How, When & Why Grid Reconstructs

This blog is meant to shed some lights why grid reconstruction happens.

Grid is an object in form that can show the records in a table view.  When you do not use .RecordSource property, it will grab whatever is the current active table and use.  When we use RecordSource property, then it will show the records of the source.  While there are four (4) RecordSourceType to choose from, I will focus only on two (2) of those here:

a.  If I am using Safe Select (2 cursors) Approach, then it is .RecordSourceType = 1 - Alias.
b.  If I am using a single cursor approach (the same cursor gets overwritten over and over again), then it is .RecordSourceType = 4 - SQL Statement, for me.

Depending on my need, I switch either with RecordSourceType 1 or 4.

ssTitleBar2

You may ask me, why have I created yet another title bar class again?  And the answer is because I want to give more to the users.

All my previous title bar class are dependent of images I designed using Adobe Photoshop and though those looks good per my own taste, creating yet another look or simply just colors takes time.  And so I want to get out of that bond I inadvertently created for myself, therefore ssTitleBar2.

What has this new titlebar class has to offer that those previous ones can't?

• Less Images - This new class is designed mostly using native VFP shapes and are positioned properly to give it a good look.  The shapes are the whole titlebar component itself including the control box.  Now it is easier for me to create new themes and color, whenever the mood hits me.
•  Additional objects
• Another subclass in the appearance of a printer icon is created so users can switch their default OS printer on the ply (optionally shown)
• Time is optionally shown
• ssChkBox is embedded to allow movement of the form or not (optionally shown)
• Resizable - Whereas the old titlebar classes cannot be resized when the lShowBorder parameter is set to .T., this one now can.  In addition, borderline is now better looking

Here is an image of this class:

One major improvement of ssClasses this week is the creation of ssColors which will allow me to make new color combinations that will affect all my sub-classes that needs it.  Like I said, creating new themes and colors next time will be easier (because of ssColors).  Not to mention that ssSkinner is also using this so you can extend color-theming on the ply even to native VFP objects much easier.

Troubleshoot Sending Email from Outlook

Due to intermittent connection with internet resulting from Degradation of Service on our VSAT, we constantly have problems sending emails. In addition, there are few minor reasons why email sending fails. So this blog is meant to give guide to those who have problems sending emails.

Reason: Invalid email address(es). Users kept telling me that their email is not delivered properly. And I kept telling them to check the email addresses because if you have more than one recipient or have some more on CC and BCC, a single invalid email will give you that undeliverable error report.

Solution: Confirm that you have the proper email addresses.

Reason: Dangling Reference - Because email sending is taking the user so much time, the tendency is they will close Outlook, Open it again, then try sending the email once more. They may repeat doing this but got no luck. The reason is (per our experience on several units here), there are dangling references of outlook in the system processes.

Solution: Right-click taskbar, activate Task Manager, Click Image Name Header to sort the processes alphabetically either ascending or descending, and kill all Outlook instances there. Ensure that there is no more outlook instance before reopening outlook again. I am not sure if this is a bug of Outlook 2007 or not but that happens.

Reason: Add Ins. For some more reasons, some add ins affect also the way how outlook works smoothly.

Solution: Open outlook in Safe Mode. Few users know about this feature. You can easily do this by pressing Ctrl button while clicking outlook. It will inform you that it has detected you pressing the Ctrl key and will ask you if you want to start outlook on Safe Mode. Click ok then try sending your email again.

Reason: Blocked outgoing port. In some cases, you may not know that your unit is spewing out SPAMs due to undetected malwares on your unit. When this happens, your ISP may block your outgoing port (default is 25) and you won't be able to send out email.

Solution: Try the alternate port 587. Click on Tools, Account Settings, double-click your account, More Settings, Advanced, then change your outgoing port (SMTP) to 587.

Reason: Your recipients admins has made some protection on their end against SPAMS. When attempting to send an email, you may see either a relay error stating, Relaying Not Allowed, or an alert box requesting you enter your password. This would be an indication you need to check Outgoing SMTP authentication on your mail client program.

Solution: To avoid the possibility of your email being treated as SPAM, ensure that your email is authenticated by your Outgoing Mail Server. To do this: On outlook, click Tools, Account Settings, double-click your account, More Settings, Outgoing Server Tab, tick My Outgoing Server requires authentication, Log to Incoming Mail Server before Sending Mail.

Well, that wraps up the way I troubleshoot our sending of emails problem over here. If I suddenly think of some more reasons and the ways to counter those, I will update this blog.

Hope this helps!

Importing from an xlsx file via automation Part II

Last time I created an entry in weblogs about the automation approach of importing an xlsx file because with the change of format on Excel 2007 onwards, VFP is generating an error now on importing it.  Since importing has no problem on lower versions of Excel files, the solution I have proposed is to save the sheet to a lower version, preferably XL5 format for backward compatibility reason.

Now, a new question is raised.  Though that approach works fast and is easy, how can we import from a specific worksheet inside the excel workbook?

If you use the approach that I have shown, it will always get only the first sheet.  Here is another trick though so we can do a selective import of an existing sheet inside that workbook.  And as a bonus due to another question raised inside Foxite Forum, here is also a way on how to replace the column names with the contents of the first row so Field Names will be better and proper instead of Field Name A, B, C.... and so on:

ssTab

ssTab is the latest on my ssclasses family.  I originally created ssPage before but since I am still new with classes way back then, although the class produces an appealing tab appearance, it is messier and harder to use.

ssTab is better in a lot of ways than ssPage.  It also offers more feature than ssPage.  Here are the parameters of ssTab:

Lparameters cCaption, cToolTip, nTab, cPageFrame, nColor, nStyle, cIcon, nIconStretch, lShowFold, lActiveTab

Where:

• cCaption - is the caption of the tab
• cToolTip - is the tooltiptext of the tab (optional)
• nTab - is the tab number of the PageFrame to be binded to ssTab
• cPageFrame - is the name of the PageFrame to be binded to ssTab
• nColor - is a numeric color (right now only 1 to 4) to dictate what color of the tab will appear
• nStyle - is the BackStyle of the tab (1 for Opaque, 0 for Transparent).  This produces extra appearances on ssTab
• cIcon - is the icon of the tab (optional, use bmp or jpeg; preferably .bmp)
• nIconStretch - will the icon stretch or not?
• lShowFold - whether ActivePage (clicked page) shows a folded section on the right or not 
• lActiveTab - to specify which one of the ssTabs you want to be the Active Tab (and which Page of the PageFrame to start active)

 Right now, here are the possible look of Active ssTab (all with lShowFold = .T.)

Of course, in the future I may create more.

Among the sample given to subscribers is this:

Enjoy!

Extending FastXtab (Cross Tab)

What is a Cross Tab?

Cross tabulation is the process of creating a contingency table from the multivariate frequency distribution of statistical variables. Heavily used in survey research, cross tabulations (or crosstabs for short) can be produced by a range of statistical packages, including some that are specialised for the task. Survey weights often need to be incorporated. Unweighted tables can be easily produced by some spreadsheets and other business intelligence tools, where they are commonly known as pivot tables.  - Wiki

===========

FastXTab is another cross tab utility developed and shared to us by Alexander Gorovlev which aims to replace the cross tab utility shipped with VFP (VFPXtab).  Its name lives to its reputation of being faster than VFPXtab.  It can be downloaded here: http://www.universalthread.com/ViewPageNewDownload.aspx?ID=9944

Originally I do cross-tabbing (pivoting) inside Excel via automation and it has its own merits but though it offers more features that after the pivot sheet is created that you can still manipulate it, it appears to be slower and of course you have to do a lot of codings to attain it.

Enter FastXTab, as I mentioned a very fast cross tabulating utility.  One thing though that I noticed with it is on the bottom, the author has placed these:

* TODO:    Support for long field names
*        lTotalRows property

And I needed at that time that lTotalRows property.  So since it is not yet there (in the downloadable zip), I took the liberty to add that feature on my end and now decided to create this entry so interested users of FastXTab who has not added or made that property work yet can add it on their end as well.  Here is infused portion for lTotalRows:

Set Talk &cTalkStat

Set Null &cNullStat

Wait Clear

* If rows are totalled

If This.lTotalRows

      Alter Table Alias() Add Column "Total" N(12,2)

      Local lcField, lnTotal, lnloop

      Scan

            lnTotal = 0

            For lnloop = 2 To Fldcount() - 1

                  lcField = Field(m.lnloop)

                  lnTotal = lnTotal + &lcField

            Endfor

            Replace Total With m.lnTotal In Alias()

      Endscan

Endif

If This.lBrowseAfter

      Browse Nowait Normal

Endif

Ignore the ones colored in red.  Those are already there.  I just copied it here so you will know where I inserted the lTotalRows feature.

And if you are a user of ssToExcel, then combining FastXTab with that class will allow you to create your report in excel very fast and with good formatting plus column totals as well like this:

Restrict users from changing time on their local unit

Here is a trick on Restricting users changing the local CPU time.  Some people need it especially when a software is based on the running local unit’s clock, so by restricting the users’ ability to change it, they cannot cheat.

There are several ways to restrict it, but we will focus on Group Policies and some outside tricks.  To start, open Group Policy Editor by clicking Start button, Run, typing GPEDIT.MSC and hitting enter.

Once inside, navigate to these Folders:

a. Local Computer Policy
b. User Configuration
c. Administrative Templates

* Hiding the clock on system tray of Taskbar (User Notification Area)

On Start Menu and Taskbar Folder:
- Remove Clock from the system notification area – set to Enabled

* Hiding the Date and Time icon on Control Panel

Steps to Remove Recycler Folder

What is Recycler folder anyway?  Is it really part of Windows or not?

When you delete a file in Windows NT Explorer or My Computer, the file is stored in the Recycle Bin (if this feature is not turned off). The file remains in the Recycle Bin until you empty the Recycle Bin or restore the file.

The Recycler folder is used only on NTFS partitions. The RECYCLER folder is the recycle bin for every drive that has read/write capability. Naturally CDROM won’t have that. Saying another way, the Recycle Bin on your desktop is simply a shortcut to all the RECYCLER folders in your computer. If you have a C: and D: drives on your unit which is of read/write capability (harddrives, USB Mass Storage Devices); then your recycle bin shows the contents of C:RECYCLER and D:RECYCLER. Having these RECYCLER folders on each drive saves the OS from having to physically move/copy a deleted file or folder into one fixed location which maybe on another drive.  Needless to say, retaining an individual RECYCLER folder for each drive is way much reasonable, easier and faster.

Now, why in the heck would I want to “Remove Recycler Folder?” as the title suggests?

BSQXITA virus removal

What does this virus do?

a.  When you log into your OS account, a folder will pop up like My Documents, Windows folder itself, or any other folders.

b.  When the infection goes deeper, the only thing you can see is whatever that folder has popped out and its contents.  No desktop, no start button, and a lot of no other things.

When you experienced something like this, then you can suspect that that is BSQXITA virus (I am not sure if it is called by any other names by other antiviruses software out in the market but that is the name I have seen).

This tutorial will show you the way to recover from that infection and to totally eradicate said malware.  The steps will involve removing related registry entries as well as physically removing those file infections in the harddrive.  Here goes:

a.  When you are already logged and a folder (with its contents) automatically appears and nothing else, you need to kill the Explorer process.  Explorer is Windows shell and the reason why I said to kill it is because the Explorer loaded by your OS upon logon has something extra.  You will learn what later.  So press Ctrl+Alt+Del and go to Task Manager, then search for Explorer.exe, right-click, choose Kill Process Tree.

b.  Everything disappers at this time except with the task manager.  Do not close it and instead click File, New Task (Run) then type explorer and hit Enter. After that everything is proper.  All we need to do now is start removing the infections, both files and registry entries.

c.  Click Start, Run and type MSCONFIG then hit Enter.  Once inside MSCONFIG, go to Startup Tab and look for these entries:  BSQXITA.EXE and NETSFIGX.EXE.  Untick those so it won’t be auto-loaded next time.   Click apply, then close.  It will ask you to restart, choose Exit without Restart!

d.  Click Start, Run and type REGEDIT then hit Enter.  We will now clean registry entries made by this virus.  Go to these locations (HKLM means HKEY_LOCAL_MACHINE):

- HKLM\Software\Microsoft\Windows\CurrentVersion\Run (delete entries for those two files mentioned above).

Optionally, you can also clean the startupreg as shown in MSCONFIG.  Go to:
- HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg
Delete the files that is being autoloaded there that seems suspicious like the BSQXITA.EXE and NETSFIGX.EXE entries

Now in letter a above, I have said to kill Explorer exe because it does an extra thing, right?  The next registry entry is responsible for that.  Navigate to:

- HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon

Under “shell” entry, you will see something like this:  Explorer.exe System3_.exe

The reason why during initial logon, a folder is popping up and nothing else is because of that entry.  Explorer is auto-loading another exe into processes and that System3_.exe (sometimes the name may change) is a virus component that halts any other more execution.  That is also the reason why I want you, in letter a above, to kill the first instance of Explorer.exe in the process in task manager.  Because by killing that first process, you are also killing the related processes it has loaded.  Letter b reloads a “clean” instance of Explorer which is the OS shell and that one is loaded without any extra baggage.

Now, under that shell entry, remove the extra commands. Double-click it and leave only Explorer.exe
Just to make sure that everything is cleaned, still inside the registry, go back to My Computer and hit F3 (search) and type BSQX and search for it.  Delete every occurrence.  To resume searching after it find one entry and you deleted it, hit F3 again.  When it reached the end, go back to the top by clicking My Computer and this time do not hit F3 as it will resume searching for BSQXITA.EXE.  You need to look for another this time, i.e., NETSFIGX.  To do a fresh search, press Ctrl+F.  Remove all occurences of that item.

RECAP:

a.  We have loaded a fresh clean Explorer shell
b.  We have killed processes relating to this virus
c.  We have cleaned registry entries so that virus won't be loaded again next time we logged on

All that is left is to remove the physical files in the harddrive. Those files are actuall inside Windows\System32 and \Users\Administrator (for system3_.exe).  But if you have the time, open explorer and search for those files.  Ensure that in advance, Search hidden Files and Folders is ticked.  Delete all those infections.

If for one reason or another, the system won’t allow you to delete a file, use unlocker, a tool created by Fredirick “Nitch” Collomb http://ccollomb.free.fr/unlocker/


Goodluck on your end!

ssChkBox

I actually created an ssChkBox before as shown in my TreeView To Do module but I easily got tired of its appearance that it actually was not included in the releases of my classes. Finally though, I think this appearance is really "catchy" that I decided to recreate said class, meaning from my old "dirty" approaches into a cleaner and leaner new class.

This actually works just like ssSwitch but there are those who are comfortable in having a checkbox instead of switchbox being it is very familiar to developers and end users alike.  This class caters to that "familiarization" aspect.

Like ssSwitchBox, this can have a logical value of .F. or .T.; or a numeric value of 0 or 1 (patterned after checkbox class).  Unlike ssSwitchBox though, this only have 1 theme so the parameter that needs to be passed is only two, i.e., its caption and its value.

When it is on the checked status, the caption is bold.

In addition, like an ordinary native VFP Objects, you can use its click event to do something.

Shown is the sample form given to subscribers:

Another new spice to make your forms looks "deliciously tasty".  Enjoy!

ssSwitch

ssSwitch is actually a remake of my old Switchbox class, the very first class I made and where the idea of creating several ssclasses later originated. 

For those who are not familiar with that one, SwitchBox class (as well as this one now) is an attempt to replace a checkbox with something unique.  I called this a switch because the appearance seems to switch on and off.

There really is not much difference with a checkbox and a switchbox (or ssSwitch in this case now).  Both can handle a logical values of .T. or .F., or a numeric values of 0 or 1.  Like a checkbox, you decide what you need to use.

Unlike the old Switchbox class however, this new class is cleaner, leaner and better.  I only got two original themes from Switchbox class and created 2 new themes for this one.  To use it, simple double-click it and in its Init event pass 1, 2 or 3 parameters like this:

This._settings( < Caption to use in the switchbox >, < logical or numeric value to start >, < Theme 1, 2,3 or 4 > )

Example:

This._settings("Show \  && Starts with value 1 or ON status and theme 3

Default value is a logical .F. and Theme is 1.

This is also the first class I decided to finally implement calculating the font width so the class' width can auto-adjust based on the length of the caption without developer specifying the width of the class.

And like my latest _ssclasses now, you can get its current value like this:

llValue = this._ssSwitch1.value
lnValue = this._ssSwitch1.value

when it is in the ON status, caption is bold.

In addition, like an ordinary native VFP Objects, you can use its click event to do something.

This will surely "spice-up" the appearance of your forms.

Pisang Bakar Virus Removal

Repost from my old site www.junblogs.com

I believe this has been in circulation for a long time as I think I have glimpsed this before on an internet caffe.  But hey, I am only renting it so I cannot properly “touch” that unit.

Today however, one of my IT guys have inserted his flash drive into one newly formatted unit here that does not have any anti-virus yet so presto, PISANG BAKAR infection.  I called one indonesian Manager and asked him what PISANG BAKAR is because I suspected that the word is indonesian and he confirmed it and said that it means banana; what a name for a virus. Well maybe the one who created this is thinking users will go banana over this one, LOL!

Cleaning this, however, is easy but not simple enough because it touches a lot of things.  Let me explain:

a.  Unlike some viruses that totally hides its components, this one is boastful as its show its presence on root drive c: under the filename pisangbakar.exe.  There is a corresponding text file (info.txt) that when opened show a lot of Indonesian words.  Other files follow:

\Windows\WinSetup.bat
\Windows\control32.ini (internal name is oyaba)
\windows\winampa.exe   (created by control32.ini via copy, the sole purpose is so it can be run later).  Winampa.exe is actually a valid name for Winamp player loader but it is never inside windows folder but in Program Files
\windows\system32\svghost.exe (resides in processes.  Use to infect further, recreates pisangbakar.exe and info.txt plus terminates attempt to run msconfig, regedit and task manager)

The standard way I am teaching here is to kill the virus component that is in the process using Task Manager.  But since this virus detects task manager among the processes and auto-kills it, then we need a 3rd party tool.  You can download DTaskManager here:  http://www.snapfiles.com/get/dtaskmanager.html.  Once you downloaded it, run it and use it to kill SVGHOST.EXE.

After SVGHOST.EXE is killed among the processes, you can then proceed with removing all those files mentioned.

b.  Additionally, it changes exe file association into your default media player.  To restore exe to its normal association, copy the codes below and paste it on a notepad.  Afterwards, rename it to any name with an extension of reg (e.g., FixExe.reg):

Source code

Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\.EXE]
@="exefile"
"Content Type"="application/x-msdownload"
 
[HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
 
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00
 
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
 
[HKEY_CLASSES_ROOT\exefile\shell]
 
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
 
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"
 
[HKEY_CLASSES_ROOT\exefile\shell\runas]
 
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"
 
[HKEY_CLASSES_ROOT\exefile\shellex]
 
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
 
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]

Double-click that newly created registry info so it can restore the exe association back to normal.

c.  This virus creates some more registry entries so it can load itself on boot.  Open regedit and navigate to these entries:

My Computer\HKEY_Local_Machine\SOFTWARE\Microsoft\Shared Tools\MsConfig\Startupreg (delete SVGHOST entry there)

My Computer\HKEY_Local_Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Under Shell, entry is this:

Explorer.exe c:\windows\system32\SVGHOST.EXE

Double-click it and just retain Explorer.exe  Do that also on HKEY_USERS (every user’s own settings).

The number of HKEY_USERS entry depends on the number of users you set in your unit.  So navigate to Winlogon of each HKEY_USERS as shown above.

Tip:  If you are getting lazy, just search SVGHOST.EXE inside registry.  Also look for Winsetup.bat.

and that is it!  Reboot your computer and work normally again.

ssEditBox

Since textbox can only hold a limited maximum number of characters and will hide some entries from our eyes if it goes beyond the textbox's current width, then for longer entries we normally use an editbox. However, one thing that I don't like about editboxes is those "eat" space and sometimes it is harder to design the appearance of our forms because we have to give allowance to those.  See image below:

Solution?  Create a dropdown editbox.

This class I called ssEditBox is designed to cater for longer entries that normally requires an editbox. This class appears like an ordinary textbox and consumes space on the form much like an ordinary textbox as well.  The difference is that this can handle longer entries as once the textbox reached the nMaxChar property value (default is 15 characters) then the dropdown editbox will appear and focus will be transferred there so you can continue typing as if you really are typing there in the first place.

You may want to change the value of nMaxChar property other than 15 characters if you have resized the class (made it wider or narrower) so you can estimate the number of characters user will type before it reaches the end of the current textbox width and make it appear that suddenly the dropdown edit box will popup.

Aside from letting the class reach the nMaxChar property for dropdown editbox to appear, you can likewise force the dropdown portion to appear "any time" via pressing down arrow when the class has the focus.  Hiding it back is done either via pressing Esc key, up arrow key or when you click outside of the dropdown editbox.

By default, the dropdown editbox is wider than the textbox.  But when you drag the right edge of the class making it wider than the dropdown editbox portion, the class will auto-compensate adjusting the dropdown portion to be of equal width with the textbox portion.

So there you are, again a very simple yet unique and appealing new class added to the list of growing ssclasses family.

Enjoy!

ssGridLock

I never liked horizontal scrolling capabilities of grids because I wanted everything to be seen outright without the need to scroll.  So I never used grid column locking before and most of my classes that deals with grids is designed without horizontal scrollbar in mind like ssAnchorSizer.

But, taste and need changes and in one of my modules I am forced to put a grid where some columns are hidden and the need to scroll horizontally cannot be avoided.  And since I don't want to guess "where" I am when I scroll to the right, I need to lock columns on the left.  And with that need arises ssGridLock class.

Using it is very easy like my ssGridSorter class.  Just bind the grid you wanted to attach to that column locking capability like this (on class Init event):

This._GridName = "Grid1"

By default, it will lock the 1st column of the grid but you can adjust it to initially show more than one column locked also via init event like this:

This.Value = 2  && locks 2 columns initially

Or via its value property on the PEM window.

This class will create a lock image on the column of your grid so you will know which column is currently locked.

And since it is included with a spinner, you can change locking dynamically on run by changing the spinner value up or down or by manually keying in the  number of columns to be locked.

Like my other grid classes, the class and the grid should be on the same container.  So a grid in the form must have that class on the form as well.  If the grid is inside a container object, then the class should also be inside that container.  If the grid is inside a page, the class should also be in that same page.

Convert external document files to PDF via ShellExecute()

Originally posted in www.junblogs.com

The easiest way to convert a report into a pdf file is via using a pdfprinter.  There are lots of pdf printers outside there which you can use.  You can check these sites:

http://www.bullzip.com/

http://pdfprinter.com/

http://www.cutepdf.com/

http://www.primopdf.com/index.aspx

to name a few.  Converting the report is as easy as these:

SET PRINTER TO NAME('PrimoPDF') && or something like that or a variable that contains the name of the PDF printer

REPORT FORM YourReport TO PRINTER NOCONSOLE

SET PRINTER TO DEFAULT && This is essential to instruct VFP to return back to its default printer

IEXPLORE.EXE virus Manual Removal

This is actually an old infection and this can be easily killed so I ignored sharing this one before.  However, some units here in our office has been again infected by this virus that is why I have to manually kill those again as our antivirus seems to not recognize this one.

What is IEXPLORE.EXE?

This is actually the executable filename of Microsoft Internet Explorer.  But since some virus propagator decides to be a little naughty, they named the process the same name.  If I am creating a virus, I might name a virus with a certain Microsoft processes as well so it can fool a lot of people thinking it is legal.

Since this virus has the same processes’ name with that of Internet Explorer, how will we know if what you are seeing in the Task Manager is the virus or the real Internet Explorer?  Simple, if there is no open Internet Explorer, then it is a virus.  If there is an open Internet Explorer, close it. After closing Internet Explorer and there still is an instance of IEXPLORE.EXE, then that is a virus.

What does this virus do?

Auto Run your exe on OS logon

While we are at it (Your exe and nothing else), I want to show now here the ways to make your exe sort of auto run during logon, the places where we can do that and the advantages and disadvantages if any.

There are 3 common places I would choose to ensure that my exe will auto-load so users will no longer need to double-click it when they open their computer unit.  I will start the sequence from the first to the last:

a.  Startup folder - this is the very first instance that the OS will load or try to run anything.  You can put the shortcut of your exe here.  Click Start button, All Programs (or simply Programs), then Startup folder.  Right-click it and choose Explore.  Paste your exe shortcut here. 

As I said, the OS will try to run "first" what is here before the other ways I will show below and this is a sort of advantage.  Its disadvantage is a user can delete that shortcut later removing that auto-run(load) effect you want your exe to have.

b.  You can create an entry inside registry in this:

Your exe and nothing else

Most POS developers says to themselves "Oooo!  I want to hide task bar and start button so users can not switch to other exe while using my POS system.  I also want to hide this, disable this and kill this, etc."  Although in reality most developers do not really say "Oooo!" and instead use stronger words but that is the way I want to paint that expression here for fun, LOL!

So they find ways to do that and of course those are always possible via playing with registry settings or in some cases via WinAPIs.

However, why go into the trouble of doing all those things when there is simpler and easier way to achieve that?  Is it possible to make your exe the only thing running and nothing else?  Sure.

A normal windows OS uses Explorer.exe as its shell.  There are other more 3rd party shells out there in the net and I tried some before but because of familiarity with Explorer, I always go back to the default.  What is a shell?

Shell, briefly explained:

A shell is a piece of software that provides an interface for users of an operating system which provides access to the services of a kernel.   Its primary purpose is to invoke or "launch" another program; however, shells frequently have additional capabilities such as viewing the contents of directories. - wiki

So what has an OS shell go to do with what I am trying to say here?  When you use Explorer.exe as shell, then it will load the taskbar, it will load the desktop, it will load a lot of everything.... which in the end you wanted to kill or disable later anyway.  So why go into the trouble of disabling, hiding, or killing those things later..... when we can simply prevent those to be loaded in the first place?

What I am trying to say is use your exe as the OS shell so that is the only thing that will be loaded.... and nothing else.  Below is a simple snippet to do that.  I used scripting here but if you are not comfortable with it, you can use registry.prg that is shipped with VFP (HOME()+"samples\classes\registry.prg"):

**********************

* ShellSwitcher.prg

* Author: Jun Tangunan, October 19, 2011

**********************

Local oForm As Form

oForm = Createobject('ShellForm')

oForm.Show(1)

Return

Define Class ShellForm As Form

      AutoCenter = .T.

      Height = 100

      Width = 300

      Caption = "Sandstorm's Shell Switcher"

      MinButton = .F.

      MaxButton = .F.

      BorderStyle = 1

      Add Object label1 As Label With;

            top=35, Left= 10, Caption = "Please Select what Shell to use later",;

            AutoSize = .T., FontBold = .T.

      Add Object opgshell As OptionGroup With ;

            top = 50, Left = 10, ButtonCount = 2, Value = 1, ;

            AutoSize = .T., BorderStyle = 0

      Add Object cmdgo As CommandButton With;

            top=60, Left= 165, Caption = "Apply", Width = 100, Height = 30

      Procedure Init

            With Thisform.opgshell

                  .option1.Caption = "Explorer (Default)"

                  .option1.AutoSize = .T.

                  .option2.Caption = "This System"

                  .option2.AutoSize = .T.

            Endwith

      Function cmdgo.Click

            If Messagebox("Proceed?",4+32,"Switch Shell") = 6

                  Local loWSH As wscript.Shell

                  loWSH = Createobject("wscript.shell")

                  loWSH.RegWrite(;

                        "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell",;

                        Iif(Thisform.opgshell.Value=1,"Explorer.exe",;

                        "< your exe with full path >"))

                  Messagebox("A log off is necessary, click ok to log off now!",;

                        0+64,"System Restart Needed!")

                  loWSH.Run("CMD /C LOGOFF",2,.T.)

                  Thisform.Release

                  Return

            Else

                  Messagebox("Shell switching is aborted!",0+64,"Oppppssss!")

            Endif

      Endfunc

Enddefine

Here are some more things you need to know to be able to use this:

1. You should be a member of an Administrator Account because it deals with tampering values of Local Machine in Registry 
2. I have not killed Task Manager here so once you have tested your exe to be the Shell and would want to go back to the OS default (Explorer.exe), then you can press Ctrl+Alt+Del keys to active Task Manager, run Explorer.Exe, go to where this code snippet is, run it again and switch back to Explorer as the Shell.

 Tested under WindowsXP SP2.

You can incorporate the above codes as part of your project so that you can switch shells from within your exe without invoking the task manager. And once you are comfortable with it, then you can either proceed with disabling the task manager as well so it will really be your exe and nothing else.....

Enjoy!

Selectively Close Open files in Server

A question is raised recently in Foxite Forum on how to avoid an error during backup creation if a table is left open by users.  My suggestion is to use Computer Management Console in the server itself either by logging directly onto the server unit or remote controlling it via remote desktop:

However, that is the manual way of doing it.  A fellow foxiter named Yahia Aboudalal said he is using this command to close those files, i.e., OpenFiles.  That is great because I am not even aware that such command exists, LOL!

Anyway, this will need to know the ID of the open files so we can selectively close those.  Like in our office here, some engineers stays well beyond 5PM so I would not want to execute something that will suddenly close their files as well, won't we?  So here is a simple snippet I prepared today to test on our server.  The purpose is to selectively close only the files my app is using:

Create Cursor junkopen (xID I, xuser c(10), xsystem c(10), xfiles c(100))

Local oShell As wscript.Shell, lcTempFile

lcTempFile = Addbs(Getenv("TMP"))+Sys(3)+".txt"

oShell = Createobject("WScript.Shell")

* create a CSV list of open files in server

oShell.Run("cmd /c openfiles /query /S < your server name >"+;

      "/U administrator /FO CSV /NH > "+m.lcTempFile,2,.T.)

* Clean it up, remove those warnings above the list

Strtofile(Strextract(Filetostr(m.lcTempFile),;

      "again.."),(m.lcTempFile))

* add records to our cursor

Append From (m.lcTempFile) Type Csv

* Clean it up

Select xfiles, xID From junkopen Where ;

      INLIST(Upper(Justext(xfiles)),"DBF","CDX","APP","FPT") ;

      AND !Empty(Justext(xfiles)) Into Cursor junkopen

* Start closing remaining files on the list

Scan

      Wait Window "Attempting to close "+;

            ALLTRIM(junkopen.xfiles) Nowait

      oShell.Run("CMD /C OPENFILES /DISCONNECT /S "+;

            "< your server name > /ID "+Transform(junkopen.xID),2,.T.)

Endscan

Messagebox("Target Open Files has been closed!")

* Perform your backup routine

And as usual if I believe this will benefit others, then I post it here in my blog than inside the forum so it won't be lost easily.