Monday, January 25, 2010

CompTIA A+, Network +, Server + requires renewal

So I got a call from a vender for exam preparation material, and they shared with me something that will affect many people now. Previously if you held CompTIA A+, Network +, and/or Server + you were not required to renew them. Kind of nice since many other venders required you to do so. Due to them getting those Certifications blessed per se by the ISO. Then they have to provide a way to renew, meaning that we have to renew. They have set this at every 3 years. This is effective as of January 1, 2010. So I looked at their renewal page to see what you can do. You can take the latest version of the Cert, or a Bridge exam to it. You can start keeping track of CEUs, and after hitting a particular number of them then you are good for another 3 years.


Good thing though is that you only have to maintain the highest of the 3 that you have, the order being as I have them listed in the title. For example if you have the Network +, you don't have to maintain the A+ just maintain the Network +. By this same theory, even though they don't state it exactly, then you could just take and pass then next certification to complete the renewal requirements. Since when you pass say the Security + then your highest wouldn't need to be renewed for 3 years.

Have no gripes about this because I am kind of tired of running into techs that claim certain certs but have had them forever, and can't even swap out a light bulb. OK I am exaggerating but we all know them. Off to study for the next Exam....

Here is the link to CompTIAs Renewal Policy FAQ

Monday, January 18, 2010

Antivirus Live = Very Annoying


So I had one of my users call me over the weekend regarding the fact that they are getting a lot of virus warnings. The first thing I asked was if it said ESET on the box. Nope, yeah well the lots of boxes warning of viruses the first tip that it wasn't my solution. This particular users was a limited user so I knew that it had penetrated only so deep and that removal wouldn't be very hard. I told them to try a restart first. This because sometimes you just wander onto a website that pertends a program is running and actuality hasn't installed anything. Well that didn't fix the problem so I told him to leave it on my desk and I would fix first thing Monday.

After turning it on I notice a little blue shield with a diagnal shield. and Next thing after letting it it for a little bit the screen looks like the picture to the right. (Insert picture.) So first things first. I know at this point it is installed on the computer. Since this person is a limited user it limits where it can hide(unless it takes use of some exploit in the OS). Any time you try to run a program it will pop up real quick then close. So go ahead and restart and if necessary(I hope it is) log in. Really quickly goto the start menu and click on "Run..", type in "regedit"(without Quotes) and hit enter. At this point the program hasn't become suppoer annoying so it won't stop you from doing this. You could also boot into safe mode or under a different user. You are going to go to the following key:
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run . (if you are doing this under a different user than the one that has the problem than do a search for sysguard and it will find it for you.)
Look to the right and you will see an entry for a file that is located in  Documents and Settings\(the Username that is infected)\local settings\Application Data\(random string)\(randomstring)sysguard.exe
Delete this entry and restart. After restarting and logging in as the infected user you will no longer run into a problem. At this point you need to fix all the stuff it broke.

Open up Internet Explorer and goto Internet Options under Tools. Goto the Connections Tab and click on LAN settings. Uncheck the box beside "Use a procy server for your LAN." You should no be able to browse as needed. You may try getting spydoctor or other spyware tool and remove the rest of it that way, but I will continue the manual way for sake of helping those that prefer it.

Lets go ahead and get rid of the remnant file. You can do it a coupel of ways. Goto Explorer and in the address bar goto this location "(rootdrive):\Documents and Settings\(the Username that is infected)\local settings\Application Data\." Or you can show hidden files and click through till you get to the same spot. One of the folders at that loication will just be a whole bunch of letters. For my user the folder was called uceejn. Look inside of it and you sill see the sysguard.exe or in my instance the dbdvsysguard.exe. Delete the folder it is in. Now it's gone.

We are going to have to fix some registry keys so go back to the Start Menu and click on "Run...", type "regedit" and hit Enter. Delete the following folder "AvScan" located here: HKEY_CURRENT_USER\Software\AvScan (only the AvScan folder).

It will have also modified these settings and you may want to change them back but depending on your settings in Internet explorer then you might like your settings this way. You could reset Internet Explorer back to it's defaults too to reslove this.
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
 You are now good to go. I would like to credit http://www.2-viruses.com/remove-antivirus-live this site since I got the last 5 regsitry keys it modifies from there.

Also I did run a scan with eset and it did find the file and delete it since when writing the instructions I left the file there to see if ESET Anvitirus could find it. Always make sure you are running the lastest version and defs of your Antivirus as well as patch your OS and applications.