Saturday, June 18, 2011

Finally! Time to Post! New material list

After a recent text from my bro reminding me it has been since March since I’ve done a blog post, I was finally able to clear the schedule and set aside some time for GSD posting.

Looking at the sidebar, my blog-posting production has really been on a downward trend over the past few years…much like the rainfall totals here in most of Texas.

I ascribe most of this to a lack of time; work and family commitments have really amped up and what precious little free time I do find seems to go to sleeping and recharging my drained energy cells. However, I assure all that I haven’t lost the passion for blogging or sharing my finds in life and across the webs as I continue to wrestle with IT-related monsters.

So let’s just call this post a warm-up exercise. I’ve still got new material on Xplico, for/sec, as well as at least one massive write-up with my own recent malware-cleaning battles on behalf of my Dad and a IBM-er whose own systems were each about ready to be bagged-n-tagged after a horrible drive-by infection. Good stuff.

Recovered Things

Enchanted Keyfinder - free utility built off the Magical Jelly Bean Keyfinder app but updated. One of a few helpful keyfinder tools I carry around when a family/friend presents me their system for service but doesn’t have any of their OS/product keys. Spotted on CyberNet News

Power Data Recovery - fairly new freeware tool to my toolbox. I use a number of file-recovery software utilities as each one seems to have their own flavor to bring to the rescue attempt.

TestDisk and PhotoRec - CGSecurity - New release version at 6.12 out a bit ago. (release notes) If you PhotoRec regularly, don’t forget about PhotoRec Sorter from builtBackwards.

JFileRecovery - A while back I had to try to recover a super-massive super-corrupted PST file. It kept failing under normal copy-to-my-usb-drive operations with CRC check errors. I eventually got it copied over and repaired. In the process of finding a tool that would copy it across (errors and all) I stumbled across the Java-based JFileRecovery program. It is no-longer free and the leading link is for the “JFileRecovery deluxe” version. That said, you can still find the older/free .94 version I was playing with over on Softpedia. Copy that jar-file locally along with jPortable Launcher and jPortable and you have one more neat tool to try. While the file-size of the PST file I was wrangling exceeded the limits of JFileRecovery to handle it, it has helped with smaller files since.

FREE: EASEUS Todo Backup Free Edition - 4Sysops has a quick review on EASEUS Todo Backup Free. I guess one trick for recovery is to have a backup in the first place….

Utility Updates

EMCO Software has all kinds of neat goodies for sysadmins. Besides their mainstream products, there is some cool Freeware pickings as well, including networking tools like Ping Monitor, MAC Address Scanner. However for here, I’m highlighting MoveOnBoot and UnLock IT for dealing with locked files and other malware-nuisances.

Unlocker by Cedrick 'Nitch' Collomb still remains my favorite “unlocker” tool for dealing with locked files and I install it on all my personal systems. Couple that with Malwarebytes : RegASSASSIN and most locked files/keys can be dealt a knockout punch.

I’ve blogged before about defragging, and I still do periodically, but not as OCD-like as some approach drive-defragging as as “cure-all” for poor system performance. Some nice/free defragging apps that have been updated lately are Auslogic’s Disk Defrag, IOBit’s Smart Defrag, and Piriform’s Defraggler. Each has it’s own special flavor on the party. Find the one that fits your needs.

Updates from Sysinternals have been flowing fast-n-rapid-fire lately. Something for everyone here.

Updates: Process Monitor v2.95, TCPView v3.04, Autoruns v10.07, and a new blog post and webcast from Mark. - Sysinternals Site

Updates: ZoomIt v4.2, Process Explorer v14.11, ProcDump v3.04, and Mark Live: Zero Day Malware Cleaning with the Sysinternals Tools - Sysinternals Site

Updates: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12 and Mark’s Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3 - Sysinternals Site

WhatIsHang - new freeware tool from Nirsoft. “Get information about hang (stopped responding) Windows software.” See Nir’s blog post First version of WhatIsHang is here for more info.

Speaking of Sysinternals and NirSoft, don’t forget about KLS Soft’s WSCC - Windows System Control Center for one-stop downloading/updating of these fantastic tools.

Emiel Wieldraaijer also makes a software called SysInternalsUpdater. The website doesn’t do the tool justice so look at 4Sysops review of the tool: FREE: SysInternalsUpdater – Update Sysinternals Suite

Network Stuff

Sometimes pulling the right-tool out for the job isn’t just about the right-tool; it’s about the attitude. Although my personal Ethernet cable repair tool, the (Amazon.com page) TRENDnet RJ-11/RJ-45 Crimp/Cut/Strip Tool TC-CT68 seems to do an outstanding job at a sub $20 price, it only is yawn-worthy.

Instead I pine to deploy the $300 GerberGear Cable Dawg on a high-priority mission.

(To better understand my geek dilemma consult this xkcd: Worst-Case Shopping comic.)

This is one Samuel Jackson chest-thumping bad-ass tool! For consideration see these related posts/videos from Soldier Systems blog where I discovered the tool:

Cable Dawg - via Soldier Systems blog

Gerber Cable Dawg - (video demo) via Soldier Systems blog.

Need? Nope. Want. Heck-yeah!

Previously mentioned, check out the other Freeware made by Emiel Wieldraaijer. Some goodies in there….

Network Activity Indicator by ~laushung on deviantART. Love it but not to be confused with Igor Tolmachev’s IT Samples utility Network Activity Indicator for Windows 7 which is what I run on my own Windows 7 system.

TightVNC got an update to 2.0.3. Read the What's New page for all the fixes/improvements.

Wireshark has been through a pile of updates. Stable version is 1.6.0 now and comes in both x32 and x64 bit Windows flavors.

Here’s a handy tool for you Windows HOST file cowboys; Host Profiles on CodePlex. For a better rundown of the features and options with this tool, check out this post Hosts Profiles Management as spotted over at Windows7hacker.

Visual Delights

Greenshot - a free and open source screenshot tool for productivity.

Microsoft Research Image Composite Editor (ICE) updated to version 1.4.4 - Use this freeware digital image tool to stich together panoramic views from a series of overlapping digital image files. This newest update brings features such as video to panorama, lens vignette, improved blending and more. In both Windows x32 & x64 flavors. For more fun, check out their HD View blog.

Taking Proper Screenshots in Windows for Blogs or Tutorials - Scott Hanselman’s blog. I learned a few good lessons and hereby promise to prefer saving screenshots as PNG files rather than JPEG’s. See also these related tools: Ken Silverman's Utility Page and PNGGauntlet - PNG Compression Software from BenHollis.net

Simple Desktops & MinimalWall have some super-simple desktop designs. I’m personally using a ton of the high-quality wall images direct from the Microsoft Windows 7 themes site. Due to my stress levels, I find the Nature, Places and landscapes, and the Holidays and seasons ones particularly relaxing when I get home. I don’t run them as “themes” rather I follow the tips in this The Windows Club post How to extract wallpapers from Windows 7 theme pack and pull/dump them into a super-folder that I then set my Windows 7 background/changer to cycle through randomly. Not as pretty but classy, try these Luxury Windows Variations and Luxury Plain Variations by ~Stratification on deviantART out for size.

Alvis blew some baby-sitting cash on a Insignia NS-DV1080P high-def camera a while back. She did her homework on the web first, then went to a local GoodBox store and, on her own, spend considerable time with the service staff looking through the choices. Eventually they conceeded defeat at the hands of my geek-let and pulled out (from back-room stock) the camera after showing her many other models. For some info check out local geek John's Blog Space: Insignia NS-DV1080P Review. I’ve been toying with the idea of using it to do live-capture/save-to-HDD of our church service. We run a trio of perma-mount Sony remote-op cams to capture the service and edit the feeds live on a Panasonic video editing board and pipe the output live/direct to a DVD burner. It works but the image quality is not to be bragged on. It does the job but barely. Unfortunately, it seems that Windows 7 x64 does not have the drivers available to use it for live-capture purposes. In the meantime I still have been playing with Debut Video Capture 1.60 Beta - FileHippo.com, and Fx Video Capture Software in the hopes of eventually finding some reasonably cheap HD digital video camera to supplement our video recording work at the church house. Recommendations on a simple hardware/software combo compatible with a beefy Windows 7 x64 system host to plug it all into?

Finally, freewaregenius.com has a great round up of free virtual PDF printer apps: The best freeware virtual PDF printer: a comparison. I’ve been using PDFCreator or CutePDF when I set up a system for a home-user. That said, I think I’ll give their Editor’s Choice recommendation of PDF24 a try next time.

Sound Decisions

Steaming internet-radio at work is a mega “no-no” due to bandwidth utilization. And even though my own iPod is crammed full of tunes for the listening, there are just some times when “radio” style play is needed. I’m a big fan of SomaFM Free Internet Radio but unless I am at home, I just can’t consume it chill drone goodness. So lately I’ve been playing with Radio Sure to help me deep-freeze the tunes for some off-line playback goodness. I’ve also flirted with the similar app streamWriter but Radio Sure seems to fit my madness a bit closer. See both of these MakeUseOf blog posts for details on them: Connect To Radio Stations on The Internet From Any Computer with RadioSure and Record Songs From Internet Radio Stations with StreamWriter [Windows]

And if you aren’t getting your fill from the spy-centric Secret Agent: SomaFM portal, then check out this Shortwave Numbers Stations & The Conet Project: An Online Education In Espionage post from MakeUseOf blog for some deeply mesmerizing drone.

House-Cleaning Oft Overlooked

As noted in the intro, I’ve been doing some industrial-strength malware cleaning lately. One step in many self-cleaning process flows by do-it-yourselfers is to run something like CCleaner at the end to sweep up all the extra temp files and stuff. As a future GSD post will show, that can be a fatal error in some malware remediation work. That said, two places that sometimes get forgotten when doing manual temp-file cache cleaning are the Java cache files and the Flash (files and cookies) bits. It’s possible that malware files from a “drive-by” web-browsing infection could be lurking in these locations (or in the case of Flash…site preferences and settings).

How do I clear the Java cache? - Java.com

Adobe - Flash Player : Settings Manager - Website Storage Settings panel - Adobe

related: Deleting “Flash Cookies” Made Easier - IEBlog

NewsFox

My perennial RSS feed reader for Firefox continues get regular updates and improvements from the labor of love provided by R. Pruitt.

Newsfox Release 1.0.8.1

mozdev.org - newsfox: installation

AD Explained

Download details: Group Policy for Beginners - Microsoft Download Center

WinPE Stuff

One of the sucky things (read-that as “lessons learned”) about delayed postings are that respected fellow-bloggers get first dibs on posting cool software toys.

Case in point, the TinyApps blog Sensei recently dropped this micro-bomb post: TinyApps.Org Blog : Build a custom Windows 7 PE image without Windows AIK or a Windows 7 install DVD.

Oh so sweet! As linked in the post, check out Make-PE3 Program for more details.

Neither tiny nor as simple, you may also want to see A Win7PEx86 project with plenty of system tools also at this reboot.pro forum thread. It is jammed-packed with a bus-load of tools and utilities that makes a combo rivaling a mashup of Canunks and Mavericks fans in a love-fest.

Finally, Brett Shavers has been a prophet in the wilderness preaching the love of WinFE to the masses. (I’m not aware of any locus or honey being harmed in the process.)

Sharing the love with WinFE - WinFE Blog

How easy (or difficult) is it to build a WinFE with WinBuilder? - WinFE Blog

Chromium Updating

Firefox (public version 4.x) remains my daily/personal browser of choice. The whole multi-development channel drama at Mozilla has cooled my passion for chasing the “nightly” world of late. So for now I have returned to the Clark Kent world of the public (x32 bit) version for my daily web-surfing and wrangling needs. The rich and granular world of the Add-on extensions still cannot be rivaled in Chrome/IE.

That said, for my more pleasure-filed world of pure and mindless web-surfing enjoyment I turn to Chromium. I enjoy the performance, the interface, and can use a few specific plug-ins like flash-blocking and ad-blocking to help with the joy. My prime source for Chromium is Caschy’s portable build over at the German site stadt-bremerhaven: Now it beats 13: Google Chrome and Chromium Release 13. (Note, privacy geeks might prefer the SRWare Iron build of Chromium instead.)

One of the real treats of Caschy’s build is the inclusion of an AutoIT exe file that when run launches an auto-updater to keep your Chromium package fresh-as-fresh-can-be.

I’ve previously used Chromium Nightly Updater for that purpose but it hasn’t been updated since 11/2010. There is also chromium-portable-and-updater (not updated since Feb.), and Chromium Updater (not updated since Dec 2010).

Why is that all important?

Well a few weeks ago, all us Portable Chromium fans of Cachy’s suddenly found the Updater.exe wasn’t working any longer.

So we had to manually trudge (almost daily) over to Index of /f/chromium/snapshots/Win, find the LATEST folder, and then download/unzip/copy-to-update the chrome-win32.zip file to update our app files.

Wondering what happened, I fired up Wireshark and ran a packet-capture during the Update.exe process as it failed. Stepping through the packet trace, I found that it was looking to the repository but the file it was looking for couldn’t be found. The info in the packets let me to realize the repository location had changed, hence the update process failed. It was a very fun exercise and fascinating to see the manner the app works to locate and get the updated zip file. Network traffic geeks might enjoy running this exercise.

Yep. The old repository location was now 404.

I left what I hoped was a kind comment on the developer’s post page explaining my findings and wished out loud for an update to the AutoIt package to point to the revised repository.

Fortunately, Caschy and gang are a stand-up crew and indeed quickly updated their AutoIt Updater.exe file to point to the new repository location. New Portable Google Chrome Updater

So if you are living the Chromium life and want what appears to me to be the only current Chromium auto-updater tool out there that works at the moment for the new repository location, hop over to that page and grab it. Also they have released a command-line supported version as well for the curious.

Hardware List

Like most normal peons, our budget is stretched super-tight these days. If something breaks we try to fix it. If it breaks and can’t be fixed, we try to re-purpose it. It’s a good lesson to learn and I wish I had covered this ground as a younger man about twenty years ago.

So tech and hardware purchases are fewer and far between and I really have to weigh the cost/benefit ratio before plunking down what little disposable income we find now-a-days.

That said, I picked up over on Amazon.com several sets of specialty bits. I didn’t have these in the past for removing hard-drive covers and things when a failed drive couldn’t be zero-ed out via software and I had to pull the drive to yank/manually destroy the platters. (you can only remove so many drive covers via vice-grip pliers before it gets really tired…; Maxtech 16521MX 32-Piece Precision Bit Set (note good bits…sucky cheap plastic driver but then I didn’t plan on using it) and the 33 pc. Security Bit Set (great variety of specialty bits…though the plastic case’s off-gassing smell was very strong and funky),

However it was this third set, SMALL TORX SCREWDRIVER SECURITY TAMPER PROOF HOLE T5 T6 T7 T8 T9 T10 T15 that fixed a favorite “every day carry” tool of mine this week. A vendor was doing cabling work and a ceiling tile just wouldn’t fit as-cut around some descending cable bundles in the network room. I offered him my super-fave pocket tool Gerber 45898 Ridge Knife and with a flick and deft cuts, the tile was cut and slipped into place. However, somehow between re-maneuvering the ladder he was on, unbeknownst to me, the knife fell (safely) to the floor and became a unwilling ladder leg shim. When I realized what had happed some time later and removed it from under the (still-in-use) ladder leg, the weight had popped the blade-lock arm to the outside of the blade somehow and it couldn’t be closed.

I tried all the specialty bits I had to get the blade off. It was only when I tried one of the TORX bits that I found the one that matched it perfectly. I disassembled the knife, cleaned all the joints and reassembled back to full working order again. Who knew you had to be prepared to field-service your pocket knife?

Also purchased (via newegg.com) was this Kanguru Flashblu II 16GB USB 2.0 Flash Drive Model ALK-16G. The super-selling point was that it is one of the very last flash-drives that comes with a true write-block switch to prevent device writing. This is critical when your dealing with a malware infected system and using your response-flash-stick to clean house. My beloved iodd USB HDD drive also has a physical write-block switch. But while that device is carried in my tech-pack for planned responses, my new Kanguru stick is on my keys so when I get a “by-the-way my system right here is infected…can you take a quick look at it” at a friend or relative’s house, I can take a triage and first-response swing at their system without fear of cross-contamination.

Yep…still feels good to hit the keys….

And this was just a warm-up post.

Oh my…!

Cheers!

--Claus V.

6 comments:

FF Extension Guru said...

Welcome back! Been meaning to email you to make sure you were still around, but been so busy with Firefox and Thunderbird.

Firefox 5 is due out on Tuesday. Firefox 6 about 8-weeks thereafter and then Mozilla should be on track for new release every six weeks. Thunderbird is going to be following the same release/channel pattern as Firefox does, which is good since Thunderbird really has been falling behind. Hopefully the move back into the Mozilla Nest (Mozilla Labs) will help get things moving now.

Claus said...

Hi AL, thanks for the encouragement!

I'm still running the public release of Thunderbird as my personal email client and still love it to death.

I'd seen a brief bit about the new release on T-Bird but hadn't had time to digest what it meant.

Nor had I been keeping up with the release schedule for Firefox so your news is warmly receive here at the GSD dry-creek gulch!

It's amazing how much time flies when your in the trenches but at the same time how cathartic blogging is for me and how much I've missed the joy it brings me.

Thanks again for the welcome-back!

Cheers!

Claus V.

Adam Leinss said...

Welcome back Claus, I missed your postings!

FF Extension Guru said...

Whoops, I see I needed to update my blogger profile to reflect my FF Extension Guru handle.

As far as Thunderbird goes, I haven't really seen much difference in the new versions. Had been using Miramar since it was initially released as Thunderbird 3.3 in the Alphas. Once it moved to Beta it was renumbered to Thunderbird 5 (much like Firefox 3.7/4.0). I think the main change has been enhancements to the account setup wizard which is suppose to be more efficient now. Although until earlier last week it was broken.

Still running into an issue trying to force add-on computability with the Thunderbird 5.0, 6.0 and 7.0 on Linux. Been trying via the old about:config method and I end up breaking Thunderbird and have to nuke that profile. The folks at Thunderbird Builds have given me some direction and I'll be trying that on Monday. Stay tuned...

Bozo said...

Welcome back, Claus! Thanks for the file recovery references, in particular. PS: I see that Last Exile complete set is getting a re-issue.

Kent said...

Nice to see you back. Hope you can turn the downwards post schedule around.

Cheers.