Tech Support Me

Some of you have requested we post an article on the Lsass.exe process – hope this helps!

What is lsass.exe?

“lsass.exe” is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll. If authentication is successful, Lsass generates the user’s access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token.

Lsass.exe has been infected in the past

The Sasser worm exploited a vulnerability in LSASS  to spread via a remote buffer overflow in computers running Microsoft Windows XP and Windows 2000. The worm is particularly potent in that it can spread without any interaction with humans, nor does it ‘travel by email’ like many other worms.

Should the lsass.exe program end, for example, by the Sasser worm’s effects, then a countdown timer will appear on the screen, advising the user to save his work and close all programs before Windows shuts down. Read more…

What is JQS.exe?

When you open the Windows Task Manager (by pressing CTRL-ALT-DEL) you might notice the process jqs.exe that is
running with a low priority. Jqs.exe uses about 1.5 Megabytes of computer memory and 2 Megabytes of virtual memory while running. It also initiates I/O processes frequent basis, if you have those columns activated in the Task Manager.

The JQS process is related to Java. Jqs.exe is the Java Quick Starter which was designed to improve the start-up time of Java applets and applications by prefetching (pre loading) Java Runtime Environment files frequently into memory. This has a benefit for mainly users who run Java applications on a day to day basis. Everyone else would probably benefit from disabling the Java Quick Starter. Think of a user who encounters one Java applet per month (or week), would it make sense to run the process all the time because of those few instances where it might start the application or applet faster? Quite inefficient!

Jqs.exe is definitely queries the Windows Registry on a regular basis. The performance increase might not be huge but you will free up some computer memory and some I/O processes on the computer system.

How to disable JQS.exe

Now, if you want to disable the Java Quick Starter process (JQS.exe) you can do that in the Windows Control Panel. Open the windows control panel and you find a Java entry there which will open the Java Control Panel.

A click on Advanced and the selection of Miscellaneous will display the activated Java Quick Starter entry. Uncheck the box to disable the process. This will be visible in the Windows Task Manager immediately.

Do you have the April 1st Conficker worm?

The Conficker worm, sometimes called Downadup or Kido has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January. If you are unable to reach certain web sites, you may be infected. In that case you will need to get to a computer that is not infected, download the Conficker removal tool and run it on the infected machine before new antivirus software. Symantec has created a detailed technical analysis of the threat here.

What does the Conficker worm do?

The Conficker worm has created secure infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?

The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks. Read more…

The print spooler service is not running Error!

So your getting the following error when you try to install a Printer in Windows.

Operation could not be completed. The print spooler service is not running.

How to fix The print spooler service is not running Error

1. Press the Windows key + R to open the Run dialog Start and type services.msc and click OK.

2. Double-click the Printer Spooler service, and then change the startup type to Automatic. This sets the Spooler service to start automatically when you restart the computer. Click OK. Read more…

What is Bonjour and mDNSResponder.exe?
Bonjour, also known as zero-configuration networking or Zeroconf. It enables automatic discovery of computers, devices, and services on IP networks. Bonjour uses industry standard IP protocols to allow devices to automatically discover each other without the need to enter IP addresses or configure DNS servers (naming servers).

If you open Services.msc (start > run > services.msc >ok) and see the following or If the first line in the list of services looks similar to ##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762##, then Bonjour is installed on your system.

Why Do I Have Bonjour or mDNSResponder.exe running?
If you’ve installed software like Apple’s iTunes, Adobe Premiere Pro, Skype or Gizmo then you probably already a Bonjour folder in your Program Files directory. The service starts automatically and runs a process named mDNSResponder.exe which cannot be ended by Windows Task Manager. If you wanted to remove, uninstall or stop Bonjour from being on your computer then it can seam impossible to find any uninstaller for it! There isn’t even an entry for it in Control Panel’s Add or Remove Programs.

How do I safely uninstall Bonjour and remove mDNSResponder.exe process?

Removing Bonjour from your computer.

1. Click on Start > Run > type the command below and hit OK. Read more…

Got this error the other day repeatedly at bootup so I thought I would share the fix with you

Microsoft Windows Search Indexer stopped working and was closed
A problem caused the application to stop working correctly. Windows will notify you if a solution is available.

So I went into services and disabled it (and I had to also disable the automatic retry separately or it kept starting despite being “disabled”). Any attempt to manually start it there gives me:

Windows could not start the Windows Search service on Local Computer.

Error 1067: The process terminated unexpectedly.

The fix is to delete all files related to search indexing, located by default at:

C:\ProgramData\Microsoft\Search\Data\Applications\Windows

and:

C:\ProgramData\Microsoft\Search\Data\Temp

Note that these are both system directories – You can access it without changing your folder options, just type the shortcut to the folders in the address bar of windows explorer. Or if you want to show hidden folders, you go into Control Panel, (make sure you’re in classic view) and you click on the icon labeled Folder Options, at which point you go into the View tab, there is a sub-folder about halfway down entitled Hidden Files and Folders, click the button next to Show Hidden Files and Folders.

Delete all files and folders in these directories.

Then, change the service back to starting automatically. You still can’t start the service until you reboot, at which time Windows will rebuild the index for you.

One of the most annoying things to happen is when your playing your favirate game and you hammer the shift key five or more times. Windows kicks you out to the desktop and displays the following screen

This happens to me a lot when im playing Call of Duty 5 or Call of Duty 4 as my run key is Shift, so im there playing and running around and I hit the shift key to get away from other people trying to kill me, then without warning Sticky keys notification minimises the game and asks me if I want to enable sticky keys! How annoying! here is how to stop it. Read more…

If you have inserted a USB Stick or external HDD and its not there in the my computer as a drive then try the following.

1. Open Control Panel and double click Administrative Tools
2. Double click Computer Management
3.  Left click Disk management in the left hand task plane
4. Use the lower right hand task plane to find the removable device 
5. Right click the removable disks space and select Change drive letter and Paths…
6. Click Change and select a letter that is not in use
7. Select a letter that is not in use
8. Click Ok and click Yes to the warning (becarefull to only do this to drives that are not in use, dont do it to your windows drive!!)
9. Now the drive will appear in My Computer

Alternativly you could try Acronis Disk Management to takle any other disk related problems

Thanks to Ewa Paszkiewicz for this Article

A few have requested this be posted as a fix so here you go…

Trojan.Zlob.G is another invention of Perfect Defender 2009 developers, that helps them to scare computer users and trick into installing and purchasing licensed version of Perfect Defender 2009. In fact Trojan.Zlob.G is imaginary application, main purpose of which is to mislead computer users. Usually Zlob or Vundo Trojan displays security alerts stating that your computer is seriously infected with Trojan.Zlob.G and your data and privacy are in danger. If you click on that alert you will be redirected to Perfect Defender 2009 download page.

Download SUPERAntiSpyware from http://www.superantispyware.com/ or AdAware from http://www.lavasoft.com/products/ad_awar… both are best at removing these Trojans…

How to remove Trojan.Zlob.G manually:

It’s possible to remove Trojan.Zlob.G manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

The files to be deleted:

* pd.dll
* pdfndr.exe
* pdmonitor.exe
* PDInstall2009[1].exe
* %WINDOWS%\system32\drivers\svchost.exe
* %UserProfile%\Application Data\Google\ijdkq13324484.exe

Remove registry entries:

* HKEY_LOCAL_MACHINE\Software\Microsoft\Wi… Defender 2009

Please be careful because manual removal of Trojan.Zlob.G may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So I strongly recommend you to use automatic removal tool.

This problem started to hit me just the other day, I litrally tried everything I could to to solve it, removing programs using appwiz.cpl (because I could not get into control panel) – Running appwiz.cpl from the run line opens add and remove programs without going into control panel.

Anyway this didnt solve it! so I did some more digging and I narrowed it down to a faulty cpl file existing on my system. Heres what I did Read more…

We wouldnt be a Tech Support site if we didnt have a list of Vista Tech Tip, Tweaks and Tricks we hope you enjoy this list!

< ?php digg_this_button(); ?>

1. Instant search

The Instant Search box is at the bottom of the Start menu. Read more…