Friday, April 4, 2014

The type or namespace name 'Practice' does not exist in the namespace 'Microsoft.Practices.EnterpriseLibrary...' (are you missing an assembly reference?)

Getting "The type or namespace name 'Practice' does not exist in the namespace 'Microsoft.Practices.EnterpriseLibrary...' (are you missing an assembly reference?)" even if you have add the .dll


Microsoft Enterprise Library 6.0 is not backwards compatible and does not support multi-release .Net Framework - only supports .Net 4.5


Microsoft Enterprise Library 5.0 supports .Net 4.0 & .Net 3.5 SP1


Other common issue always compile Target Framework with full .NET framework
and not clients - savings is minimal. 



Tuesday, March 25, 2014

500 Internal Server Error on GoDaddy.com - no Options All allowed

Getting a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

If you are using GoDaddy.com here's a possible reason why -



You cannot use Options modifier in .htaccess files with GoDaddy.com.





Related : Apache Deb Box .htaccess file set-up alternative

If you are modifying your .htaccess file for security purposes heavily on an Apache Box.

If you getting this 500 Internal Server Error on other web hosting companies or your own Apache Dev box.

Here's a possible work around.

I noticed today that I receive the following error message in each page view error_log get written:
Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden:
/var/www/vhosts/domain.Ca/httpdocs/index.pl, referer: http://www.domain.ca/

Workaround

The error messages is to get a grip on a previously used by me without any problems possibility of under / etc/apache2/mods-enabled/dir.conf to change the order as in about

   DirectoryIndex at_domains_index.html  index.html index.php index.xhtml 
                  index.htm index.shtml index.cfm

Saturday, March 22, 2014

Finding and Removing Orphaned SIDs in File Permissions, or: Busting the Ghosts Built Into Windows 7 & 8, Server 2012

Dreaded Unknown Accounts - Have you been hacked?

Do you get accounts like this showing up for file permissions on c:\Windows\Temp:

Account Unknown (S-1-5-21-1796170229-294937551-3999959926-1026)


These are known as dreaded S-1-5-21 because the can be created on the fly by programs using a technique called impersonation.

According to Microsoft (http://msdn.microsoft.com/en-us/library/windows/desktop/aa379649) these are called

SECURITY_NT_NON_UNIQUE S-1-5-21 SIDS are not unique.

An attempt at an explaination is a follows of what SIDS are.

security identifier (SID) is a unique value of variable length used to identify a trustee. Each account has a unique SID issued by an authority, such as a Windows domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group.
Windows security uses SIDs in the following security elements:
SIDs have following format:

S-1-5-21-527237640-484763769-1060284398-500

SID => S-1-5-21

Unique Identifier => 527237640-484763769-1060284398
RID => 500

The "S-1" part refers to this being a version 1 Security Identifier. The "5" identifies the top-level identifier authority as SECURITY_NT_AUTHORITY. All Windows SIDs begin with "S-1-5". The first sub-authority is "21", which is SECURITY_NT_NON_UNIQUE. This means that the value of the SID is made unique by the addition of the RID value (the last part of the decimal format). The next three sub authorities are 32-bit random numbers to uniquely identify the computer. The final part of the SID is the Relative Identifier (RID) of the object. The local Administrator user on all computers has the same well-known RID, "500".

If the local computer SID prefix values are not unique, then local user accounts on two different computers can have the same objectSID. For example, the local Administrator user, which always has the same well-known RID value of 500, will have the same objectSID value on two different computers if the local computer SID prefix is the same. Permissions granted to one of these users will apply to the other by mistake.

This gives a list of well known SIDS and RIDS.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx

This is how to list current SID:
$objUser = New-Object System.Security.Principal.NTAccount("kenmyer")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

How can you identify hacked SIDs? 

Thank the lords of Cobalt, that some has figured this out and it is Helge Klein.

He create setACL, a tool to get identify, find SIDS relative to programs that use them.

http://helgeklein.com/blog/2012/07/finding-removing-orphaned-sids-in-file-permissions-or-busting-the-ghosts-built-into-windows-7/

Did you hear that SIDS linked to the program that creates them !!!!!! How cool is that !!!!

C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\LogFiles
DACL(not_protected+auto_inherited):

->>>>>>>> S-1-5-21-1796170229-294937551-3999959926-1011   write+read+DELETE   allow   container_inherit+object_inherit <<<<<<<---- br="">

So this account has not been hacked.

This is a list of some accounts that might help you, I found.

C:\Program Files\Common Files\Microsoft Shared\VGX

   DACL(protected+auto_inherited):
   S-1-15-2-1   read_execute   allow   no_inheritance
   S-1-15-2-1   read_execute   allow   container_inherit+object_inherit+inherit_only

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Data\MSSQL10.SHAREPOINT\MSSQL\Template Data

   DACL(not_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1019   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\100\DTS\Binn

   DACL(pseudo_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1027   read_execute   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\90\Shared

   DACL(not_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1028   read_execute   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSAS10_50.SQLDEVLOPER\OLAP\Config

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1028   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSAS10_50.SQLDEVLOPER\OLAP\Data

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1028   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSAS10_50.SQLDEVLOPER\OLAP\Log

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1028   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLDEVLOPER\Reporting Services\LogFiles

   DACL(not_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1026   write+read+DELETE   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLDEVLOPER\Reporting Services\RSTempFiles

   DACL(not_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1026   read_execute+write   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\LogFiles

   DACL(not_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1011   write+read+DELETE   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1006   read_execute   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEVLOPER\MSSQL

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1029   read_execute   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEVLOPER\MSSQL\DATA

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1029   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEVLOPER\MSSQL\FTData

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1029   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEVLOPER\MSSQL\JOBS

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1030   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEVLOPER\MSSQL\Log

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1029   full   allow   container_inherit+object_inherit
   S-1-5-21-1111111111-222222222-3333333333-1030   read_execute+write+FILE_DELETE_CHILD   allow   no_inheritance
   S-1-5-21-1111111111-222222222-3333333333-1030   read_execute+write+FILE_DELETE_CHILD   allow   container_inherit+object_inherit+inherit_only
   S-1-5-80-1111111111-222222222-3333333333-4444444444-555555555   FILE_LIST_DIRECTORY+FILE_ADD_FILE   allow   no_inheritance

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1014   read_execute   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1014   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\FTData

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1014   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\JOBS

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1015   full   allow   container_inherit+object_inherit

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Log

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1014   full   allow   container_inherit+object_inherit
   S-1-5-21-1111111111-222222222-3333333333-1015   read_execute+write+FILE_DELETE_CHILD   allow   no_inheritance
   S-1-5-21-1111111111-222222222-3333333333-1015   read_execute+write+FILE_DELETE_CHILD   allow   container_inherit+object_inherit+inherit_only
   S-1-5-80-1111111111-222222222-3333333333-4444444444-555555555   FILE_LIST_DIRECTORY+FILE_ADD_FILE   allow   no_inheritance

C:\Program Files (x86)\Common Files\microsoft shared\VGX

   DACL(protected+auto_inherited):
   S-1-15-2-1   read_execute   allow   no_inheritance
   S-1-15-2-1   read_execute   allow   container_inherit+object_inherit+inherit_only

C:\Program Files (x86)\Microsoft SQL Server\90\Shared

   DACL(not_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1005   read_execute   allow   container_inherit+object_inherit
   S-1-5-21-1111111111-222222222-3333333333-1013   read_execute   allow   container_inherit+object_inherit

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\ASConfig

   DACL(not_protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1013   FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY+READ_CONTROL   allow   container_inherit+object_inherit+no_propagate_inherit
   S-1-5-21-1111111111-222222222-3333333333-1028   full   allow   container_inherit+object_inherit

C:\ProgramData\Microsoft\eHome\SharedSBE

   DACL(not_protected+auto_inherited):
   S-1-5-80-1111111111-222222222-3333333333-4444444444-555555555   change+FILE_DELETE_CHILD   allow   no_inheritance
   S-1-5-80-1111111111-222222222-3333333333-4444444444-555555555   change+FILE_DELETE_CHILD   allow   container_inherit+object_inherit+inherit_only

C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System

   DACL(pseudo_protected):
   S-1-5-80-1111111111-222222222-3333333333-4444444444-555555555   full   allow   container_inherit+object_inherit

C:\ProgramData\Microsoft\Network\Connections

   DACL(protected+auto_inherited):
   S-1-5-80-31111111111-222222222-3333333333-164347954-1900376235   full   allow   no_inheritance
   S-1-5-80-31111111111-222222222-3333333333-164347954-1900376235   full   allow   container_inherit+object_inherit+inherit_only

C:\Users\Public\Recorded TV

   DACL(not_protected+auto_inherited):
   S-1-5-80-1111111111-222222222-3333333333-1563395363-459793767   change+FILE_DELETE_CHILD   allow   no_inheritance
   S-1-5-80-1111111111-222222222-3333333333-1563395363-459793767   change+FILE_DELETE_CHILD   allow   container_inherit+object_inherit+inherit_only

C:\Windows\Downloaded Program Files

   DACL(protected+auto_inherited):
   S-1-15-2-1   read_execute   allow   no_inheritance
   S-1-15-2-1   read_execute   allow   container_inherit+object_inherit+inherit_only

C:\Windows\Globalization\ELS\HyphenationDictionaries

   DACL(protected+auto_inherited):
   S-1-15-2-1   read_execute   allow   no_inheritance
   S-1-15-2-1   read_execute   allow   container_inherit+object_inherit+inherit_only

C:\Windows\Globalization\ELS\SpellDictionaries

   DACL(protected+auto_inherited):
   S-1-15-2-1   read_execute   allow   no_inheritance
   S-1-15-2-1   read_execute   allow   container_inherit+object_inherit+inherit_only

C:\Windows\Offline Web Pages

   DACL(protected+auto_inherited):
   S-1-15-2-1   read_execute   allow   no_inheritance
   S-1-15-2-1   read_execute   allow   container_inherit+object_inherit+inherit_only

C:\Windows\Temp

   DACL(protected+auto_inherited):
   S-1-5-21-1111111111-222222222-3333333333-1011   read_execute+FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY+DELETE   allow   container_inherit+object_inherit
   S-1-5-21-1111111111-222222222-3333333333-1026   read_execute+FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY+DELETE   allow   container_inherit+object_inherit

SetACL finished successfully.










Wednesday, March 19, 2014

Wordpress News/Blog contains funny characters, you site has been hacked

If you are finding weird characters in the Wordpress News Blog roll, then you have been hacked. An example is; 

I+ACYAIw-8217+ADs-m excited to announce that the first beta of WordPress 3.9 is now available for testing. WordPress 3.9 is due out next month +ACYAIw-8212+ADs but in order to hit that goal, we need your help testing all of the goodies we+ACYAIw-8217+ADs-ve added: We updated TinyMCE, the software powering the visual editor, to the latest version. +AFsAJgAj-8230+ADsAXQ- […]

or you see those characters in the title tag of your site, hackers have gotten into your site and/or guessed your password. See more information on latest attack here - http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html

There are many, resolutions but even after this http://codex.wordpress.org/FAQ_My_site_was_hacked and many more recommendation using Google search about this. 

You may see these I+ACYAIw-8217+ADs-m still appear. An analysis of several sites, indicates that this has been caused by a change in a database setting. These strings are stored in your MySQL database and once corrupted remain there. 


This is because a change to using UTF-7 instead of UTF-8. See below for changes back to UTF-8.You may have to convert old database fields into the new characters set, see below for a solution. 

But for WordPress New RSS Blog entries from the mother-ship,  these entries which are stored in WordPress as transients. You can just blow of them off, and delete them.

Here is an excellent plug-in to just that. Delete all transients 
http://wordpress.org/plugins/delete-expired-transients/

Actually you can create a schedule task to do this periodically. 

To be thorough, you may want to check these settings.
1. Check the DB_CHARSET constant in wp-config.php, it may read utf-7 change to utf-8.
1
2
3
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8'); define('DB_COLLATE', '');
2. In the WordPress admin menu, Change “Settings->Reading->Encoding for Pages and Feeds” from UTF-8 from UTF-7

Following the above bad advice might appear to ‘fix’ the appearance of some languages, but others will still display incorrectly. Furthermore, these changes will cause your text to be encoded incorrectly, so that when you do implement the correct fix, your foreign-language pages will have bad character mappings and be filled with incorrect characters. You will then have to correct or re-enter the text from scratch.

If you found unusual characters in your database, try this...

To fix this problem, you need to change the default character set/collation of your WordPress site’s MySQL database to UTF-8/utf8_general_ci and then convert all the current table data.
The traditional way to do this is to run various “ALTER DATABASE” and “ALTER TABLE” SQL queries within phpMyAdmin or via the command-line mysql client, and you can find some great instructions here:
http://en.gentoo-wiki.com/wiki/Convert_latin1_to_UTF-8_in_MySQL

Unfortunately, this procedure is tedious.


There is however a fantastic plugin named Convert WP Database to UTF-8. This plugin adds a sub-menu page named “UTF-8 DB Converter” to the Plugins Menu. Simple click on “Start converting” and the plugin will automatically execute the required SQL queries to alter the character set and collation of all your existing WordPress tables.


You only need to do it once per website, and the problem is fixed for good. You can then uninstall the plugin.
Although this plugin has always run without a hitch for me, it is proper practice to make a backup of your WordPress database before attempting this procedure, just in case something goes wrong. Most web hosts provide wizards that let you easily backup your MySQL databases, but you can do this using phpMyAdmin or a WordPress plugin like

Also, you should place your website in maintenance mode using a plugin like WP Maintenance Mode to stop users accessing your website while the character set conversion is in progress. The time taken will vary depending on how big your database is, but for me, the conversion has always been completed in less than 1 minute.

Additional reading
Technical 
http://joemaller.com/1328/fixing-mixed-encoding-mysql-dumpfiles-with-wordpress/
Easy to read
http://digwp.com/2011/07/clean-up-weird-characters-in-database/


Sunday, March 16, 2014

Disable Windows Error Reporting (WER) Service in Windows 7 & 8

A complete guide to disable the WER from of Windows 7&8: 

Step 1

  • Click on Start > Control Panel > Action Center > Change Action Center Settings.
  • Click on the "Problem Reporting Settings".
  • Select "Never Check for Solutions".

  • Click on OK to validate
  • Additionally : You can change this for all users as well by Clicking "Change report setting for all users".

Step 2

  • Click on Start > Run > Type "services.msc"
  • In the window that opens (Services), look for the following entry in the the right pane:
    • "Windows Error Reporting"
  • Double-click on this entry and set the "Startup type" status as "Disabled".



  • Click on OK to validate.


 Step 3 Double check this registry setting - EXHAUSTIVE

Best to do a search for Windows Error Reporting, and you find the key stems
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
Type "Regedit" and press "Enter."

Navigate to "Hkey_users\S-1-5-19\Software\Microsoft\Windows\Windows Error Reporting" and the above keys. 


Right-click "Disabled" and change the value from "0" to "1".


Next Key


Navigate to "Hkey_users\S-1-5-19\Software\Microsoft\Windows\Windows Error
Reporting/Consent"
       Set to 1            
             Consent\DefaultConsent REG_DWORD
Possible values: 
          1 - Always ask (default), 2 - Parameters only, 3 - Parameters and safe data, 4 - All data                
Next Key 

Navigate to "Hkey_users\S-1-5-19\Software\Microsoft\Windows\Windows Error Reporting/DefaultOverrideBehavior"
       Set to 1
          Consent\DefaultOverrideBehavior
REG_DWORD
Possible values:
0 - Vertical consent will override the default consent (default)
1 - Default consent will override the application-specific consent


Press the "Windows" key and "R" key simultaneously.

All Values Registry Values here ....

 Step 4  Disable Task Scheduler for Error Reporting Service


  • Open Task Scheduler and navigate to Task Scheduler (local) ->Microsoft->Windows->Windows Error Reporting

    Select on QueueReporting and Disable

  • Step 5

  • Permanently Disable Windows Error Reporting Service

To permanently Disable Windows Error Reporting Service, delete all keys under this folder LocalDumps.






    • Step 6 Clean these directories out


    C:\ProgramData\Microsoft\Windows\WER\ReportArchive

    C:\ProgramData\Microsoft\Windows\WER\ReportQueue

    C:\Windows\LiveKernelReports\WATCHDOG




    Saturday, March 15, 2014

    Removing Malware, Conduit Search Engine, Perion, UniBlu DriverScanner 2014, Open Candy, BitTorrent toolbar, DivX Toolbar

    STEP 1: Uninstall hidden software and the after that, use this AdwCleaner

    To remove all the Conduit Search, Uniblue Software (embedded Conduit engine), Bittorrent Toolbar (Conduit) registry keys, DivX Toolbar (Conduit),  Imgburn (Open Cola) files and folders from your computer, we will need to run a scan with the AdwCleaner and Junkware Removal Tool utilities.

    Run a computer scan with AdwCleaner 

    The AdwCleaner utility will scan your computer for malicious files and registry keys, that may have been installed on your computer without your knowledge.
    1. You can download AdwCleaner utility from the below link.
      ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner on your computer)
    2. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

      [Image: AdwCleaner Icon]
      If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    3. When the AdwCleaner program will open, click on the Search button as shown below.

      [Image: AdwCleaner scanning for DivX Toolbar]
      The program will now start to search for malicious files that may be installed on your computer. When it has finished it will display a notepad screen that contains a log file of all the malicious extensions, files, and registry keys that have been detected. Unless you see a program name that you know should not be removed, please close the Notepad window and continue with the next step.
    4. To remove the malicious Toolbar malicious files that were detected in the previous step, please click on the Delete button on the AdwCleaner screen.

      [Image: Adwcleaner removing DivX Toolbar]
      AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button.
    5. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.

      Please click on the OK button to let AdwCleaner reboot your computer.

    STEP 2: Remove hijacking software Conduit, Open Candy with Junkware Removal Tool

    Junkware Removal Tool is a powerful utility, which will remove malicious virus from Internet Explorer, Firefox or Google Chrome.
    1. You can download the Junkware Removal Tool utility from the below link:
      JUNKWARE REMOVAL TOOL DOWNLOAD LINK (This link will automatically download the Junkware Removal Tool utility on your computer)
    2. Once Junkware Removal Tool has finished downloading, please double-click on the JRT.exe icon as seen below.

      [Image: Junkware Removal Tool]
      If Windows prompts you as to whether or not you wish to run Junkware Removal Tool, please allow it to run.
    3. Junkware Removal Tool will now start, and at the Command Prompt, you’ll need to press any key to perform a scan for the malicious files.

      [Image: Junkware Removal Tool scanning for DivX Toolbar virus]
      Please be patient as this can take a while to complete (up to 10 minutes) depending on your system’s specifications.
    4. When the scan Junkware Removal Tool will be completed, this utility will display a log with the malicious files and registry keys that were removed from your computer.

      [Image: Junkware Removal Tool final log]
    5. Run Malware Bytes ~ 10hrs
    6. Run CC Cleaner ~ 10mins
    7. Run F-Prot Antivirus - free trial ~ 10hrs
    8. Run Microsoft Malicious Software Removal Tool  - ~10hrs
    9. Purchase top anti-virus solution either Trend-Micro OR Kapersky, all others are useless ~ 2hrs to setup.
    10. Done!

    Saturday, February 22, 2014

    PHP Parse error: syntax error, unexpected $end for large PHP file ~ 4000 lines


    When you have exhausted checking closing brackets and missing semi-colons using this awesome tool PHP Lint (http://www.icosaedro.it/phplint/phplint-on-line.html) and you are still getting the dreaded 
    PHP Parse error:  syntax error, unexpected $end.
     
    Then I have a solution that may help.  On rare occasion, you may need to up the memory allowed for PHP. Usually it's when I deal with large files and don't necessarily care about optimizing the file reading process but simply getting the file opened. There's an easy way to increase to amount of memory allowed to PHP right in your script:
    ini_set('memory_limit','16M');
    The above code will increase the maximum amount of memory available to PHP to 16 MB. Again, the setting is only adjusted for the running script. 
    PHP Fatal error:  Allowed memory size of 16777216 bytes exhausted (tried to allocate 6144 bytes) 
    Well that wasn't even enough but at least I got a logical error this time. I  increased to 32M and it worked.