Category: Windows

How to remove a printer and its drivers from Windows 8/10

How to remove a printer and its drivers from Windows 8

Press the keyboard shortcut Win+q. Find Printer Management in the section Administrative Tools and launch it.

clip_image002

Removing a printer

Open Custom Filters, All Printers, select the printer you want to remove and click on Delete.

clip_image004

Confirm it by clicking Yes.

clip_image006

Removing drivers

Go to item All Drivers. If you have installed your driver from a standalone installer, it is recommend you to Remove Driver Package… . If you have simply selected the driver from a list offered by Windows when installing the printer, it is recommend you to Delete it.

clip_image008

If you are trying to remove the driver without removing the printer beforehand, or the driver is used also by another printer than the one you removed, the system won’t allow you to remove the driver.

clip_image010

If you resolved the previous problem or you haven’t encountered it, system will show you which packages and drivers will be deleted.

clip_image012

After you click on the button Delete, the packages and drivers will be erased from the system. By clicking on the button OK on the summary window, the process of removing drivers will be finished.

clip_image014

If you removed all drivers you wanted, close the Print management.

Remove Network Printers from Windows via Registry Editor

Step 1: Click on Start, Run and then type in regedit and press Enter. This will open the registry editor.

clip_image016

Step 2: Navigate to the following key in the registry:

HKEY_CURRENT_USER – Printers – Connections

Here you should now see a list of all network printers with the server name first, then a comma, and then the name of the actual printer.

clip_image018

Go ahead and click on the printer in the left menu and press the Delete button or right-click and choose Delete. Unfortunately, that’s not all! You also have to delete the printer from one more location in the registry:

HKEY_LOCAL_MACHINE – SYSTEM – CurrentControlSet – Control – Print – Providers – LanMan Print Services – Servers – Printers

Now under the servers key, you should be able to expand it and see the name of the print server that actually hosts the printer you want to delete. Go ahead and expand the print server key and delete the printer from the list.

clip_image020

Now close the registry editor and reboot your computer. The undeletable network printer should now be gone! Note that the method above is just for network printers. If you have a local printer and want to remove it the same way via the registry, you need to go to the following registry keys below:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\ Windows NT x86\ Drivers\Version-3\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\

Zero Day Adobe and Microsoft Exploits

Adobe has released (for the second time this month) an emergency update for its widely used Flash Player to combat active attacks that exploit a previously unknown security bug that hackers are actively exploiting to surreptitiously install malware on end-user computers.

Attackers are already exploiting it!

Please apply this patch and stay secure.
If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser. The version of Chrome that includes this fix is v. 33.0.1750.117 for Windows, Mac, and Linux. To learn what version of Chrome you have, click the stacked bars to the right at of the address bar, and select “About Google Chrome” from the drop down menu (the option to apply any pending updates should appear here as well).

The most recent versions of Flash are available from the Adobe download center here, but beware potentially unwanted add-ons, like McAfee Security Scan, Chrome browser etc..). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

AND..

Microsoft has released a stop-gap fix for a previously unknown zero-day vulnerability in Internet Explorer versions 9 and 10 to combat a separate zero-day campaign. IF possible (many users cannot because of other ‘line of business software’ that requires versions 9 or 10) to update to version 11 of IE, since it contains exploit mitigations not available in earlier releases. Those who are prevented from running version 11 should install the Microsoft fix as soon as possible.

Microsoft site explanation is here

Actual ‘Fix-It tool is here

If you run it make sure you ‘right-click’ on the file after it’s downloaded and ‘Run As Administrator’

Be safe folks, Peace.

CryptoLocker news

Okay folks, here we go again. More ransomware is spreading and it can hit you. [Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion), while some may simply lock the system and display messages intended to coax the user into paying.]

Ransomware/Malware that encrypts your data and tries to sell it back to you, or else, is not new. In fact, one of the earliest pieces of malware that was written specifically to make money, rather than simply to prove a point, was the AIDS Information Trojan of 1989. That Trojan scrambled your hard disk after 90 days, and instructed you to send $378 to an accommodation address in Panama.

Enter the latest Menace – CryptoLocker. If you have become seriously infected and do not take IMMEDIATE remedial steps, there is, sadly, not much you can do [unless you have full ‘offline’ backups as I am always ranting about] but pay up!

This is getting some recent much needed attention by the press. Here is a recent short article. A Google search will turn up hundreds more.

The endgame is the same in all cases: if you have a reliable and recent backup, you’ll have a good chance of recovering without too much trouble.

Prevention, in this case, is significantly better than cure:

  • Stay patched. Keep your operating system and software up to date.
  • Make sure your anti-virus is active and up to date.
  • Avoid opening attachments you weren’t expecting, or from people you don’t know well.
  • Make regular backups, and store them somewhere safe, preferably offline.

Don’t forget that services that automatically synchronise your data changes with other servers, for example in the cloud, don’t count as backup!!

They may be extremely useful, but they tend to propagate errors rather than to defend against them.

What is CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

How do you become infected with CryptoLocker

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. An unsuspecting computer user will either get an email purporting to be from their bank, friends, Facebook or a host of other fake senders or be asked to click on a pop up in a Website. The person thinks it’s legitimate, clicks on it and before they know it the virus is installed on their computer which encrypts their data. The person will be given a time period, for instance 72 hours, to make a payment in exchange for the key to decrypt all the data. Refuse and the data on the hard drive will be gone forever.

These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

Please make sure that your antivirus/malware software and systems are up to date. And for Pete’s sake do NOT open attachments from the likes of those listed. IF you think you need to track something go to the ‘front door’ of the shipping company or bank and login/track there.

Once YOU infect yourself (yes, it is an action taken by the user that starts the infection!!) [Like any other piece of malware, common sense goes a long way. The critical thing is it’s not going to install files by itself. You have to initiate some action.] you will soon probably see a screen that looks like this:

CryptoLocker-thmb

Examples of known CryptoLocker email subjects include:

USPS – Your package is available for pickup ( Parcel 173145820507 )

USPS – Missed package delivery ("USPS Express Services" <service-notification@usps.com>)

USPS – Missed package delivery

FW: Invoice <random number>

ADP payroll: Account Charge Alert

ACH Notification ("ADP Payroll" <*@adp.com>)

ADP Reference #09903824430

Payroll Received by Intuit

Important – attached form

FW: Last Month Remit

McAfee Always On Protection Reactivation

Scanned Image from a Xerox WorkCentre

Scan from a Xerox WorkCentre

scanned from Xerox

Annual Form – Authorization to Use Privately Owned Vehicle on State Business

Fwd: IMG01041_6706015_m.zip

My resume

New Voicemail Message

Voice Message from Unknown (675-685-3476)

Voice Message from Unknown Caller (344-846-4458)

Important – New Outlook Settings

Scan Data

FW: Payment Advice – Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]

Payment Advice – Advice Ref:[GB2198767]

New contract agreement.

Important Notice – Incoming Money Transfer

Notice of underreported income

Notice of unreported income – Last months reports

Payment Overdue – Please respond

FW: Check copy

Payroll Invoice

USBANK

Corporate eFax message from "random phone #" – 8 pages (random phone # & number of pages)

past due invoices

FW: Case FH74D23GST58NQS

Symantec Endpoint Protection: Important System Update – requires immediate action

What should you do when you discover your computer is infected with CryptoLocker

When you discover that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files. Some people have reported that once the network connection is disconnected, it will display the CryptoLocker screen.

Users who are infected with the malware should IMMEDIATELY consult with a reputable security expert to assist in removing the malware. And should NOT attempt to mitigate or in anyway try to ‘fix’ the issue themselves – this will only insure the loss of data!!

It is not advised that you remove the infection from the %AppData% folder until you decide if you want to pay the ransom. If you do not need to pay the ransom, simply delete the Registry values and files and the program will not load anymore. You can then restore your data via other methods.

It is important to note that the CryptoLocker infection spawns two processes of itself. If you only terminate one process, the other process will automatically launch the second one again. Instead use a program like Process Explorer and right click on the first process and select Kill Tree. This will terminate both at the same time.

Is it possible to decrypt files encrypted by CryptoLocker?

Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. There are methods that can/may be used to recovery you ‘Shadow Copies’, but this often times requires an expert.

If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.

So to summarize the very first line of defense is to have good computing common sense and usage. Second if my usual mantra FULL IMAGE BACKUPS ON A REGULAR BASIS TO EXTERNAL/REMOVABLE MEDIA. I can’t say this enough. And I’m sure to get the calls from folks who are screwed. I sympathize, a little anyways.

Okay end rant. Be safe. Peace all.

Windows 8.1 is here

Windows 8.1 is here just a year after Windows 8. This update—free to existing Windows 8 users. The update is simple and hassle free through MS update.

I’d recommend it to anyone who has Windows 8 to make it more easily navigable and user friendly. Especially those of us in the business desktop world.

Some reasons to update can be found here.

Another pretty good review article is here.

My drumbeat. Backup with Images folks!

Once again I’ve had the frustration of dealing with failed hardware. The system was highly customized with special settings and configurations to enable unique line of business applications and data, plus the ‘regular’ business applications such as MS Office (with custom CRM databases) multiple email accounts and other applications installed after the system was first ‘fired up’. It was an HDD drive failure on a two month old HP laptop.

HP’s solution is to ‘just send the whole thing back and we’ll put the new HDD in with the ‘factory image’. A ‘factory image’ is what the new Laptop ships with; as if you just bought it. None of my installed applications, settings or files would/will be there. Meaning I’d have to finish the initial setup, update the Operating System to a Windows 8 Pro version (the ship version was Home Premium), install MS Office 2013 Pro (again from the MS Store – it didn’t come with system), install all the other business applications required for this user – 4+ separate ones each requiring special configurations to work with Windows 8, AND then get all the files and settings (like email accounts etc.) configured. Oh and of course there would be about a day and half worth of Windows and Application Updates and Patches to apply. Then hope that it all works as it did.

Had this system been IMAGED, I would have been able to remove the dying/dead drive, run down to the local PC store (Fry’s) and buy a replacement drive, install a clean/new one and restore that image to the new drive. The system would then be as it was when the image was created, apps, files, settings and all. Only time would have been the physical HDD removal and replacement and the time it takes for the image restore – that total time would probably have been only one day more or less.

I propose this to all of my clients. But for some reason they often don’t see the value till it’s too late. No matter my insistence. It is usually a, ‘yea, we’ll do that soon..just not now….. Sometimes it’s the capital cost (actually less than $200.00) or time (really very little – to install and setup). But in the end I guarantee that it will always cost more if they are out of business.

However in this case there was no image backup. The system was as a point where it was un-repairable via HP or MS Windows recovery tools and would not boot. I had to remove the HDD, place it in one of my HDD docks and use advanced disk recovery (forensic) tools just to get access to the data. I was then able to copy off nearly all the data to another drive. Note that I recovered data NOT the working system. So all the documents and files this person had are still accessible. But otherwise quite useless with out the applications and Operating system to use them.

I constantly hear the commercials for the many online backup services and their BS promises on the TV and radio. My clients do too. And they like most people do NOT understand that there is a WORLD of difference between a file backup and a full system backup that will enable complete system recovery; Operating System, Applications, Settings and all. It’s good to use some of these services to backup your documents and files (I do and recommend some – see my previous articles on cloud storage). But you must understand that if you SYSTEM fails you need some kind of system recovery, not just files.

I cannot state it emphatically or enough, PLEASE USE SOME KIND OF DISK IMAGING SOFTWARE TO CREATE YOUR BACKUPS!!

I have written many, many times about this. You can read here and here.

My go to imaging software is Acronis True Image. The cost is nominal (right now only $79.00 U.S. for the Home Premium version that includes ‘Universal Restore’. You can check out there deals here. Add to that the low cost of External USB HDDs – less than $100.00 U.S. in most cases, and you can assure that you will NOT be out of business longer than a day or two at most. VS having a to wait for a manufacturer to send out replacement part( s) , re-install and configure everything and HOPE it all works as it did.

Well there you go just another rant after spending a few whole days working my tail off to help one of my clients. Sigh..

Using Google’s Two Step Verification

If you don’t know what 2-Step Verification is here is a simple explanation: The two-step system uses both a password and a numerical code tied to your mobile phone, which can be sent by Google via SMS or generated by a smartphone app. Either way, it means a prospective hacker would need to obtain both your password and your phone to access your account.

I’ve been aware of Google’s two-step verification system for some time, but I felt my very strong password, the fact that I don’t use that password anywhere else and that it could not be ascertained by usual social engineering methods, was more than adequate protection. I was also concerned the system might be a hassle to use since I routinely sign in from so many different computers and locations. I already do use a password manager (KeePass) that requires not only a master password but I also use a key file too. [There are other very effective password managers out there I suggest you use one. Ars has a good article about that here.]
But with the massive increase in hacking and high jacking of information and the advancement of brute force cracking technologies and techniques I felt it was time to get onto the 2-step wagon.

Also I suggest that if you use Yahoo mail for anything you migrate towards Gmail or some other ISP. Yahoo has one of the worst records for email security. They are  hacked all the time! One recent article is here.
And for petesake please do NOT ‘link’ your Facebook account with Yahoo – that too is a major source of hacked Facebook account activity. If you currently have it linked I suggest you separate it. You can read how here and here.

So here is a brief explanation of how to enable 2-step verification. I will also link to some other resources on how to enable and use it at the bottom. If you find this too complicated or too much of a hassle you can always disable it very easily.

So let’s get started. Login to your account and go to Account then. Security

image

In the Security list you’ll see 2-step verification. This is where you can ‘turn it on’ and edit the settings.

image

Printable backup codes. Warning: If your phone is unavailable, these codes will be the only way to sign in to your account. Keep them someplace accessible, like your wallet, desk drawer or other safe place. Printable backup codes.

image

Here click on ‘Show backup Codes’

image

I printed out a set and put them someplace safe. I also saved them to a text file and imported and copied that text file of codes into my Password management application – KeePass.

If you click on the Application Specific Passwords you can create them for you other applications like Outlook, iMail, ThunderBird etc. Just give it some useful name, click on ‘Generate Password’ and then make sure to copy (or right down) that password – it is only shown once! I just copied each one to a text file so I could then paste them into the proper field (password) on my Outlook/configuration setups.

image

Some other links and info.

Here’s Google’s info page. And more here.

Setting up Mac Mail.

Setting up Outlook.

One more thing to consider if you’re a paranoid guy like me. I have all my browsers set to delete Internet history, cache and cookies when I close my Browsers AND I also run CCleaner many times a day to clean out temp files. Doing this will clear out the 2-Step ‘security token’ so you must manually enter some specific cookies to NOT be deleted in your browser and/or CCleaner.

To create ‘safe cookies’ in Firefox here is a good article. For Chrome go here and read the ‘Make exceptions for cookies for specific websites. The method is just about the same for InternetExplorer and Safari.

For CCleaner you can add the cookies to keep manually. Read here.

The actual cookie names you need to keep are here:

accounts.google.com
accounts.youtube.com
google.com
mail.google.com
apis.google.com
0.docs.google.com
docs.google.com

Hope this helps some. Peace out.

Java update April 2013

If you haven’t installed Oracle’s most recent Java patch, you should do so now!

Nefarious folks are hacking those that have not patched their systems.
You can find the latest Java here for Mac OSX, Windows or Linux.

I know many folks have taken to removing or disabling Java all together over security concerns. While that may be a solution to some, it is not for all of us. Especially those of us in IT that rely on application/tools that require Java.

There are also a whole lot of interactive and multimedia Internet applications that also require Java.

So IF you have Java installed on your PC – be it Mac, Linux or Window, PLEASE update your system.

One thing I’d like to warn you about while doing this update.

WHILE GOING THROUGH THE INSTALL PROCESS – DO NOT INSTALL ANY TOOLBARS (LIKE ‘ASK TOOLBAR’ ETC.) OR ADDITIONAL SOFTWARE (FREE VIRUS SCANS, BROWSERS ETC.)!!

This whole SCAM of installing crapware, and worse, while simply trying to update plug-ins is getting WAY out of hand. I wish there were some way to stop it but it seems impossible. Seems virtually every plugin-addon tries to install more stuff than you need and should want. Very frustrating.

But if you’re diligent and careful you can keep yourself from being essentially tricked into installing crapware.

So be safe out there folks.

Google Reader replacement RSS/Feed Reader

With the demise of Google Reader fast approaching I went on a search for a good ‘Feed Reader’. And it turns out there are plenty. In this article I’m going to concentrate on Windows and Android platforms and support for what is called ‘OPML’ supported readers/structure. You can read more if you wish here about that. The beauty of using OPML is that you can export and import you feeds/subscriptions to multiple platforms and devices.

I’ll have to fire up the Mountain Lion box and see what works best there; but that is for another article or addition to this one at a later date. Suffice it to say that whatever I end up with on my Macs must also support OPML.

In my searches and trials I found that most of the supposed ‘top rated’ readers actually relied on Google Reader feeds! What? If that is going to be shuttered it would seem moronic to recommend a feed reader based on an extension/application that is going to be shuttered. To be fair most of those using Google Reader’s API said they were going to ‘adjust’ and get around this but I thinks it’s just stupid to invest effort and time or worse even money into ‘vaporware’. Others were Browser ‘Plug-ins’ that wouldn’t allow for importing and exporting of feeds across platforms. AND I chose mine based on the fact that I’m not required to enter ANY account or password infomation such as Facebook login, E-mail Login, Twitter Login etc. I just want access to the information that I could readily get if I was searching the web.
I do NOT use ANY service that uses another service to access their service – this is just one more vector to be hacked and have my information stolen, used, sold or worse. (so sorry Spotify and all you other folks keeping tabs on me..)

I found a simple to use, and pretty powerful RSS reader to get most of my stuff in one spot. It’s a great tool. I use to get all my current news articles in one spot and at a quick glance can read article headlines and summaries and then decide on what I’ll dig into. It’s called FeedDemon.  I use the freeware version – here is the window free application. With it I can read the articles right in the application’s browser or open them up in a full Web Browser.

Install is simple; download and run then walk through the process. I didn’t subscribe to ‘News Gator’ option and skipped that step. I already have way too much info to process and I am capable of searching and finding content on my own though you may find it quite useful.

Subscribing to a new feed is very easy by hitting the Subscribe button which pulls up a window to enter in the feed URL.  You can also enter in keywords and do a search for a topic.
image

You can also preview the feed to make sure it is what you’re looking for.

image

Sometimes there are options as to additional separate ‘feeds’ within that website. You can select them for a more refined feed. Then just click finish and you’ll have a newly subscribed feed.

On thing I am asked is about the unread/read posts. How come my articles are ‘disappearing/being deleted’. Well that’s just an option in the ‘view’ settings. Go Here and read about that.

Another thing I do is to change the ‘default external Browser’ option for security reasons – I use Firefox with high security plug-ins, but you’re just as safe if use Chrome too instead of the default of IE.

Go to Tools>Options>Feedemon Options and select the second tab and click on the ‘Open external links in default browser instead of FeedDemon’

Untitled

Once I had all my feeds subscribed and set up on my main workstation I exported them all to an OPML file. That can be used to import my feeds onto another system or device with ease.

I then used that to import all my feeds into my laptop and Android phone RSS Reader – On my phone I use RssDemon News & Podcast Reader.

Tip: How to get an RSS feed from a Facebook page

I also found a good trick to generate an RSS feed from any Facebook page. Facebook, being the closed arena that it is. may soon figure out how to disable this, but for now it works.

First you need to identify the numeric ID of your page or the ‘front page of the profile you want to follow.

To find the public/front page just go to Google(or Bing or whatever) and search for what you’re looking for. Here I searched “Rush band Facebook” (no quotes by the way)

Then you can use this service: http://findmyfacebookid.com/ to find the actual ID number. [There are other services too. You can search for those if you wish; this was just dead simple]

Once you’ve copied the number, just add it at the end of this string

http://www.facebook.com/feeds/page.php?format=atom10&id=YOURID/PROFILEID

Eg: this URL generates the RSS feed of one of my all time favorite bands.

http://www.facebook.com/feeds/page.php?format=atom10&id=53385812061

Now it’s possible to subscribe the feed of interesting pages, without a Facebook login. Smile

Hope this helps. Peace.

Critical February Security Patches

Microsoft’s Patch Tuesday is next week. And it’s going to be VERY important

Microsoft’s security patches are due to be released at 1:00pm EST on Tuesday 12th February. [Read more here from MS  ]

The longer you take to update the security patches on your computer, the greater potential risk you could find yourself in!!

In all, 57 separate security flaws are waiting to be fixed.

According to Microsoft, every single version of Internet Explorer – from version 6 to version 10 – needs to be patched, as they are vulnerable to exploitation by drive-by attacks.

That means that simply visiting a booby-trapped webpage could silently infect your computer with malware – hijacking your PC for a hacker’s own ends.

According to an advisory from the software giant, five of the 12 security updates have been given Microsoft’s highest severity rating of “critical”.

Also note that Adobe has again released critical security patches to it’s Flash Player software. [read here]

Even if you are not on a Windows/Microsoft Operating System you should still make sure your Adobe Flash, Adobe Shockwave  and Oracle’s Java software  and Browser Plug-ins are up to date!

Be safe out there! MMm K.