Sunday, April 27, 2008

A virus for Jim

Date: 4/27/08

Jim’s Laptop…

Toshiba Satellite M45-S269
Pentium M 1.7 Ghz
512 MB RAM
Windows XP version 2002 Home Edition XP2

This is the error message…

Your computer was infected by unkown Trojan.
It’s dangerous for your system (critical files can be lost)!

Click OK to download the antispyware program to clean your system!

I then tried to run Norton 360 but I couldn’t do a virus definitions update. I’d get this message.

A scan is already running. Please wait until it finishes and try again.

To get Norton to update I had to chat with the help desk from The first thing he did was kill a process called “scanstub.exe”, this process appeared to have hung somehow. The had to install another new patch or something called “i32 Intelligent Update”, but the help desk did it all and I just watched. The help desk logged into this computer using Logmein Rescue.

With Norton updated, the Norton help desk recommended I use the help desk to get help removing the virus. I figured I’d try on my own first. But it’s good to note that Symantec seems like they would help for free.

So, to fix the virus I followed the procedure on this Hijackthis forum
I would have tried system restore but the we didn’t know really when the computer became infected and we had installed other software. I’m not sure if we should have just done a restore or not. I wonder what the consensus is on that.

I installed and ran SUPERAntiSpyware
- found a bunch of things that I had and this software clean them all.
- this program will be running all the time checking for spyware. It’s probably a good idea to keep this on since Norton 360 didn’t detect any problems.

I installed and ran Malwarebyte’s Anti-malware
- found a bunch of things that I had and this software clean them all.
- this program does not run all the time, it only runs when you tell it

I’m not sure what actually fixed the problem, but now the virus seems gone.

I have installed Microsoft Update and am updating Windows XP.

Other things of note…

1. Zcfgsvc.exe seems to be using all the cpu and it hangs when we reboot. Maybe MS update will fix that.
a. Downloaded and installed new wireless proset drivers and that seems to have fixed it.
b. The new driver is Intel Pro/Wireless 2200BG Network Connect
i. Old version dated 10/28/04 v.
ii. New version dated 6/26/06 v
c. The tricky part was that after installation I was getting a “failed loading plug-ins” message every time I booted. So, I went into add/remove programs and selected remove/update on the Intel Pro/wireless software. This gave me the option to reinstall, repair or remove the software. I did a repair and then told it to not install the only component it was trying to install (the troubleshooter). For some reason the other 3 items (Single Sign on, WMI and toolkit) were already marked as do not install. For whatever the reason, this worked.
2. It looks like 360 is automatically backing up data to some sort of on-line storage. I wonder if Jim knows this or if he has signed up to pay for this service.
3. Word documents and powerpoints have a little green check mark by them. I wonder if that’s something Norton 360 does for backups? The little green checks seem to go away from time to time.
a. Here is what I got from this blog
b. After the backup task completed I notice something a bit odd. The icons for many of my files now sported a checkmark in a green box at bottom left - kind of like the boxed arrow that appears at bottom right for shortcuts. It turns out this is a new backup feature. The green arrow means the file has been backed up and hasn't changed since. A blue box with chevrons (>>) means the file has changed and needs backup. And a slash in a gray box indicates the file is excluded from backup. Right-click any file and choose from the Norton 360 menu to add it to the backup, exclude it from backup, or scan it for malware. Oho! Now I can believe it's a beta - when I excluded a couple files the icon didn't change until I hit F5 to refresh.
4. Norton 360 didn’t seem to start on the last reboot. N360 started on the next boot so I don’t think that was a problem.
5. I installed and ran ccleaner. It cleaned off about 26MB worth of stuff and deleted a ton of registry entries. This seemed to make things faster.
6. I also updated the bios from v 1.1 to v 1.2. This was absolutely painless. I guess the days of scary bios updates are over since this is 3 laptops in a row that I’ve updated and had it be completely dummy proof.
7. On whim I did a shut down and noticed that XP then decided to install some updates. I don’t know what they were but they took 2-3 minutes before the shutdown completed. It seems like no harm, but I’ve never seem XP behave like that.
8. There must be a utility out there that will go find and update all system drivers…but I’ve never seen it.
9. I’d like to get a spyware, malware and virus checker for the thumbdrive. Then I could just sort of plug it in and go.

Sunday, April 6, 2008

FTP over SSL in FileZilla

I've been using FileZilla as an FTP server for some time but decided to go the next step and configure it for secure FTP. There are a lot of ways to accomplish this by using VPNs like Himachi or SSH servers like OpenSSH. I decided for simplicity to go with FTP over TLS/SSL. There are differences between SFTP and FTPS as described here but FTPS seems secure enough for my needs and easy to implement.

  1. On the FileZilla Server inteface I selected Edit->Settings.
  2. Under SSL/TLS Settings I first Generated a new certificate and saved it somewhere on my hard disk that is out of the way, yet I'd know where to find it. I filled in all the information and selected Generate. This created 1 file that is a key and a certificate.
  3. Next I "Enabled SSL/TLS support"
  4. for the Private key file and the Certificate file I chose the file I generated in step 2.
  5. I typed in a password, but I'm not sure what it's for.
  6. OK
  7. On the Filezille Client I went to the my hosts tool to save these settings for my server.
  8. port = picks the default
  9. ServerType = FTPES - FTP over explicit TLS/SSL
  10. LogonType = normal; user=regular FTP user; password=regular FTP password
  11. OK
  12. Finally I configured my NAT routers to forward the new port (as listed in FileZilla Server settings) to the FTP server.
  13. During the first first use of each client I have to accept the certificate, but from then on it's good to go.

This worked like a champ. Since it was so easy I'm sure there is something unsecure about it, but it's better than wide open FTP.