Virus cleanup – unable to delete directories named “con.” and “nul.”

A barnch office in China had a virus incident where a workstation was infected with a virus, this virus created two directories on a server share named “con.” and “nul.”.  I quickly discovered that “con” and “nul” (and also “aux”, “lpt” etc etc) are protected names in Windows and you can’t create directories with such names, well you can actually by ‘cheating’;

Create dir;

md \\.\c:\con
md \\.\c:\nul

Remove dir;

rd \\.\c:\con
rd \\.\c:\nul

This is all well and good, but it does not work for folders named “con.” and “nul.”, my next thought was well perhaps there is a ‘hidden’ character after the “.” (eg. the ALT+255 char) so I piped a dir to a text file for examination (dir c:\ > output.txt) however no luck it simply ended with the “.” and that was that.  Checkdisk had no luck and utilities to unlock files had no luck.

Anyhow I put it on Technet forums and “Brent Hu” was kind enough to offer some useful advice, he pointed to a utility called “DelInvFile” from here; http://www.purgeie.com/delinv/dldelinv.htm  and in seconds the two directories was gone 😀  nice… and as the software came with 3 free deletes it did not even cost a penny, excellent.  Anyhow, if you experience invalid files/directories in your directory structure take a look at this util, it may just save your day 🙂

Hybrid Drive – Seagate Momentus XT

An interesting video comparing SSD, Hybrid, 10.000 rpm and 7.200 rmp harddisks.

I recently bought one of these Seagate Momentus XT drives and I’m looking forward to installing it, it looks like good value for money compared to SSD.
for more check here; http://www.seagate.com/www/en-us/products/laptops/laptop-hdd/

Re-partitioning “dynamic” to “basic” disks..

Just stumbled across an interesting utility a partition resize utility, you are right I have mentioned many of these (including free once) however this offers something interesting convert “dynamic disk” to “basic disk” (something that I could have used recently).

Anyhow if you are on the marced for a disk-partitioning-software you should take a look 🙂 there is even a limited free edition.
http://www.partitionwizard.com/partition-magic-free.html

partition magic freeware

MiniTool Partition Wizard Professional Edition is a magic partition software optimized for business environment with advanced features such as Merge Partition, Convert Dynamic disk to Basic disk and Change cluster size. Business users and system administrators can use our magic partition software to Resize and Move partitions, Merge Partition, Change Cluster Size, Copy Partition, Copy Disk, Create, Delete and Format partitions, Convert and Explore partitions, Hide and Unhide partitions, Convert Dynamic Disk to Basic Disk and much more. Our partition magic softwaresupports Windows 2000, XP, Vista and Windows 7. And MiniTool Partition Wizard Professional Edition could be used in business environment.

DOSbox – the perfect dos emulator

Have you some old MS-Dos program lying around that you for some reason wish you could run, but as you installed Windows 7 64bit this is not possible!?

Well then this is for you, DOSbox is a free dos emulator that does a REALLY good job of executing these old apps.  It will even emulate a SoundBlaster Pro soundcard so you will be able to get sound and all.  So if you have Monkey Island I lying around somewhere now is your chance to get all nostalgic 🙂  Oh yeah, it is as with so many other cool things FREE 😀

http://www.dosbox.com/download.php?main=1

Watch how it can even run old DOS demos;

Windows Search in Windows 7

I was getting tired of the constant disk activity on my workstation, I have  1.5TB diskspace on it and Windows search seems to enjoy joyriding these disks as if it was surfing on sunny beach..

Anyhow, I figured out how to turn the darn thing off, however that had some dire results – disabling search means COMPLETELY removing all search capabilities, I was stunned after the reboot – F3 did no longer work, Win+F did not work and all search boxes was removed.  Under WinXP disabling Windows search just meant that your search was not indexed, but that is in the past, believe me Windows won’t work without Windows Search..

So my next assignment is to figure out how to minimize the disksurfing, it must be possible..  a lot of my HDD space is stuffed with files that only rarely changes and thus updating the index of these ought not to be nessesary.  If you have any good tips on how to minimize the constant indexing let me know 🙂

Read more on disabling Win7 search and the consequenses;
http://www.sevenforums.com/tutorials/25343-windows-search-turn-off.html

iReboot for those with dual or tripple boot needs..

iReboot is NeoSmart Technologies’ simple yet effective reboot helper tool. iReboot sits in your taskbar at startup (only taking up 400KB of memory!) and lets you choose which operating system you want to reboot into. Instead of pressing restart, waiting for Windows to shut down, waiting for your BIOS to post, then selecting the operating system you want to boot into (within the bootloader time-limit!); you just select that entry from iReboot and let it do the rest! If you liked EasyBCD, you’ll just love iReboot!

More here; http://neosmart.net/dl.php?id=11

Internet Explorer 8 – first run screen

Are you as annoyed as me in regard to the “first run wizard” thingy that IE8 is displaying the first time it runs?? It’s as annoying as the older IE’s that also launched the Email creation wizard… as if it was not enough that they always start off by launching some stupid intro site..

Anyhow, no reason to get TOO upset, as with most things there are ways around this, so take a look here;
http://digitaljive.wordpress.com/2009/07/23/disable-ie8-%E2%80%9Cset-up-windows-internet-explorer-8%E2%80%9D-wizard/
many lovely ways to get rid of this stupidity.

One of the simplest is this;

Registry:
DWORD : “DisableFirstRunCustomize” set to 1 under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Troubleshooting ‘At least one service or driver failed during system startup’

You receive the following error message after Windows 2003 boots.

At least one service or driver failed during system startup.  Use Event Viewer to examine the event log for details.

There is a  quite excellent article here on how to debug errors like this; http://networkadminkb.com/kb/Knowledge%20Base/Windows2003/Troubleshooting%20%91At%20least%20one%20service%20or%20driver%20failed%20during%20system%20startup%92.aspx

I found it while trying to find a way to surpress the dialog box, which sadly I did never find (one would think there would be some registry tweak that would disable this stupid dialogbox on a server where the error had no effect and was impossible to resolve)..

W32Time issues on Win2003 server – and resolution

Had problems with a server that was complaining that it could not sync. time with the DC, it stated that it received invalid data amongst other.

Event ID 38, 47 and 29 – Source: W32Time
“The time provider NtpClient cannot reach or is currently receiving invalid time data from NTP_server_IP_Address.”

Found the resolution here;
http://www.chicagotech.net/troubleshooting/eventid47.htm

Basically (this worked for me);

1. Click Start, click Run, type cmd, and then press ENTER.
 
2. At the command prompt, type the following commands in the order that they are given. After you type each command, press ENTER.

• w32tm /config /manualpeerlist:<TIME SERVER IP, EG DC>,0x8 /syncfromflags:MANUAL
• net stop w32time
• net start w32time
• w32tm /resync

a few additional dos commands you may try when debugging w32time;
C:\>net time /querysntp
C:\>w32tm /resync
C:\>w32tm /monitor

USB Safely remove + a whole lot more…

Ever had problems ejecting a USB device – getting an errror like “Unable to stop….”?

Well this page claim to have a utility that can assist you with this issue plus a whole lot more (like renaming USB devices, ejecting USB via command line and hot-key eject)… Sounds very promising..

http://safelyremove.com

I found this by visiting an old post here on my site, a post about a file unlocking utility.