Monthly Archives: February 2008

Malware…

For the last week (actually 9 days now), I’ve been working on and off cleaning up the PC of a friend. It’s shocking how much malware is out there right now and how easy it is for folks who think they are doing the right thing to be tricked by these “friendly” popups that offer to clean your PC. My friend’s PC had several rogue spyware cleaners on it, and gosh knows what else. It scares me that he’s been doing his taxes, etc. on this box for years. Anyway, I have put about 15-20 hours into cleaning it, and I think (knock on wood) that it’s clean. Here’s what started it, and what I did:

This is a Win2000 machine, and it’s about 8 years old, but still a usable computer…P4, 256MB RAM, 40GB disk. It does what he and his wife want. However, he called when it started crashing (BSOD). At first, I thought it might be a hardware problem, but determined after I put another NIC in the box that it was software. When I got it, the copy of Norton Anti-virus on it hadn’t updated defs in 4 years, and you can guess what that allowed. So, here’s what I did:

1) Took it offline;

2) Ran Combofix.exe;

3) Ran “HiJackThis” and deleted any obviously bad items (but there’s a lot I don’t know off the top of my head);

4) Ran current versions of AdAware and SpybotS&D;

5) Loaded a current version of Norton (virus defs were 9/2007, but still cleaned a lot of stuff);

6) Ran Activeports, saw that there was still spurious activity with IE processes getting kicked off going to places like “cookingluck.com” and “network.upl.cz”. Not what you wanted to see.

At this point I had taken a bunch of stuff off the box and it was working better, but was still no way trustworthy. However, it was working well enough to put back online for a short while and update the patterns on AdAware & SpybotS&D and Norton AntiVirus. Downloaded Win2000 SP4. Took it back offline. Installed Win2000 SP4. Ran scans with new definitions on all tools, and cleaned off more. When it was online, Norton was stopping the things the downloaders were trying to drop, so it was getting better.

I then put on ZoneAlarm. This is something I wanted on the box since my friend doesn’t have a router, and consequently is exposed to the cable net. This a couple of side effects that helped. First, I could now see and log the IE probes. Also, I set it to not allow IE to access the internet.

So, at this time, things are reasonably clean, and the rogue IE processes getting spawned couldn’t get to where they wanted to go, so I could put it on the ‘net and things would not get worse. However, it wasn’t fixed. I spent several hours trying to figure out where IE was getting launched, but couldn’t make any progress.

Then, in reading some entries on bleepingcomputer.com, I saw a reference to “Anti-malware” by Malwarebytes. I started to read up on it a bit, since there’s a lot of disinformation out there, seemingly placed by the rogue spyware authors. I added up the trustworthy and non-trustworthy references, and felt like it was worth a try. I downloaded v1.05 of Anti-malware, and ran it. It picked up 124 objects, including a couple of memory modules, that nothing else had found. I removed the objects it found (some obviously required a reboot), and now, it’s been nearly an hour and the spurious IE activity is nowhere to be found, per the ZoneAlarm logs. I believe it’s fixed!

I’ll check tomorrow, and if it’s still clean, I’ll re-enable IE, and make sure MS updates, etc. are working like it’s supposed to…

Stay tuned, but things are very promising!

How to break disk encryption…

Wow…I’d naively thought (though I don’t use one on my Macbook) that using a disk encryption tool (such as comes with Vista or OS X) was a pretty good level of security, unless the spooks were after you. Well, that’s not so! I try to not have my blog be a blog of links to other blogs 😉 but here’s a very informative case where I’ll put in this link to this page on Engadget. The video clip is 5 minutes long, but it’s time well spent as you’ll not look at disk encryption in the same way again!

Femtocells — subvert the dominant paradigm?

On my commute from Chapel Hill to Greensboro, I listen to the podcast of The Economist. Today, I heard a very interesting article from the current print issue of the magazine on Femtocells. Reflecting on this while driving down the highway, I was thinking that I really agreed with the article assertion that this could be a disruptive technology. Today, we think of network-attached devices typically as either cellular capable, or 802.11x capabile (though certainly many devices now have both capabilities). With pervasive rollout of picocells and femtocells, we’ll move closer to ubiquity in coverage in cellular radio networks and the architecture also provides for higher speed connectivity than in the wide area coverage environments, allowing a richer set of applications and media on mobile devices.

As we shrink our laptops and “supersize” our phones, might this provide a means for connectivity to that converged device? That iPhone is looking better and better 😉

I saw an interesting quote in an Educause Review article from the November/December 2007 issue. In a compilation of opinions from 13 CIO’s in higher education, John Bielec from Drexel University said “Why would an institution provide … wireless service five years from now?” Hmmmm….

Valentine’s Day…

This year for Valentine’s Day, Jan and I did something a bit different. Our friends Nancy & Andy Zeman own a vineyard & winery near Saxapahaw NC called Benjamin Vineyards & Winery. They had organized a catered dinner at the winery for Valentines Day. They moved the casks of wine over to the walls, brought in some tables, and had a catered dinner for 11 couples. Nicely catered, each course featured one of their wines. They have some very good wines, including an excellent Cabernet (the Barrel Reserve 2005 – about 2 years on oak in once-used French Oak barrels). This one was a silver medal winner at the NC State Fair, and to my taste stands up very well with other Cabs in the $15-$20 price range. Nice texture and good tannins. One of the dessert courses was a Sorbet made with their blackberry-flavored muscadine wine, Blackberry Bramble. Very nice! Our next door neighbors went along with us for the evening, and it was nice to have good friends for conversations.

If you are in central NC or are traveling through, I’d recommend a stop at Benjamin Vineyards & Winery, 12.5 miles south of I-85 at exit 154.

Popfly

I was reading the technology section of NYTimes.com, and came across an article on a Microsoft project called “Popfly“. This is apparently a “no programming” mashup creation tool. It looks kinda interesting, but the performance of the Silverlight development plugin seems to be very sluggish (at least on a Mac w/Firefox or Safari).

I’m hoping that this below this verbiage you’ll see an example (a rotating sphere with trout pictures):

example is no longer working…oh well

This type of tool is, I think, important for all of us to wrap our heads around as we contemplate the move away from desktop software into the cloud…

Evocam

Discussions at the office re: security cameras (due to some thefts of computers from labs, etc.) got me to thinking about webcams, video motion detectors, and so forth. Not as a solution to the problem (that’s outside my area), but from more of a “that’s a good idea, there oughtta be a way” perspective. It seemed to me that there ought to be some easy-to-use software that took advantage of the cameras built into today’s Macintosh platform (my computer of choice!). I went looking and quickly came up with a link to EvoCam. This is a nice piece of software (yes, I did pay my $25). Tons of options & features, for logging, for publishing to web sites, for emailing pictures, etc. Easy to use. I did have to think about about how to configure the SMTP service for port 587 (no config box for that, just use something like “your.smtpserver.com:587”). I tried to use it with the Google SMTP service, but that uses SSL and Evocam doesn’t support that. I sent an email to the Evocam support address and had a response back in minutes. I just used another SMTP service.

As a test, I’ve put up a page (no longer working) that takes a picture of me in my office every five minutes. Not very exciting 😉 but I’ve gotta remember not to pick my nose now!

This should work when my laptop is docked and I’m in my office at UNCG, but obviously won’t when I’m away. I don’t think it will work transparently with the laptop’s built-in iSight, since I’ve got it configured for the external iSight that sits on my Apple Cinema Display.

I took the very easy way out and hosted it on dotmac, since I could just tell Evocam to save the picture on the directory that’s exposed to the web. Could have done it on another server from my “jdunns.com” domain and used FTP, but this was the simplest way to go…