Monday, October 18, 2010

Thankfully, It Wasn't That Bad

After a full day with no reappearance, it appears our war with the Security Tool was short-lived.  Mrs. Graybeard discovered you can kill the process while its starting by quickly applying a three-fingered salute as soon as XP showed her desktop, and getting task manager. 

We had been using some of the geek-friendly web sites and found some places to look for trash - sure enough, we found some trash to delete.  The actual executable was called 23397.exe.  I'm pretty sure at every infection it gives itself a random number.  There was a .lnk file we deleted, too.  Then we ran  SuperAntiSpyware, which found four other files hidden in out of the way directories in the "%UserProfile%\Application Data" tree and "%UserProfile%\Start Menu\Programs\Security Tool.lnk".  Once that handful of files was deleted, it was fine and has been so since around 2200 last night. 
This is displayed with the "always on top" property.  It spoofs your desktop, and cripples programs.  If  you try to run a virus scan or update, it blocks the net access so that it only looks like it's working.

8 comments:

  1. Real geeks run Gentoo (or even better, Slackware) =)

    Glad you got it fixed!

    ReplyDelete
  2. Yeah. I have a recent Ubuntu CD around here somewhere, and I've been considering going down that road for longer than I care to think about.

    Unfortunately, I have questions that are not exactly common about what will work. It's getting to be time to take a weekend and try it.

    Event Horizon - any links to info on what Gentoo or Slackware will buy me vs. Ubuntu (which seems to get the most buzz as the easy move).

    ReplyDelete
  3. That was pretty much a joke - unless you just enjoy frustration and that occasional feeling of helplessness, Ubuntu (or Kubuntu) is probably the best way to start out.

    Gentoo and Slackware are both source-based, meaning you download source code and compile it locally - even the Linux kernel - instead of simply 'installing' the program in the Windows sense of it. This has its advantages in that it allows you tailor the compile options to your specific system and your needs. This creates a system that (in my experience) is more stable and maybe a tiny bit faster (subjective, of course). The drawbacks are much longer installs (since you have to actually compile the programs), and quite a bit more 'management overhead' - especially during the initial installation of the OS. I've compared it in the past to building a car in your garage starting from a box of parts and a set of tires. You only have to put in the necessary parts and whatever else you may want, and not the stuff you don't. And by the time you finish you're intimately familiar with how your car works. Not for the faint of heart, but it has its rewards. I guess you could call them the Do-It-Yourself Linux distros.

    In all honesty, Ubuntu will probably do just about everything the average user could want. But being an engineer I always have to take stuff apart (know what I mean?) and running a source-based distro is kinda like that.

    ReplyDelete
  4. "...unless you just enjoy frustration and that occasional feeling of helplessness,..."

    Two words: OS/2 Warp. Had all sorts of frustration and helplessness with that.

    I run a variety of kind of unusual programs for my home CNC stuff, but not the actual machine tool controller software. I like the software I'm using and spent a lot of time/money getting where I am, so I'm concerned they won't play nice under Windoze emulation. Like I say, it seems the only way to know for sure is to try.

    ReplyDelete
  5. Ah, OS/2... and a stroll down memory lane. I fought with OS/2 2.1 (w/ Windows built-in - yeah right) for a while way back in the 90's before I finally decided to give up on it. I liked the concept and some of the ways that they did things, and I really wanted to try Warp (3.0) but I just couldn't bring myself to waste any more time/money buying OS/2. Besides, after Windows 95 came out I noted that it behaved a lot like OS/2 anyway - Microsoft 'innovation', go figure.

    Incidentally, I use a Sherline model 2000 8-direction mill w/ the CNC package (stepper motors w/ driver hardware in a computer box) at work from time to time. At the time we purchased the system (about 7 years ago) Sherline provided a software package based on EMC2 (http://linuxcnc.org/) running on a tweaked Debian Linux system.

    One of these days Microsoft will p**s me off to the point that I abandon them completely, but as of now I'm like you and use to many specialized applications under Windows (development IDEs, microprocessor/PLD programmers and emulators) that don't play well with emulation or in VM's. Linux is still a toy, or maybe a 'vacation' from Windows, for me still and only sees action on my personal systems. Going back to the car analogy, its not the one I drive to work but my weekend hotrod.

    ReplyDelete
  6. I have a copy of EMC around here. I'm running Mach3, and paid the registration for it, so I feel committed to it. That PC is a controller, with almost nothing on it except for Mach and enough OS junk to go get updates from the publisher. I would leave that machine on XP.

    The 3D-CAD and CAM software I'm running on this PC are the stuff I'm concerned about working properly in a Windows emulator. I have a lot tied up in it, so it needs to work. The rest of the stuff I use most often (Firefox, Thunderbird, Word...) are trivial.

    ReplyDelete
  7. Nix on Ubuntu, SG.

    I've tried it, and as an engineer myself, trying to get software built and do other non-casual user things with it, it's missing several important "little" things that just work with other distros.

    What put me over the edge with Canonical was their arrogant "wont fix" response to a user complaining that the default shell in Ubuntu is dash, which broke many of that user's ancient bash install scripts. While I agree it's important to have POSIX compliant software, not *helping* a user with something like, "here's how to change your profile to use bash instead".

    I have successfully built systems for family members that run Ubuntu, and for casual users, it's fine.

    But if you want to do something more...serious, my vote is for Fedora! Wonderful distro, with most all of the tools you'd want for development, and their install from LiveCD option works very well (tho' it didn't back in the day).

    Good Luck!

    ReplyDelete