Windows update and AVG removal

Posted at 4:53:11 PM in Security (4)

I've run into several PCs that have AVG installed on them and after the Windows update, it can't be removed. I tried downloading the removal utility from AVG's site and it doesn't work either. I did find a removal utility made by avast that will remove AVG. I assume this was created in order to install Avast in place of AVG, not sure. I can't find it right now.

But what I did find out about this particular PC I'm working on today is that the Windows update and the user caused the problem. Here's how it works.

When the system was originally installed, the user did not use an email and Microsoft account to setup the PC. They didn't even use a password. When the recent Windows Update, I believe it was the Creative update, Windows asks again if you want to setup a Microsoft account. This time the user used an email address. After the update, the desktop appears the same, but we can't remove AVG. Even worse, AVG took over the firewall, I believe it was a 30 day trial of Internet Security, and blocked access to name servers. The PC was effectively locked out from the internet. We couldn't do anything about the firewall. The windows control panel access to the firewall services were locked out stating that we had to use AVG to make adjustments. Trying to remove AVG just didn't work with any of the recommendations I could find on the internet.

I finally  into windows > Settings > Accounts and selected sign-in with a local account reverting to the original name that was already used with the same password they had before and I was able to remove AVG using the Control panel Programs and Features. Everything is now back to normal.

Written by Leonard Rogers on Wednesday, July 26, 2017 | Comments (0)

Email problems through McAfee's threat-intelligence

Posted at 7:57:06 PM in Spam Management Gateways (6)

 My server:

https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=108.61.218.139

To the right of the web site is a "next steps" vertical tab. Selecting "Threat Feedback" presents a form to request delisting. 

Written by Leonard Rogers on Wednesday, May 24, 2017 | Comments (0)

Best Buy Bad Credit Practices

Posted at 9:44:04 PM in Vendors (35)

This is going to be a rather simple entry. Part of this problem is Bank of America, but the escalation of the problem is entirely Best Buy.

First, I buy a PC and Laptop online. The price is $1026.35. During the processing of the card, I get a Visa pop up, which I've never seen before, which asks for information I've already put on the order, CCV, Exp date, stuff like that. The card is declined. I get a fraud pop up from Bank of America on my phone asking: "Are these your purchases". I recognize them. One, the most recent, is my declined Best Buy purchase. Of course, there's nothing wrong with my bank balance. Bank of America just likes to jigg you ever once in a while so you feel safe. But this is where the problem starts.

I indicate that those are mine and assume that the card remains declined. I look online at my bank account and I see the purchase and then an immediate refund putting the charges back where they were. I think to myself. Should I try again? I say, Yes. but I'm not going to use my Bank of America card again, they just jigged me. So, I use Paypal which is directly linked to the bank card anyway and I get my purchase. Two days later, Best Buy reauthorizes my card for 1026.35. Where they got the idea to do that, I have no idea. I'm guessing the bank sent a "temporary" decline (like, what is that?) and Best Buy decides, lets just see if we can make this sale anyway. We know the customer really really wants these products... Only, on the second authorization, they tell me the PC isn't available. They cancel the item, but still auth my card for 1026.35. Ok. bad enough. I called Bank of America and they tell me the auth will fall off the next day because it's already 3 days old. I think, fine, but then they are going to auth my card again for that laptop I don't need because I already ordered it again...

So, when the charge didn't fall off like Bank of America said it would, I called Best Buy to cancel the rest of that order. They processed the cancelation for the last item and auth'd my card again. Guess for how much? $1026.35, so now, eight days after my original order, I have the product already paid for and in hand, but I still have that damn auth on my bank card.

Written by Leonard Rogers on Thursday, January 26, 2017 | Comments (0)

Windows 10 Adobe Acrobat not listed in default programs

Posted at 9:46:55 PM in Software (15)

Windows 10 comes with it's own app for opening PDF files. It is also part of Microsoft's new browser: Edge. If you have the Adobe's reader installed, it usually does show up in the list of default programs, but Adobe Acrobat X Standard does not. When Windows 10 reverts the default PDF reader back to it's own app, it becomes a real problem to restore the correct default program.

If you have Adobe Reader installed and that's the software you want to open PDFs with, it should show in the Default Programs selection out of the Control panel. If it doesn't, uninstalling and reinstalling (I installed the latest, DC version) should fix that problem. However, if you have Adobe Acrobat, you don't need to reinstall to fix the program that opens your PDFs. Go to the menu and open Edit/Preferences. On the left side, select General. On that page, bottom option, it allows you to pick the default program to open PDFs. It only shows Adobe products there. On mine, it showed both the reader and Acrobat. It was already on Acrobat, but I still pressed the set as default program and it changed all the icons back to the red Acrobat swirl and set Acrobat as my default software to open PDF files. Going back into the control panel, it still didn't show Acrobat as being a program that I could set as the default software. I'm not sure if this is only a problem with Acrobat X or not, but I've seen this problem on other PCs. I reinstalled the reader because that's free and requires no license. But, I don't think reinstalling Acrobat is so easy to do if you don't have the license handy.

Written by Leonard Rogers on Tuesday, January 19, 2016 | Comments (0)

Vostro 3550 Laptop update from Windows 7 to Windows 10

Posted at 2:08:49 AM in Installations (47)

When I first started working on this laptop, the hard drive had problems when the person tried to update it to Windows 10. It got stuck in a loop that wouldn't allow them to restore the laptop in anyway. They couldn't continue and they couldn't revert to the original install. In fact, they couldn't even use the restore partition to wipe out the drive and reinstall the original system. So, I installed a new drive and reinstalled the Windows 7. After that was complete, I went to the Dell site and downloaded all of the drivers using the Dell utilities to load all the drivers. Believing the laptop was up-to-date on all the drivers I went to upgrade it to Windows 10. Failed.

It turns out that the BIOS driver that the Dell utility provided was only A09, which when updated to Windows 10, refused to show the screen info on the laptop. I was able to see the screen for a few seconds on an external monitor before it went black. This was enough for me to run the task manager and run the BIOS updates which I found and installed from the Dell site version A11. Everyone said this fixed their problem. I could now see my cursor on the laptop screen, but the screen would still black out leaving only the cursor. I then found that there was yet another BIOS update to A12 that others said fixed their problem, but again, my screen blanked out after a few seconds after logging in.

When I pressed control-alt-del, I would get the lock, change password menu and I could see that without a problem. When I launched the tax manager from that screen, I could see the task manager from but everything else was blank. I launched the control panel from the task manager (File / run new task) and then type in "control panel" and after looking at device issues, I finally looked at the event log and found that every time I launched explorer.exe, it crashed due to the IDT audio driver. So I uninstalled the IDT audio driver and launched explorer.exe from the tax manager and my desktop came back to life. Rebooting the laptop, installed some generic High definition audio drivers and my screen worked with out a problem afterwards.

 

Written by Leonard Rogers on Saturday, October 10, 2015 | Comments (0)

Changes in Verizon Email settings

Posted at 7:05:04 PM in Vendors (35)

I had a client this morning who suddenly wasn't able to get his Verizon dot net emails. For many years the old settings worked fine, but suddenly yesterday at 8:50 AM or so, he was getting errors and requests to correct this username and password. Of course, the messages was from his Outlook email client that he used to get his mail from the POP email server and Outlook is notorious for giving erroneous error messages. I did a little research and it turns out that Verizon has apparently changed where the original hosts addresses are pointing or disabled those settings altogether. The only clue Outlook provided was that the password was wrong. 

The settings for Verizon changed. The original incoming server was incoming.verizon.net and port 110. (This appears to still be the same address for IMAP accounts, but changed for POP accounts). That changed to pop.verizon.net and we had to turn on SSL with port 995.

The outgoing mail server was outgoing.verizon.net and port 25 (which as always been a problem on Verizon networks, they block port 25, but apparently not for their own mail clients). That changed to smtp.verizon.net also with SSL enabled on port 465.

The username and password worked fine after those adjustments were made. This also included his phone. Modifying the settings to match his email client and the phone was able to send and receive also.

 

Written by Leonard Rogers on Wednesday, June 3, 2015 | Comments (0)

Windows 10 Free upgrade for Windows 7 and Windows 8 users

Posted at 6:32:24 PM in Software (15)

I've been doing some previewing of Windows 10 and I've been very impressed so far. The Technical preview had very poor performance, but I installed the latest preview on a PC that was originally configured for Windows Vista. It had 3G memory and I dropped a used 500G hard drive into it. The performance was exceptional. I even installed a graphically intense game to test the performance and while it was marginal, I was still impressed because the PC didn't really have enough RAM and the video card was stock and of course the CPU was old and out of date.

One of the features that I liked about Windows 10 was the start button menu is back (sort of), or at least parts of it are. The most recently used apps still show in the Metro mode (panels instead of a list.. I'm thinking panels are much easier to touch with your finger than a list of fine print options), but the menu allows you to navigate the programs much like Windows 7 or Vista. In Windows 8, with the missing start button, my desktop started getting cluttered with programs that I use most often. The Metro panels never really caught on with me and even on a laptop with a touch screen, I rarely if ever touched the screen.

With the free upgrade being offered by Microsoft for Windows 7 and Windows 8 users, It's a great opportunity to take advantage of the new technologies and I can't see any real down sides (except as noted below). See this link for more information on the free upgrade. It won't be available for download until later this year, but Windows 8 users will get a lot out of the upgrade. Windows 7 users my still be reluctant because a lot of features that Windows users have come to love are already there.

One other thing I noticed. Internet Explorer is dead. It's been replaced by Edge which seems to get it's name from the browser using all the windows space to display internet content; meaning the browser fills all the way out to the edge of the window. In full screen mode, there'd be no border. I still prefer Chrome to Microsoft's browser, so I didn't get to really use the new browser much. I struggled for a bit to figure out how to enter a web site. It appears that they have taken the frequent habit of most users who enter the web site they want in the search box instead of the address bar, so there isn't an address bar, per se. In fact, there isn't a place to type on when you open edge (which I could only seem to do from the Metro panel, which isn't gone). You open your web sites in the search function and it will determine if what you want is on the web or on the computer (or both??). My struggles ended when I figured out how to get Chrome installed where I can once again have my address bar.

I'm wondering how radical of a change this will be for web sites that are engineered to work with Internet Explorer. Browsers will inform web sites what browser and browser version they are. Many web sites utilize this information to deliver content or not deliver it and on some of them, they look for the IE and they use a > (greater than) the version, where they don't support IE 8 or 9, but do support 10 or 11, but if the new browser doesn't even report IE, then it doesn't matter what version because these web sites won't even recognize the browser, much less that version. One thing is for sure, you won't be using any version of IE prior to 11 on Windows 10. When Microsoft kills a app (like Outlook Express and the start menu), they kill it permanently.

Written by Leonard Rogers on Monday, June 1, 2015 | Comments (0)

Mozilla Thunderbird Can't delete emails

Posted at 6:07:51 PM in Recovery (43)

I had the weirdest experience today. I have some local folders (the one no email address is attached too) that I dump and organize my spam and ham and of course, some ham gets mixed in, so when I do a retest on the spam filters, sometimes the ham shows up in the spam folder (sorry for all the hammy spammy talk). So, I'm able to reclassify email in the spam folder, but I can't delete the ham. In fact, I can't move the ham. Can't get rid of it at all. Shutting down and restarting Thunderbird doesn't help and I get this spinning wheel, but nothing is happening. Well, I have to get the ham out of the spam folder or I'll be training by bayes filters incorrectly. I finally when to the folder settings and found where my local folders are being saved. I take a look at the trash folder and discover, while manually deleting the files in the trash folder, that the main file there requires administrative permission to remove it. Clue!

I deleted the file anyway, but I've found that sometimes when programs don't behave themselves, it's sometimes because it doesn't have the rights to make changes. It's part of the UAC (user access control) feature that came out after Windows XP. It was a pain in Vista and sometimes in Windows 7. Back in those days, I'd disable UAC, but that became a problem so I had to re-enable it. The fix I use now is right click the program icon and select "Run as Administrator." the program complains with a pop-up window asking for permission to run. In that mode it has the rights to access files it doesn't normally have when run normally.

The problem was probably fixed when I deleted the file that needed admin rights to do so, but I ran Thunderbird as Administrator anyway, just in case there were other anomalies that needed to be fixed. I can now delete emails again. 

Written by Leonard Rogers on Friday, March 6, 2015 | Comments (0)

MailCleaner Slave DNS and other Network Adjustments

Posted at 11:37:59 PM in Spam Management Gateways (6)

One of the things I discovered, or re-discovered, while setting up MailCleaner is DNS lookups will not work with public name servers. While running the mailscanner spam test (located here /usr/mailcleaner/bin/is_spam.sh) 

 /usr/mailcleaner/bin/is_spam.sh -D check.eml > results

I received a notice that my rbls were blocked and to contact the administrator. Researching a little, I found this:

Anthony Cartmell-2 wrote
> The caching aspect isn't particularly relevant.

> The problem is that your ISP's name server will be querying the URIBL
> server on behalf of perhaps thousands of SpamAssassin instances on other
> machines. So it's blocked because it's making too many queries from a
> single IP address.

Yep, thank you, already figured this out. My problem was that I was not sure
how exactly DNS works, and by studying dnsmasq configuration I incorrectly
assumed that a dns server is always supposed to have an upstream server.
Apparently this is the case for dnsmasq but not the case in general. So now
with djbdns setup that I have in place that perform recursive queries
starting from the root servers this all makes sense. Thank you again.

The master MailCleaner server was easy to fix. The web interface has a connection to upate the DNS information under Base System. the slave server was not so easy to fix. When I try to connect to the web browser at the slave, I get redirected to the web site on the main server. Digging around, I found set_ip_config.sh in /usr/mailcleaner/scripts/configuration. Running it ask questions about the network interface, which includes the DNS settings. After running that and answering the questions, I ran dig to see what DNS server the slave would check. The end of the script errored out as it did not restart the network interface, but it did set the DNS servers.

This made the most dramatic change in spam detection for me. I pretty much had SpamAssassin configured, but with the DNS being blocked, many of the SpamAssassin tests didn't work either.

Written by Leonard Rogers on Saturday, February 7, 2015 | Comments (0)

sa-learn on MailCleaner

Posted at 8:22:05 PM in Spam Management Gateways (6)

One of the things that seems apparent in Mailcleaner is you will have to train the Bayesian filter yourself.  They had a script for it at one time, but that doesn't appear to be anywhere in the new installations. Here is the line to run:

Code:
sa-learn -C /usr/mailcleaner/etc/mailscanner/spam.assassin.prefs.conf --ham ham.eml
sa-learn -C /usr/mailcleaner/etc/mailscanner/spam.assassin.prefs.conf --spam spam.eml
That info comes from this page. I replace the specifice email "ham.eml" with the directory of emails. You can also add --showdots which will give you some indication it is processing.
 
If you get a bunch of errors on parser.pm, like these:
 
Code:
netset: cannot include 146.164.36.14/32 as it has already been included
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 668.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 671.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 674.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 677.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 680.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 683.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 686.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 689.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 692.
Use of uninitialized value $type in numeric eq (==) at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 695.
Use of uninitialized value $type in concatenation (.) or string at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 699.
config: unknown conf type ! at /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Conf/Parser.pm line 699.
 
This fix is:
 

 

There's a typo in /usr/local/share/perl/5.10.1/Mail/SpamAssassin/Plugin/Razor2.pm :

On line 118, change:

type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATIION,

to:

type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATION,

 

As indicated on this page.

 

Written by Leonard Rogers on Wednesday, February 4, 2015 | Comments (0)