Rogue script ulbloqmeed.vbs removal

This is a rogue VBS script that uses flash media as its primary method of spreading. I stumbled upon it today and decided to write about it because it's not detected by most antivirus software and malware cleaners. It's not a real virus, it's a VBS script that messes with the data on your flash media by making all files and folders hidden and creating shortcuts with the same names as your files and folders. The shortcuts basically start the script that then gets inside the registry and creates keys for itself. The script may have different names, but the removal procedure is the same for all.

The removal itself is quite manual and I will describe the steps.

• First off, kill the wscript.exe process that is running in the background, using Task Manager. 
• Then start regedit in elevated mode and find any entries with "ulbloqmeed" and delete them. 
• Close regedit. 
• It is also wise to start msconfig and look for startup entries of this script here. Uncheck those entries and restart the computer. 
• Now search the entire system partition for "ulbloqmeed", it will mainly be found inside %LOCALAPPDATA%\Temp - delete the file here when you find it.

This should get rid of the script running in the background and clean the system. Now all that's left is cleaning the flash media that brought it here in the first place.

• Turn on the ability to see hidden files in windows explorer. 
• Open the flash media drive to see the files and folders, you will now see two sets of files - the ones you originally had there that are now "hidden" and their visible shortcut duplicates that were created by the script.
• Delete all of the shortcut files. 
• Open CMD in elevated mode and run this command:

attrib -r -s -h /s /d [flash drive letter]:\

Assuming the flash drive letter is E: - the command will look like this:

attrib -r -s -h /s /d E:\

This will force the removal of the "hidden" attribute off of the files and folders inside the flash drive.

Promotional video of my CPU table

This is a video I made on YouTube to promote my CPU table.

Internet Explorer shows a white page instead of a website.

This happens on Windows 7 64 bit running the 32 bit version of IE9 or IE10. This is a very rare problem and not many solutions are given online so I decided to post my own solution that works.

First off - let's eliminate malware and viruses, the system is clean and updated.
Second - a lot of people seem to have a problem with "Hardware rendering" in IE - so we should enable software rendering.

Third - resetting the browser, cleaning temp files and cookies, uninstalling and downgrading to a previous version should be done.

If none of this helps - then come the big guns.

Most people in this case would do a repair installation of Windows, which I think is like killing a mosquito with a shotgun. A repair may bring other problems to your already installed and configured software. So this problem should be dealt with directly using the following method.

The root of this problem is a corrupt DLL file called d2d1.dll which, in this case, is located in the %systemroot%\SysWOW64 folder.
To confirm this we should scan the system for corrupt system files by going into elevated command prompt and running:

sfc /scannow

If the above file is in fact corrupt - SFC may repair it and the problem goes away. But in many cases it does not repair it because the backup copy of this file may also be corrupt. In this case we need to replace it with a "healthy" version.

I have posted a healthy version of this file here. (Use at your own risk, it may not be compatible with your system). This is for Windows 7 Pro 64bit SP1.

Now the tricky part is to replace a system file in a protected system folder. In this case inside the aforementioned SysWOW64 folder. The key to this is to first take ownership of the file inside and then change the file access permissions. So we right click d2d1.dll and go into Properties > Security >Advanced > Owner > Edit. Make your user or the administrators group the owner of the file. Then, while still inside the file properties window, under Security click on Edit and click on the Administrators group or the current user and click Allow: Full control check-box.

This will now enable us to edit or replace the file. Now we rename the file's extention to something like ".old" instead of ".dll" for it to be easily recoverable in case something goes wrong.
Once it's renamed - we can now copy the "healthy" file here. After that's done, no need to restart, just run your IE and it should all go back to normal.

Word 2013 crashes on startup

If Word 2013 crashes right after it's finished starting up - usually the reason is an add-in that is causing this. Most of the time it's the ABBYY Finereader add-in that loads automatically, and your best bet is to disable it.
To do this we need to start Word (or Excel, or any other Office app that crashes this way) in its safe mode by bringing up the Run box by pressing [Windows Key] + R and then typing:

winword.exe /safe

This will load Word in safe mode which will let you disable the add-in. To do this click File > Options > Add-Ins. On the bottom where it says Manage: [COM Add-ins} click Go. This will bring up the Add-in list where you uncheck the add-ins you need to disable (again, usually by Finereader). Once it's done, click OK and restart Word in normal mode.

Table of all Intel desktop CPUs for the last 10+ years.

I have been quite busy with this new project for the last couple of months. I had my mind set on creating a flow chart that shows all Intel desktop CPU sockets present in the last 10 or so years, and all processors that are supported for them. It covers Intel CPUs under LGA775, LGA1156, LGA1366, LGA1155, LGA2011 and LGA1150 sockets. 

The flow chart starts from the socket, continues onto microarchitecture, core code name, CPU brand name and ends with main specifications of the CPU. It covers Pentium, Celeron, i3, i5, i7 and Xeon CPUs. Very easy to compare and pick out the appropriate CPU model for the necessary task.

 This is a very large poster, high resolution print quality. In digital form it can be searched using your PDF software's search function to find the CPU you need.

 I have posted it here on Scribd.

File transfer over the network one day becomes very slow.

I've recently had this very interesting problem with a Windows 7 Pro 64bit workstation that suddenly had a very low speed when transferring files over the LAN. What happened was the speed of listing files dropped about 10-20 times the normal speed. The actual copying of the files - once initiated - was normal (about 90% of the 100mbps connection).

I started diagnosing and optimizing the network speed to no avail.

What didn't help:

1. Removing Remote Differential Compression from windows components.

2. Disable Autotuning by running the command:

netsh interface tcp set global autotuning=disabled

3. Removing IPv6 from Network Properties.

4. Clearing DNS cache.

5. Resetting the TCP/IP stack by running:

netsh int ip reset reset.log

6. Resetting Winsock by running:

netsh winsock reset catalog

7. Tweaking the registry based on this article on MSDN.

Finally I decided to check the NIC - which was Intel 82579V Gigabit Ethernet Card.

I disabled the Large Send Offload v2 for both IPv4 and IPv6. Didn't help.

The solution was quite simple (as I suspected).

Something went wrong with the NIC driver. It wasn't an automatic update from Microsoft either. This driver was never updated.

I decided to run the built in diagnostics on the driver window. Everything came back normal.

But when I switched the Link speed to 10mbps - immediately there was an improvement. But of course - we're limited to only 10mbps. So I switched back to 100mbps (auto) - back to the old speed problem.

I went to the Intel download center and got the latest driver for this card (4 day old!) After installing it - everything went back to normal, even better because of the small improvements I made trying to fix the problem.
So this shows that when copying or downloading files over the network takes too long (only on one particular station in the network) - it is best to start from setting the link & duplex speed of the NIC to 10mbps to check for improvement.