Skip to main content.
Sunday, February 26th, 2006

Malware/Virus Removal

It’s been a long time since I really went all out to clean up a Windows machine to remove malware and viruses. I forget my first virus (I’ve been downloading free software since 1983), but I remember my first spyware well – it was early 2001 when I noticed a new entry in my HKLM\​Software\​Microsoft\​Windows\​CurrentVersion\​Run, which turned out to be TimeSink. While researching how to get it cleaned out (which I finally did) I stumbled across the whole spyware problem. Shortly thereafter I encountered a similar problem with WebHancer, and fired off an email to my network administrator, who responded that he didn’t think it was a problem worth dealing with, because the outgoing traffic would be stopped at our firewalls. A little more than two years later, the same net admin wrote me to ask my opinion on spyware removal tools. In the interim I had discovered various applications on several machines in my office and had gotten some practice at removal, and would get more, until it got to the point that if I couldn’t clean up a machine in an hour I boxed it up and sent it back to corporate for an OS reinstall. My boss couldn’t condone the lost billable time I was spending – any IT functions I perform around the office are purely for our convenience – I’m supposed to be just an engineer.

But last week my wife complained that her favorite online game, Planet 8 Ball at, was running very slowly, and finally on Friday it quit running at all. Now, I haven’t been too pleased with my wife and her friends downloading and installing both offline games and online ones that require installing ActiveX objects – they are big potential sources of both spyware and viruses, but I figured that I had everything set up on my home machine pretty well to keep it clean. I just can’t train them to install stuff where I want it to go – there’s enough stuff in C:\Program Files and I would prefer to see games installed in their own directory – C:\Games. I’m lucky when these installers don’t place themselves in the root directory, which I like to keep very clean. However, I am pleased to see my wife doing stuff online – I figure it makes her more tolerant of the time I spend online myself. Every now and again I run Spybot and AdAware; I use AVG Free for antivirus with realtime protection and daily full scans (a little annoying in that the free version can not be set to ignore my archive of potentially useful trojans!); and I routinely check my HKLM\​Software\​Microsoft\​Windows\​CurrentVersion\​Run key either through MSConfig or RegEdit. This is all out of habit – when I sit down at the computer I usually reboot into Fedora Core 4, and I’m starting to regard the Windows partition as a necessary kludge that I only maintain for my family.

So Friday I was tasked with getting her game running again, and I’ve spent every free moment this weekend trying to achieve that goal. I’m almost ready to concede defeat. I’ve pulled out virtually every trick in my arsenal – multiple scans with the aforementioned tools, plus Hijack This and Startup List from Merijn, CWShredder, and even RootKitRevealer. My hosts file is clean, and I’ve checked my traffic flows with Ethereal and been shocked – I mean blown away – with the traffic I saw even after Internet Explorer had been closed – and that was after I had cleaned the system! I looked up the ip addresses my machine was talking to at DNSStuff and used registration records to identify which applications were to blame. I removed multiple toolbars, browser help objects and ActiveX objects. And through all this, somehow I got something new in my CurrentVersion\Run key!

Of course, it might not be malware that’s stopping the game from playing, and it’s possible that my anti-malware defenses are the cause, but I have to clean the system first. Besides, it ran fine before. I’ve tried reinstalling Shockwave and I’m considering doing the same with Java.

Now, one of the things I found, or at least found traces of, is VX2 – a notoriously difficult infection to remove. Considering that I keep finding stuff after cleaning, this might be my problem. Hmmm – just found a VX2 plugin for AdAware – I didn’t realize that there were addons that I needed. I’ve also noticed that I have five svchost processes running, which is suspicious to me. I’ll have to check those out as per the Microsoft guidance. I downloaded and installed the augmented IE Add-On Manager, which is actually very nice – I could use something this clear for Mozilla.

*Sigh* All this work, and I’m not even sure that it’s malware that’s keeping the game from running. It just seems to be the most likely cause, though.

Posted by Greg as Family & Friends, OS, Software at 22:52 PST

Comments Off on Malware/Virus Removal

Monday, February 20th, 2006

Milestone of Aging

Yesterday I passed a significant milestone in the aging process. After a couple of months of finding it increasingly difficult to read the directions on cold medicine boxes and other fine print, I took a moment to pause at a stand at the Walmart and selected a pair of $7.84 reading glasses. I got the full size ones so I don’t have to crane my neck backwards to see my computer screen. I had first tried several of the lower power versions but ended up with +1.50 correction.

This morning I’ve been trying to adjust to using them. Everything looks strange, but it is in focus, unless I look up as someone comes into my office. I definitely notice a warping effect at the edges of my vision, especially when I move my head. Plus, I had to push around the support pieces to keep the glasses from riding too high on my face and to conform to my misshapen nose that I broke playing scratch football in the Army. I think going to an optometrist and getting properly tested and fitted would be a good idea.

Posted by Greg as Posts About Me at 11:20 PST

Comments Off on Milestone of Aging

Friday, February 17th, 2006

Decision to Push Saint Victor’s Day

Last year I heard about Talk Like a Pirate Day from reading Wil Wheaton’s Blog; unfortunately, just a little too late to join in the celebration. I did, however, find the Talk Like A Pirate website. I just went back there to get the date so I could mark up my calendar – I don’t want to miss this year – and was reading the story of how the holiday started. I noted that TLAPD had a Wikipedia entry, and that it was categorized as a Geek Holiday.

This got my brain churning, going back to my high school days. A bunch of my geeky friends and I met regularly and we called ourselves “the Scanners” – a tribute to the 1981 cult classic. We were all huge Monty Python fans. Most of us had the entire script to Monty Python and the Holy Grail memorized, and at any moment one of us would quote a line from the movie and the others would immediately chime in, picking up the entire scene. Misquotes would lead to arguments, and debates about fine points were often settled by frame-by-frame analysis of the movie. Not surprisingly, none of us are now Senators, Members of Congress, or Titans of Industry.

Of course we listened to the Contractual Obligation album, and we loved the skit on the Martyrdom of St. Victor:

And it came to pass that Saint Victor was taken from this place to another place, where he was lain upon pillows of silk and made himself to rest himself amongst sheets of muslin and velvet. And there stroked was he by maidens of the Orient. For sixteen days and nights stroked they him, yea verily and caressed him. His hair, ruffled they. And their fingers rubbethed they in oil of olives, and runneth them across all parts of his body for as much as to soothe him. And the soles of his feet licked they. And the upper parts of his thigh did they anoint with the balm of forbidden trees. And with the teeth of their mouths, nibbleth they the pointed bits at the top of his ears. Yea verily, and did their tongues thereof make themselves acquainted with his most secret places. For fifteen days and nights did Victor withstand these maidens, but on the sixteenth day he cried out, saying: “This…is fantastic! Oh…this is terrific!” And the Lord did hear the cry of Victor, and verily came He down and slew the maidens, and caused their cottonwool buds to blow away, and their Kleenex to be laid waste utterly. And Victor, in his anguish, cried out that the Lord was a rotten bastard. So the Lord sent an angel to comfort Victor for the weekend. And entered they together the jacuzzi. Here endeth the lesson.

So we decided that Saint Victor’s Day was worthy of celebration. One of us looked up a calendar of saints and determined when there was an official Saint Victor’s Day, and when it rolled around we celebrated it and gave honor to Victor and his maidens of the Orient. There was even cake – an ice cream cake, which was emblazoned with the legend “Happy St. Victor’s Day”, much to the puzzlement of some worker at the local Carvel’s. This, I think, was in 1981.

Considering TLAPD’s humble origins, I’m thinking that the same thing could be done with St. Victor’s Day. I doubt I could get Dave Barry’s endorsement, but an entry in Wikipedia just might be enough to get things started. We were all pretty much geeks, and a holiday based on a Monty Python skit ought to meet the standard of Geek Holiday. The trouble is, when I consulted a calendar of saints myself, I found 15 Victors, eight of them with days, and I can’t remember which was the True and Original St. Victor’s Day that we celebrated. Unfortunately, our catholic calendar expert has since passed away, so I’m going to have to put a call out to all the old Scanners and see if we can reconstruct the first celebration: the date, where it was held, who was present, who missed it, and what we actually did. Hopefully, none of them will run of to Wikipedia to enact my idea.

Update: Here it is – the Wikipedia Saint Victor’s Day!

Posted by Greg as Family & Friends, Posts About Me at 06:37 PST


Sunday, February 5th, 2006

TaxAct User Review and Ethereal Report

Earlier I tauted the TaxAct Standard version as free (as in beer) software for computing and e-filing federal tax returns, even if you didn’t qualify for free filing with IRS e-file partners. I discussed my security concerns, the software EULA and website privacy policy, and my assessment was that the software was free because it was nagware, and it seemed to be secure and without spyware.

Now that I’ve completed and electronically filed my taxes, I can say that the TaxAct software was relatively easy to use. There are definitely some features missing that might be in the pay version, but none that I absolutely had to have. I was able to complete everything over several sessions – I was even able to transfer the incomplete datafile from one computer to another – and I not only have a printed copy of my return, I can reopen the software for review and editing. I guess that would be helpful if the IRS found an error in your return or if you had to file an amended return.

The nagware part was omnipresent but not a hindrance. I just clicked past all the prompts that offered the benefits of the pay version, and learned to ignore the tax adviser links; all tax help (not software help) required the pay version, but you were always able to summon the IRS instructions for form lines. The navigation was a little tricky. The whole thing is structured in a question and answer format, so when I wanted to look up what I had entered for a particular line on a particular form, I sometimes had to hunt around. The sitemap function was pretty helpful for this, but I often had to browse through several question pages to get to a point where I was able to view the form. There is no free state version – that’s their last hook to get you to cough up some money – but I used CalFile to file my California state tax return for free.

There are built in review functions that are supposed to spot potential errors – I wasn’t able to evaluate this, because I didn’t go through the review until my forms where complete, and from what I could tell, I didn’t make any mistakes. There aren’t any audit warnings, unless I was really good – which I somehow doubt. Maybe only the industry versions have those – I once watched the H & R Block software in action and saw a lot of tips and warnings, but that software was for use in their instant-expert training method, and was probably meant to make sure a low-level peon knew to call over a supervisor when he was supposed to.

I was running Ethereal when I clicked the submit button. All traffic went through one ip address through a secure protocol, which resolved to by reverse dns, so I believe the site privacy policy applied to your actual tax forms as well, not just registration information. Still, I suspect that the filing information is more vulnerable to subpoena and strong-arm tactics by law enforcement under the Patriot Act than if it had been sent directly to the IRS, but the IRS doesn’t allow this.

To summarize – this software satisfied all my requirements – free to use, free to file, usable, and secure. I highly recommend it.

Posted by Greg as Society, Software at 22:28 PST

Comments Off on TaxAct User Review and Ethereal Report

Friday, February 3rd, 2006

Picked Up a Book

Since I got into this website stuff and the baby came, I haven’t been reading much, not like the novel-a-week I used to go through. But a couple of days ago I realized that I don’t actually have to watch that tape of Barney with him, especially for the second and third time, and I picked up a book to keep my mind occupied.

For some reason there are some great books out there, classics that I know about and have been meaning to read, but I just haven’t gotten around to it. On this occasion I was able to address one of these omissions – I picked up a copy of Neuromancer by William Gibson, the novel that defined the cyberpunk genre.

Sometimes, when you read a ground-breaking book a long time after it came out (in this case, twenty-five years later), you end up being disappointed. The style has been copied and used in other books that you’ve read in the meantime, and often expanded upon and improved. The most extreme example that I’ve encountered of this was picking up Dostoevsky’s Crime and Punishment, expecting to read a great detective novel. There was no such disappointment in Neuromancer. It’s still fresh – prophetic, dystopian and relevant. Twenty-five years is an eternity in science fiction, and we are still tramping directly down the path envisioned by Gibson.

Posted by Greg as Posts About Me, Society at 08:24 PST

Comments Off on Picked Up a Book