Stuff from 19 March, 2005
This is the archive of tumbledry happenings that occurred on 19 March, 2005.
This is the archive of tumbledry happenings that occurred on 19 March, 2005.
Now Mykala said that I was posting this simply to say “look at me, I fixed her computer lalala I am amazing …” However, I am not posting the following log of an actual conversation of an OnStar … shoot wait no it’s not one of those weird commercials … this is a real world example of the badness and goodness of the internet. You see, Mykala’s computer was rather thoroughly infected by some guitar tabbing sites visited through internet explorer. I record the following technical details to help anyone facing a similar situation. First, if you use Internet Explorer, you have to understand that it is so useful for online banking and Outlook Express (what St. Thomas uses) because it is tightly integrated to a core operating system technology called ActiveX (an oversimplification, true). ActiveX, when exploited, gives hackers the ability to install programs on your computer without your consent or knownledge. Answer number (3) on this website will help you safeguard internet explorer from running thing it should not.
3) Go to Internet Options/Security/Internet, press ‘default level’, then OK.
Now press “Custom Level.”
In the ActiveX section, set the first two options (“Download signed and unsigned ActiveX controls) to ‘prompt’, and ‘Initialize and Script ActiveX controls not marked as safe” to ‘disable’.
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It’s no different from doubleclicking an exe file on your hard drive.
Two other blocking solutions iinclude editing your HOSTS file to block content from evil sites (very limited in effectiveness, but blocks many ads), and adding a bunch of sites to your restricted sites list (again a limited bandaid approach, but I would certainly recommend it).
The evil part of the internet is apparent, then. Spyware, adware, and trojans install themselves on our machines without our knowledge. However, unbelievable sites like cybertechhelp.com provide free, nearly instantaneous, personal service. I posted a message asking for help on Mykala’s computer’s infections, and received a reply from a moderator within 5 minutes. The moderator then walked me through the removal process of these really really nasty things (anyone could do it, to reiterate from above, I post this not to brag but to share information about these helpful resources).
ajmicek March 14th, 2005 02:43 AM
VX2 problems, help with L2MFIX
Alright. Usually I have been able to fix this malware/spyware/adware stuff on my own, but these urllogic popups seem to be very persistent, and the removal tools I have tried so far have not quite been successful. I ran hijackthis, and saw these entries:
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
which seem to indicate the presence of VX2, as I have read elsewhere. SO, I ran L2MFIX, option 1, and then 2, but the “cleanup.reg” file that is suppose to appear in the l2mfix folder never appeared. Frankly, I am feeling a little swamped here, and would appreciate any guidance that you all could offer. Here is the hijack this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 7:35:56 PM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\yguuyr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mykala Lind\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_…ount_id=1002245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_…ount_id=1002245
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stthomas.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_…ount_id=1002245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.stthomas.edu/
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM..\Run: [DeadAIM] rundll32.exe “C:\Program Files\AIM\DeadAIM.ocm”,ExportedCheckODLs
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Post-it ® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra ‘Tools’ menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mail.stthomas.edu
O15 - Trusted Zone: *.wellsfargo.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c135.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50212/QDow_AS2.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\jtp6077se.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
‘The 30 least hot follow-ups to the 30 hottest things you can say to a naked woman’ - Nobody but Defective Yeti can make something as inane as a Men’s Health article this unbelievably funny. Best comment: “holy christ dude, that was awesome.”
It occurs to me I haven’t made a real post in somewhere north of one and a half weeks. This saddens me; I like to record life. That said, the more I can write tonight the more life I will feel I have down on this silly site I call my own. This past week was ridiculously intense - I could not even keep up with my email, the first time that has ever happened to me. Professors just kept sending information on review sessions, internships, test date changes, review suggestions, suggested media, lab information, reading assignmented, and more. The deluge was unprecedented. (I almost wrote that as “heretofore unprecedented” but that would have been redundant). Yes, Chem, Bio, and Theo all struck within 2 days. Tests, tests, tests. Then, we suddenly went hardcore statistical in Animal Behavior, analyzing our squirrel foraging lab for four straight hours in Excel. Superfun.
This week is over, though, so to recap on the fun things in the past couple of weeks. Mykala’s birthday gifts came: her “The floor is made of lava” bag from toothpastefordinner.com and her iPod mini. The bag is far sturdier and well made than I would have thought, and the iPod is, of course, very lovely. (Plus, today she got these awesome K2 blades - if you’re in the market I would seriously suggest K2 rollerblades for their softboot alone). Also, I have eaten at three great places in this past month: Punch features authentic Neopolitan style pizza (and is close to us on Cleveland Avenue in St. Paul; they’ve won a bunch of Twin Cities magazine awards), P.F. Changs (we were treated by the Clark family - and a wonderful treat it was; great sophisticated-without-stuffy ambience, wonderful take on Chinese-American food), and Buca di Beppo (family style Italian dining, high energy warm atmosphere, great comfort food). The last we were treated to by the Markoe family in celebration of Ryan’s birthday. I’ve had so much free food thrown at me, it’s been fantastic.
I ran out of ink in a pen for the first time in my life this past week. I always lost the pen or gave it away before running out. Interesting.
I was so preoccupied that when I came late from my Bio test to Theo lecture, I entered the classroom one floor below my actual classroom. The entire wrong class stared at me as I strode confidently (for a half pace) into the lecture. I wanted to sink into the floor.
It blows my mind that having strawberries and cream Oatmeal can bring back such vivid memories of camping over five years ago. All of the sudden I was back in the vestibule of the tent reading by lantern late at night, cooking food at the camp stove, around the campfire with three generations of my family, canoeing into the most beautiful sunset I have ever seen. All right there, in packets of food mixed with water. Perhaps we live on the edge of bliss, but let our lives get in the way.
After eating the oatmeal, I entered my floor bathroom with the bowl to clean it, and somebody was sitting in a stall whistling (quite loudly) the song “Cecelia” by Paul Simon and Art Garfunkel. They continued this action in spite of my presence. Their motivation for this musical action will forever puzzle me.
Frankly, I pity those in the future with their fuel-cell devices and silent-drive everything. They will miss out on a fundamental enjoyment of life: starting an engine. When there is a need for something to happen, a lawn to be mowed, leaves to be blown, or (as was the case tonight) a driveway to be plowed, starting an engine by hand is a most gratifying thing. You take a still, lifeless piece of metal and machinery and give it a purpose. Exhibit A: our trusty Tecumseh snowblower was always a stubborn starter. Then, my Dad figured out we had the wrong model spark plug in there the last 5 years. Now, one knows the thing should start - but it’s never an easy feat to accomplish. I’ve been playing with the perfect combination of engine priming, choke settings, and throttles, and that combination has been difficult to find. I have had to surrender my manlihooderness’es on numerous occasions and either (a) use the electric start via a wall plugin by running an inconvenient extension cord or (b) convincing everyone around me that I truly am a moron and reading the manual.
Tonight was different. Six full engine primes, a gentle push on the spark plug, full choke, and full throttle. Grab the handle, lock it against the flywheel, quick pull. No start, but the faint rumble of a turnover. Once more, grab the handle and, certainly this time, a definite hint it was about to start. One final pull and the thing roared to life. It’s this feeling, of sparking something bigger and more powerful than you, of a putting into motion, that the fuel-cellers of our future generations will lose out on.
Before you die, give this starting a try: but don’t cop out and start a lawn mower - give power to something stubborn, something tough to get going. It’s an experience that will stick with you.
So when Alex wrote, “give power to something stubborn, something tough to get going,” my first thought was, “Does a man count?” Okay, I am going to sleep now.
Haha, men as engines. There’s a post I should look into making. We’re definitely not fuel cells because we don’t start easily or run quietly.
The analogy has potential …
It makes me sad that your potentially longest post ever is robot talk. Beep Beep Bop Bo Dee Dat Deedle… blah blah blah. Robot Schmobot, get a soul.
(Thank you for fixing my computer… again. You can brag about it, it’s cool. I promise to use stupid Firefox that crashes more often than IE and that doesn’t let me view some harmless things on my own PC, but I will not be happy about it.)
Also, I think you should post about my English major/futur career bragging rights. :)