Solved – Splwow64.exe Error – The program can’t start

Had a client with a printer issue.

This link helped me solve it.

Splwow64.exe error (The program cant start because dll is missing from your computer)

reg_keys_printer

I deleted the folders that are highlighted in yellow. Then I followed the rest of the instructions.

When I came to deleting all the files in the drivers directory I made a back up of all the files first just in case I needed to put them back. I didn’t.

I hope this helps someone else out there…

 

Solved EMET detected Caller mitigation and will close the application: OUTLOOK.EXE

Customer had this issue this morning. They were running EMET 5.2.

emet_outlook

I upgraded EMET to 5.5, and restarted the machine. Didn’t fix the issue.

I updated the Symantic End Point software and ran a scan. While scanning another co-worker suggested opening Outlook in safe mode. Holding the control button and double-clicking the toolbar icon for Outlook the program opened without the EMET warning.

We disabled a couple of Add-ins in Outlook. Restarted the program several times and EMET never popped up again.

I hope this helps someone else out there….

 

ICEcoder – Reset password – Could be the reason for attack and blacklisting.

We had a static HTML site get attacked and blacklisted. I never thought a static HTML site could get attacked.

Capture_blurred

Upon further investigation I found a file called “kmhtwefn.php”.  A google search returned nothing … something must be wrong.

There was also a file called “ingenuity-insulator.php”. I googled it and came back with nothing related to this file. Again this made me question things.

I opened a “.htaccess” file and found the following:

htaccess_attack

Bingo!

It appears all leads from the major search engines lead to the ingenuity-insulator.php file. This is why the site go listed as hacked.

How did it get hacked?

Turns out this site had ICEcoder in it. I needed to reset the password and the following article helped me figure it out.

https://groups.google.com/forum/#!topic/icecoder/0KPKZZLcB58

Due to the lack of time I reached out to Sucuri to help get this site cleaned up and remove the blacklisting.

Sucuri’s Website

I hope this helps someone else out there…

 

Pointing a Network Solutions Domain to a Godaddy Hosting

Struggling with a network solutions domain name going to a Godaddy hosting. Here is the process I ended up doing.

  • Setup new hosting account and added a temporary domain name. ( ie: domainname.com is the real name, and tempdomainname.com is the one I set up.)
  • Installed the site and it is reachable by tempdomainname.com.
  • Next I wanted to add the domain name that Networks Solutions has. I pointed the DNS to NSXX.domaincontrol.com ( XX representing the number of the name server).
  • On the Godaddy side I wanted to add the domain domainname.com ( the ultimate desired name), but it wouldn’t let me.
  • I had to add a TXT record to Network Solutions because the domainname.com hosting was also hosted on Godaddy. We had to perform a cease and desist in order to add the domain name.

Network Solutions:

netsol_1

netsol_2

netsol_3

netsol_4

Click continue and this will look like the txt record two image up.

Godaddy:

At the My Products page you will see Domains, Web Hosting, and maybe Workspace email. Next to Web Hosting click “Manage“.

In the CPanel click Setting of the hosting package you want.

godaddy_1

godaddy_2

Enter the domain name you want ( ie: domainname.com )

NETWORK SOLUTIONS – Finishing up the A record

I found that only the “www.domainname.com” was resolving and the “domainname.com” was going to a Network Solutions “Under Construction Page.”

I needed to make sure all the IP addresses were pointing to the new hosting.

Go into the Network Solutions site and go to the specific domain name your need to fix. Here you see I only have the “www” A record pointing to the new IP address. Click “Edit A Records”.

netsol_2_godaddy_a_record_1

Add the new IP to all the areas you need.

netsol_2_godaddy_a_record_2

I hope this helps someone else out there….

 

 

Microsoft Outlook has stopped working – Eblast Email

We got some calls about issue today. Customers Outlook would crash and restart when clicking on an email with images. Email was working on November 10, 2015. Now on November 11, 2015 it is crashing. One customer mentioned the machine did a bunch of updates the night before.

I looked at the lastest installed Microsoft updates. There were a bunch on 11-11-2015. I started uninstalling any related directly to Outlook. In one case this customer was using Outlook 2010. There were several:

  • kb3085560
  • kb2553305

None of these fixed the issue. There were around 15 more updates specifically related to Office. I didn’t get into uninstalling these one at a time, because it was taking about 5 minutes per update. It wouldn’t let me group remove the updates.

I was unable to resolve the issue, but I got 3 calls about the same thing. Hoping Microsoft discovers the error and fixes this in there next set of patches.

 

I hope this helps someone else out there….

 

Vipre Warning – [#183197] [POSSIBLE FP FILE]Exploit.SWF.Agent.bb (v)

Tech Chris called Vipre Business technical support today. They confirmed this was a false positive.  The resolution for this is to update the virus definitions.

To update virus definitions:

  1. Log into server
  2. Open Vipre Business Premium
  3. Click on protected computers tab
  4. On the left, you will see site navigator
  5. Under windows policies, select the policy that has the protected computers (will be either “desktops” or “default for workstations” for workstations, and either “laptops” or “default for laptops” for laptops)
  6. Right click policy name > agent updates > check for threats definitions updates
  7. This will update the agents to the latest threat definitions

Thanks our buddy Chris.

Hope this helps someone else out there.