Spyware and Malware

Spyware and Malware protection and removal and what you MAY not know!

I have had the luxury of being in some sort of IT Industry in one way or another for the last 17 years of my life. I have worked in fields from standard PSTN Telecom, to basic PC building and repair, to Corporate Network Design and Infrastructure Integration, down to Web Design and Programming. I would say that over the years I have seen MANY drastic transitions in technology, some greater than others. I watched as I saw a standard telephone line connected to one personal computer at a time sending messages and files through a BBS (Bulletin Board System), develop into the large scale high speed data network we use now known as the Internet. One thing that has ALWAYS held true in the communications and data networking industry is that there is always someone out there trying to make a quick scamming buck or to take down systems of the masses by playing on the end users lack of knowledge on how to protect and secure their computers. Since the early days of BBSing, I remember even in the late 80’s and early 90’s, there were Trojan viruses and infections that were in place for NO other reason but to annoy and destroy file systems. Anyone who remembers Wildcat and Oblivion BBS’s and was ever struck by the Michelangelo or Jerusalem viruses knows exactly what I’m talking about.

Since the inception or communications, there has always been the need to secure and prevent hackers, warez freaks, and script kiddies from getting into your computers. The only thing I have seen change over the years, is that it is no longer just a 12 year old kid slurping down mellow yellow until 4 am that is hacking your system and corrupting your files, or even worse, stealing your personal information. Now it has become a multibillion dollar BIG BUSINESS for companies which I won’t mention in this article to install Spyware, Malware, and Scamware onto your system so they can collect information about your personal life, your personal preferences, your web surfing habits, and even your credit card and social security number so they can store your information into a database and sell your information off to the highest bidder.

Now please understand, I am not a conspiracy theory type of guy, and I don’t think that big brother is trying to get me, but I am a realist and I know for a FACT that EVERYONE that is reading this article has at some point in time in one way, shape, or form has had a virus, a Trojan, some Spyware, or Malware on their system. So that is not a conspiracy, it is the plain and cold hard truth. We as a community of Internet surfers and knowledge seekers have to be able to protect ourselves and our family’s against the unwanted bots, programs, and software that is being installed onto our systems and is invading our privacy without knowledge. So my next few articles are going to explain a few ways on how to spot the malicious software and viruses on your system, and a few of the best tools to protect and guarantee your computers and family’s safety from these devious applications.

So check back later this week for my next installment of, “Spyware and Malware protection and removal and what you MAY not know!”, which will explain how to understand, locate, and eliminate spyware, malware, and viruses.

Until then, take care, and if you have any questions or comments about the articles please leave a comment or send an email to my address below.

Richard Correa, MCSA, MCPS, MCSE, MCNPS, MCDBA
Senior Network Engineer
Lead Web Programmer and Developer
DTI Data – DTI Networks
Office :: 727.345.9665 ext.206
rcorrea@dtidata.com

http://www.dtidata.com
http://www.dtinetworking.com

Starting Exchange Server with a blank Information Store

Starting Exchange Server with a blank Information Store

There are some situations where starting Microsoft Exchange with a blank database may be necessary. In my line of work, I run across a large amount of businesses that have had their Exchange Private Information Store corrupted and the whole organizations Email capabilities halted as well. Quite often, getting the users back up and running takes precedence over getting the data back. Don’t get me wrong; the data is still extremely important, however not having email capability can stop some businesses day to day operations dead in their tracks.

In a perfect world, there would and should be a backup Exchange server just waiting to take over in case of a catastrophic event. But in reality, that is rarely the case. Rather than wait a complete day or two, or even longer, for the systems administrator to get the Exchange database recovered, a viable alternative is to restart the information store with a blank database and import the data back in when it is recovered.

There may be other reasons for wanting to create a blank database as well. You may have an Exchange server that is years old, with tons of residual data from users no longer at the company. You may need to free up disk space on your server. You may have a database with minor corruption and decide to ExMerge your data out and import it back in to a clean corruption-free database. Whatever the reason, make sure you have a complete plan of action and be sure to backup your data in case you run into difficulties. The following article explains how to create a new database with Exchange Server.

To start Exchange Server with a blank Information Store:

1. Locate the Exchange database directory and transaction log directory
   1. Open Exchange System Manager
   2. Navigate to Administrative Groups->First Administrative Group->Servers->servername
   3. Underneath servername click First Storage Group and then Action->Properties
   4. Transaction Log location will be listed on the General tab. Note this location (Image 1d)
   5. Navigate under First Storage Group to your Mailbox Store and click Action->Properties
   6. Click the Database tab to note the Exchange Database and Exchange Streaming Database locations (Image 1f)
   7. Do the same for the Public Store

Image 1d	Image 1f

2. Stop the Exchange Information Store (IS) if it is currently running
   1. Click on Start->Programs->Administrative Tools and then on Services or you can go to Computer Management by Right-Clicking on My Computer and choosing “Manage”

      i. If using Computer Management, drill down to Services and Applications, and then Services underneath that

   2. In the right window of the Services or Computer Management console, locate Microsoft Exchange Information Store
   3. If it’s status is listed as “Started”, Right-Click it and choose “Stop” (Image 2c)
   4. It may give you a message stating that dependency services such as Microsoft Exchange Event will need to stop as well. Choose “Yes” to continue stopping the IS

Image 2c

3. Rename database and transaction log directories and create new ones
   1. Rename the database location MDBDATA directory to MDBDATA-old (Image 3a)
   2. Create a new MDBDATA directory
   3. Rename the transaction log MDBDATA directory to MDBDATA-old (if location is different from the database location)
   4. Create a new MDBDATA directory for the transaction logs (Image 3d)

Image 3a	Image 3d

4. Start the Exchange Information Store service
5. Create new data files
   1. From Exchange System Manager navigate to Administrative Groups->First Administrative Group->Servers->servername->First Storage Group
   2. Click on the Mailbox Store and then on Action->Mount Store (Image 5b)
   3. You will receive a message stating that mounting this store will force the creation of an empty database, choose “Yes” to continue (Image 5c)
   4. The Store should mount, give you a message stating it successfully mounted and the data files should be created in the MDBDATA directory. (Images 5d1 & 5d2)
   5. Follow the same steps for the Public database

 

 

Image 5b
Image 5c
Image 5d1	Image 5d2

6. Test and Verify
   1. Verify the data files were created in the MDBDATA directory
   2. Check the Event Log for any errors
   3. Test connection to the Exchange server from Outlook

MFT Data Recovery

   Over the years I have recovered many drives configured with NTFS.  One of the leading reasons that data recovery is performed on these hard drives is an anamoly developed in the Master File Table.  This area of the drive is the single most important set of data stored on your system.  The Master File Table houses all attributes, as well as cluster placement for every file on your system.  It contains security attributes, file name attributes, date and time signatures, and a mini FAT called a run list that points to every cluster where a  particular file is stored.

  In addition to the infomation stored in the Master File Table it has been my experience that if a previous copy of the Master File Table had been saved off into a file onto a remote site I could have easily imported that file and used it to recover the data.  In other words, it is rarely the occasion that an entire file system gets totally wiped out.  It is usually some small piece of information either corrupted or omitted from the Master File Table that causes the problem.  Even a restore disk used on a hard drive that totally destroys all remnants of a file system cannot keep a backup copy of the Master File Table from recovering some data.

  How, you may ask can this be?  Well grasshopper, read on and see.  Imagine a book.  A reference book preferably.  Now, let us define the attributes of a reference  book.  Lets see, there is a forward where the author may offer a few remarks so we know how intelligent he is.  There is a table of contents that give you a general idea of what is in the book and where it is located. There is the body of the book, the actual information.  Last but not least, an index.  A detailed description, with page numbers that tell you exactly where the data is that you are looking for. For illustration purposes we can  say that the index of the book is the Master File Table, and the body of the book is the data on your hard drive.  If the index of the book is ripped out of the back, how would it be possible to find the information you are looking for?  I suppose you could wade through the entire book and possibly, after several hours of searching, find the answers you are looking for.  I have done that with some of my older books where the back, and the front of the book have disappeared.   A book may have 200, 300, 400, maybe even 500 pages to look through, and if the information is important enough it is worth the look.  However, wouldn’t it have been easier if I would have just photo copied the index and placed that in a nice safe place.  Then, when the book gets old, and I lose the index, I have this nice copy that I have kept to help me find my information.

   Leafing through a 500 page book may be time consuming but it is feasible, however, apply that same logic of the index and the book to a hard drive.  Who wants to scan through 234,000,000 sectors looking for data.  If the data is fragmented then the data is probably lost.  Wouldn’t have been nice to have a copy of the Master File Table to use and find all of your old tax returns, or doctoral thesis, or the only pictures of your grandsons birth?  I would say, “Yeah!! It would’ve been nice!”. 

  Please don’t get the wrong idea.  This is not the same as entire backup, on another set of media.  There are holes to this system.  First, if the drive actually goes bad, then it will be difficult if not impossible to get the data back.  Secondly, any thing that writes to the data portion of the drive will make the Master File Table useless. However, it takes a long time to destroy a 250 GB  hard drives data area.  Lastly, I have not been able to find a piece of software that just dumps the Master File Table to a remote site.  Looks like someone should write one?

Data Recovery Services From DTI

DTI Data Recovery has been in business for decades. Our technicians and engineers have unique experience in all types of data recovery. DTI is one of the few companies in the world that not only performs hard drive repair, but also creates and sells data recovery software.

The fact that we have in-house software developers gives DTI data recovery an edge when it comes to recovering damaged hard drives. There are many situations that call for custom data recovery solutions. DTI has the technology and experience to create software on the fly for any given situation.

Data Recovery Engineers

The main thing that separates DTI from the pack is our engineers. We have specialists that are expert at Linux file systems, others that are focused on NTFS and FAT, this gives us the most experience with data recovery. The fact is, hard drive repair isn’t rocket science. With a clean room, experience, proper parts and technology DTI is able to repair just about any type of physical damage to a hard drive and get the data off and on to stable media. It is what happens next that makes DTI special.

Data Recovery is a lot more than hard drive repair. It also means that the files on the hard drive need to work again. That is why our engineers have the upper hand. We can take databases down to the hex level and repair them, we can fix file systems, we can rebuild partitions. If you need data recovery, then DTI is the logical choice!