Main Line Computer Users Group


August 2002 Issue 243

VILLANOVA UNIVERSITY, ST. AUGUSTINE CENTER

MEETING STARTS - 09:30 - AUG 10 th

Members Helping Members!


THIS MONTH'S CONTENTS
MAIN LINE PC/128/64 USERS - Room 110

For August, we'll start off with a brief round of announcements and/or tidbits.

Then, we'll followup on the virus/worm happenings in the last month or so. As noted elsewhere in this issue, viri and/or worms have been getting around to our members way beyond our previous experiences. A major element of protection (a subject that we plan for a soon upcoming meeting) is your anti-virus software. To aid folks in getting setup, two things are in place:

First, as noted on p.2, the latest version of Norton Anti-Virus is available quite cheaply and we suggest members take advantage of the situation before it vanishes.

Second, the first main program item for August will be a real-life demo of initially installing NAV and readying it for first use. We urge all our members to come for this one!

Depending on how the demo goes - and assuming there are no major glitches - we'll have time to do some problem-solving Q & A.

We also have a couple more tutorial items to give a go on:

1) a set of videotapes and 2) another CD-based program. We'll take a look.


Virus/worm mystery solved!

Or, at least, so we thought! Here is a selection from a recent posting, by yours truly, to the MLCUG mailing list.

"As John Murphy had indicated at our last meeting, someone - most likely on the mailing list - had a PC infected with the Klez worm. Initial indication was that David Reese's PC was the one. But, tests and detectiving showed it was NOT his machine. [cont.]

########################################
ANNOUNCEMENTS & COMMENTS
########################################

NORTON ANTI-VIRUS - I got an OEM CD of Norton Anti-Virus 2002 for the princely sum of $10. I am expecting to order some stuff from that vendor and wonder if anyone else might like one of these CDs. The $10 would be the total cost, incl. S&H - as long as you could pick it up at a meeting. Otherwise, there'd be another buck to mail it.

I'm hoping to promote this utility as a sort of "supported standard" and urge all our members to participate. See the meeting notice on p.1 for more.

UTILITY CD - recently, I got a copy of a "Must Have" utility CD - assembled by a local guru, who conducts a computer forum at the WC Senior Center. It contains over a dozen handy freeware utilities - put together for easy installation, with instructions. The CD also contains some other interesting and fun stuff.

I'll bring it to the August meeting to let folks take a look. It is available for $10, which makes it a real bargain, considering the effort that has gone into assembling it. Keep this in mind, as I'll take orders for it ...

NEW/NOVICE USERS - as should be evident from recent activities of MLCUG, we have started some new ways of trying to provide more assistance to our N/N members. But, we are sure there will be changes needed. So, after trying out the changes, give some thought to how they can be improved. If you have any suggestion(s), please bring them up at meetings (the sooner, the better) or get them to a steering committee member (see p.7 for names).

USEFUL BOOTABLE CD-R - a recent message on the listserv mentioned the idea of designing (and distributing?) a useful, emergency boot CD-R (as an alternate to the floppy boot disk which has very limited capacity). The question then arose of what utilities should be added to make a bootable CD useful? That may be a topic for discussion in upcoming meetings; so give it some thought and pass on the ideas.

NOTE: no suggestions have yet been made!

REMINDER - Attendees know that we have a very fast internet connection from the VU meeting room! So, if you have a very large download, you could bring along a zip disk (or maybe a CD-R) and get it done there, either before or after the main meeting.

LUNCH - a half dozen or so of the regular attendees, usually partake of lunch at the Villanova Diner after the meeting. Why not join us? It is a good time to get a little more help (or give it) and just to have fun talking about our common interests. The food is quite good, too!

****************************************

Infection from p.1

(cont'd)

A few days later, John got further indications that pointed right to member Bill Folger's PC - Bingo!

This evening, Bill brought his HP Pavillion over to my place. We hooked it up (but not to my home network, nor the internet) and did some looking. Sure enough, he had got info from another ISP that he was sending out email with the Klez worm included...

Prior to Bill's coming over, I had downloaded the Klez removal tool from the Symantec website - a small utility called "FixKlez.com".

We ran it on Bill's machine and it reported that it was unable to remove the Klez worm. It had disinfected 28 files - but there was one infected file that it could not undo (presumably an in- use Windows file).

It said we should go into SAFE MODE and re-run the tool. That proved not to be easy...

I tried all the usual ways to get into safe mode and the HP refused to do it.

So, I tried running the tool in DOS - no dice. It said that it would not run in DOS mode!!

So, we went back into windows and I fired up "msconfig". It provided a route to force the PC to display the "Windows Start Menu" which lets you go to safe mode. It did and let us re-run the removal tool.

This time we got the report that the Klez Worm had been successfully removed - the one file (out of more than 47 thousand files on the PC) had been removed (or disinfected)!!

Then, we installed Norton Antivirus 2002 on his machine. He'll get the definitions updated and endeavour to keep his machine clean.

Hopefully, that will work and we'll be past this incident.

Thanks to the folks who watched, noted and checked.

Addendum: subsequent to posting the above tale on the list, we have been unable to determine where Bill's infection came from. If we find out, we'll share the info with all.

****************************************
LAST MONTH'S PC/128/64 MEETING
****************************************

For July, we had about 18 attendees (and only 16 seats; so we have to round up replacements for some of the former 20 or so seats that used to be in the room). Member, Bob Kanach, who has not been to a meeting for some time, attended - hopefully, we'll see Bob at future meetings.

When we started the announcements round, the subject of email viri quickly came up. And, John Murphy told us that he had just got a notice from Symantec that an email attachment had been sent to him from one of our members and it had a virus in it! John described the email virus scanning that he set up for the small company he works for - via the Norton Anti-virus (NAV) software they use. We will try a demo of this detection mode at a future meeting - using NAV 2002 (which is to be installed on the club PC).

Later in the meeting, when we did a "virus definition" update in response to a question, we found that Symantec (the NAV vendor) has been updating their definition file every other day recently!! There must be a LOT of malicious activity on the net !!

The virus that John received was a variant of the Klez virus/worm that has been getting a lot of publicity lately. He passed around a printout from the Symantec website (a separate message has more on this worm).

Between the porn, get rich and virus-laden messages, it's getting hard to find a really useful email message!!

Along the same lines, another question related to spyware and we reminded folks that you can do a free download (from www.lavasoftusa.com/) for their Ad-Aware spyware detector. Tom Johnson reported that he just got the latest update on that one - and found 3 spyware apps inhabiting his system...

To further add to the hazards of this hobby, we next turned to our final episode from the "Discovering Your Hard Drive" tutorial CD. This one devoted to "Backing Up Your Hard Drive". The presenter noted that you were either one who had had a hard drive crash, or will have one - not whether, but when being the only unknown. He strongly recommends basing your backup strategy on having a pair of similar hard drives and setting them up in a unique arrangement that protects against loss of either drive (and, with some further manuevers, against simultaneous failure of both).

Yours truly plans to set up a PC according to the strategy - using the Drive Image and DataKeeper software from PowerQuest - and I'll report on it when that occurs. But, if anyone else does it, let's hear from them...

However, the most important messages he passed on were to:

  1. get ready for that crash
  2. develop a backup strategy that protects all your information
  3. stick to it
If any members have experiences to share, please feel free to do so on our list or at future club meetings. Incidentally, I will have the CD at future meetings, in case there are questions, or anyone would like to see any re-runs.

After the demo CD and discussion on hard drives, we turned to a round table of Q&A on problems (and problem-solving). A couple were mentioned earlier in this report, a couple of others are be covered in separate articles.

-----

After the formal adjournment of the meeting, several of us stayed behind to devote some effort to trying to find out the cause of non-bootability of a ca. 1996 ACER tower PC belonging to Rich Tave. He brought it in; so we hooked her up to the club's monitor and examined away. Quite a few tests were made, complicated by the fact that the computer is setup with Maxtor's EZ-BIOS hard drive management software. We did not eliminate the problem, but the next step was defined. Look for a list message from Rich on how he fares. The details of all we did are too lengthy for "minutes", but we can regale anyone interested in them, next month(?) .

****************************************
Those TEMP Files

One query that came up in July, but was not addressed for lack of time relates to the oft-quoted ism: "your hard drive has tons and tons of temp files on it that take up valuable space and you should delete them regularly". The query was: "where are they and how do I delete them?"

At this point, we enter the realm of opinion; so what follows represents a mix of opinions, my own and some others. Therefore, I WELCOME member's comments on what follows - mayhap there is an MLCUG guideline we could develop!

Firstly, in these days of massive hard drives, even tons and tons of temp files (if they were actually there) would probably not constitute a problem. BUT, if you are a good backer-up, you will be making pointless backups of these files. So, that is a better reason for getting rid of them - there are likely others. Of course, if you have a smaller hard drive, say under a gig or two, then the space problem could be real.

Secondly, where are they? Here there may be places other than what I list; so chime in, if you are aware of them.

Conventional wisdom is to delete all these files. Usually, a caveat is applied: EXCEPT any of the files that carry "today's" date (whatever the "today" it is that you are performing the delete task on). My personal position is to forget about the first group of files. As soon as you go on the net, after deleting those TIF or cache files, the folders will rapidly fill back up; so the space saving is very "temporary"!

It is a good idea, tho, to limit how much disk space these files are allowed to occupy. How you do that is specific to the brand of browser that you use. We can cover the process, for anyone interested, in an upcoming meeting - just let us know if the need is there.

Incidentally, my not-extensive experience is that the default setting for IE is a bit more wasteful than Netscape, but that deficiency (if you call it that) is equally easy to remedy.

Any comments, additions, corrections?

****************************************
More TEMP Files

One other query regarding "temporary" files related to the Windows "swap file". This is a VERY LARGE file and does take up a potfull of hard drive space (for example, it is currently 65 MB in size on the PC that I'm typing this message on). It can easily be more than 100 MB in size!

This file is deletable at your EXTREME PERIL!

Windows uses this hard drive space to stash stuff that currently does not fit in your RAM memory, but that Windows needs. Windows will be crippled, if the file is set to be eliminated (and Windows will let you know about that, if you try to set its size to zero!!!).

For efficiency, the gurus recommend, however, that you may want to fix the size of this swap file and leave it permanently in one spot. Windows generally keeps changing the size; so it can become fragmented and time consuming for Windows to manage it. The are rules-of-thumb as to just how to do that; so we could cover the topic in a meeting - especially if we can tap variuous folks feeling about those "rules".

It is also possible to have some control over those temp files that were mentioned in the previous item, especially those that tend to go into the C:\WINDOWS\TEMP folder. But, I'm not sure the effort is worth anything, unless you are really short of space on your C drive and would like to have them go to another drive with more space. The same could be done for the swap file.

Followup questions are invited next time.

****************************************
YOU CAN STILL LAUGH

Here's a bit of humor that came to me via Jim Anderson, editor of the CCAS newsletter, Observations:

-----Forwarded Message-----
Sent: Tuesday, July 02, 2002 9:05 AM

REMAINING U.S. CEOs MAKE A BREAK FOR IT

Band of Roving Chief Executives Spotted Miles from Mexican Border. San Antonio, Texas (Routers)

Unwilling to wait for their eventual indictments, the 10,000 remaining CEOs of public U.S. companies made a break for it yesterday, heading for the Mexican border, plundering towns and villages along the way, and writing the entire rampage off as a marketing expense.

"They came into my home, made me pay for my own TV, then double-booked the revenues," said Rachel Sanchez of Las Cruces, just north of El Paso. "Right in front of my daughters."

Calling themselves the CEOnistas, the chief executives were first spotted last night along the Rio Grande River near Quemado, where they bought each of the town's 320 residents by borrowing against pension fund gains. By late this morning, the CEOnistas had arbitrarily inflated Quemado's population to 960, and declared a 200 percent profit for the fiscal second quarter.

This morning, the outlaws bought the city of Waco, transferred its under-performing areas to a private partnership, and sent a bill to California for $4.5 billion.

Law enforcement officials and disgruntled shareholders riding posse were noticeably frustrated.

"First of all, they're very hard to find because they always stand behind their numbers, and the numbers keep shifting," said posse spokesman Dean Levitt. "And every time we yell 'Stop in the name of the shareholders!', they refer us to investor relations. I've been on the phone all d--- morning."

"YOU'LL NEVER AUDIT ME ALIVE!"

The pursuers said they have had some success, however, by preying on a common executive weakness. "Last night we caught about 24 of them by disguising one of our female officers as a CNBC anchor," said U.S. Border Patrol spokesperson Janet Lewis. "It was like moths to a flame."

Also, teams of agents have been using high-powered listening devices to scan the plains for telltale sounds of the CEOnistas. "Most of the time we just hear leaves rustling or cattle flicking their tails," said Lewis, "but occasionally we'll pick up someone saying, 'I was totally out of the loop on that.'"

Among former and current CEOs apprehended with this method were Computer Associates' Sanjay Kumar, Adelphia's John Rigas, Enron's Ken Lay, Joseph Nacchio of Qwest, Joseph Berardino of Arthur Andersen, and every Global Crossing CEO since 1997. ImClone Systems' Sam Waksal and Dennis Kozlowski of Tyco were not allowed to join the CEOnistas as they have already been indicted.

So far, about 50 chief executives have been captured, including Martha Stewart, who was detained south of El Paso where she had cut through a barbed-wire fence at the Zaragosa border crossing off Highway 375.

"She would have gotten away, but she was stopping motorists to ask for marzipan and food coloring so she could make edible snowman place settings, using the cut pieces of wire for the arms," said Border Patrol officer Jennette Cushing. "We put her in cell No. 7, because the morning sun really adds texture to the stucco walls."

While some stragglers are believed to have successfully crossed into Mexico, Cushing said the bulk of the CEOnistas have holed themselves up at the Alamo. "No, not the fort, the car rental place at the airport," she said.

"They're rotating all the tires on the minivans and accounting for each change as a sales event."
--
Patrick Eagan Ph.D., P.E.
Associate Professor
Engineering Professional Development
University of Wisconsin-Madison

****************************************
DOWNLOAD OUR KEYBOARD SHORTCUT LISTS

by Stan Grabowski

[From TechRepublic comes this neat download for Keyboard shortcuts in Microsoft programs]

Download our popular shortcuts list, which includes several shortcuts for Microsoft Word 97, Microsoft Excel 97, Internet Explorer, and Microsoft Windows 98/98SE:

http://clickthru.online.com/Click?q=62-4oBiIePwUO3dGiZG9XLIKk-tB9uR

DIRECTIONS FOR ST. AUGUSTINE CENTER MEETING ROOM

Meetings are in the St. Augustine Center at Villanova University. The regular monthly sessions will be meeting in Room 110.

[The map goes HERE!]

Enter from the ITHAN AVENUE main gate, then proceed to the 2-level parking building adjacent to St. Augustine, on the Ithan Avenue side of the building.

NOTE: maps on our webpage - http://astro4.ast.vill.edu/mlcug/


PC/128/64 Meetings  2002  Steering Committee Meetings

                      August 10                         August 14 **
                      September 14                      September 18
                      October 12                        October 16

* = first Saturday ** = second Wednesday at Tom Johnson's home *************************************************************************************** EDITOR: Emil J. Volcheck, Jr. 1046 General Allen Lane West Chester, PA 19382-8030 (Produced with C-128D/SCPU 128, RAMlink, HD-40/85, 1571, FD-4000, THE WRITE STUFF 128, XETEC Super Grafix, Canon BJ-200ex, Swiftlink and Motorola 288 modem)

MLCUG BBS: 610-828-1359 ( 300 --> 33600 bps ), 24 hr/day WWW: http://astro4.ast.vill.edu/mlcug/ PUBLICITY: Robyn Josephs 610-565-4058 DISK ORDERS: Charlie Curran 610-446-5239 VILLANOVA SPONSOR: Prof. Frank Maloney, Dept. of Astronomy

MLCUG STEERING COMMITTEE:

PRESIDENT: Emil Volcheck 610-388-1581 SECRETARY: Charles Curran 610-446-5239 TREAS/MEMBERS: Dewitt Stewart 610-623-5145 SYSOP/AMIGA SIG: John Deker 610-828-7897 INTERNET/Linux:Peter Whinnery 610-284-5234 DATABASE: Layton Fireng 610-688-2080 AT LARGE: Tom Johnson 610-525-3440 AT LARGE: John Murphy 610-935-4398