Sunday, August 10, 2014

I’m sure there is a better way to accomplish this…

In my GSD blog post Anti-Malware Response "Go Kit" I outlined a variety of tool-sets and standalone tools that I carry on my USB flash drive for dealing with malware responses on friends/family systems.

Keeping the IR tool-sets (Confessor, MIR-ROR, rapier, TR3 Tool Kit v2, and triage-ir) updated is a lower priority for a number of reasons.

  1. It’s a lot of work,
  2. the developers often require (due to licensing) the end user (me and you) to download the supporting binaries directly from the developers’ sites, and
  3. you always run the risk that a later utility update may break the way the scripts run on the package.

None of those are deal-breakers, but because of that, keeping those updated (aside from the main IR package) leads me to not update them as frequently, maybe once a quarter to biannually.

The ones that I do update frequently are the ones that are used to to sweeps for malware and/or viruses.

Most of these are signature based, and if they are updated, there there is a high likelihood a scan with an older tool may miss something critical!

So to keep them updated, I have a bookmark folder with URL links to all the tools. I then go down the list, click, download, copy to USB, rinse and repeat.

So yesterday I wondered if I could automate the process a bit. Kind of like a poor-man’s version of NirLauncher or KLS SOFT’s WSCC - Windows System Control Center.

I’m sure there is a better way to do this, but this was my “it works for me” result.  I’m not posting the actual files (at least in fullness for now) but will show you the basics so you can build your own if you want.

First, I considered (and may still go to) a process/script that uses Wget for Windows - GnuWin32.

But I wanted to start with what I knew (or thought I did) for now.

To get the ball rolling, I made a “landing zone” folder on my Windows system at C:\TEMP\AMW_Packages

This is where I wanted to download the updated files into. I wanted to keep it separate in case I decided I didn’t want to end up overwriting any of my previous files. So once all the packages are downloaded here, I will manually copy them over onto my USB drive folder where they reside full-time.

I then created a Windows BAT file called “a-AMW_Package downloader.bat”

It does a few things.

It deletes all the files/folders in the “C:\TEMP\AMW_Packages” location to get a clean start.

It then runs down a list of the utilities I need to get/update, and downloads them into the “C:\TEMP\AMW_Packages” folder using PowerShell. (I know! Cool!)

Then, there are some packages that have some fancy dynamic page tricks/EULA’s that make getting those binary files a bit of a hassle. Some of those I was able to work around with the PowerShell commands below. However others were not so cooperative. And that was OK.

So at the end of the BAT file, it calls a custom EXE called “a-BAT-IECall.exe”.  That file was a different PowerShell script block I came up with to open up all those “problem” site URL’s in a single Internet Explorer window session, each in a different tab; more on it in a bit.

The resulting automatically opened IE window allows me to review/download those “manually” as needed.  (I guess I could put it at the front so I could be manually downloading those as the script continues to run in the background. But this made sense to me. I also dropped some FYI URL pages as well there to remind me of some tricks I keep forgetting or to see if any new tools are available that I may want to add to my tool-kit.

Here is an abbreviated version of the BAT file “a-AMW_Package downloader.bat” contents. You should be able to get the gist of what I am doing and add more lines for other resources you may want/need.

:: Anti-Malware Response “Go-Kit” Downloader

:: Clean Up Download folder first

set folder="C:\Temp\AMW_Packages"
cd /d %folder%
for /F "delims=" %%i in ('dir /b') do (rmdir "%%i" /s/q || del "%%i" /s/q)

:: Now Let's Get the Files!

:: Process Explorer
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://download.sysinternals.com/files/ProcessExplorer.zip', 'ProcessExplorer.zip')"
powershell -Command "Invoke-WebRequest
http://download.sysinternals.com/files/ProcessExplorer.zip -OutFile C:\temp\AMW_Packages\ProcessExplorer.zip"

:: AutoRuns
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://download.sysinternals.com/files/Autoruns.zip', 'Autoruns.zip')"
powershell -Command "Invoke-WebRequest
http://download.sysinternals.com/files/Autoruns.zip -OutFile C:\temp\AMW_Packages\Autoruns.zip"

:: Microsoft Safety Scanner & Malicious Software Removal Tool  (+ download others manually in a bit)
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://go.microsoft.com/fwlink/?LinkId=212732', 'msert.exe')"
powershell -Command "Invoke-WebRequest
http://go.microsoft.com/fwlink/?LinkId=212732 -OutFile C:\temp\AMW_Packages\msert.exe"

::And so on, and so forth for all the other tools as needed

:: Trend Micro Anti-Threat Toolkit  (download manually in a bit)
:: VIPRE Rescue (download manually in a bit)
:: AdwCleaner (download manually in a bit)
:: ComboFix (download manually in a bit)
:: Rootkit Buster - x86 - Trend Micro  (download manually in a bit)
:: System Explorer (download manually in a bit)

:: Misc Tools and Utilities (Now we fire up IE via a PowerShell script) so we can launch IE and the link URLs in tabs for manual download if we need them.

a-BAT-IECall.exe

Exit

Just add more of those download lines for all the tools you need as long as the URL download links are functional with this method.

So next, about that “a-BAT-IECall.exe”

This took a bit of creative work to generate.  There are other ways to launch IE in a standard BAT file, but it ended up opening each URL in a separate IE window that cluttered up my system, despite my best attempts. So this way worked perfectly, and because: PowerShell!

The PowerShell script that is the heart of the engine looks like this:

$ie = New-Object -ComObject InternetExplorer.Application
$ie.Navigate2("
http://systemexplorer.net/download.php")
$ie.Navigate2("http://www.vipreantivirus.com/live/",0x1000)
$ie.Navigate2("https://toolslib.net/downloads/viewdownload/1-adwcleaner/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/combofix/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/forums/t/403413/cannot-execute-exe-reg-regedit/",0x1000)
$ie.Navigate2("http://free.antivirus.com/us/rootkit-buster/index.html",0x1000)
$ie.Navigate2("http://www.microsoft.com/security/scanner/en-us/default.aspx",0x1000)
$ie.Navigate2("http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx",0x1000)
$ie.Navigate2("http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline",0x1000)
$ie.Navigate2("http://esupport.trendmicro.com/solution/en-us/1059509.aspx",0x1000)
$ie.Navigate2("http://support.kaspersky.com/viruses/utility",0x1000)
$ie.Navigate2("http://firesage.com/mbrwizard.php?x=4x",0x1000)
$ie.Navigate2("http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/rkill/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/unhide/",0x1000)
$ie.Navigate2("http://www.bleepingcomputer.com/download/windows/security-utilities/",0x1000)
$ie.Navigate2("http://support.microsoft.com/kb/299357",0x1000)
$ie.Visible = $true
stop-process $PID
#

Add/remove/change URLs accordingly.

To create the EXE version for this PowerShell script to include the call to in your main BAT file:

  1. Edit the PowerShell script block above to add/change/remove any URLs
  2. Save it somewhere for quick future re-editing.
  3. Launch the PowerGUI Script Editor.
  4. Create a new workspace tab.
  5. Copy those lines into it.
  6. From the menu bar select “Tools” then “Compile Script…”
  7. Select where you want to save it...should be same place as the “a-AMW_Package downloader.bat” BAT file…and what name you want to give it, for me I used “a-BAT-IECall.exe”
  8. I left the Target framework set at “Microsoft .NET Framework 4.0” for my system.
  9. I guess you could give it a cool custom icon if you wanted. I didn’t for now.
  10. Select “OK” and let it build!
  11. Close stuff out when done.
  12. Find/test! (see result below)

3kq2ba2q.oox

Now, when I want to update my IR package tools, I just fire off the main BAT file and away it rips, leaving me to manually download just a few packages myself -- if desired -- from IE.

Misc Notes and references.

I wasn’t aware until composing this post that the PowerGUI project appears to have been taken over by Dell: Welcome to the New Home of PowerGUI. OK.

I’m sure there are WAY BETTER ways to deal with this with Wget, PowerShell, BAT files, but this works and I learned a lot in the process. I’m open to recommendations/suggestions.

The PowerShell commands in the BAT file are pretty flexible.

powershell -Command "(New-Object Net.WebClient).DownloadFile('URL-path-for-binary.file', 'binary.file’)"
powershell -Command "Invoke-WebRequest
URL-path-for-binary-file -OutFile C:\temp\AMW_Packages\binary.file"

This one is straight forward with the pattern:

:: AutoRuns
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://download.sysinternals.com/files/Autoruns.zip', 'Autoruns.zip')"
powershell -Command "Invoke-WebRequest
http://download.sysinternals.com/files/Autoruns.zip -OutFile C:\temp\AMW_Packages\Autoruns.zip"

I was able to make changes to some of the “binary.file” names to change the name as it got saved, and in some cases the URL path didn’t actually contain a binary.file name in the path but it still handled it OK. Once you have the format down you can experiment a bit. See below for one example:

:: Microsoft Safety Scanner & Malicious Software Removal Tool  (+ download others manually in a bit)
powershell -Command "(New-Object Net.WebClient).DownloadFile('
http://go.microsoft.com/fwlink/?LinkId=212732', 'msert.exe')"
powershell -Command "Invoke-WebRequest
http://go.microsoft.com/fwlink/?LinkId=212732 -OutFile C:\temp\AMW_Packages\msert.exe"

Here are the URL’s of many of the sites/tips I reviewed to get me to this stage, and a few that I wanted to do but couldn’t quite get to work like I wished.

Again, any tips, tricks or alternative suggestions would be appreciated!

Cheers!

--Claus V.

P.S. Microsoft has a number of tools for scanning/removing malware from a system.

Microsoft Malicious Software Removal Tool - This is on most all Windows systems as the MRT.EXE file. Type “MRT.exe” in the RUN bar and you will be off to the races (assuming Windows Updates are current, otherwise download the file manually above or effectiveness will be diminished.)

Then there is the heavy-duty version Microsoft Safety Scanner which gets updated every 10 days.

And, in my original post I mentioned the Microsoft Standalone System Sweeper from Microsoft that was available only via the Microsoft Connect site unless you went through a third-part download source. See this Utility Spotlight: Repair Your PC Infection from TechNet Magazine to get more info on it.

Working on the URL/Download location for this one led me to discover the Windows Defender Offline tool that may have replaced (?) the Microsoft Standalone System Sweeper.  This one is for most “modern” versions of Windows but if you are running Windows 8.1 you will need to jump to this Windows Defender Offline Beta build page.

--cv

Saturday, August 02, 2014

The Valca Layered Security Experiment

Some notes on the current layered security approach I’m using on my laptop (Win 7) as well as Lavie’s (Win 8.1).

I keep the Microsoft OS’s regularly patched with all available MS updates.

I am using Windows Firewall for ease of administration rather than one of the multitudes of alternative (and more feature packed) firewall solutions. It’s strange as I used to be pretty heavy into the alternative firewall thing around this blog in the past. WF works well enough.

I don’t run Shockwave or Air any more.

I update Flash, Java, and regularly run Qualys BrowserCheck and the Secunia Software Inspector to look for critical software updates for these common threat vectors.

I do still run Microsoft Security Essentials despite having tried Bitdefender Antivirus Free and AVG Free Antivirus. They did great but the whitelisting was a pain and less than smooth.

I run Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) just updated to the final public release 5.0 version. I take the defaults (for now). More info below.

I “inoculate” our systems against Crypto-type malware using CryptoPrevent from Foolish IT LLC.

Recently I ponied up the $ for a few lifetime licenses of Malwarebytes Premium anti-malware and Internet security software. The new 2.0 version still needs some polish but performance is great and Lavie gets so exited when her nightly scans come back clean. Not sure why. It plays wonderfully with MSSE.

Malwarebytes recently released a supportive product called Malwarebytes Anti-Exploit

It works by monitoring your system for zero-day exploits attacking your browser and other commonly found software. The free version just protects the web-browsers and Java, while the Premium version protects PDF readers, Microsoft office applications, medial players, and allows for creation of custom shields. It reminded be a bit of an old PCTools product (now retired) called ThreatFire. I’m not linking to it since it is old but you can search if you are curious.

I’ve not yet applied it to our “production” systems, but am running it on a Windows 7 Enterprise VM system that also has EMET 5.0 and AVG Free protection. Early alpha/beta versions did have conflicts with EMET but this public version seems to work fine with it. So far so stable. Once I am comfortable with it, I may try it on our primary laptops.

What else?

The HDD is “protected” with the last working version of TrueCrypt. Yes I know all about the drama.

As I have said, my primary concern is data loss from burglary or theft, less so from the multi-letter agencies.  When I get around to upgrading to a 1 TB SSD hard drive (prices please drop!) I may plunge in and do an upgrade to Windows 8.whatever at a level that would support Bitlocker so I could get off TrueCrypt. But that’s activity for a different day.

The take away here is that I’m keeping my systems updated and that I’ve layered the defenses. It’s become much more work than most standard users would do, but instead of fishing for a hobby, I sysadmin.

Cheers,

--Claus Valca

Footnotes:

Notes and Observations around the church-house

Lavie has been hard at work on her ongoing project to rebuild/re-imagine the church website.

As such, last weekend we dropped by while it was unoccupied and I shot close to 8 GB of RAW format photos for her to use on the site and in outreach materials.  It was a lot of fun.

Once that was done I set to work on their receptionist PC to start trying to understand the cause of the daily issues reported.

(see this post: grand stream dreams: Rough IT notes for those who are left to clean up…)

Turns out there was a lot going on, and over the course of about three days (popping in after work and between services) we got a lot accomplished.

It is an older Dell Vostro system but does run a quad-core CPU so it should have muscle for most standard office admin tasks and programs. But it didn’t.

The hard-drive is a 250 Gigger but had just 16 GB of free space left.  When I ran SpaceSniffer on it, it only found about 40 GB of files in use. That was odd.

My bad, I then logged out and on the system with an admin-level account. There we go.

Turns out there was a 152.4 GB single file on the drive. It looks like someone took an "image" of the PC in the past (Feb 2014) and I'm not sure why, but this one file was taking up over 1/2 of the entire drive. I also saw there were weekly backup job tasks scheduled for every Sunday. Those jobs seem to take up about 2.2 GB of space and there about 4-6 of them. They seem OK.

The image file could only be seen under an admin account and is located as follows;

"C:\Users\<userid>\windowsimagebackup\<pc-name>\Backup-<long string filename>.vhd"

No one I asked could tell me why or who captured a VHD backup image of the system, so it got deleted and the system could breath again.

Using the Win 7 Resource Monitor tool, it was using over 90% of the 2 GB system RAM constantly. I’m betting there was a lot of disk caching activity as well. This system can only support up to four 1 GB PC2 DDR sticks so a request was made to order a new set of RAM to max it out.

Something on the WSUS service is broken (updates are apparently managed via GP settings) as it said it had no updates available, but when I re-checked manually from Microsoft, it had over 150 updates waiting, back from a year ago to present.  That alone took an overnight, then two more multi-hour sessions to bring it up to a fully-patched security level. Sheesh.

IT also has a dual-video output card in it but the ladies are only using a single monitor. I’ve asked to see if we can’t dig up a second one for them. Fingers crossed! That should help with their productivity. Lavie says she hasn’t ever used a dual-monitor setup in any of her office admin jobs. Her first experience with that configuration was here at the house when I set her laptop up with a 2nd monitor for her to use when she was taking her Dreamweaver online course. She loved it and I hope she finds benefit in the workplace once deployed.

Oh, I quarantined their wireless mouse. It was in death-throes causing the system to lock up. I put a wired mouse on it for now and that alone fixed many of the apparent lockup issues they were having with their HID usage.

It’s not everything that still needs to be done, but it’s a start. One partially down, and about another 15 systems to go.

I was finally able to take an introductory look at the domain with AD Explorer and found a lot of “abandoned” accounts and systems. Need to load up the Remote Server Administration Tools for Windows 7 and Windows Servers (WindowsNetworking.com) so we can get cracking at disabling those accounts and systems for now and start to clean house.

Cheers,

Claus V.

Bargain Basement SysAdmin Link Sale!

It’s that time of the year again for Claus to unload all of the pending Sysadmin-related links that he’s been collecting.

Bear with me here…some of these are older than others and this is more of a link-dump then those posts that come with more commentary.

Think of it more like a “pop-up” edition without the actual pop-ups.

Actual SysAdmin Stuff

TinyApps bloggist recently thought I might be interested in a sysadmin-related site called System Administration Screencasts.

Indeed I was!  Though it mostly follows a *nix bent, there is lots of great material here. Most all of it is screen casting, however in most episodes a transcript can be found.  I’m working my way through these right now:

I really encourage you to also check out the About page as there are some great “recommended reading” links as well.

I’m particularly curious about The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps book to see if it can enhance the ITIL trainings I’ve already been to.

That also reminded me of this giant list of RSS feeds that the Standalone Sysadmin posts (with a OPML file for fast snagging) that TinyApps also shared with me in the past.

Oh, and one of my favorite miscellaneous sysadmin sites is the MoonPoint Support Weblog. I frequently find troubleshooting tidbits that are valuable. I also finally found the RSS feed for that weblog so now I can follow the postings much more easily.

Daniel Miessler’s blog is another of those sites that is a balance of tech, troubleshooting, and ponderings on deeper life stuff. I really appreciate all he posts and look forward to his frequent and new postings.

Mostly Microsoft & Active Directory Stuff

AD Info - Active Directory Reporting Tool - Ckwdev - free/$ versions - recently bumped to v 1.7.9. There are lots of other tools there as well but some of the most helpful might be AD Permissions Reporter, AD Info, and AD Tidy. Check out the software link for more info on those and many more.

Those reminded me of the Sysinternals tool AD Explorer which I love and use almost daily.  It hasn’t been updated since November 2012 but I guess it still does the job perfectly.

Weekend Scripter: Non-PowerShell Books for PowerShell People - Hey, Scripting Guy! Blog

New PowerShell Scripting Tools Released - The Deployment Guys

Windows PowerShell 4.0 Book and Guides from Microsoft - The Windows Club

Download Windows PowerShell 4.0 and Other Quick Reference Guides - Microsoft Download Center

Download Windows Management Framework 4.0 - Microsoft Download Center

Microsoft's USGCB Tech Blog - Aaron Margosis blogs here occasionally.

Utility and Software - New and Updated

Updates: Autoruns v12.0, Procdump v7.0 - Sysinternals Site Discussion

Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12 - Sysinternals Site Discussion

PassMark MemTest86 - $/free versions updated to 5.1.0 back in May (hat-tip to RMPrepUSB, Easy2Boot and USB booting)

Svchost Process Analyzer - Neuber software - free tool to check out the svchost.exe loaded processes. No install needed.

Moo0 File Monitor 1.11 - Moo0 software - interesting tool to monitor file access activities on your system. Spotted via this AddictiveTips blog post.  Note it  reminds me a bit of this great NirSoft tool FolderChangesView.

CCEnhancer 4.0 - SingularLabs - This one got some pretty big feature updates recently.

ImDisk Virtual Disk Driver - Version 1.8.4 released July 2014.  See also this project: ImDisk Toolkit - reboot.pro

dErase - Foolish IT LLC - free tool (now at v2.0) that does file/folder deletions with secure optional secure delete routines.  Ignores file system ownership/permissions when executing so use carefully! 

dBug - Foolish IT LLC - interesting tool to use when dealing with malware impacted systems. Basically it removes auto-start items and exe runs from know problem locations. This should allow killing of malware auto-loads which may prevent effective system cleaning. Once remediated, the tool can be re-run then puts the changes back in place.

Windows Troubleshooting Tools and Tips

Case of the Office Hang on Launch - chentiangemalc

Using Process Monitor (procmon) to Analyze Windows File Share Access (by Paul Offord) - LoveMyTool blog

Guide to Freeing up Disk Space under Windows 8.1 - Scott Hanselman

Fix .NET 4.5/ 4.5.1 issues with Microsoft .NET Framework Repair Tool 1.2 - BetaNews

Download Debug Diagnostic Tool v2 Update 1 - Microsoft Download Center

Download Debug Diagnostic Tool from Microsoft - The Windows Club (info)

VirtMemTest: a utility to exercise memory and other operations - Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog

Offline-Update: Get WSUS Content .NET Version 2.7 - Borns IT- und Windows-Blog (original language) and Google Translated link - This was a new “offline update” tool that I recently read about. You may want to see if the feature set it offers is better for your needs than other tools such as WSUS Offline Update (still my favorite), WHDownloader, Portable Update, or Windows Updates Downloader (WUD).

Install Windows 8.1 from a USB stick with WinSetupFromUSB - 4sysops

The 12 step process to download Microsoft SQL Server Express 2014 - istartedsomething

Download SQL Server Express - Scott Hanselman

Download Visual Studio Express - Scott Hanselman

Booting Windows8.1ToGo from a USB Flash drive - RMPrepUSB, Easy2Boot and USB booting...:

Windows Performance Monitor Overview - Ask the Performance Team

Available for pre-order: Windows Performance Analysis Field Guide - Clint Huffman's Windows Troubleshooting in the Field Blog

Email Stuff

Mailviewer Opens Old Outlook, Thunderbird, and Windows Live Emails - Lifehacker

Mail Viewer - MiTeC homepage

PST Viewer - Kernel Data Recovery

OST Viewer - Kernel Data Recovery

Web-related Stuff

Advanced Gmail Filters to Manage Your Email Messages - Digital Inspiration

Browser plugin to highlight and copy text from any image - Tinyapps.org points us to the fun Project Naptha

For Internet Explorer 11 users, no update now means no security fixes - Ars Technica

Determining the default browser from the command line - MoonPoint Support Weblog

Moving from GoDaddy to DNSimple – an illustrated journey - Troy Hunt amuses and entertains again.

I Know Where Your Cat Lives - Project page - Scary - More project information here.

Enough lest we break the Interwebs…

Cheers!

--Claus Valca

Saturn ION Notes

It’s hard to believe but I’m still driving my 2003 Saturn Ion.

Mileage on the 5-speed manual is around 32 mpg.  Not too bad.

It has started to develop it’s own curious issues that will need to be address. Here’s a list for the curious and to help me check them off.

The headliner is still tight as a drum but due to heat and age, when Alvis would brush her fingers against it stretching in the back seat, the fibers would immediately fall out of the backing leaving permanent lawn-mowing marks in it. And when loading large items such as boxes in the car, if a corner or edge hits the headliner, it will tear.  Fortunately, those are pretty small and it doesn’t need to be replaced, yet.

About two years ago I started to think the A/C was going out (needing a charge) but being too busy (and cheap) I just lived with it.  This summer has been pretty warm and somewhere I got a flash of insight and remembered reading the Ion had cabin air-filter.  I found it behind the glove box and when I pulled it out it was black as night. I think it was the OEM filter from 2003. Seriously.  The local auto-parts store had a replacement so I swapped them out and now the A/C is ice-cold again.  I guess the filter needs to breath to get the coldness to me!  (The eureka moment was realizing the air-volume from the registers was dropping…that meant blockage which led me to remember about the cabin filter.)

The A/C does make a click-like noise for a while when I press the air recirculation button on the A/C control panel.  Some times it goes away and other times it doesn’t. That needs more investigation (stuck recirculation door?). Luckily with the cabin filter changed out, the A/C is able to keep up with the heat without needing the recirculation turned on.

Yes…I do hear there is a rumor about the Saturn Ion ignition switch being recalled.  I’ve gotten my notice and now have to schedule an appointment for service. I’m removing all my other keys from the ignition key as recommended. I noticed the key itself is very worn (but still works) compared to the spare that sits unused on the kitchen pass-through “bar”.  My worn key no longer operates the driver/passenger door locks but the “new” key still will.

That leads to the next “major” minor issue…the door locks and driver/passenger windows.

I can lower both the electric windows for the driver/passenger side but about 1/3 of they way down they seem to hit something and make a loud crack that sound like hard plastic. You immediately suspect the glass is about to shatter but it doesn’t (yet). It is a bit disconcerting however.  It first started happening soon after our past winter deep ices and freezes. The rear windows operate with no sounds or issues.

Two other things lead me to think something ( a linkage?) has become disconnected.  Locking/unlocking the passenger/driver door locks with the “good” key don’t do anything. The lock cylinder turns just fine but the door doesn’t actually mechanically lock/unlock.  Fortunately the key fob still electrically locks/unlocks the doors so there is that. But that could eventually cause an access issue. Also, when the driver side window is about 1/2 way lowered, you can’t unlock the door. I dropped an access card one day and when I went to open my door to pick it up from the ground, I couldn’t get the door unlocked to open. The manual latch moved 1/2 way but it wasn’t enough. Putting up the window allowed the door to unlock/lock again.  Hmmm.  It’s too hot to pull the door panels off just yet but I may chicken out and take it to the mechanic.  Unless those door locks get replaced in the recall…then I will let the service dept deal with it.

I’ve not been able to locate any good documentation on the web for the door lock linkage to see where the problem might be at before tearing into the door panels.

What else?

This one is the best!

Every winter, there are times when I get up early in the morning, temperature is around 32-50 degrees Fahrenheit and when I go to turn the ignition to start the car…nothing.  However the lights seem to be bright and strong.  About the third crank attempt after waiting 10-20 minutes it turns right over good as ever.  I thought it was the battery and cold cranking amp rating but the battery shop tested it and said it was just fine.  Hmm. So each morning on cold winters it was a crap-shoot if the car would start or not. It happened frequently enough that I knew it wasn’t a “dead in the water” issue, but with patience, it would work on the third crank after waiting about 5-7 minutes before tries.

Eventually I discovered this site, and this is a known headache to many, many Saturn owners who (like me) thought they were going crazy. It’s the “Passlock” issue.

Now this is something I am too chicken to take on so this will be a mechanic trip for sure, unless the the ignition switch recall/replacement does the trick.

Other things.

The “outer window belt moulding” on all the window trim is shruken up and rippled. That will need to be replaced.

The clear headlight assemblies are starting to get clouded. I’ve done some cheap re-treatment (polish) work on them that helps for a while, but I should be able to replace both of them for about $100 so that’s on the list.

I may need to have the front end rubber bushings replaced (if we can find some). They have shrunken a bit and while not a safety or control issue, have just enough play to clunk a bit over very uneven surfaces at low speed (like railroad tracks).

I think that pretty much covers the list at the moment.

Small list indeed…

--Claus Valca

Time to own a Broadband Modem of my own? - Pt 2

It was over a year ago that I started considering purchasing my own DOCSIS modem.

grand stream dreams: Time to own a Broadband Modem of my own?

Since that time a lot of things have changed in the Valca household, but I still haven’t addressed this issue.

I am paying about $4/mo (x2) = $8/mo for two digital to analog signal converter boxes from Comcast that we don’t use now that we have pared the house down to two TV’s, each having their own HD receiver units.

That’s a waste of money.

I also need to take a trip to AT&T Wireless to remove Alvis’s iPhone from our account now that we just crossed the 2 year contract line and it can be dropped without a fee charge. (It is going to Lavie’s dad.)

So the DOCSIS modem we also rent each month from Comcast now is running on limited time.

The “good” thing is that is is an older “non-WiFi” supported model so we don’t have to feed the neighbors/guests with an Xfinity hot-spot.  Yes we can turn off that feature were it to be available, but right now, WiFi signal scans of the neighborhood appear to find that the area is already well covered by others with that service.

So, my goal is to try to address this by the Fall.

Cheers,

--Claus V.

Oracle Virtual Box 4.3.14 Update Travails!

On my home system I run the following virtualization software packages.

So when I saw that Oracle had released a new version of their Virtual Box (4.3.14) that had some nice new features, I naturally went on and applied the update.

VirtualBox 4.3.14 adds Blu-ray support for Mac hosts, squashes more bugs - BetaNews

However, it crashed on relaunch once the updating was done. Never even loaded the VM management console.

I uninstalled/repaired/reloaded multiple times, disabled all kinds of security layer software. No luck.

After about 2 hours of wasted troubleshooting time I bailed and decided to come back a few days later.

That session began with some web-searching and guess what? This build has all kinds of issues!

Failed to verify process integrity (rc=-5640) - virtualbox.org forums (what my error looked like)

Windows hardening in version 4.3.14 - virtualbox.org forums. From that link:

As of version 4.3.14, VirtualBox for Windows has hardened security to eliminate a possible exploit that could allow malicious user/s to have access to your system. This has triggered an issue where some Windows users can not install or run their guests. At this time it seems to be 3rd party apps that are causing this, like virus scanners and sandboxing software.

4.3.14 conflicts with anti-virus packages - virtualbox.org forums. This is the main issue discussion and monitoring thread.

At the time of this blog post, Oracle has release a tweaked version 4.3.15 (build 95286). See the thread link above for the URL as it may update again and that should provide the most current download package available.

In my case, I had to roll back to my previous 4.3.12 r93733 build and all my Virtual Box VM’s are running just fine like before. So I’m waiting until the FINAL fix is provided before redoing this again.

In related VM linkage, here are some more tidbits you might find useful:

And, you would know, VMware also released an update to their VMware Player (version 6.0.3)

Unlike Oracle’s package, this one went on and ran with no issues at all.

At least there’s that…

Cheers!

--Claus V.