Review – GL-MT300N-V2 (Mango) Mini Smart Router

Do you travel?  Want extra protection of taking a router with a firewall with you when you are on the road?    Want the flexibility of OpenWRT?

The GL iNet GL-MT300N-V2 mini smart router is loaded with a ton of features.   These Routers can act as a router, repeater, WDS, 3/4g Modem or it’ll work with phone tethering.

For less than $21,  this tiny router packs a lot of punch.  Able to fit in the palm of your hand, the router has the following features.

• Powered by MTK 7628NN 580Mhz SoC
• 300Mbps high speed
• Small, light, easy to use
• LEDE pre-installed
• Increased RAM from 64MB to 128 MB
• Better Wi-Fi with MTK driver
• Faster OpenVPN encryption
• 4 GPIOs

Tech Specs.

CPU	MTK 7628NN @580Mhzz
Memory/Storage	DDR2 128MB/ FLASH 16MB
Interfaces	1 WAN, 1 LAN, 1 USB2.0, 1 micro USB (power), 1 Reset button
Frequency	2.4GHz
Transmission rate	300Mbps
Max Tx Power	20dBm
Protocol	802.11 b/g/n
External Storage support	FAT32/EXFAT/EXT4/EXT3/EXT2/NTFS
Webcam support	MJPG, YUV
DIY features	UART, 4GPIO, 3.3V & 5V power port
External antenna support	No
Power input	5V/1A
Power consumption	<2.75W
Dimension, Weight	58*58*25mm, 39g

Using the default login, the GL-MT300N-V2 can be accessed by a web browser.

The admin panel contains every feature you’ll need in any router.  While this custom menu has Internet, Wireless, Client info, Upgrade (firmware), Firewall, VPN (OpenVPN), Applications and more settings; its OpenWRT that makes this router unique.

Because the router runs on OpenWRT firmware, items such as a firewall, OpenVPN and more are available.

The firewall features logging and a Captive Portal.

The Network Mode includes changing the router from being a router to a wireless access point, Extender or WDS (Wireless Distribution System).

By entering the IP address with /cgi-bin/luci, you can gain access to OpenWRT. What is LuCi?

The full OpenWRT menu is available including graphs and all of the features of OpenWRT.

Real-time information can be accessed under the OpenWRT menu.

Firmware
https://docs.gl-inet.com/en/3/release_notes/

Firmware for gl-mt300-n-v2
https://docs.gl-inet.com/en/3/release_notes/gl-mt300n-v2/

Documents
https://docs.gl-inet.com/en/3/setup/mini_router/upgrade/#official-openwrtlede-firmware

First Time Setup
https://docs.gl-inet.com/en/3/setup/mini_router/first-time_setup/

Fix Windows Update errors by using the DISM or System Update Readiness tool

At an elevated command prompt (command prompt as administrator) – type 
DISM.exe /Online /Cleanup-image /Restorehealth

What should you try first? – Try the PowerShell post we made on an earlier date to check for updates.

Open PowerShell as an Administrator

Type the following-

Install-Module PSWinodwsUpdate
Get-WindowsUpdate
Install-WindowsUpdate

 

Should you disable 8dot3 for performance and security?

icrosoft did recommend to disable short names  in a security guide some times back.  There is evidence that file operations in directories (folders) that contain a large number of file can be slowed by short file name creations.  So does it improve performance? The short answer – Yes.

Now should you disable short names?  This answer is going to be on a case by case basis.  Some questions to ask yourself –

• Do you have older programs that use 8dot3 (short names)?
• Do you have a folder with a significant amount of files and coping or creating files is slow?

Below is a pic showing the improvement by disabling and stripping

Image:  Blog Technet Microsoft

Here’s what you need to do –

• Always backup your system
• Open a Command Prompt as Administrator
• Type fsutil 8dot3name query c:
  (enter the drive letter at the end)
• Type fsutil 8dot3name set c: 1
  (This will disable 8.3)
• If you want to do this system wide, type –
  –  fsutil behavior set disable8dot3 1
• To strip existing files with a 8.3 short name, this will scan your computer and the system registry and strip the files of their short names type the following-
  –   fsutil 8dot3name strip /s /v c:

Example:

References:

• KB Article on short names: http://support.microsoft.com/kb/121007
• TechNet article with a reference for FSUTIL.EXE 8dot3name: http://technet.microsoft.com/en-us/library/ff621566.aspx
• TechNet article on the registry setting to disable 8.3 names system wide: http://technet.microsoft.com/en-us/library/cc778996.aspx
• https://blogs.technet.microsoft.com/josebda/2012/11/13/windows-server-2012-file-server-tip-disable-8-3-naming-and-strip-those-short-names-too/

Optimizing MySQL- Moodle

To be specific, if you are loading Moodle, look at the optimization at – https://docs.moodle.org/37/en/Performance_recommendations

On our server, we use a SSD with the Inetinfop\Parameters set to 2.  You need to run the performance under plugins at 100,000 request.  So go to site administration and see how you do.

https://yourdomain/cache/testperformance.php and request 100,000.

Make sure you set all of the settings under FastCGI to 10,000 or their max of 1000.

Opcache should be enabled in the php.ini file.

Optimize the my.ini file for Windows Server.
https://www.percona.com/blog/2016/10/12/mysql-5-7-performance-tuning-immediately-after-installation/

IIS performance (https://docs.moodle.org/37/en/Performance_recommendations)

All alter this location in the registry:

HKLM\SYSTEM\CurrentControlSet\Services\Inetinfo\Parameters\

• The equivalent to KeepAliveTimeout is ListenBackLog (IIS – registry location is HKLM\ SYSTEM\ CurrentControlSet\ Services\ Inetinfo\ Parameters). Set this to between 2 to 5.
• Change the MemCacheSize value to adjust the amount of memory (Mb) that IIS will use for its file cache (50% of available memory by default).
• Change the MaxCachedFileSize to adjust the maximum size of a file cached in the file cache in bytes. Default is 262,144 (256K).
• Create a new DWORD called ObjectCacheTTL to change the length of time (in milliseconds) that objects in the cache are held in memory. Default is 30,000 milliseconds (30 seconds).

Updating Drivers? Don’t forget the chipset!

While I’d like to guess that over 98% of the computers that I have worked on that are privately owned; the drivers were out of date or missing critical drivers that other drivers rely on.

Here’s what I mean.  If you decide to update your wireless drivers,  don’t go to the manufacturer of the computer, look for drivers from the hardware website. Don’t download any program that offers to update your drivers.  Update your drivers manually.   Open the device manager, look for the device you want to update, navigate to the hardware manufacturer’s website, download the zip file,  unzip the file, click update driver, select let me choose and point to the location of the driver.

       

Now which drivers should you update?  Video, sound, network (wired and wireless), camera, mouse (synaptics if a laptop), and most importantly, the chipset.  Why the chipset?  It controls the peripheral equipment (e.g. video, sound, network).  Updates usually correct problems or latency issues.

Remember, the chipset and BIOS (UEFI) control these devices.  It’s important to get BIOS/UEFI updates along with what controls your computer…the chipset.

Link aggregation – Use Multiple NIC Cards

There is truly an advantage to adding multiple NIC cards to a computer.   It won’t speed up a single internet connection but it can help with loss of signal, detecting access points, transferring information to and  from computers.

When adding a second NIC card to a computer, you can highlight both by holding down the CTRL key and clicking on them and then right clicking to bridge the connections so they act as one…this can allow you to bridge a wireless network to a wired network.

Two nic cards on the same network can allow for load balancing.

Dual Wireless Cards

Truly reset the TCP/IP stack – Fix network/internet problems

Having connection issues and no viruses or malware?  Hardware ok?

Try typing the following at a command prompt to fully reset the TCP/IP Stack-

---

netsh winsock reset 

netsh int ip reset 

netsh interface ipv4 reset

netsh interface ipv6 reset 

netsh interface tcp reset

netsh int reset all
 
ipconfig /flushdns

nbtstat -R

nbtstat -RR

netsh interface tcp set global autotuninglevel=disabled

netsh advfirewall reset

---

What will you see?

C:\WINDOWS\system32>netsh winsock reset

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

C:\WINDOWS\system32>netsh int ip reset
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

C:\WINDOWS\system32>netsh interface ipv4 reset
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

 

C:\WINDOWS\system32>netsh interface ipv6 reset
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

C:\WINDOWS\system32>netsh interface tcp reset

Reset of all TCP parameters OK!
Ok.

C:\WINDOWS\system32> ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\WINDOWS\system32>nbtstat -R
Successful purge and preload of the NBT Remote Cache Name Table.

C:\WINDOWS\system32>nbtstat -RR
The NetBIOS names registered by this computer have been refreshed.

C:\WINDOWS\system32>

 

 

WMIC – a little known command in Windows

So what if you needed to find out information about your computer that is otherwise available in third party programs or all over Windows?  You can use WMIC to find out a lot of information about your computer.   I’ve been using some of these for years but only remembered to blog about it after I saw a post at What’s On My PC (Thanks Rick!) back in 2011.

Here’s a quick list from Microsoft (Use WMIC the alias command)

Examples:

Here’s how to get your hard drive information –

Go to a command prompt and type:

wmic diskdrive get name,size,model

So how many partitions does it have?

wmic partition get name, size, type

This shows one hard drive and three partitions. (above)

How about BIOS information?

wmic bios get name,serialnumber,version

What service packs, patches and hotfixes were installed and on what date?

wmic qfe get description,installedOn /format:csv

Want to know more information about WMI?  Click here to see how WMI is used at over at Microsoft

 

Need System Information? Use PowerShell

If you need system information about your BIOS, Motherboard and more, open PowerShell as an Administrator and past the following into PowerShell –

Get-WMIObject -Class Win32_ComputerSystem
Get-WMIObject -Class Win32_BIOS
Get-WMIObject -Class Win32_Baseboard
Get-WMIObject -Class Win32_Processor
Get-WMIObject -Class Win32_LogicalDisk
Get-WMIObject -Class Win32_DiskDrive
Get-WMIObject -Class Win32_PhysicalMemory
Get-WMIObject -Class Win32_NetworkAdapter
Get-WMIObject -Class Win32_NetworkAdapterConfiguration

Windows 10 Shell Commands you can run from the ‘Run’ line

e following shell commands can be ran from the ‘run’ line in Windows 10

shell:AccountPictures	%AppData%\Microsoft\Windows\AccountPictures
shell:AddNewProgramsFolder	Control Panel\All Control Panel Items\Get Programs
shell:Administrative Tools	%AppData%\Microsoft\Windows\Start Menu\Programs\Administrative Tools
shell:AppData	%AppData%
shell:Application Shortcuts	%LocalAppData%\Microsoft\Windows\Application Shortcuts
shell:AppsFolder	Applications
shell:AppUpdatesFolder	Installed Updates
shell:Cache	%LocalAppData%\Microsoft\Windows\INetCache
shell:Camera Roll	%UserProfile%\Pictures\Camera Roll
shell:CD Burning	%LocalAppData%\Microsoft\Windows\Burn\Burn
shell:ChangeRemoveProgramsFolder	Control Panel\All Control Panel Items\Programs and Features
shell:Common Administrative Tools	%ProgramData%\Microsoft\Windows\Start Menu\Programs\Administrative Tools
shell:Common AppData	%ProgramData%
shell:Common Desktop	%Public%\Desktop
shell:Common Documents	%Public%\Documents
shell:CommonDownloads	%Public%\Downloads
shell:CommonMusic	%Public%\Music
shell:CommonPictures	%Public%\Pictures
shell:Common Programs	%ProgramData%\Microsoft\Windows\Start Menu\Programs
shell:CommonRingtones	%ProgramData%\Microsoft\Windows\Ringtones
shell:Common Start Menu	%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
shell:Common Startup	%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
shell:Common Templates	%ProgramData%\Microsoft\Windows\Templates
shell:CommonVideo	%Public%\Videos
shell:ConflictFolder	Control Panel\All Control Panel Items\Sync Center\Conflicts
shell:ConnectionsFolder	Control Panel\All Control Panel Items\Network Connections
shell:Contacts	%UserProfile%\Contacts
shell:ControlPanelFolder	Control Panel\All Control Panel Items
shell:Cookies	%LocalAppData%\Microsoft\Windows\INetCookies
shell:Cookies\Low	%LocalAppData%\Microsoft\Windows\INetCookies\Low
shell:CredentialManager	%AppData%\Microsoft\Credentials
shell:CryptoKeys	%AppData%\Microsoft\Crypto
shell:desktop	Desktop
shell:device Metadata Store	%ProgramData%\Microsoft\Windows\DeviceMetadataStore
shell:documentsLibrary	Libraries\Documents
shell:downloads	%UserProfile%\Downloads
shell:dpapiKeys	%AppData%\Microsoft\Protect
shell:Favorites	%UserProfile%\Favorites
shell:Fonts	%WinDir%\Fonts
shell:Games	Games
shell:GameTasks	%LocalAppData%\Microsoft\Windows\GameExplorer
shell:History	%LocalAppData%\Microsoft\Windows\History
shell:HomeGroupCurrentUserFolder	Homegroup\(user-name)
shell:HomeGroupFolder	Homegroup
shell:ImplicitAppShortcuts	%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
shell:InternetFolder	Internet Explorer
shell:Libraries	Libraries
shell:Links	%UserProfile%\Links
shell:Local AppData	%LocalAppData%
shell:LocalAppDataLow	%UserProfile%\AppData\LocalLow
shell:MusicLibrary	Libraries\Music
shell:MyComputerFolder	This PC
shell:My Music	%UserProfile%\Music
shell:My Pictures	%UserProfile%\Pictures
shell:My Video	%UserProfile%\Videos
shell:NetHood	%AppData%\Microsoft\Windows\Network Shortcuts
shell:NetworkPlacesFolder	Network
shell:OneDrive	OneDrive
shell:OneDriveCameraRoll	%UserProfile%\OneDrive\Pictures\Camera Roll
shell:OneDriveDocuments	%UserProfile%\OneDrive\Documents
shell:OneDriveMusic	%UserProfile%\OneDrive\Music
shell:OneDrivePictures	%UserProfile%\OneDrive\Pictures
shell:Personal	%UserProfile%\Documents
shell:PicturesLibrary	Libraries\Pictures
shell:PrintersFolder	All Control Panel Items\Printers
shell:PrintHood	%AppData%\Microsoft\Windows\Printer Shortcuts
shell:Profile	%UserProfile%
shell:ProgramFiles	%ProgramFiles%
shell:ProgramFilesCommon	%ProgramFiles%\Common Files
shell:ProgramFilesCommonX64	%ProgramFiles%\Common Files
shell:ProgramFilesCommonX86	%ProgramFiles(x86)%\Common Files
shell:ProgramFilesX64	%ProgramFiles%
shell:ProgramFilesX86	%ProgramFiles(x86)%
shell:Programs	%AppData%\Microsoft\Windows\Start Menu\Programs
shell:Public	%Public%
shell:PublicAccountPictures	%Public%\AccountPictures
shell:PublicGameTasks	%ProgramData%\Microsoft\Windows\GameExplorer
shell:PublicLibraries	%Public%\Libraries
shell:Quick Launch	%AppData%\Microsoft\Internet Explorer\Quick Launch
shell:Recent	%AppData%\Microsoft\Windows\Recent
shell:RecordedTVLibrary	Libraries\Recorded TV
shell:RecycleBinFolder	Recycle Bin
shell:ResourceDir	%WinDir%\Resources
shell:Ringtones	%ProgramData%\Microsoft\Windows\Ringtones
shell:Roamed Tile Images	%LocalAppData%\Microsoft\Windows\RoamedTileImages
shell:Roaming Tiles	%AppData%\Microsoft\Windows\RoamingTiles
shell:SavedGames	%UserProfile%\Saved Games
shell:Screenshots	%UserProfile%\Pictures\Screenshots
shell:Searches	%UserProfile%\Searches
shell:SearchHistoryFolder	%LocalAppData%\Microsoft\Windows\ConnectedSearch\History
shell:SearchHomeFolder	search-ms:
shell:SearchTemplatesFolder	%LocalAppData%\Microsoft\Windows\ConnectedSearch\Templates
shell:SendTo	%AppData%\Microsoft\Windows\SendTo
shell:Start Menu	%AppData%\Microsoft\Windows\Start Menu
shell:StartMenuAllPrograms	StartMenuAllPrograms
shell:Startup	%AppData%\Microsoft\Windows\Start Menu\Programs\Startup
shell:SyncCenterFolder	Control Panel\All Control Panel Items\Sync Center
shell:SyncResultsFolder	Control Panel\All Control Panel Items\Sync Center\Sync Results
shell:SyncSetupFolder	Control Panel\All Control Panel Items\Sync Center\Sync Setup
shell:System	%WinDir%\System32
shell:SystemCertificates	%AppData%\Microsoft\SystemCertificates
shell:SystemX86	%WinDir%\SysWOW64
shell:Templates	%AppData%\Microsoft\Windows\Templates
shell:ThisPCDesktopFolder	Desktop
shell:UsersFilesFolder	%UserProfile%
shell:User Pinned	%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned
shell:UserProfiles	%HomeDrive%\Users
shell:UserProgramFiles	%LocalAppData%\Programs
shell:UserProgramFilesCommon	%LocalAppData%\Programs\Common
shell:UsersLibrariesFolder	Libraries
shell:VideosLibrary	Libraries\Videos
shell:Windows	%WinDir%

 

Good tweak or bad tweak? TweakHound helps you decide.

An excellent site to look at tweaks and optimization of your operating system is TweakHound.   TweakHound gives step by step guides and hundreds of tweaks – they also help you look at these individually and explain why they are good or bad.

Go check them out.

 

 

Display Driver Uninstaller

If you are a gamer or in IT, you may have noticed a performance degradation after changing your video card or after upgrading the driver.

Display Driver Uninstaller helps to remove orphaned files and registry keys.

Go over to TECHSPOT and download the uninstaller.

Change network adapter priorities in Windows 10 – PowerShell

irst thing –

• disable network adapters you don’t use
• If you use Ethernet, disable everything but flow control
• Disable LLMNR
• Adjust NTLM
• Perform test with Totusoft’s network speed test

Next, avoid latency of your network card by adjusting the network adapter priorities.

Open PowerShell as an Administrator – Type Get-NetIPInterface

You will see the Interfacemetric numbers that vary from 11 to 90.

If you want a higher priority, set the interface to a lower number – I use wi-fi – therefore I can type the command –

Set-NetIPInterface -InterfaceIndex “11” -InterfaceMetric “11”

Our old article on using the GUI 

If you use more than one network card for mutliple LANS or connections, you can set the metric of each card to send IP packets through the fastest card first or the desired card.

For instance if you have a network card that connects to other servers and computers on one LAN and a network card that connects to a separate LAN that has security cameras; metrics can be used to compute the routing algorithm.

The one card would be set to a lower metric in order to go to the web and the security camera system would be set to a higher metric thus giving priority to the lower number.

Here’s an example of my home LAN which uses a printer and cameras on a separate network and my wireless which connects to the Internet.

So how do you change it?  Open the Network and Sharing Center – Click on Adapters – Right click the desired adapter – Select Properties – Double click TCP/IP – Click Advanced – Uncheck the Automatic Metric – Change to the desired number

Wireless

Above the wireless is set to 1.  Below the LAN which has a static IP address and no Gateway is configured with a 20.

Valid values are 1 to 9999.

Don’t forget to set the binding order of the network cards.   Go to the Adapter.  Hit the ‘Alt’ key once for the menu.  Click on Advanced and then Advanced Settings.

Move the network card with a higher priority to the top.

Is your AHCI Link Power Management viewable from the Power Options Console?

TCAT Shelbyville - Technical Blog

If you can’t see your AHCI Link Power Management from the Power Options, there is a way to add it.  Always backup your computer before modifying the registry.

You can add the GUID to the registry by going opening the registry (regedit) and creating  a key under the following key -0012ee47-9041-4b5d-9b77-535fba8b1442

The easiest way is to copy the information in italics to notepad or notepad++ and save as AHCI.reg.

After saving this, double click on the .reg file and reboot.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPowerPowerSettings

View original post

Error 1935 while installing Office

If you receive the error 1935, take the following steps-

• Make sure you have C++ Redistributables  Link 
• Uninstall Office (Make sure you have any documents backed up)
  • Run the Office Installation Cleaner (easy fix two found in Option Two at the following link)
• Delete the following key in your registry

 

Need to optimize your network? Look at adjusting LocalPriority, HostPriority, DNSPriority or NetBTPriority.

TCAT Shelbyville - Technical Blog

Need to optimize your network? Look at adjusting LocalPriority, HostPriority, DNSPriority or NetBTPriority.  (Host/DNS resolution)

The tweak works by increasing the priority of four processes.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider
LocalPriority = 4 (DWORD, the default is 499, change to 4)
HostPriority = 5 (DWORD, the default is 500, change to 5)
DnsPriority = 6 (DWORD, the default is 2000, change to 6)
NetbtPriority = 7 (DWORD, the default is 2001, change to 7)

You can use this script at a command prompt (as Admin) or in PowerShell (as Admin)-

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “LocalPriority” /t REG_DWORD /D 4 /F

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “HostsPriority” /t REG_DWORD /D 5 /F

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “DnsPriority” /t REG_DWORD /D 6 /F

reg add HKLMSystemCurrentControlSetServicesTcpIpServiceProvider /v “NetBtPriority” /t REG_DWORD /D 7 /F

taskkill /f /im explorer.exe

start explorer.exe

View original post

High Resource Utilization – It could be your memory compression

Have you noticed high resource utilization?  CPU, Memory or Disk at 100%? Of course this could be malware, a virus, a startup app or program. It could also be memory compression.

Windows 10 offers memory compression which takes little-used elements and stores them in RAM.   This saves memory and is faster than your pagefile.

If you experience latency or high memory utilization, you can turn off memory compression by using PowerShell.

Open PowerShell and type the following-

Get-mmagent

You should see Memory Compression is True.

If you are having issues with memory, Open PowerShell as an admin and type –
Disable-MMAgent -mc

This will disable memory compression

Reboot

You can enable memory compression by typing-

Enable-MMAgent -mc

There truly is no reason why you should disable memory compression.  Users have reported what they believed was corrupt compressed memory.   After disabling and re-enabling, users reported their systems had stabilized.

If the performance has improved with memory compression disabled, you can leave  Windows 10 with the compressed memory disabled.

You can also see Memory Compression by using the Task Manager or  Resource Monitor.

 

You can also use set-mmagent and use the maximum number of prefetch files  from 1 through 8192.  

Computer not responding? Restart your graphics driver

Computer not responding? Restart your graphics driver by using the following shortcut keys-

Win+Ctrl+Shift+B

It’s not always Ctrl+Alt+Del …

An interview with Fabian Wosar, EMSISOFT’s ransomare killer

Fabian Wosar, CTO of EMSISOFT is known as the most prolific ransomware killer in the world.   We reached out to Fabian and asked him ten questions.

Look for our Live Interview and video late next week…

Steve: You’re the cybercriminal…Create ransomware or steal and sell data?  Why?

Fabian: There can be a whole bunch of motivations at play. Some people are just interested in the challenge. They just want to proof that it is possible to break a system or to write malware for a certain system. Then you have people who just do it “for the lulz” or are somehow politically motivated. These people usually want to highlight certain issues or just want to have fun. The vast majority however, especially when it comes to ransomware, are financially motivated. Decently successful ransomware groups make tens of millions of dollars each month. Gandcrab for example managed to generate 2 billion US dollars worth of ransom money within about a year.

Steve: Do you see patterns from the “cyber gangs” in the reuse of code when they program new ransomware or variants? Are these ‘gangs’ becoming smarter?  Are they recruiting better programmers?

Fabian: It very much depends on the gang and campaign. Ransomware code is readily available not only on blackmarkets but also on places like Github. So the barrier of entry is somewhat low. There are also a whole bunch of “Ransomware as a Service” offers available, where everyone who is interested in getting into ransomware can just sign up, infect a bunch of people, and then get a cut of the revenue generated. That is how Gandcrab operated for example.

The gangs behind ransomware haven’t necessarily have become smarter, but they adjusted and changed tactics a lot. While in the beginning, ransomware very much was a home user problem, the focus has shifted towards companies in the recent years. Instead of spreading ransomware through spam, exploit kits and pirated software, attackers try to break into systems directly in order to encrypt them.

Steve: Are you seeing a collaboration of cybercriminals where opposing criminals are ‘teaming’ up with one another?

Fabian: There definitely is a lot of teaming up going on. Take a look at Ryuk for example, which is often deployed through existing bot infections. Whether the bot herders are behind Ryuk itself or whether the Ryuk gang is buying infected systems from the bot herders isn’t exactly clear. There is obviously also a lot of auxiliary stuff going on. It’s one thing obtaining a large amount of bitcoin. It’s another to turn that bitcoin into clean cash that you can use and buy things with. So the same organised crime structures that are involved in money laundering are present in cyber crime as well.

Steve: Is Microsoft keeping up with updates and patches and are you seeing more neglect from IT personnel?

Fabian: There certainly is a bit of apathy going on. Every couple of weeks there is a new big vulnerability threatening your security. It becomes difficult to keep up, especially when you have lengthy test cycles for new patches to make sure they work in your environment or if you rely on certified hardware and software, that can’t be easily patched without breaking the certification.

Outsourcing was often seen as a solution to this problem, but especially recently there have been attacks on MSPs, often with catastrophic results. We have seen cases where MSPs got hacked and thousands of their clients got hit by ransomware that was deployed through the RMM sytems used by those MSPs.

Steve: IoT and Network Area Storage is getting hit by Ransomware today.   Do you foresee new threats that go into Automotive/Transportation, SCADA/PLC, Linux and Mac Oss that involve a more sophisticated Ransomware?

Fabian: We have already seen some of those cases. A while ago a bunch of PHPBB communities got targeted by a rather unique ransomware. They replaced the database driver on those communities with one that would transparently encrypt and decrypt all data during access. The forums continue to work fine, often for months, until the attacker pulls the key out of the driver, making the database inaccessible. Since the driver often has been there for months, backups may have already been rotated out. But even if they weren’t, a large portion of content that was added since the attack may be encrypted with no recovery possible. I would suggest more of these types of attacks in the future.

Steve: When did you first notice code in Ransomware had your name in it?  Were you shocked?  Is this something you are seeing more of?  Are you constantly receiving threats?

Fabian: The first time it happened was about 3 years ago in a ransomware called Radamant. I wasn’t exactly shocked to be honest. I was more surprised and also a little bit proud. It’s the greatest form of compliment you can get in my line of work. It still happens occasionally in addition to ransomware authors contacting me directly on Twitter or in various online communities. The threats have become less, but they still happen occasionally. The biggest reason for that is that I am less public about my work and often help victims directly or provide information to other researchers who then release the decrypters.

Steve: Generally how long does it take to reverse engineer ransomware and provide keys if possible?

Fabian: That very much depends on the ransomware. But on average, it takes me less than 30 minutes to take the ransomware apart, find the encryption routines, and figure out whether the encryption scheme is secure or not. Writing a decrypter then takes another couple of hours. About 4 on average I would say. A lot of QA and testing goes into these decrypters. The last thing we want is damage the user’s files after all. So we tend focus on being careful instead of being the first. However, more often than not we are the first anyway.

Steve: Are you seeing more shady security companies who negotiate with the cybercriminals without the victim knowing?

Fabian: It continues to happen, yes. It’s important to drag these companies into the open and tell people what they are doing. People often think I am against paying the ransom under any circumstance. While that would obviously be the ideal, I am well aware that when it comes push to shove, people prefer to part with a large sum of cash rather than kiss their entire livelihood goodbye. So I am not against paying the ransoms per se, if there truly is no other way, and I also don’t think that a data recovery company should be ashamed of paying ransoms. Quite frankly engaging with a company that has experience with these types of negotiations can be quite beneficial. Not to mention that your accountants will probably prefer you paying a legitimate third party instead of buying bitcoins and sending them somewhere without any kind of invoice.

Ideally data recovery companies should just be honest about how they came up with the amount they charge their clients and outline exactly what they are doing. That doing so can make you hugely successful can be seen in the case of Coveware for example, who are very open about their processes and cost structure.

Steve: How did you get involved in Information Technology?

Fabian: I bought my first PC when I was about 10 years old. It didn’t take long until I got my first computer virus (Tequila.B). I was really fascinated by the concept, so I went into the library (sort of an offline Wikipedia for the young people out there ;)) and they actually had a bunch of books about computer viruses. So I got really into the topic, which led me to eventually learning assembly and Pascal programming and writing my own little anti-virus tools when I was about 11 years old. I never really moved away from that.

Steve: Finally, what is your recommendation other than the usual protection methods that someone can use to protect themselves against ransomware?

Fabian: Backups are by far the best protection. I recommend everyone who isn’t on some data limited plan to go with a cloud based backup solution. Preferably one that can operate using “zero-knowledge”, so that your data is encrypted on your system and the backup provider has no knowledge of what data is being stored on their service. Besides backups, practicing proper cyber hygiene is key. Stick to well known software and keep it updated. Don’t download and install software from places that aren’t trustworthy. Don’t have your data laying around openly on the internet. Have all access points to your network and systems protected using strong authentication (ideally based on certificates, not passwords; but if you have passwords, make sure they are of high complexity). Things like that.

Security software can obviously help quite a bit as well, but there are limits. I am always surprised how customers who had RDP enabled on their systems and trivial passwords complain that our product didn’t protect them. No product will in those cases. The attacker can just turn them off or uninstall them before running their ransomware. Once someone gained access to your system like that, it is game over.

Best regards,

Fabian Wosar
Chief Technology Officer EMSISOFT

EMSISOFT

Need to optimize and check a MySQL database on Windows?

Need to optimize and check a MySQL database on a Windows computer?

Open a command prompt as an administrator.

Change into the folder where your MySQL is located.

An example is below –

type cd\Program Files\MySQL\MySQL Server 5.7\bin

Hit enter

type mysqlcheck -u root -p –optimize –databases {enter your database name here}

Hit enter

Be patient and wait.  You may be asked to enter your root password for your MySQL when prompted