Automate Your Business

Archive for May, 2007

You’ve probably heard about the Registerfly debacle.

The end is in site. All domains are now being transferred to GoDaddy. (More on this in a moment).

For now, if you go to https://www.godaddy.com/gdshop/transfers/welcome_registerfly.asp?ci=9188

You can get your new GoDaddy account details emailed to you. All you need to have is your domain name which was held by registerfly. Godaddy have set up one account per registered email address, from what I can see, so if you have lots of domains at Registerfly, you might need to check that the first account you create at GoDaddy does actually contain all the domain names you are expecting it to have.

Oh. And give it time. The emails with my account details took about 10 minutes to arrive.

Now, the issue with GoDaddy is that they have a VERY strong response to what’s seen as spamming. They will disable domain names and charge you $160 (I think) to get it back. Be very careful.

One other point: if GoDaddy says that they don’t recognize the domain or something similar, do a WHOIS via a third-party like dnsstuff.com. There, you’ might see a reference to ENOM or one of the other resellers that Registerfly used before they became full registrars. If that’s the case, you’ll need to contact ENOM or whoever to sort out your name.

Final point: ICANN made an agreement with all registrars to extend the duration of domains registered with Registerfly, so your domain name might still be in your control even if you think it’s expired. But you won’t have long to sort these out. Again, the WHOIS should (I think) give proper details – but don’t quote me on this. Contact the registrar who holds your domain urgently to get everything sorted out.

Symantec/Norton anti-virus (AV) software has just yesterday flagged the FileTagger 2.0 (which is being tested by some beta-testers at the moment) and Stay On Focus as having the MSN.Flooder virus.

Don’t panic.

This is a “false positive”, which means that the AV software has incorrectly identified these files as having a virus. This happens because the AV software looks for certain “signatures” in files, and one of those signatures is found in my software. And many other pieces of perfectly legitimate and safe software.

It’s a false alarm, and as I was drafting this update, Symantec have actually already resolved it.

Boy that was quick!

So, first, I’ll tell you how to fix it, then I’ll give you some background, as it’s possible this type of thing might happen again in future.

The Fix:

Note: I’ve included some screenshots here, from my own PC. However, my employer’s laptop has a different version of Symantec anti-virus, which looks different. So your version might also be different. However, hopefully, you’ll be able to follow the text enough to resolve the issue.

Click the small images below to open up a new window with the full-size image.

First, you need to run the AV software’s Live Update to make sure you have the latest set of definitions from Symantec. You should have the version dated 5/30/2007 (rev. 41, if you can see the revision number – I can’t see this at home, I can at work).

Next, view your Quarantine area (see image below), and you’ll see a list of instances of the MSN.Flooder virus (plus any other viruses the have been found). Remember, there might be several instances (one for Stay On Focus, and one for The File Tagger 2.0 beta if you’re using it).

You can right-click each file, choose Details…, go to the Affected Areas tab, and it’ll show the file name(s) impacted.

Close the “Details” window if you have it open, and in the main windows, select the Stay On Focus and/or The File Tagger files instances of MSN.Flooder, and choose “Restore Item”.

The next bit varied between the two versions of AV software I’m running. The one at work (enterprise version of Symantec Antivirus) said something along the lines that the software can restore the files, implying that a fix had been found and the files could be moved out of quarantine and normal operation resumed.

The one at home (Norton Antivirus 2006) says what you can see below, which absolutely does not sound like it’s safe to restore those files. I wish the messaging was a bit clearer.

Unfortunately, I didn’t capture a screenshot of the Symantec version, so I can’t show you it now.

Press yes, and that should be everything up and running again.

The Background:

Although I am a developer by training and experience, I don’t always write my applications in “proper” languages like C++, Visual Basic, or VB.Net. These languages are very powerful, and very flexible, and therefore tend to take more time to develop applications.

There are other software development tools which bypass a lot of the complexity of these languages, in exchange for not being quite as powerful. The tools are often called “scripting” tools. They give developers who use them the ability to write simple applications very quickly.

I use the scripting tools because they allow me to write useful applications, quickly and easily, thus lowering my development time and costs. They also usually require less support. For example, out of 400+ people using Stay On Focus, only one issue has been reported (although by a number of people). Which is why I can offer it for free, rather than charging for it.

The downside of these scripting tools (and there are many of them, not just the one I use), is that people who write viruses also want quick and easy development, and no support, so they also use scripting tools to write their code.

So inevitably, the AV software companies sometimes flag any software written by the scripting tools as being viruses. Which is what happened today.

I’m using a tool called AutoIt, which is well respected by people who work with these scripting tools. It’s been around a long time, so this “false positive” by the AV software has happened before. You can see a general thread about the topic here:

http://www.autoitscript.com/forum/index.php?showtopic=34658

And one specifically about today’s MSN.Flooder alert here:

http://www.autoitscript.com/forum/index.php?showtopic=46810&hl=flooder&st=15

And finally, here is Symantec’s alert about the virus (which doesn’t specifically mention AutoIt – I’m just including it for your information):

http://www.symantec.com/security_response/writeup.jsp?docid=2003-050916-1048-99&tabid=2

So, I hope you weren’t scared too much, and hope that this resolves the issue. If not, please submit a support ticket at http://www.automateyourbusiness.com/helpdesk/

Well, time to bite the bullet.

As some of you will know, I’m seeing some issues with outgoing emails from my web applications (eg, my helpdesk system) to some people. My host is unable to help. Time to move this site elsewhere. I can’t have my helpdesk system being unreliable.

I’m moving it to another host I’ve used before, so I know they’re pretty good.

But it will mean some disruption to the site probably. So my apologies if things don’t go so well…

I’ve just added a form (in the right-hand side of the page now) for a blog notification list.

By subscribing to this list (managed by the reputable GetResponse.com), you’ll receive a quick email notification each time I post something to the blog.

Not very exciting is it?

Oh, alright then, I’ll also throw in some special offers on my products from time to time, and some private email-subscriber-only content.

How’s that for a great deal?

And if you’re an affiliate: the subscription form ties into the affiliate program as well!

As mentioned in the comments on the last post, I’ve responded to people who raised a support ticket for the vanishing icons, sending them the URL to download the new version. I’d like to give them a couple of days to come back to me on the results, then I’ll release to the wider user base.