Just in case you never noticed or were so used to it that you don't remember, this is what the old one looked like:
Can't say I'm a fan of the new one though; seems too generic somehow.
Friday, May 30, 2008
Tuesday, May 27, 2008
Cleaning Out ADVIRS.exe, A Relatively Unknown Virus
At work today, a friend of mine told me that he was unable to start Command Prompt or Task Manager. Any seasoned PC user will immediately recognize these as the symptoms of a possible virus infection. He then admitted that he'd let his brother use his pen drive to copy some stuff off his laptop over the weekend. Bingo!
But now what? We had no idea what virus it was and his updated enterprise edition of McAfee Anti-Virus didn't detect anything ( so much for all that money we pay them! ) and we couldn't run Task Manager to see which suspicious process were running.
Just yesterday, I'd read this article on Slashdot about gaining system privileges in Vista. The comments noted that this was also possible in Windows 2000/XP et al.
I had been planning to try it out and here was a great chance to see if it would work.
Here's the idea: The accessibility utilities, like Magnifier ( C:\WINDOWS\system32\magnify.exe ) and Sticky Keys ( C:\WINDOWS\system32\sethc.exe ) are applications that can be run from the login screen before logging into the computer ( Use Win + U and/or press the Shift key 5 times ). They are started with privileges higher than that of any user, including administrator.
But now what? We had no idea what virus it was and his updated enterprise edition of McAfee Anti-Virus didn't detect anything ( so much for all that money we pay them! ) and we couldn't run Task Manager to see which suspicious process were running.
Just yesterday, I'd read this article on Slashdot about gaining system privileges in Vista. The comments noted that this was also possible in Windows 2000/XP et al.
I had been planning to try it out and here was a great chance to see if it would work.
Here's the idea: The accessibility utilities, like Magnifier ( C:\WINDOWS\system32\magnify.exe ) and Sticky Keys ( C:\WINDOWS\system32\sethc.exe ) are applications that can be run from the login screen before logging into the computer ( Use Win + U and/or press the Shift key 5 times ). They are started with privileges higher than that of any user, including administrator.
Starting them after you login will start them with your user account and they'll get those privileges. You must start them from the login screen.
So if you can replace the EXEs with some other application EXE, it would get invoked with those privileges. And what would be the best candidate for such a replacement? Good old Command Prompt ( C:\WINDOWS\system32\cmd.exe ). Once you do this and invoke Magnifier ( or Sticky Keys ), you'd end up starting Command Prompt with system level access. You can now do stuff that even the administrator accounts would not be able to ( I'm yet to discover what these are but the comments on the aforementioned Slashdot article have me convinced that this is indeed the case )
So, to do this, you should :
1. Make a copy of cmd.exe
2. Rename magnify.exe to magnify.exe.bak ( Always backup! )
3. Rename the copy of cmd.exe to magnify.exe
You'll have to do steps 3 pretty quickly because in about 5 odd seconds, Windows realizes that magnify.exe is missing and replaces it! So you could copy the filename and keep it ready and then quickly paste it. It's up to you. The idea is that rename the copy before the original magically reappears.
Back to the anecdote. Once I did this, I then started Magnifier and lo behold! Command Prompt opened up! We could now run tasklist to get a list of running processes and their PIDs. We were luck, my friend immediately spotted two instances of advirs.exe and when we Google'd it, we knew it was the culprit. We used taskkill to end the two processes and then tried running Task Manager and it worked!
So, to do this, you should :
1. Make a copy of cmd.exe
2. Rename magnify.exe to magnify.exe.bak ( Always backup! )
3. Rename the copy of cmd.exe to magnify.exe
You'll have to do steps 3 pretty quickly because in about 5 odd seconds, Windows realizes that magnify.exe is missing and replaces it! So you could copy the filename and keep it ready and then quickly paste it. It's up to you. The idea is that rename the copy before the original magically reappears.
Back to the anecdote. Once I did this, I then started Magnifier and lo behold! Command Prompt opened up! We could now run tasklist to get a list of running processes and their PIDs. We were luck, my friend immediately spotted two instances of advirs.exe and when we Google'd it, we knew it was the culprit. We used taskkill to end the two processes and then tried running Task Manager and it worked!
Image Name PID Session Name Session# Mem Usage ========================= ====== ================ ======== ============ ADVIRS.exe 3276 Console 0 5,992 K YahooMessenger.exe 4056 Console 0 15,416 K JabberMessenger.exe 3560 Console 0 42,748 K GoogleToolbarNotifier.exe 4028 Console 0 1,060 K ADVIRS.exe 3652 Console 0 5,980 K
We'd redirected the output of tasklist into a text file but when we opened it to see the PID of ADVIRS.EXE, the dumb virus wouldn't let us search for the string 'advirs'! So we searched for 'advi'. Clever, huh?
I then got my friend to install WinPatrol to protect against future autorun programs. We also used it to remove the registry key for running advirs.exe on startup - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advirs
RemoteIT was the only antivirus that turned up in the search results for this virus and specifically claimed to clean it. We didn't try it because we'd already got rid of the problem by then but you could give it a shot, in case you're unlucky enough to get infected!
It does seem a pretty simple thing to get rid of though so maybe this wasn't really required. I think if we'd simply renamed a copy of cmd.exe to something else, it would have bypassed the virus' blocks, so you might want to try that first :D
RemoteIT was the only antivirus that turned up in the search results for this virus and specifically claimed to clean it. We didn't try it because we'd already got rid of the problem by then but you could give it a shot, in case you're unlucky enough to get infected!
It does seem a pretty simple thing to get rid of though so maybe this wasn't really required. I think if we'd simply renamed a copy of cmd.exe to something else, it would have bypassed the virus' blocks, so you might want to try that first :D
EXE name : advirs.exe
Location: c:\windows\system32\advirs.exe
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advirs
Location: c:\windows\system32\advirs.exe
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advirs
Saturday, May 17, 2008
Gmail Has A New Loading Page And Now Loads Faster
When I logged into Gmail today, I noticed a different 'loading' page. Instead of the usual blank, there is now a progress bar visible.
There also seem to be improvements behind the scene, as this post on the Gmail blog explains.
There also seem to be improvements behind the scene, as this post on the Gmail blog explains.
Thursday, May 1, 2008
Free Stuff For Your Domain
Or What To Do With Your Domain Name, For Free
So you've finally got that really cool domain name you've always wanted; now what? How do you let everyone know how uber-cool you and domain name are? You could give some of these free services that allow you to use custom domains a shot.
I bought my domain almost a year ago. I didn't really have anything specific in mind that I wanted to use the domain for, except perhaps my blog. I didn't want to shell out for hosting or other services that I wasn't really going to use but I also didn't want the domain name to lie idle. So I looked about for free services that I could use. I found only a few and they're listed below (mostly from Google!). The ones that I've not used are starred.
- Google Apps - This is pretty much the best one in the list. It includes a lot of services. You get
- Microsoft Windows Live Admin Center ( formerly Windows Live Custom Domains ) * - Microsoft's answer to Google Apps? You get some Windows Live services for your domain
- Windows Live Hotmail
- Windows Live Messenger
- Windows Live Contacts
- Windows Live Alerts
- Windows Live Photo Gallery
- Windows Live Spaces
- Virtual Earth
- Calendar
This is what I could gather was being offered, the site is a bit confusing as to what exactly is up for use. - Blogger - The http://myblog.blogspot.com URL is, like, so ordinary, dude. Use Blogger's custom domain feature to publish your blog on http://myblog.mydomain.com. Your old BlogSpot URL is still valid, people will simply get redirected from there to the custom domain. ( I've noticed, however, that http://www.myblog.blogspot.com will NOT redirect! ) Blogger also supports redirection of feeds so if you're using the FeedBurner MyBrand service, you could even redirect your Blogger feed to the one published on your custom domain!
- FeedBurner - After Google's acquisition, all the premium features are now free. So you can use the MyBrand service to change your feed address to something like http://feeds.nogoodatcoding.com/nogoodtipsandtricks; much better than http://feeds.feedburner.com/nogoodtipsandtricks, don't you think? Of course, you have to be using FeedBurner to publish your feeds!
- Free Forum Hosting * - I found these sites that offer free phpBB forums with custom domain name support.
- Free-Space.net * - Free website creation and hosting; the pages are shiny!
One more advantage of putting your stuff on a custom domain name is that if you should ever choose to switch providers ( be it email, blogging platform, feed publisher, whatever ), all you need to do is update your domain settings to point that URL to the new host. Your friends and readers need not update anything!
If you know of any other services that can be added to this list, post a comment! I'll add them to the list ( and credit you, of course :D ).
* I've not used these services but the sites seemed to indicate that they were free and had domain customization features.
