| THE | E | LIST | N | EWS |
| by Mr. E | ||||
Larry Brink of Wisconsin has pointed out, in the recent thread New Computer & Setup Win XP, that there is an issue running FDisk on hard drives originating in some HP computers. Incredibly, FDisk doesn’t really wipe them clean. Larry had to use a punchier disk utility to clean his hard drive adequately for reuse. (This issue isn’t limited to HP computers, but this is the particular hardware on which the issue appeared.)
While the entire thread may be interesting reading because of the various possibilities that were explored (in vain) while attempting to solve his problem, it was Larry himself (a technical support specialist in Wisconsin) who solved it. Here is his story: Larry built his first computer from the bottom up, with some great hardware. All of the hardware was brand new — except the hard drive, which he pulled out of an HP Pavilion where it was working just fine. When he tried to install Windows XP on the finished computer, he got the error message, An unexpected error (0) occured at line 1768 in d:\xpclient\base\boot\setup\arcdisp.c. When he tried to install Windows 98 on it instead, he got the error message, KERNAL: unable to initialize heap. Several possible causes were ruled out, such as establishing that the CDs were both just fine.
Larry began to suspect the hard drive was the problem — especially since it was the only part that was completely new. He learned that booting from a Win98 startup diskette and running FDisk on this drive really wasn’t preparing the disk adequately. He borrowed a copy of Maxtor’s MaxBlast Plus utility from a friend and used this to prep the hard drive and, as he wrote, “Bang, I now have Win XP installed on my new machine, running with no problems at all.”
Thanks to Larry for sharing this with us on the forum. It’s great when people come back to explain what finally solved their computer problems!
I occasionally warn users about being overly aggressive in direct manual editing of the Registry and similar deep-level system “maintenance.” Some users are of the opinion that getting rid of every stray file, Registry key, and code line that they don’t think they need will increase the performance of their machines. Sometimes this kind of surgery will help things along, but you have to know what you’re doing (or at least make adequate backups before you start!). It isn’t hard to accidentally remove something that you later wish you hadn’t.
One such example was offered us recently by forum participant Larbo. In the thread My Documents, he contritely wrote:
I have W98SE and I have done a bad thing. While doing my usual clean up sweeps I unthinkingly removed the reference to My Docs in File Types. Now, when I view the drive’s root with My Documents in it... from some programs (like MS Photo Editor), the My Documents folder is not even there. Also, the My Documents link on the Desktop... does nothing when clicked.
He tried to rebuild the File Type action, but this didn’t work. Two solutions were found for the problem. Tony Klein gave the contents of a Registry file to add the right association back, with the critical lines being:
[HKEY_CLASSES_ROOT\.mydocs]
@="CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}"
But, before Larbo read that answer, he found another successful solution. From a Run box, he reregistered the My Documents DLL file, with the command line regsvr32 mydocs.dll. This returned everything to normal for him.
I love Internet Explorer 6, which is clearly the best version of IE that Microsoft has produced yet with respect to the feature that is most important to me in a browser: accurate HTML rendering according to W3C standards. And I love Windows 98 (either edition), which I consider the high point of the entire Win9x family of operating systems.
Sometimes, though, two people we love oodles and oodles just can’t get along with each other, and this applies to software, too. IE6 and Win98 just don’t get along.
One of the things that has been apparent from pretty early on is that IE6 destabilizes the Win98 shell, particularly Windows Explorer. A variety of hangs, failures, and misbehavior start happening right after IE6 is installed on Win98. These aren’t behaviors that are foreign to Win95 and 98 historically, but they are behaviors that have been absent on the machines in question until the IE6 install. And, on uninstalling IE6 — backing up to the previous version of the browser — the problem is reliably resolved.
In the AumHa Forums recently, another IE6/Win98 feud appeared and was resolved the same way. Under the title Links Won’t Load, forum participant Haka_Boy wrote:
Every time I click on a link within a page, a new window opens but it’s blank and won’t load the page. Just started happening. Does anyone know what I mean, if you can help please do. Thanks a bunch.
One known cause for this exact problem is having the excellent personal firewall ZoneAlarm installed, and then uninstalling it incompletely; but Haka_Boy had never installed ZoneAlarm. On further inquiry, we learned that he was running IE6 on Windows 98, and that the problem applied to “pretty much all links, even links in my emails won’t load.” Forum member Tony Klein and I both suggested problems related to the IE6/Win98 combination. Haka_Boy uninstalled IE6 (reverting to IE5) and, sure enough, his problems went away.
For instructions on uninstalling Internet Explorer 6 from Windows versions before XP, see the aptly named Knowledge Base article, How to Uninstall Internet Explorer 6.
My current recommendations for optimum IE browser on different Windows versions are as follows: For Win95 and Win98, IE 5.5. Service Pack 2 (SP2) is where you should stop — it’s the last version of IE that Win95 can install, and the last one that Win98 can take without significant nagging problems. I have heard of no significant problems with IE6 on WinME, so I recommend that combination for the most powerful pairing on that OS. And, of course, the IE6 that is native to Windows XP works spectacularly on that Windows version.
With Win XP Service Pack 1 due out in a couple of months, I’ve been hoping that this might bring an IE6 SP also... and that perhaps the family feud between the new browser and respected elder Win98 can be patched up so that everybody who loves both of them can bring them together. (Hm, I suppose I should ask my IE MVP friends if such is in the works...)
Speaking of Internet Explorer 6, another recent Forum query dealt with the opposite issue, someone running a Windows 9x version who wanted to reinstall IE6 — or, more specifically, its secondary component, Outlook Express 6 — after a virus attack. Under the title Reinstall Outlook Express 6, forum guest Therese wrote:
I had the klez.h virus and it destroyed my Outlook Express. I am inexperienced and have since tried all kinds of ways to reinstall OE6. Unfortunately, in the Add/Remove options I have accidentally removed OE. When I try to reinstall, it tells me I already have it, but it is not functional and I don’t have email now... How do I do a complete reinstall of oe6 when it thinks it is already on my computer?
Therese had installed IE6 and OE6 on her Windows ME computer. After the virus damage, she needed to replace certain files by reinstalling OE, but her computer wouldn’t let her do this because her Windows Registry held data that persuaded the installer that the program was already present, but the data was not sufficient to give her an entry in the Control Panel’s Add/Remove Programs applet so that she could clear the slate. Various suggestions were offered, but the one that eventually solved the problem for her (which she got from the microsoft.public newsgroups) was a surprise! It was from a Knowledge Base article that is labeled as applying only to Windows XP, not the Windows ME she runs. The article, Q318378, is titled How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP. Though the first approach listed is a reinstallation of Windows XP (which was of no use to our ME-using friend), Method 2 involves editing a Registry key so that Windows will let you download and install the Version 6 product.
We have notified Microsoft’s KB team that this article has applicability for pre-XP versions of Windows as well, with the hope that the article can be updated. Meantime, I wanted readers of The E-List News to know that this works.
AumHa Forum member Ida439 uncovered a hidden setting in AOL 7.0 that might be of interest and value to others readers. Under the heading of Browser Bar Not Retaining Web Sites Visited, she wrote:
I now have Windows XP on my computer and access the internet through AOL 7.0. On my previous computer (Windows 95) my browser bar in AOL (also 7.0) retained about 25 previously visited web sites. Now the browser only retains the web sites visited each time I log on. When I log off they are gone the next time I log on. Also, frequently visited sites would “auto complete” after typing the first few letters. Now they don’t. I have enabled “auto complete” in the Internet Tools of Internet Explorer and don’t know what else could be wrong. Please help!
The basic problem was clear enough: Her browser History was being stored, since it would auto complete within a given browser session, but it wasn’t being retained from sessions to session. Because this came right after a clean install of a new operating system (and, presumably, or all of her software), it was reasonable that some default setting was causing the problem, but she said she had checked at least some of those settings that determine how Internet Explorer treats History records.
First, then, I wanted to make sure she had enabled the other settings correctly — those that actually control History. I suggested she click Tools | Internet Options and, in the History section, make sure the “Days to keep pages in History” wasn’t set to 1 day. She confirmed it was set for 20 days, then added another small detail: “I can close down AOL and log right back on and there's nothing in my browser but my AOL Welcome.” In other words, it did seem to be the closure or relaunching of her AOL software that was at fault.
Ida was the only one of us on the thread who actually had the AOL 7.0 software at hand. (Hard to believe, isn’t it?) After trying a few more things and ruling out everything else, she returned to the AOL interface under Preferences | Tool Bar & Sounds. There she found a default setting to clear History every time the user logs off or changes screen names. Her prior installation of AOL (on Windows 95) was an upgrade over an earlier AOL version but, when she upgraded to Windows XP, she also did a clean install of AOL and got this default setting as a result. She had spoken to the AOL help desk earlier that day, and their technician was unaware of this setting, so she thought others might be unaware of it too. That’s why we’re sharing it with all of you.
Word of the Klez virus has spread almost as fast as the virus itself — which is good, because it’s really a nasty blankety-blank! A typical encounter was reported by AumHa Forum participant “bjm,” who wrote:
Just recently my machine has started to seriously bog down. Checking the task manager I see that a process named Winkhr.exe is seriously hogging the CPU. If anyone can tell me what this process is, or why it is taking over my machine, I would greatly appreciate it.
As Forum guest “Sharon” responded,
Files named winkxxx.exe (where x represents varying characters) are a symptom of Klez/Elkern. Another symptom is the high rate of CPU usage. Most of the antivirus sites have this one covered in recent virus definitions. Some (such as Symantec) have an additional clean-up tool that is helpful in getting rid of the Elkern virus that the Klez worm drops.
Have included the link to the info page about the Symantec tool for your convenience:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
Shortly after this exchange, I was helping a friend with the computer he shares with his teenage son. The Windows 2000 machine had a reasonably fast CPU, there wasn’t a horrendous amount of stuff loading at startup, but the machine crawled like an old 386 with Windows 95 trying to run two copies of RealPlayer and six copies of Netscape! Something was definitely eating up machine cycles. The answer didn’t take long to find: A couple of pieces of aggressive adware were running on the machine, and a file named WINK???.EXE (where ??? is three characters I have, by now, forgotten) was running in the background. He’d been Klezzed!
The great adventure then began! A new copy of Norton Antivirus was acquired. I tried to preclean his computer with it by booting from NAV’s CD to run a virus check outside of Windows. It didn’t work, though, because the CD booted in Windows 98 and couldn’t read the NTFS partition on the Windows 2000 machine. We rebooted Windows in Safe Mode, ran the de-Klez utility, manually edited the Registry to remove the WINKing files — all no good, because new ones would appear moments after the old ones were deleted. I tried installing NAV with Windows live and found that Klez deleted the install files before they could finish installing. (It deleted even more aggressively after we copied the NAV files to the hard drive to run install from there.) This is a smart, well-engineered worm that was anticipating what would be thrown at it, and defending itself at every turn.
Eventually, we copied off the bare minimum that had to be saved, reformatted the drive, and reinstalled everything, virus-checked the backed up files and brought them back over, and sent the computer home. Ad-Aware and NAV were in place, a quick lesson in security had been conveyed, and my friend went to talk to his son about why the several GB of download MP3s were no longer on the computer, what music download software he could no longer use — and to talk to him about the online equivalent of condoms. (It was the “safe hex” talk. You know the one.)
I find Klez to be the most morally repugnant virus to hit in memory. Not because it’s so smart and effective. Not for any content it produces. No, my moral objection to it is that it is effective by undercutting some of the best actions of cooperative community in addressing virus issues. Over a year ago, in response to Distributed Denial of Service (DDoS) attacks and threats, I suggested that we have reached a stage where keeping our own computers safe is no longer going to be enough, nor even effective! He have to, collectively, develop a global awareness of “keeping the streets safe for everyone.” That is, we need to make sure that our own computers are not turned into launching platforms for distributed attacks on other people. We have to look out for them, just as they have to look out for us. This is the only long-term defense against DDoS attacks. With viruses, people had already started a “look out for each other” approach, being mindful of not wanting to spread viruses to others, and attempting such courtesies as writing to someone if an email from that person turned out to have a virus in it. Klez defeates that approach by taking two different names from your address book, and sending one of them a virus-laden email saying it was from the other one. Writing back to the person from whom the email appeared to come does no good — they didn’t send it to you, probably didn’t have the virus, possibly didn’t have any idea who you are in the first place, and sometimes would get into a fight with you when accused of having sent you a virus. This has discouraged cooperative community by discouraging people from wanting to bother to tell someone they might have a virus. All I can say is, don’t be discouraged. Communicate with people. Increase everyone’s online security by encouraging responsible community. Practice Safe Hex. Enjoy the Internet! Don’t let the Klezzards wink you down!