Technical

My system performance is slow. Should I upgrade?



Impossible Questions to Answer by E-Mail Rant

Introduction

I admit it. I enjoy people contacting me and asking technical questions. I also enjoy sharing my knowledge with strangers (people that do not contact me but surf on in) as well as, sometimes, the desperate people asking me for help as a "last resort." As with anything, this also has its limits.

This page contains "all too frequent" questions that are "Impossible To Answer by E-Mail." The reason behind this is not to make anyone angry or shun people from contacting me. What it is an attempt at is to "answer" some of those questions that I do not have time to reply personally. Most of these E-Mails are novel length. Some are two sentences like "My computer crashes. What is wrong?" Regardless of the content, I fail to have enough time to remotely diagnose, sometimes, extremely complex issues. Often times, I will equate technical information to a car. People can relate to cars much better than "complicated" items like computers. In reality, I am not mechanically inclined.

Usually, the exact amount of information that I would need from the writer is the exact same information they would need to figure it out for themselves. I do not know how many times I have attempted a reply and asked items like "What kind of components does your system contain?," only to get an answer like "Dell."

Quick Links

 

1) My system performance is slow. Should I upgrade?
2) Why does this game (software) not work?
3) I have AOL (Earthlink, MSN) and...?
4) My internet is slow. What can I do?
5) My computer crashes. What is wrong?
6) Do I need these particular files (insert list of files here)? Can I "safely" delete them?
7) What security measures do you take for your network, web site, and / or computer systems?
8) I cannot remember what tweak I applied 3 months ago from a different web site to break my system, but can you tell me how to fix it?
9) I have a 1500 node network, 2000 users, and numerous server and advanced server systems. Why can't I log in to the domain controllers on a few of them?

 

And the ever popular one

 

10) I have searched google.com, scoured forums, mined news groups, and asked everyone I know, including the neighbor kid for an answer to my problem. Can you help?

 

Answers

 

1) My system performance is slow. Should I upgrade?

Performance is completely in the eyes of the beholder. It seems to me that, if you are unhappy with the performance of your system and you are asking "other people" for opinions on if you should spend money on the computer or not, yes, you should upgrade.

If the system does exactly what you want and you have no problem with running Windows 95 on a 486, then who am I to say "What you should do?"

As far as what components you should swap out... way too many factors are at play for me to give exact information on the needed change.

With a car in mind, should you:

  • Use "higher grade gas?"
  • Change out the exhaust system?
  • or just swap out the engine with a larger one putting out more horsepower?

Is all up to you and your wallet.

 2) Why does this game (software) not work?

I have no idea. I am not a programmer, nor am I employed with any software (or hardware) company or developer. What I am is a geek that enjoys making "other people's software and hardware run better."

The best thing to do is contact the publisher of your software package for technical support. No, I do not have every companies' web site memorized, nor do I know who published your game. The usual recommendation is to look toward the back of your manual for contact information.

I usually equate this question to dialing a random phone number and asking the answering party "How come my car does not start?"

3) I have AOL (Earthlink, MSN) and...?

 

Please contact your "major ISP" for what ever issue you have with them. I have never used any of the "Big Guy's" services, nor do I plan on it.

4) My internet is slow. What can I do?

 

Get cable/DSL connection, change to a different ISP, or move your home.

Upgrading your service to "broadband" is the simple answer to this question. If you are wishing for faster always on connection, DSL and cable is the only way to go. Check around your local area and your phone book for more information as "unless you live within 5 miles of my house, I cannot recommend a local ISP for you."

Understand this: most "phone companies," if you are on a dial up, will not help you in computer connectivity issues.

Changing to a different ISP is not all that big of a deal. If you are truly angry at your current providers service, by all means, vote with your money and go somewhere else! Most ISP's have "free trial periods" for 30 to 90 days. Test out the service. See if it is better or worse.

Moving is another option... drastic, but effective.. as long as you check to ensure broadband is available before hand. :)

5) My computer crashes. What is wrong?

 

It could be anything. I have absolutely no way of knowing exactly what is wrong with your system. Some causes of instability are:

  • Cheap components
  • Poorly written software
  • Outdated device drivers
  • Under specification power supply
  • Faulty components
  • OS "upgrade" installations
  • or even operator error

The best way to solve these issues are:

  • Do not purchase cheap hardware just to "save a buck." Really, you do get what you pay for.
  • Avoid "beta" software or ensure that you back up all data before attempting a new installation of any software package.
  • You must ensure that you are using the latest drivers provided by the manufacture of your hardware. I cannot guess what drivers you need for your system. Either contact your system vendor or computer system builder.
  • Ensure that your power supply can provide enough juice for your system. 300 Watts was an insane amount of "extra" power... now, anything below 400 Watts is "not recommended" by me unless you have very few components installed.
  • Faulty components can cause all sorts of problems. Take it to a qualified technician (for a price). I cannot possibly tell you what is wrong from my house.
  • I never recommend anyone to "upgrade" their existing OS installation with a newer one. I always recommend a clean install. I even had one person contact me that told me they went from Win95, Win98, WinMe, then on to installing XP and "are having problems." This does not surprise me in the least bit.
  • Be careful. Think before doing. Check the next question.

 

6) Do I need these particular files (insert list of files here)? Can I "safely" delete them?

 

I am not about to tell you that you can "safely" delete files. That is flame bait if I ever heard it.

Not long ago, when I was learning the computer in's and out's, I would randomly delete system files "just to see what happened." Help files, strangely named .dll's, temp directories... you name it, if I could see it, it was a target. As a result, I spent many late nights reinstalling the operating system. Just for your information, a few programs I have encountered actually required the help file to be available or it would not even start. I found that out the hard way.

With the low cost of storage (CD-R's and CDRW's) and even hard drives, there is no reason to save 5 MB by deleting a help file. Save yourself plenty of headache and do not even bother.

7) What security measures do you take for your network, web site, and / or computer systems?

 

Answering that question is like placing a sign on the front door saying "The door is locked. Either go around to the back or look under the welcome mat for the key."

Security is what you make of it. Some people do not run virus scanners or firewalls. Even others leave valuable accounts (like admin) completely open with no passwords because "no one else lives in the house." As long as you connect your system up to a larger network (as in, the internet), you are vulnerable to attack.

If you wish to have a secure system, do not install an OS, unplug it from the modem, disconnect power and lock it away. That is, of course, as long as you do not post a sign up.

8) I cannot remember what tweak I applied 3 months ago from a different web site to break my system, but can you tell me how to fix it?

 

If you cannot remember enough to tell me what you did, how do you expect me to do anything about it?

9) I have a 1500 node network, 2000 users, and numerous server and advanced server systems. Why can't I log in to the domain controllers on a few of them?

 

Yes, I have received several E-mails such as this one. If you are an "IT PRO" in charge of such a large network, you should not be relying on some stranger across the internet to answer issues such as this. Even though the amount of systems or the specific problem changes, I cannot help you out if "you are in a corporate IT environment." I am not employed in the "IT" field, nor dealt with any domain controller issues personally.

I equate this message to the manager of a new car lot dialing a random phone number and giving the answering party the following information "I have 1500 new cars, 40 mechanics and countless manuals: Why don't 20 cars start?"

And the ever popular one:

 

10) I have searched google.com, scoured forums, mined news groups, and asked everyone I know, including the neighbor kid for an answer to my problem. Can you help?

No. I am not psychic, nor do I have a magic wand to wave around and make everything better.

 

 

 

I have a strange process called "wink???.exe" taking up CPU and memory... What do I do?

 

Scan your computer with the latest definitions.

"wink<random characters>.exe" is the klez virus.

Search http://www.symantec.com/ for more information.

 The manufacture of my hardware does not have a driver for me, do you?

 

No. I do not create drivers, nor support hacked drivers for companies out of business. If the manufacture cannot help you with driver issues, there is nothing that I can do.

 

(Insert Software Here) does not work or crashes. Can you help? Is there a patch?

Can I help? Usually, no. The publisher and/or developer of the particular game or program that you are having problems with is much better equipped at solving your problem and offering updates to your software. Every software program has a contact list of technical support numbers. Please check your manual for that information as I do not have it. I do not work for any software publisher, nor have the resources to offer E-Mail technical support on software that, more than likely, I do not even have.


If the software makers cannot help you, there is little that I can do to "magically" make it work for you.

If you are requesting patch or update information: I would normally just go to the publishers or developers web site and look, then, E-Mail you the answer. You can cut the 24 hour lag time by just looking on your own. The contact information is in your manual that came with your purchased product.

Part of the money for your software package is used to offer you tech support services.

If you did not purchase your software, I will not give you technical support, assist in "guiding" you to the proper site, nor help you in any other way.

 

 I have a computer with a VIA chipset and... What do I do?

 

www.viaarena.com is an outstanding web site to locate information about VIA chipsets. I am not about to reproduce the information here. If you are having problems, please search the Forums and FAQ for more information.

Ironicly enough, all the problems that I feel are associated with VIA chipsets, they say is everything else.
Because of this:

I am even considering firing up the CUV4X-D again after Service Pack 1's release, updated BIOS, "better" drivers, more robust 4in1's, etc.

To prove them wrong? No. I want a dual CPU computer! :)

 

I just purchased a brand new (insert company here) computer and... Can you help?

 

Please contact the vendor, manufacture or "company" that your system was purchased from for technical support. Part of the money you spent was to pay for technical help when you need it. Use it while you can.

Information on "who" or "how" to contact them is in the owners/operations manual that came with your new PC or hardware. I do not have access to that information in a timely fashion.

The PC vendor or "brand" that your computer is has access too much more resources to solve your technical issue than I do. They know the in's and out's of their PC's much better than I do since I make my own. They also have access to "known issues" with "how" they implemented particular hardware configurations.

Even if I did diagnose your hardware issue, you would still need to contact them directly to get it "resolved." It would be much more timely if you started with them, first.

Do not be surprised if they cannot fix your problem as it is very difficult to troubleshoot from a remote location.
 

E-Mail Filtering Guide

 

Introduction to E-mail Filtering

Spam and virus's has been a problem for many years but only until recently has people started to become disgusted with it. Performance could also be a concern for many people. One of those people is me. I do not like to use an additional program to combat something that should not be there from the start.

This guide explains how I fight spam and gives a few pointers as to what you can do without downloading an additional program. I also have included information on how to spot an E-Mail virus without any additional software. Only thing it takes is a little knowledge and the ability to refrain from opening every E-Mail you get, regardless of where it came from. What people do not understand is that the user must do something to get a virus. It is not magic. That something, a very high percentage of the time, is click and open an infected E-Mail. DO NOT DO THIS!

Something to consider is the fact that the E-Mail filters and spam filtering do NOT work with HTTP E-Mail accounts, such as Hotmail and Yahoo. Most of those kind of services offer filtering of their own. Use it.

This guide also offers a sneak peek inside Black Viper's inbox.

As of this writing, I use Outlook Express 6, but most "newer" E-Mail clients have the same or similar type of features. In reality, the E-Mail client you chose could be much better than OE in many respects. I would love to use a more "feature rich" E-Mail client, but, sometimes I am rather hard set in my ways.

You also need to note two very important things:

  • I DO NOT EVER display the "Preview Pane." This is a HUGE security issue.
    • In OE 6, select View --> Layout --> Layout Tab --> uncheck Show preview pane.
    • In Outlook 2002, select View --> Preview Pane (toggle: select to disable, select to enable)
    • In Outlook 2003, select View --> Reading Pane --> select Off
  • I DO NOT view "HTML stationary" (or any other inlined images) as the sender intended. I view ALL E-Mail as "plain text." This also reduces the chance of executing "malicious" HTML spam and makes for easier reading of high volumes of E-Mail from many different people.
    • In OE 6, select Tools --> Options --> Read Tab --> check Read all messages in plain text. (Option available with IE6 SP1 installed).
    • In Outlook 2002, you must download the latest service pack and add a setting in the registry. Instructions on how to do this is here: http://support.microsoft.com/default.aspx?scid=kb;en-us;307594
      • Ensure you have the latest service pack already installed and you can download and apply this registry patch: Outlook2002PlainTextFix.zip ~ 330 bytes
    • In Outlook 2003, select Tools --> Options --> Preferences Tab --> E-mail options... button --> check Read all standard mail in plain text.

 

1) Shall we begin? (Image 1.1)

 

Black Viper's Inbox


After a small break away from the computer, I had quite a few E-Mails sitting around.

Note:  According to the screen shot, not one of them is in my "Inbox." What I have done is used filters to distribute them according to predefined rules. This screen shot was taken right after I opened OE.

More on filters later, but first, a tour of the results of the filters.

2) Deleted Items. (Image 1.2)

 

Auto Deleted Email

 

Out of 275 E-Mails, 58 of them were automatically deleted without any actions by me. What this filter does is take ALL E-Mail not directly addressed to me and delete it. Absolutely no legitimate E-Mail sent by a "real" person or company will ever falsify where the E-Mail is going TO!

Initially, I had recommended in my E-Mail Filtering Guide to automatically forward to uce@ftc.gov and delete all E-Mails that did not pass my spam filters. This procedure was flawed with respect to how Outlook Express handles the action. What Outlook Express does is remove the spammers from address and replace it with the E-Mail account currently in use. After realizing this problem, I removed the recommendation. However, this step opened up a whole new can of worms.

For the E-Mails that actually are going to me, these are caught by my "Blocked Senders List" filter that automatically deletes E-Mails originating from a particular domain or person on a domain. Again, more on the actual filters later.

3) blackviper.com Inbox. (Image 1.3)

 

Filtered Black Viper Email 

After removing a few "important" E-Mails, I have taken the screen shot displayed as Image 1.3. Many people ask "Why do you automatically place a subject line in your E-Mails?" This is the reason. It is extremely easy to see that these people have visited my web site and actually clicked on the link located on my domain to contact me. I have little fear as to whether or not it is spam. Also, a VERY important note: Look at the "average" size of these E-Mails. Most are between 3KB and 6KB with none of them over 10KB. This will be important in the next screen shot of the "Filtered Spam."

Something else to understand. Even though I removed the "From" column for these screen shots, I always look to see "who" it came from. In the above screen shot, the From column is not removed and you can actually see the pathetic E-Mails addresses and names that these spams "seem to come from."

4) This is my Filtered Spam. (Image 1.4)

 

Filtered Spam 

Some of these E-Mails are legitimate. Some are virus's. Others are spam. Can you spot each?
I have a filter to catch "common" subject matter and code it in Red. Very rarely (especially using a "default" subject line) does my filters ever tag a "real" message with Red.

I must thank all spammers that attempt to confuse E-Mail filters by adding random characters to the end of a subject line. When this pathetic attempt at getting through to E-Mail users started, it annoyed me. However, after it became a "wide spread practice," I expanded my subject line column way out and scan only the end of the line. If it contains gibberish, it is gone. It has reduced the time I take to filter E-Mails considerably. You will also notice that several E-Mails display "..." on even the short subject lines. This means that the full subject does not fit in the column and more information exists. This common practice just shows that spammers add many spaces to their messages and then place the random characters out of "normal" view. Expanding the column reveals the truth.

Also here, you see MANY messages that are well over 100KB. These are absolutely, positively a virus. Zero doubt. Why? Because any "real" person that would send any attachment would actually "attach" the file. Look on the far left column of the next shot.

5) Attachment reporting. (Image 1.5)

 

Large attachments 

Not one of these E-Mails, sorted by size, reports having an attachment. Now, understand that an E-Mail that is 180KB is a rather large amount of typing. This should give you the first clue about the origin of these E-Mails and the destructive intent. However, some E-mail programs, if using "HTML" stationery and such, do not report attachments of .jpg and .gif's if they are part of the layout. For example, a background picture and a .jpg signature block. Take note: Out of 8400 E-Mails in the last year, only 16 of those have had "large" images (over 50KB worth) included with them as "normal" E-Mails. Please, for the love of dial-up users around the world... Do not send 295KB picture as a "normal" part of your E-Mail. For the sake of time, I now bounce all E-Mails that are larger than 50KB.

Can you confirm that this E-Mail is a virus without "opening" it? Yes, and I will show you how following this short disclaimer:

ABSOLUTELY, NEVER, EVER double click these files to open them! You WILL be infected.

This method is NOT intended to substitute a virus scanner with the eyes of an average user. However, my network has never been infected by a virus. Ever. What AV software do I run daily? None. I do not visit "questionable" web sites, I utilize a hardware firewall and never open an attachment sent via E-Mail. What is the best defense anyone can have? Common sense.

Update November 17, 2003:

This deals with yet another mass mailing worm with its purpose in life to steal PayPal account information.

This discovery was prompted by one E-Mail that fits the Symantec description perfectly:
The subject line contains "YOUR PAYPAL.COM ACCOUNT EXPIRES" and comes from the address of "Do_Not_Reply@paypal.com." It arrived at my inbox at 11:41 AM PST today.

This information was posted November 14, 2003 by Symantec and the virus signatures were updated that day:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.i@mm.html

However, just a few messages up (more recent), I received about the same message at 12:16 PM PST with a slightly different subject line. This one is "IMPORTANT <several spaces and then random characters>". It also comes from the address of "Do_Not_Reply@paypal.com."

This particular message, fitting the bill with another scam to steal PayPal account information, was posted on November 17, 2003. Yes, today:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.j@mm.html

This one tipped me off because it has the exact type of subject line of a previous virus that I am sent often (12 times yesterday, 3 today) for several months. That particular variant comes from the address of "admin@<what ever domain the email is sent to.com>" with the subject line of "your account <several spaces and then random characters>".

More information on that particular virus is here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html

What I am trying to get across is that people could find viruses in their E-Mail box before virus signatures can be updated. I fail to remember the "default" amount of time or "how often" the automatic update service runs for Norton Anti-Virus, but 24 hours is not a guess far from the truth, I am sure.

What this means is that I could have been infected 3 times (by the amount of separate E-Mails) before the signatures could have been updated. Of course, by the time the automatic update is performed, it could be too late.

Knowledge is power. Period. I knew these E-Mails contain viruses without even thinking about it from past experience with known subject lines. I looked them up because my curiosity sometimes overwhelms me and discovered that "I could have received it before they fixed it."

Being careful with the "automatic" actions you perform daily by checking E-Mail and knowing "what is good and what could be bad" is much more powerful than any virus scanner available. Knowing an E-Mail's intent before even opening it has much more power then "assuming" a person is safe just because an Anti-Virus program is running.


Do I own AV software? Yes. When do I scan the network? Before anything major, like an OS install or massive hardware change. That way, I know that all of my backed up data has been scanned with the latest virus protection and clear of anything up to that date. I then install the OS clean and retrieve my safe data and continue as usual without AV software sucking up resources 24/7.

Another reason I have avoided infection is I use a computer strictly for E-Mail. That's it. If anything should happen, such as unexplained memory, hard disk activity, network activity or many other ways to spot a malicious program, I can stop it before catastrophe hits. This also greatly reduces the chance of "important" files being infected across the network because the system that I use for "normal" activities has NO shared resources.

Most people cannot afford having a dedicated system taking care of such types of tasks. However, a pretty clever way of discovering a virus or worm that is scanning the always targeted Windows Address Book is to place a "unique" address that is never used for anything other than to seed. 

Most providers have options of multiple E-Mail accounts. Have a disposable one that is used for all "sign up, place E-Mail address here" forms, one is used for "close friends and family" and another could be "black83648viper6253@mycoolisp.com." This extended garbage would "attempt" to ensure dictionary spammers would not easily hit it and, if you ever get an E-Mail to that address, it would be the first clue of possible malicious activity. Not a guarantee by no means, but at least it could prompt additional investigation.

AGAIN: I will always recommend my readers use a virus scanner daily and keep it up to date. There is no reason not to. If you have a single system directly connected to the internet you WILL have virus and firewall protection installed. Security is no laughing matter. Enough said.

6) Check the "real" contents of a suspicious email. (Image 1.6)

 

How to view email source 

Practice this technique on a REAL E-Mail and not a virus infected one.

This information pertains to Outlook and Outlook Express. Your E-Mail client may vary.
Outlook:

  1. Right-click the E-Mail
  2. Select Options
  3. View the Internet Headers located at the bottom of the dialog box

Outlook Express:

  1. Right-click the E-Mail
  2. Select Properties
  3. Select the Details tab

7) Details Tab. (Image 1.7)

 

Email details tab 

The Details tab displays all kinds of geekie information. Where the E-Mail came from, who it was from and who it REALLY was from. Also, this tab contains information on what servers it passed through on the way to your computer.

What we are interested in here is the Message Source button.

8) Email Source. (Image 1.8)

 

Actual contents of an email virus 

The contents of the E-Mail attachment is not readable by humans. However, what the file REALLY is and what it will do IS readable.

Highlighted, I have the actual MIME encoding format; it tells the E-Mail client what to do with the attachment. In this case, it is:

audio/x-midi

The funny thing is, the actual file name "height.pif" has nothing to do with "audio." PIF is a shortcut to a program. Like what you would find on your desktop. Again, a real person would NEVER send you an "audio" file saved as a "shortcut."

Why is the file a .pif? It is automatically executed by the E-Mail client and the OS regardless of what the MIME encoding says.

This is just one of the many examples I have in my inbox.
How can you create filters to do the same as what I have displayed here? Easy. READ MORE...

How to filter your E-Mail using Outlook Express

 

Spam and virus's do not have to get you down. Here, I take a look at the filters I use for the results you viewed on the previous page. It is not magic. With effective filters, a huge amount of spam can be dealt with behind the scenes with tools you already have at your disposal.

9) Creating Filters in Outlook Express. (Image 2.1)

 

Creating email rules in OE 

Creating filters in Outlook Express does not have to be difficult. In fact, it is a rather easy task!
Select Tools, Message Rules, then Mail.

10) Viewing Rules. (Image 2.2)

 

Mail Rules Tab 

Some important information to note: The rules are applied in the order they appear. Also, if you want the rule to stop after applying a particular filter property, select Stop Processing for more rules in the rule options.

This rule makes everything "not addressed directly to me in the TO: field automatically delete and stop processing any more rules."

With this same technique, you can add rules to "white list" peoples E-Mail address or domain and ALWAYS send them to your inbox (or another folder). This is to avoid possible "valid" news letters from slipping through and getting deleted if they use a technique to mask whom the news letter is going to. Ensure that the white listing filter is FIRST on the list.

How can you add a rule?

11) Adding New Rules. (Image 2.3)

 

Create a New mail rule


Click the New button in the Mail Rules tab.

Here will be displayed a number of options that could be a complete topic in its self. However, you can experiment with what works best for you and your situation by thinking about the additional rules I describe later.

In order to create the "Not to me" list, select Where the to line contains people. Edit it by selecting the blue underline text in the lower portion of the window. Add your email address. Select options button. Modify the rule to say message does not contain the people below.

After selecting enough OK's to get you back, ensure that you add an action to your rule in the mid-portion of the dialog.

12) This is my "Default Subject Line" filter. (Image 2.4)

 

subject line filter 

Oddly enough, many people absolutely feel compelled either to not include my default subject line or must modify it. That is why I have a loose rule pertaining to my subject line.

The actual line is "A Question or Comment for Black Viper." However, if you include "comment" or "Black" or "Viper" in the subject line, it will still get through to me.

Update 18APR2003: Due to some spammers automatically including the E-Mail address in the subject line, I have modified my filter to say "Black Viper" and not just "Viper." Why? Because "Viper" is part of my E-Mail address (...@blkviper.com) and the spams that have been including it in the subject line have been slipping through.

This rule also sends it to a particular folder that is viewed by me by default. In reality, a rapid reply will result if I have to do little action to reply to an E-Mail. Pass my filters and the information you desire is yours. :)

Absolutely zero spam's have got through from a robot. Why? The robots may include "bv" (since that is the information before the @ symbol in the E-Mail address) in the subject line, but never have they equated "Black Viper" to "bv." Actually, many spams will include the information before the @ symbol and then a comma, then some spam message. One of my filters detects "bv," and "bv@" in the subject line and delete it.

13) This filter detects "Diet" spam key words in the subject line. (Image 2.5)

 

Diet spam filter 

Here I am looking for particular words in the subject line and highlighting the message Red, then moving it to the "SPAM" folder. This is a visual cue that the E-Mail used "bad" words and probably did not come from an actual person.
14) This filter detects "General" spam words in the subject line. (Image 2.6)
General spam filter 
Here I am looking for particular words, like "mortgage, free, $," etc in the subject line and highlighting the message Red, then moving it to the "SPAM" folder.

To avoid hate mail, I will not show my "p0rn" filter publicly, but I am sure that you get the point as to the words I filter.

15) This filter passes any other E-Mails that do not meet any previous rules to the SPAM folder. (Image 2.7)

 

Catch all filter 

If this was not here, it would place those E-Mails in the "Inbox," but I really do not like that as I highly doubt that any "legit" E-Mail would pass through my filters and NOT be spam.

16) Blocking Domains. (Image 2.8)

 

Blocked senders tab 

If you find that your filters are catching lots of E-Mails from a particular domain, you can block it before it even gets to you.

The Blocked Senders tab is processed BEFORE any filters are applied. This kills particular E-Mail addresses, like "someone@domain.com" or whole domains, like "spamsender.com."

As a result of this, it would be very wise not to block E-Mails from "popular" domains, such as "hotmail.com" or "yahoo.com" because, even though many spammers fake the E-Mails addresses with these domains, many people use these services for their personal E-Mail. However, if you get an E-Mail from "bulkemail.org," I am sure that no legitimate person will be sending you an E-Mail with an account from that domain... and if they did, would you want to get it?

I hope this offered some insight into the techniques I use to, not only fight spam, but identify the clever virus's out there attempting to suck up bandwidth from the rest of the internet. If this has helped you, feel free to Contact BV, but, remember, leave the default subject line intact... or your E-Mail could be tagged and automatically deleted as spam.

 

I am having a problem with my computer, can you help me?


I will help as much as I can. The major problem is that every system is different and the number of causes of system failure are numerous.

The first thing you should do is ensure you have the latest drivers installed for your equipment.

Drivers are such a common cause of problems that there is no need to troubleshoot any further until that step is complete.

Second, contact your PC maker/software vendor for technical support.

The final thing you should understand is that I am not sitting in front of your system. Troubleshooting from a remote location, let alone by E-Mail, is difficult if not impossible to accomplish. I will help as much as I can.




What is "C-Dilla?" Is it spyware? Trojan? What installed it?

"C-Dilla" is the name of a company that was purchased by Macrovision. The previous company, and now Macrovision, use the "C-Dilla" technology to provide "software activation" services and CD Key verification services for anti-piracy reasons. This technology is now sold by Macrovision as "SafeCast" and is bundled with many products.

More information about C-Dilla and "official" content is located here:

  • The "old" C-Dilla site is here: http://www.c-dilla.com/
  • Macrovisions Web Site is here: http://www.macrovision.com/
  • "FAQ" about C-Dilla, SafeCast and "spyware" concerns located on Macrovisions site is here: http://www.macrovision.com/solutions/software/scprodactfaq.html


What is "Generic Host Process for Win32 Services?!?"

This is what ZoneAlarm complains about while connected to the internet. "SVCHOST.EXE" is "Generic Service Host." What that means is it is a "host" for other processes or services. If your internet connection seems to "no longer work," it is due to you disallowing various "required" functions to no longer access the internet. A big one is "DNS Lookups" and HTTP. With DNS lookups disabled, you will no longer be able to type in "www.blackviper.com" but you will always be able to type in the IP address of the systems. The internet connection is still working, but you are blocking a "vital" part of the process for surfing web pages. With HTTP TCP Port 80 blocked, you will not be able to access any web site.

As to whether or not "you" need the particular process to access the internet or act as a server is completely dependent upon your computer configuration, your software installation, and what you are doing at any given time.

Only you can make the decision about if "you need this to access the internet" or not.

A security vulnerability exists with Windows that could cause your system to exhibit all kinds of poor behavior. This particular issue attacks the Remote Procedure Call service which Zone Alarm may issue a warning with regards to SVCHOST.EXE and Generic Host Process for Win32 Services. However, this inbound traffic should NOT be allowed. READ MORE...

Generally speaking, the following ports and services should NOT be blocked:

  • DHCP: UDP Port 67 and 68 (block both outbound and inbound only if you have a static IP address)
  • DNS: UDP Port 53 (allow only outbound; disable inbound unless you have local DNS server)
  • HTTP: TCP Port 80 (allow only outbound; disable inbound unless you have local web server)
  • HTTPS: TCP Port 443 (allow only outbound; disable inbound unless you have local web server)

Generally speaking, the following ports and services SHOULD be blocked, "outbound and inbound":

  • NetBIOS: UDP 137
  • RPC: TCP 135
  • UPnP: UDP 1900
  • UPnP: TCP and UDP 5000

If you block a port and something breaks, reenable the blocked port and see if it is fixed. Easy as that. :)

 Are you in the "IT" field? Are you a Web Developer? Are you a Programmer?

 I very recently (mid 2010) made it back into what would be considered an "IT" job after a few years away. As to the other questions, no... I maintain this site in my spare time and freely give away what knowledge that I have because I enjoy it, not because I make loads of money at it.

 

Why can't I access/check my Hotmail or Yahoo account using my DSL connection?

 

This particular issue came about due to a family member that was unable to check their HTTP E-Mail accounts after a new installation of SBC DSL either by accessing it via a browser or Outlook Express.

After over two hours of banging my head against the monitor, I figured out the solution:

The "normal" way many DSL providers offer their service is using what is called "PPPoE" or Point to Point Protocol over Ethernet. Under normal circumstances, this is fine. However, it can cause issues such as this one. The fix? Download and run DRTCP available from DSLReports.com: 

http://www.dslreports.com/drtcp

The only setting you need to change is the "MTU" or Maximum Transmission Unit. This value needs to be changed to 1492. The default value for most Windows OS configurations with a LAN connection to the internet via a router or DSL modem is 1500. After applying this change and rebooting the computer, all should be well again with HTTP E-Mail.


Why can't my Windows XP Home computer see my Windows XP Pro system over the network?


The reason is because during the installation of Windows XP Home, the workgroup setting is not saved. However, the workgroup setting is saved after the installation is complete with Windows XP Pro.
The defaults are as follows:
  • Windows XP Home workgroup default: "MSHOME"
  • Windows Xp Pro workgroup default: "WORKGROUP"
To correct this error, have both Windows XP Home and XP Pro a member of the same workgroup.
You can do that by running the network wizard on each system and entering the proper information. I do not recommend using either of the default workgroups, however.
  1. Select Start
  2. Right click "My Network Places"
  3. Select Properties
  4. Select "Network Setup Wizard"
  5. Enter the proper information for your network at each dialog
You should then be able to see each system from the other.


I am getting these strange popup messages, even if I am not surfing the web. How can I get rid of them?

This is due to spammers exploiting a feature that has been in Windows since Windows NT 3.5, but not Windows 95, 98, Me. It is called the "net send" command. This has nothing to do with MSN Messenger, nor is it "WinPopUp."

The reason spammers have begun to target this "feature" is the fact that people are beginning to adopt OS's built on NT, such as XP. Previously, the un-requested popups were not a problem because so few people were running an OS that supported it.

To test for this security vulnerability, at the command prompt, (run: cmd.exe) type:

net send 127.0.0.1 hi

If you get a popup "hi" message, you should disable the Messenger service.

How to change the state of a service is here.

Why is Remote Procedure Call shutting down my computer after 60 seconds?


Why is LSASS.exe shutting down my computer after 60 seconds?


Why is svchost.exe crashing my computer?


Why is dllhost.exe taking 100% of my CPU time?

 

A buffer overrun is the cause of an issue affecting many versions of Windows to include NT, 2000, XP and 2003. The main indication of this is a 60 second shutdown counter just after connecting to the internet or "right after" an attack attempt. "Strange" network activity while you are not downloading or surfing is another key factor.

Upon examination of my firewall log files, I discovered that every two to five minutes, the vulnerable ports are being scanned. Since I am behind a firewall, I have not been affected by any of these problems. However, due to the firewall activity, I must assume that the Remote Procedure Call
vulnerability information publicly released on July 16, 2003 and the LSASS vulnerability released April 13, 2004 are being exploited. The latest security patch described below (in the Third step) will solve all issues.

As I touched on with my configuration, by default, all incoming Remote Procedure Call traffic is blocked with all firewall's to include Windows XP's built in firewall. Being as though that is a general statement, I am sure I am going to get burned by it. But in all honesty, regardless if you are behind a firewall or not, the latest security patch should still be installed as it is the most critical one recently released and affects such a mass amount of systems.

ABSOLUTLY DO NOT disable the Remote Procedure Call Service using any Registry Patches or Hardware Profiles no matter who told you or why!

Remote Procedure Call is a vital core process that is required for your system to function properly and install the security patch. If you have already disabled it somehow and looking for help, I have a way to try and fix it.

The following is steps that you can take to protect yourself from this vulnerability:

Note: If you do not have a firewall or use something other than Windows XP, skip the first step.

First

In an effort to ensure that your system will not be attacked while attempting to solve the problem, disconnect the computer from the internet.

Block inbound (from the internet) and outbound (from your computer) TCP and UDP ports 135, 137, 138, 139, 445 and 593 at your firewall and ensure your firewall is active. This will stop Remote Procedure Call and LSASS.exe inbound traffic from the internet reaching your computer.

You can enable the built in Internet Connection Firewall with Windows XP by doing the following:

With the default Category Control Panel:

  1. Head to Start
  2. Select Control Panel
  3. Select Network and Internet Connections
  4. Select Network Connections
  5. Right click your "internet" connection, whether it is dial-up (your modem) or local area network (your network card if using broadband)
  6. Select the Properties option in the popup menu
  7. Select the Advanced tab
  8. Check the box next to "Protect my computer and network by limiting..."
  9. Select the Ok button to apply the settings

With the Classic Control Panel:

  1. Head to Start
  2. Select Control Panel
  3. Select Network Connections
  4. Right click your "internet" connection, whether it is dial-up (your modem) or local area network (your network card if using broadband)
  5. Select the Properties option in the popup menu
  6. Select the Advanced tab
  7. Check the box next to "Protect my computer and network by limiting..."
  8. Select the Ok button to apply the settings

This action will start the Internet Connection Firewall Service.

Second

 

You can stop a computer from automatically rebooting during the 60 second countdown by doing the following:

  1. Head to the Start button
  2. Select Run...
  3. type shutdown -a in the popup window
  4. Select the Ok button to issue the command
You can "stop" the Remote Procedure Call Service from shutting down the system after 60 seconds each time the attack is attempted. This does not apply to LSASS.exe. I absolutely do not condone this action as a "fix," but it could be used to stop the system from rebooting while you are attempting to repair the issue and scan your computer for vulnerabilities if you have not already activated your firewall. In an effort to ensure that your system will not be attacked while attempting to solve the problem, disconnect the computer from the internet:


Select Recovery tab 
  1. Head to the Start button
  2. Select Run...
  3. type services.msc in the popup window
  4. Select the Ok button to issue the command
  5. Select the Remote Procedure Call Service from the list by double clicking it
  6. Select the "Recovery" tab (Image 1.1)
  7. The default for this service is "Restart the Computer" for all failures
  8. Change each one to "Restart the Service"
  9. Select the Ok button to apply the settings

Again, this should not be done to fix the reboot issue, only to ensure that you have the proper amount
of time to correct the problems.

Third

 

Ensure that all security patches are currently downloaded and installed. Before troubleshooting your computer any further, this step needs to be complete to be positive that this particular security issue is not being exploited and causing your problems.

Take note: Cryptographic Services in Windows XP and 2003 needs to be placed on automatic and/or started before installing security patches. Cryptographic Services requires the Remote Procedure Call Service. Again, do not disable Remote Procedure Call! It is required to install the patch! They both are placed on automatic by default.

Remote Procedure Call Information:

A security patch for Windows NT, 2000, XP and 2003 with additional information about the previous vulnerability is located here:

http://support.microsoft.com/?kbid=823980 (superceded by the latest update)

A security patch for Windows NT, 2000, XP and 2003 with additional information about the latest vulnerability, which includes the previous update, is located here:

http://support.microsoft.com/?kbid=824146

A Microsoft Security Bulletin MS03-026 was posted about the first issue:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
A Microsoft Security Bulletin MS03-039 was posted about the latest vulnerability:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp

LSASS.exe Information:

A Microsoft Security Bulletin MS04-011 was posted about the latest vulnerability and includes details on where to get the patch to fix it:

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Fourth

 

Scan your computer with the latest virus definitions. If your computer has already been attacked, any number of problems can arise from this:

  • A new user account could have been created with administrator privileges.
  • A trojan or worm could have been installed to attempt infection with other malicious code either to the local system or internet connected computers.

Exploits have already been circulating around the internet to include:

  • A trojan called "W32.Blaster.Worm" that executes "msblast.exe": Symantec Information
  • A worm called "Backdoor.IRC.Cirebot" that attempt to use a TFTP server to cause hate and discontent: Symantec Information
  • A worm called "w32.sasser.worm": Symantec Information

However, just because you have been hit with an attack against the Operating System vulnerability does not mean that you are automatically infected with anything.

Fifth

 

As far as I feel, if a system has been compromised, the only way to go would be to unplug the computer from the network and completely format the hard drives, turn off the computer, and then fire it back up and reinstall Windows clean. As far as I am concerned, that is the only way to ensure that all malicious code has been removed from the system in question. Understandably, this solution is not possible for everyone. However, if you patch the security hole and scan your computer for viruses, you should be closer to a safe system again.

Revision History

 

  • August 10, 2003:
    • Initial release.
  • August 11, 2003:
    • Added log file information.
    • Included information about possible virus and trojan infections with examples.
    • Added information on how to stop the Remote Procedure Call Service from rebooting the computer.
  • August 12, 2003:
    • Changed "Take No Action" to "Restart the Service."
    • Included advice not to disable Remote Procedure Call Service.
  • August 13, 2003:
    • Removed the complete graphical Recovery tab information.
    • Added a procedure to activate the Internet Connection Firewall with Windows XP.
  • August 22, 2003:
    • Adjusted order of actions, placing activation of the firewall first.
  • September 10, 2003:
    • Updated information to include latest Remote Procedure Call Service vulnerability released September 10, 2003
  • May 1, 2004:
    • Updated information to include latest LSASS.exe issue.