My career in technology

Archive for the ‘General Tech’ Category

Death to Malware: Smart Fortress 2012

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

Sometimes, you can’t help an infection.  You visit a web page, quite innocently, and the page or an advertisement on it has been modified to take advantage of security flaws and suddenly you are fighting some nastyware.

But sometimes you get social engineered into clicking something you know you shouldn’t have clicked, and you mess yourself up.  This is what happened to one acquaintance of mine (who shall remain anonymous because it was her fault, and she feels bad enough already about it). She opened an attachment on an e-mail claiming to be from Federal Express, and her system was infected by Smart Fortress 2012.  Here is how I cleaned the system of Smart Fortress 2012.

(more…)

Death to Malware: Killing Your Funmoods

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

The “Internet Security” fake antivirus I talked about in my previous post was not the only recent run-in with malware.  A couple of weeks ago, Funmoods hijacked my wife’s browsers.

Funmoods was only a minor pain to remove, but there were no concrete directions to remove this mild nastyware, so we kept running into little things it left behind.

Funmoods is a malicious browser add-on that resets your home page and redirects all of your internet searches to Funmoods.com.  Want something that will kill your fun mood?  This hijacker is a good candidate.  It is time to return the favor.

(more…)

Death to Malware: Protecting You From “Internet Security (Designed To Protect)”

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

This one was on my own system!  I was surfing around, looking at some movie reviews and I got a pop-up ad that wasn’t an ad – it was a hijacker.

I got a window that said it was a program called “Internet Security” with the tagline “Designed to Protect”.  It wanted to scan my system.  Of course, I know this scam.  “Internet Security” is not “Microsoft Security Essentials”, it is not a program I have installed on my system.  And I know that if I run the scan it will “find” all sorts of nasties (that I don’t actually have) on my system, and then probably want me to install the full version (for a price), and when I do it will probably install all kinds of trojans and backdoors all while telling me that it has cleaned the nasties off my system.  But that wasn’t the end of the tricks from this particular nasty…

(more…)

Point of View

One of the things that I am proud of in my career and something that I think has been important in making my career successful has been my insistence on understanding what the end-user is experiencing.

In a recent post, I described an incident where a user reported that they were not seeing a link on a particular SharePoint page. My first reaction was, “So what do you see?” This particular issue had been passed around to several technicians, and I didn’t see that anyone before me had asked for a screenshot. By getting a screenshot of what the user was seeing, I understood that the problem wasn’t the link per se (see the blog post for the full story) and put me onto what the actual problem was.

There is a story I used to tell at job interviews, but hasn’t gotten much use of late. I used to use it as an example of my ability to “think outside the box”, but in retrospect, it is more about understanding things from the customers point fo view.
(more…)

“Hacking” the URL

This is primarily for the stats nerds using WordPress, though the general principles can be applied all over the internet, wherever query strings are used. The issue in this case is the default display of only the top 10 referrers from any webserver. I was shown, by a helpful WordPress developer, a trick to see all of the referrers under an aggregation rather than just the top ten, by adding a parameter to the query string on your stats page.
(more…)

Quick Fix: Hashing Out an E-mail Address

When using the symbol “#” (called “hash mark”, “number sign” or “pound symbol”, depending on your locale) in an e-mail address, you can have some undesireable effects when trying to post the address to a web page. What happens in your e-mail client when you click on this link: Your#1Fan@nowhere.com? If you are using Outlook, everything after “Your” is missing in the To: line. (Other clients may have the same problem, I don’t know.) Here is how I resolved the problem.
(more…)

Death to Malware: Win32.Agent.ws

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

A client had a little malware problem on her Windows XP box. The initial symptom was a phony virus scanner window telling her she had a large number of infected files, and that she needed to purchase the full version of the software to clean the system. It was causing her Internet Explorer to hang when launched, and prevented Outlook from displaying graphics in HTML-formatted e-mails.

A malware scan using a legitimate scanner revealed several genuine culprits, including the phony “virus scanner” and a Trojan identified as Win32.Agent.ws, which had an offending file named glddyk.dll located in C:\Documents and Settings\Local Settings\Application Data\Windows Server, along with some entries in the registry. The scanner offered to remove the various unwanted programs, and successfully removed all but Win32. It did manage to delete the associated registry entries, but could not delete the offending dll file.

(more…)

%d bloggers like this: