Showing posts with label Malware. Show all posts
Showing posts with label Malware. Show all posts

Thursday, October 24, 2013

From Cranky to Calm in NaNo Seconds.

moar capshuns and kittehs  see  share   caption  vote

I went looking for a picture on cheezeburger.com with a cat looking at a computer screen, maybe paw on mouse or keyboard.  I wanted to make a caption that was a rant about malware and obnoxious ads that pop up on top of what you are looking at.  Because I'd just spent over an hour trying to figure out how to get rid of the ads that were overlaying my Blogger Create Post with links on top of the command icons!  I'd never seen ads on that page before and never seen anything like pop ups or banners on any of the Google aps.

I tried reloading the page, closing the tab, closing the browser, trying a different browser.  They just kept coming back.  I couldn't work on my post and it was already past my bedtime.  I was tired and cranky and starting to panic.  Then I happened to notice a very faint grey line of tiny text that said "Ads not by this site".  I Googled the phrase and discovered I had malware.

I learned I needed to uninstall the program with that name and disable and remove the browser extension.  I did the first with no problem but could not find the extension in Chrome.  I'm afraid the thing will replant itself during the next restart.  Memories of the whack-a-mole game I played with the worm that took over my laptop in 2006 flooded back. I do not have time for another such go-around.

The weeks I wrestled with that worm were the start of my blogging stepping up from once or twice per month to several times a week because I needed to vent. I'd go find the link to the one where I first used the phrase "whack-a-mole' to describe the encounter but I don't have time.  I need to be awake for vid chat with Ed in three hours.  Tomorrow I see my counselor and that is going to eat up the whole day.  My sister has an appointment in Portland for that same hour so I have to be ready when she leaves to take Mom to our brother's.  At 12:30.  Two hours early. Then hang in the waiting room another hour or two after.

Anyway... This picture caught my eye because of the laptop but with no cat 'working' the computer it wouldn't work for my plan.  But I kept coming back to gaze, drawn to it by some some deep and strong current in my psyche.  I yearned to crawl inside that picture and sit at that keyboard and type as I listened to the water below flow and the breeze stirring the leaves and the kitten purring and the birds twittering.

Within a few minutes I noticed that I was much calmer and no longer wanted to rant.  I decided I needed to caption this pic.  I was about to look for an author quote to grace it but a stray thought rose like a dolphin leaping from the sea:  Wouldn't this be perfect for NaNo?

I had my theme and an hour later I had my caption.

Read more...
Narrated by Joy Renee at 11:11 PM , 0 tell me a story
Labels: , , , , , , ,

Monday, May 21, 2007

Bug Fighting Of Another Stripe

Couldn't figure out what was going on with me ever since Saturday afternoon. I fought what I call nap-attacks all day Saturday--the irresistible need to give into sleep. For someone whose usual complaint is insomnia, it is disconcerting when this happens. I kept whipping myself with guilt and shame, accusing myself of trying to get out of finishing the backup project, of giving into boredom rather than stay committed to the respect for my work which I have been blogging about for the past two weeks.

I fought the need with extra caffeine and frequent walk-abouts the house and yard on Saturday. I especially hated to give up one single hour of race-day Saturday. The one day of the week during dirt track race season when I have unfettered access to the whole house and yard and can have my work station in the living room beside the PC and keep both computers active with separate but equal projects. All this while doing laundry, hanging with Sweetie, my in-law's Australian Shepard/Border Collie, playing music of my taste at my volume, etc. etc. All those things that those of you who live in your own homes probably take for granted.

But even though I could have continued working at both computers while having the luxury of sitting in an office chair instead of the edge of the bed right on through to seven or eight Sunday morning, I gave up just before eleven. Even before my husband and his Mom got home from the races. I was already moved back into the bedroom and working at getting both Saturday's and Sunday's posts up when they got home and ready to have my light out and close the laptop lid within minutes after my husband had started snoring.

This especially frustrated me in light of the fact that I had slept most of the hours between dinner Friday evening and noon Saturday.

I slept until seven-thirty Sunday morning. Was feeling much better and ambitious but was up against the fact that my laptop was in need of a restart which takes nearly half an hour to complete. And then the AVG daily scan starts at eight and lasts until ten.

So I used those hours to hang out with my husband and discuss plans for a total revamp of my other two web sites with an addition of another we have been planning to add to the mix. This discussion got him enthused about experimenting with graphics programs for use in that project and, with my blessing, he took over the laptop as soon as the scan was done. I looked over his shoulder for the next four hours. It wasn't time wasted. I learned a lot and the two of us got somewhat synchronized as to taste and tactics for the upcoming project.

A project which I am forbidding myself to start working on until I get my files backed up. I know myself too well. I tend to hyper-focus on a single thing until my attention gets dragged to another thing. I have been forced on multiple occasions to drag my focus back to the need to organize and back up my personal files only to have my attention dragged away before the project is completed. This last scare, invoked by the malware attack was alarming enough that memories of it are helping to keep me goaded toward the goal this time. Even though it was tempting to relax when my husband decided that it probably wasn't going to be necessary to reformat the hard drive after all.

When my husband quit working on the laptop about three-thirty Sunday afternoon, did I grab it up and get busy once again with harvesting my email off the AOL software, the last of the sub-tasks before the files are ready to be bundled for backup? No. I gave into the nap attack I'd been fighting for the last hour or so of his goofing around with graphics and WYSIWYG and databases etc. He quit only because he was slated to help with a BBQ. He had to call me for dinner at six. I crashed again as soon as the dishes were done.

And slept until seven Monday morning. Most of twelve hours. I woke with the hint of a sore throat, but blamed it on snoring and dehydration. But by afternoon, I had a stiff neck just like the one I had when I had mono the week I turned seventeen and which plagues me with every bug my body fights to this day. So the mystery was solved. I wasn't lacking in character re the commitment to the backup project and thus to respect for my work. I was fighting a bug and should be grateful that the usual insomnia was not preventing me from getting the healing rest my body needed for the fight.

I crashed again after dinner this evening and woke at eleven in a fever sweat. Which explains the blurred vision aggravating everything else over the last couple of days. I had suspected a low grade fever a couple of times Sunday and Monday but could not confirm it as I have not replaced the mercury thermometer I busted over my cat, Gremlin's, head in the summer of 2005 when she leapt into my lap as I was shaking it down.

I guess I can give myself a break from the self-flagellation. But I have to figure out how to do that and maintain my commitment and focus on the backup project. These are exactly the kinds of distractions that can drag my attention away from important projects indefinitely.

It helps that I put this project into a task manager which started alerting me about the Saturday deadline at midnight Friday morning and keeps popping up with reminders at every boot up and every midnight and other occasions that seem random but probably aren't. I could get rid of the annoyance by clicking 'clear' the next time it pops up. But I won't. I am sooooo close to the finish line.

Read more...
Narrated by Joy Renee at 11:42 PM , 0 tell me a story
Labels: , , ,

Tuesday, May 15, 2007

Turned my library levy ballot in here this morning. Phoenix City Hall now occupies the building which was the Phoenix Library a year ago. Our new library is being built on the lot where City Hall used to be. But will it ever open its doors?

Today is D-day for the library levy. Ballots must be turned in by 8PM which is less than three hours out now. To pass there needs to be better than a fifty percent turnout of registered voters plus better than fifty percent in favor. Word on the local news at five is that turnout is running at 48%. Close enough for hope but not close enough to relax. No word yet on how the votes are falling. Opinion on both sides has been strong and outspoken.


Nobody needs to guess where I stand.


I walked my ballot over to City Hall in Phoenix this morning, dropping it in the box just before nine. To do this, I had to stay up way past my usual bed time of late. I had hoped not to be leaving it to the last minute like that. The ballot arrived in the mail the same week the malware attack hit my laptop. Possibly the same day thought at the moment I can't quite remember whether the ballot arrived on Saturday the 28th or Monday the 30th. I will never forget the moment my laptop started blitzing the screen with browser windows and pop ups faster than I could close them. Just before 3AM that Saturday morning.


For over a week, I feared that I was about to loose access to the Internet and my files at the same time I was loosing access to the library. Panic is not a strong enough word to describe my state of mind. Over the next twelve days my laptop got at least as much attention as a newborn in intensive care. After a week of playing Whack-A-Mole with the malware, my husband was at his wits end and told me to start preparing for a probable reformatting of the hard drive. By which he meant for me to collect my personal files for back up. Since some of my files needing back up were still on the PC, I started working with them during the times the laptop was busy with scans or restarts.


One of the biggest backup projects on the PC was my email corrospondence trapped in the AOL software. I had discovered only after I had been using my laptop for three months that transferring AOL mail files from one computer to another would overwrite the files on the destination computer. I would have had to choose between the two years preceding my Dad's death while I was in Phoenix communicating with my parents and siblings three to five-hundred miles north of here, or the three months following his death while I was in Longview, Washington communicating with my husband here in Phoenix. Then there was the email related to web site admin on both. No way to choose. Thus the only way to salvage the PC email files was to copy and paste them into text files or save them as HTML pages.


I knew that project was going to be huge which was why I procrastinated on it so long and because it was hooked in my mind with the whole issue of backing up my files it tended make me avoid thinking about it. But this latest scare has really got my attention. I hope I never need another lesson in the importance of backing up your important files regularly. A lot of the stress of the last two weeks would have been avoided if a few keystrokes could have backed up my files.


I had been estimating that the PC email retrieval was going to take two or three night work sessions. Access to the PC for me is limited to between 9PM and 5AM. Or I can get back on it after my husband leaves for work on the days his mother also works--Tuesday through Friday. Which is what I did this morning because I had to stay up until I could walk the ballot over anyway. I had come very close to completing the project before five but had a couple dozen more emails to sift through and some double checking with my photo folders that I had already copied the pictures over to them. That took me a bit less than an hour after my husband left for work this morning. I estimate that I put in close to thirty hours on that project alone over the last ten days.


The email was the last of the files on the PC needing to be accounted for and organized for backing up. Now I can focus on the files on the laptop. And the good news is that the laptop is cooperating at the moment. The aberrant behavior has been nearly zip since Friday evening. There is hope we will not have to reformat the disk after all. But I refuse to loose the momentum or the motivation on the file back up project. I am still hoping to hit the target my husband set a week ago which was this coming Saturday. The day he was going to take the hard drive back to its out-of-the-box state.


But for the next several hours my focus is going to be on following the election returns on the local news. The fate of ballot measure 15-75 holds my fate in its hands. Life will go on without library access but wouldn't be a life I would recognize or feel at home in.

Read more...
Narrated by Joy Renee at 5:14 PM , 0 tell me a story
Labels: , , , , , , ,

Monday, May 14, 2007

Plugging Along

I wanted to be able to make this post all about celebrating that I had finally gotten one of the pressing tasks I've been talking about done. But with less than a quarter hour to go, before midnight, I can see I won't make it. I am speaking of saving two years worth of AOL email correspondence off the PC. It covers between January 2004 shortly after news of my Dad's cancer thru September 2005 as I was walking out the door to catch the bus up to be with my family as my Dad's passing drew nigh. That also covered the year I put up my three web sites and thus all the emails relating to administrating them were involved as well.

I keep thinking I am about done and then find something I missed. I had kept folders for each 'conversation' labeled with the name of the family member or friend and saved into them each of the emails both from and to them. If I had been diligent about always putting the proper email in the proper folder, this job would have been much easier. But I kept coming across a side of an exchange that did not have it's predecessor or its followup. At first I thought I was out of luck, but then discovered that a lot of those could be found in either the Incoming Saved folder or the Sent Saved folder where they had automatically been saved as they were opened or sent. But those folders were full of everything. Since I had never even peeked in them, I had also never cleaned them out of the junk--the newsletters, ads, silly forwards, spam, admin related to my websites etc.

When I was dealing with a folder that contained only the exchanges between me and one other person which were listed in chronological order, it was easy to just keep clicking next and then copy and paste the dateline to a Word Pad file and then copy and paste the body of the email. Unless it contained photos or active links I wanted to save and then I would have to use an appropriate method to save that info in another format. But even with occasional extra steps like that involved, I zipped though folders at the rate of about two per session except for the ones for my parents, my sister and the web admin stuff.

I finished the last of said folders about 3AM Monday morning and was about to dance a little celebratory jig in my chair when I spotted those other folders in the tree. I don't know why I hadn't noticed them before. Probably because I was leaning too close to the screen and not looking above the part of the folder tree I was interested in. It wasn't that I had never known of their existence, just that I haven't worked with AOL mail since last September and the folders on the PC since December 2006.

So I took it into my head to start looking through them and seeing if any of those missing parts of certain email dialogs were in there. But now instead of working with one Word Pad document at a time I have to keep going after the one that pertains to the 'conversation' in question, then scroll through it until I find the time stamps that match, see if it was missed and if so, paste in the time stamp and then the body. In the process, I ended up with five or six Word Pad documents open at once and several times I got confused and pasted the wrong email into the wrong conversation or the right conversation into the wrong place in the queue. Like once I put a whole string of spring 2004 emails into the middle of a spring 2005 conversation.

Meanwhile the fonts in the AOL folders--the links to the emails with their address and subject etc--were probably 9pt and really hard on my eyes. And I am so out of practice with a mouse!!! It only took me a few minutes the first session to get versatile with the mouse again but after a couple hours I was up against the old problem of hand and wrist pain and fatigue which had been such a part of my life before the laptop and its touch pad.

Well, it looks like I have a couple more hours worth of weeding though the saved incoming and outgoing folders before I can call this project done. Once it is done that is the last of my personal files on the PC that I have left to organize to prepare for backup, which is the main project this is just a small piece of. I am waiting on completing the collection of AOL email off the PC before I start the same project for the laptop as I don't want to have to create the same set of files and folder twice. I am going to send the PC folders over to my laptop via the WIFI connection I can access the shared folder on the PC from any desktop on either computer so that is where I have been stashing the copies of the files on the PC I need to back up.

This project was set in motion when it began to look like we were going to have to reformat the hard drive on the laptop. There is hope now that won't be necessary. We are holding our breath after two full days with no further evidence of malware behavior. We shall see. But I am not going to let that hope slow my momentum on this project to back up my files. But you can see why I have been procrastinating on it so long.

Read more...
Narrated by Joy Renee at 11:54 PM , 0 tell me a story
Labels: , , ,

Friday, May 11, 2007

Of Naps and Naifs and Cranky Computers

I wanted to post about something with nothing to do with cranky computer issues again today but with even my dreams suffused with it, it seems a futile quest to come up with another topic. Not to mention it would feel forced and artificial. I fell asleep shortly after dinner in spite of being anxious to get started with my session. I dreamt of trying to move out to the living room with my laptop only to find it rearranged and a maze of electrical plugs which would not stay of the right size to plug in my power cord..

I am exhausted with the stress of the roller coaster of emotions during this two-week long malware attack on my laptop. It began just before 3AM on Saturday morning, April 28 with a blizzard of pop-up and pop-under and unrequested windows followed also by an unrequested download and installation of a mysterious program.

I'm not going to do a play-by-play here, I'm too tired for that. And in spite of the fact I have difficulty thinking about anything else right now, it still bores me to try to write about it in a coherent fashion. It has been bad enough that every conversation with my husband for the last two weeks has been about this and I am weary of talking about AVG scans, BHOs, memory, register, system32, Trojans, Adware, Worms, root systems, Tracking Cookies, Processes, Connections, Virtual Memory Paging File, Browser plug-ins, updates, quarantine, virus vaults, ActiveX this and JavaScript that and software signature slates, start folder, temporary Internet files and .dll .exe. .bak. .cab .hta,..

Tonight after dinner and dishes, I was too exhausted to care that there was a possibility the worst of the moles had been routed out earlier today. It is no wonder considering that I've slept less than six hours per day for the last two weeks and often less than five. My dreams have been full of the images and anxieties of my waking days. After dinner I called up the IE browser for the first time since the AVG ant-virus had claimed to discover and quarantine the vicious little vtutq.dll object in system32 this morning.

For the first time in two weeks surfing onto a page of my choosing did not add one to four extra URLs to my history of which I had no knowledge, usually no sight of and no way to exit from since even the windows that sometimes briefly showed themselves would disappear almost instantly. Many of these URLs were on some kind of automatic refresh for when I right-clicked on them in history and called up their properties it showed multiple visits within minutes. Often in the double digits inside of an hour. Some of them would be closing in on a hundred visits by the end of a day. Every link clicked on, every new window or tab opened would trigger these ghosts. I spent a good part of the first week trying to block those URLs until I discovered that they weren't the culprits only the clients of the culpable . Though I think a case could be made that businesses should be held accountable to some extent when the advertising or promotion they commission is performed with blatantly malicious tactics that are analogous to vandalism and theft.

I would also think that they would not want to be paying for 'views' of their ad or web site that are as virtual as the pixels in your dreams. Or so I was convinced until a Google search on the name of one of the most active of those mystery URLs turned up a page about Search Engine Optimization which was listing the top 500 best performing web sites. This URL turned out to be a Google wannabe that had had a stat history in the single digits for months until three months ago when it suddenly exploded. I wonder how many of the 68,000 page views it received in the last month were 'visits' that were as virtual as the two or three hundred my browser registered in the past two weeks. How many individual victims of this same Trojan Adware Browser Helper Object aka vtutq.dll would it take to account for 68,000? Say each unique 'visitor' registered two separate 'visits' per day and refreshed ten times on each of those 'visits'. That is probably an underestimate but it gives you 242.857 'visitors' aka victims.

So there you have the motive. Wouldn't we all like to make it into the top 500 ranking in web page popularity with under 250 virtual viewers? By virtual viewer here I mean visitors that may have been unaware of the visit and certainly did not initiate it voluntarily. That page ranking causes your page to show up in the first page of a Google or Yahoo search. And that is where they attract their real, volunteer visitors who become the potential customers or regular visitors. At first, when I realized the mystery URLs were 'only' clients of the ad service that was using the Trojan, I was prepared to sympathize with them as one victim with another. But I am not so sure now. Either they are completely conscious of the tactic and thus complicit or they are careless about Internet ethics.

I find it exceedingly interesting and hardly an accident that this all began within five minutes after I wrote a lengthy post about taking my work seriously part of which entailed learning to promote it in spite of how anxious anything to do with self-promotion or any kind of calling attention to myself makes me. My first emotional reaction over the next three to five days was an inclination to feel that this was a kind of punishment for daring to defy that interdiction against self-promotion that was part of my religious upbringing.

Then I went through a stage of anger at the villains who dared to do this thing. That lasted another week. Then I reached a stage of chagrin at being such a naif about Internet surfing safety and so complaisant that I had not gotten around to backing up my personal files in the entire 19 months since acquiring the laptop. Another issue related to respecting my work. The last several days have been as much about the project of organizing my files on both the laptop and PC for backup as they have been about the Whack-A-Mole game with the malware. A great deal of my anxiety has to do with fear that this thing will do some serious damage to my system and possibly crash it before I can get my files off and safe.

My husband might have already done the hard drive wipe he thinks is the best way to insure all pieces of the malware are eliminated, if my files could have been backed up with a few keystrokes. But not only have I not backed them up ever since moving them from the PC to the laptop, I have let them spread out in a disorganized fashion and my husband has been using my desktop more than his own so he has laid tracks down in my My Documents folder. It is not possible to just backup the My Documents folder either as some of the malware had planted pieces of themselves there in the My Downloads folder and occasionally in folders they created themselves.

I am getting close to ready to back up my personal files. I have several more hours of work cutting and pasting personal email exchanges from the AOL files on both laptop and PC and the MSN files on the laptop. Cutting and pasting the body of the email along with the subject header and time stamp is the only way I know of to get them out of the proprietary software prison they are in. My husband has wanted to uninstall all AOL software off both computers for months because of their large footprints in the system for something that isn't even used. Only knowing I wanted to rescue my email first has prevented him.

The good news right now is that I have been using the IE browser for several hours with no evidence of intrusive URL tracks being laid down in my history. I am almost beginning to hope the hard drive wipe may not be necessary. But my hopes that the thing has been cleared out were raised before and then dashed when it returned after a restart. If my history and temporary Internet files remain clean through this session and the vtutq browser add on does not replant itself (possibly by a new name) after the next restart, I may take a few more breaths of hope infused oxygen. If the virus and spyware scans turn up zero threats or infections again tomorrow as they did this afternoon and the history remains clear of intruder tracks, I may hyperventilate on hope.

My husband too is wary of taking it for granted the moles have been defeated. He is going to check out a site I discovered during my research which purports to be a a resource for those suffering with cranky computers. They have a forum where you can join and then ask for help. The pages I read on there seem to indicate the people running this site are as outraged by these malware foisters as I am and their mission is to put as many wrenches into their gears as they can. One of which is education of the Internet naifs like me.

They claim to be able to explain the intricacies in language even the least geeky could comprehend and I read on there how one person was walked through removing that dreaded vtutq. I would have joined and asked for help but I got bit once before when I downloaded a purported 'free' spyware zapper that turned out to be more malware.

So I am going to let my husband check them out first. And I'm not mentioning them by name until he has vetted them. But if they turn out to be what they claim to be and especially if they help us recover from this without needing to reformat the hard drive, I will not only post about them, I will plant their link in my side bar. I might even join them myself so that I have someone to go to for help when my husband isn't available, i.e. when he is at work or asleep which he is eighty percent of the time I am on the computer.

I can see now how educating myself on safe Internet surfing and Web ethics has to become part of my project of promoting my work. I have definitely learned about one type of self-promotion that has all the slimy qualities that I was raised to believe all self-promotion was tainted with. I definitely want to be sure that I do not contribute in any way to promoting that kind of promotional behavior. Neither by using the services of those who provide it nor by being the naive victim whose bandwidth, CPU resources and RAM are stolen along with peace of mind, sleep, time and energy to facilitate someone else's profit margin. Whether that profit margin is page ranking or dollars doesn't matter, it is ill-gotten gain and if it is not technically criminal, it should be.

Read more...
Narrated by Joy Renee at 11:18 PM , 0 tell me a story
Labels: , , , ,

Wednesday, May 09, 2007

If It's Not One Thing...

It will be another. I made great progress in implementing my intention to switch my attention from chasing malware moles to getting my files ready to back up so my husband can do a hard drive reformat. I couldn't work on the laptop last night as it was busy with scans and updates. So I focused on getting my AOL email on the PC transferred to text documents via copy/paste. This is the only way I can think of to save the contents of the AOL email so I can access them without the AOL softeware. My husband wants to remove all the AOL software off both computers and the only thing holding him up was knowing I wanted to rescue my email first.

This was a task I had procrastinated on for months because I knew it was going to be emotionally grueling. The email on the PC covers the 21 months between my Dad's colin cancer diagnosis and the morning I left Phoenix on the bus to see him for the last time. It also contains some of the email exchanges between me and my husband while I was out of town for those six or seven weeks I spent with my family from three days before Dad passed on September 24 until just before Thanksgiving.

It was as emotionaly grueling as I expected. I had completed the project of retrieving all of the exchanges between myself and my siblings over the last week. Last night it was those between myself and my parents that I set myself to do. It took me over four hours. But that was partly because I had to take a break every thirty minutes or so. Especially if I paused to read more that a few lines

But I was able to congratulate myself for completing that tough project before my session on the PC had to close so my husband could have his morning coffee over his email and games. My laptop was still busy and I knew it would continue to be until at least ten because the daily AVG scans and updates are scheduled between six and eight. Which is one way to encourage me to shut the lid instead of continuing to work for several more hours.

So that is what I did. I shut the lid and I settled down to prepare to sleep. I read the last few pages of book eight of A Series of Unfortunant Events, The Hostile Hospital, and the started book nine, The Carnivorous Carnival. Probably the longest stretch of uninterupted page turning since the Malware Wars began on April 28.

I went to sleep with great expectations, eager to get to work on the same AOL email retrieval project on the laptop as soon as I woke up. But it was not to be.

When I woke up just before three, the computer was in the middle of a restart, which I learned later had been because Windows Automatic updates had installed some new updates. It didn't say which ones then. But no sooner did the laptop return to the desktop the gold shield symbol appeared in the task bar tray again, announcing that updates were being downloaded. This continued running in the background along with AVG resident shield and kept the laptop too busy to do anything else. Especially anything with as big a RAM footprint as AOL browser software.

I waited patiently though because I still had hopes that the Windows updates will eventually dowload the fix for the problem we've been having. I suppose that is a touch of magical thinking. I don't know. But a couple of hours later--just before I was called to dinner--the laptop initiated another restart without warning. And this time got stuck at the point where only the desktop background picture is still showing. I pressed the power button and still brought up the option to log off, standby, hibernate, shut down or restart. A symbol on the shut down option showed that there were updates ready to install. So I selected that just I headed to dinner.

When my husband got back to the computer after dinner the intallation was still ongoing. This was between twenty and thirty minutes later. It showed it was still installing 1 of 5. It was still installing when I got done with the dishes. It must have taken at least an hour.

And as soon as I got back on the desktop there was the update icon in the task tray again. This time, when it announced the update was ready to install, I clicked on the icon so I could initiate the installation and follow its progress. I was a tad bit disgusted when I discovered that it was only updates for Office 2003 and Outlook which I can't even use because I used up the 90 day trial period with them the first three months I owned the laptop and there is no way in any forseeable near future I can expect to have the spare several hundred dollars with which to purchase that package. I had been threatening to uninstall them for months. After what happened next, I am going to do that before the next reboot. Because the end result of the installation was failure on all five counts. And then it still insisted on a restart! And after the restart the update icon returned.

The only thing I could think to do was turn off the WIFI.

About that time, my mother-in-law headed to bed so I headed out to the living room with my laptop and book bag, containing objects related to the projects on my mind. I go to the PC to log off the family desktop so I can log onto my own only to find the PC too is insisting on installing downloads. After checking to see what they were and discovering that it was purporting to be Malicious Software Removale software, I eagerly told it to continue. There was the evidence to support my hope that Windows updates were going to add something that could solve our dilemma without resort to a hard drive wipe.

A few minutes later, I glance up from the laptop to the PC screen to see the black screen with the C prompt. Then the screen fills with white text. I managed to see something about an inability to restart properly and a list of possible cause with another list of possible options, one of which was highlighted--restart normal. That screen stayed there only about thirty seconds before it automatically attempted to reboot again. I had to let it recycle through that three or four times before I managed to read the entire screen. Then I was faced with the delimna that the mouse didn't work in C prompt mode and the PC keyboard has several keys that are inopperative, two of which are the left and the up arrows. Very inconvient at normal times. I let the system recycle through the normal reboot attempt a couple more times before I thought to try the down arrow just to see what would happen. Thankfully it took me to the top of the list so I could work my way down to the choice to reboot with the last know settings that worked.

I can't begin to describe the panic I was in. My husband was asleep. I had initiated what amounted to a system maintainance task on the PC. Something that I had never done before because it is not my computer. My husband with his tech knowledge has his mother's confidence and has full administrative responsibility. I had always left these tasks to him. It was my usual practice to let him know the next morning when the computer had asked to perform one of those type tasks or issued a warning. But because I have been initiating so many similar tasks on the laptop several times per day over the last twelve days, I had not even hesitated to click on OK for that install. And now the PC seemed to be choking on it.

Thankfully it rebooted safely in the mode I chose. But one of the first warnings it gave after the desktop was back was that the anti-malware program that my husband had instlled on the PC a couple weeks ago had not initialized and it suggested reinstalling it. So now I am worried that the PC is unprotected. And I should probably either turn it off or turn off the WIFI box. But I'm pretty sure the PC was and is still well protected without that particular trial version of a program.

Well then. I'm off to try to get my Thursday Thurteen posted before my husband gets up. I had hoped to come up with something with absolutely nothing to do with the topic of malware or computer coniptions. I've got nothing... yet. Wish me luck.

Read more...
Narrated by Joy Renee at 11:38 PM , 0 tell me a story
Labels: , ,

Tuesday, May 08, 2007

Knowing When To Fold

My husband has had enough. He has been strongly hinting that he was about ready to wipe the hard drive to eradicate the malware since last Thursday. The only things stopping him was time available to get the job done and the status of my personal files which have not been backed up anywhere since I got the laptop in September 2005. He is not hinting anymore. Time constraints will be lessened after the Mother's Day shipping rush is over this week. So the only thing holding him back from taking the tack he deems best for the computer is my files.

He would now like to see me put the same tenacity and time into the project of preparing my files for backup as I have been putting into playing Whack-A-Mole with the malware over the last eleven days. He is giving me until the morning of Saturday the 19th. On that day he wants to reformat the disc and boot back up wit the original factory discs.

Between what the two of us have learned over the last eleven days as we watched these moles operate and the AVG scans find them and wipe them only to see them pop their heads up again immediately upon log on or immediately upon use of a browser, he is fairly confident that AVG has locked the door against new intrusions. What we are fighting now is the ones that got in while our guard was down and planted replicating ability in the system restore files. There are just a few and AVG finds them again with the next daily scan. Always the same few segments somewhere in the file name.. But it is a tiresome and time-consuming game. We are both weary of it.

Yesterday, I may not have been ready to hear what he had to say tonight. I still don't like it. I hate giving up the game. I want to win. I want to track those #%$# down and see their faces as I aim the flamethrower into their burrow. I want to take down names and go after them in the real world where they live--not with flamethrowers but with fines and penalties that will make them think hard before participating in such anti-social behavior again. I also want to go after the businesses whose ads and websites are being promoted by these methods. If shaming them out of participating in such schemes won't work then fines and penalties, class action suits maybe. I don't know. I'm just seeing red right now.

But as much as I would like to win, I would like even more to be spending my time and energy on projects that energize me instead of enervate me. So, I am cutting and running from the mole hunt and turning to collecting my valuables out of the garden so that I can bring them back and replant them after the mole warren has been destroyed.

Read more...
Narrated by Joy Renee at 11:21 PM , 0 tell me a story
Labels: , , ,

Monday, May 07, 2007

Protecting Against Internet Peeping Toms

EFF has some tips on securing your privacy while surfing. Especially while using any of the search engines.

I wish I'd know about this before I ended up in this fix. Following these tips might have protected me from the malware as well as from having all my activities online collected for analysis by the so-called legitimate or benign companies. I'm not sure anymore if any of it is benign even if they aren't outright malicious. A peeping tom may not ever do anything violent or damaging to person or property but the thought of them still give most sane people the willies.

I so loved the convenience and the personal touch of having the sites where I had accounts--like Blogger and Google--set up to recognize me on my laptop. But if that convenience had anything to do with opening the door to this invasion of malware that has stolen my bandwidth and virtual paging file space, ten days of my time and energy so far, and my innocent delight in the information garden, I suppose I will have to do without it.

Yet another garden invaded by worms!

Read more...
Narrated by Joy Renee at 11:44 AM , 0 tell me a story
Labels: , ,

Saturday, May 05, 2007

Malware Maladies

After eight days of this Whack-A-Mole game, I am now wondering if it is I who was the mole all along. Its either that or the mole got the mallet away from me and got in some licks of his own.

I'm seeing red and I don't know if it is an incipient migraine aura or fury at the chutzpa of these villains. I feel violated and invaded. These cretins have stolen my bandwidth, my CPU, my time, my peace of mind, my RAM and C drive memory. Why is this even almost OK? With anyone? Do the legitimate businesses whose ads are being shown know and have any complicity in how the service they are paying for is being implemented. If they don't know then they should be aware that their product is being presented in a manner guaranteed to piss off any potential customer. Not that I would ever be a potential customer of something called 'Bodycandy' whatever that is.

I've spent over six hours in the last 48 reading the cookies in my temporary files. Not my preferred reading matter. Especially in 9pt font. But it was informative. I know that dozens of ads left traces of themselves there which I never viewed. So does that mean some businesses are being scammed too? Paying for views of their page that were only virtual views and not actual views by human eyes? Some of these pages are registering upwards of fifty views in just two or three days.

And one of their tricks is to set the expiration date on the cookie to some time in 2012 or 2028 and then refuse to allow you to delete it. Another is to use an ISP or server identifier instead of a URL and then change it periodically so that banning it doesn't solve the problem. So I'm guessing the ISP are probably false because who can change ISP or servers every 24 to 72 hours?

This whole experience is making me rethink getting involved in either hosting ads or someday buying ad space online. The thought of it today is making me feel dirty. Like I've stepped in a mole hole and discovered the delightful garden is sitting atop a large warren of muddy tunnels and slimy hidey-holes.

Read more...
Narrated by Joy Renee at 11:48 PM , 0 tell me a story
Labels: , ,

Friday, May 04, 2007

A Whole Week of Whack-A-Mole

I am beyond weary. My laptop may need to be reformatted to get the malware out. And these are considered Medium risk? At least that is how most of the protection programs label them. My husband is running out of ideas and has put me on notice that I need to get my personal files backed up in case he has to take the machine back to its fresh-out-of-the-box state. Meanwhile it would behove me to stay offline with it as most of the problems seem to be instigated by surfing. I guess this week long Whack-A-Mole is a small price to pay if it finally forces me to get my files backed up.

Well, that is all that I feel like typing on this clunky PC keyboard. Besides which I am screaming bored with the subject.

Read more...
Narrated by Joy Renee at 11:55 PM , 0 tell me a story
Labels: , , ,

Thursday, May 03, 2007

Thursday Thirteen #31

This is a shoutout to anyone with tech savvy who might know something about one of the items listed here and be able to point us in the direction of help.

I expect for most of you that your eyes will glaze over as you scan this list. Imagine if this had been your primary reading material for the past six days. I was so anxious about this, I couldn't just let the scan programs to their job. I actually watched the names of the files and the names of the threats as they streamed by. In the first scan by AVG on Saturday morning there were over 450 instances of treats identified. Over 400 were Tracking Cookies. About 20 to 30 of them were programs which spread pieces of themselves all thru the system.

Watching those scans in progress was a lot like watching paint dry. At first anyway. But over time, I started to see relevance and clues and connections and some of those led me to the solution.

The latest scan found only 40 some threats of which all but four items were tracking cookies. UCMore the so called search accelerator is still skulking in one location. As is one of the Trojans and Not-A-Virus with its redirect capability.

The latest frustration is that after the last scan the instruction to delete upon reboot (which we resorted to when giving the command to remove the offenders tended to crash the Anti-Malware program while it was in process) those items found in C:\System Volume Information\_restore came back with a warning that it could not be done without damaging a file important to the system. So if a competent program like AVG can't ferret out a known baddie because it hides itself in a vital folder then what is a non-geek to do?

Thirteen of the Malware Found on My Laptop Since Saturday
(and where they were found if known, including multiple locations)

1. C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP493\A0048229.exe -> Adware.Agent

2. HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar
HKU\S-1-5-21-2184598315-1240948459-3972223151-1007\Software\Effective-i -> Adware.EffectiveBrandToolbar
HKU\S-1-5-21-2184598315-1240948459-3972223151-1007\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar
HKU\S-1-5-21-2184598315-1240948459-3972223151-1007\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar .

3. C:\Documents and Settings\Joy\Local Settings\Temp\Doh.exe -> Adware.ClickSpring

4. C:\Documents and Settings\Joy\Local Settings\Temp\New2D0.tmp\upg_dll.dll -> Adware.NewDotNet .
C:\Program Files\NewDotNet -> Adware.NewDotNet .
C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP493\A0050223.exe -> Adware.NewDotNet .
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP493\A0050224.exe -> Adware.NewDotNet .
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP493\A0050225.exe -> Adware.NewDotNet .
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet .
C:\WINDOWS\system32\smpi1\win.exe -> Adware.NewDotNet
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet .
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\New.net Startup -> Adware.NewDotNet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Ignored.
HKU\S-1-5-21-2184598315-1240948459-3972223151-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet.
HKU\S-1-5-21-2184598315-1240948459-3972223151-1007\Software\New.net -> Adware.NewDotNet .
[1800] C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet
[1808] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet [2412] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : Ignored.
[3376] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : Ignored.

5. C:\Documents and Settings\Joy\My Documents\WіnSxS\ѕеrvices.exe -> Adware.PurityScan .
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP493\A0048228.dll -> Adware.PurityScan

6. C:\Documents and Settings\Joy\Start Menu\Programs\UCmore - The Search Accelerator -> Adware.Ucmore
C:\Documents and Settings\Joy\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore .
C:\Documents and Settings\Joy\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore C:\Documents and Settings\Joy\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore .
C:\RECYCLER\S-1-5-21-2184598315-1240948459-3972223151-1007\Dc56\IUCmore.dll -> Adware.Ucmore
C:\RECYCLER\S-1-5-21-2184598315-1240948459-3972223151-1007\Dc56\UCMTSAIE.dll -> Adware.Ucmore
C:\WINDOWS\system32\smpi1\win66.exe/IUCMORE.DLL -> Adware.Ucmore
C:\WINDOWS\system32\smpi1\win66.exe/UCMTSAIE.DLL -> Adware.Ucmore .
C:\WINDOWS\system32\smpi1\win66.exe/empty_00000001 -> Adware.UcmoreHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore .

7. C:\Documents and Settings\Joy\Local Settings\Temp\wr-1-2000219.exe -> Downloader.Agent.bls .
C:\WINDOWS\retadpu2000219.exe -> Downloader.Agent.bls .
C:\WINDOWS\system32\smpi1\win11.exe -> Downloader.Agent.bls.
C:\WINDOWS\updater.exe -> Downloader.Agent.bls

8. C:\Documents and Settings\Joy\Local Settings\Temp\Install-Errorprotector-Free.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l
C:\Documents and Settings\Joy\Local Settings\Temporary Internet Files\Content.IE5\7NNZPVTX\hh[1].htm -> Not-A-Virus.Exploit.JS.ADODB.Stream.t .
C:\Documents and Settings\Joy\Local Settings\Temporary Internet Files\Content.IE5\S9P3SH2H\portal[1].htm -> Not-A-Virus.Exploit.MhtRedir
C:\Documents and Settings\Joy\Local Settings\Temporary Internet Files\Content.IE5\THV6VUBG\portal[1].htm -> Not-A-Virus.Exploit.MhtRedir

9. C:\WINDOWS\system32\smpi1\win5.exe -> Trojan.Agent

10. C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP492\A0048225.exe -> Trojan.Small .
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP493\A0050226.exe -> Trojan.Small

The following three came up in scans by programs that did not provide the detail as in the above examples. At least not for free trial usuers:

11. Busky B

12. Core

13. Yazzle

The following are not included in the thirteen because I cannot be sure they are malware as they have not been identified as such by a scan. But error messages contain reference to them:

1. iexplore.exe comes up in a runtime error that appears just before the browser crashes

2.system32\rfkwymtg.dll comes up in an error message claiming it cannot be found as logging onto the desktop after a reboot is in progress

3. gorPUS.exe this is one of several mysterious programs that get accused of Not Responding durring log off and won't close unless you click end task

4 NDrv.exe and services.exe both throw up error messages upon logging on after reboots claiming to have encountered an error and needing to close.

Links to other Thursday Thirteens!

1. scooper 2. Gattina 3. L^2

(leave your link in comments, I'll add you here!)

Get the Thursday Thirteen code here!

The purpose of the meme is to get to know everyone who participates a little bit better every Thursday. Visiting fellow Thirteeners is encouraged! If you participate, leave the link to your Thirteen in others comments. It's easy, and fun! Be sure to update your Thirteen with links that are left for you, as well! I will link to everyone who participates and leaves a link to their 13 things. Trackbacks, pings, comment links accepted!


Read more...
Narrated by Joy Renee at 5:08 AM , 3 tell me a story
Labels: , , ,

Wednesday, May 02, 2007

Still Playing Whack-A-Mole

With the malware that is. Here it is Wednesday night and we are still working at weeding at the threats and every time we think we've finally found the last baddie and their burrow entrance, another head pops up. Or tries to and triggers the protection software my husband installed.

I started to work on this post on the laptop after having spent several hours surfing and encountering no hint of trouble. But I was on my Blogger manage posts page when an alert popped up from AVG that a threat was detected and the page switched back to the dashboard without warning. Imagine if I had been writing the post already. So I've switched back over to the PC and started a spyware scan on the laptop which is going to keep it busy for over two hours.

I hate this clunky keyboard so I don't want to ramble on right now and anyone who has been following this story with me since Saturday is probably as bored by it as I am. So I'm off to continue working on backing up my AOL email on the PC while the laptop is busy with the scan.

If you came looking for my Thursday Thirteen edition, please come back later. I will do my best to have one up by noon on Thursday Pacific Coast Time. In fact, in case I won't be able to use the laptop, I should really try to get it posted before I loose access to the PC at 5AM. I hope not to have to do it on the PC though as all the info for TT is on the laptop. I would have to chase down the code again and come up with an idea that won't take much thought or research as all my notes and bookmarks are on the laptop.

I will see how things stand after the reboot following the scan. Many though not all of the problems have been traced back to IE browser add-ons, so one option would be to use the Firefox browser instead of IE on the laptop. Or I could use Livewriter to write the post and Firefox to to visit TT hub where there are plenty of participant links to make up for not having my TTer Fav file.

There, it feels better to have a plan. Now, time to get busy.

Read more...
Narrated by Joy Renee at 11:44 PM , 0 tell me a story
Labels: , , ,

Monday, April 30, 2007

Malware Woes

Every time we thought we had rooted out all the rooted em all out, they would pop up their ugly faces again. My husband and I have been beating our heads against the screen and keyboard since about 3am Saturday morning. Good news is that I am typing this on the laptop. I got back on the desktop after the latest scan and reboot a little over an hour ago. I spent half an hour test driving the IE browser, doing as many of the things that seemed to trigger problems before as I could think of and so far no hint of trouble. I think I may have stymied whatever it was.

Some things I've learned about spyware and adware:

  • They can hide form the scans that know about them.
  • They can block attempts to remove them.
  • They can put themselves back again after they were removed.
  • They hide in folders that are necesary to run the computer.
  • They spread pieces of themselves around so that rooting out one instance of them doesn't solve the problem.
  • They can turn the firewall off.

The nastiest and sneakiest of the ones we were dealing with was UCMore Search Accelerator. That was the one that started the blizzard of popups and popunders Saturday morning shortly after an unwanted popup redirected to a download and downloaded and installed it without allowing any interference from my input. Even forcing a reboot before it finished downloading did not stop it. It resumed as soon as I logged back on to my desktop. I noticed that logging onto the desktop was frequently hanging or taking much longer than it used to.

So this evening when the popups resumed again immediately after a reboot following a scan, for the umpteenth time, I headed to the Startup folder in Documents and Settings and that is where I found it. I deleted it and rebooted. Then before calling up the browser I checked that folder and it was gone. Then I went to Internet options to check the firewall was on. It was. Then I went to set popup tolerance to zero and take a couple of the apparently offending pages off the trusted list. Google pages had seemed to be some of the worst offenders and my husband and I had a fierce um debate over whether Gmail or Google search page or the Google toolbar had been in anyway knowingly responsible.

I stuck up for Google and would not back down. I have been using everything Google for the entire ninteen months I've owned the laptop and never had any issues with it until yesterday when I put my Gmail page on the trusted list for popups so that I could click links inside emails. That was when the problems started up again after my husband and I had test drove the browser for half an hour with no surprises and thought we had licked it. I maintained that it was one of the malware which had not been eliminated and had used the permission for a popup to piggyback. Or possibly one of the advertisers snuck something in, which wouldn't necessarily b

There were about dozen other programs comprising 37 instances of alarm for the AVG scan plus over 400 Tracking cookies.

The weekend before this past one when my power cord gave up the ghost was a wake-up call to me regarding backing up my laptop files. A wake-up call which I did not respond to before this weekend's fiasco really ratcheted up the alarm. I really really really need to address this issue. I have been searching my heart and head for why I keep putting it off. I don't really have to search that far. It has to do with not wanting to save what I deem as a mess. That was the major reason I had not been saving that post draft regularly during the six or eight hours I was working on it Saturday.

Another issue I have with backing up my Document files is that I don't have a floppy drive, which I was used to with previous computers. Instead I have a flash drive port and a writable CD drive. But flash drives cost so much. And I'm not sure how much blank CDs will hold and I hate that they are not rewritable like floppies used to be so I can't save changes to the files I burn onto them. And they also seem so fragile. They break easily if mishandled. They scratch easily and I've also heard that sunlight can compromise them. Though I am not sure how dependable my source was for that last issue.

Anyway, if this latest scare doesn't override my resistance to backing up regardless of how messy my files are... Really, I need to take this seriously. It is about respect for my work. If this malware war had ended in crashing the hard drive instead of just the browser, I could be moaning now about the loss of a couple hundred thousand words of text, who knows how many megabytes in photos and graphics, hundreds of HTML pages created by me, and pages saved off the web that are indispensible to my research. Not to mention my browser favorites which sometime hold the only 'note' I take of something relevant to a research project..

Read more...
Narrated by Joy Renee at 11:29 PM , 0 tell me a story
Labels: , , , ,
Subscribe to: Posts (Atom)

Blog Directories

Saysher.com

Sitemeter

Feed Buttons

Powered By Blogger

About This Blog

Web Wonders

West of Mars
Book Drum
Vanilla Joy

Once Upon a Time

alt

alt

alt

alt

70 Days of Sweat

Yes, master.

Epic Kindle Giveaway Jan 11-13 2012

I Melted the Internet

  © Blogger templates The Professional Template by Ourblogtemplates.com 2008

Back to TOP