Lexington Computer Repair Blog

After clearing up a virus, it’s not too unusual that you still can’t connect to the internet through your browser even though your computer is connected just fine to its network. For example if you open a command window, and type “ipconfig” you will see that you have a proper ip address (like 192.168.1.x). You can even ping sites, I usually use Yahoo for testing, by typing “ping www.yahoo.com” but still the browser returns something like “Internet Explorer cannot display the webpage”. Frustrating.

I had this problem tonight on a customer machine and what was more frustrating was that my normal quick-fix didn’t work. Normally on an XP machine I can just run LSPFIX and the problem is solved, that works 90% of the time. If that doesn’t work, then I have used another Winsock Fix you can find here. Tonight though neither of those worked. Just as that bastard little voice in the back of my head was starting to tell me I was going to fail at fixing this machine, I remembered one really simple little trick that these viruses play – proxies.

As the little voice became louder and louder, “Steve, you’re not smart enough, you’re going to have to call your customer and admit it, everyone will think you’re a loser, your wife will leave you and your children will despise you…”, I opened Internet Explorer and did the following:

Tools/Internet Options/Connections/LAN settings

On the bottom half of the window, sure enough “Use a proxy server for your LAN” was checked and the LAN traffic was being proxied to port 555 on the laptop. I unchecked the proxy server and viola! this machine was back on the grid and that little voice was getting a fail enema.

When I was responsible for software development teams I used to often say that sometimes it was good to know when to give up early. Most good software developers that I know are ambitious problem solvers and if you manage to give them an “impossible” task they will work on it until the cows come home trying to fix it “Impossible” tasks have a virtually unlimited set of rabbit holes, false solutions and sub-problems to be solved, these erata often conceal the true solution which is to give up and try something completely different. Such is the advice I should have been giving myself in trying to repair the HP Pavillion 533w that’s been on the bench here for several days.

I’m not sure what the machine has been through in getting to me, it appears to have lots of Windows updates but is in pre-SP2 state. The two key problems I faced were:

1. Non-destructive recovery install stalls after setting keyboard and language
2. After problem 1 was solved, Windows update stalled at “Checking for latest updates for your computer…”

For Problem 1, it turns out that some HP Pavillions have a bug in their non-destructive recovery solution. This bug causes the install to report that it cannot location the file c_20127.nls on the recovery drive and then eventually seizes up.

To fixed this, I used a modified version of these instructions:

http://h10025.www1.hp.com/ewfrf/wc/genericSoftwareDownloadIndex?lc=EN&cc=us&softwareitem=pv-9155-1

(also referenced here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329450)

As you will note, these instructions call for the use of a floppy disk, they might just as well have suggested that you use your keypunch machine to type the solution onto Hollerith cards – who uses floppies anymore? As it turns out, you can modify the instructions to use a USB flash drive by changing the references in the .BAT file for “A:” to “D:” (there are 2 references), copying the files to the root of your USB Flash drive, and ensuring that the flash drive is plugged in to the problem computer when it is booted. Follow the HP instructions but find your files on d: instead of a:. In my case I had to do the install again to get the fix to take.

Once Windows XP Home was loaded back on the machine I was disappointed (to say the least) that the system would not access Windows Update. I think this problem was related to some spyware that had been on the machine previously.

Broken Windows Update that results from viruses and spyware can be very difficult to fix. Here is where the wise and experienced computer tech will probably decide to do a clean install. But not me. There are a lot of reasons why Windows Update fails. There are hundreds of things to try. In the past, I have found that the registry keys for Automatic Update Service or BITS had been altered from %SystemRoot%… to %fystemRoot%. That was not the case for this machine.

What finally did work for this machine can be found here:

http://taurarian.mvps.org/WU_XP/0×8024402f.htm

By the time I got to Step 4, the problem was fixed. Hallelujah!

P.S., oh and I also renamed the SoftwareDistribution folder to .OLD, don’t know if that impacted the solution.

Last night I was checking out the latest news on Swine Flu or Farah Fawcett or something and I saw at ad for Kroger. I seldom click on ads but this one was offering coupons and hey we shop at Kroger anyway so why not save some money (we’re not exactly pulling down rockstar salaries here in the independant computer repair business). In order to print the coupons, Kroger (and their partner coupons.com) force you to install some sort of printing software.

Hang on, I thought, why do I need special software to print a coupon? Kroger’s website claimed that it was in order to print the special bar code that their scanners require. Now, anyone who has flown in the last 5 years knows that you can print your own tickets and boarding passes at home now. These boarding passes have very elaborate bar codes on them that identify the holder the class of the ticket, its origin, etc. You’re telling me a 50-cent coupon for Kraft Macaroni and Cheese requires a more sophisticated system? I don’t think so.

Kroger’s download page states that the software doesn’t collect any personal information, however they’ve already lied to me about requiring it to print a coupon so why should I believe this? Moreover, my AntiVirus software is flagging the software as spyware this morning.

You can read more about this coupon software topic on DSLReports (including a message from the company’s Chief Marketing Officer) if you would like to see further discussion. I’ve written an email to Kroger about this. Will include their response (if any) here. In the meantime, to my customers, I would recommend not installing an “coupon printing” software from Kroger, Kraft or Coupons.com

A lot of initial calls we get here in our computer repair business in Lexington are about viruses. Generally people have a vague notion that they might have a virus, but they aren’t sure, can we take a look? I thought it might be helpful to describe the quick triage we do ourselves to make our assessment.

First let me mention that their are a number of different kinds of infections you might get, we lump them into 2 categories: Viruses/Trojans/Spyware/Adware/Worms are in the first category (generally known as “malware“), the second category we call “crapware“. You can read more of the detailed definitions of viruses and trojans here or here. For all intents and purposes, to the computer user it’s all about the same, malware is responsible for  making your computer slower, changing the data that is coming into your computer and possibly taking information out of your computer. Once they are in there they typically replicate, sometimes until the PC becomes unusable. The second category, crapware, is software that either the computer manufacturer has put on your computer, or some legitimate installation program has sneaked on there because the user wasn’t paying 100% attention. Similarly, they slow down your computer and make it operate less efficiently.

So, what are the signs that your computer is infected?

1. Your computer starts very slowly – As computers that are running Windows operating systems age, they slow down (just like people) the disk and registry get full of remnants of programs long forgotten and no longer used. However, when your computer starts exhibiting signs of extreme slowness that comes on quickly, over the course of a couple weeks or less, be suspicious. If it’s taking more that 2-3 minutes for your computer to become usable be very suspicious.
2. Your Anti-Virus software reports that your virus definitions are out of date – One of the things that malware programs do first is disable your Anti-Virus program or interfere with your internet access to keep them from updating themselves. If you find that you can’t update your AV, you’ve got a problem.
3. Windows update doesn’t work – Malware takes advantage of defects and holes in your Windows operating system. Microsoft runs along behind the malware creators patching those holes and encourages users to update their systems through Windows Update. Malware creators try to stay a step ahead of Microsoft but then must prevent you from plugging the holes they are taking advantage of, they do this by disabling some of the underlying services that facilitate MS Update. Open Internet Explorer and go to Tools/Windows Update or Safety/Windows Update and update your computer with the latest security patches, if this fails, it could very possibly be due to a malware infection.
4. Control-Alt-Delete doesn’t work – Some malware disables this popular function because it is useful in seeing what programs are really running on the computer.
5. When you are browsing, you get unexpected “pop-ups” – Pop-ups are windows that open on your desktop unexpectedly, almost always trying to sell you something. Sometimes, they cynically tell you that you have a virus and you need to download their program to fix it (the download actually is the virus).
6. Your internet access is stopped or seriously curtailed – If this behaviour is combined with any of the above, you probably are infected.

All of the indicators above could indicate some other problem with your computer, but if you are experiencing two or more of them, chances are you’ve caught something. If the infection is bad, you are going to need to budget a good bit of time to repair it. There are some good resources out there, one place to start is the Security Forum at Broadband Reports, lot’s of helpful people there. You can also contact me here on this blog, I’ll be happy to help if I can.