OMG!!!!

Ok that was out of the way. performing a Drupal install for the first time using IIS version 7 and windows 2k8 server. After entering the database information I was faced with a 500 error message that gave me a lot of information. SIKE

The 500 error gave me nothing at all, did not tell me where the error was or which file caused the error. By default IIS7 will suppress the PHP errors and will not show them in the browser. This is the case even if Display_errors is turned on in the php.ini file.  I had to enable the directive to save the error to a flat file error_log= /path

some techs have enabled enabled IIS7 errors server wide using
%windir%\system32\inetsrv\appcmd.exe set config -Section:system.webServer/httpErrors -errorMode:Detailed

Issue 1
If you have tried installing Drupal on Windows Vista or Server 2008 recently with PHP configured to use Microsoft’s FastCGI handler, then you will have no doubt encountered a problem where you are unable to make any updates to your site configuration. This is because the REQUEST_URI variable when using Microsoft’s FastCGI handler on IIS 7 does not include the query string as it does with other Web servers such as Apache. Until the IIS team release a fix for this you’ll need to use a work around to rectify the issue.

The easiest way to rectify the issue at the moment is to modify the request_uri() function in Drupal. To do this simply open the Drupal bootstrap file in “includes/bootstrap.php” find the appropriate section of code and modify as follows;

function request_uri() {

return $uri;
}

Then I found i was receiving the error

isssue 2 :
Fatal error: Trying to clone an uncloneable object of class mysqli in db-mysqli.php

Fix : “Fatal error: Trying to clone an uncloneable object of class mysqli – If this error occurs you must turn off the zend.ze1_compatibility_mode setting in your PHP configuration.”

ini_set(‘zend.ze1_compatibility_mode’, 0);

Issue 1 can be fixed by having your administrator install the M$ path or upgrade to SP2
Patch

Dont forget to read the install docs

php-cgi.exe does work on IIS7. You need to modify PHP.INI to have the line:

cgi.force_redirect = 0

If you do not do this modification, PHP-CGI.EXE outputs a security warning response without proper response headers, which causes IIS to return a 502 Bad Gateway. Strangely, running PHP-CGI.EXE from the commandline does not generate this error – I guess using NPH CGI is the only way to debug PHP, because running it from the commandline is not 100% indicative of web-server Runtime behavior.

Tested using VC9 x86 Thread Safe PHP 5.3

I must say this Malware is getting out of control. Recently I had the pleasure of working on a system that got infected. Now I thought this would be a 30min job tops. But it ended up being 2 days worth of work. I brought in the usual fellas (hijackthis, superantispyware, malwarebytes, AVG, Avast, Windows process explorer) . I was ready for war at this point, AS each tool found some type of trojan/malware process running. There was one rootkit that was not being detected by my usual fellas except for process explorer. Process explorer can only kill the process and not remove it from your system.

I called in for my backup and manage to get a application call unhackme and wireshark on board. Wireshark is a packet sniffer to see what data is leaving the system as well as request coming in. Watching wireshark I see the system was connecting to a external website without the browser even being open. (This is a WTF moment). So I kill the process that is controlling these connections. Bam it comes righ back in a matter of seconds. So at this point I am sure there is a hidden service running (rootkit) that i can not see. This is where unhackme came in handy. I loaded up unhackme and found the hidden process and was able to stop it from running. Unhackme did a good job at stopping the service but left the rootkit files on the system. I used combofix to completly remove the rootkits files from c:\window\system32\ and c:\window\system32\drivers. Combofix requires some patience

Tools Used
Free AVG
Avast
Malwarebytes
Combofix
SpywareBlaster
unhackme – Free 30 day trial
HiJackThis
Process Explorer
Wireshark portable
SuperAntispyware

Requirement* some knowledge about Windows processes. This is a must so you will not crash the computer and causing your system to not boot. If you are unsure about this, I can be available for remote repair or guidance. There is a fee to have me remote into your system which can be discussed. Feel free to chat with me on IRC network Quakenet channel #mas1 or use our web client

I normally run Hijackthis first to stop some malware apps from running during boottime. Next I would run malwarebytes or superantispyware. Normally these 3 apps would get the job done for most infections. Then install avast for continued support.

I am considering creating a toolkit for download which will include these apps so you will not need to GoogleIT .. stay tuned for that.

How Do I get infected?
Good question
Most infections occur from a website that has been compromised in some way. Google and Bing Search Engines try to scan website that are indexed in there engines. Google will give you a alert ““This site may harm your computer”” please pay attention to this and do not enter the website. Once the notification is removed you should be good to enter. This normally occurs after the site owner has cleaned up the website.

You can also check the status of a website by going to

http://www.google.com/safebrowsing/diagnostic?site=EXAMPLE.COM

changing example.com to the site you are about to visit. or visit stopbadware

Other infections can occur if you install some free games or screensavers. The rule of thumb is if its free and not opensource then dont install it. Also research it online before installing it or ask your Tech Guy/Gal

Lastly , Porn sites, Warez sites(warez was known for a place to get free apps, movies, ebooks, music +) Some community sites cough cough BlackPlanet,myspace,tagged. They use a lot of remote advertising firms which can have a virus embedded into a image loaded on the website. They themselves have limited control over this.

How Come my anit-virus can not remove malware? I spent a lot of money on Norton or mcafee.
Another Good question.
Most commercial Anti-virus application was designed to fight viruses. Malware is not considered a virus as is not modifying existing system files but instead added files to your system. A virus modifies the system files and open backdoors to allow someone to enter into your system without your knowledge. Malware is mostly a advertising scam that tries to force you to certain websites. but these idiots do it in a way where you can’t even surf the internet anymore or slow down your computer. Now some malware can include viruses or rootkits depending on the author.

*be a happy surfer and read before clicking anything**

Mas for Powserve.com

Full Error

The IP address XXX.XXX.XXX.XXX you have entered for this network adapter is already assigned to another adapter Name of adapter. Name of adapter is hidden from the network and Dial-up Connections folder because it is not physically in the computer or is a legacy adapter that is not working. If the same address is assigned to both adapters and they become active, only one of them will use this address. This may result in incorrect system configuration. Do you want to enter a different IP address for this adapter in the list of IP addresses in the advanced dialog box?

Method 1

1. Click Start, click Run, type cmd.exe, and then press ENTER.
2. Type set devmgr_show_nonpresent_devices=1, and then press ENTER.
3. Type Start DEVMGMT.MSC, and then press ENTER.
4. Click View, and then click Show Hidden Devices.
5. Expand the Network Adapters tree.
6. Right-click the dimmed network adapter, and then click Uninstall.

Method 2

Example :rd /s /q test or rmdir /s /q test

M$ Reference

using explorer you can try highlighting the folder, then hold shift and hit delete. this bypasses the recycle bin