Trifster's Flickr Feed

Created with Admarket's flickrSLiDR.

Thursday, October 13, 2005

Spyware-Aurora/ABI/Nail and others removal

This post is not complete, but cannot delay due to the threat that exist

Hello. In this long overdue posting, its time to write a step by step approach to virus/spyware removal for the masses.

To begin, first some explanation. Let's define spyware (source):
Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today. Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability. Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers. Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
Now that that is settled, lets get into the nitty gritty. Visit here for the top spyware infections as listed by computer associates.

One of the latest threats is a spyware that is known as Aurora. This pop-up producing spyware behaves very much like a virus. It is very hard to remove as it invades Windows(r) Safe Mode as well as normal boot. Suprisingly, through careful test (use friends comps as guiena pigs), the fools responsible for the Aurora make a removal tool that is actually your easiest way out of their mess. I know the sketchy are leery, but post scans with the right tools show little ills.

So lets get started with our removal. I think a procedural approach is the best. So to outline the overall process, we will detect, quarintine/eradicate, re-detect, analye the unique, then be gone of the pests. Forward note, if your IE is so messed up you cannot get to the links above and below, print this

1. We need tools to do this. While manual deletion and registry editing may be needed, its more wise to let the professional tools do their job. We sometimes have to help them along with that task. The first is an updated and functioning antivirus solution. I highly recommend Symantec Antivrus products. However, whatever AV product you have, its worthless if not updated. Take the time to update the software and spend the few bucks for the virus updates; its chump change well spend.

Now with that AV all updated. Do a FULL SYSTEM scan of your comptuer. Virii and Adware/Spyware will be detected. Delete and/or Quarintine if possible. May take multiple scans. If the same ones get detected, don't fret, we will get to them. For now, lets move on to spyware

2. Again, tools tools tools. There are some great anti-spyware tools out there but no single one is the end all solution. Spybot, Webroot and MS Antispyware are my favorites. Get Microsoft AntiSpyware here. Do install, update, and run scan.

After the scan completes, you may have a list of threats that need to be addressed. I suggest going down the entire list and chooseing remove for all the threats. Continue with the removal of all threats. Now please run another scan and note any repeat offenders.

3. At this point we have a list of persistant threats from your AV and AS programs. Now we need to reboot into safemode to try better to rid ourselves of those problems. So reboot your comptuer. Before you get the Windows "splash"/logo screen during boot. Press F8 to get the boot menu. From there choose "Safe Mode" only. That means NOT safe mode with netowork or other options.

Yes your way into the diagnostic safe mode and choose Owner or Administrator if prompted with a login screen. Once in open your AntiVirus program and do a full system scan. Delete threats found and if you cannot delete the threats use quarintine on them.

Repeat with your Antispyware program. Also remove all threats where possible.

Do both again. Check to see whose left on your repeat offender list.

4. Now we need to address the repeat offenders. Visit the removal tool list for more help on your left over threats. For AS threats, google them for removal help. Many message boards have specific removal instructions. I will detail the one that was very hard for me the Aurora/ABInetwork/DirectRevenue spyware.

Reboot so we are in windows normal mode.

SurfSideKick Removal
Aurora/ABI/Nail.exe Removal

5. Please post comments with your spyware names and links to removal resources!

Tuesday, August 09, 2005

More Spyware

I know I have covered Spyware in the past here in my blog, but an "old favorite" in the spyware category has been found to have even more sinister actions. The spyware known as "CoolWebSearch" has been known to take over your Internet Explorer and be a real pest.

Recently, from THIS article, researchers in the anti-Spyware field have uncovered a clever key stroke logger hidden deep inside "CoolWebSearch". Read that article and get a good spyware removal tool.

Monday, July 18, 2005

The Random Note...

Wow. So it has been a very long time since I have posted. Our other blog has been the focus of our attention with the birth of my son. Below is the random thing that happend this morning...

So a kinda funny thing happened this morning...
I got to the van this morning to ride the vanpool into work and found the attached note in the door handle. So I have been out for 2 weeks but speculation has run rampet as to who the attended target of the note its. There are 4 guys and 3 girls in the vanpool. 3 of us are married and one is virtually married. The assumption is that the person is female and likes one of the men.

Thursday, May 12, 2005

How Xerox sucks...

So this post is 3 weeks in the making. More!! 4-Weeks now. We have a Xerox Workcentre M24 Color Copier that Prints and Scans. It's a $13,000 workgroup all-in-one. $13-freakin thousand dollars.

The copier has worked very well for its first 87,000 print/copy outs. That is basically max designed usage for this unit. We are getting our money's worth. Now we also pay about $300 month maintenance on this machine and it includes some important consumables. What Xerox calls a drum is needed to press the toner on the paper. There are 4 drums total, one for each color. So they provide the Drums, Waste toner container, fuser unit, etc.. We pay for paper, toner and staples.

So It started not processing print jobs and no matter what changes we made on our network and print servers it would not work. We called Xerox in only to be told over and over and over that it must be something on our network. So lets get into the details...

We started with standard service calls to Xerox and they dispatched Adrien the area support person. Nice guy but culprit number one on blaming our network. Despite 2 calls to level 2 networking support in which they agreed with me they did nothing to fix the issue. It was commented they probably just told me that to get me off the phone. After putzing around with an unsuccessful software upgrade they replaced the ESS board. Basically this is a motherboard for a copier. It has the RAM, CPU, NIC port and add-in card for security and MAC address. We learned that the MAC address of the copier is not on the motherboard where the NIC port is but rather on the security card (so you can't copy money). Prior to board change, our network guys found about 16,000 traffic errors coming out of the machine. After there were no errors but still no printing. After 3 visits from Adrien, who's hands are completely tied by Xerox bureaucracy, the idiots up in Rochester (His IT engineers at Xerox HQ) called in an Network Analyst.

Kyp, as he goes by in the working world, was a very thorough diagnostician. We removed the copier from our network and replicated the problem on his laptop to copier via portable switch. He still had issues printing. He was here late on a Friday and after changing a time-out setting and setting IP from DHCP to static the machine printed. Only it printed a little. The change may have let a few jobs come through but it didn't last. Monday morning the copier was exhibiting the same behaviors of not printing.

After giving him a call he dispatched Adrien to replace the HD in the unit. It comes with a 10GB Toshiba laptop HD. Nice as it handles the large print job spooling very well as well as PDF scan-to-email. Fixed, It was like night and day. Instantly the copier started performing much much better. Spooling upwards of 20 jobs from the print server and processing them properly.

Sadly, this all took over 3 weeks to resolve and shows extremely poor support from Xerox. They did not take ownership of the problem and did not accept responsibility for getting the unit back up in a timely manner. This should have been fixed within 3 days, not 3+ weeks. Their process is completely asinine. They rather send a $200/hr tech to fuck around with it for weeks than send a $100 HD, $100 motherboard to try and resolve the issue. I would still recommend our copier but when dealing with Xerox support, tell them what to do b/c they do not have a clue.

Monday, April 25, 2005

The view from my hotel room in the French Quater of New Orleans, LA. Posted by Hello

Wednesday, April 20, 2005

Upgrade of the WiFi

So after about a year of delay I have begun to upgrade my home wireless network from 802.11b to 802.11g. Basically I am going from 10mbps to 54 mbps in speed or an increas of about 5x. This is a major need not only b/c our cable modem has increased speed but also because the file traffic from servers and to/from laptops has incresed. Here is a breakdown of the hardware.

Wireless Router:
D-Link Wireless Cable/DSL Router 4-Port Switch - 802.11G - 54Mbps - DI-524
$19.99 after mail in rebate

Wireless Adapter Michelle's Notebook:
AT&T 6700G Wireless 802.11g PDMCIA WIFI Card

Wireless Adapter Bobby's Notebook:
INTEL ProSet Wireless 2200 MINI PCI 802.11b/g (internal wifi card)

Total network upgrade cost:

Tuesday, April 05, 2005

Motorola T721 GSM Cell phone for sale...

Check out my auction for an Motorola T721 AT&T Wireless cell phone. You can pay $15 on the 'net to have it unlocked to work with any carrier that uses a GSM network.

Friday, March 25, 2005

Car Troubles...

So yesterday started off great, I woke up to 12" of snow on the ground and what amounts to a 3 hour delay. On the way down the mountain, I noticed after about 2 minutes of driving, an engine temperature of 190 degrees (normal engine temp) but no heat from the inside blowers. Well, about half way down Camelback road I stopped at the Village store with an engine temp of 240 degrees. I checked to find a low coolant resivoir. No sooner than that did the dashboard "light up like a christmas tree." The dash beeped with 2 warning lights. Good design VW. A red Water Temp light blinked and the yellow check-engine light came on and stayed. Now this car's temp stays at 190 like clockwork. Never has deviated from that reading the entire time owning the car. I know when it was high something serious was going on. I put some water in the coolant resivoir hoping it was just low but wasn't expecting much with all the sensor wizardry going on my dash. I would like to have those go on at about 210 - 230 degrees only because I think the car could give a little sooner warning. Also for a car with a washer fluid level light should have a (better) engine coolant level light.

After a little more driving, about 2 miles I pulled into my friend Dave's gas station, the Road Runner Sunaco. A call to AAA and 1:15h later I was on a flatbed to Halterman's VW in East Stroudsburg. This was the begining of the unpleasant portion of my experience. I already do not like their service center b/c I think they are overpriced in terms of hourly rate. However I think that is concistant at all VW's. They have an $85/hr labor rate. Compared to my Nissan, that's $20/hr. higher. They had 6 cars in front of me upon my arrival. Now I have no problem with them working on cars of other customers that are waiting. However, for cars dropped off I certainly expect to be bumped in front of them. Espically since I was a tow in emergency service they should have giving me a high priority. If you goto a hospital (excluding the shitty PMC) they don't put the heat attack behind the 6 paper-cuts who where there sooner. The more severe situations get helped sooner.

So thats bitch #1 with Haltermans VW in East Stroudsburg. My other bitch is they have only, only 2 VW mechanics working with a lot FULL of cars. Now, for those of you who have not been there, their service center is huge and georgous. A dual, High bay auto-garage door checkin lanes where you talk to a car-service rep/case worker. Here is an abobination of business efficency. They have 4 people on stools near wall mounted comptuers litteraly glorified secretaries sitting on their ass all day doing jack shit. That is in addition to a "garage foremen" who also sits on his ass at a much larger bar like desk. Those 5 people watched 4 (2 VW 2 Toyota) mechanics. WTF, no wonder their labor rates are sky high. That doesn't even begin to include the parts receptionist, parts "getter" and cashier. This isn't fucking wawa people. There wasn't a line to pay them. Why this gross excess of manpower. Who runs this place, do they have a college degree!

So back to my service. They said they probably couldn't get to it today and after a little talking with the "case worker" then the "garage forman" we agreed to revisit those chances in an hour. Working on the story I was stuck there I was hoping my physical presence would push them to get me infront of someone. Also I had nowhere to go. My wife's at home 10 months preggers and due 2 days prior. I had my laptop b/c I was on my way to work with some DVD's. So I watched iRobot. I was probably going to do that at home anyway so doing it there was no skin off my back.

After the movie, I went to hunt down some answers on the car. They were pretty stubborn not moving me in front of anyone, even people who dropped off their car. Now as a customer who often drops-off my car. I kind of expect my car to be worked on after in-store customers b/c thats the reason for dropping it off. So they can work on it at their convenience. But not this joint. So I had an idea, I called Young VW in Easton to see if they could look at it. Good news, it was their late night and would probably get to it. Now with that secure it was time to see if AAA would tow it down there. I was close but since I was at a shop, they didn't consider it within the scope of their towing services. Now if Halterman's was unable to do the repairs they would have towed it. Now I don't have a problem with AAA's answer. I did try and work them, 1. both tows within 100 miles 2. haltermans couldn't fix it today, Young could, 3. Wife's 10-months preggers but that was a stretch.

Now if it didn't cost so much to tow or it wasn't an overheat condition where its engine critical, I would have gone down there but Haltermans had me by the balls. So I left it and got a ride home from my sister who was done work mid afternoon. So for now on, I think I will go right to Young VW in Easton. They need to be more compeditive with a few VW's in the area unlike the Halterman's in East Stroudsburg who is "the only game in town."

Oh and the car, well they DID end up looking at it that day after all that shit. Broken water pump, under warrenty. Will be ready today at 16:30.

Wednesday, March 23, 2005

Snow Rant...


Fuck You weathermen!! Every last one of you. I love how 2-3" of wet snow has turned into 12" of heavy-wet-road-crippling-car-skidding SNOW! I know the weathermen don't order or create the weather but at least they could semi-predict it somewhere close.

Also to the asshole driving the $50,000 Range Rover Land Rover. Your vehicle can fucking tranverse the worst off-road condiditons of the Austrailian outback. Go faster than 10 MPH in the snow. And turn your flashers off, I can fucking see you.


Monday, March 21, 2005

Some humor...

Ever wonder about store clerks and cashiers not even glancing at your signature when purchasing with Credit Cards. Well a gentleman did and we bring you the Credit Card Prank II.

Sunday, March 20, 2005

So fucking left they are off the earth...

I am talking about CBS News. There is a very good reason the rest of the liberal press and the fair and balanced Foxnews pounced on Dan Rather for "memo-gate". Tonight I watched a piece on 60 Minutes (SUN) about an Albanian buying .50 Barrett Sniper rifles and "smuggling" them to his home country. Mind you he bought them legally and took them to Albania legally, CBS News, 60 Minutes and Ed Bradly placed a fantastic amount of biased liberal spin as this should be some kind of outrage. Lets review the facts, not the spin, of this news article. 1. US Citizen legally buys US weapons. 2. US Citizen legally flew with weapons to home country. 3. US Citizen legally bought .50 cal ammo. I spend a lot of time b/t NBC News (central to liberal) and Foxnews (central to right) and am very satisified with their reporting. This CBS trash just astounded me.

Saturday, March 19, 2005

Digital Music Revolution...

So, almost since their inception I have been fascinated with digital music. It began in early to late 1998 as a frosh at The Pennsylvania State University. The MP3 file format had been release launching the ability to put your CD music on your computer in a compact file size. I was the first to hook up my stereo's aux in to my PC. Coupled with Winamp MP3 music player and a homemade jukebox was born.

It was later in that time frame that a small company called RIO release the first, commercial, MP3 player. Basic in features and memory it was a mild success; the focus of geeks. There were problems, the computer power and space needed to rip cd's to MP3's was high end. The CD burner was new, expensive and a slow 2x. No buffer under-run and a crappy windows 98 OS you needed to kill everything but easy cd creator.

So why the nostalgia? Well, it is time to fast forward to today. The landscape has changed. We are transitioning from peer-to-peer file sharing of music which bypassed buying music from artists and essentially created an illegal stealing service to now several pay for download music services. The debate and cause for the illegal P2P music swaping is old, we will omit that here. Music for sale online, competition among services and the illegal P2P services has reduced the overpriced (argueably) cost of CD's.

Today I make a case against iPod as a music player and iTunes as a service. First, if you are rich, money is not a real concern get an iPod and use iTunes. However if you have any any shred of value for your heard earned money, there are much better choices in terms of digital audio players and music services. I recommend players from Dell, Creative, and iRiver. I also love Wal-mart and online stores such as, and for low prices of these products. For 5GB and lower sized digital music players, i suggest Napster To Go. Check out a good article here.

Saturday, March 12, 2005

Front of the Barefoot Resort card. Posted by Hello

This was Myrtle Beach Summer 2003 and a round at one of the newer tracks, Barefoot Golf Club. The Smiths are fun golfer. Gabe is cool. Posted by Hello

Great Golf Experiences...

So I have a ton of golf score cards and I decided that what better place to share than in my Blog. I will also start with the best course I ever played, Commonwealth National Golf Club. Phenomenal track in Horsham, PA. This round is of great importance to me. I played with my best friends on my wedding day, 28 May 2004. Life does not get any better than that. Scorecard forthcomming.

Yardage Book Front Commonwealth National Golf Club
 Posted by Hello

Yardage Book holes 1 - 9 Commonwealth National Golf Club
 Posted by Hello

Yardage Book holes 10 - 18 Commonwealth National Golf Club
 Posted by Hello

Yardage Book Layout Commonwealth National Golf Club Posted by Hello

Thursday, February 17, 2005

Xbox recall and "I love being right"

Two items of interest this evening. First, Microsoft Corp. is recalling Xbox Power Cords. Check out the recall website here. Second, after being accused of misplacing a Target giftcard I used to purchase a lamp, it was determined the one in my lovely wife's wallet was the card I used as I told her. Howerver it took checking the balance on to reveal that I was right. I love being right. :-)

Monday, February 14, 2005

Spoofing and Phishing...

Some or all of you may have heard of Spoofing or Phishing. It is an attempt by a rogue email and website to get you to send them confidential financial information. Credit card and account numbers, pins, etc. Very personal information. Un-educated (Dumb, maybe) peole fall for the prank. Below is a image of paypal Phish, the email wants me to think I need to do what it says. However the link in the message does not take me to but to this address that is clearly someone in a foreign country trying to steal my shit. Beaware. Bastards.

PayPal Spoofing email... Posted by Hello

Sunday, January 02, 2005

Thanks to ABCNews and Down with Spyware


I know it has been a lengthy bit of time since my last posting. I need to add a calendar reminder to my outlook I think. Anyway, I would first like to thank ABCNews for recognizing "Bloggers" (whatever that means) as their person of the year. It is a major achievement for ABCNews to recognize an internet group with such an honor.

Next I would like to expand on my latest experiences with Spyware. There is a fundamental flaw with peoples perception of safe internet usage and wise decisions. I would like to go over a few problems with the way we "surf the 'net." First we make certain assumptions about what is bad and what is good on the internet. One of the major problems is the assumption that when we are prompted to install a piece of software or need to click yes to approve a dialog box to make a certain web site work, that the software is safe and necessary for the site to work.

It is occasionally true that a web site may need a some software to work properly. Moreso, websites the are offering "FREE" stuff are trying to abuse your trust. Free search toolbars are the number one culprit for being and allowing spyware to enter your computers. Other problem software are free games and other add-ons that are pushed you internet surfers. So what can you do to thwrart these invaders of your computer? There are 3 main tools that you can put on your computer to remove, block and protect against spyware.

First, always have an up-to-date Antivirus program installed and working. This is an active defense to viruses and spyware. I suggest you look at getting one of the following:
Norton Antivirus
Mcafee Antivirus
Trend-Micro Antivirus

Second, install and regularly run a spyware removal tool. There are two really good ones and it is suggested that you update and run both weekly. Here are the links:

Third, and finally STOP!! using Microsoft Internet Explorer. It has a long and poor history with security vulnerabilities that not only can let spyware in but also let hackers take over your whole computer. You can get a really good browser from the folks at the Mozilla foundation, they took over the old Netscape browser code.