Hack Yourself---before someone else does---Twitter

In my previous post, I mentioned my attempts to hack my own Gmail account.

I entered a bad password 26 times, and Google Mail didn't blink---it just continued to display an error message indicating that either the user id or password was incorrect.

After eventually entering the correct password, I logged in successfully.

I was hoping that Google would alert me to the fact that someone had unsuccessfully attempted to log into my account 26 times.

No such luck.

I had decided to try this again with Google Mail, entering a bad password up to 1,000 times but I was distracted.

A friend of mine had forgotten her Twitter password, and I was assisting her with getting back into her Twitter account when I learned that Twitter has the best security I've seen so far.

After trying to log into Twitter a third time unsuccessfully, the next time Twitter displayed one of those graphic displays where there's a graphic of a word or a number that you need to enter to prove that you're not some kind of robot trying to hack an account. This is sometimes called CAPTCHA

In my previous post, I mentioned my attempts to hack my own Gmail account.

I entered a bad password 26 times, and Google Mail didn't blink---it just continued to display an error message indicating that either the use rid or password was incorrect.

After eventually entering the correct password, I logged in successfully.

I was hoping that Google would alert me to the fact that someone had unsuccessfully attempted to log into my account 26 times.

No such luck.

I had decided to try this again with Google Mail, entering a bad password up to 1,000 times but I was distracted.

A friend of mine had forgotten her Twitter password, and I was assisting her with getting back into her Twitter account when I learned that Twitter has the best security I've seen so far.

After trying to log into Twitter a third time unsuccessfully, the next time Twitter displayed one of those graphic displays where there's a graphic of a word or a number that you need to enter to prove that you're not some kind of robot trying to hack an account.

http://en.wikipedia.org/wiki/CAPTCHA

Wikipedia defines it this way:

A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a human being. The process usually involves a computer asking a user to complete a simple test which the computer is able to grade. These tests are designed to be easy for a computer to generate but difficult for a computer to solve. If a correct solution is received, it can be presumed to have been entered by a human. A common type of CAPTCHA requires the user to type letters and/or digits from a distorted image that appears on the screen. Such tests are commonly used to prevent unwanted Internet bots from accessing websites.

The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".

This was the first time that a bad password had been challenged in any way. Yahoo and Google both failed to do it.

I have several Twitter accounts, and so I decided to test Twitter's security by logging in with bad passwords several times.

I logged in with a bad password twice, and then a screen was displayed with two CAPTCHA boxes.

I entered a bad password again, but with the 2 correct CAPTCHA answers.

A screen was displayed saying bad user id or password, but no CAPTCHA.

Again I entered a bad password. This time, a screen saying bad user id or password, but no CAPTCHA.

Looks like it only displays the CAPTCHA after 3 bad attempts.

Eventually I had entered 26 bad passwords before finally entering the correct one and logging successfully into Twitter.

No message was displayed warning me that someone had tried to hack my account.

I checked the email address associated with the account.

No email warning me about a possible hacker.

Of the 3 accounts I've tried to hack, Yahoo, Google, and Twitter, so far Twitter has been the only one to put any sort of road block in my way.

Having to enter the CAPTCHA challenge answers sure does slow down a manual attempt to repetitively guess passwords. However, despite this added hurdle, Twitter does not seem to disable the account, nor does it send an email warning the user that someone is trying to log in with a bad password.

My next attempt will be with Facebook.

More to follow.

If I don't post again before 2013, I want to wish you all a Happy New Year!

Hack Yourself---before someone else does. Google Mail...

If you've been following my blog, you know that I've been intrigued lately by the notion of hacking my own email account.

I know it can be done by someone who really wants to do it---that's not the issue.

The issue is suppose someone I know: a friend, a not-so-friend, a neighbor thought it would be fun to try to guess my email password.

Surely my mail provider would let me know?

Or not?

It's been a few weeks since I last tried to hack my own Yahoo email account.

I was unsuccessful, but most importantly, once I successfully logged into Yahoo, Yahoo never once told me about the suspicious activity against my Yahoo account.

I guess Yahoo doesn't consider hundreds of attempts to guess my account password significant.

Perhaps this happens all the time?

I figured I would try one of my Google accounts---surely Google would be a bit more vigilant.

Well, my first attempts went this way---

Try to log into my Google account with a valid user id, but successively provide the letters 'a' through 'z; as password.

As was the case with Yahoo, all I received was a message indicating that my password was incorrect.

25 additional attempts with a bad password produced the same result.

When I logged in successfully, I anticipated that I might have an email in my Google email account indicating suspicious activity on my account.

I didn't.

My next attempt will be a bit more persistent---1000 attempts with a bad password.

Interestingly, this Google account I'm trying to hack is an account that I hadn't used in a while.

When I used it last week, Google prompted me for an alternate email address in the event my account became disabled or locked out.

So it does happen--but apparently not for 26 bad password entries.

More to follow :)

So you'd like to work in Computer Forensics

 

According to Wikipedia

Computer forensics (sometimes known as computer forensic science^[1]) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high profile cases and is becoming widely accepted as reliable within US and European court systems.

One of my current students is a Computer Forensic Examiner, and responded recently to a question from another student in the class about the field and how to break into it.

His answer was so good I decided to include it here at a blog post---here it is

It's ever changing and always challenging.  However, it's not cheap. A typical course ranges from $2,500 to $4000 dollars. 

If you're truly interested in this then go to some of the big job sites like Monster.com and put in computer forensic examiner, which is my title, and see what comes up. 

Many provide certifications they are looking for and the're typically from one of the few major companies and/or groups:

Guidance Software (EnCE - EnCase Certified Examiner)
http://www.guidancesoftware.com/

AccessData (ACE - Access Data Certified Examiner)
http://www.accessdata.com/

International Association of Computer Investigative Specialists (IACIS)
(CFCE - Computer Forensic Certified Examiner)
https://www.iacis.com/

International Society of Forensic Computer Examiners (ISFCS)
(CCE - Certified Computer Examiner)
http://www.isfce.com/

Sans (GFCA - Certified Forensic Analyst & GFCE - Certified Forensic Examiner) http://www.sans.org/

The list goes on and on. 

Two books you might want to check out are

Guide to Computer Forensic Investigations 
http://www.amazon.com/Guide-Computer-Forensics-Investigations-Nelson/dp/1435498836

and

File System Forensic Analysis 
http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

Email of the week (December 1, 2012)

I just received this email from a fan of my Learn to Program with Visual C# book

Hello Mr. Smiley,

I recently purchased your book Learn to Program with Visual C# Express.
I know you've probably received many many Emails, letters, etc. saying thank you,
well here is another one... Lol.

I have read many many programming book in the last 30 years of my programming life.
But yours is so well done and was so great it was hard to put it down.  Most authors
write in a method that is so dry.  Your book was wonderful and engaging.  I enjoyed the
interaction with the students in the book.  You did a wonderful job of making me feel as
if I was part of the class. Thank you.  I hope all of the students from the class are doing well.

C# is not my first Visual programming experience.  But it is surely my favorite so far.

Anyway,  (Sorry to bore you) I was wondering if you have the C# intermediate class book published?

Sincerely,

Brad
Fort Worth, TX.

My Response...

Hi Brad

Thank you for your very kind email---I really appreciate it!

Actually, few people take the time to email me, but when they do it really makes my day!

Interestingly, I got the opportunity to write my first book when I emailed the publisher of a book I was using in my class to tell him how much I enjoyed using it, and offered a few suggestions to make it even better.

I don't have an Intermediate C# book that I've writen---I stick to introductory topics---but I can highly recommend the Murach C# book.

I'm currently using a Head First book in my HTML/CSS class, and I find the tone of the book (not dry, not too serious) to be very similar to mind. I'd recommend you check out the Head First C# book also.

As far as the students, the students in the book were based on actual students I taught at Penn State. Once in a while I'll hear from them, and I keep in contact with a few of them on Linkedin.

Thanks again for your email, and keep me posted on your C# progress.

John Smiley

-

Hack your own email account...before someone else does (Part 3)

As you may recall, I decided I would try to hack my own Yahoo email account and see if Yahoo might try to notify me of the hacking attempts.

My first try took this form...

I tried to log into my account on 26 successive attempts, feeding passwords ranging from the single letter 'a' to 'z'.

Each time, I was greeted with a message saying the password was incorrect, but nothing beyond that.

I then logged onto my Yahoo account with the correct password, checked my email, and nothing---no warning that someone had tried to log into my account 26 times in succession with an incorrect password.

My second try took this form...

I tried to log into my account on 100 successive attempts, feeding the single letter 'a' as my password.

Each time I was greeted with a message saying the password was incorrect, but nothing beyond that.


I then logged onto my Yahoo account with the correct password, checked my email and nothing---no warning that someone had tried to log into my account 100 times in succession with an incorrect password.

I'm pretty much convinced now that Yahoo doesn't care if someone tries to hack your Yahoo account---no surprise, I guess, since I get so many spam emails from Yahoo accounts and followups from my friends saying they've been hacked.

Even if Yahoo had directed me to another page, that might make the job of hacking my account harder.

As it is, there's simply a message displayed that the password is incorrect, and I'm still on the log in page.

This will end my attempt to hack into my own Yahoo account.

My next attempt will be to try to hack my Google Gmail account---I suspect that will have better security.

Stay tuned for Part 4.

Hack your own email account...before someone else does (Part 2)

As you may recall, I decided I would try to hack my own Yahoo email account and see if Yahoo might try to notify me of the hacking attempts.

My first try took this form...

I tried to log into my account on 26 successive attempts, feeding passwords ranging from the single letter 'a' to 'z'.

Each time, I was greeted with a message saying the password was incorrect, but nothing beyond that.

I then logged onto my Yahoo account with the correct password, checked my email, and nothing---no warning that someone had tried to log into my account 26 times in succession with an incorrect password.

I'll try this later again today with a little more aggression and see what happens.

Hack your own email account...before someone else does

I've been getting strange emails from people pretending to be friends of mine, inviting me to follow a link of some kind.

The 'from' portion of the email contains a name of a friend (looks like from Facebook,) but the email portion is some strange Yahoo email address that doesn't match my friend. Here are some of them...
 
y6a5b236b1b29f97@yahoo.com
info@noktaawat.info
FingerhutAffordable578@everyoneishappynow.in
yeba055b91e@yahoo.com
jlcharno@yahoo.com
y0ddacd03e3@yahoo.com
cruzbnwjwh@yahoo.com
flavius.ardelean@yahoo.com
gayrat.gayipov@yahoo.com

You have also probably received some strange emails from someone who actually is a friend, only to have them email you a day or 2 later to tell you that their account has been hacked.

This got me to thinking as to how secure my own Yahoo account is.


I have a Yahoo account, I use it primarily for Fantasy Football and Baseball, but it also includes email.

Suppose someone were to hack or attempt to hack my Yahoo account?

Would Yahoo tell me if someone tried to guess my password 3 times? 30 times? 300 times?

I decided I would try to hack my own Yahoo account.

Login with my userid, and purposfully feed it bad passwords.

How long can I do that before Yahoo lets me know of suspicious activity on my account.

My suspicions are that I probably won't get a warning anytime soon.

Having once received death threats from a Yahoo user back in the late 90's, and having reported them to Yahoo only to have them tell me they couldn't really help me, I'm wondering just how good Yahoo security is. 

I have several other email accounts----my intention is to try this with all of them and see what happens.

A good security system should either disable my account after 3 bad password entries, or at least warn me that someone is trying to tamper with my account.

Most of my very important web portals notify me of changes or attempted changes to my accounts---banks for instance.

What about Email accounts?

I'll get back to you with the results of my self hacking attempts.

The moral of the story...check the Windows Event Viewer before you do anything else...

Monday, November 12th (happy Veteran's day to all of the veterans out there) should have been a day for me to catch up on some work, check on the status of the new class I just created at my Moodlerooms site, etc.

Instead, it was a day of great frustration.

On Monday I typically run 5 miles around 5:30am.

I awake at 5am, come downstairs, let the dog out, turn on the coffee (our timer is broken) and then tap the keyboard of my PC and move the mouse to awaken it from its night slumber (like many people, I leave my PC running all the time, and allow the Power setting hibernation settings to shut it down.)

Instead, what greeted me as I opened my office door at 5:07am was the infamous Windows Blue Screen of Death.

I keep pretty good notes, and pulled out my PC log, calmly made a notation of November 12th, and wrote down the cause of the failure: the Graphics Device Driver had failed.

The theme of this posting is the Event Viewer, and once I had rebooted into Windows 7, I should have checked it, but I did not.


If you've been following my blog, you know that my PC suffered a catastrophic failure on November 3rd, so it's really only been up and running again for less than a week, so the Blue Screen of Death made me just a tiny bit nervous :)

With nothing but a blue screen staring me in the face, I had no choice but to power down the system and restart it.

Before pressing and holding down the power button (I suppose I could just as easily pulled the plug on the PC,), I nervously listened to the sound of the PC fan whirring.

I watched with additional anxiety as the PC rebooted, announced that it was starting Windows, and Windows seemed just a little slower to boot up than usual.

But it did start, and I was able to do some of the routine OCD sorts of things that I do before going for a run.

1. Record the outside temperature that Weatherbug reported (yes, I know, some people really hate Weatherbug I like the fact that its recording station is about 1000 feet from my house. The temp and airspeeds are very accurate.
2. Check on my overnight Kindle and Nook sales
3. Check on my overnight Lulu print sales
4. See what hell has broken out overnight in the world via CNN
5. See what hell is going to break out during the day in the US Markets via Marketwatch.com
6. If it's Monday, check on the status of my 2 Fantasy Football Leagues :)

In between some of my Firefox web travels, a message about a new Adobe Flash version begin available popped up. I clicked on the install button and it installed OK.

At this point, I was running a little late.

I brought the dog in, gave her a couple of mini biscuits, poured a small cup of coffee, grabbed my running watch and with just a few minutes to spare before my normal departure run time of 5:40am,

I noticed an icon appear that said Windows had done an automated update, and recalled that I have Windows updates scheduled to run on Monday morning at 1:30am.

That made sense---perhaps that's why the system had crashed?

I also saw an icon on the far left of my icons that I didn't recognize.

I hovered over it and it said something about a Data Encryption key, and the need to back it up! What was this? A virus?

I clicked on the icon to see what was up, and the Windows 7 gizmo (not an hourglass, it's a circle) kept spinning...and spinning...and spinning...
The system was frozen.

I tried to get the attention of the Task Manager, and after about 2 minutes, it appeared.

Everything that was loaded

1. Internet Explorer
2. Firefox
3. Weatherbug
4. Word
5. Access
6. Excell
7. CuteFTP
8. FrontPage
9. Notepad
10. Garmin
11. Twitter
12. Twuffer

was in a non-responsive state. I couldn't shut down.

Now at this point, fresh from the hell of a 2 day restore operation on November 3rd and 4th, I decided to throw caution to the wind and go for a 5 mile run and attack it when I came back.

I returned from my run around 6:30am, read the Philadelphia Daily News on the front porch for about 15 minutes, took a quick shower and came back downstairs.

During my run, I had some real fears that my PC was infected by some kind of virus, which was what led to me having to reload Windows 7 the week before (check  my blog post entitled "Not the dumbest thing I ever did...")

Also, during my run, I decided if I was going to do anything to the PC (such as a virus scan, System Restore, etc.) I was going to do it in Safe Mode.

After returning to my office around 7:30am, and finding the computer still "frozen" I held down the power button to turn it off.

I pressed the power button on, and repeated pressed F8 to bring up the prompt to boot into Safe Mode. I chose Safe Mode with networking (this allowed me to play with Facebook for about 2 hours while doing a bunch of other stuff.)

I was happy to see that the computer booted up Windows in Safe Mode, and presented me with the 3 users that I have created on the PC. (actually I created them on November 4th :)

One user is an account I had never used---not the user account I was logged in "as" when the PC froze.

I elected to log in with the account (no password for it, a bad idea but if you've read about my problem from the week before you'll know why.)

The Windows Desktop appeared, a message appeared telling me why I should use Safe Mode (I know :) and the first thing I did was to check my installed programs via the Control Panel to see if I could find any information about this Data Encryption program. I couldn't.

Nothing new had been installed, except for a copy of an Image Compare program I had installed the previous night in my ongoing effort to finalize my family photograph project from the summer.

I also checked the Control Panel to determine what Windows updates had been made recently.

Sure enough, updates had been applied at 1:30am. Nothing appeared amiss.

I decided that it was possible, despite the fact that I visit only "safe" websites such as Yahoo Fantasy Football, Facebook, Twitter, etc that I had gotten a virus of some kind.

I found Malwarebytes in my list of installed Programs, downloaded the latest updates (that's why Safe Mode with Networking is handy,) and ran a Malwarebytes Scan.

Time for another cup of coffee.

Malwarebytes quickly came back and said "no threats."

It was now 7:15am and I decided to run a full Mcafee scan of my system.

While it was running, I decided to uninstall the last thing that had installed---Adobe Flash.

Not content to allow the McAfeee scan to run alone, I also decided to run Spybot Search and Destroy.
It found 5 very minor issues (adware) and finished quickly.

McAfee, in the meantime, finished and said it found no issues.

It was now 7:46am, and I decided to use my networking ability to go out to one of my favorite websites

mybleepingcomputer.com

I was intrigued by that message about Data Encryption, but nothing on it appeared on mybleepingcomputer.com.

I did see one of the techs out there recommend running an ESET Online Scan, which they swore was the latest and greatest in virus detection.

I went out to the ESET website, and it prompted me to install an ActiveX control, and shortly thereafter, it was downloading its latest virus signature database, and scanning my system.

The time was now 7:52am.

2 hours, 51 minutes and 22 seconds later, at 10:10am, ESET had scanned my entire system and found nothing.

Everything I had run told me I had no virus.

In the meantime, I had started working, in Windows Explorer, on identifying which of the 26,000 photographs from my photo scanning project were duplicates.

Part of that process is naming the scan0001.jpg, scan00002.jpg, etc files with meaningful file names. I like to name them like this

200912Dec24S001

where 2009 is the year, 12 is the numeric month of the year, Dec is the three character abbreviation for the month, 24 is the day of the year, S stands for Scan, and 001 is a unique number for that set.

I exchange the S for a C is the photo is from a camera. P if the photo came from my phone.

Estimating the year for some of my old photos is fun, let alone guessing the month and the year.

Naming them this way makes identifying potential duplicates easier.

Of course, if Image Compare had worked the way it did on my old computer, it wouldn't be a big deal, but it hasn't.

I'm sorry, I digressed a bit.

My point is that I was working in Windows Explore while this ESET scan ran, and I was on a good roll, so I decided to continue working on my photographs well after the ESET scan finished.

In fact, I worked on them until 3:27pm, which was a full 5 hours after the ESET scan finished.

I told Safe Mode windows I wanted to restart, and waited patiently to see what would happen, knowing full well that nothing I had done (with the exception of un-installing Adobe Flash) had been significant. I fully expected a problem when I restarted.

Sure enough, Windows appeared to start, but then a black screen appeared indicating that "one of your disks needs to be checked for consistency." CHKDSK was commencing!

I was relieved to find that CHKDSK reported no bad file records.

Then it began verifying my Indexes, and reported that there were several problems.

Interestingly, I recalled that while working with some of the 26,000 photo files in Windows Explorer that morning and afternoon, I had renamed quite a few of them, and a couple of times, the file didn't appear to be renamed, but when I clicked on it Explorer said that it was no longer there! I wonder if this was a symptom of the bad indexes that CHKDSK found.

CHKDSK ran for about 11 mnutes, at which time it finished, and Windows 7 started to boot. It was now 3:38pm.

I wondered how much of my problem was caused by the system crash, and subsequent power down, that I had to do in order to reboot the PC.

I held my breath, and finally the Windows login screen appeared with the 3 user accounts.

I decided to log in with the same account I had used in Safe Mode to see if I could get in.

In a minute or 2, the Windows desktop appeared, and everything seemed to be working OK.

I worked with this user account for a few minutes, then logged off and logged on as my typical user account.

Just to be sure I didn't rush things, I took a break and didn;'t return for 21 minutes.

When I did, I saw that everything seemed OK.

Looking at the System Tray, I didn't see anything there about Data Encryption, although that's about the same spot that Dell's DataSafe Local backup icon appears.

I checked out Internet Explorer, it was fast.

I fired up Firefox, it too was peppy.

One of the websites said I was missing a plugin---it was Flash. I installed it OK.

I then did something I probably should have done at 5:30 in the morning---fired up the Event Viewer. If you don't know what it is, or where to find it, type your Start button, and type Event Viewer into the search box. Fire it up and get to know it.

There were a bunch of events related to the system crash in the early morning hours.

I could see that Windows did the Automatic install at 1:00am, all of them successful, and I also saw that the display device driver had shutdown, but according to the Event Viewer had successfully restarted. I'm not so sure.

I could see the restart of Windows after I powered down and powered up, and there in the Event Viewer was this critical error message...repeated several times between the time I rebooted at 5:27am.

The file structure on the disk is corrupt and unusable. Please run chkdsk utility on the volume

Had I seen this error message at 5:27am, most likely Iwouldn't have gone down the virus worry path I took.

I would have run CHKDSK /r myself---albeit very nervously.

Check out this youtube video that shows you how to run CHKDSK yourself

http://www.youtube.com/watch?v=Es0VivQ_xQI

I've never been big on running CHKDSK or Defrags on my hard drives---but I may be doing some routine disk maintenance in the future.

One thing you can be sure of is that I'll be checking the Event Viewer routinely in order to be sure I don't have any more disk errors.

Create a Password Reset Disk in Windows 7

Last Saturday, November 3rd, I did something stupid (more on that later) that resulted in me not being able to log into my Windows 7 PC using any of my Windows accounts.

I have several administrator accounts on my PC.

Having more than one is a good idea if for some reason, you have a senior moment and can't get into the primary administrator account you use on an everyday basis like I do.

Every attempt to enter a password came back with a message indicating I had entered an invalid password. Ultimately, I had to restore my Windows 7 system and rebuild my entire system.

I had a good back of 99.9% of my system, so I'm in good shape that way.

While my inability to log in was likely a corruption of my Windows environment (more on that later) it would have been nice if I had had a Password Reset Disk to try.

Microsoft recommends creating a password reset disk when you first create your password. In theory, you only need to create this password reset disk once---even if you change your account password hundreds of times.

According to the documentation, it's useful if you forget your Windows password (I can assure you I didn't forget the passwords to 4 different Administrator accounts.)

I'm honestly not sure what would have happened if I had a password reset disk, but I have one now.


Creating one is easy---you need some sort of removable media, either a USB flash drive or a write-able CD. (Interestingly, Microsoft says in its documentation you can also use a floppy disk. When was the last time you saw one of those? I thought Windows 7 had pulled support for them?)
Insert your removable media, and open User Accounts by clicking on the

Start button--->Control Panel--->User Accounts and Family Safety--->User Accounts.

In the left pane, click Create a password reset disk. A wizard, entitled Forgotten Password Wizard, appears with these instructions.

"This wizard helps you create a "password reset" disk. If you forget the password for this user account and are unable to log on, you can use this disk to create a new password. Note: No matter how many times you change your password, you only need to create this disk once."

Click next and you'll be prompted to confirm the location of your password key disk.

Click next and you'll be prompted for your current user account password. If the account does not have a password, leave the box blank. (Having no password is a bad idea, especially for Administrator accounts.)

Enter your password, and a password reset file will be created for you on your removable media. It is called

userkey.psw

If you have multiple accounts, and you want a password recovery disk for each one, you'll need to repeat this process for each account.

Since the wizard attempts to write a file with the same name to the root folder of your removable disk, you'll either need to have a different removable media for each account, or create a folder for each userkey.psw file and save them all that way.

However, if the occasion ever arises and you need to log in to Windows using the password recovery disk, Windows will look in the root folder of your removable media for the file.

The moral of the story?

Don't do anything stupid like I did, and create your password recovery disk today.

In a future blog entry, I'll discuss using a password recovery disk to log into your Windows PC.

Not the dumbest thing I ever did but one of them---be patient with System Restore

In previous blog posts, I've alluded to doing something really dumb in the last few weeks but haven't gone into detail yet---here it is.

Let's begin with the moral of this story: If you begin a System Restore, be patient and give it some time until you believe it has hung and before you pull the plug on it. Pulling the plug on a System Restore can have very bad effects...

For those of you not familiar with System Restore, whenever Windows performs an update (major, minor, I'm not sure) it creates an image of your Windows folders, along with the Registry, so if something bad or funny happens after the install, you can revert your Windows environment back to the point before the update.

System Restore can come in handy if you install something yourself, find it has made your system flaky, and your attempts to uninstall it aren't totally getting you back to where you were. Important: System Restore only restores System files and the Windows Registry.
 System Restore can also be useful if a friend of yours sends you an email and tells you to click on a links---and it turns out that your friend is a hacker who has just installed a virus on your computer.

DON'T use this to restore an important Word or Excel document that you've deleted. It doesn't have that ability (check your Recycle Bin for that.)

To find System Restore, click on the Start button in Windows 7 and type System Restore.

Here's a Microsoft link that shows you what I mean...

Microsoft Windows 7 System Restore

Once you find System Restore in the selection window, click on it and a message box will appear telling you what it can do for you, and showing you the latest "Restore Point" available to you.

You can also click on the Next button to see other Restore Points.

Typically, I've seen 3 to 5 Restore Points available (these are big files) and you can go 'back' in time as far as Windows will allow you.


Since getting my Windows 7 PC last October, I had twice run a System Restore when it started misbehaving.

I woke up early on Saturday morning, November 3rd, to drive our daughter to a track meet bus pickup at 6am.

I was looking forward to using the Web to follow our niece Sophorn who was running a 100 mile Pinhoti Ultra marathon starting at 6am.

Habitually leaving my PC powered on all the time, I toggled my PC to wake up, and I was greeted with a message about an unresponsive script---in hindsight, probably Weatherbug but I wasn't sure.

Overall, the PC was running slow, and I decided to run a Malwarebytes scan before leaving to drop our daughter off at the school for her track meet bus ride.

When I returned 25 minutes later, the Malwarebytes scan had completed, and it reported that it had detected a Trojan of some kind and removed it. Malwarebytes also told me I had to reboot the PC to complete the removal process and I did so.

When the PC started up, McAfee came up with a message saying it had found the same Trojan and removed it.

Funny, I thought to myself, McAfee is taking credit for doing something that Malwarebytes did.

A minute later, while Windows was in the process of starting up all of its many processes, I received a windows RunDLL error indicating that ajgddba.dll could not be found and therefore could not be run. Specifically, Windows was looking for it in an

\Appdata\Local\AppleComputer\Apple

folder under my user account


I figured that the Trojan had probably placed its malicious code in that folder and updated the Registry to start it up when my PC was rebooted.

Error messages like this drive me crazy, and I wanted to get rid of it.

I did a Google search on the dll and the error message, and nothing obvious popped up.

 Caution: Whatever you do DON'T do a Google search for this DLL. The links that are returned may not be trustworthy!

Since I didn't feel like updating the Windows Registry manually (laziness in hindsight) I thought I would use System Restore to revert back to my last Restore point.

System Restore had worked flawlessly (and quickly in under 5 minutes) twice before. In fact, according to my notes, the last time I ran it on July 23rd, it restored my system in just 2 minutes.

I fired up System Restore, and it reported that my last Restore Point was the previous Saturday, October 27th, at 4:18pm.

Although I didn't specifically remember a Windows update occurring then (I was actually on my way to 4:30pm Mass at the time,) I trusted the Restore Point, and told System Restore to do its magic.

I read the warning message that once started, System Restore cannot be interrupted (well, that's not true, you can always pull the plug :)

It was as 9:44am when I clicked on the System Restore button that asked me if I wanted to continue...

System Restore displayed a message that it was preparing to restore my system.

Then a message that it was shutting down.

The PC started up with a message stating "Please wait while your Windows Files and settings are being restored. System restore in initializing."

I knew from experience that in just a few minutes, I should receive a message that System restore is restoring the Registry, followed by another shutdown, a reboot and a message that System Restore has completed successfully.

The problem was that the initial message "Please wait...System restore is initializing..." never went away.

I waited from 9:45am until 10:12am.

I had a MoodleRooms chat scheduled for 11am, and I was impatient.

I used another PC to do a Google search on a non-responsive System Restore, and a Microsoft site said that I could power down and start again in Safe Mode if I believed System Restore was 'hung'.


In hindsight, I should have given the System Restore a few hours to work before I declared it 'hung'.

Instead, I powered down and restarted. Again, not the dumbest thing I've ever done but certainly in the dumb category.

I held my breath as the PC rebooted.

Much to my partial surprise, Windows announced that it was restarting, and the Log in pane (with my 4 user accounts) appeared.

I selected my normal account, entered my password and after a longer than usual start up time which started with a black desktop and no icons, a message appeared stating that

System Restore did not complete. Your files were not changed


Windows appeared to be boot up normally at this point.

My normal desktop appeared, and not surprisingly, that RunDLL message about not being able to find that mysterious file appeared again.

I remember thinking that I had dodged a bullet. Whatever System Restore had started to do, it either hadn't begun at all or had rolled back the changes. I was probably no worse off than when I had started.

It was now about 10:20am.


At this point, I should have made a copy of my User folder and put it on my "D" drive---but I had no way of knowing that the next time I booted up, I wouldn't be able to log into Windows.
I maintain a good backup procedure, and just about all of my day to day, important files are stored on my 2nd hard drive, and backed up periodically.

The User folder contains some data that is by default stored there...Internet favorite, scanned photos, downloaded files, Garmin running files (oops!)

My thought now was to run System Restore in Safe Mode.

First, I wanted to try to honor my commitment to my Internet students and host my MoodleRooms chat at 11am.

I completed the chat OK---if anything major was wrong with my system, I couldn't tell.

At 11:45am, I rebooted into Safe Mode, and logged on.

There was no RunDLL error message, which didn't surprise me.

I selected System Restore.

I was surprised to see System Restore report that I had run a System Restore at 9:43am. That's when I had started the previous System Restore, and since it failed, I thought it wouldn't record it. It had.

Once again, I selected a Restore Point of October 27th.

It was now 11:50am.

System Restore warned me once again that the process could not be interrupted (sure, it can't :)

It went through the process of performing a system shutdown, started up and said "System Restore is initializing..."

32 minutes later, at 12:22, it was still running, and I told myself that I would be patient this time.

At 12:39, I noticed a change in the displayed message...System Restore is restoring the registry! Progress, at last.

At 12:50, the message changed to System Restore is removing Temporary Files. We were almost done.

At 12:51, the system shutdown, and began to reboot.

At 12;52, A message appeared that Windows was starting.

At 12:54, it was still restarting, and then it did something it hadn't done during my last System Restore, it rebooted.

I remember thinking "that's not good."

At 12:55, a message appeared that Windows was starting

At 12:56, the log in screen with my 5 user accounts appeared

I selected my normal account, entered the password and Windows said the user name or password was incorrect.

Hmmm....this was the original password for that account. It's never changed.

The password hint displayed properly, but it wouldn't let me log in.

I tried all 5 user accounts, including one that has no password.

Nothing. All of my accounts were inaccessible.

One thing you need to be careful of with System Restore is if you have created new user accounts, they may not be there when you do the restore.

But all of these user accounts were created within days of receiving the new PC in October of 2011.

My system was hosed.

Just for the heck of it, powered down and logged back in.

My mood was momentarily lightened when I entered my password, and 'something' appeared to happen.

Windows looked like it was trying to log me in, but then returned the same message---user name or password is incorrect.

I rebooted into Safe Mode.
Nothing.

My system was dead.

In the next 2 days, I would restore my system from a Windows Recovery CD, and ultimately I would get it back to where it was before. Windows Recovery didn't work quite the way I thought it would, but that's a story for another post.

Again, the moral of the story, if you run a System Restore, give it some time to finish. Although it's possible that my user account/password problems were caused by a Trojan, most likely it was caused by my impatience with the amount of time the System Restore took to complete.

Internet postings from others say that they have waited almost a full day to have it complete.

My previous experiences of a quick running System Restore fooled me into believing it had hung, when probably it had a lot of work to do.

Cell Phones at the movies....

What is it with people who shine their cell phones in my face during the movie?

Do they miss the announcement to please turn the cell phone off during the movie?

Or do they think that common courtesy doesn't apply to them?

As a result, I'm forced to interrupt my movie to either tap them on the shoulder (if they're right in front of me the way they were last night,) or to yell out if they are farther away---causing most of the theater to believe that a mad man is present amongst them (and he probably is.)