On Thursday, Microsoft released the patch to remove the “SETABORTPROC” functionality from WMF image processing. The patch is on Windows update as # MS06-001, and should be installed on all systems running Windows 2000 and above. Anyone who previously installed the unofficial patch should first install the Microsoft patch, and then uninstall the unofficial patch.

Anyone who disabled the Windows fax viewer can restore it like this:

To re-register Shimgvw.dll, follow these steps:
1. Click Start, click Run, type “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the registration process has succeeded. Click OK to close the dialog box.

The WMF abort process security hole doesn’t affect Windows 98. Microsoft has stated that it is a ‘non-critical’ problem in Windows Me, but has not released a patch. In other words: to be continued…

Another day, another cleanup. This morning’s cleanup was described by a new customer like this: “It’s broken. We can’t run our customer database program. The night staff keeps surfing the internet, and loading spyware, so that’s probably it.”

What I found was a computer that, on first look, had shortcuts to software on a drive “y:\” but had no mapped drives, and that was a member of a network named “MSHOME”, which is the default name for new peer-to-peer networks under the Windows XP “run me and I’ll change all your settings back to defaults” network wizard. There was no apparent connection to the network. “System Idle Process” was at 96 to 98%. There was clearly some spyware there, and a peer-to-peer music program, but they didn’t appear to be taking many cycles in Task Manager.

OK, next, ran HijackThis==the log is three pages long; it should be half a page. The customer created their own doorstop. There were four anti-spyware programs running–all trial versions, and an anti-virus program which included anti-spyware features. The anti-virus software was the product installed by Dell at the factory, and long past the 90-day trial. Overall, the anti-spyware had stopped the spyware from running, and from connecting to the network, in much the same way that a very large boulder, when strategically placed on the roof of a car, will act as a parking brake.

After over an hour, I’d chiseled and uninstalled and ripped out junk in Safe Mode until the task list was down to the absolute basics. Replaced the antivirus software, added parental control software to restrict internet access by password, did a scan, and the new Mcaffee antivirus (freeware, if you’re a Comcast customer) reported that it had found two pups. Right–it no longer searches for malware, but for pups. That’s “Potentially Unwanted Programs.” Mustn’t insult the spyware by putting a negative label on it–this is more software written by lawyers.

At some point, consumers are going to have to learn about autoplays and startupware. When they do, if you are a software author whose products autostart without a very good reason, it’s not going to stay installed past a very short trial. And if it does, I’ll personally rip it out as non-essential during the next spyware/virus/generic doorstop service call, because over and over, I’ve seen this pattern of multiple tools to do the same task all running as startupware and adding to the problem. And I’m not alone; every field tech I’ve spoken to does the same. Software must only run when asked to, it should self-repair if needed, and maybe, just maybe, customers won’t blame it when they’ve turned their computers into doorstops.

I had what was apparently a pretty bad infestation of spyware crud on my Win XP box. Aurora, Limewire, some other stuff. I couldn’t clean it out myself, gave up, and got a referral on a local tech guru.

He showed up, took one look, and said he had to take the system to the shop or I wouldn’t like the bill. I let him, and he brought it back clean two days later, with a bill for $180. Seems clean, and he added some blocking on installs, and updated my patches.

Was this pretty typical? I lost days here. Bill wasn’t bad, considering.
_________________
Joe

OK, so I’m still learning all this %$#!!

Typical? Sounds quite reasonable. Could have been much more expensive. You lost days, but saved money, because the tech didn’t attempt to clean the system in your office. If he had, he would have run a series of cleanup programs, some taking 15+ minutes to run while he attempted to look like he was doing something. For some items in the autoplays, he would have needed access to another computer to do searches for identification and for more specific removal tools that take out single programs–Aurora is one of those, that the general-purpose tools don’t take out.

Overall, it’s much easier to do this back at the shop, with reference materials handy, another PC for patch downloads, a high-speed internet connection for patch updates, and most important, the ability to walk away while the scans run, because you really do have to run multiple tools to clean up the mess. Onsite, you probably would have had to feed him lunch. Maybe dinner. Rented a room. Offsite, he could keep working on other projects, and not bill by the hour while he did other things.