Office 365 installation tips and scripts

Hi all, if your like my self and many of my customers you’ve had issues moving from on premises Office installations – that use a MAK or KMS keys.

Seems when you think you’ve removed previous Office versions, and then login to Office365 and download then install the O365 installation you run into errors stating you still have previous versions of Office installed.

The solution is to FIRST completely remove ANY previous Office installations.

If you just use the ‘Program and Features’ control panel applet you are likely to still have remnants left.

To resolve this you can run the appropriate script s below and choose ‘ALL’ or whatever you feel is good enough.

[note: I have added the extension ‘.txt’ to these vbscript files. You need to remove that and leave the extension just ‘.vbs’ to run]

Here is a 7zip archive with all the scripts from Office 2007 to Office 365

Microsoft takes Antivirus/Protection to a new level

I no longer use any ‘always on’ third party Antivirus software on any of my Operating systems, and I haven’t for some time. I rely heavily on my expertise, current systems, and applications setups and experience to keep my self as protected as possible.

I realize that most users do not have the extensive training and skills that I do. So I recommend most Windows users use Microsoft’s built-in Windows Defender AV – it is surprisingly good. AND doesn’t jack up as many systems as do nearly all paid solutions.

Microsoft is now REALLY stepping up the game in system protection.

The HowToGeek has a superb article on this. Check it out.

Using PowerShell to Manage Windows Updates

Using PowerShell to Manage Windows Updates:  PSWindowsUpdate

Often we have to update computers that have not – for whatever reason been updated in a long time. AND we often have to create new deploy images using sysprep. What usually happens is that Windows update will hang at ‘checking for updates’ for a very long time and either error out or never complete. A secret I found to deploying Windows Updates when this happens or from within Audit Mode is an excellent PowerShell module created by Michal Gajda. This module, aptly called PSWindowsUpdate, allows managing Windows Update on any computer running PowerShell 2.0 or higher. This module even enables Windows admins to check for and install updates on remote PCs and servers. PSWindowsUpdate is particularly handy for installing updates on Server Core machines that have no GUI, or in instances such as Sysprep’s Audit Mode where the Windows Update GUI doesn’t work.

· Get started by downloading the latest version of


· Once downloaded, extract the contents of the zip file to C:\Windows\System32\WindowsPowerShell\v1.0\Modules\.


Extracting files from

· Click Continue if a UAC prompt appears.


· When the files have been extracted into the PowerShell Modules folder, open an elevated PowerShell prompt. Change PowerShell’s Execution Policy to RemoteSigned. The RemoteSigned Execution Policy allows PowerShell scripts downloaded from the Internet to run on a PC as long as they are signed by a trusted publisher.

· Type Set-ExecutionPolicy RemoteSigned and press Enter. When prompted, confirm the change by pressing Y and then Enter.


Changing PowerShell’s execution policy

This completes the one-time configuration of the module! Now it’s time to put PSWindowsUpdate to use!

· If running PowerShell v2.0, type Import-Module PSWindowsUpdate and hit Enter. This isn’t necessary in PowerShell v3 and higher, but it doesn’t hurt anything either. This step simply guarantees that the modules cmdlets will be available to the PowerShell v2.0 session.

· Display a list of all the module’s available cmdlets by typing Get-Command –module PSWindowsUpdate and hitting Enter.


Using Get-Command -module PSWindowsUpdate.

· Possibly the most important function for getting and installing updates is Get-WUInstall. Help for each cmdlet is available, so to see full help for Get-WUInstall type Help Get-WUInstall –full and press Enter.


Looking at help for Get-WUInstall.

When applying updates, I prefer connecting to the Microsoft Update servers. Using these instead of the standard Windows Update servers allows installing updates to Office and other Microsoft products in addition to the normal Windows updates. Unfortunately, trying to connect to the Microsoft Update servers using the PSWindowsUpdate module from a fresh Windows installation will produce an error, as shown below.


· The reason for this error is because Windows is registered to use only the standard Windows Update servers by default. To use the Microsoft Update servers, the Microsoft Update Service must be registered on the computer. In the GUI, this is done by selecting the checkbox for Give me updates for other Microsoft products when I update Windows from the Control Panel – Windows Update – Change Settings applet.

· In the PSWindowsUpdate module, the same process is completed by using the Add-WUServiceManager cmdlet with the ServiceID for the Microsoft Update service specified. Type Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d and press Enter. When prompted, confirm registering the service by typing Y and pressing Enter one more time.


Registering the Microsoft Update servers.

· List available updates from the Microsoft Update servers by typing Get-WUInstall –MicrosoftUpdate –ListOnly and pressing Enter. After a few moments, the system will return a list of the available updates for the current machine. No error this time!


· The same results are produced by typing Get-WUList –MicrosoftUpdate and pressing Enter.


· Type Get-WUInstall –MicrosoftUpdate and press Enter to go through the available updates, confirming installation of each one manually.


PSWindowsUpdate and Parameter Support

Another awesome feature of the PSWindowsUpdate module is its support of parameters. For example, using the –AcceptAlland the –AutoReboot parameters with the Get-WUInstall cmdlet changes the manual process into an automated one. Type Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot and press Enter. The system will download and install all available updates and then automatically reboot if any of the updates require a reboot.


Retrieving updates and installing automatically.

Don’t want a particular update to be installed? No problem! Use Hide-WUUpdate. Selection parameters such as –Title or –KBArticleID narrow in and hide specific updates. Feel free to use wildcards with these parameters. As an example, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –Confirm:$false and press Enter to hide the Bing Bar 7.3 update.


Hiding an unwanted update.

Notice that I used the –Confirm parameter, along with the $false switch, to automatically confirm hiding the selected update. In the future the update won’t appear when listing available updates.

Did you make a mistake and hide the wrong update? No problem! Hide-WUUpdate can unhide an update by using the –HideStatus parameter with the $false switch. To unhide the update hidden earlier, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –HideStatus:$false –Confirm:$false then press Enter. As before, I used the –Confirm:$false parameter to keep everything streamlined.


Unhiding a previously hidden update.

Once all the updates are complete make sure to open PowerShell (as Administrator) and set the Execution Policy back to ‘restricted’:

Type Set-ExecutionPolicy Restricted and press Enter. Then exit

Windows 8.1 news

If you are buying a new PC or laptop and you’ve been holding off because of the new Metro interface you might be in luck.

It looks like Microsoft is pulling a ‘New Coke’ here and admitting that the ‘Metro’ desktop and lack of ‘Start’ button was a VERY BAD MOVE. Especially for those in the business community.

I got this deal earlier this year and it’s still a great one. For those looking for a powerful Windows PC laptop that could easily replace an older high end workstation this is a pretty good choice.
I wrote an article about my original selection, purchasing and finally, my adventures in ‘downgrading’ it to Widows 7 Pro/Enterprise here. Many of the things I do with my system cannot be done efficiently, or at all, from the silly ‘Metro’ interface. And other applications simply wouldn’t run properly.

With Windows 8.1 (which it will release mid to late summer, it is said that Microsoft is going to bring back the traditional ‘Boot to Desktop’ feature along with the much missed ‘Start Button’. It looks like the start button will most likely look like the ‘Windows Charm’ in Windows 8.1 but it hopefully will be there. You can read about that here and here.

IF you are stuck with Window 8, don’t want to go through the hassle of downgrading it, and can’t wait for Microsoft to ‘fix it’, there is a fantastic solution to bring back the old Window 7 interface. It’s called Start 8 by Stardock Software It’s a great app and only costs $4.99 USD. It’s the first thing I install on clients Windows 8 machines when they tell me they can’t handle the Windows 8 Metro interface.

Peace, and be safe.

Install/Downgrade to Windows 7 from Windows 8 – HP laptop adventures

I’ve been without a good working portable/laptop computer for some time (had a couple liberated and another fail) and decided the time was nigh to purchase a very good one for my needs.

I did loads of research on specs and ratings etc. of course, that’s part of what I’ve been doing for a few decades. So I might have a pretty good idea of what I want and need.
For me I am primarily concerned with a system that can match or exceed the computing abilities of my workstation. That means a fast 64bit multi-core processor with Hyper Virtualization Technology built in – an i7, loads of fast RAM, a large fast HDD, dedicated video card and ample ports for devices and connections.

I found some good Dell’s, Asus’, and HPs. I am a huge fan of Amazon, New Egg and Costco and looked extensively on their sites too. I finally settled on an HP that Costco had for sale with bang up specs and a great price. In fact the price was way better than I could get configuring the device on HPs site or a comparable one on Dell’s site.

This, and most new systems; desktops and laptops now come with Windows 8 pre-installed. Windows 8 is a nice operating system and brings some nice ‘under the hood’ improvements in security and performance. AND it’s User Interface (UI) is very easy to navigate for those not that familiar with a Windows Operating system. All the ‘simple things’ – web, email, social media, games etc., are quickly accessed and controlled on the Metro ‘front page’. For those that are very familiar with older versions however it will definitely take some getting used to.

HOWEVER, I’m an IT guy. I use dozens of applications on a regular basis, usually daily. AND there are many network/system management applications that will not run on Windows 8 (yet, or ever). So I needed to be sure that whatever hardware I got that I would be able to downgrade/install Windows 7 Enterprise.

I made several calls to HP over the past couple months speaking with sales and tech people alike. I was finally assured by a level III tech manager that I would be able to install Windows 7 onto my machine with out ‘much’ difficulty. That the Windows 8 (and maybe some of the Windows 7 drivers from the just previous models) would/should work.

So I broke down and ordered a new laptop over a month ago. WELL… I finally got it. It had to be made in China exported to the U.S.A., clear customs in Alaska and finally make it to me.

That’s when things got even more fun. <sarcasm>

You see, most newer systems are now shipping with UEFI type of ‘bios’. UEFI allows for some great flexibility in hardware and configuration that wasn’t possible with the old style of BIOS. Here’s Microsoft’s take on it:

In addition to better interoperability, UEFI firmware provides several technical advantages:

  • Compatibility with operating systems that support only BIOS
  • Ability to boot from large disks
  • CPU-independent architecture
  • CPU-independent drivers
  • Flexible pre-OS environment
  • Modular design

Two of the most notable Windows features for UEFI systems are the following:

  • Multicast deployment, which enables large scale network-based image deployment in manufacturing and enterprise settings.
  • Fast boot and resume from hibernation, which improves user experience.

The rich UEFI interface provides ample room for innovation in the development of operating system features. Along with the other members of the Unified EFI Forum, Microsoft is investigating the following:

  • Rootkit prevention (theoretically)
  • Network authentication at the ‘BIOS/FIRMWARE’ level

But many Operating systems will not work – at all with this firmware. AND.. This also allows the manufacture to possibly ‘secure’ – read LOCK, the ability to install ANY drivers or Operating Systems that are not ‘properly signed’ or specifically ‘allowed’ by said manufacturer. Sounds great for ‘security’ but that fails when you wish to work on/configure your own hardware! [Wow sounds like an Apple product huh!] Thank goodness I was able to enter the System Setup/Bios (unlock/disable secure mode) and enable ‘legacy bios support. But then came some other issues…

HP is now throwing the PC enthusiasts under the bus. Computerworld  has said that they have again changed their support for ‘downgrading’ Operating System – specifically Window 8 down to Windows 7. What a bunch of crap! Users in the past always could downgrade, assuming they had the appropriate licenses — Windows 8 Pro — and media for Windows 7 Professional or Vista Business. The question was whether their machines would work after a downgrade. “The company retained its warning that if customers downgraded to Windows 7 and reached out to HP for support, they may have to restore the original Windows 8 OS to get help from the company.” Oh well, I’ve got a solution for that I’ll get to later.
Well I’ve already got my system so I might as well give it a go!

My solution was two fold. First I removed the original HDD before I even powered up the laptop and just put it aside in case I had to send the whole thing back as it was when I received it. I could just reset the BIOS to default, install my original Hard Disk and bam, just like new. Yes I know most wouldn’t go through this much trouble, and that is OK. You can just skip this part and wipe the drive that came with the system and move on from there. But me, I’m a tad extra careful and conservative and always make sure I have a complete ‘escape’ plan. I purchased a brand new Hard Disk Drive. I Picked up a 1 terabyte (1TB) 7200RPM HGST/Western Digital drive from Fry’s for just under $100. Being a Western Digital I know that the HP HDD drivers should work with it. And this drive was faster than what came stock – 7200 RPM vs. 5400RPM!

Second part of my plan was the actual installation of Window 7 (Enterprise in my case) to the laptop.

Some pre-requisites: Make sure you have a Windows 7-64 bit WITH SP1 install DVD. You can only use a 64 bit version of Windows AND it must have SP1 already incorporated (sometimes called ‘slipstreamed’) or you will not be able to install this on UEFI hardware. Also go to the manufacture’s web site and download ALL the Windows 8 64bit drivers for you model of system (for me it was HPs DV6t-7200) AND see if you can find the Windows 7 64 bit drivers for the model ‘just preceding’ the Windows 8 model you have – for me that was the DV6t-7000. After you’ve downloaded all the drivers extract each one to its own folder. If you use 7-zip (which you already should be) you can just right-click on the drivers self-extracting  ‘.exe’ file and then choose 7-Zip option to ‘Extract to “\drivername” folder\’ . Then copy all these to a DVD or USB drive you’ll need them once you get Windows booted to the point that you are booted to the desktop. Probably the most important ones are the Network Adapter drivers. You will certainly need to get online quickly to ‘Activate’ your Windows installation, Update you Windows installation and hopefully update your drivers automatically.

So now the semi easy part.

Boot into you bios/setup – usually it’s the ‘Esc’ key and then enter ‘Setup’ or System Setup. On some machines it might be F1, F2 or the like. But you need to get to the BIOS/Firmware options. You may even be prompted to enter a password! Thankfully as of now most manufacturers actually present that password – usually a number, right on the screen; enter it and then you will be in.

In the setup options use the arrow keys and enter to navigate (as described on the help window at the bottom of the screens.) and make sure you do NOT have ‘Secure Boot’ enabled. Usually you can use the  arrow keys to select this option and then once high-lighted press either F6, F5 or + or – to change the value. It must not be Enabled or you can not install Windows 7.

Then you have to to change Boot mode to LAGACY in BIOS. (Sometimes it is Legacy mode:Enabled). And in the Legacy section of the bios boot order make sure that the 1st boot device is UEFI DVD drive. Then Save Changes and exit.

The system will reboot. And hopefully if you’ve enabled legacy boot mode, made sure that the 1st boot device is UEFI DVD drive (And of course put your Windows 7 64SP1 installation DVD in the drive!), you should be able to install Windows 7!

Yay!! Then comes another fun part. After Windows is installed you will surely have to install a whole load for drivers. Open Device Manager (see all the yellow exclamation marks!), right-click on the devices and choose update driver. Then put in your DVD with all your drivers you made earlier and start finding the updated drivers.

OK, so that is a short version of an even longer winded version I originally had written about this project. I’ll be adding more articles as I can. Some will be how to dual boot Window 7 and Windows 8 – on separate partitions, how to decide I you can/should upgrade to Windows 8 and how to properly do it. I’ll also, from time to time put up more tips on navigating through Windows 8.

Hope this helps some. Peace out.

Update 05/09/2013: Costco is again offering this laptop I updated the link above or you can go here. And if you’re looking for a good HDD here is one.

Critical February Security Patches

Microsoft’s Patch Tuesday is next week. And it’s going to be VERY important

Microsoft’s security patches are due to be released at 1:00pm EST on Tuesday 12th February. [Read more here from MS  ]

The longer you take to update the security patches on your computer, the greater potential risk you could find yourself in!!

In all, 57 separate security flaws are waiting to be fixed.

According to Microsoft, every single version of Internet Explorer – from version 6 to version 10 – needs to be patched, as they are vulnerable to exploitation by drive-by attacks.

That means that simply visiting a booby-trapped webpage could silently infect your computer with malware – hijacking your PC for a hacker’s own ends.

According to an advisory from the software giant, five of the 12 security updates have been given Microsoft’s highest severity rating of “critical”.

Also note that Adobe has again released critical security patches to it’s Flash Player software. [read here]

Even if you are not on a Windows/Microsoft Operating System you should still make sure your Adobe Flash, Adobe Shockwave  and Oracle’s Java software  and Browser Plug-ins are up to date!

Be safe out there! MMm K.

Moving Outlook files and Settings to New computer and error (0x8004010F) : ‘Outlook data file cannot be accessed

So after setting up new PC I’ve been going through some things that might help some others.

I needed to transfer my Outlook profile to my new machine. AND I didn’t want to have to create all my connection settings over again. Yes I know I could just copy over my .pst file over to the new machine and then re-create all my accounts and point them to that .pst file. But I have a lot of accounts with unusual configurations (on the advanced connections tab) and I didn’t want to hassle with that for each and everyone of my accounts. [ I have 5 POP3 Gmail accounts I keep separated for various reasons and another 6 personal domain accounts]
So to move my Outlook file and settings I did the ‘usual’.

First, obviously, I installed MS Office (2010) on the new PC. [BUT do not launch the program yet!] I then copied over my Current Outlook folder Located here:

Win 7 and Win Vista  (drive):\Users\user\AppData\Local\Microsoft\Outlook

Windows XP (drive):\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook

to a ‘temporary’ folder on the new PC.

I will then copy that folder to the new proper location after I import the Profile settings, as described below. First I exported the old settings and them copied them over to the new machine and imported them.

To export the profile settings (registry) from my original machine:
In Microsoft Outlook you can easily export some types of information to a file. However, there is no option to export your profile e.g. when you want to have the same settings on another computer and you do not want to manually put all of them together with the account details again. In order to do so, you can use the Windows Registry Editor that gives access to all the information.

  • Click Start
  • In the search field type Regedit and hit Enter
  • Expand the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles.
  • You will see a list of your profiles.
  • Right click on the profile that you want to copy and click Export


  1. Then, you can specify the name of the registry file and the location to save it e.g. Desktop.
  2. Now, you need to copy the file to another computer and double click it there and choose to ‘add the information to registry’
  3. Confirm that you want to make changes to the registry.
  4. Now launch Outlook on the new machine and you will most likely get an error saying the .pst file was not found. NO big deal yet. OK/Close your way through the next few windows to EXIT the application. Here we’re only trying to create the default folder/location.
  5. Now copy the contents of the old Outlook folder from where every you had it temporarily to the new Outlook location. (path should be close to the same as above.)
  6. Now run your Outlook, the new profile will be opened (if you have only one) or you will be prompted to choose one of profiles (if you have more than one). And it ‘should’ work. At the minimum you should see all of your old mail, folders, contacts and calendars.

However I had some errors. Specifically:

Receiving reported error (0x8004010F) : ‘Outlook data file cannot be accessed.’
Sending reported error (0x8004010F) : ‘Outlook data file cannot be accessed.’

Arghh. So here is the fix that worked for me. Seems that the ‘Folder Location’ for the deliver of email was not properly ‘pathed’. Here is how to fix that.

Changing the folder to specify inbox fixed the issue. Apparently the inbox did not get set and the higher level file name was selected.

1. From Outlook 2010 click File>Account Settings>Account Settings (if you have more that one account you will have to do this for each one – just highlight/select them)


2. Click Change Folder (Down on the lower left corner)


3. Click the + to the left of the folder name to expand the subfolders. Click on ‘New Folder’ and create a new ‘temp’ folder; call it 01 or what ever, and select it. Click OK then you should now see a Folder location in the ‘Change Folder button on the lower left.

4. Now let’s go back Click on Change Folder and now Select the ‘Inbox’ instead of that ‘01’ folder and click OK. The change should now ‘stick’ for you. Click Inbox.
Click OK.



5. Close Account Settings and click send/receive. And you should be good to go.

It’s an obvious bug that the settings won’t ‘stick’. But this works!

Hope that helps some. I’m sure I’ll be referring back to it.

How to install Windows 8 Consumer Preview using VirtualBox

Here I am going to show you how to install Windows 8 Consumer Preview into a Virtual Machine using VirtualBox. I will be showing the method for Check out my previous article on ‘Getting Started with Virtualization’ first for a good primer.Make sure you have plenty of free hard drive space – probably 30GB should be sufficient.

Make sure your processor supports virtualization AND 64bit processing.

To do that download ‘SecureAble’ from and run it (after downloading it righ-click and choose ‘run as administrator’. Download is here.

You should see a screen like this screen


if your system will let you use Hardware Virtualization and has 64bit processing capabilities. IF it doesn’t there is NO need to continue. You will NOT be able to do anything mentioned here.

So let’s get started

Download the latest version of VirtualBox

Download Vbox Extensions Pack [To install you need to first install VirtualBox then double-click the extensions pack and it should be added to the VirtualBox installation]

Download Windows 8 Consumer Preview (64bit) (copy the Product Key to a text file too!)

Install all of these ‘as administrator’.

After installation:

1. Launch Virtual Box. (Make sure you’ve installed the Extensions pack) Click New to create a new virtual machine and type a name for it.


2. For Operating System version, select "Win8 64-bit"


3. For memory size, enter 3090MB, more or less. Microsoft recommends 2GB at least for the 64-bit version. Click next/continue through the next screen to create a startup disk.


4. Click next/continue again to create a VDI file.




5. Use a Fixed size disk, for better performance (especially since this is just a test virtual machine).


6. A 25GB disk size is probably fine; that’s the minimum Microsoft recommends for the 64-bit version.


7. Click Create and your virtual disk file will be created.image


And then..


Now you will have a new Virtual Machine – Windows8Preview, that we will need to make a few more edits to before we can start it.


You’ll notice I have some other Virtual Machines here. [But we are only concerned with the Windows8Preview one for this article.]

So right-click on the Windows8Preview VM and click on ‘Settings’


Under the ‘System’ options make sure to set the options to look like this:


Click to the Processor tab and then check ‘Enable PAE/NX’


Under Acceleration: Enable VT-x/AMD-V and Enable Nested Paging


Next click on the Storage Options


Click the CD icon next to CD/DVD Drive, then choose the virtual CD/DVD disk file to browse to the Windows 8 ISO file you downloaded.image

Then navigate to the directory where you downloaded the Windows 8 ISO file, click open.



Finally click Start to begin the installation and walk through the Windows 8 installation.




Press install and then you will have to enter the preview Key:



Choose Custom (New)install and then Next to select the drive (virtual Hard Drive we created)


The install will then start



Then walk through the setup:


Continue to walk through Setup, I chose to ‘Sign in without Microsoft account’ you can however if you wish use a hotmail or live mail account:


The important thing to know that with the mouse the ‘corners’ of the screen are where most stuff happens in the ‘Metro’ GUI. You can use your mouse to click and ‘scroll’ around the metro applications or move it over to a corner to pull up the ‘Charms’ on the lower right corner, recent applications on the upper right corner and the ‘faux start menu at the lower left.

The new Metro GUI will take a whole lot of getting used to.

It would be good to watch video first to get a little understanding of the system. (don’t fall asleep thoughSmile ).

For me I doubt I will ever use Metro much except when I’m doing support for end users on their system. I have WAY too many applications for this type of interface and prefer the old Windows 7 Style Start Menu.

Thankfully that can easily be enabled in Windows 8. To do so – in Windows 8 Consumer Preview open Internet Explorer and go to this site, [here is the address so you can enter it manually if you need to ]

Enter an email address (hint – ANY will do) and download the application. Then once downloaded ‘right-click’ and choose ‘run as administrator’. And you will now have the old Start Menu and some new ‘right-click’ options such as ‘run’ shutdown’ and more.

Well, there is a start for you to mess around with Windows 8 and get a feel for the future of Windows Operating Systems. By using VirtualBox you don’t have to worry about  messing up you current system. You can always delete your VM and start over or just get rid of it. Winking smile

I’m going to be adding a whole load more posts as time goes on on how to use Windows 8. This is such a big step for end users I foresee a whole lot of confused, frustrated and aggravated users.

Keep checking back for more.

Windows AND Mac System Security News 04-12-2012

For OSX users:
Apple just released Java for OS X 2012-003, an update to the Java implementation in OS X. The update removes “the most common variants of the Flashback malware.” Check that out here. You should definitely update your Java NOW!

For Windows users.
It’s even scarier again. Trend Micro has found some scary ass Ransomware.

You can and SHOULD read the scary details here.

From TrendMicro’s blog, here is some of the details.

“We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. When the system restarts, the ransomware displays the following message:

This message prompt informs affected users that the PC is now blocked and that they should pay 920 hryvnia (UAH) via QIWI to a purse number (12 digits) – 380682699268. Once paid,they will receive a code that will unlock the system. This code will supposedly resume operating system to load and remove the infection. This particular variant has the “unlock code” in its body. When the unlock code is used, the MBR routine is removed.

Bottom line PLEASE keep your security software, Operating Systems and Browsers (including and especially browser plug-ins like Java, Flash etc.) up to date and patched.


Exchange 2003 P2V and drive expansion fix

It’s been a long few weeks.

I Had an Exchange 2003 server whose physical hardware was failing – drive and drive controller errors and the physical disk was running out of space on the system drive. Which happened to be the ONLY drive in the server. Yes I know that the system, log and dbase files should all be on separate drives, but I did not build this machine. And it has been the only Exchange server in the organization for almost six years! So I can’t just shut it down.

I did a P2V (physical to Virtual) conversion using and Acronis Image (VMware kicks as at this by the way) and moved it to my ESX Cluster on my SAN, with the hope of being able to at least add some more space to the existing drive and then add additional hard drives (virtual of course) to split up the log and dbase files onto drives other than the %system’% drive.

The P2V went OK with some minor issues with ‘hidden network’ cards and such causing problems. But I got past that. Following ‘Method 1’ here (note that you must not close the command line window after step 2 or you will not see the devices!!).

I also had to re-run the Exchange adprep/domainprep on the Domain controller to fix some messed up AD containers/connectors. I also found that after the adprep that was a reference to on old SBS2000 Exchange server that was no longer on the network (fax service too) and I manually removed those via the ADSIedit.msc. So finally it was at least working again! We, as do most organizations that have been around for a while, have a huge spam/malicious email flood that is continually taxing the server. But that is for another post.

So on to the next MAJOR issue. When I moved the machine to a VM I expanded the one and only drive – C: from 32GB to 40GB before starting and connecting it. This sounds all well and good but that extra 8GB of space just shows up as ‘unallocated’ space in the Windows 2003 Server Disk Manager.
I also did create two other volumes on the datastore that houses that machine for the future moving of the logs and dbase files and attached them to the Server.

So now my Exchange 2003 server has three disks (drives) listed in Disk Manager a C: drive still running out of space (but showing 8GB of ‘unallocated space) and two additional large (30GB) drives (F & G); which I will eventually move my log and dbase files to.

So how to expand the system drive to it’s full available size?! I need to have enough room just to be able to move the dbase and log files.

There are LOADS of articles out there ranging from using DiskPart, using Acronis DiskDirector, using gparted and many others. But all seem extremely complex and with poor success rates according to the very long responses on the posts.

I finally found a SUPER blog post By JJ Clements here that looked VERY promising!

So I gave it a try. My first issue was that (as noted in some of the comments) that I had to run the Dell EXTPART utility in safemode. Kind of a bitch to get into in VMware – you have to be VERY quick with the F8 key!

But I was able to expand the drive to the full 40GB. All would be good and well if this wasn’t an Exchange server.


The solution – run a repair on the information stores (as per MS’s article here). I could not however run the offline defrag (step 3 in the MS article) to the local system – I’m still out of space! But I will run that to another drive later. I then restart all services.

BAM!! THE F$*ker works!

Well that’s all in a 15hour day I’m done.