Speeding up a sluggish HP Mini 110

My mom’s HP Mini 110 Atom-based netbook (with the factory 16GB SSD) was hesitating, a lot. Frankly it was really frustrating to use–it would freeze up for minutes on end, for no good reason. It was so slow, calling it “sluggish” was being kind. But it’s fixed now. I did six five things to it. Here’s how to speed up an HP Mini 110.

Read more

Fix host hijacks or host file hijacks for free

Sometimes your antivirus will tell you that you have host hijacks or host file hijacks, but not elaborate on how to fix them. Some people charge way too much to fix them. Here’s how to fix host hijacks or host file hijacks for free.

A former classmate’s computer suddenly stopped letting him get to search engines. Aside from that, his computer appeared to be normal.

Fortunately he had some antivirus and antispyware software installed, so he was able to run it and get a relatively clean bill of health, but he still couldn’t use Google or Bing or Yahoo.

One of the pieces of software he ran mentioned a host hijack or hosts file hijack, but didn’t offer to clean it up without ponying up some serious bucks.

That was enough to tell me how to clean it up though. You don’t have to buy anything. Read more

Blocking malware at the operating system level

In recent months I’ve been recommending that everyone run Adblock Plus with the malware domains subscription, to get extra protection beyond what your antivirus/antispyware suite can give. Given a choice between detecting and blocking bad stuff, or not downloading it at all, it’s much better to not download it at all.

There are some downsides to this. Adblock Plus uses a fair bit of memory. It’s tolerable on my desktop PC with 2 GB of RAM, but less so on my netbook with 1 GB of RAM. And if you have to use a browser that doesn’t have a compatible version of Adblock Plus available, you’re unprotected.

The solution is to block at the operating system level, using the hosts file.

Here’s a script that does it, with instructions.
http://www.ericphelps.com/scripting/samples/Hosts/index.htm

But I know of one malware site list that his script doesn’t use: http://www.malwaredomainlist.com/hostslist/hosts.txt. Luckily, it’s not hard at all to add that. Open the file in Notepad or another text editor, go to line 21 and add the following on a new line:
& ” http://www.malwaredomainlist.com/hostslist/hosts.txt” _

Follow the author’s instructions for turning off the DNS client service if you run Windows 2000 or newer, then run the script to generate a mega-hosts file that will keep your PC from acknowledging the existence of the known bad guys. I’ve said it before, but it’s worth repeating: Detecting and blocking malware is fine, but it’s much better–faster and safer is better, right?–to not even download the stuff in the first place.

The script explicitly works with Windows 98, NT, 2000, XP, and Vista. There’s no reason why it won’t work with Windows 7, and it might even work with Windows 95 (no guarantees though).

Buffer overflows explained

Buffer overflows are a common topic on a Security+ exam. The textbook explanation of them is confusing, perhaps even wrong. I’ve never seen buffer overflows explained well.

So I’m going to give a simplified example and explanation of a buffer overflow, similar to the one I gave to the instructor, and then to the class.

Read more

Something to try when ERD Commander’s Locksmith doesn’t work

So maybe you’re like me and you’re administering a system that fell off its Windows domain, and the system was built by your predecessor’s predecessor, the local administrator account was renamed, and nobody has any clue what the account name or password is.

And you try ERD Commander because it worked in the past, but not this time…Usually the Locksmith works. But in this case, it didn’t, and of course everyone wanted the server back online an hour ago. We tried everything else we could think of for about three days, including downloading some things that I was sure would get me a visit from a security officer. Nothing worked. At least when I got the visit from the security officer, he just wanted to know why there were repeated attempts to log in with certain accounts.

“I was trying to hack into my own server and it seems I’m not a very good hacker,” I said. Duh.

So I found myself standing at the server with another sysadmin, having used my last idea. “I don’t suppose you have any ideas?” I asked. “I figured if you did, you would have said so by now, but…”

He shook his head.

Finally, I had one last idea. I asked him what he set the password to when he used ERD Commander.

“Password,” he said. “To make it easy to remember.”

Aha! A light went off. This system was hardened to require stronger passwords than just an 8-character alphabetic password. I had a hunch that was what was keeping us from being able to log in using our hacked account.

So we booted off the ERD Commander CD yet again, connected to the Windows installation, located what we were pretty sure was the renamed local adminstrator account, and I reset it to the standard mixed-case special character password we use for the local admin accounts.

We held our breath, rebooted, and tried to log in.

Success. Finally.

So if ERD Commander isn’t working for you, try using a stronger password to satisfy your local system policy.

And just in case you’re wondering why a computer falls off a domain, computers have usernames and passwords just like users do. Occasionally the passwords get reset. If for some reason the domain controller thinks a member computer’s password is one thing, and the member computer thinks it’s something else, you end up with a computer that says it’s on the domain, but can’t authenticate against it. The solution is to log in with a local administrator account, then either run NTDOM.EXE from the Windows Support Tools, or remove the computer from the domain and add it back in. You can just put the computer in a workgroup, ignore the dialog box that says you have to reboot, then add it to the domain, and then reboot.