Bob the Unbeliever
Well-Known Member
I sometimes think I have somehow ended up in Heck.
Not Hell, as it's not that bad, and I'm reasonably comfortable.
No... sometimes I'm in Heck. Especially when I bump up against a Ghost Bug in Windows.
What is a "ghost bug" you ask?
It's a "bug" that is already known by Micro$uck, but that they do not generally broadcast, nor make the information available to common rabble.
And I put "bug" in quotes, because, technically, it is a bug-- but it's one that may be safely ignored.
That is to say, it's a reporting error--- some system in the Vast Giant Bloated Pig* that is Windows? Has reported a problem, but there is no actual problem.
( * see my previous Technology post.
)
It's a case of Windows Crying Wolf, when in fact, it was just the usual pig pen noises-- nothing to see here, carry on.
I bumped up against that today, in an attempt to resolve my on-again, off-again err_connection_failed issue(s). I think I've narrowed it down, some... but that's for another post.
No, in cleaning up after major repairs today, I ran the little utility that replaced the venerable ScanReg.exe, SFC. It ran smoothly enough, boasting (in vain) that it had corrected Many Things. And then issued the Standard Claw-Back Excuse "some things could not be fixed, blah, blah, blah" boilerplate.
Me, being me, dug into the LOG file to SEE. I observed the things it allegedly "fixed" corresponded quite well to the things it allegedly could not fix.... wait... it "fixed" things but could not actually "fix" things?
All related to Windows Defender. None related to my networking issue(s).
Oh.
Joy.
Windows Defender is messed up? That's kinda .... DANGER! WILL ROBINSON! DANGER! level of fail.
*sigh*
Digging into how to fix corrupted Windows Defender? It seems this monster cannot BE uninstalled. It can only be disabled. Yeah, I get that-- how do I repair the corrupted files that SFC reports it cannot fix?
Finally got an answer from Micro$uck: "This is a Known Problem-- SFC will incorrectly report corrupted files/registry entries for Windows Defender. This is due to Waxing The Thurbligs on the Skate Plank with Grey Goo Wax, instead of the preferred Bees Wax. A Fix Is In the Works. Do Not Be Alarmed. We Have Control of your Television. Stay Tuned: Same Bat Time, Same Bat Channel" .... or words to that effect. I may have employed a wee bit of Creative License, here...
Bottom line: Windoze Defender is still enabled, and working**, the last antimalware patch installed and ran correctly, etc. Yes-- I was digging deep into the Windows Log section. sigh
I also think my internet issues have been fixed.... for now.
(** some users reported that was also a problem-- the "fix" was to re-install, and re-uninstall your previous 3rd party anti-virus. Or manually edit a registry entry, which was falsely toggled to 'disable', because it thought another anti-virus was running).
I have learned a great deal about Windows Registry, and Permissions, however.
Did you know? A favorite tactic by mal-ware, is to create a registry entry that has Null characters embedded? These are unprintable ASCII characters, say with a byte value of ZERO or 255, or 013, or similar, and they prevent the Nanny Goat Protective Services that is the RegEditor from deleting or modifying the registry entries. Because the moron who wrote that program, used byte-for-byte comparison when making Permissions changes, and if you don't match byte-for-byte? It simply fails. And no, you may not include Wild Cards, nor even a Wild Character to overcome this fail.
Ain't that a Peach? The only Official Tool you can use to fix your Registry, cannot actually fix it...
Fortunately, I keep my Feathers Numbered--- erm-- there are tools you can use, to scan your registry for null characters (there should not be any, in the names or key names), and you can delete the offensive keys. Interestingly enough? The tool did not offer to replace the null with a visible mark-- to me, that would have been far more Interesting. Oh well, it seems to work well enough, and was suggested by several self-titled "experts", (many of whom garnered high ratings on the forums I was visiting today, including several official micro$uck support ones).
There are a couple of additional tools, too-- if a registry entry absolutely refuses to be deleted? (as is sometimes the case) There are some Nuke From Orbit tools that can do that, too. Another tactic by malware, is to 'hook' an entry into Must Have processes-- that is, if these processes are running, the key is automatically marked as "do not delete". But that's just a part of RegEdit's Nanny Goat policy. Third Party tools are not so hampered, and do work-- I actually found one such entry that was merely suspicious. It wasn't pointing to any actual DLL or EXE file, but refused to be deleted. It was suspicious, as that particular key is a common 'hook' for malware. So I nuked it. Reboot-- and it's gone. No appreciable change, however...
I find it ironic that the entry was even there-- digging around, it was apparently left over from when I had installed (then un-installed) MalWareBytes....? Yes-- I do that every so often, but I refuse to pay (I'm cheap, and poor) so I only want their Free version. But it's Nagware, so I uninstall it after each use. For some reason, it leaves this suspicious 'hook' in the Boot Up Stream (not an official name for this part of the Registry, by the way... )
Oh well. I'm back On Line. I'm using a hard wire, as I'm too lazy to disconnect it, and go back to Wireless.
Windows: The Singing Pig. It Sings! It's a Pig! Get Yours Today!
(not responsible for any pig-like messes it may make of your photos, documents, MP3s or anything else-- heck. It's just not responsible. period. )
Not Hell, as it's not that bad, and I'm reasonably comfortable.
No... sometimes I'm in Heck. Especially when I bump up against a Ghost Bug in Windows.
What is a "ghost bug" you ask?
It's a "bug" that is already known by Micro$uck, but that they do not generally broadcast, nor make the information available to common rabble.
And I put "bug" in quotes, because, technically, it is a bug-- but it's one that may be safely ignored.
That is to say, it's a reporting error--- some system in the Vast Giant Bloated Pig* that is Windows? Has reported a problem, but there is no actual problem.
( * see my previous Technology post.
)It's a case of Windows Crying Wolf, when in fact, it was just the usual pig pen noises-- nothing to see here, carry on.
I bumped up against that today, in an attempt to resolve my on-again, off-again err_connection_failed issue(s). I think I've narrowed it down, some... but that's for another post.
No, in cleaning up after major repairs today, I ran the little utility that replaced the venerable ScanReg.exe, SFC. It ran smoothly enough, boasting (in vain) that it had corrected Many Things. And then issued the Standard Claw-Back Excuse "some things could not be fixed, blah, blah, blah" boilerplate.
Me, being me, dug into the LOG file to SEE. I observed the things it allegedly "fixed" corresponded quite well to the things it allegedly could not fix.... wait... it "fixed" things but could not actually "fix" things?
All related to Windows Defender. None related to my networking issue(s).
Oh.
Joy.
Windows Defender is messed up? That's kinda .... DANGER! WILL ROBINSON! DANGER! level of fail.
*sigh*
Digging into how to fix corrupted Windows Defender? It seems this monster cannot BE uninstalled. It can only be disabled. Yeah, I get that-- how do I repair the corrupted files that SFC reports it cannot fix?
Finally got an answer from Micro$uck: "This is a Known Problem-- SFC will incorrectly report corrupted files/registry entries for Windows Defender. This is due to Waxing The Thurbligs on the Skate Plank with Grey Goo Wax, instead of the preferred Bees Wax. A Fix Is In the Works. Do Not Be Alarmed. We Have Control of your Television. Stay Tuned: Same Bat Time, Same Bat Channel" .... or words to that effect. I may have employed a wee bit of Creative License, here...
Bottom line: Windoze Defender is still enabled, and working**, the last antimalware patch installed and ran correctly, etc. Yes-- I was digging deep into the Windows Log section. sigh
I also think my internet issues have been fixed.... for now.
(** some users reported that was also a problem-- the "fix" was to re-install, and re-uninstall your previous 3rd party anti-virus. Or manually edit a registry entry, which was falsely toggled to 'disable', because it thought another anti-virus was running).
I have learned a great deal about Windows Registry, and Permissions, however.
Did you know? A favorite tactic by mal-ware, is to create a registry entry that has Null characters embedded? These are unprintable ASCII characters, say with a byte value of ZERO or 255, or 013, or similar, and they prevent the Nanny Goat Protective Services that is the RegEditor from deleting or modifying the registry entries. Because the moron who wrote that program, used byte-for-byte comparison when making Permissions changes, and if you don't match byte-for-byte? It simply fails. And no, you may not include Wild Cards, nor even a Wild Character to overcome this fail.
Ain't that a Peach? The only Official Tool you can use to fix your Registry, cannot actually fix it...
Fortunately, I keep my Feathers Numbered--- erm-- there are tools you can use, to scan your registry for null characters (there should not be any, in the names or key names), and you can delete the offensive keys. Interestingly enough? The tool did not offer to replace the null with a visible mark-- to me, that would have been far more Interesting. Oh well, it seems to work well enough, and was suggested by several self-titled "experts", (many of whom garnered high ratings on the forums I was visiting today, including several official micro$uck support ones).
There are a couple of additional tools, too-- if a registry entry absolutely refuses to be deleted? (as is sometimes the case) There are some Nuke From Orbit tools that can do that, too. Another tactic by malware, is to 'hook' an entry into Must Have processes-- that is, if these processes are running, the key is automatically marked as "do not delete". But that's just a part of RegEdit's Nanny Goat policy. Third Party tools are not so hampered, and do work-- I actually found one such entry that was merely suspicious. It wasn't pointing to any actual DLL or EXE file, but refused to be deleted. It was suspicious, as that particular key is a common 'hook' for malware. So I nuked it. Reboot-- and it's gone. No appreciable change, however...
I find it ironic that the entry was even there-- digging around, it was apparently left over from when I had installed (then un-installed) MalWareBytes....? Yes-- I do that every so often, but I refuse to pay (I'm cheap, and poor) so I only want their Free version. But it's Nagware, so I uninstall it after each use. For some reason, it leaves this suspicious 'hook' in the Boot Up Stream (not an official name for this part of the Registry, by the way...
) Oh well. I'm back On Line. I'm using a hard wire, as I'm too lazy to disconnect it, and go back to Wireless.
Windows: The Singing Pig. It Sings! It's a Pig! Get Yours Today!
(not responsible for any pig-like messes it may make of your photos, documents, MP3s or anything else-- heck. It's just not responsible. period. )
