OICE_15 Folders

After being plagued with hundreds of OICE_15_XXXXXXX folders and the pain in the arse to get rid of them I have decided to make my life a tad easier today.

I have seen these folders being created under AppData in the roaming profiles of users, they get copied up and down as the user logs on and off and ultimately end up causing the roaming profiles not to sync as they are over quota.

I can’t add them to folder exclusions as they are all different and I can’t find a way to move them or stop them being created. We have to delete them as and when we come across them and they are not always easy to delete as some of the file are dot files and windows says it’s not there when you try and delete it! WTF FFS

I normally browse to the folder, shift right click and select `Open Command windows here‘, go into each folder and delete the dot files, then delete the folders. But it takes for bloody ever as I have to do that on the computers and on the server where the OICE_15 folders are.

To make life easier I have added an extra context menu to the right click menu for folders called `KillDOTFiles`

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOTFoldershellkilldotfile]
@="KillDOTFile"
"Icon"=""
[HKEY_CLASSES_ROOTFoldershellkilldotfilecommand]
@=""C:\Windowskilldotfile.bat" %1"

Created a batch file that had the following contents

for %%a in (%1) do set temp=%%~nxa
set OICEDir=%temp:~0,4%
if /I NOT %OICEDir% == OICE (
rem echo No
) ELSE (
rem echo Yes
del %1*.* /q /f
rd %1 /s /q
)

Now all I need to do is highlight the folders, right click and they get deleted.

Ive added a bit of checking to the batch file, as if I give the file to anyone else i do not want to be held liable if they delete the wrong directory! It will happen!!

Why did I not think of doing this before?

QuickTime Issues – Poxy Apple Software

What a waste of 3 days this has been!

A problem was reported to me – someone couldn’t view a webpage with a QuickTime move in it.
Given that QuickTime was in need of an update as it was well out of date, I decided to update it first.

I am really not sure what the hell was going on, but it was plagued with errors. The main one being when I created the deployment package in SCCM it deployed the Apple Application Support MSI but then failed deploying the QuickTime MSI. The Apple Application Support MSI was a dependency of the QuickTime MSI. That worked fine but the QuickTime MSI failed saying that a version of QuickTime was already installed.
So I deployed a clean image to my test machine that included QuickTime and set about deploying the new version of QuickTime. Same error again – a version of QuickTime was detected again. Ok so much for upgrade! So I removed all Apple components and deployed QuickTime again. The same error.
I double checked and went through the registry and removed every Apple reference, went through ProgramData and removed everything Apple and in Program Files and Common Files etc. With everything gone I deployed it again. The same error?!?!

I then decided to run the MSI files manually. The Apple Application Support installed fine, but the QuickTime failed again with the same error.
This time I ran SysInternals Process Monitor to capture everything so I could see what was going on.

Several hours later I came across a registry entry that looked like it was causing the error. I deleted it and run the QuickTime MSI again only to find the registry key was back and so was the error. Now that made no bloody sense at all?
Thankfully I had a weekend to forget about that crap and start a fresh on Monday, which seemed to work as I redone the 2 deployments in SCCM and it then installed Apple Application Support and QuickTime with no issues. I really do not know what happened there, as nothing was different.

So, back to the original reason for doing this, I checked the online video and it still didn’t play.
So after all that faffing I was no further forward!
I then renamed my roaming profile and logged in and tried it again. This time it worked!
I looked through the roaming profiles folder to see what Apple stuff I could find, but as I severely limit what is allowed to roam there was no Apple files / folders there.
I then coped the old registry file over and logged on again – movie didn’t play again.

So the issue was with the registry.
I loaded up regedit and went through all the references to Apple or Quicktime that I could find, deleting all then one at a time then trying the online video again.
I finally came across a key called

HKCU/Software/Microsoft/Internet Explorer/Internet/Registry/REGISTRY/USER
[SID]/SOFTWARE/Apple Computer, Inc./QuickTime/LocalUserPreferences

With a setting called FolderPath that was set to an invalid location.
I changed the location to a valid one and hey presto it worked! FFS

It’s so nice to see Apple software that is enterprise friendly!

Recovery again – win some, lose one

Today I got given a USB key stick to try and recover data off.

I tried my trusty recovery tools and was greeted with a stat that wasn’t going to work out too well!

It took 50 mins to scan 3 sectors on the key stick and given that there were 31015 sectors reported in total it was not feasible to carry on

31015 / 3 * 50 / 60 / 24 = 358.97 Days!!

Hmm I think not. I know I spend a lot of my time sat around waiting for progress bars, but that is one progress bar that I do not want to wait for.

All that was left was to deliver the bad news to the owner!

I state what I always say yet again – Do not rely on a USB key stick to hold your important data and expect it to work everywhere all the time, because you have just learnt the hard way what can happen. Back it up and back up your backup, and if you are that worried, backup the backup of the backup! And by that I do not mean on the same key stick or hard drive.

Hard disk recovery

Today I got asked if I can recover files off of a hard disk that was FKD. I’m always up for a challenge and do like to do things that others can’t.

So I got the disk and run my tools on it, some knackered sectors increasing the scan time to 45 hours! Geez really? I do not want to leave it running for that long! But it soon sped up and finished after about 4.5 hours.

It then took another 2 hours to recover the data off onto another hard disk, not made any quicker by the fact that it was 10 years old and USB 1! To top it off it contained a lifetime of memories for the person, so needless to say I was relieved and happy when I managed to get pretty much all of it back for them.

Wine that homos drink!?!?

You couldn’t make this shit up! I done Matraco a favour by fixing his pc that was infected with loads of dodgy shit, one being the Cryptowall 3 virus.

I do not know what the hell happened, but for some unknown reason none of his documents were encrypted. Maybe it was because there was loads of other crapware / shit ware / fag ware on there to clog up the system? Maybe it had too many spring onions or marrows on it, or maybe it was because he was using plastic gloves to type? Either was he is one lucky SOAB.

So, to say thank you for saving his life, he bought me some alcoholic beverages. Not just any alcoholic beverages. It was special alcoholic beverages. Apparently it was, and I quote `wine that homos drink`??? What the fucking hell?!?

That specific aside, I shall enjoy said alcoholic beverages, as its not often that TAB splashes his cash on anything other than marrows.

Cheers Matraco

CryptoWall – OH, your fucked

My first dealings with a Crypto Variant today, CryptoWall

Someone that I haven`t done any work for for a few years contacted me to ask for some help as they couldn`t open their emails. So I remoted on and took a quick look for them.

First thing that I noticed when the screen loads is 3 files in the middle of the desktop called DECRYPT_INSTRUCTION. Straight off I knew that this was not going to be a good result.

I had a quick read of what it says and then a quick look at the My Documents folder and then proceeded to tell him, in a non technical way, that he was Fucked. I then explained what had happened and told him that there was nothing that I could do, something that I don`t often tell people. I wasn`t going to suggest paying $500 to get it all unencrypted only to find that it didn`t work.
Ironically the only thing that wasn`t encrypted was all of his Sage Accounts!

He asked how it could of happened and after a quick visual check I told him
Well, you are running Windows XP that has out of date virus protection, that would not of helped, you have probably opened up a few dodgy emails with attachments and looked at them. He did say that he has been getting a lot of emails with invoices in them! Oh Dear

Its not often that I cant fix something, but in this case I couldn`t, so I told him to turn off and unplug the computer and buy 2 new ones to replace what he had as they are well out of date and possibly open to more problems!

Black listed, Really? WTF

One of those days today!

I was asked to take a look at a SBS2011 server by someone today as emails were not being sent but were being received.

So I set about sorting through the list of errors in the event log, as per normal there was a to be expected reboot right in the middle of everything!
It kind of reminded me of when I got contacted by my old employer, after they had made me redundant, to look at a problem that stopped their Service Management System working. The idiots that they brought in to oust me had applied all their skill (all 3 of them) to fix the problem and come up with 4 reboots! Yes 4 reboots! Needless to say that after 4 it still wasn`t working. So a quick look through the logs I found the issue and reported back to them.

Anyway, I looked through all the logs on the server, but couldn`t see anything, so I checked out the send connector and see that there was a huge old queue reporting DNS lookup failures.
So I checked that the Smart Host was in DNS. I then checked that I could connect to it on port 25, which I could. I tried a DNS Reset and Flush just to be safe, but it didn`t work.

I disabled the Smart Host connector, created a new send connector and set it up to send via DNS, and the emails left the queue.

I then reported back as to what I had done and asked them to check out to see if they had paid the bill for the Smart Host. Later that day I got a call to say that it was a fault with the Smart Host, apparently the company that provided the Smart Host service had one of their internal desktop machines infected with a virus by an employee and it has spammed out a load of crap! Jesus! Seriously?

I was somewhat surprised that
A) They got infected with a virus!
B) They were sending emails out on a connection that was used as a smart host by a customer (and most probably more than one)!
C) They told a customer exactly what had happened!

A quick check showed that they were on some black lists for sending out spam.
I will leave that a few days before I check back to see if they have been removed…

Apple Mac`s again, no permanent routes

Yet more dealing with Mac`s again today and again another disappointment! So glad I binned my iPad for my Surface RT Tablet.

The set up that had been running fine for a few years had to be changed due to a `security update` that was introduced as a result of the work a few days ago.

Due to expert advice we changed the way that we do things which meant that I had to add some routes to the Mac clients to route network traffic to a different subnet.

All this messing about with adding routes to get traffic to flow where it needs to go reminds me of all the agro I had at my old job. I say agro, it was more me being excluded from being able to access things to change them and make them work. This time the A Team refused to add routes for the 3 additional subnets, mainly because they didn`t know what a subnet was and why they were needed! The subnets were in use by the engineers, Directors and the VOIP phone system. Needless to say I got the grief because the Directors couldn`t get emails and no one got the telephone stats!
Boy do I not miss that shit!

So I had to add a script!? so that the routes were added back in when the machine booted back up. Seriously not sure why that was and I really cannot be bothered to find out the reason, but thankfully the need was short lived as things were changed again so that we no longer needed to add a permanent route.

Fed up of computers?!

Blaaaaaggggghhhhh! Some days I get really fed up of computers, today, and a few days before, are one of those times.

I don’t know what it is or why it happens but it only lasts a few days.

Maybe it was triggered by me having to send an email to someone with some instructions that took me 8 times as long to write as it should of and the fact that it was full of spelling mistakes that I then had to go and spend 4 minutes correcting.
To takes too long to dumb down something technical so that a dumb person can do it, when in fact a dumb person shouldn’t be doing something technical in the first place.
It also doesn’t help that I rushed it so that I could go and watch my favourite Essex hottie on the tv.

Time to snap out of it me thinks.

Apple Mac`s, are they really as good as I am being told?

My first dealings with fixing some Mac issues today and to be honest a very disappointing one.

I`m always getting told by people that Mac`s are far more superior to PC`s and how much easier they are to look after! Really? Well today I leant that to fix a relatively simple problem of newly created users not being able to login, the whole Mac OSX Server needed to be reinstalled!

Seriously, I don`t think that in all the years that I have been fixing PC`s that I have had to reinstall to fix a software problem, with the exception of machines that have suffered hard disk failures that have corrupted windows way beyond fixing.

To me it seemed to be such a minor issue to fix yet it needed a complete reinstall.

It turns out that after a rebuild the same issue presented its self again which again needed a rebuild of the server.

Amazingly, again the same issue then reappeared yet again after everything had been set up, but this time it was fixed by rebuilding the OD database.

I wonder if that fix could have been done to start with. Hmmmm