dealing with malware that alters display properties

Over the past two weeks, I've seen three pieces of malware that alter the display properties in Windows XP. In each instance, I was able to get rid of malware with Symantec AV 10.1 and then Avast Antivirus 4.8. But the display properties remained changed.

In one instance, it created a strange screen saver that emulated a BSOD. In another instance, it changed the wallpaper to a spyware warning. But the weird thing is that if you go to the display properties, the necessary tabs you need to reverse those problems are gone.

Best course of action is to use this wallpaper hijacker remover:
http://www.majorgeeks.com/Wallpaper_Hijack_Remover_d4816.html

Here is what an altered wallpaper looks like:

Sharepoint publicly accessible breaks SBS IIS components?

I'm implementing SharePoint for a client, and they want it to be publicly accessible on their SBS box. As such, I installed SharePoint 3.0 and told ran the "Configure E-mail and Internet Connection Wizard" and told it to configure the firewall and to allow access to the Windows SharePoint Service intranet site. After that, things still worked, but when I ran the "SharePoint Products and Technologies Configuration Wizard" - it created the web site "SharePoint - 80" in IIS Management.

With "SharePoint - 80" in place, OWA does not work, nor does RPC over HTTP. In fact, with "SharePoint - 80" in there, the default web site shows as "stopped." When you try to start the default web site, it says "the process cannot access the file because it is being used by another process." Very strange.

allowing SRP on a BB server on an SBS Premium box

I'm documenting my own confusion here, as I know it'll come up later.

When creating a Blackberry Professional Express server, it needs to have SRP access to the Blackberry servers (port 3101). They have a test for this connectivity here:

c:\Program Files\RIM\BlackBerry Enterprise Server\Utility\BBSRPTEST.EXE

I was having trouble with getting port 3101 to connect to the RIM server, and then I thought I made some firewall changes to make it work - but even after disabling the firewall changes I made, it still worked - so I figure it worked without my assistance. For my own knowledge . . .

I opened up port 3101 outbound to all blackberry.net addresses and I made sure the SBS Internet Access Rule was set for all users and was not set to read only for FTP. I made these changes and then it worked. Then I disabled all these things, and it still worked. I have replicated this issue multiple times. Very strange.

This is what the test gives you when it's successful:

c:\Program Files\RIM\BlackBerry Enterprise Server\Utility>BBSrpTest.exe
NetworkAccessNode is srp.us.blackberry.net.
Attempting to connect to srp.us.blackberry.net (204.187.87.33), port 3101
Sending test packet
Waiting for response
Receiving response
Checking response
Successful

completely uninstall SBS Monitoring and Reporting

I uninstalled and reinstalled SBS Monitoring and Reporting to resolve a SQL issue with it today. And I referenced this blog post from someone else:

1. Control Panel -> Add Remove Program -> Windows Small Business Server 2003.
Set Server Tools to Maintenance. Set Monitoring to Uninstall and continue the setup process.
2. Control Panel -> Add Remove Program -> Microsoft SQL Server Desktop Engine (SBSMonitoring) -> Remove.
3. Rename the C:\program files\Microsoft SQL Server\MSSQL$SBSMONITORING Folder.
4. Reboot the server.
5. Control Panel -> Add Remove Program -> Windows Small Business Server 2003.
Set Server Tools to Maintenance. Set Monitoring to Install and continue the setup process.
6. Reboot the server.
7. Start MSSQL$SBSMONITORING and SQLAgent$SBSMONITORING services.
8. In Server Management Console -> Monitoring and Reporting: run the "Set Up Monitoring Reports and Alerts wizard”

increasing the number of PPTP users allowed on an SBS box

By default, an SBS box only allows 5 concurrent PPTP VPN connections. You can increase it by going to administrative tools -> routing and remote access and going to Port Properties as seen below: