Looking at a Rootkit

Having an anti-virus device on the edge of your email network is important, but you can’t rely on it entirely. If you’ve got your AV doing hourly updates, that means you’ve got a 1 hour window for someone to exploit.  In my case, any executable files are forwarded to my account for manual review. Most of these are obvious phishing attempts or viruses.  This week, I caught one that looked real, and decided to dig into it a bit more.

Continue reading

Unscheduling a Next-Boot chkdsk

Well, this could have caused some delays in the next reboot of the file server.  I scheduled a chkdsk on a 1.5TB array.  And unfortunately, Windows doesn’t provide any nice ‘Cancel Scheduled chkdsk’ button.  A quick search turned up the chkntfs /x f: command.  Upon further reading, this is not what you want to do.  chkntfs /x will flag that drive to never be scanned, even if it is ‘dirty’.

You’ll want to open up RegEdit, go to HKLM\System\CurrentControlSet\Session Manager, and look for the REG_MULTI_SZ named BootExecute.  Edit that key and remove all the lines except autocheck autochk *

This will set the system back to the default method of scanning a drive only if the NTFS dirty bit is flagged.

Using VMware Converter

So, you’re running VMware Server, and have made a few machines.  It runs great.  But you’ve got this old machine running an ancient OS or application, and you don’t have the install media anymore.  Or perhaps your software maintenance expired, and you can’t get the tech support you need to deactivate the license on one machine and move it to another.  That’s where VMware Converter comes in.  VMware Converter takes care of transitioning your physical machines to VM images, and updates the drivers on the system to use the virtual hardware (network, video, SCSI, etc).

Continue reading

Google Adds Grand Rapids to Street View

Google has added the Grand Rapids area to their Street View feature on Google Maps.  Judging from the pictures, it looks to be from around September of last year.  Coverage mostly focuses on the area north of M-6, south and west of I-96, and east of Wilson / I-196.

I remember seeing one of the Street View cars near Byron Center & 52nd, but that area isn’t currently available for some reason.

If you find any interesting shots, post them here.  The pictures are all from daylight hours, so Division / 28th should be (relatively) clean.  Google is supposedly blurring the faces of people in Maps now, but I haven’t noticed anyone blurred out yet.

Lan Party @ Jim’s

LAN at my place on July 26th now August 2nd, starting around noon.  $10 gets you gaming and food as always, make sure to RSVP below if you’re coming.  Being the first lan at the new house, this is also going to turn out to be a ‘Help Jim find out what outlets are on which circuits’ adventure, I’m sure.

I’m planning on burgers & brats, so if you want something else, post it in the comments.

A note on parking – My driveway can only hold about 5 cars, so anything beyond that, you will have to park on the street.  Parking is only on the west side of the street, just don’t block any driveways.

Obtained Loot: [House]

I closed on my house yesterday.  I moved a whole 5 minutes away from where the apartment is.  Once I get settled in, I’ll post all the details and pics.  For once, a lan will be hosted that isn’t at Chris’ house!

Brother 2040 Toner Light Stuck

 After changing a toner cartridge and drum, a user’s printer would no longer print, and the Toner light was staying on.  The following procedure fixed it.

  1. Turn the unit off.
  2. Open the front cover.
  3. Hold the Go button while turning the unit back on.
  4. When all the LEDs come on, release Go, then press Go twice.
  5. When all the LEDs come on a 2nd time, press Go 5 times.
  6. Once the Ready light comes on, close the front cover.