Warning: Illegal string offset 'home-meta-keywords' in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/wptags-4-metakeywords/metaheader-keywords.php on line 196

The one and only official blog of düBerWeb

düBerBlog

May 8th, 2008 at 8:01 pm

Easter Trojans, Part IV


Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 306

I’m so glad, I’m so glad. I’m glad, I’m glad, I’m glad.
I’m so glad, I’m so glad. I’m glad, I’m glad, I’m glad.

I m So Glad ©1966 by Cream

Ultimately, I had to run a Windows Install Repair.

Fortunately, nothing reached the other workstations on the network, but I still ran my antivirus from my desktop to check the NAS drive. It took about a day to scan that and the desktop computer, and also about a day to thoroughly scan the laptop.

The scans ran without finding anything — success at last. Even so, for several days later I had more than a few software problems when the system started back up.

First, Windows Update downloaded around 59 fixes, but installation failed on every one of them. I was able to find a fix at Microsoft’s Knowledge Base site. It’s a known issue caused by running a Windows repair.

http://support.microsoft.com/default.aspx?scid=kb;en-us;943144#top

The condensed version:

Updates are not installed successfully from Windows Update, from Microsoft Update, or by using Automatic Updates after you repair a Windows XP installation

Method 1: Register the Wups2.dll file in Windows

To register the Wups2.dll file in Windows, follow these steps:

1. Stop the Automatic Updates service. To do this, follow these steps:

                a. Click Start, click Run, type cmd, and then click OK.

                b. At the command prompt, type the following command, and then press ENTER:

                net stop wuauserv

2. Register the Wups2.dll file. To do this, follow these steps:

                a. At the command prompt, type the following command, and then press ENTER:

                regsvr32 %windir%\system32\wups2.dll

Note For a computer that is running Windows XP Professional x64 Edition, type the following command, and then press ENTER:

regsvr32 %windir%\syswow64\wups2.dll

                b. Click OK on each verification message that you receive.

3. Start the Automatic Updates service. To do this, type the following command at the command prompt, and then press ENTER:

net start wuauserv

4. Exit the command prompt. To do this type exit, and then press ENTER.

That was enough to fix it for me.

Next problem: when I installed Service Pack 3 and rebooted, the computer wouldn’t start, with a nasty error message suggesting that I call tech support. Crossing my fingers, I restarted and tried my last good configuration. Same result. As a last-ditch effort, I started it in Safe Mode.

After exiting Safe Mode, I rebooted in regular mode, which did the trick.

I then installed Internet Explorer 7, and discovered a few more problems.

  1. My internet connection dns settings had been wiped out and set to automatic.
  2. “Hide Inactive Icons” on the taskbar wasn’t working anymore.
  3. I had a minor problems with a couple of software programs – one started maximized instead of in the system tray, and another didn’t start with Windows.

Re-entering the dns settings eventually made them stick, although it took a few tries. I turned off the “start with Windows” option on the problem program, then turned it back on, and that was fixed.

I had to search for the solution for the taskbar icon problems, which also turned out to be an easy fix. Vern provide the answer at an appropriately named site: http://www.annoyances.org/exec/forum/winxp/t1139888998

Thursday, October 12, 2006 at 7:12 pm
Posted by Vern (2 messages posted)

checking “hide inactive icons” doesn’t work anymore. I’ve had the same problem for the past 2 days. I’ve done the regedits with no success. I finally solved the problem with this workaround. Right click taskbar or start button, then properties -> customize. I found the ‘behavior’ for ALL of my items was set to ‘Hide when inactive’. I set one of them to ‘Always hide’, and immediately the systray started to work again. I then reset the one I had just altered back to ‘Hide when inactive’ and the systray still works fine. It Hides and Shows normally now.

Another problem showed itself in IE7 – opening up a new tab opened a blank page instead of the home page. Minor, but annoying just the same. Off I go to search for the answer again. I found it at another forum page, where someone solved it two years ago:

http://www.pluralsight.com/blogs/jeffsch/archive/2006/05/18/24257.aspx

The answer?

Rob Ashton
Posted @ 6/22/2006 3:18 AM

Check the box to ‘never show this page again’ after performing the above in the “Welcome to Tabbed Browsing page, that will solve the problem 🙂

Rob is absolutely right.

Someone needs to write an “unofficial” guide to Windows XP. I don’t care that Vista is the latest version – no one I know uses it or has any desire to.

Or maybe I should start my own FAQ.

<– Part III

May 6th, 2008 at 10:20 pm

Easter Trojans Part III


Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 306

Yeah I’m gonna tear it up
gonna trash it up
gonna round it up
gonna shake it up
Oh baby I will not lie down
Turn this thing around
I will not go quietly
I will not lie down
I will no go quietly
I will not lie down
I will not lie down

I Will Not Go Quietly ©1989 by Don Henley

Another Bogus WarningI ran some searches and some spyware detection programs, and ultimately found the following trojans, worms, virii, spyware, and other malware deeply embedded in my computer:

  • Zango
  • 180Solutions/Seekmo
  • 2020Search
  • CoolWWWSearch
  • IMNames
  • Microsoft.WindowsSecurityCenter.TaskManager
  • SecondThought.STCLoader
  • Smitfraud-C
  • Win32.Agent.cmn
  • Win32.Trojan.KillProc
  • TX 4 BrowserAd
  • Transponder
  • 123Mania/Sipspi
  • Adlogix.com Zamingo
  • WinSpoe
  • Tubby/Arau
  • BatCo
  • Spyware.007Spy
  • 2nd Thought SCthought.L
  • VIVAGplayer

My first solution was to try to use a restore point to return the computer to the state it was in a couple of days ago. But with a swap file and hibernate file taking up so much room on my hard drive, there was no room for the system to create automatic backups.

I rebooted in safe mode and ran spyware and virus scans with several programs. They found some, but not all, and certainly didn’t remove everything. I began working on deleting all the programs and files that they’d found, along with what my searches had found.

After deleting temporary files and prefetch data, I ran a search for files that were created within the past two days. There were about 65 new files and 15 registry entries, which actually wasn’t as bad as it could have been. I deleted as many of the files, folders, and registry entries as I could find. After rebooting, a few of the programs respawned.

I had to manually remove the registry entries found by the scanners, and found that I could now bring up the task manager and reset my desktop wallpaper. The annoying yellow triangle was also gone, and my antivirus program was working. I was definitely making progress, and slowly reclaiming my computer. After deleting more items and rebooting several times over the course of three evenings, I was ready to run a complete system scan overnight.

Nothing was found except some tracking cookies. However, all wasn’t right with my computer. I realized that I must have deleted some important files and/or registry entries. Ultimately, I had to run a Windows Repair installation. But first I had to find out how.

The simplest explanation I could find was on Microsoft’s site.

In Part IV, find out if the repair worked…

<– Part II         Part IV –>

May 5th, 2008 at 10:34 pm

Easter Trojans Part II – Now is the Easter of our Discontent


Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 306


If I had some remedy
I’d take enough to please me
I need a remedy, hey, heh
for me please
I need a remedy remedy remedy remedy remedy remedy remedy remedy

Remedy © 1992 by The Black Crowes


Task Manager Disabled The second really nasty action taken by the malware was disabling McAfee Security Center and Virus Scan. I was unable to launch it. The third cleverly evil thing was to disable the task manager. When I pressed Ctrl-Alt-Del, a pop-up box gave the message seen to the left: "Task Manager Has Been Disabled By Your Administrator." Things weren’t looking good.


Another major annoyance: Every two minutes, a yellow triangle with an exclamation point would show up in my taskbar, with a tooltip balloon. It was impossible to get rid of – if I clicked on the "x" to close the tooltip, it would show up again in a couple of minutes. The messages varied:


  1. Your computer is not protected against spyware…Spyware able to steal your data, including passwords, credit card numbers…

  2. Your Security and privacy are at rish! Spyware has been detected on your computer! Click here to run a FULL SYSTEM SCAN to protect your data…

  3. Internet attack attempt detected: Somebody’s trying to infect your pc with spyware or harmful viruses.

  4. Your computer is working slowly. Slow operation speed might have been caused by spyware. Download latest antispyware…

  5. Warning! Your computer is infected with spyware! Help to protect your computer and remove spyware! Click here for more information…



About:Security Screen If I right-clicked on the tooltip, it would launch Internet Explorer and take me to the bogus anti-virus website, disguised as the about:security page. Clicking on one of the links (for SpyMaxx) brought up livesecuritycenter.com. DO NOT VISIT THEIR WEB SITE! More about it later…


This page would also occasionally pop up on its own, launching Internet Explorer. A whois search revealed the guilty party, going by the name of "Alex Delonge." Why this is allowed to continue, or why no one has taken this site down yet, is beyond me.


Security CenterThere were also a couple of popup program windows that I’d never seen before, both having legitimate-sounding names. One was called Windows Security Center and stated I had TrojanDownloader.XS, while the other called itself "Windows Security Center system warning." That one correctly identified on of the spyware programs on my laptop. Of course, clicking on anything in these windows took you to the above-mentioned site.


The internet got me into this mess, and I was determined that it would get me out of it.


In Part Three, I recount the struggle to reclaim my computer.


<– Part I   Part III –>

April 19th, 2008 at 2:54 am

Easter Trojans, Part I


Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 306

If you start me up
If you start me up I’ll never stop
If you start me up
If you start me up I’ll never stop
I’ve been running hot
You got me ticking gonna blow my top
If you start me up
If you start me up I’ll never stop

You make a grown man cry
You make a grown man cry
You make a grown man cry

Start me up ©1981 by The Rolling Stones

I’ve always thought those lyrics were appropriate for Microsoft’s launch of Windows 98.

Although it didn’t make me cry when my Windows XP laptop was so easily and massively attacked by Trojans and malware this past Easter eve, it was unsettling to say the least. Panic and a sense of doom began to set in as I watched outside forces take over my computer, changing the behavior and look of almost every aspect.

BSOD The most noticeable was the wallpaper being replaced by an advertisement for bogus antivirus software, with a blue background. Now that’s what I call a blue screen of death. The persistent, nagging icon in my system tray that display a tool tip balloon every two minutes was also very, very annoying.

What goes through your mind when this sort of thing happens? Sit back, my friend, and I’ll take you through the six stages.

Stage 1 – As I’ve said above, the first thing that hits you is panic. What the heck is going on?

Stage 2 – Indignation. How could this happen to me? How date they have the audacity to invade my property and take it over?

Stage 3 – Self-criticism. How could I be so stupid as to click on a downloaded demo program without scanning it first?

Stage 4 – Acceptance. Okay, my machine’s infected. Now what? Off you go to the internet for answers.

Stage 5 – Healing. You start removing the offending malware one piece at a time, gradually regaining ownership of your own property.

Stage 6 – Anger. Not only are you offended by the attack, but you’re determined to do everything you can to find out who’s behind it and seek some sort of restitution; some cosmic karmic event that will prevent them from ever harming anyone again.

That’s it. There is no forgiveness stage, because the “mal” in malware is short for malicious. Oh sure, maybe you could pray for their souls if you weren’t so busy spending a week trying to disinfect your computer.

Fortunately, we can learn a lot from these experiences, it’s just unfortunate that we have to learn the hard way sometimes and pay a high price.

How did it happen? I had inadvertently launched a freeware program that installed over a dozen pieces of adware and malware on the laptop. I spent most of Easter Sunday trying to detect, research, uninstall, and eliminate each and every one of them and their tracks.

In Part II, I’ll go more into detail about what the programs did and will post as much information as I can about the host site responsible for the attack.


Part II –>

April 11th, 2008 at 9:26 pm

WHY WORDPRESS 2.5 STINKS


Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 306

CUSTOMERS SHOULD NOT BE INVOLUNTARY BETA TESTERS,

OR

WHY WORDPRESS 2.5 STINKS LIKE WEEK OLD DEAD FISH

Living in castles
A bit at a time
The King started laughing
And talking in rhyme.
Singing words,
Words,
Between the lines of age.
Words,
Words,
Between the lines of age.

Words ©1972 by Neil Young

The new version (2.5) of WordPress is broken and should never have been released.

#1 rule of blogging software (or any editing program, for that matter): Using the program shouldn’t detract from, interfere with, or take more time than the writing itself. I’m surprised there are as many blogs as there are on the internet, unless they’re using packages that are far superior to WordPress.

A writer shouldn’t have to wonder why things don’t look the way they want them too, or what’s with all these blank lines and fifty empty span tags in a row?

That’s why I’m writing this entry in Evernote, and also use Notepad, Notepad++, and MS Word to write everything down prior to posting. I always seem to have a lot more written than I can post because the uploading, formatting, and troubleshooting takes so long. I only have an hour or two every other day to focus on the blog, so most of the time is spent writing.

Here’s one example: you can upload images, but you can’t see what they look like, or include them in your blog entries. You’re forced to post all your images to a third-party site or type in the entire URL from your upload folder. Provided you know whether you want to display PS54E24q.jpg or DSC73041934.jpg.

Who wants a blog with no images? Or having to look up and hand-code all image URLs?

Another example: The color picker doesn’t work. Not too annoying if you don’t mind having to go to another site to look up your font color. I’m using RGB Hexadecimal to Decimal Converter.

All my entries containing images will have to wait for another day, when MAYBE there will be a fix, or I have time to hand-code all those URLs.

I keep thinking okay, maybe after I get everything all set up, I can start writing. But there’s always something that causes me to search the internet for a solution. Roadblocks keep popping up every day.

I just want to WRITE, without having to worry about tags and formatting and manual editing.

It’s too frustrating to put into words.

Addendum: I just spent 15 minutes editing the raw html of this post to delete duplicate, empty <p> and span tags. From now on, I’ll have to write everything in html and paste it, and that will take a lot more time.

April 6th, 2008 at 12:01 am

The. Best. Internet. Video. Ever.


Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 306

Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 608

I’m not the only soul who’s accused of hit and run
Tire tracks all across your back
I can see you had your fun
But darlin’ can’t you see my signals turn from green to red
And with you I can see a traffic jam straight up ahead

You’re just like crosstown traffic
So hard to get through to you
Crosstown traffic
I don’t need to run over you
Crosstown traffic
All you do is slow me down
And I’m tryin’ to get on the other side of town

Crosstown Traffic ©1968 Jimi Hendrix

C’était un rendez-vous

Why is this film so awesome?

Read the behind-the-scenes story at Wikipedia.

  1. Watch it at YouTube
  2. Download it from YouTube
April 4th, 2008 at 9:33 pm

plus ça change, plus c’est la même chose


Warning: Use of undefined constant videoembedder_options - assumed 'videoembedder_options' (this will throw an Error in a future version of PHP) in /services1/webpages/d/u/duberweb.com/public/wordpress/wp-content/plugins/video-embedder/video-embedder.php on line 306

Back in black, I hit the sack
I been too long, I’m glad to be back
Yes I’m, let loose from the noose
That’s kept me hanging about
I keep looking at the sky cause it’s gettin’ me high
Forget the hearse cause I’ll never die
I got nine lives cat’s eyes
Using every one of them and runnin’ wild

‘Cause I’m back
Yes I’m back, well I’m back
Yes I’m back
Well I’m back back
Well I’m back in black
Yes I’m back in black

Back in Black, © 1980 by AC/DC

Instructions: Design – Launch – Repeat

It had been a while since I last checked out what Earthlink had to offer with their web site hosting. When I saw WordPress, I decided to give it a try and start a blog.

Even though I haven’t finished setting it all up yet, I decided to launch, regardless. You may see some minor changes over the next few weeks.

For those of you looking for the old düBerWeb pages, I’ll be linking them to the blog soon. In the meantime, if you have them bookmarked, they should still work.