Wednesday, May 6, 2009

Virut-Vitro

About two or three weeks ago, I got hit from a nasty virus named Virut (later known as Vitro).

Basically, what this does is it infects running processes and executable files without the knowledge or awareness of your antivirus software. (Of course, there's one that caught them).

I do have my antivirus installed on my workstation. I never go on any minute without making sure I have (at least to what I thought) security from malwares (viruses, infections, et al).

It all started by finding a crack for the recently released Red Alert game series. I had the previlege to copy the early version of the game with complete crack with it. I had to find a trainer so I can just test the game without having to worry about hardship in completing any of the missions.  However, after a few missions, the game stopped -- nothing but my desktop left before I opened the game -- it plainly just exited from my console.

Off I went to hunt a solution from the many sort of alternatives:
- download a trainer where I can skip missions and proceed to the next
- download a patch and try if the game still works with the currently installed crack
- download a new set of package with the crack
- download a serial or set of cracks to enable a particular version which is newer that currently installed.

I visited an old hunter: http://astalavista.box.sk for some hunting. After some clicks from here and there, I got to a website where a price may just be waiting. I downloaded an exe file -- no alarm from my top-brass, prolific, and always with the new updates -- I had confidence it was safe.

I ran it. Nothing happened. I tried again, thinking I might not have actually ran it at first. Still, nothing happened. A second later, I feel my computer is slowing down. I went ahead and closed some programs I am not using. As I still feel like my 2.4Ghz 2GB memory computer is crawling, I went ahead and restarted with a push of the button after failing to restart from the console.

It boot up well. Normally as it has been for the past months unless of course from installing some programs or hardware for my use.

After a few minutes of using it, it's really getting slower and slower, with just the browser on my screen. I am used to opening two or three instances of Mozilla Firefox with at least two tabs on one of them, an instance of Google Chrome with one or two tabs, Mozilla Thunderbird for my mails, Zend Studio, NotePad++ for my codes, MySQLFront for my DB GUI, WAMPserver for my web and development, YahooMessenger, and about half a dozen more programs running in the. background. But, most of them are not running at this point -- only a few background programs and Firefox.

I started to suspect I got something that's eating up my processing and/or memory allocations. I opened my Task Manager and noticed stranged processes running. I refreshed my browser and went to http://processlibrary.com which will give me some info about a particular process. 

I got:
reader_s.exe
stopidkc.exe
BN4.tmp
... (and a few more)

I had Tune Up Utilities installed and opened the Process Manager to check what's running. At first, it detected the above as suspicious so I stopped them from both windows. Some of which keeps coming back after a few seconds. At Tune Up Utilities, they never got back, I still saw them on the Task Manager.

I tried to re-check that my AntiVirus has the latest updates then proceed with a full-system scan. It never finished, the computer hanged mid-way the process. 

I needed another anti-virus to check further, however, I am not able to browse their websites. I had to search some mirror location of downloable files to get one. I tried getting one from my network shares but I am unable to browse any computer. To avoid further infections, I disabled my two network cards (one for LAN and one for WAN). I used my 40GB external drive to get the downloaded antivirus installer to my system. That was the last time I used my external drive. I have to serve it up for decontamination later.

I was successful at getting PrevX into my system but it needed the Internet to clean the system (my stupidity overcame me that moment). I installed NOD32 but it never updated its definition. I got AVAST and no updates were able to fetch for it. I proceeded to scan the whole system.

I have four 250GB drives with one drive partitioned into two -- 100GB was set for my system drive and the rest for my work files, temporary files, among others. One of the drive is allocated for my projects, mails, documents, pictures, and others. One drive hosts my software repository -- drivers, software, games, installers, crackers, tools, utilities, and others. The other drive is a spare one for my downloads -- movies, mp3s, software -- that do not last too long. I used it for testing or as temporary storage when necessary.

I used AVAST's bootup scanner on all my drives. With that much storage space to cover, I had to wait a lot of minutes to an hour before the next alert message. It went smooth for almost a day. My tasks are now starting to pile up as the days go by.

My computer will boot up fine but traces of the virus -- from the task manager -- still remains. I tried everyway to outcheck it. My knowledge with DOS was challenged in searching and deleting the series of files that went along with the processes from the task manager that I had to stop forcefully. None of which proved to be easing out the virus.

After some googling and reading about the symptoms, I was convinced it was a strain of Virut. Further reading told me that it's unlikely that can be removed or repaired. Some say it can be removed or repaired but the details of how to do it were proven to be ineffective by others.

I had to reformat my system. I can not reformat everything. My new edition to the upcoming release of the system I am working on is in it and it has been too long since I never had committed as it entails some great new changes even to the core level of the system that I can only implement after a series of testing of which I haven't done it while I'm finishing some details.

I have all the software I'll be able to use for my work, my career. My documents, pictures, old programs I have built from scratch that I'll not be able to work on it again. ... And the list goes on for the reasons that I should not just reformat my drives.

I re-installed WinXP with a new set of partitions on my system drive. After another day of setting up my system from which I should be able to resume my work and the many things that's already piling up on me, the virus is still there. I had NOD32 installed and updated but it never brought up a warning I still got the virus.

I had read that this virus can propagate itself to exe, rar, zip, html, asp, php (oh, PHP -- that's what my projects drive have on it). I had to stop there and think about how these files can still be saved. I had to read more about it. What my readings, the virus will inject some lines of codes onto the webpages so it can connect to a remote IRC connection using an <iframe>. Since webpages are written in text format and I never had to use <iframe>, I have to find a way to get AdvanceFileAndReplace software to locate and identify the files that might be contaminated and by brute force, I'll have to edit each and every one of them.

I then deviced a way to rename all files that has an extension as specified above. I used PHP's file and directory functions to identify and rename the files to a different extension in a recursive fashion on all datadrives. I assumed that using aoc in lieu of php will work. aoz for zip, arr for rar, aoe for exe, aom for htm, and so on. I had to leave it running overnight as I have tons of these file types stored in my machine.

The few days later, I spent assembling for my new unit as an upgrade. I had to wait more days for the power supply to arrive from the supplier.

On the new machine, I plugged my system drive and freshly repartition, reformat and reinstall WindowsXP. As standard, I had to install the drivers, complete the upgrades.

I installed Malwarebytes' Anti Malware and AVAST that has been top-rated for detecting and blocking this virus.

I downloaded a new copy of PHP so I can rename back the files to their original file extensions before proceeding to clean them up.

I ran MBAM's full-system scanner while having AVAST on real-time scan. As MBAM scans the drives, AVAST detected traces of Win32.Vitro while MBAM is unaware it has. I am hoping it will work as I have been needing to press Alt+D and Alt+E to delete any infected file. As I can no longer stay awake for more hours that it may take to do this (even while writing this post), I opted to schedule a boot-time full-system scan with AVAST and set to delete all (even system files if there will be any) traces of infections.

I am leaving my workstation to do its decontamination as I need to head home and take some sleep. I need to come early to prepare the system integration of a much-needed module.

Wednesday, March 18, 2009

When all strategies deflect

Bad news, erroneous estimates, last minute drastic change....

These are just a few of the many things that happen anytime of the day. even to any type of situation.

There exists no solution.. only resolutions. These however may be illusive or the same disaster.

The balance is decision making. A decision will work out to the best, worst or the comprise --- three parts of the mind -- protagonist, antagonist, strategist.

At some point, you just have to be a protagonist to whatever resolve. Or be an antagonist to a specific view. However, moving from one to another at certain point in time is but both an advantage and disadvantage of the strategist.

The anime series "Gundam 00" (now, I'm on season two) displays the both worse and best of worlds -- wanting to gain peace by war interventions. Some wars are made to end another while another starts. Clearly, how can peace reign if no junction or thought is worth pursuing without disagreeing with others. Religion? Politics? Idealism? They all speaks the differently by different people with different thinking.

If we have one goal, why do we have to disagree with the methods? Why do we have to point out the flaw of another without realizing or even knowing the extent of the more flawous method we have and adhere?

But then again, life is also about disagreements about disagreements to our agreements.

Queer!

Thursday, March 5, 2009

Coping with new things

Software engineers working on a system long enough finds a hard time to incorporate a lot of the great new things like -- new framework, new strategies, new libraries -- whether they are useful to the system or not.

No wonder why a lot of programmers still stick to their programming languages -- as they are busy working on systems -- they are most familiar and can develop in a flash. Being a master of just one makes you an expert with it. But, wouldn't you be the dinosaur a lot of people are looking for? Or, are the you owner of every new thing in town -- a fashionist, a trend-setter?

However, learning new things should be innate to be logical. Making it through and working it out should be the challenge.

It doesn't really matter. Today's technologies comes so fast and some don't last too long -- too long that others may have mastered it faster than you while using it on your daily routines. So, mastering one thing is just one thing, knowing to adopt to the changes is but another.

And the saga continues

Wednesday, February 18, 2009

I've learned....

[http://penn.betatesters.com/wisdom01.htm]

I've picked those that I like the most.. you can come up with your own list too. =)

I've learned-
that it's taking me a long time to become the person I want to be.

I've learned-
that you can keep going long after you can't.

I've learned-
that we are responsible for what we do, no matter how we feel.

I've learned-
that maturity has more to do with what types of experiences you've had and what you've learned from them and less to do with how many birthdays you've celebrated.

I've learned-
that you should never tell a child their dreams are unlikely or outlandish. Few things are more humiliating, and what a tragedy it would be if they believed it.

I've learned-
that you shouldn't be so eager to find out a secret. It could change your life forever.

I've learned-
that two people can look at the exact same thing and see something totally different.

I've learned-
that people will forget what you said, and people will forget what you did, but people will never forget how you made them feel.

Once I found out the secret of the Universe. I have forgotten what it was, but I know that the Creator does not take Creation seriously, for I remember that He sat in Space with all His Work in front of Him and laughed. -- Lord Dunsany, "The Hashish Man"


Tuesday, February 17, 2009

itsonlythewind

"Someday, someone is going to walk into your life and make you realize why it never worked out with anyone else"
[http://brokenmachine.tumblr.com/post/56222999]

Quite ironic at times -- the ones you dearly hope to be with are the ones who elusively stays.

Aside from believing it is, it also by proving it should by how it is and how it should.

We accept it, we live with it. We live with it, we work through it. As we do, it is becomes our life. Unless of course we are living at another life.

Crush me, curse me, but this will become part of your life.

Wednesday, February 11, 2009

Tuesday, February 10, 2009

Improving handwriting

http://paperpenalia.com/handwriting.html

Somehow, our parents have taught us how to write just how they were taught by their parents. The URL above explains and describes some basic reflections why some of us (myself included) have awful handwriting and penmanship.

Take a look and your handwriting may improve just like speeding up and accurately type these keys.

[Nearly] Being Dilbert

Oh, the frustrations go on from day to day and today.

Dilbert is a classic how regular employees are treated as but work doers than contributors. Employees or subordinates are but contributors and not merely doers of the petty tasks required of them to finish and with our bidding.

We all just need to be juggled with stress and patting all over and over again to stimulate, motivate, satisfy and gratify us.

It's a human thing!!!

[http://dilbert.com/fast/]

Monday, February 9, 2009

The tao of programming

I like Book 6: Management

Programming is indeed has its own sense. Only a little of management and a bunch of loop work to work out from the loop.

http://www.canonical.org/~kragen/tao-of-programming.html

HowToBeAProgrammer: The basics where it can lead to somewhere

I've been programming since I started using computers. Literally, that's a fact. The first time I used a computer was when we are to be taught how to program.

The heck about programming? Goes my silly question during the first day. My frustration was overwhelming when what we did was to copy a set of words and symbols that cannot even be associated with poetry.

But, through the years, the basics of programming basically starts how we see things -- to program. Understanding the business process and laying them out to a series of commands and codes from an algorithm to a running program.

This site [http://samizdat.mines.edu/howto/HowToBeAProgrammer.html] discusses the basics and as I would more time later on, it'll be nice to be reminded of how I should and how I need to improve.

Friday, February 6, 2009

The evolution of a Programmer

Worth a read: http://www.ariel.com.au/jokes/The_Evolution_of_a_Programmer.html

Just before I graduated from High School, I decided to enroll myself in a BS Computer Science course. I never had touched a computer not until the first scheduled laboratory day in one of our major subjects.

I took the subjects seriously that I wanted to learn more. I stayed at the laboratory room whenever I got a chance. Soon enough we were taught how to program. Our instructors hands us some printed set of codes to copy and make sure to be able to run it. One required us to bring a particular book and have us do the activities in the book from a certain page to another. It was a tedious task but we diligently progressed, we overcame and learned a lot.

It all started with the task of printing "Hello World" on the screen. Colors, position and other styles and attributes made it complex. Going through the simple exercise can be tiresome but learning is picked at every level it goes through making through the levels of modification. The joke on the above URL precisely demonstrate a reality. Some simple tasks are made complicated to display prowess and knowledge on the particular topic -- this case, printing "Hello World".

In one of the subject I have taken, I overly tried to produce an awesome program but in the end, I was not able to pass it. It was a simple requirement but the aim was too bloated that it didn't materialized.

"The best way to approach it is to do it from the basic". However, basic in programming is not enough especially when you want to involve a lot of factors other than the basic output. Being strict can be bloated and being simple may not be just what is seems.

Thursday, February 5, 2009

What is Aingelogue?

So you've asked.

Aingelogue is my term to refer to my self's monologue. It is just a simple way of discussing with myself and publishing it. It may be useful or not to the reader's concern. It is a way for me to burst or try to expand my thoughts -- challenge my own thinking, encourage to improve my writing, and foremost to express my thoughts in the way I can.

Self challenge, I believe is self-improvement. A training, an exposure and an adventure. Some people will likely disagree, denounce or curse whatever is posted. However, the fact that it is expressed and written is enough to learn whatever is sensible.

Wish me luck that I may be able to continue and bring into habit the wisdom of putting thoughts into this blog.

And so it starts...