Google Calendar

Google now offers a calendar service, Google Calendar, which can be accessed using http://www.google.com/calendar or calendar.google.com. You can schedule events on a calendar, mark them as public, and then have Google Calendar notify guests of the events.

Some may use this service as an alternative to Microsoft Outlook's calendaring feature. It certainly would make sharing a calendar easier, if you need to share a calendar with others outside your office or with non-Outlook users.

According to the Wall Street Journal, Google has also recently negotiated a deal with Dell where Google will pay Dell up to a billion dollars to preinstall Google Desktop on Dell PCs.

References:

1. Google and Dell in $1 billion Microsoft busting deal
   By Stan Beer
   Friday, 26 May 2006

[/network/web/services/google] permanent link

ClamWin 0.88.2.3 Reports Proxy.Exe is Worm.Bobax.AA

I installed ClamWin 0.88.2.3 on a user's system and scanned the system for viruses. ClamWin reported AnalogX's proxy.exe file as Worm.Bobax.AA. I had installed version 4.14 of AnalogX's Proxy program on the system almost a year ago to have proxy server capabilities on the system for troubleshooting. I suspect ClamWin is simply looking at the file name and making its determination solely on that criteria resulting in a false positive report of Worm.Bobax.AA. The virus definitions on the system were updated on 09:18 21 May 2006 and the virus DB version is main: 38, daily: 1474.

Arcabit, which produces the ArcaVir antivirus software, states that Worm.Bobax.AA is a mass mailing worm that attempts to email itself to others from an infected computer. Arcabit's page states the worm creates services.exe on the hard drive. However, there is a legitimate services.exe file in C:\Windows\system32 on Windows XP systems that is produced by Microsoft.

Symantec's W32.Bobax.AA@mm webpage states that the services.exe file created by the worm is placed in %Windir%, which will usually be C:\Windows on Windows XP systems. You can determine the value for %Windir% by typing echo %WINDIR% at a command prompt. On this system, the only services.exe file was in C:\Windows\system32 and appeared to be the legitimate services.exe file. The Symantec webpage also states the worm creates %Windir%\msdefr.exe, which I did not find on the system. Nor did I find a C:\autorun.inf, which the Symantec webpage on the worm states is created by it.

McAfee, which produces antivirus software, states on its AnalogX-Proxy that the AnalogX proxy software is a legitimate tool, though it may sometimes be used by malware to set up proxy servers on a system without a user's knowledge. For instance, McAfee's antivirus software may report AnalogX-Proxy.ldr when a particular trojan file uses the AnalogX proxy program. It isn't unusual for malware authors to use legitimate tools for their own nefarious purposes.

I submitted the proxy.exe file to www.virustotal.com, which provides a free service where you can submit files for automatic analysis by quite a few antivirus programs. ClamAV is one of the antivirus programs running on that system. It reported Worm.Bobax.AA. Seventeen of the twenty-four antivirus programs used on that system reported "no virus found", though. Kaspersky reported "not-a-virus:Server-Proxy.Win32.AnalogX.414" while the McAfee scan reported "potentially unwanted program AnalogX-Proxy". Panda reported "Application/AnalogX-Proxy.A". Symantec did not report that it found anything amiss with the file. TheHacker reported "Aplicacion/AnalogX.414". UNA reported "I-Worm.Win32.virus" and VBA32 reported "RiskWare.Proxy.AnalogX.414". For the full report see VirusTotal Proxy.Exe.

The file may be identified as a potential risk by some antivirus software, because it is possible for it to be misused, but since I installed the software on the system for troubleshooting purposes, I don't want ClamWin identifying it as malware every time it scans the system. If the user reports a problem accessing a website from her system, I can attempt to make a connection myself from the system by activating the proxy server software. So I configured ClamWin to ignore the proxy.exe file when it checks the system. You can exclude proxy.exe from ClamWin's scans by taking the following steps in ClamWin:

1. Click on Tools.
2. Select Preferences.
3. Click on the Filters tab.
4. Click on the "new" button under "Exclude Matching Filenames". It is the second one to the right of "Patterns", between the "ae" and "X" butons. Type proxy.exe and then click on OK.

I submitted a "false positive" report for ClamAV, which is used by ClamWin to www.clamav.net/sendvirus.html

References:

1. Vir News - Bobax.AA
   ArcaBit
2. 7/5: Bobax-AA a Mass-Mailing Worm
   eSecurity Software & Internet Security Product Information News Articles, Advice
   July 5, 2005
3. W32.Bobax.AA@mm
   Symantec Corporation
4. services - services.exe - Process Information
   Uniblue
5. Start-Up Applications - All
6. AnalogX-Proxy
   McAfee

[/security/worms] permanent link

Determining an Image File's Dimensions with Command Line Tools

If you are working on a Unix or Linux system and need to determine the dimensions for an image, there are a number of command line tools that may be available to you on the system. If you are including an image on a webpage, if you specify the file's dimensions, then visitor's to your website can view other information on your webpages while potentially large images are still being downloaded for viewing by the visitor's browser. If you specify the dimensions of the image files within your webpages, the browser will allocate the space needed to display the image and then display other parts of the webpage while it is still downloading large image files.

You can specify the image dimensions in pixels like this:

<img src="banana.jpg" alt="A banana" width="320" height="378">

One command line tool that can be used to determine a JPEG file's size is rdjpgcom. The utility is used to display comments that can be embedded in JPG files (you can insert comments with wrjpgcom), but you can also display the dimensions for a JPG file with the --verbose option.

$ rdjpgcom -verbose banana.jpg
JPEG image is 921w * 592h, 3 color components, 8 bits per sample
JPEG process: Baseline

If you have ImageMagick installed on the system, you can also use the identify command to determine the dimensions of an image file. Note: if you are using RedHat Linux, or another version of Linux that uses RPM to manage software on the system, you can issue the command rpm -qi ImageMagick to see whether it is installed.

$ identify banana.jpg
banana.jpg JPEG 921x592 DirectClass 8-bit 87kb 0.0u 0:01

The identify utility displays the width followed by the height.

Another command that may be available to you is imgsize.

$ imgsize banana.jpg
imgsize banana.jpg
width="921" height="592"

[/graphics] permanent link

WindUpdates.MediaGateway (Adware) - May 21, 2006

Microsoft AntiSpyware Beta1 found WindUpdates.MediaGateway on a user's computer when I scanned it, but the adware did not actually appear to be active on the system. Microsoft AntiSpyware appeared to be detecting only remnants of the adware that had previously been removed with Microsoft AntiSpyware.

[ More Info]

[/security/spyware/windupdates_mediagateway] permanent link

Turning Display of Paragraph Markers On and Off in Microsoft Word

If you are seeing paragraph marker symbols, ¶, in your Microsoft Word documents, as in the above example, and want to turn off the display of these markers, which indicate the end of a paragraph, click on Tools and then Options. Under the View tab, you will see Paragraph marks checked. Uncheck that field and click on OK.

The paragraph markers should disappear from your document.

Reference:

1. Rules for typing in Word

[/os/windows/office/word] permanent link

Barclays Bank Customer Scam

I received a scam email message today, purportedly from the technical service department of Barclays Bank, a UK-based bank, asking that I confirm my membership details. I don't have a Barclays Bank account and the link in the message, which supposedly pointed to https://ibank.barclays.co.uk/olb/p/LoginMember.do/confirm, actually pointed to http://www.zoze.org/files/ibank.barclays.co.uk/olb/p/LoginMember.do/index.htm .

The website appeared to be out of service when I checked it and the scam webpage was inaccessible. I reported the scam anyway to doshelp@doshelp.com, which is an address associated with a site that tracks phishing scams, such as the one I received. The site lists examples of other Barclays Bank scams at Barclays Bank Fraud Websites. I also reported the scam to the abuse address at earth.nocserver.net and insidepool.com, since those domains were associated with the orgination point for the email message.

[/security/scams/phishing/barclays] permanent link

Another Peachtree User is Using the Same Serial Number

After I had to kill a running instance of Peachtree Complete Accounting 2002, because it was producing an error message that I couldn't stop from constantly repeating, whenever I tried opening a company file, I got the message "Another Peachtree user is using the same serial number". The window where that message appeared had a Register button. When I clicked on it the correct serial number appeared, but the registration number field was blank. Putting in the correct registration number did not stop the problem from repeating whenever I tried opening the company file.

I found instructions on dealing with the problem at an Abacus Plus Services, Inc. FAQ page. However, I found that I did not have to take all of the steps suggested on that page to eliminate the problem. I only had to kill the W32MKDE.EXE process, which is a process associated with Peachtree accounting which remained running after I killed the Peachtree application. The steps to alleviate the problem are as follows:

1. Hit the Ctrl-Alt-Del keys simultaneously.
2. Select Task Manager.
3. Click on the Processes tab.
4. Click on the column header Image Name to put the processes in alphabetical order.
5. Look for a process with the image name of W32MKDE.EXE. Click on it to select it and then click on the End Process button.
6. When you receive a warning about terminating the process, click on Yes to terminate it anyway.

I was then able to open the company file without any problems. The additional steps listed on the Abacus Plus Services, Inc. FAQ page are provided below, in case the steps above are not sufficient for you to resolve the problem should the information become unavailable on that website.

1. Look in the directory where your data is stored for files with names beginning with "Conn". If you don't know where Peachtree stores company data on your system, you can click on the Start button and then select Search to search for the files. Search for files beginning with "conn", i.e. conn*. Or you can look in pcw90.ini which will be in your Windows directory, usually C:\Windows or C:\Winnt. You can double-click on the file to open it in notepad. Then look for the "DATAPATH=" line, which will tell you the location of your data files. Note: the number after "pcw" in the ini filename may be different for other versions of Peachtree Accounting
2. Select all connco and conndp files from the data path and delete them.
3. Look for ShowStartup= in the ini file mentioned above, which is pcw90.ini for Peachtree Complete Accounting 2.0, but may have a different number after "pcw" if you are using a different version of Peachtree. If the value for the parameter is No, change it to Yes (a capital "Y" followed by lowercase "es").
4. Look for the LastCompanyOpen= line in the ini file. Delete everything after the equal sign.
5. Save the ini file (click on File and then Save).
6. Open Peachtree in a sample company. After the company opens, select File then Open Company and open your company data.

References:

1. Abacus Plus Services, Inc. FAQ

[/os/windows/software/financial] permanent link

Location of Peachtree Complete Accouting 2002 Data Files

I wanted to move the location of PeachTree Accounting 2002's data files to a new location. In order to have Peachtree find the files in their new location, you need to edit pcw90.ini. It will be in your Windows directory, which will usually be c:\windows or c:\winnt. Note, if a nonstandard location is used for Windows, you can find out the location by typing echo %windir% at a command prompt.

You can double-click on pcw90.ini to open it in your default editor for ini files, which will normally be notepad. Change the DATAPATH= line to point to the new location and reopen Peachtree Accounting.

[/os/windows/software/financial] permanent link

Exchange 2003 Reached 16 GB Mailbox Store Limit

I found a Microsoft Exchange 2003 server was no longer transmitting email nor was it providing access to shared calendars and contact lists for users due to the database store, which is maintained in the file priv1.edb reaching the limit of 16GB. Unless you upgrade to Service Pack 2, the size of this file can't grow beyond that limit and Exchange will shut down when it reaches that size.

[ More Info ]

[/network/email/exchange] permanent link

Eudora Crashing at Startup

Eudora 4.2 was crashing a user's system shortly after it was opened. When it was reopened, it would prompt regarding rebuilding the table of contents as shown below:

Damaged Mailbox

Mailbox has a damaged table of contents. Shall I build a new one for you? [ Please do ] [ Cancel ]

Or the message below would appear:

Corrupt Mailbox

Mailbox In has been changed since its table of contents was created. Do you wish to use the old table of contents, or create a new one? [ Create new ] [ Use old ] [ Cancel ]

If I instructed Eudora to rebuild the table of conents, it would do so, printing a message like the one below, but then would crash shortly after opening again.

Eudora

2971 of the 2971 summaries in the old table of contents used; 0 new summaries were created. [ OK ]

When I opened Eudora's in.mbx where it stores mail for a user's inbox, I found several instances of the following lines at the end of the file:

From ???@??? Mon May 01 08:29:15 2006
Return-Path: <info@minoritywealth.com>

There was no message body for the messages, just the header information.

Eudora starts each message it stores in a mailbox file with "From ???@???". Since the message I was seeing was the last entry and it appeared multiple times it appeared to be the cause of the problem.

I used the Windows notepad program to edit the in.mbx file, since it is just a regular text file. I removed the lines for what appeared to be the problem message and restarted Eudora. But the same behavior as before occurred, i.e. Eudora crashed. I checked the server, but the message was no longer there, since the user had used Outlook Express to check her email when Eudora started crashing at startup. If you encounter this behavior, you may need to find an alternative means of deleting the problem message from the server, e.g. using another email client, a web interface to check email, or by using the telnet command to connect to the mail server on port 25 and then finding and deleting the problem message through SMTP commands.

Though the message was no longer on the email server, it was in Eudora's "spool" directory, which you can find underneath the directory where Eudora stores mailbox files, such as in.mbx. Eudora apparently uses the spool directory as a temporary holding area as it processes incoming messages. If it crashes while processing a message, the message as well as other yet to be processed messages remain in the spool directory. When it restarts, it again tries to process the messages in the spool directory. If there is a corrupt or malformed message in the spool directory, it will again crash until you have deleted that particular message. The messages are stored in .rcv files. You can open RCV files with notepad. When you select "File" and "Open" in notepad, simply tell notepad to look for "All Files" instead of using "Text Documents" only in the "Files of type" field. You can then look for the corrupt one. Or you can simply move all of the RCV files out of the spool directory into some other directory temporarily and then move individual files back until you find the one that causes Eudora to crash on startup.

Note: Eudora will likely complain that another copy of it may be running when you open it, because it creates a 0 KB OWNER.LOK file in the directory where in.mbx is stored when it starts. The presence of that file allows Eudora upon starting to detect whether another instance of Eudora may be using the user's mailbox files. If multiple instances tried to manipulate those files at the same time, the files would likely become corrupted. But, if Eudora crashes, the OWNER.LOK file remains instead, of being deleted as it would be if you exited from Eudora normally. You can manually delete it.

References:

1. Case Story: Eudora vs. "Toxic" Messages
2. Crashes When Opening
3. FAQ: Eudora crashing immediately upon start?

[/network/email/clients/eudora] permanent link

Restoring Eudora's Toolbar

If the toolbar, which contains icons for checking your inbox and outbox, checking email, replying to messages, forwarding messages, etc., disappears from the top of your Eudora window, you can take the following steps to bring it back.

1. Inside Eudora, click on Tools.


2. Click on Options.


3. Scroll down the Category and select display.


4. Make sure Show toolbar is checked, then click on OK

You should now see the Eudora toolbar as shown below.

Note: these instructions apply to Eudora 4.2 and 6.2, but may not apply to all other versions of Eudora.

[/network/email/clients/eudora] permanent link