Virus - False Positive [Solved] The file rsaenh.dll: Win32.Zhelatin

A customer called me in today when his Windows XP system would not allow him to log in.

The message was "A problem is preventing Window from accurately checking the license for this computer. Error Code : 0x80090006"

The error appeared to be coming from the WGA (Windows Genuine Advantage) spyware that Microsoft stealthily installed some time ago...

Ultimately the culprit turned out to be Clamwin Antivirus falsely identifying the file rsaenh.dll as a virus and moving it to the quarantine folder.

Moving the file back to C:\WINDOWS\system32\ and rebooting solved the problem. I used an Ubuntu Live CD to view the Clamwin logs, Identify the problem and replace the file. Strangely, may of my customers use Clamwin and have not reported a problem. Since I usually advise them NOT to install Microsoft WGA perhaps they have escaped the problem.

The issue has been reported on the Clamwin site and may already be resolved.

Windows 7 Passes Vista Sales - No Competition, No Surprise!

Recent news stories and a podcast on the subject have got me thinking, and a little steamed up on the subject of the "Acceptance" of Windows Vista and now Windows 7.

The "Acceptance" of Windows 7

The stories all go that while customers "Accepted" vista slowly, they are now "Accepting" Windows 7 and Microsoft is forgiven for the catastrophe that was Windows Vista.

What everybody seems to be ignoring is that (almost) nobody bought Vista as a software package and upgraded their PC, they simply walked into a retail outlet and looked at new computers.  So what where the options? Oooh let me think... Yes, it was Vista then, and it is Windows 7 now. There just is NO choice for the consumer. Dell does offer a few models with Ubuntu Linux in some countries, but you will never find one in a showroom. Early Netbooks had Linux, and may where sold, but Microsoft plugged that hole with its monopolistic methods. Now The Asus web site displays a page saying its netbooks are "Better with Windows XP".

So Vista achieving 10% market penetration in 2 years was largely because that many new PCs where sold. For the first year XP still outsold Vista. The rapid uptake of Windows 7 is more about people buying new computers than anything else, coupled with the fact that Windows Vista was so bad ANYTHING would look good this time around, and Microsoft have gotten it right this time, and put out a pretty good operating system. Companies are now being forced to upgrade XP on existing infrastructure because it is no longer supported by Microsoft so Windows 7 will sweep up some market share there also.

But Is There A Choice?

But let's not lose sight of the fact that most consumers do not even know there IS a choice. They buy a computer with whatever operating system is loaded by the manufacturer and they keep it until it is ready for the junk yard. Most people working in the IT industry are in commercial environments and don't realise the number of people still using Windows '98. I have even seen Win '95 computers running and being used by people who do not use the Internet.

The "acceptance" of Windows is because the Microsoft marketing machine sees to it that Windows is pre-installed everywhere. If people where able to see machines side by side, Linux with a full suite of working applications, Windows with its array of trial versions of Office, anti-virus, graphics and movie editing software, all for a fee or crippled, I think Linux market share would take off. People would choose to take the free, functioning system and save themselves some money. They SHOULD also get a discount for the value of Windows 7.

The growing installed base of Windows is not a tribute to Windows 7 or Microsoft, it is the simple product of PC sales.

Breakfast at McDonalds - A Lesson in Bad Customer Relations

Recently I have been working across the road from a McDonalds, and sometimes drop in for breakfast, despite not really liking McDonalds food. It is just there, and reasonably fast. 

Breakfast at McDonalds...

Yesterday I went in and ordered four breakfast items. These days McDonalds prepares food as it is ordered. Orders go onto a computer display, and anyone can assemble the next order as the freshly prepared components appear. I saw my order beginning to be prepared behind the scenes and stepped back to allow others to place orders.

Enter - The Manager
A this point the young manager of the store decided to serve a few customers himself and stepped to the register next to the one I was waiting at. He took orders, but instead of filling the next order on displayed on the monitor, he grabbed anything he needed to fill the order he had just taken, giving his customers priority over the rest of us. Food prepared for the person ahead of me and my own order where diverted into bags and handed instantly to the customers being served by the manager. After a couple of minutes he stepped back, having served 3 people and left. By this time the Hash browns had run out and the young lady serving me sheepishly had to tell me there would be another two minute wait for my hash browns.

The result was the manager felt good at being able to show the juniors how good he was, and perhaps impress a pretty customer. The young staffer who served me was embarrassed, and I was delayed and annoyed enough to write this. The net value to MacDonalds was negative, as I will be less inclined to rely on McDonalds for quick service. 

And A Honked Off Customer
The Lesson we can learn from this is that we must treat all our customers equally. Playing favorites can be dangerous, especially when others find out, and in this high-tech world, they will. Of course if we have different service levels and certain users pay extra, that is different, but be sure that family, friends and the loud "Squeaky wheel" customers do not get special treatment at the cost of others. My friends at Flying Solo (I have no business relationship with them) , a web site dedicated to small businesses have some suggestions on good customer service here. Ray Kroc new these rules, McDonalds knows them, but a little more time on manager training might be in order.

Internet Explorer flaw used to Hack Google Mail Accounts

The attack by Chinese hackers on Google mail accounts belonging to persons of interest to the Chinese government have been widely reported by others. That attack included more that Google mail accounts, it also targeted a number of military contractors in the U.S.

The common link is an exploit of yet another flaw in Microsoft Internet Explorer. After initial denials Microsoft has now admitted the flaw, and is working to patch it. In the meantime they have published an advisory on how to work around the problem on their web site.

A number of Governments including Australia, France and Germany have issued advisories to users to stop using Internet Explorer.

I have urged people to switch to Firefox for years. As the IT Manager at the University of Sydney Security Service I disabled IE and switched users to Firefox beginning with the Beta 0.9 version, and had few problems. I have offered to install Firefox on the computer of every customer, and many have accepted the offer.


Complacent and Non-technical Users


One of the biggest problems with Windows and Internet Explorer is that to many computer users, Windows is the only operating system and Internet Explorer (IE) IS the internet. The concept of using another browser than IE, which came pre-installed is simply to much effort to even understand.

These same non-technical users are also easy prey to phishing scams and viruses via e-mail.



Geeks Arise, Help the Users Throw Off Their Chains!

It is easy for those of us who know how to secure our systems to roll our eyes and laugh at the average person as they flounder around accepting advice from equally clueless sales staff in department stores and spending money on software that cannot fix already compromised systems, and is often worse than the threat.

It is the responsibility of the geeks and technically minded to help those around them to understand that internet security IS important, it DOES affect everybody and it CAN be fixed. A few steps, simple for those of us with technical minds can provide a reasonable level of security for these non-tech. users.

John Sawyer on the Dark Reading "Evil Bytes"  Blog posted his six things to do to secure your computer. I agree with most of these suggestions, although I would put switching to Linux as a real possibility for many average users. I would also suggest if you want to go to the extent of using item 6, a Virtual Machine is better, but that is beyond the scope of this article.

I will discuss some of the plugins that make Firefox a safer browser soon.

Windows 7 launched Today

Microsoft has launched Windows 7 the much needed update to Windows Vista. It will probably go on to become the most successful Windows ever, as Microsoft is unlikely to remain relevant in an on-line world

There are many new features, and Microsoft is a master at making things slick and good looking. They unveiled a few surprises, including a Kindle app that will allow Amazon Kindle customers to read their books on Windows 7 PCs.

I am pleased to see that a number of the best interface features have been copied from the Linux Gnome user interface. A larger audience can now share the innovations of the Open Source Community.

My experience with Windows 7
My experience with Windows 7 (The Beta) was positive. It installed easily, and handles most of my hardware. Unfortunately it had trouble with a printer and Skype phone that run perfectly under Windows XP, but this will probably be resolved in the final release.

Will I buy Windows 7?
Probably one license, but the restrictive licensing of Windows will force me to run it in a Virtual Machine so I do not have to replace it every time I upgrade my hardware, a common occurrence in my office.

FreeNAS USB drive

I am trying to install a 40Gb USB drive as some extra storage on my FreeNAS storage device. I does not want to work, and it has been raining all day.
Two trips out to the backup site in the rain, and no Joy, for 40Gb, I can wait...

Windows logs user off Immediately [Solved]

I normally don't comment on Viruses and other problems here. There are plenty of web sites that cover this sort of thing in great detail, and with greater authority than me. However I have had to recover two computers with this problem in the last week, so I will publish a quick note about it here.

The symptom is a Windows XP computer that starts up with the "Welcome" screen, and shows the login of the user. This will happen even if the computer normally just starts straight up with the user desktop. Clicking on the user name will cause the computer to log in, show the desktop wallpaper for a second or so, and then log off, and back to the welcome screen.

The problem is caused by the Adware.BlazeFind Malware. It installs itself in Internet Explorer, and displays ads. It has been around for a long time, but seems to be catching people again. Most anti-virus software finds and removes it, but because of the way it installs itself, the symptoms mentioned above occur.

There is no way I have found to log into the infected and then disinfected computer, because of the removal of the file userinit.exe, and/or the malware file wsaupdater.exe. The simple solution is to find another way to boot the computer (A Linux live CD, or a BartsPE Windows Live CD, or you could remove the HDD from the computer and install it as a slave drive in another computer) and copy a good version of userinit.exe back to Windows\System32\ as both userinit.exe and wsaupdater.exe.

It is quick and simple. Then run a virus scanner to remove any hidden problems. This is a short summary, but the fix works and gets the user back into their system.