Day: April 3, 2005

Posted on by Leave a comment

A different path

Sometimes I wonder what it would be like to be one of those people that gets into the office at 7:59am, has a 30 minute lunch brought in a sack and eats in the breakroom, leaves the office at 5:01pm, and doesn’t interupt family for work nor work for family; each would get left at its respective door.

Posted on by Leave a comment

Progress!

I may have woken at 5:30 this morning. The clock times I remember on the cable box were 3:30 and 4:30 but the wife says it adjusted after I was up.

My computer repair is going well. If you know someone in Knoxville that needs a computer repaired, refer them to my via SIDesigns.com please.

I’m simultaneously fixing issues in the website that I am frantically trying to see released.

Posted on by Leave a comment

Computer Repair

I have a machine to add memory to, de-virus and otherwise cleanup.

  1. First problem, I can’t get a signal to the monitor. Did the video card die? Ah! Monitor cable wasn’t plugged in all the way.
  2. Installed memory is a 128MB DIMM. Must check with Gateway TS to see what memory is allowed. Wow! Have to hand it to gateway. Surfing their support site for documentation is a breeze.
  3. 256 MB of memory installed. The memory doesn’t have to be identically paired but I believe it best to put the larger DIMM in slot 1 so the 128MB DIMM was moved to slot 2.
  4. Checking Add/Remove programs
  5. Removed ViewPoint and ViewPoint Manager
  6. Removed Diet Kaza
  7. Removed KaZaA Lite–nix–uninstall file unavailable
  8. Uninstalled MediaLoads
  9. Uninstalled Morpheus–nix–uninstall file unavailable
  10. Running Spybot and Adaware
  11. Received new definitions.
  12. Running Norton Antivirus Liveupdate – Subscription expires on the 27th, must advise.
  13. Last full system scan was 1/11/2005. Scanning now.
  14. Spybot issues:
    • Avenue A, Inc.
    • Advertising.com
    • Callinghome.biz
    • FastClick
    • HitBox
    • MoeMonkey
    • SurfSideKick

    Repairing…

  15. Spybot S&D fixed all but Callinghome.biz and will attempt that on reboot. Time to start researching a manual removal.
  16. Adaware found 215 problems. I won’t list all those but it does show that sixty pop six (\\windows\sixtypopsix.exe) is by a company called MediaMotor aka Roings LTD “a leader in targeted marketing” (their AIM is roingsmaster)

    Operates in stealth. Downloads additional trojan downloaders and malware.

    Some of the names include:

    You can right-click in adaware to select all. Also be sure to look under the "negligible objects" tab. Cleaning all issues.

  17. Done. Waiting for virus scan to complete.
  18. Virus scan complete. Symantec reports no viruses. Rebooting.
  19. Of 9.7 gb only 421 mb of harddrive remain. Must fix that.
  20. Spybot runs on boot. Results:
    • Callinghome.biz
    • AbetterInternet

    Fixed!

  21. unplugged Internet connection to prevent new trojans
  22. Used Partition Magic to remove the unused 3GB partition and combine it with the 9.7gb partition
  23. Partition Magic failed. Trying again with one step at a time. Deleting Logical partition within Extended partition. Success.
  24. Deleting Extended partition. Success.
  25. Resizing primary partition for the full 13gb. Boom.
  26. Restarting computer.
  27. Partition Magic blew up again. Let’s try in safe mode.
  28. Giving up on Partition Magic.
  29. Re-created 3gb extended partition.
  30. Deleting temporary files and Windows uninstall information for antique updates
  31. Rechecking with Spybot SND. Reports clean.
  32. Rechecking with Adaware. Reports 10 objects.
    • 2 tracking cookies (http://landing.domainsponsor.com/ and http://domainsponsor.com – considering no browser has been opened since the cache was dumped this is interesting)
    • A0079949.exe related to Win32.TrojanDownloader.Agent.Ay
    • MediaMotor
    • Prutect
    • ClearSearch
  33. Installing VX2 cleaner plugin for Adaware
  34. Checking for VX2 issues. Reports clean.
  35. Checking CWShredder. Reports clean.
  36. Reboot.
  37. Running Spybot SND. Reports clean.
  38. Running Adaware. Reports clean.
  39. HijackThis found:
    • wsxsvc
    • Ebates_MoeMoneyMaker under program files
    • some other questionables
  40. reboot
  41. Removing Morpheus Gone.
  42. Manually checking registry. Mainly looking under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ (Run, Run-, RunOnce, RunOnceEx) and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ (Run Run- RunOnce) Found newdotnet parasite
  43. Removed references to morpheus and kazaa within registry and program files.
  44. reboot.
  45. Reconnecting Internet connection.
  46. Checking HijackThis
  47. Task Manager won’t come up via cmtl-alt-del or right clicking the taskbar. Troublesome. Ah! A registry hack to enable/disable the Task Manager.
  48. HijackThis reports clean.
  49. Final virus scan with TrendMicro’s HousecallFound:
    • TROJ_UR.A – \\windows\system32\sysdrc.dll
    • TROJ_SMALL.AJM – \\windows\memmupdaterV2.exe
    • TROJ_SMALL.ABT – \\windows\pi1_25.exe
    • WORM_KLEZ.H – \Program Files\EarthLink 5.0\emailaddr@mindspring.com\mailbox\003.msf “OffersData(7).pif”
    • TROJ_UR.A – \\Documents and Settings\User C\Local Settings\TEMP\ICD8.tmp\sysdrc.dll
    • TROJ_DROP.A – \\Documents and Settings\User C\Local Settings\TEMP\iF5.tmp
    • TROJ_SMALL.ABT – \\Documents and Settings\User C\Local Settings\Temporary Internet Files\Content.IE5\7PBF500\pi1_25(1).exe
    • EXPL_IFRAMEBO.A – \\Documents and Settings\User C\Local Settings\Temporary Internet Files\Content.IE5\7PBF500\counter(1).js
    • EXPL_IFRAMEBO.A – \\Documents and Settings\User C\Local Settings\Temporary Internet Files\Content.IE5\1RXAFK7L\counter(1).js
    • TROJ_SMALL.UX – \\Documents and Settings\mb user\My Documents\backit\gmz\Tiberium Sun\TiberiumSunRAR.zip *Layer2 cctibsun\RAZOR.EXE*
  50. One final Spybot S&D. Clean with the exception of 3 tracking cookies (no big deal).
  51. One final Adaware. Clean with the exception of 4 tracking cookies (no big deal).
  52. Norton Antivirus caught:

I did a preliminary cleaning that lasted 3 hours earlier in the week. Today’s cleaning started at 7am and ended at 7pm.

Posted on by Leave a comment

Beautiful Morning!

I rose at 4:30 and while walking the dog
      just had to stare at the sky.
The air was crisp and quiet.
The horizon was painted in soft clouds
      barely visible through the still leafless, skeltons of trees
      yet above the canopy of trees the majority of the sky was purple and cloudless
      showing off the stars with absolute clarity.
The moon hung low still in the clouds
      as not to diminish the brightness of the stars with its own light.
I could have stared at that sky for hours.