15. June 2010 by Myke.

Microsoft issued a new Security Advisory for a flaw in the Windows Help and Support Center as reported by Ars Technica. The vulnerability only affects Windows XP and Server 2003, Vista and 7 are unaffected.

The worry with this vulnerability is that the help links in the Help Center can be hijacked to run executables on the victim’s computer. The details of the vulnerability and possible attack are as follows:

In Windows XP and Windows Server 2003, clicking on an hcp:// link launches helpctr.exe via a registered protocol handler; this is normally a safe way to launch help content thanks to an allow list that Help and Support Center checks before navigating to a given help page. A Google security researcher discovered, however, that a help page with a cross-site scripting vulnerability can be paired with a mechanism to abuse the allow-list functionality to access that page with an exploit querystring. Thus, clicking on a malicious hcp:// link leverages the XSS vulnerability to circumvent helpctr.exe’s safety controls and ultimately run an arbitrary executable on the machine.

Microsoft says that they are monitoring the problem and is so far unaware of any attacks in the wild. They may prepare a patch for the next Patch Tuesday or it could come earlier. Microsoft has outlined some mitigating factors which are also in the Security Advisory.

• The first is that if the attack is web-based the attacker would host a web page to exploit the vulnerability or host advertisements on another website. Victims can’t be required to visit the pages and the hacker would try to get people to visit with social engineering tactics like emails.
• The vulnerability can’t be manipulated directly from an email, the user would have to click a link.
• A hacker that successfully executed the attack could gain the same user rights as the user logged in. If users aren’t logged in as an admin the damage could be lessened.

Microsoft has one workaround where the registry is edited to unregister the HCP protocol. They detail two methods of doing this in the Security Advisory but they warn that after editing the registry it will obviously break all help links that use HCP.

This vulnerability was discovered by Google who alerted Microsoft to the problem on June 5 and then turned around and kindly disclosed it to the public on June 9. Microsoft was none too happy with Google about that and said:

Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk.

Posted in Security, General Hardware, Microsoft, Desktops, Laptops | No Comments »

14. February 2010 by Myke.

“…oops I did it again…”  No we are not going to discuss Britney Spears but some folks at Microsoft are scrambling for answers after a serious update failure.  The MS10-015  update bulletin is causing some systems to lock up and then during the boot up they BSOD into a never ending boot cycle.  Ouch.

Here is the crazy part of the equation, some systems do just fine.  I have tested the updates on 10 workstations and 4 have crashed out and died while the other 6 were perfectly fine.  I need to clarify one piece though, each of these systems are exactly the same…EXACTLY.  Each one is a virtual desktop with the exact same applications, updates and I used the exact same disc to build the machines.  I ran updates on all 10 systems one at a time.

On the four dead systems here is what I did to repair them.

• Boot from your Windows XP CD or DVD and start the recovery console
• Once at the repair screen - Type this command: CHDIR $NtUninstallKB977165$\spuninst and hit ENTER
• Type this command: BATCH spuninst.txt and hit ENTER
• Type this command: systemroot and hit ENTER
• When complete, type this command: exit and hit ENTER

Of course this may or may not fix your system, but so far it has worked for my dead test systems.

Confused?  You are not alone on this one.  Folks have been trying to figure out what happened and everyone seems to be testing this like crazy.  My final thought on the issue…TOO MANY security fixes and tweaks in one bulletin.  Each time Microsoft tries to update systems with a large amount of security fixes and tweaks it seems like they get a large amount of failures.  Seems like they should have broke this months updates into 2 for the month…which they have done before.

Other related stories on this issue.
MS update gives some XP boxes the Blue Screen
New Patches Cause BSoD for Some Windows XP Users

Microsoft Blog post on this issue.
Restart issues after installing MS10-015

Microsoft’s workaround for this issue.
Microsoft Security Advisory: Vulnerability in Windows Kernel could allow elevation of privilege

As always, enjoy your updating and let us know if you encounter any other nasty issues.

posted by: Myke Reinhold

Posted in Security, Microsoft, Desktops, Laptops | No Comments »

24. November 2009 by Myke.

This post contains information on how to edit and modify your Windows Registry.  It is always recommended that you take a backup of the Registry before editing any of the values because any improper editing can cause strange behaviour and at worst could even corrupt your operating system completely, requiring you to re-install Windows.

We encourage you to try out the registry changes,  but only if you know what you are doing and if you do it with care.

After building a brand new Windows 7 ENT x64 laptop I ran into some issues.  The issues started shortly after finishing some updates.  Explorer.exe kept crashing every time I would right-click on an icon or try to use anything that used explorer.exe.  After searching the web for hours I found nothing that actually resolved the issue.  Pretty much everything out there pointed to doing a full restore or a clean installation.  I also found a couple posts that said once they deleted their profile and rebuilt it, everything worked.  Each of these is true but why waste the time and effort.  I am not sure about you but hearing from a Microsoft employee and having them tell you to do a clean install because it is hardware related or due to 3rd party software is getting real old.  Well you are in luck folks, because I have a solution that does not harm the machine and it can be done within 2 minutes.

Here is the error we were getting in our event logs;
The program Explorer.EXE version 6.1.7600.16404 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 810
Start Time: 01ca6d1f1aca747c
Termination Time: 0
Application Path: C:\Windows\Explorer.EXE
Report Id: 3fe9620d-d913-11de-8a55-00242cbe9d84

I ran every application I had that would point me in a direction of figuring out what was causing it and found nothing.  I decided to go through the 34 updates I had applied the day before and found an issue finally.  One of the updates was forcing the CEIP to execute.  *Dear Microsoft, why place something like this in an OS when you know it causes problems?*

The cause of the Windows Explorer crash is related to the SQM Client, which is part of the Customer Experience Improvement Program (CEIP). Under the default setting, where MachineThrottling is enabled in the registry, any calls to WinSqmStartSession in ntdll.dll file will cause Explorer to crash, or Windows Installer installation to fail.

So instead of waiting for a hotfix or an update from Microsoft, just remove and delete the MachineThrottling registry entry from system registry. The MachineThrottling registry entry is located inside the following registry key: HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions

*NOTE*  If you do not know what you are doing within the registry, stop and do not proceed.  Ask someone for help that knows what they are doing and can recover your registry if a failure occurs.

To make it easy you can just create your own little batch file with the following command;
reg delete HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions /v MachineThrottling /f

At this point you can close the registry and right-click on your file or icon and you should be good to go.

posted by: Myke Reinhold

Posted in Scripting, Registry, Microsoft, Desktops, Laptops | No Comments »

6. October 2009 by Myke.

Going back to an old school issue.  What do you do when you switch out an end user’s computer and they freak out because all of their auto fill addresses in outlook are no longer there?  Easy, switch over their .nk2 file to the new computer and call it a day.

Do you miss the convenience of Outlook automatically completing people’s names as you begin to type them on your new computer? Are you upgrading to a new computer and don’t want to lose all the names stored in your Outlook AutoComplete feature? Wouldn’t it be nice if Outlook installed on your new computer just “remembered” the names and filled them in for you?

You can copy the names in AutoComplete from your old computer to your new one.

Copy the names in AutoComplete to another computer

Important  You must exit Outlook before starting the following procedure. The names will be included in AutoComplete when you restart Outlook.

1. On the computer with the saved AutoComplete names, go to drive:\Documents and Settings\user name\Application Data\Microsoft\Outlook.Note  Depending on your file settings, this folder might be hidden. To view the files in this folder, do one of the following:

   Microsoft Windows XP

   1. Click Start, and then click My Computer.
   2. On the Tools menu, click Folder Options.
   3. Click the View tab, and then, under Advanced settings, under Hidden files and folders, click Show hidden files and folders.

   Microsoft Windows 2000

   1. Double-click My Computer on your desktop.
   2. On the Tools menu, click Folder Options.
   3. Click the View tab, and then click Show hidden files and folders.

2. Right-click profile name.nk2, and then click Copy.Tip  You can copy the file to removable media, such as a floppy disk or a CD, and then copy the file to the correct location on the other computer. Or you can attach the file to an e-mail message and send the message to yourself. On the new computer, open the attachment in Outlook, and then save it to the correct location.
3. On the computer where you want to populate the AutoComplete feature, copy the file to drive:\Documents and Settings\user name\Application Data\Microsoft\Outlook.
4. If the Outlook user profile name is different on the computer where you are moving the .nk2 file, you must rename the file with the same Outlook user profile name after you copy it to the correct folder. For example, if you move Kim Akers.nk2 from the original computer with an Outlook user profile name of Kim Akers, and you copy the Kim Akers.nk2 file to the new computer, you must rename it with the Outlook profile name being used on the new computer.
5. When prompted about replacing the existing file, click Yes.
6. Open Outlook to view changes.

source: Microsoft Office Online

Posted in Technical Questions, Microsoft, Desktops, Laptops | 1 Comment »

30. July 2009 by Myke.

As simple and easy as this task is, we received about 10 emails over the last 2 weeks asking, “I have my users set up to use a mapped drive for their personal data stored on the network.  How can I make that available to them while they are not on the network?”

Easy, open up My Computer and right-click on the mapped drive and select “Make available offline”.  That’s it.  Once the wizard pops up you can detail what you want the offline files to do and once you complete the wizard, it will begin the sync of the files to the local PC.  You are now done.  Cheers.

Posted in Technical Questions, Networking, Microsoft, Desktops, Laptops, Storage | 1 Comment »

15. May 2009 by Myke.

GFI has released a fully functional free version of their backup software.  This software works great compared to NT backup and you can even backup to a remote location such as an FTP site.  The greatest thing about the backups is that it uses ZIP files for the backup files as opposed to a proprietary file.  This means you can restore your backup files anywhere from any machine.

GFI note:
To assist home PC users in these troubled economic times and to help them understand the importance of data backups, GFI Software is offering for free its newly-developed backup and recovery software GFI Backup 2009.

GFI Backup 2009 will allow all home PC users to keep regular and updated copies of their precious memories in the form of pictures, video, and other files and safeguard their data in case something goes wrong.

Loss of data for individuals can be heartbreaking as memories, personal documents and important files are lost due to hard disk failure or a virus attack. With this free software, we are assisting people to be better prepared, especially when they are trying to cut costs wherever possible. Because we care!

GFI Backup 2009 is an easy-to-use backup and recovery software solution that allows users to backup all their important files and, when-needed, recover the data within minutes using the product’s wizard-driven interface. GFI Backup 2009 does not use a proprietary format; all data is saved to common ZIP files. This makes it easy to restore data to a computer that may not have GFI Backup installed on it.

Data can be stored on virtually any storage device available such as internal or external hard disks, on local area network (LAN) locations, CD/DVD media, removable media devices (USB sticks, memory sticks, flash memory, floppy disks, ZIP disks, JAZ, etc.) and remote locations using FTP with upload auto-resume. Data can also be protected with military-strength 256-bit AES strong encryption.

Download your free copy of GFI Backup 2009 from here:
http://www.gfi.com/downloads/register.aspx?pid=bkuphm&lid=en

For more information about GFI Backup and its features visit:
http://www.gfi.com/backup-hm/

Posted in Desktops, Laptops, Servers, Backups | 1 Comment »

29. March 2009 by Myke.

There is a ton of buzz all over the media world about this worm and what it will do and how to tell if you have.  As complex as this worm is, it is also very simple to determine if you have it or not.

Step 1 - If you have Automatic Updates turned on, check to see if it is now turned off.  These reason is that this worm actually turns off updates to protect itself.

Step 2 - Manually run Microsoft Updates.  If you can run updates manually on your computer then you are okay.  This worm will actually prevent you from connecting to the update sites.

Now that we know how to check for it, how do you prevent it.  Very simple.  Keep your computer updated and make sure your anti-virus software is running and current.

What do you do if you have this worm?  You will want to contact your anti-virus software vendor and see if they can help you out.  If not and they want to charge you an arm and a leg, give it a go yourself.  There is a couple very easy to use and free tools you can use to remove it but it will take some patience.

• Malwarebytes Anti-Malware - You can grab this GREAT tool from www.malwarebytes.org.
• LavaSoft Ad-Aware - You can grab this great little removal tool from www.lavasoft.com.

Now that you have a couple of removal tools, start running them and cleaning.  A great tip is to update both pieces of this software and then run them from Safe Mode with your computer not on the network/Internet.

Good luck and happy hunting, so to speak.

Posted in Networking, Internet, Registry, Scripting, Security, Technical Questions, Laptops, Desktops, Microsoft, General Hardware, Servers | 1 Comment »

14. February 2009 by Myke.

With the upcoming release of Windows 7, there is a lot of anticipation and a lot of haters that claim we can expect another failure.  Now we personally do not feel that Vista was a failure in the IT eyes but as a consumer with moderate to no IT knowledge it was a bust.  We have been playing with Windows 7  for some time now and have been pretty impressed to say the least (Travis’s take on Windows 7).  With that we felt like we should let you know what to expect with Windows 7.  There has been quite a bit of hype from Microsoft and others but what can the average IT person and moderate end user expect?  Improved task bar, jump list, Internet Explorer 8, Windows Live, better device management and HomeGroup are the main features to look at.  But in the end we have put together a list of the ten things that should know about Windows 7.

Application compatibility- The Windows Vista operating system introduced architectural changes down to the kernel level that made the OS inherently more secure than Windows XP. However, this came at a cost; many applications needed modification to function properly in a Windows Vista environment. While at this point in the life-cycle of Windows Vista (post Service Pack 1) most applications are now compatible, deploying Windows Vista into the desktop environment early on required some “heavy lifting” and creative shimming—not to mention a few late nights.  Windows 7 is built on the same basic architecture as Windows Vista, so most applications will retain their compatibility between these operating systems. This alone will make adopting Windows 7 much less challenging than migrating from Windows XP to Windows Vista. If your organization is like many that are still standardized on Windows XP, you will need to transition to updated versions of your key applications, but the availability of Windows Vista–compatible versions and well-proven shims will make this task more manageable.

Hardware compatibility and requirements- Much like the application compatibility issues, adopting Windows Vista early-on was a challenge because of the higher system requirements—such as RAM and graphics.  On the flip side, Windows Vista provides manageability and security that just isn’t available on Windows XP, and with more capable hardware, Windows Vista is able to perform a number of useful functions that improve productivity (such as Windows Search 4 and the Windows Aero desktop experience) and increase PC responsiveness (the ReadyBoost technology launches applications more quickly by maintaining a portion of frequently used applications in memory).  Windows 7 was designed to perform well on the same hardware that runs Windows Vista well, while delivering additional performance and reliability improvements. The design team for Windows 7 had a specific focus on the fundamentals—as well as maintaining compatibility with existing applications and hardware. In operation, you will find that Windows 7 boots faster and has a smaller memory footprint than Windows Vista.

 Best relationship with Server 2008- One of the key benefits of the modern operating system is that Windows 7 and the Windows Server 2008 operating system share a common code base, and are maintained with a single servicing model. This servicing model means updates and security updates are shared across both client PCs and servers, simplifying the process of maintaining an up-to-date infrastructure.  In addition, environments with both Windows Server 2008 and Windows 7 unlock capabilities that extend functionality and help ensure a more secure environment. One example is DirectAccess, which allows management and updating of remote mobile PCs that are connected to the Internet, even when they are not connected to the corporate network. This capability helps ensure that remote users receive security patches on a timely basis, and allows IT to update configuration setting via Group Policy. For the end user, DirectAccess allows access to locations on the corporate network without using a virtual private network (VPN) connection. (In addition to Windows Server 2008 R2, DirectAccess requires IPSec and IPv6 implementation.)

Data encryption extended to removable media- News reports are rife with stories about companies losing control over sensitive information. In some industries, this is an issue with grave legal implications, while in other situations the issue is inconvenience. Regardless, smart compliance policy dictates that sensitive information be safeguarded in the event of a lost or stolen laptop. Further, preventing sensitive information from being removed from corporate resources is a pillar of effective compliance management.  Windows 7 includes BitLocker technology, first implemented in Windows Vista, which now provides full encryption of all boot volumes on a PC; along with introducing BitLocker To Go that offers data protection on portable storage, such as USB flash drives. In addition, BitLocker Drive Encryption and BitLocker To Go can be managed via Group Policy, placing more control over sensitive information in the hands of the professionals.

AppLocker- Windows 7 features AppLocker, a new capability that allows IT administrators to specify which applications are permitted to run on a laptop or desktop PC. This capability helps you manage license compliance and control access to sensitive programs, but also importantly, it helps reduce the opportunity for malware to run on client PCs. AppLocker provides a powerful rule-based structure for specifying which applications can run, and includes “publisher rules” that keeps the rules intact though version updates.  To see how AppLocker is set up and managed, click herefor a screencast demonstration.

Scripting with PowerShell 2.0- To help IT administrators better maintain a consistent environment and improve personal productivity, Windows 7 includes an updated graphical scripting editor, Windows PowerShell 2.0—a powerful, complete scripting language that supports branching, looping, functions, debugging, exception handling, and internationalization.

• PowerShell 2.0 has an intuitive, graphical user interface that helps make script generation easier, especially for administrators who are not comfortable in command-line environments.

• PowerShell 2.0 supports two types of remoting—fan-out, which delivers management scripts on a one-to-many basis, and one-to-one interactive remoting to support troubleshooting of a specific machine. You can also use the PowerShell Restricted Shell to limit commands and command parameters to system administrators, and to restrict scripts to those who have been granted rights.

• PowerShell 2.0, with the Group Policy Management Console (available as a separate download), allows IT professionals to use scripting to manage Group Policy Objects and to create or edit registry-based group policy settings in Windows 7. Similarly, you can use PowerShell to configure PCs more efficiently, using richer logon, logoff, startup, and shutdown scripts that are executed through Group Policy.

Click hereto take a quick tour of PowerShell 2.0.

Troubleshooting made easier - Windows 7 provides rich tools to identify and resolve technical issues, often by the end users themselves. If a help desk call is unavoidable, Windows 7 includes several features and troubleshooting tools to help speed resolution.

• The Problem Steps Recorder allows end users to reproduce and record their experience with an application failure, with each step recorded as a screen shot along with accompanying logs and software configuration data. A compressed file is then created that can be forwarded to support staff to help troubleshoot the problem.

• Windows 7 includes a suite of troubleshooting packs, collections of PowerShell scripts, and related information that can be executed remotely by IT professionals from the command line, and controlled on the enterprise basis through Group Policy Settings.

• Windows 7 also includes Unified Tracing to help identify and resolve network connectivity issues in a single tool. Unified Tracing collects event logs and captures packets across all layers of the networking stack, providing an integrated view into what’s happening in the Windows 7 networking stack and aiding analysis and problem resolution.

Deployment image servicing and management- Windows 7 includes several tools to streamline the creation and servicing of the deployment image, and to get users up and running as quickly as possible.  The Deployment Image Servicing and Management (DISM) tool in Windows 7 provides a central place to build and service Windows images offline. With DISM, you can perform many functions with one tool: mount and unmount system images; add, remove, and enumerate packages and drivers; enable or disable Windows features; configure international settings, and maintain an inventory of offline images that contain drivers, packages features, and software updates. Windows 7 also enables the same processes and tools to be used when managing virtual machine (VHD) and native file-based (WIM) image files.  Windows 7 also includes Dynamic Driver Provisioning, where device drivers are stored independent of the deployed image and can be injected dynamically based on the Plug and Play ID of the hardware, or as predetermined sets based on information contained in the basic input/output system (BIOS). Reducing the number of drivers on individual machines reduces the number of potential conflicts, ultimately minimizing setup time and improving the reliability of the PC.  When you are ready to deploy Windows 7, Multicast Multiple Stream Transfer enables servers to “broadcast” image data to multiple clients simultaneously, and to group clients with similar bandwidth capabilities into network streams to permit the fastest possible overall transfer rate while optimizing bandwidth utilization.  Watch a screen cast demonstration of the deployment tools for Windows 7 here.

User state migration tool- Windows 7 includes enhancements to the User State Migration Tool (USMT), a command-line tool that you use to migrate operating system settings, files, and other user profile data from one PC to another. In Windows 7, USMT adds a hardlink migration feature for computer refresh scenarios, a capability that stores user data and settings in a common place on a drive, eliminating the need to “physically” move the files during a clean install.

BranchCache- Windows 7 introduces BranchCache, a technology that caches frequently accessed content from remote file and Web servers in the branch location, so users can access this information more quickly. The cache can be hosted centrally on a server in the branch location, or can be distributed across user PCs. One caveat: to take advantage of BranchCache, you will need to deploy Windows Server 2008 R2 on the related servers.

I would like to thank Microsoft for the information within this article.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, this document should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Posted in General Hardware, Microsoft, Desktops, Laptops | No Comments »

27. January 2009 by Myke.

So you know that your hard drive will die sooner or later, but how do you proactively figure that out?  Magic 8-ball used to be the best method but as of recently we can do a much better job.

The standard IDE/SATA hard drive today is still the most mechanical piece of equipment sitting in your present day PC. And this will continue to be the case until solid state drives become much cheaper and much more compatible for present day hardware. The most unfortunate part of the problems with these drives, is how incredibly critical they are to the state of your computer. A hard drive failure means a dead computer - unless you are lucky enough to be running in some type of RAID environment, which most home users won’t be.

So those of us here at Homerun decided maybe we should put together a list of tools to help everyone else out that would like a better Magic 8-ball.  Below you will see our four choices and a brief description of the tool.  One thing to remember, these are Windows based tools and they are to be used at YOUR own risk, not ours. 
Crystal Disk Info

CrystalDiskInfo is a S.M.A.R.T. based utility that supports not only internal drives, but both USB and IEEE1394’s as well. It displays an incredible amount of simple and advanced disk information, and may always be running in the background. This includes temperature readings, read/write errors and power management tools, running at all times of the day.

General Drive Info

Advanced Diag of your drive

 HD Tune

HD Tune is a much simpler hard drive disk scanning utility that has benchmarking, advanced diagnostics, similar to Crystal and a disk scanning utility, very similar to the Windows version, but can be run in real-time. It also includes real-time temperature monitoring.

Benchmarking

Disk Scanning

HDD Health

HDD Health is another similar product. It includes temperature and real-time monitoring, but includes a health indicator, simply by percentage and nothing more. It does include the same advanced diagnostic tools as the other SMART utilities as well.

General Information

Extended Drive Information

HDD Scan

HDD Scan not only includes many SMART diagnostic utilities, but other disk utilities as well. It includes many advanced testing modes, such as reading, writing and erasing in linear. In comparison to the other products, HDD Scan might get you more bang for the free buck.

Various HDD Scan Tools

Available Surface Tests

Manufacturer Specific Products

Some people might trust products designated for their specific hard drive more then any other. So I’ve provided a list of all the major manufacturers with a link to their diagnostic tools. A few of these may even support different manufacturers.

Fujitsu - Supports all forms of internal connection and is capable of doing in depth surface and diagnostic testing.

Hitachi - Several diagnostic tools for Hitachi drives. Analyze, optimize and protect your drive from failure.

Samsung- The Samsung utility will only work with Samsung drives and is an offline bootable disk that can be run no matter what the state of your drive.

Seagate/Maxtor- The Seagate tools, also known as Seatools, are Windows specific tools that can quickly and comprehensively determine the state of your present Seagate or Maxtor hard drive.

Western Digital - In order to determine your appropriate tools, you’ll first have to select your specific product and browse to a compatible ‘Data Lifeguard Diagnostic Tools’. Thorough test and repair utilities for West Digital drives.

All of the tools above may or may not be able to resolve serious disk errors on your drive. But if you are worrisome about the state of your current HDD and you’d like to confirm it, these tools will help to do so. It will force you to begin transferring data, or backing up your data on a regular basis before the inevitable happens. Play with each of tools, and find the best that suits your situation.

Posted in Microsoft, General Hardware, Desktops, Laptops, Backups, Servers, Storage | No Comments »

11. December 2008 by Myke.

If you are the proud owner of any Lexmark product you may wonder why you have a program called lx_Cats on your PC.  Well after further investigation and tracking what this file does, it is Spyware.

A user calling himself “Commander” has posted to the printer-focused Usenet group, comp.periphs.printers, that:

“Just the other day I purchased a new Lexmark X5250 All-in-one printer. I installed it as per the instructions and monitored the install with Norton as I do with all new software.

On reviewing the install log I noticed a program called Lx_CATS had been placed in the c:program files directory. I investigated and found a data log and an initialisation file called Lx_CATS.ini. Further investigation of this file showed that Lexmark had, without my permission, loaded a Trojan backdoor on to my computer. Furthermore, it is embedded into the system registry, so average users would likely never know it was there and active.”

Commander noticed that the spyware was programmed to surreptitiously report back to a URL, www.lxkcc1.com, every thirty days. lxkcc1.com is registered to Lexmark International, Inc..

When Commander called Lexmark to demand an explanation, the company first denied that they had installed any spyware at all. Ultimately the person with whom he spoke conceded that Lexmark installs “tracking software” on their users’ computers“to report back on printer and cartridge use for survey purposes.” While the Lexmark representative avowed that they did not transmit any personal information, they also admitted that the program does transmit the printer’s serial number, which of course is registered to the user. No personal information my foot!

Rumours of the installation of spyware along with their printer software have swirled around Lexmark for several years, and posts to Usenet complaining of Lexmark spyware date from as early as 2001. Some users complain of their computer trying to connect to the Internet every time they print a document; others worry that the program is reporting not only their cartridge usage, but whether they are using non-Lexmark cartridges, or even refilling their own cartridges, thus possibly setting the stage for a denial of warranty service.

According to “Commander”, the offending files include a program file called lx_CATS, and a related .ini file, lx_CATS.ini, as well as 2 DLL files in the c:program fileslexmark500 folder.

In order to remove Lexmark’s spyware from your system, delete the file (probably in your c:program directory) called “lx_cats.exe”, and also search for and remove a file called “lx_cats.ini” (and, for that matter, any other file including the term “lx_cats”).

Nice job Lexmark…really.

posted by: Myke Reinhold

Posted in Security, Internet, Rant, General Hardware, Desktops, Laptops | No Comments »