Daily Archives: September 2, 2012

Not for beginners – TV Tuner Losing HD Channels Periodically

After a recent random change in my cable TV service, I temporarily lost all my HD channels. Re-scanning for channels in my TV handled it, but it didn’t for my TV tuner (Hauppage Win-TV-HVR-2250). When re-scanning for channels in Windows 7’s Windows Media Center, the HD channels count would go up to 38 channels, but somewhere along the line it would lose them all, ending with none at the end of the scan! Fortunately, if I stopped the scanning  process exactly when it reached 38 channels, it would keep them. But now I’m facing other problems.

For one, some of the HD channels’ numbers, names and guide listings were wrong. So I had to edit all those manually, no big deal. But for some reason, within a period of a few minutes to a few hours I would lose all the HD channels again! I figured every time the listings updates were downloaded, that affected the channels. So I added an exception to the firewall so it would block the updater. The problem persisted.

While researching a solution, I developed a batch file to restore a copy of the folder that contained all the settings, programming etc. so I could at least get my HD channels back every time I lost them, with the click of a button:

net stop "windows media center receiver service"
taskkill /IM ehrec.exe /F
taskkill /IM ehrecvr.exe /F
taskkill /IM ehsched.exe /F
taskkill /IM ehshell.exe /F
taskkill /IM ehtray.exe /F
taskkill /IM ehvid.exe /F
del C:\programdata\microsoft\ehome\*.* /s /q /f
xcopy /y /e r:\ehome\*.* c:\programdata\microsoft\ehome
pause

For some reason, however, when deleting the ehome folder, it gave an error on 3 files that were locked and still in use. So to better analyze the problem, I introduced a “sleep 5” line in the batch file. So now it looked like this:

net stop "windows media center receiver service"
taskkill /IM ehrec.exe /F
taskkill /IM ehrecvr.exe /F
taskkill /IM ehsched.exe /F
taskkill /IM ehshell.exe /F
taskkill /IM ehtray.exe /F
taskkill /IM ehvid.exe /F
ping 1.1.1.1 -n 1 -w 5000 > nul
del C:\programdata\microsoft\ehome\*.* /s /q /f
xcopy /y /e r:\ehome\*.* c:\programdata\microsoft\ehome
pause

With that, the batch file worked. But that also gave me a clue. With the help of Process Explorer, I carefully observed what happened in those few seconds, and was able to see which process appeared in the scene: mcGlidHost.exe. “Windows Media Center In-band Guide Loader”. Hmm. I wonder if THAT is the responsible for loosing my settings… let’s see. Renaming it to mcGlidHost.exe.old… of course I can’t. First I had to take ownership of the file and changed the settings to full control. Then renamed it.

It’s been a solid 10 hours and my HD channels are still there… Eureka!

Update 4/16/14: Still going strong, but I just realized a potential alternative to

ping 1.1.1.1 -n 1 -w 5000 > nul

which would be

CHOICE /n /c y /d y /t 5 > nul

 

 

 

 

 

More on Hacked Email Accounts

(See this recent article for what to do if your email gets hacked). When helping yet another client get his hacked email account back, I came across two distinct hacker tricks that I thought are worth mentioning.

One is forwarding. This particular hacker had changed a setting in the hacked email account (a Yahoo account) so that all emails received would be automatically forwarded to another email address, which was in possession of the hacker, of course. Thus, if the hacker sent any emails out from the hacked account to the contacts in that account, with one of those famous Nigerian scams (by the way, the hacker was literally in Somolu, Nigeria) and got any replies, the replies would be forwarded to the email account of his choice, which by the way was VERY similar in wording to the original hacked email account so only a very careful eye would notice the difference if the hacker now replied from the second account.

The second one, err, let me backtrack for a moment. There is a setting that can be, well, set, in all emails. It’s called “Reply-to”. User A sends an email to user B, but in that email it’s specified that if user B hits the reply button, the reply will be sent to user C. This setting can be useful sometimes, but in this case, it was a second hidden time-bomb the hacker was using. All the emails sent from the hacked account had a reply-to setting that would send any replies to the hacker’s own account. The only reason I noticed is because I was looking very closely. I mean, who checks that one’s email is going to the right email address when one hits the reply button? Exactly. Very sneaky.

So you see, even if the hacked email account got recovered and back to its rightful owner, with the first trick above he would still not be in control of the emails received, and with the second trick, any emails already sent out would end up, if replied to, in the hacker’s own email account.

The above are two tricks to be aware of, if your email account gets hacked or if you’re at the receiving end of a spam/scam looking email from a known contact.

11/20/13: In handling the most recent email account hijacked, I became aware of yet two more tricks used by the hackers:

A) Use of filters. Often email accounts will have the ability to set filters that perform certain functions on incoming emails, i.e. put them in specific folders as they come in, or perhaps delete them (for unwanted contacts). In this case the hacker had set a filter so that any email sent to the recipient was sent straight to trash. That way nobody emailing the actual account owner would be able to get in touch with him/her.

B) Changing the signature. In this case the hacker had changed the phone # in the signature. In earlier cases they had included a malicious link in the signature, so that whenever in the future an email was sent from that account, it would be sent with a malicious link in it.