Possible problem with SigID 5442

We've been experiencing some false-positives with the Cursor/Icon File Format Buffer Overflow (SigID 5442) signature.
We've had some instances where the alarm has fired on a string containing ".ani", but not at all related to a file of this type.
Here's an example lifted right out of one such alarm...
ACON[\x00-\xFF]*anih([^\x24][\x00-\xFF][\x00-\xFF][\x00-\xFF]|[\x24][^\x00][\x00-\xFF][\x00-\xFF]|[\x24][\x00][^\x00][\x00-\xFF]|[\x24][\x00][\x00][^\x00])
Note that there is no leading "." in front of "ani" and that the text is actually "anih".
Is this intended behaviour for this SigID, or have I found a bug?
Thanks in advance,
Alex Arndt

It looks like this may indeed be a false positive. I believe the problem stems from the variable length fields that can appear between the ACON header and the anih stub chuck identifier. To eliminate the possibility of false negatives we chose to use the [\x00-\xff] wildcard; this does allow for a slim chance of false positives. This signature was chosen because it addresses the vulnerability and cannot false negative. That being said we will continue to research this signature for modification in a future signature update.
In the meantime the following 5.x custom signatures may be of use. The main signature is a meta signature consisting of 2 component signatures. In order to create 5.x custom meta signatures the sensor must be running signature update S167 or later.
Component Signature 1: RIFF ACON
Engine: String.TCP
Direction: From Service
Ports: #WEBPORTS
Severity: Informational
Regex: RIFF[\x00-\xff][\x00-\xff][\x00-\xff][\x00-\xff]ACON
Do not associate an alarm event action with this signature
Component Signature 2: anih
Engine: String.TCP
Direction: From Service
Ports: #WEBPORTS
Severity: Informational
Regex: anih([^\x24][\x00-\xFF][\x00-\xFF][\x00-\xFF]|[\x24][^\x00][\x00-\xFF][\x00-\xFF]|[\x24][\x00][^\x00][\x00-\xFF]|[\x24][\x00][\x00][^\x00])
Do not associate an alarm event action with this signature
Meta Signature: ANI Cursor Overflow
Engine: META
Component List: Component Signature 1, Component Signature 2 (use their signature IDs)
Meta-Reset-Interval: 1
Component List In Order: True
Meta-Key: Attacker Address
Unique Victims: 1
Severity: High
Associate an alarm event action with this signature
This signature will reduce the length of time allowed to pass between seeing the ACON header and anih sub-chuck identifier; this time is set by the Meta Reset Interval parameter. Since all of these events must occur in the same file in an actual attack they will be seen almost immediately. To eliminate false negatives increase this interval; to eliminate false positives decrease this interval. The reset interval of 1 should not false negative unless an extremely slow connection is being monitored (sub 1kB/s).
Here is a 4.x custom signature; it should reduce the chance of any false positives.
RIFF[\x00-\xff][\x00-\xff][\x00-\xff][\x00-\xff]ACON((LIST|INAM|IART|fram|icon|rate|seq)[\x00-\xFF]+)?anih([^\x24][\x00-\xFF][\x00-\xFF][\x00-\xFF]|[\x24][^\x00][\x00-\xFF][\x00-\xFF]|[\x24][\x00][^\x00][\x00-\xFF]|[\x24][\x00][\x00][^\x00]))
This signature looks for the anih field immediately following the ACON header or following another header that immediately follows the ACON header. This signature may not be as effective as the 5.x signature.

Similar Messages

  • Possible Problem with quicktime causing itunes malfunction

    i think the problem with my itunes is that the quicktime file is screwed up. i tried removing it on add/remove programs, but it doesnt work for some reason. any possible ways to fix this problem? i also tried downloading quicktime separately, but that didnt work either.

    i tried removing it on add/remove programs, but it doesnt work for some reason.
    do you get an error message when you try to uninstall QuickTime, shirish? if so, what does it say? include error message numbers if you're getting any.

  • A possible problem with parallel operation?

    Hello everyone,
             I am working on a labview program that uses parallel execution, and I am running into a possible problem. Please bear with me, as sometimes it is difficult to explain things happening in Labview in text alone. This application reads data from a server that we have in one of our labs via an ActiveX component. This server is known as a TIU server. The server contains various data including part numbers, serial numbers etc. It sends this data out in three different signals. A sequence count, an ASCII high, and an ASCII low. The sequence counter sends data in the following manner. When the sequence count is 0 and both ASCII high and low are NULL, then a new part number sequence is about to begin. When the count sequence changes to "1", then the next two string charaters listed under ASCII high and ASCII low represent a number that is a "Function ID". There are several of these, and each function ID contains different information either a part number, a serial number, etc. Once this is read, and it is determined that you are looking at the correct Function ID, the next Count shows how many charaters are to follow, and then you read each set of two ASCII characters and concatenate them together until you build the entire ASCII sequence as one variable and the sequence is complete.
           There are several equipment cards attached to this TIU server, and each card is free wheeling it's data out. As soon as power is applied, it will continue to send out all of its function ID's sequentially (Function ID 0-9) in order, in a circular fashion at a 1 Hz. rate. A really strange system to be sure, but it is a limitation that I have to deal with. So now that I have laid a bit of the background on this, here is the problem. Occasionally, (maybe one out of 20 trys), the data seems to get slightly corrupted. For example, in the enclosed code, I ran it 40 times, reading the same part number each time. In theory, it should always be the same result. But it is not. I am wondering if there is an issue with running the "READ TIU SERVER.vi" in PreAllocated clone reentrant execution mode? Perhaps on occasion, one of the instances does not fully close, before another instance begins, and a few bits get flipped around? I suppose it is possible that occasionally the TIU server is actually putting out erroneous data (and I am actually reading everything perfectly), but it is a fairly mature system, and I have not gone down that path yet. I have included the .vi that I am using to read the server data "test.vi", and the "Read TIU Server.vi" that is set to Preallocated clone reentrant execution. In this example, the "test.vi" is only a single instance, but in the actual program, I am running 20-30 of these, as Preallocated clone reentrant execution as well. As there are 20-30 cards on each TIU server to get information from. I am hoping that this makes sense, and that I have laid it out in a logical fashion. Sort of hard to explain in text sometimes. Thanks for the help....
    Attachments:
    test.vi ‏123 KB
    Read Tiu Server.vi ‏15 KB

    Hi ,
          Thanks for taking a look. You caught me on the shift register, I had not gotten around to cleaning up a few things. However the "elapsed time" functions acutally are there on purpose. Unfortunately, it takes a VERY long time to get one of those part numbers, as only two ASCII characters are moved accross the bus at a 1 Hz. rate. I orginally had all wait statements, but I discovered that when you stop a while loop, it will continue until the wait timer has expired. With 20+ of these functions in parallel, it was taking upwards of 30 seconds for the program to finally end. From what I was reading on the forums of others that had that problem, a "elapsed time" function can be broken through, while a standard "wait" statement cannot. Now when I press the "STOP" button, the program ends almost immediately.
         This is not a standard piece of equipment that I am using, but I think the explanation is of how it works is fairly accurate. Would you have a guess as to why every so often the data gets corrupted? Other than the bus itself is actually putting wrong data out there? I suppose I should check that as well, but due to the slow rate of the bus, and the tools that we have, I will have to sit and watch it for a long time... Thanks...
    Dan

  • Kt4v possible problem with bios 1.8 and hd

    Any Idea anyone with this one.
    system running well till the other day when hd went very slow even after defrag, install bios 1.8 and reset the bios and adjusting it for my setup. Come to check my harddrive with maxtor powerdiag 3.04 and could not find the drive or any other drives connected. In the bios setup the drive is present. I removed all drives, cdroms, etc except the maxtor main hd and tried again with the same result. After placing in an ata100 controller card in to a spare pci slot and plugged the hd on to it, that the software sees the drive. The test finished and show the HD to be fine.
    The question is do I have a problem with the onboard contoller or with the new bios or both.
    When I first got this MB I did the same test with the original bios and the hd connected to the MB controller and the software had no problem seeing that and other drive connected.
    my pc  
    6712 mb kt4v
    athlon 2700+
    ti4200 graphics card
    2 off ddr333 512Mb memory
    floppy drive
    sony cdrw
    system software windows xp pro
    hard drive maxtor d740x-6l 60Gb ata133

    I'll stick with the V1.10, but I'd fell better if MSI showed me they actively update their systems by releasing updated BIOS files from time to time.
    I can't sell a 15000$ storage system that doesn't recognise the CPUs installed. The customer would laugh and tell me to come back with a supported system.
    Isn't this a VERY valid reason for wanting updates? Even if it only is an updated CPU list?
    The only reason I tried this MSI board is that it was the only one available with my retailer at the time I bought it with 3 PCI-X 100Mhz slots. Maybe I should go with a Tyan Thunder next time. Tyan at least show some activity.

  • No Video, Possibly Problem With Cable?

    Sorry i this is kinda long, I don't know how I can explain it shorter!
    I'm getting a strange problem.
    Here are the steps that my computer goes through when I boot it up:
    1. Gets to the 38 (from LED debug panel) and beeps. I think that this is a sign that everything is working
    2. Keeps going through the different posts until around the 75 mark I have a choice:
    --- If I just let my machine run, it goes back to 31: "Initialize onboard devices. Load Option ROM from BIOS to memory" and is stuck there.
    --- However, If I press the delete key (which is the key to get me into BIOS) then it stays at 87: "Enter setup screen. BIOS setup if needed/requested.". Then, like I'm in BIOS, if I press escape then enter, it leaves 87 (which I'm guessing is BIOS) and goes to 31, like in the first option.
    All this time, there is no video.
    Because everything looks like it's doing all right (except for the video), as it makes sense that if there's no OS on a drive to boot into and the user doesn't access BIOS, that the computer should get stuck, I thought that the problem was probably with the video card.
    I had another card on hand, also a PCIe card with the DVI port, so I tested that one as well, and it does the exact same thing as the other, so I'm guessing it's not a problem with my GPU.
    I also know that my monitor works, as I've been using it or the past few months with my other computer. However, the only thing that's been changed with video is from using a VGA cable to a DVI one. There's no way to test with VGA with my current card, so I'm thinking that it might be a problem with my one and only DVI cable.
    So, what do you all think? Am I right in my thinking? I'd rather figure out the source of the problem before buying another cable, just to test. Thanks a ton!

    Wow I feel dumb.
    For anyone with the same problem in the future, remember to press the button that changes from VGA to DVI ><

  • Possible problem with StringTokenizer?

    Hi all
    I am having a problem with StringTokenizer and I would like your comments.
    This is a simple class to put the class path folders into an array:
    import java.io.*;
    import java.util.*;
    class TestThis1   {
       public static void main( String plist[] ) {
          String value = System.getProperty( "java.class.path" );
          System.out.println( "\n" );
          System.out.println( value );
          System.out.println( "\n" );
          StringTokenizer st = new StringTokenizer( value, ";" );
          String valueArray[] = new String[ st.countTokens() ];
          System.out.println( "folders in class path: " + st.countTokens() + "\n" );
          int i = 0;
          import java.io.*;
    import java.util.*;
    class TestThis1   {
       public static void main( String plist[] ) {
          String value = System.getProperty( "java.class.path" );
          System.out.println( "\n" );
          System.out.println( value );
          System.out.println( "\n" );
          StringTokenizer st = new StringTokenizer( value, ";" );
          String valueArray[] = new String[ st.countTokens() ];
          System.out.println( "folders in class path: " + st.countTokens() + "\n" );
          int i = 0;
          while( st.hasMoreTokens() ) {
             System.out.println( st.nextToken() );
             valueArray[i++] = st.nextToken();
             System.out.println( st.nextToken() );
             valueArray[i++] = st.nextToken();
    Output:
    D:\java\Viewer_JPro\ckv7\classes\;D:\j2sdk1.4.0\Coroutine for Java 2002\Coroutin
    e\Coroutine4Java.jar;D:\j2sdk1.4.0\Coroutine for Java 2002\JavaDDE\JavaDde.jar;D
    :\j2sdk1.4.0\Coroutine for Java 2002\Java2COM\Java2COM.jar;D:\j2sdk1.4.0\Corouti
    ne for Java 2002\JPrint\JPrint.jar;X:\JTOpen\lib\jt400.jar;X:\Java\wdt400tb.jar;
    D:\j2sdk1.4.0\jre\lib\rt.jar;D:\j2sdk1.4.0\lib\dt.jar;D:\j2sdk1.4.0\lib\tools.ja
    r;D:\j2sdk1.4.0\jre\lib\ext\Coroutine4Java.jar;D:\j2sdk1.4.0\jre\lib\ext\dnsns.j
    ar;D:\j2sdk1.4.0\jre\lib\ext\jai_codec.jar;D:\j2sdk1.4.0\jre\lib\ext\jai_core.ja
    r;D:\j2sdk1.4.0\jre\lib\ext\ldapsec.jar;D:\j2sdk1.4.0\jre\lib\ext\localedata.jar
    ;D:\j2sdk1.4.0\jre\lib\ext\mlibwrapper_jai.jar;D:\j2sdk1.4.0\jre\lib\ext\sunjce_
    provider.jar;D:\j2sdk1.4.0\jre\lib
    folders in class path: 19
    D:\java\Viewer_JPro\ckv7\classes\
    D:\j2sdk1.4.0\Coroutine for Java 2002\JavaDDE\JavaDde.jar
    D:\j2sdk1.4.0\Coroutine for Java 2002\JPrint\JPrint.jar
    X:\Java\wdt400tb.jar
    D:\j2sdk1.4.0\lib\dt.jar
    D:\j2sdk1.4.0\jre\lib\ext\Coroutine4Java.jar
    D:\j2sdk1.4.0\jre\lib\ext\jai_codec.jar
    D:\j2sdk1.4.0\jre\lib\ext\ldapsec.jar
    D:\j2sdk1.4.0\jre\lib\ext\mlibwrapper_jai.jar
    D:\j2sdk1.4.0\jre\lib
    Exception in thread "main" java.util.NoSuchElementException
            at java.util.StringTokenizer.nextToken(StringTokenizer.java:232)
            at com.accuchekinc.util.TestThis1.main(TestThis1.java:25)There are 19 folders in the classpath. However the nextToken() method is skipping some of them.
    Further st.hasMoreTokens() should prevent the loop from overrunning the list of tokens but doesn't.
    Does anyone have any ideas? What did I do wrong?
    Thanks all
    Bill

    while( st.hasMoreTokens() ) {
    System.out.println( st.nextToken() );
    valueArray[i++] = st.nextToken();
    }It looks like you're calling nextToken() twice each
    time through the while loop, but only checking to see
    if it exists once. This would be better:
    while(st.hasMoreTokens()) {
    String tok = st.nextToken();
    System.out.println(tok);
    valueArray[i++] = tok;
    Duhh............ Thanks! It was a long day.
    That makes senses. It is not like say String.length() which returns a set value. Ask and learn.

  • Question of possible problem with "display as" field in MS Outlook contact

    Are you aware of any problems with an apparent shift of the display as field in MS Outlook contacts after the initial syncing with their iPhone? When preparing to send an e-mail in Outlook, the auto populating of the "display as" field is now linked to incorrect contacts. Therefore, one could unknowingly send an e-mail to the wrong recipient. After seeing this error, it appears that many of my "display as" fields have shifted among contacts within my Outlook contacts. This appears to have happened right around the first time I synced my iPhone. It could be completely unrelated to the iPhone syncing but I am curious if other iPhone / MS Outlook users have experienced similar problems.

    There should be no leeway or movement. Return the phone to where you bought it and show them. It should be covered under warranty unless they determine it was dropped or accidental damage.

  • Possible problems with Check out and Open Component and delayed publishing

    Hi,
    I've experienced some seemingly wrong behaviors of the checkout and open component and also with the delayed publishing feature, I've listed it down :
    1) The all important one:
    We know we've delayed publishing features for content, if we set the Release Date metadata at a future date, the content will not be released immediately, but do we have a delayed publishing features for a website page. Through manage website the user can add / delete a page(section), may do include or exclude from navigation etc.. but can they set a future date when a particular page can be included in or excluded from navigation? This should be a standard feature for a WCM solution and I hope there is some solution for sure.
    2) Can we set a datefield with a calendar feature as a page custom (section) property?
    3) Again the issue with checkout and open component, only the user with admin privilege seems to be able to change the content, normal contributors cannot, cause every time is tries to check in with the old author name, so the user has to have admin privilege to assign a different doc author's name. No trace also who is making the changes.
    4) Also facing a lot of problems while trying to implement when we use this checkout and open component. As we cannot check who is making the change there is to way to set us a step for self review, also user can only approve or reject but cannot edit the doc before passing it to the next step, if the step user is created using tokens then only checking out of the doc takes it pass the step user, but everything is working perfect with contributor data file. No problem whatsoever. Even if we use manual check out and then check in (i mean without using checkout and open component) this is working fine. But the main problem with non-technical users will be they would not like the content server portal at all and they would always prefer ms word over anything else. They would directly like to double-click on the website page, the word doc will pop up and they would make change and save.
    Issue 1 and 4 are killer issues for us, I need your help to find a solution. I have few more issues that i will post later.
    Regards,
    Nirmalya
    vijayr: Are u Vijay Ramanathan? Product Manager, Oracle UCM, u r my mentor sir.

    Hey Shotdawq,
    I was a bit low on bandwidth, so could not visit the forum any sooner.DIS is dynamic integration studio, it works on the webdav protocol.
    you will need to install DIS on the client machines. The POC that i did was integration of SiteStudio with CheckOutAndOpenInNative.
    I am also planning to referenc this functionality from WebSphere, what i have in my mind is to copy the java script from my sitestudio page and paste
    it in the JSP, and then using the CIS or RIDC will execute the serverices. At present i am stuck in some other work, If i get this thing working i will
    update you. In the meanwhile if you have some question for me, feel free to throw them.
    cheers,
    sapan

  • Possible Problem with Save for Web and Devices?

    II've come here to the forum for some insight on why a gif file created by save for web and devices command is not showing up as an image in an uploading dialog box for my website.  I'm buildiing my website with word press and a custom freelancer theme.  I've created a customized header with Illustrator and have been saving the file with the save for web and devices command.  Once I have my gif file, I go to my theme uploader and try to upload the gif image and place it on my homepage.  I've not had any problems with doing this until yesterday, when I tried to upload an updated file.  What usually happens is that the thumbnail image shows up in the dialog box, I select my options, and click insert.  But what's started happening yesterday is that the thumbnail does not show up, unless I click on edit image.  This makes no difference, as when I click insert and go to my homepage and refresh it, the header doesn't show up.  I've tried working with the developer of the theme to resolve this problem and so far we've not found a solution.  I've tried to upload the header with different file types: jpg, png, tiff, but they don't work.  I thought I'd come here to see if anyone might have some suggestions.  The problem may not be with Illustrator's save for web and devices, but I thought I'd give this forum a shot.  Thanks for any and all respones. :[

    CT,
    If you can see and open the GIF/whatever (with any viewing application), the Illustrator Save for Web&Devices works. If not, you may ask about it in the Illustrator forum:
    http://forums.adobe.com/community/illustrator/illustrator_general?view=discussions
    If the image is there, to have the issue solved quickly, I believe you should ask in a forum covering the web building application.

  • Possible problems with my zen to

    I've owned a 20gb zen touch for about three months now, every thing has been fine for this time.
    Last couple of days, a couple of the tracks have been selected on "random play all" and I have had no sound. Does this mean I have to run a disk clean up.
    I also checked the tracks I remembered having problems with on media source, it shows the track duration but when I play using this method, I get no sound. Was the problem with the original "ripping" of the CD instead? I rip CDs using musicmatch juke box, I have used various versions of this over the years and am happy with. Any suggestions?
    Jon

    I just tried playing the dodgy tracks on my pC using musicmatch and windows media player, the two I know of were just blank recordings, it looks like I may have had a problem whilst ripping the cd. Strange because other tracks from the same album ripped the same time are fine,
    Jon

  • Possible problems with my EA6300

    The past few days I have been experiencing problems with my internet connection. It seems to occur when I am playing games online. I'll be playing online fine when it abruptly disconnects. When that happens I can also not use my browser to access the internet. Strangely, my computer will say that I'm still connected. Also strangely, my bittorrent program will remain connected and still download files with no interuption. I don't get how the torrents can stay connected and download when nothing else can connect to the internet. The only way to resolve the problem is to unplug the router and then plug it back in. Has anyone else experienced anything like this? Any suggestions would be very helpful, thanks.

    Hi penguinpoolooza. This matter needs further isolation to know the real cause. To do that, make sure that you are getting a fast internet speed behind the modem. Simply connect the computer directly to the modem and the perform a speed test. Was it working properly before? You may also try downloading files and see if it will stay connected. If everything is okay behind the modem, let's check the connection from your router. 
    By the way, how is your computer connected to the router? Are you downloading and playing online games wirelessly? If it is through wireless connection, let's ensure that the wired connection is working fine. Simply connect the computer directly to the router. If you are using a laptop, disable the wireless card for the meantime. Now, perform a speed test and compare it to what you are getting from the modem. 
    Once checked, do the same thing on a wireless computer. If the speed is slower on the wireless connection, you can adjust the wireless channels. This will help to avoid any interference or conflict with other wireless devices or networks. Also, make sure that the router has an up to date firmware. If you have not prioritized any of your connected devices, please turn off the media prioritization. 
    Here are some links that might help you resolve this:
    How to use the Media Prioritization feature of the Linksys Smart Wi-Fi Account
    Changing the basic wireless settings of your Linksys Smart Wifi
    Manually updating the firmware of the Linksys Smart Wi-Fi Router
    Help, learn and share

  • All possible problems with my iPad 2

    Hi all,
    I bought my daughter for her birthday an iPad 2 Wi Fi (16) with stock iOS 4.3.5
    I’m trying to update OS to stock 5.0.1. Things are just not so easy for me. I haven’t had so many problems upgrading any device in my entire life.
    First I had problems with error 3194. I tried to solve this with hosts file edit and after many unsuccessful tries I got pass this problem with TU.
    Then there was the 2000 error. I was changing USB ports like crazy and finally solved this with installing an older version of iTunes (10.6 to 10.4…).
    And when I taught I was finally ready to upgrade I was faced with 1600 and 1604 errors.
    Sorry, but ***?! I wouldn’t be even writing if I was trying to install custom file or jailbraking it, but all I’m trying to do is stock upgrade "user friendly" iDevice..
    Also I have to mention that I tried all above in normal mode, recovery mode and DFU mode.. Doing all this on Windows 7.
    Can someone please tell me why do I have so many problems..
       TY everyone.
    BK

    http://support.apple.com/kb/TS1275
    http://support.apple.com/kb/HT1414

  • Help needed, possible problem with HDD

    In the last few weeks, my iMac has become quite slow and tends to freeze fairly often. The other day I turned it on and was met with a kernel panic screen and could not access my desktop or any of my files. To find the source of the problem I ran an Apple Hardware Test which gave me the following error:
    4HDD/11/40000004:SATA (0,0)
    After searching on the internet, I decided to boot from my OSX install disc and run Disk Utility. After verifying the disc, and repairing the disc, the scan revealed that there was no problem with the HDD. However, I was still being met with the kernel panic screen whenever I tried to turn on the computer.
    After booting from the install disc again, I did an Archive and Install, which finally let me get to my desktop, however the computer was once again running slowly and after another Apple Hardware Test it resulted in the same error as above.
    After more searching on the internet, I decided to remove the 3rd party RAM from my iMac and replace it with the original RAM. No success again.
    More searching brought Disk Warrior to my attention. After purchasing the program, I ran the included scans and once again was given the result that there was nothing wrong with the HDD.
    After this I decided to run Tech Tools Deluxe which came up with a Directory fail, even though the Disk Utility and Disk Warrior scans found no such problem.
    So what procedure can I take now, I am hesitant to perform a System Restore as I do not want to lose my files, but this may be my only option.
    Please help.

    Okay, I ended up installing OSX to my external HD and booted from that. Ran Disk Warrior from the external and used it to rebuild the internal HD. After the rebuild DW gave me the message that it could not replace the new directory with the old directory as there was a disk malfunction. I managed to copy all of my important data to the external.
    I'm guessing that the internal needs to be replaced? I'd rather start fresh with a new one than risk this happening again anyways.
    In any case thank you very much for your help, it was much appreciated .

  • Possible problem with graphic card dv7-1245dx?

    Help!!!!  I am having a situation where my screen suddenly turns white with black lines going from top to bottom - looks like a pin stripe affect.  I have executed several different anti-virus and malware programs and nothing was identified.  If I turn my PC off and re-boot, I may be ok for a few minutes before it occurs again.  Did some searching and ran into a possible graphic card issue defining what seems close to my situation.  Can you help me in further diagnosing the issue?   Recent update:  I was just powering my PC up and now my screen flashes like lightening and is now stiped side to side and vibrating like crazy. 'Owenmama'

    eww, thanks for that advice! I've just brought my MacBook Pro back from service and you were right. It was this problem and they repaired it for free:)
    Thanks a lot!

  • Bootcamp and VMWare Fusion, possible problem with Bootcamp, cant see USB.

    Hey,
    Would really appreciate your help. So I have MBP mid 2010 with the latest version of OSX Mountain Lion and decided to install Windows 7 on it. I gave it to the professional IT guy, who installed Windows 7 through the latest version of VMWare Fusion. It is not bad overall, but at times incredible slow (which might be because of my slow processor).
    So I decided to install Windows 7 through the BootCamp Assistant - USB way. And did the following steps:
    1)Format USB, put Windows 7 .iso image on it
    2) Installed the latest Windows software through the Bootcamp (step2 tick). However, it said that the latest version would be installed only after Windows 7 is installed (in step3 tick). I clicked OK and moved to Step 3
    3) I started Installing Windows and had a few errors (which were solved by repairing the HDD after rebooting in recovery mode), but all went fine until almost the end. Before the bar almost moved to the end my macbook went to reboot and I though it was all done and ready. I clicked the alt at *ding* sound and no USB was detected.
    I checked disk utility and the thing was portioned.
    I was thinking that MBP doesn't recognize the second Windows installed, and VMWare Fusion needs to be deleted in order to run Bootcamp. I haven't deleted anything, wanted to ask for advice first.
    Any one could think of what's wrong? Thank you.

    You can only install Windows from a USB in one of these computers:
    - MacBook Pro with Retina display.
    - MacBook Air.
    - Mac mini (Mid 2010 and newer).
    - iMac (Late 2012).
    Your Mac doesn't support the Windows installation through a USB drive. However, you have installed Windows through a USB drive. What did you do?
    You did an EFI installation (or a native installation). Apple doesn't support this option because of the huge number of problems it gives, and you have probably erased OS X (or you erased the Windows partition that Boot Camp created, both possibilities). The error you mentioned in 3) was probably that the Windows installer detected that you have a MBR disk instead of a GPT one, and you erased everything.
    First of all, to make sure that you erased everything, hold the Option (Alt) key while your Mac is starting. If you see the OS X partition, start up from it, and make a complete backup of your files with Time Machine.
    Then, what I recommend you is to erase the whole drive by starting in Internet Recovery (hold Command, Option and R keys while your Mac is starting), and use the Time Machine option to restore your files

Maybe you are looking for