My iTune/iPhone adventures.

So I was trying to get a freeware optical character recognition program for some reason a few months ago. Sometimes trying to get something for free is going to cost you. I can’t even remember what I had scanned and was trying to get into document form.

The first one I downloaded was filled with adware that was so intrusive that I removed it immediately, as it turned out, not soon enough avoid messing my computer up. I found one that worked for my purpose, and used it.

I use Avast (a paid for copy) for most malware and viruses. I occasionally run Malware Bytes to get rid of anything Avast is having trouble with. The program that I installed that caused the damage was busy everywhere it seems. The first thing it did was replace all my search engines with Yahoo. I had a heck of a time getting rid of it too. Avast was able to tell me the problem, but it couldn’t automatically fix it.

In order to get rid of the search engine replacement, I had to re-install both Chrome, and Facebook. I messed around for about a day trying to get rid of it without doing this, and it just seemed to keep coming back.

Running Avast got rid of all traces of the malware, but you know how malware will keep cropping up on a PC.

I don’t like backing up my iPhone on “The Cloud”. I guess I don’t trust a computer that is not under my control. (kind of like certain government officials!) I can remember the old days of networks where the IT guys would make you run a program that was installed on a remote server. Often, things would go wrong, so I became fond of having everything installed locally. I’m sure things are better now. Heck, you can’t even install “Office” locally any more, can you?

I’ve always backed up my phone locally on my home computer, but when I plugged my phone into my computer, it did not give me the usual questions about connecting and downloading my pictures. It did not automatically start iTunes and offer to back up my phone. My computer barely recognized that there was an iPhone connected to it, and I couldn’t really access it from explorer. I ran iTunes manually, and it could not see my phone, nor could it connect to the App Store. It kept telling me that I wasn’t connected to the Internet.

The first thing I did was re-install the iTunes program. This didn’t work at all. The next thing I did was remove the driver for the iPhone and let Windows install a new one. This allowed Windows to attach to my iPhone and it let me download and save the pictures off of it, but it did not let me attach my iPhone to iTunes and there was still the issue with the App Store.

I decided that maybe the latest copy of iTunes was defective, so I rolled back a few revisions and loaded that. It wouldn’t run because of an issue with a data file that was left over from the latest install of iTunes. I tried removing the data file, so of course it wouldn’t run at all then.

I went to the trusty Internet, and asked about trouble connecting to App Store. The first article told me that I may have a Proxy server installed. I didn’t, but I’ve seen malware do this to your connection. I think it makes it easier to steal your data. Some of the articles led me to believe that it was my Host’s file, or that my firewall was blocking it. Wrong, and wrong. I had iTunes on the list of programs that could access the Internet through the firewall. Finally, one of the articles I read pointed to a potential problem with Bonjour, a program that iTunes uses to connect to the Internet, not being able to get a “WinSocket”. Then the article pointed me to a program called Autoruns, http://download.cnet.com/Autoruns/3000-2094_4-10744886.html That tells you exactly what your PC is running in the background will it’s just sitting there.

One of the tabs in Autoruns is called Winsock Providers. I saw that Bonjour had a socket, but there were four entries for a VOT module and under the “Image Path” was “File Not Found”. This entry was in my registry. I looked up the VOT module on the Internet, (Autoruns had the missing file as votprx64.dll) and found out that it was part of a malware package.

I knew then what had happened. My antimalware program had removed the file, but my registry was now corrupt and pointing at a nonexistent file. This was somehow getting in the way of Bonjour in its attempt to establish a WinSocket to communicate to the Internet through. All I had to do then, was go to my registry editor, (regedit) and remove the offending line from my registry.

I went ahead and backed up my registry first, then looked for all instances of the votprx64.dll, and removed them. I rebooted my computer, and everything just started working again…. YAY!!

Advertisements

About whatisblivit

I have been working with computers since the Commodore Vic20. I've been building PC's since about 1989. I received my Electrical Engineering degree in 1986. I have been building and maintaining my extended families computers since about 1996.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s