By Dennis O'Reilly

When it's time to reinstall vital Windows components — or the entire operating system — you'd best have a plan in mind.

That's what reader Alan Crawford found out after stumbling through a reinstallation of Windows XP on one of his PCs:

• "I recently had to reinstall a PC that uses a handful of .NET apps. After installing Windows [XP] from an SP2 image, I used Microsoft Update to reinstall all necessary patches and updates, including the three .NET versions and their various service packs and other patches. Having already encountered problems with .NET patches on other machines, I wasn't surprised when .NET 1.1 SP1 wouldn't install.

  "In the past, I was able to uninstall all .NET versions and then proceed, one at a time, to get them all reinstalled. No such luck this time. After several rounds and many visits to the Microsoft Knowledge Base — even using the .NET cleanup tool — I still could not get this package to install.

  "My last-gasp effort was to try the whole exercise 'manually,' and it worked! Despite the extra time involved — and having to validate the PC on each download — had I started on this tack to begin with, I would have saved hours of frustration (seemed like hours, anyway, even if it wasn't).

  "Here's the procedure I used:

  • Step 1: I had previously downloaded the .NET cleanup tool.

  • Step 2: I removed all traces of existing .NET installations and then ran the .NET cleanup tool.

  • Step 3: I rebooted.

  • Step 4: I manually downloaded .NET 1.1, 1.1 SP1, 1.1 SP1 Hotfix, and 2.0 installers — individually — from the Microsoft download site.

  • Step 5: I installed them in the order downloaded, with reboots as required.

  I picked up at this point with downloads from Microsoft Update — installing the 2.0 Hotfix, then 3.0, then the 3.0 Hotfix in separate runs — and all now seems to be just fine.

  "Thanks, as always, for the best newsletter out there."
  

Free option for controlling kids' Net access

Becky Waring's Dec. 4 parental-control software review (paid content) led reader Rob de Santos to tell us about a new way to use an old, reliable — and free — Internet security service:

• "I highly recommend an option usually overlooked by most parents (and unknown to them): control access via your router. If you utilize Open DNS and follow their instructions to change your router's DNS settings, you can then use the easy-to-configure OpenDNS settings pages to block any category of sites you choose, be it … porn, chat, or advertising.

  "This is an excellent supplement to any PC-based software and much harder for any child to override or avoid. It can also be remotely changed if necessary. Best of all, it's free!"
  

Free is good. Difficult for a clever child to overcome is even better. And I know a lot of Internet users who'd be interested in a free, effective way to block Web ads.

Speaking of Susan, since her lead story about problems patching Microsoft's .NET Framework appeared on cialis herbal alternative color=”#000099″>Dec. 4, she's dug up additional information. Although she usually writes for Windows Secrets' paid content, her follow-up on .NET appears today as a free column.

By Scott Spanbauer

The many reports of Vista networking snafus range from the gravest of symptoms — no Internet connectivity at all — to occasional connection drops:

• No-Fi when in power-saving mode. Microsoft acknowledged last year that wireless connections on portable computers running Windows Vista would slow down or disconnect completely when battery management kicks in.

  The culprit is that, unlike Windows XP, Vista assumes that all wireless routers correctly implement Wi-Fi's power-save protocol. Unfortunately, many access points don't support this spec. The solution? Plug your laptop into an AC outlet or modify the notebook's power-saving plan, as described in Knowledge Base article 928152.

• Vista insists on the "broadcast flag." The same skewed reasoning led the wizards of Redmond to another infuriating decision, which Microsoft only belatedly explained. You bring home your new Vista computer, or you upgrade your XP system to Vista, only to discover that the machine won't connect to your local network or the Internet.

  You try everything to fix the problem. You waste hours — days, even — tweaking settings, plugging and unplugging, resetting, rebooting, and rehashing, but to no avail.

  The problem? Windows Vista assumes that your router's DHCP server — the one that hands out dynamic IP addresses to computers and other devices on the network — supports the DHCP broadcast flag. Again, many routers don't support this flag.

  The solution requires a Registry edit to toggle off Vista's broadcast-flag expectations. Refer to the Resolution section of KB article cialis generica color=”#000099″>928233 for step-by-step instructions.

• Two network adapters spell trouble. Yet another kind of network malfunction afflicts PCs running Vista or Windows Server 2008 that have more than one network adapter installed. The multiple adapters befuddle the Network Location Awareness service in those OSes. This causes the service to disable Internet access to both adapters and label them as Local only.

  KB article 947041 explains the problem but provides no solution. The only cure at this time may be to disable one of the network adapters. Thanks, Microsoft.
  

How to troubleshoot XP and Vista network woes

Network-connection problems are infuriating. Finding their source requires a step-by-step approach. Before editing your Registry for the umpteenth time or tossing your router into the trash, run through this network-troubleshooting checklist:

• Temporarily disable your software firewall. It sounds dumb, but often it's your firewall that's blocking your network connection. Even if the firewall has worked flawlessly for months, a small configuration change or automatic update could have caused a problem.

  At least twice this year, Windows XP users of Check Point Software's ZoneAlarm personal firewall have lost their ability to connect to the Internet due to a Windows update. Windows Secrets contribtuing editor Susan Bradley described this problem in her Oct. 16 Patch Watch column (paid content).

  This alone is not a good reason to stop updating, though. It's true that patches can introduce problems with firewalls, but subsequent fixes that remedy the issue will often appear within 24 hours.

• Check the physical connection. Make sure the router, modem, and other network devices are plugged in and powered on. Are the network cables between PC and router still connected firmly? With a device's power switch off, it doesn't hurt to unplug the component and then plug it back in again to make sure the contact is solid. If weak power-cable connections are ruled out, simply powering the devices off and back on can sometimes be all the resetting your network link needs.

• Renew your connection. Changes elsewhere on the network can sometimes knock out your connection. To reconnect quickly, click Start, Run in XP (or press the Windows key in Vista), type ipconfig /renew, and press Enter.

• Update your firmware and drivers. Makers of routers and network adapters may be caught unawares by patches to operating systems (such as the ones in Vista noted above). But the vendors often issue firmware or driver updates that fix the problems. Check the support pages of your router and adapter manufacturers' sites for downloadable updates.

• Return to default settings. Often, we are our own worst enemies as we poke around the configuration settings of our routers and network connections. You may not remember that you turned on your router's MAC filtering, but doing so could have blocked all of your devices from connecting, just the same.

  In general, it's best to change settings one at a time and observe the results of the change before making any other alterations to your system. If you don't see an obvious way to return your hardware and software to their default settings, you may have to uninstall and reinstall the device or program to regain its original settings.
  

In all fairness, Vista isn't the only version of Windows that experiences network glitches. XP has its own series of connectivity aggravations, as you can see by a search-engine query of Microsoft's support center.

If your connectivity problems aren't resolved by using the points discussed above, you may be suffering from an even more obscure issue. If so, ruling out the tricky configuration problems I describe here may at least help you isolate the real problem and restore your network link.

By Dennis O'Reilly

Subscriber Leslie Kight asks the following question:

• "Great article. I'm curious, though: what makes Woody suspect his XP machine is infected by Mebroot? What symptoms did he see to raise that question?"
  

Here's Woody's reply:

• "I kept getting weird virus warnings from AVG — viruses would appear, I would remove them, then they would reappear in different locations, or entirely different viruses would show up. AVG reported that the MBR [Master Boot Record] was being changed every time I rebooted, even when I did nothing.

  "I did a deep scan — first with AVG, then with NOD32 — to remove all the reported malware, but the viruses kept reappearing. Antirootkit scans turned up nothing. Then I couldn't connect to F-Secure's Web site, so I pulled the plug.

  "As I said in the article, I have no idea at all if it was Mebroot. But I couldn't find any reports of similar collections of problems and decided to err on the safe side.

  "Periodically reinstalling Windows is something I recommend anyway: once a year is ideal, in my experience. I'm happy to report that I've reinstalled XP Pro (SP3, of course), reactivated [Windows], and brought back the data files; everything appears to be working just fine. The machine's snappier than ever."
  

Double up to remove a virus from a hard drive

In deference to animal lovers, I will avoid the cat-skinning analogy, but as reader Bob Biegon points out, there's more than one way to return an infected hard drive to a healthy state:

• "One of the easiest and, by my experience, most effective ways to remove many serious virus-spyware-rootkit infections is to remove the PC's hard drive, put it in another PC (or connect to another PC via a USB-to-IDE/SATA adaptor), and scan the drive with the second PC's anti-malware software.

  "This method ought to work well for the Mebroot virus without compromising the host PC's drive. My favorite products to use in this endeavor are AVG 8 and Sunbelt Software's Vipre."
  

Since when did mice start hunting cats?

The best analogies have a basis in reality (not the one I mentioned above relating to feline pelts, thank goodness). But another kind of cat reference in Woody's column from last week gave reader John Walsh pause:

• "I do enjoy Woody Leonard's cialis generic vs brand articles and have been a fan of his for many years. However, in his latest article, Woody notes 'Detecting and preventing Mebroot is a cat-and-mouse game, and the black cats are winning.'

  "In my mind, the cats are actually the good guys trying to help eradicate the vermin (malware) represented by the mice. Therefore, I would suggest it is actually the black mice who are winning and proliferating, much to the consternation of the white cats."
  

Indeed, the bad guys are scavenging for your data and your money while the good guys hunt them down. However, Woody's use of "black cats" in this sense plays off the term "black hat" to describe a hacker with evil intent.

Mixing puns and analogies is dangerous business, but that's the kind of adventurous, risk-taking writer Woody is. That's only one reason why his readers love him so.

By Susan Bradley Installing SP3 on Windows XP eliminates the operating system's ability to install important security patches for Microsoft's .NET technology and possibly other software. This problem forces XP SP3 users to apply patches manually to complete vital updates.

MS08-067 (958644)
Malware targets recent Windows worm threat

You know what they say: you can tell the pioneers because they're the ones with the arrows sticking out of their backs.

Antivirus tools try to remove Sinowal/Mebroot

By Woody Leonhard I wrote last Thursday about ways to protect your PC from infection by Sinowal/Mebroot, a devilishly effective rootkit that can evade antivirus programs. This week, I'll concentrate on the best available techniques to try to remove the offender, if you're one of the unfortunates who've already been hit.

My Top Story Nov. 20 focused on prevention, because it can be hard as heck to get rid of Sinowal/Mebroot once your PC's got it. (Sinowal is the name of an older variant and Mebroot is its newer form, so I'll simply call the threat Mebroot in the remainder of this article.)

Security firm F-Secure is at the forefront of the industry's response to Mebroot. F-Secure researcher Kimmo Kasslin gave a presentation to a packed conference hall at the Virus Bulletin conference in October, during which he explained the Mebroot menace in these terms:

• Mebroot is the most advanced and stealthiest malware seen so far.
  
• When an infected machine is started, Mebroot loads first and survives through the Windows boot.
  
• Mebroot uses a very complex installation mechanism, trying to bypass security products and to make automatic analysis harder.
  
• As a payload, Mebroot attacks over 100 European online banks, trying to steal money as users do their online banking on infected machines.
  

For a complete outline of Kasslin's points and a downloadable PDF version of his conference presentation, see the F-Secure blog page.

Helluva situation, isn't it?