Category: Windows Vista

Vista User Profile Service Fails to Logon

Recently we had a Dell Laptop in for repair, running Windows Vista, that had a damaged user account that could not be accessed. 

This is a typical ‘Vista User Profile Service’ problem and there are certainly still plenty of posts across the Internet about this difficulty. It seems to occur when there are two or more user Profiles set up. But there are a small number of single users who also report the same problem. It does not seem to matter whether the users are ‘administrators’ or ‘standard’ users.

It seems that the affected users Profile has somehow been damaged and is frozen. As a result, Vista has changed the Profile’s extension to .bak – a backup file. This makes the user Profile unavailable and so produces the message: ‘The User Profile Service failed the logon‘. 

This laptop exhibited the same User Profile Service problem. Thankfully it had two user accounts set up, one administrator and one standard user. It was the standard users account that had frozen.

Of course if you are the only user of your PC you’ve probably got only one user profile set up and you are no doubt the administrator. So if this account is frozen your only option is to try and repair Windows Vista.

Turn on your computer, and press and hold F8. You will see on the screen that appears the option to ” Repair Your Computer”. Select this and hit Enter. (use your own administrator user name and password).

On the next screen you will see the first Category “Startup Repair”and the second “System Restore”. Click on Startup Repair. When this finishes restart your computer.

If the Startup Repair doesn’t work try the second option – System Restore. Again when its done, restart your computer.

Hopefully, your user account is now working again.

A Suggested Fix For The Two Accounts Set Up

If you have two or more user accounts set up then the following solution works. We fixed the Dell Laptop by taking these steps.

First, you need to log on with an administrators account.

Now go to Start and in the Search Box type regedit. Get past the nagging security box and wait till regedit opens.

Now go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\

Go through the listed Profiles to find the damaged Profile. The key to the damaged profile should have a .bak appended to it.

There should also be another identical key except for the .bak extension. Rename this other key to something else (e.g. one number above the highest number).

Also rename your damaged Profile by removing the .bak extension. Now change the State property of this Profile (listed in the right hand window) from 1 to 0.

Restart your PC and try logging on with your Profile. It should now work.

How to spot if an email is a phishing attack?

One of the biggest problems in online security is the phishing email. So many unsuspecting people fall pray to this sort of attack that the incidence of phishing is actually on the increase. Phishing for financial gain is certainly on the rise and you could even be the next victim of this sort of phishing attack.

To avoid being a potential target, here are four things to look out for that show whether an email is safe or potentially dangerous.

1. If the Email is Unsolicited

Legitimate companies never email users asking for personal information. Neither would they send an email unannounced asking you to download an attachment. No matter how real the email looks, if it is unsolicited and it is asking you to do something, it is most likely a scam.

This is especially true for phishing attacks pretending to be from your bank. According to data from Kaspersky Labs, for the first time in 2016, the detection of phishing pages which mimicked legitimate banking services took first place in the overall chart, leaving the long-time leaders of this chart – global web portals and social networks – way behind.

2. If the Email Exhibits Poor Grammar and Spelling

Emails from legitimate sources generally make sure that there are no typos, no spelling errors, and good grammar. Professional companies have teams of people dedicated to proof reading all marketing material that it sends out. Hackers often lack these good writing skills. As well as this, they may not have English as their native tongue. If this is the case, you can assume that a foreign criminal probably wrote the text in their own language and then used a translation tool to convert the text into the English language.

This means that if you have an email purporting to be from your bank and it has various examples of bad spelling and grammar, then it is most likely not from that bank but from a criminal.

3. Beware of Mismatched URLs

Criminals try to fool victims into clicking on links that to the average reader look like the real URL of a legitimate website, but the hyperlink is actually a URL belonging to a criminal. You can prevent visiting the link by hovering you mouse arrow over the link, because most browsers will display the real URL link at the bottom of a browser window. If that URL in the email does not match with the link the arrow hovers over, it is most likely a fake that could lead you into a phishing trap.

4. Beware of fake URLs in your Email

Legitimate emails will feature URLS that lead back to an official website of a company. The URL will have a straightforward name (i.e. yourtrustedbank.com). A criminal will try to make a URL look like a real website as much as possible, such as yourtrustedbankp.com). Users should always check any link before clicking on it. Better still, always check a URL by cutting and pasting the link into a search engine, like Google. A scam should reveal itself in the first page of search engines results.

This type of phishing activity is not just limited to banks, according to Kaspersky’s research, criminals have even created fake URLs containing the word ‘steam’ in order to make the URL even more like the original, which could deceive inexperienced gamers who play games using the Steam program.

So make sure you never click on a link, or download an attachment, without checking that the links are genuine.

The Danger of Rootkits

A rootkit is a collection of program tools that enable user-level access to a computer or a computer network. Typically, a hacker installs a rootkit on your computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking your password. Once the rootkit is installed, it allows the attacker to mask its intrusion and gain root or privileged access to your Windows PC.

A rootkit may consist of spyware and other malicious programs that monitor traffic and keystrokes, create a “backdoor” into the system for the hacker to use, attack other machines on a network and alter existing system tools to escape detection.

Rootkits often try to enter your PC by executing a phishing attack, where a hacker tries to trick you into running an executable file (.exe) in an email attachment, or via a hyperlink distributed via email or instant messaging. Once they are in place, rootkits are not too easy to find or get rid of.

The rootkit threat is not as widespread as viruses, malware and spyware. But removing rootkits is largely a reactive process. You will only notice changes to your computer after you are infected by a rootkit.

Is There Really a Rootkit Problem?

To determine if there is truly a rootkit operating behind the scenes, use a system process analyser such as ‘Sysinternals ProcessExplorer‘ or, better yet, a network analyser. By using these tools, you will probably be surprised to find what programs are doing and what is going in and out of your PC’s network adapter. You may also discover that you simply have an over-worked PC running with too little memory or a severely fragmented hard drive.

However, if your computer is normally super-fast with no lack of memory or hard drive issues, but still slows down and even starts to behave badly, then a rootkit attack could be the cause. But equally these symptoms could be the result of a virus or a spyware attack.

It is one thing to find a rootkit, but quite another to remove it and any spyware it is probably hiding. In fact, it may or may not be possible. In many cases you will never really know if you are infected since a rootkit can often interfere with your scanning and removal programs.

Before you even try to remove a rootkit make sure you take a backup all your important data files.

Rootkit Detection and Removal Using Software

Sysinternals, F-Secure and Kaspersky all offer standalone rootkit detection tools, Sysinternals RootkitRevealer  (is only for Windows XP (32-bit) and Windows Server 2003 (32-bit),  F-Secure Blacklight and Kaspersky TDSSKiller.

Even Microsoft has implemented rootkit detection features in its own malicious software removal tool.

Removing a rootkit with cleaning tools may actually leave Windows in an unstable or inoperable state depending on which files were infected and subsequently cleaned. Or, worse, a well-coded rootkit could conceivably detect the removal process and self-destruct taking your data out with it!

If these cleaning tools do not find anything, or they do find a rootkit but cannot delete it, then you could keep trying other tools, but there does come a point time when you have to evaluate if the effort is worthwhile. Perhaps you should just wipe your Hard Drive and re-install your Windows Operating system.

Some Defences Against Rootkits

To truly protect your computer, make sure you always read the current user instructions for your scanning tools to see what special steps you need to take before, during and after the clean-up process.

Then, after you’ve found and cleaned a rootkit, re scan your system to double-check that it was fully cleaned and the rootkit has not returned.

To help stay protected from rootkits you should regularly update all your software. This includes programs like your antivirus programme and any spyware or malware programmes you make use of.

Also keep all of your Microsoft software up-to-date by turning on Windows Automatic Updates (for Windows 10 – Settings – Update & Security/ Windows Update). Your computer will automatically download Microsoft security updates when your computer is online.

How to deal with Ransomware Like Petya or WannaCry

The short answer is to do a combination of things such as perform a reliable backup, make sure your PC is protected and use automated removal tools if the worst happens. These things can be a solid defence against the growing menace of Ransomware.

Ransomware does not sneak into your PC like ordinary malware does. It suddenly appears and demands cash, otherwise it may encrypt all the files on your Windows PC.

A form of Ransomware similar to Petya has attacked the Ukraine and other sites around the globe, encrypting files until a ransom has been paid. Researchers, though, have moved quickly to block the spread of the Ransomware, also known as Petrwrap, exPetr, Petna, and SortaPetya.

There is no real way to remove Petya Ransomware, but researchers have come up with a few ways to immunise your Windows PC and malware companies are working hard to block it completely.

We will just have to wait a while until these ‘solutions to the threats’ are applied to defeat the current crop of Ransomware.

Petya is the second major Ransomware outbreak in the last two months, following WannaCry, which appeared to leverage software the National Security Agency developed, and was then turned into malware. It struck the U.K. National Health Service and several other banks and organisations.

Ransomware Hits You Where It Hurts – So Prepare Well Against Possible Attacks

A few common-sense habits can help limit your exposure to malware and Ransomware.

Keep your computer up to date via Windows Update. WannaCry doesn’t even try to attack Windows 10, choosing instead Windows XP and other older Windows operating systems.

Ensure you have an active firewall and anti-malware solution in place. Windows Firewall and Windows Defender are barely adequate, so a good third-party anti-malware solution is far better. WannaCry patches are already available, even for Windows 8 and Windows XP.

Ensure that Adobe Flash is turned off, or surf with a browser like Google Chrome, that turns it off by default.

Turn off Microsoft Office macros, if they are happen to be enabled (In Office 2016, you can ensure they are off from Options – Trust Center – Trust Center Settings – Macro Settings).

Never open questionable links, either on a webpage or especially in an email. The most common way you will encounter Ransomware is by clicking on a bad link. Likewise, stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you are not careful, but the risks greatly increase if you end up surfing where you should not.

For dedicated anti-malware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting Ransomware. RansomFree has also developed what it calls anti-ransomware protection. Typically, however, anti-malware programs reserve anti-ransomware for their paid commercial suites.

You can download free anti-ransomware protection like Bitdefender’s Anti-Ransomware Tool, but you will only be protected from four common variants of ransomware. Kaspersky also claims that it can block Petya or Petrwrap by simply rolling back changes via its System Watcher component.

Backing Up Your PC Could Be a Good Strategy

Ransomware encrypts and locks up the files that are most precious to you so there’s no reason to leave them vulnerable. Backing them up is a good and solid strategy.

Take advantage of the free storage provided by OneDrive, Google Drive and others, and back up your data frequently. (But beware, your cloud service may back up infected files if you don’t act quickly enough.)

Better yet, invest in an external hard drive, such as the WD 1TB Elements Portable External Hard Drive, to save some less-frequently accessed “cold storage.” Perform an incremental backup every so often, then detach the drive to isolate that copy of your data.

If You are Infected

How do you know you have Ransomware? You will just know. Ransomware tends to be obvious, the imagery associated with most Ransomware is designed to invoke stress and fear in its victims.

Don’t panic. Your first move should be to contact the authorities, including the police and the UK’s National Fraud and Cyber Crime Reporting Centre. Then ascertain the scope of the problem, by going through your directories and determining which of your user files is infected. (If you do find your documents now have odd extension names, try changing them back – some Ransomware uses “fake” encryption, merely changing the file names without actually encrypting them.)

Identification and Removal

If you have a paid anti-malware solution, scan your hard drive and try contacting your vendor’s tech support and help forums. Another excellent resource is NoMoreRansom.com’s Crypto-Sheriff, a collection of resources and Ransomware uninstallers from Intel, Interpol, and Kaspersky Lab that can help you identify and begin eradicating the Ransomware from your system with free removal tools.

If all Else Fails

If you have good copies of your data saved elsewhere, online and on an external hard drive, all you may need to do is reset your PC, reinstall all your applications and restore your data from the backups.

Upgrading to a More Powerful Graphics Card

If you want games, graphics, and other multimedia programs to run faster, upgrading to a more powerful graphics card should be one of your first priorities. And the demands of Microsoft’s Windows Vista and Windows 7 with their 3D-accelerated Aero interface, gives you another reason to upgrade. To run Aero you’ll need at least a DirectX 9 capable graphics chip with 128MB of dedicated memory on-board. With a DirectX 10 or 11 capable graphics chip you will need at least 512MB of dedicated graphics memory to make your computer perform really well.

Make sure you know what kind of graphic card will work in your PC before you go shopping for a new one. Unfortunately there are two main types of graphics card currently on sale and if you choose the wrong one it will not plug into your PC’s motherboard. The two types currently available are those that fit into an AGP slot and those made for the newer PCI Express slot. Your motherboard will have a slot for one or the other, but PCI Express only appeared in 2004, so many people could still have an AGP based graphics system, especially if they are still using Windows XP.

To find out more about the steps you need to take to install a new graphics card please see the complete article – How to upgrade a Graphics Card.

How to find out what’s slowing down your Windows PC

The Windows Resource Monitor can help you to track down the resource hog’s that are slowing down your Windows computer.

If your using Windows XP click Start, and then Run and type ‘resmon’. Now hit Enter. For Vista and Windows 7 users click Start and in the ‘Search programs and Files’ box type ‘resmon’. Now click on resmon.exe in the resulting search list.

For monitoring slowdown issues take a look at the Memory tab. This tracks usage and shows you how much memory a program or service is consuming. Also check the CPU and Disk tabs and see what particular program or service is causing your PC to slow down the most. Look particularly at the programs you’ve recently installed or uninstalled and see if any of those are using the bulk of your PC’s available resources.

All the memory hogging and performance sapping programs, services and modules can make your Windows computer less stable so its also a very good idea to check the Windows Reliability monitor too.

You can launch the Reliability Monitor from Control Panel, System & Security, Action Centre. Then choose View Reliability History. For Vista and Windows 7 users just type ‘Reliability History’ into the ‘Search programs and Files’ box and select View Reliability History from the resulting list.

Take a look at the trend line which may be flat or downward sloping. A sudden sharp drop is certainly worth checking out. If multiple programs are shown to be unstable perhaps something you recently installed or uninstalled is the culprit.

Click on the columns representing dates to see a list of the ‘activity’ for that particular day. This will show you what was successfully installed or run and what was unsuccessful. You may be able to fix the instability problem if ‘Check for a solution’ appears under the Action column at the foot of the screen.

Use these two tools to keep your Windows PC in good shape and to nip problems in the bud before they start to get out of hand!