Removing the BKA Trojan

A friend of mine caught the so-called BKA Trojan, and asked me to help him remove it.

This trojan makes using Windows impossible, as it displays an official-looking statement (see sample) if connected to the Internet, and only a white empty desktop if not connected, and does not allow any user action. The only way to revert to normal is supposedly by sending money using PaySafeCard or Ukash.

The warning page (which is full of typos, even in the heading: “Investignation”) lists a couple of possible Internet crimes that have been committed and caused the “computer” to be locked by law enforcement, and unlocking is as easy as sending 100€ via the linked payment providers.

What to do?

We started Windows in command-line safe mode and started msconfig to find suspicious start-up entries, unfortunately without any obvious success.

By cd’ing and dir’ing around we found the date and time the infection took place. The temp directory C:\Users\[username]\AppData\Local\Temp contained an executable with a “funny” name (5628386cos7655422.exe), an HTML file and a couple of images.

Some removal tips mention the Shell setting in the registry, and we had another look using regedit (which can also be called from the win7 command line boot).

Navigating to

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

the Shell key contained the following string:

explorer.exe,C:\Users\[username]\AppData\Roaming\msconfig.dat

This seemed suspicious, as it should only contain “explorer.exe”, and nothing more.

In Explorer, I dragged the file into Notepad (size 47.104 bytes), and found that it contained the MZ and PE headers (wiki, SO), a clear sign that it was not an innocent data file, but an executable.

The next steps were pretty straight-forward: clean the Shell key to read “explorer.exe” only, remove the msconfig.dat, and reboot back to normal.

Surprisingly, the Trojan does not seem to contain any sophisticated survival code (such as copying itself all over the boot disk, planting several hooks in the registry, run a watchdog, etc) – things that can make malware removal a nightmare.

Left-to-Right Tab Order in CRM 2011 Form

Looking for a solution to set the tab order in a CRM 2011 Form to tab horizontally (rather than vertically), I found a couple of solutions (such as here and here).

The solutions, however, were not complete, and required a bit of tweaking:

• including the tabs for headers inside a form

• setting the tabIndex higher than the navigational tab indexes

Finally, my function looks like this:

function TabOrderLefttoRight() {
    for (var i = 0; i < crmForm.all.length; i++) {
        var element = crmForm.all[i];
        if (element.tabIndex && element.tabIndex != "0") {
            if (element.className == 'ms-crm-Hidden-NoBehavior') 
                continue;
            if (element.tagName == 'A') {
                if (element.className != 'ms-crm-InlineTabHeaderText') 
                    continue;
            }

            element.tabIndex = 10000 + (i * 10);
        }
    }
}

Simply add a call to TabOrderLeftToRight() in your form’s onLoad event.

Latest Firefox issues

I honestly get more and more reluctant to update each and every piece of software, simply because UPDATES BREAK EVERYTHING.

Most recently example: Firefox.

As a happy user of Firefox since Netscape I occasionally dare to update the software (I mentioned reluctance? I stayed on 3.6.x until an upgrade to 8 or so was unavoidable). The last version that ran smoothly for me was 13.0.

Then came 13.0.1, and problems started: When you opened a link in a new tab, Firefox lost focus after a couple of seconds. From the bug reports I read it seemed to be a problem with the Flash plugins. No rescue in sight.

I noticed that the scrolling was swifter, though. Subjective impression.

I hoped 14.0.1 would solve that focus problem, just to find out that initial scrolling on a page only started after a delay, sometimes a couple of seconds, with CPU usage hogging one core. Plus, the focus problem remained.

I also noticed that the font in the address bar and search bar was a bit smaller, and looked slightly distorted and blurred.

Not amused.

So, back to Firefox 13.0.

automssqlbackup 0.31 supports MS SQL Server 2012

automssqlbackup has been idle for 3 years now, not because I discontinued the script, but simply because it worked! (Thanks everybody for their feedback!)

With the arrival of a new version of SQL Server it was time to adjust the assembly references in the code.

What you will now find is a set of paths to default SQL Server SMO assembly locations, of which you need to activate the one that applies to your system.

automssqlbackup is available for download here.

Fixing jQuery Validation with changing validators

Got jQuery Validation running, and now I know that it requires every input and select to have a name property; otherwise it will simply ignore your validation rules:

jquery.validate.js line 130:
staticRules[element.name] = existingRules;

It will however still apply the CSS-based rules, so finding that out was a bit tricky.

Next stop: I create a dialog with a dropdown to select some sort of object type, each object type having different attributes and different validation rules.

Of course, the validation rules have to be re-defined every time the dropdown value changes. If there is already a validator defined on the form, you need to destroy the existing validator

var form = $('#myForm).get(0);
$.removeData(form, 'validator');

(found here)

Still, some mysterious bit of code still remains, as validation is still executed even though the validator had been deleted and the dropdown is ignored in the (non-existing?) validator:

Uncaught TypeError: Cannot read property 'settings' of undefined
 jquery.validate.js:315

says Chrome, and IE reports

Unable to get value of the property 'settings': object is null or undefined

The culprit is the method delegate() (line 313), which does not check whether a validator exists:

function delegate(event) {
  var validator = $.data(this[0].form, "validator"),
  eventType = "on" + event.type.replace(/^validate/, "");
  // this fixes handling the deleted validator:
  if (!validator) return;
  validator.settings[eventType] && validator.settings[eventType].call(validator, this[0], event);
}

hMailServer: “connection to the database is not available”

Outlook just gave me warnings that it could not connect to my local mail server. RDP’ing to the server, I wanted to start hMailServer Administrator, but it only responded with an error message:

The connection to the database is not available
ADO: Cannot open database “hmailserver” requested by the login. The login failed.

Since I had rebooted the server after Windows Update insisted, I blamed Windows Update.

I looked into the log files, which showed repeated error messages

“ERROR”    748    ”2012-07-17 18:18:19.235″    ”Severity: 1 (Critical), Code: HM5028, Source: ADOConnection::Connect, Description: Error when connecting to database. Microsoft OLE DB Provider for SQL Server Cannot open database “hmailserver” requested by the login. The login failed. Check your database settings in hMailServer.ini.”

No event log entries could be found relating to this error.

This time, however, there seems to be a problem when hMail cannot connect to the database during startup. As this hMailServer issue indicated, restarting the hMailServer service (with SQL Server already running) was enough to solve the error.

Validating a jQuery Dialog using jQuery Validate in ASP.Net

After I managed to create and display a jQuery dialog using the $().dialog() function, I wanted to replace my ad-hoc validation code with a “real” validation plugin, namely jQuery Validation. (naming consistency of jQuery plugins did not seem to matter until now, as there are several plugins with similar names in this area)

As much as I tried, the validator’s valid() would always return true, and debugging revealed that there were no elements to be checked, even though I had declared them in the validate() method.

Finally I came across this answer on SO, stating

the jQuery-UI dialog does not append to the form, it appends just before </body>, so the elements to validate are outside the <form></form> section

and suggesting the solution

$("#mydiv")
  .dialog("open")
  .parent()
  .appendTo(jQuery("form:first"));

Now it was obvious what’s happening: the dialog() function moves the <div> outside ASP.Net’s default form element (id=’aspnetForm’), directly under the <body> element.

Since I want to have several jQuery dialogs in my ASP.Net page, and cannot freely add <form> tags in the source code (especially not in .ascx and not in .aspx inside a MasterPage), I decided to create a <form> on the fly, and open the dialog inside the new form:

if (!$("#myForm").length) {
  $("<form>")
    .attr("id", "myForm")
    .attr("name", "myForm")
    .appendTo($("body")); 
} 

var d = $("#myDialog").dialog({ 
  autoOpen: false, 
  modal: true, 
  open: function () { 
    $("#myForm").validate({ ... }).resetForm(); 
  }, 
  buttons: [ 
    { id: "OK", 
      click: function() { 
        if (!$("#myForm").valid()) 
          return false; 
        ... process data ... 
        $("#myDialog").dialog("close"); 
      } 
    } 
  ] 
}); 

d.dialog("open")
  .parent().appendTo($("#myForm"));

Note that I added the call to resetForm() to clear errors from a previous execution of the dialog.

You can call the form validation using the .valid() method and simply leave the dialog open if a validation error occurred.

Have a look at the demos for help regarding HTML and CSS declarations.

[Insert Programming Language] Bashing

Everybody who has been programming for a while hopefully has found their favorite programming language(s), framework(s) and tools. From my Category Cloud, you can easily find out where I feel most fluent and comfortable, and the “comfort zones” are constantly evolving and/or changing. (I should really add ASP.Net MVC and JavaScript to that list )

Going hand in hand is the tendency of avoiding other languages, etc., due to lack of knowledge, experience, or because they are considered technically inferior. Recently, I came across a couple of pages bashing PHP, such as on Coding Horror (again!) referring to this blog which analyses the shortcomings of that language.

I guess, while this criticism will have no impact on Real PHP Programmers ™, it should certainly influence people evaluating other languages to avoid it, since the technical reasons NOT to start a PHP project seem overwhelming. (this here deals with “loose comparison“, as documented on PHP.net, and compared to Perl)

So is PHP special? Let’s ask Google:

td>VB.Net bashing

language + “bashing”	hist
PHP bashing	8.500.000
3.200.000
Powershell bashing	3.000.000 *
VisualBasic bashing	2.300.000
Delphi bashing	1.600.000
C# bashing	1.300.000
JavaScript bashing	1.200.000
VBA bashing	600.000
Java bashing	600.000
VB bashing	500.000

Powershell reports 3 million hits, but from the first look that’s mostly due to comparisons of Powershell with Bash and other shells.

Let’s have a look at databases

database + “bashing”	hist
MySQL bashing	3.000.000
Oracle bashing	500.000
SQL Server bashing	300.000

MySQL, SQLite, and Postgres are difficult to compare, again because of references to Bash shell programming.

Superficially judging from the numbers, I think we have a winner, though.

Configuring JMeter for ASP.Net Sites

Comparing different web sites running the same ASP.Net application, my idea was to use JMeter to perform a couple of requests and display the execution times for the requests per site.

A web test is called Test Plan in JMeter, and in the most basic version looks like this:

The test plan has a Thread Group which defines how often a sequence of steps is performed, and how many threads are used to execute the sequence.

Use a HTTP Request Defaults configuration element to define server name, port number and other connection parameters.

Under the Simple Controller (under Logic Controllers) to contain the sequence of steps, consisting of HTTP Request or HTTP Request HTTPClient elements (under the Samplers menu). Each of them contains the URL Path (everything after the host name) and optionally a couple of parameters.

Next, add a couple of Listeners, such as Summary Report, View Results Tree and View Results in Table to display the requests’ performance data.

While this would be sufficient for non-ASP.Net web sites, ASP.Net requires a couple more elements.

First, the HTTP Cookie Manager is required to store the ASP.Net session cookie. Simply add it as config element.

Next, the various hidden variables of ASP.Net need to be parsed and posted. For example, a POST requires that the __VIEWSTATE variable is posted as well, otherwise ASP.Net would not be able to perform its magic.

To achieve this, we need a Regular Expression Extractor (post processor) to extract the value of the __VIEWSTATE variable in the original page:

Set the reference name to viewState (or any name you prefer and find reasonable), and the regular expression to

name="__VIEWSTATE" id="__VIEWSTATE" value="(.+?)"

In the login example below, we must first GET the login page, the RegEx extractor will retrieve the view state, which is then posted using the ${viewState} macro notation to pass its value on:

If you use the Ajax Control Toolkit, you may also need to pass the ScriptManager’s hidden value. Hit F12 in your browser, enable request logging (Net, All in Firefox; Network in Chrome), and find the posted value in the Request data.

Thanks to the pages that helped me with the information I needed: Technically Works, and a couple of answers on StackOverflow.

Software Inventory (CRM Development PC)

CRM 2011 Development

Microsoft Dynamics CRM 2011 SDK (MSDN)

Windows Identity Foundation

CRM 4 to CRM 2011 JavaScript Converter

Plugin Registration Tool

Visual Studio

Lardite Reference Assistant removes unused references from Visual Studio projects

Version Control

Tortoise SVN

Virtualization

VMWare Player

Utilities

BareTail log file viewer

ILSpy .Net disassembler

TreeSize Free

Multimedia

IrfanView image viewer

Runtimes

Java

My Software Inventory page has been updated to include the listed software packages.