that you are migrating to.

However, this isnt enough as on a clean installation MYOB still has no idea that folder exists, you need to add the following registry keys (Note these are for Windows Vista and above):

For a 32 Bit windows installation:

[HKEY_LOCAL_MACHINE\Software\MYOB Technology][HKEY_LOCAL_MACHINE\Software\MYOB Technology\AU]
[HKEY_LOCAL_MACHINE\Software\MYOB Technology\AU\MSC]
[HKEY_LOCAL_MACHINE\Software\MYOB Technology\AU\MSC\3.0]
“JavaHome”=”C:\\Program Files\\MYOB\\Common\\JRE”

For lazy people the .reg file is here: myob32bit.reg
(Double click and say yes add to registry)

For a 64 Bit windows installation:

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\MYOB Technology][HKEY_LOCAL_MACHINE\Software\Wow6432Node\MYOB Technology\AU]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\MYOB Technology\AU\MSC]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\MYOB Technology\AU\MSC\3.0]
“JavaHome”=”C:\\Program Files\\MYOB\\Common\\JRE”

For lazy people the .reg file for 64 bit is here: myob64bit.reg
(Double click and say yes add to registry)

To make this process more automated, on the old system right click on the MYOB technology key and goto export, then save the file. Copy the .reg file to the new machine and double click it to add the entries to the registry. Please note though, if you export on a 32 bit machine, you will need to edit the file to reflect the keys above before importing or it will not work.

There are much better accounting programs available now, but unfortunately people still want to use MYOB, try give your users alternatives like http://www.xero.com/ that dont ever have these issues and will save both you and your user time.

 

Posted on

Can not accurately check the licence for this computer 0x8009006 (WinXP)

This seems to be happening a little more frequently in the last couple of weeks. You go to log on to your computer but you can not, getting logged off with an error like the above or similar.

There are several posts and forums about how to repair this error by re-registering DLL files, deleting Windows Product Activation Files (WPA files), virus scans.

I like many others tried many of the suggestions and had no luck in getting beyond the error – however there is a way around this.

Windows XP’s installer has the ability to repair an existing installation rather than overwrite it. A repair install rewrites the WPA files, registry keys and upon boot will reactivate your installation. Repair installs do not affect your current user data – once complete you should see your desktop as it was.

There are some rules to completing repair installs though – the major being selecting the correct installation media i.e. dont use XP Home if you have XP Pro installed, it wont work. If you have Service Pack 3 installed, dont use a XP Install disc that only has service pack 2 or a vanilla disk – it will break things if you do. Match your installation media to your current system, if you only have a disc that contains an earlier service pack, or none at all – take a look at http://www.nliteos.com/ and read about how to slipstream service packs and updates into a installer CD.

Another common mistake people make doing repair installs is not having a CD key – if you dont have one, dont bother trying the repair process, it will get to the point where you need a key and you will be stuck, if you say activate later you will just run back into an activation error.

How do I do a repair install?

Boot your computer from CD with the matched installation, and make sure you press a key when it says “Press any key to boot from CD” or the system will proceed to boot from the hard drive.

Initially you will see the EULA agreement where you will need to press F8 to agree to the terms then the installer will begin to start. The first screen you will see will advise you to press enter to install Windows or press R for recovery console. Press enter as afterwards the installer will scan for existing installations and then give you another prompt.

The next prompt is press esc to install a fresh copy of windows or press r to do a repair install – this is the option you want. Press r and let the computer do its thing, go do something else for a while and come back and follow the prompts, the computer will reboot eventually to a graphical installation, again follow the prompts through.

Once complete the computer should boot up as normal and simply login to your user. If you want to double check your activation status, go to http://windowsupdate.microsoft.com this site will not work unless the system is activated.

If you did not slip stream a CD using nLite you are best off to install all of the high priority updates from the update site, some updates may be necessary for certain components or software installed in your system to run correctly.

So now, next time you see this error on a machine instead of trying to reregister all of the WPA components, move the wpa.dbl files and all of the other “tricks” just do a repair install instead, in most cases it will save more time then trying to manually repair the WPA error.

 

Posted on

iertutil.dll was not found Windows XP

Recently Microsoft started rolling out Internet Explorer 8 as a non-optional update for Windows XP. Considering how insecure the older versions are this isnt really a bad thing except when the automatic update fails and stops your computer from booting correctly.

You may have seen the following errors pop up:

iertutil.dll could not be found

or

Error the ordinal 681 could not be loaded.

This happens as explorer is starting to load, and causes problems with automatic installation of USB devices as well. Fortunately though there is a fix.

There are several different methods that people reccomend on how to fix this particular issue. One of them is to use system restore to return the computer to a useable state. Although this is likely to fix this particular error, it can cause you more errors and despite what people believe it DOES delete data.

The appropriate way of fixing this error is to replace the iertutil.dll file with the version that windows is expecting to find – not the corrupted version.

This file is located in c:\windows\system32\ problem is it is corrupt or incorrect, luckily though Windows saves a copy of the file in C:\windows\system32\dllcache

Now there are two ways to move this file, if you have a recovery CD such as UBCD for Windows or MSDART you can copy the file from C:\windows\system32\dllcache to C:\windows\system32 and overwrite the existing file. I would reccomend doing this only if you are having issues with keyboard/mice since USB recogniton is broken.

If you can boot into windows still it is much easier to do the following:
1. Press ctrl+shit+esc on your keyboard, and you will see the task manager pop up.
2. Goto File > New task
3. Type in cmd and press enter

This should open the command prompt, although one computer I repaired recently would throw an error as soon as you typed into the run box, if this happens, click the error then use your keyboard to move the text cursor and continue writing the command

4. Once in command prompt type the following to enter the system32 directory

– cd \ (then press enter)
– cd windows\system32 (then press enter)

Your path should now show c:\windows\system32

Now that you are in this directory I suggest you rename your current iertutil.dll file just in case you need to revert back to it. Type the following:

– rename iertutil.dll iertutil.old (then press enter)

The command line will just return it will not say file successfully renamed or anything like that.

Now we need to copy the file from the dllcache into the system32 directory. To make the command more simple you should do the following:

Considering your path should show c:\windows\system32 you will only need to cd (change directory) into dllcache not an entire path

– cd dllcache (press enter)
– path will now show c:\windows\system32\dllcache

Now you are in the dllcache directory type the following to copy iertutil.dll to where it needs to be

– copy iertutil.dll c:\windows\system32 (press enter)

You should get the message “1 file(s) copied”

If you have got this far – you can now reboot your computer. Providing this was your only issue, you should now be able to boot all the way in to your desktop.

Now – before you go doing anything to avoid the error occuring again download Internet explorer 8 full installer http://www.microsoft.com/en-us/download/details.aspx?id=43 and install it. I strongly recommend running windows updates as well.