IT Troubleshooters

step 1 Open an Internet Explorer window. Click “Tools,” then choose “Internet Options.” This will open the Internet Options window.

Step 2 Click the “Content” tab in the Internet Options window. This will open the Content options page.

Step 3 Click the “Certificates” button on the Content options page. This will open the Certificates window.

Step 4 Click the “Untrusted Publishers” tab in the Certificates window. It may be necessary to scroll horizontally to see the tab.

Step 5 Click to highlight the security certificate that you want to trust, then click the “Remove” button. This will open a confirmation window. Click the “Yes” button in the confirmation window to complete the process.

From what we’ve seen so far Windows 7 is already performing better than Vista, but if your PC seems sluggish then it’s now much easier to uncover the bottleneck. Click Start, type RESMON and press Enter to launch the Resource Monitor, then click the CPU, Memory, Disk or Network tabs. Windows 7 will immediately show which processes are hogging the most system resources.

The CPU view is particularly useful, and provides something like a more powerful version of Task Manager. If a program has locked up, for example, then right-click its name in the list and select Analyze Process. Windows will then try to tell you why it’s hanging – the program might be waiting for another process, perhaps – which could give you the information you need to fix the problem.

FIND BOTTLENECKS: Resource monitor keeps a careful eye on exactly how your PC is being used

USB flash drives are convenient, portable, and very easy to lose. Which is a problem, especially if they’re carrying sensitive data. Fortunately Windows 7 has the solution: encrypt your documents with an extension of Microsoft’s BitLocker technology, and only someone with the password will be able to access it. Right-click your USB flash drive, select Turn on BitLocker and follow the instructions to protect your private files.

PROTECT YOUR DATA: Your USB flash drives can easily be encrypted with BitLocker

Windows Vista’s User Account Control was a good idea in practice, but poor implementation put many people off – it raised far too many alerts. Fortunately Windows 7 displays less warnings by default, and lets you further fine-tune UAC to suit your preferred balance between security and a pop-up free life (Start > Control Panel > Change User Account Control Settings).

Changing the Windows log-on screen used to involve some complicated and potentially dangerous hacks, but not any more – Windows 7 makes it easy.

First, browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background in REGEDIT, double-click the DWORD key called OEMBackground (not there? Create it) and set its value to 1.

Now find a background image you’d like to use. Make sure it’s less than 256KB in size, and matches the aspect ratio of your screen as it’ll be stretched to fit.

Next, copy that image into the %windir%\system32\oobe\info\backgrounds folder (create the info\backgrounds folders if they don’t exist). Rename the image to backgroundDefault.jpg, reboot, and you should now have a custom log-on image.

Alternatively, use a free tweaking tool to handle everything for you. Logon Changer displays a preview so you can see how the log-on screen will look without rebooting, while the Logon Screen Rotator accepts multiple images and will display a different one every time you log on.

McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file that was released on April 21, 2010.

What happens
Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT.

Workaround 1

McAfee has developed an EXTRA.DAT to suppress this detection. The file is attached to this article. This EXTRA.DAT does not fix the issue, it only suppresses the detection.

Apply the EXTRA.DAT to all potentially affected systems as soon as possible.

For systems that have already encountered this issue, start the computer in Safe Mode and apply the EXTRA.DAT. After applying the EXTRA.DAT, restore the affected files from Quarantine.

IMPORTANT: For VirusScan Enterprise 8.5i and later, an Access Protection feature must be temporarily disabled before proceeding:

Click Start, Programs, McAfee, VirusScan Console.
Right-click Access Protection and select Disable.
Apply the EXTRA.DAT as described below.
Right-click Access Protection and select Enable.

To apply the EXTRA.DAT locally:

Download the EXTRA.ZIP file attached to this article and extract the EXTRA.DAT file.
Click Start, Run, type services.msc and click OK.
Right-click the McAfee McShield service and select Stop.
Copy the EXTRA.DAT file to the following location:

\Program Files\Common Files\McAfee\Engine

In the Services window, right-click McAfee McShield and select Start.

Workaround 2
If the false detection has deleted or quarantined svchost.exe on your system:

IMPORTANT: Ensure that you have applied the EXTRA.DAT to suppress the false positive detection before restoring svchost.exe.

Copy the svchost.exe from a working system

On a computer that is not affected by the issue, navigate to the location below:

C:\WINDOWS\system32

Copy svchost.exe to a network location or removable media device.
On the affected system, copy svchost.exe to the location below:

C:\WINDOWS\system32

Restart the affected computer.

On some computer I have had to run the windows repair then 2 reboots of the computer to work.

There are two situations where detection can occur and cleaning takes place:

1. If the modified sfc_os.dll is not located in System32 or in system32\dllcache directory: in this case the cleaning proceeds in one step.

- The modified bytes are patched again to the correct values. The sfc_os.dll file is now clean
- The corrected file is copied to zfcxx.tmp. This file is also clean, but it will stay in the system.

2. If the modified file is located in System32 or in system32\dllcache: In this case, cleaning occur in two steps:

First step:

- the modified bytes are patched again with correct values. Since the file is in use by Windows, this modification fails or is delayed. The file is still infected.
- the file is then copied to zfcxx.tmp. This temporary file is also infected.
- If the system is scanned again, no detection will occur in sfc_os.dll, since it only occurs when there is no zfcxx.tmp file in the same directory.

Second step:

- Do not REBOOT the machine yet
- Scan the machine again. Only zfcxx.tmp will be detected
- the temporary file will be patched to contain the correct bytes. Zfcxx.tmp will now be clean.
- the file infected sfc_os.dll will be moved to sfc_os.dll.exe. This is a delayed move, so it will only occur AFTER reboot, since the file is in use by Windows.
- The clean file zfcxx.tmp will be copied to sfc_os.dll, restoring the original dll to its place.
- The cleaning procedure tries to remove zfcxx.tmp and sfc_os.dll.exe. This operation will be delayed until next reboot.
- The user should then reboot the system. The temporary files will be removed and the DLL will be restored.
- If the system is scanned again and detection occurs on the sfc_os.dll file located in system32\dllcache, the files zfcxx.tmp and sfc_os.dll.exe will be created again. Jus reboot and they will be removed.

To clear a password, follow the steps below.

1. Turn off the computer and disconnect the power cable from the electrical outlet.
2. Remove the computer cover.
3. Locate the 2-pin password jumper (PSWD) on the system board and remove it to clear the password.
4. Close the computer cover.
5. Connect your computer and monitor to electrical outlets and turn them on.
6. After the Microsoft® Windows® desktop appears on your computer, shut it down.
7. Turn off the monitor and disconnect it from the electrical outlet.
8. Disconnect the computer power cable from the electrical outlet, and then press the power button to ground the system board.
9. Open the computer cover.
10. Locate the 2-pin password jumper on the system board and attach it to re-enable the password feature.
11. Replace the computer cover.
12. Connect your computer and devices to electrical outlets and turn them on.
13. Assign a new system and/or Administrator password.

When Windows crashes a small memory dump file records the smallest set of useful information that may help identify why your computer has stopped unexpectedly the file can be found here c:\windows\minidump\.

This dump file type includes the following information:
The Stop message and its parameters and other data
A list of loaded drivers
The processor context (PRCB) for the processor that stopped
The process information and kernel context (EPROCESS) for the process that stopped
The process information and kernel context (ETHREAD) for the thread that stopped
The Kernel-mode call stack for the thread that stopped
The small memory dump file can be useful when hard disk space is limited. However, because of the limited information that is included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this file.

Tools to read the small memory dump file
You can load small memory dump files by using the Dump Check Utility (Dumpchk.exe). You can also use Dumpchk.exe to verify that a memory dump file has been created correctly. The Dump Check Utility does not require access to debugging symbols. The Dump Check Utility is included with the Microsoft Windows 2000 Support Tools and the Microsoft Windows XP Support Tools.

Install the debugging tools
To download and install the Windows debugging tools, visit the following Microsoft Web site:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx (http://www.microsoft.com/whdc/devtools/debugging/default.mspx)
Select the Typical installation. By default, the installer installs the debugging tools in the following folder:
C:\Program Files\Debugging Tools for Windows

Open the dump file
To open the dump file after the installation is complete, follow these steps:
Click Start, click Run, type cmd, and then click OK.
Change to the Debugging Tools for Windows folder. To do this, type the following at the command prompt, and then press ENTER:
cd c:\program files\debugging tools for windows
To load the dump file into a debugger, type one of the following commands, and then press ENTER:
windbg -y SymbolPath -i ImagePath -z DumpFilePath
kd -y SymbolPath -i ImagePath -z DumpFilePath