Thursday, January 2, 2014

Train Wreck

NPR did a long piece on the North Dakota train wreck where tank cars of petroleum burst into flames.  They had a guy from NTSB on wondering if the tank cars that blew had been properly placarded as to hazardous material.  I'm sure the proper hazmat placard would prevent a fire.  Then they talked about the tank cars themselves, perhaps replacing all the tank cars would prevent another explosion.  Then they talked about how petroleum from the Bakken shale might be more hazardous than other petroleum.  I got news for them, petroleum from anywhere is fairly dangerous stuff.  It gives of flammable vapors that ignite for rubbing two pundits together, and once ignited, it burns furiously.
    What they didn't talk about was train wrecks.  If you wreck a train full of oil tank cars, you are gonna have one helova fire.  Hazmat placards, stronger tanks, tightlok couplers only help a little bit.  You gotta work on preventing train wrecks.  Nobody has offered any explaination of how this wreck happened.  We are just very lucky that nobody got hurt.
   To be fair to National Progressive Radio, they did mention the lack of pipelines, such as Keystone XL which Obama has stalled for 5 years.  
 

Wednesday, January 1, 2014

How to Read a ComboFix Log File

Combofix, will zap most malware right of your disk automatically, with no assistance from you, the operator.  It also writes a lengthy log file to disk.  The log file indicates what was done, and lists some other stuff worth looking at. 
"Other Deletions"  is a list of files that Combofix has already blown away for you.  If later on, you find the Combofix has broken something, you can look to see if it zapped a needed file.
"Drivers/Services" is unknown to me.  Combofix did find anything to report on my computer.
"Files Created from yyyy-mm-dd to yyyy-mm-dd " shows all files created in the last month.  Virii have to live on disk somewhere.  When a virus shows up, it's likely to be living in a newly created file.  It's not that new files ARE virii, but they might be.
"Find3M Report" is a list of all files created in the last 3 months.  Again, just cause a file is new doesn't make it a virus, but it's worth checking them out.  Google will tell you a lot about a filename.
"Reg Loading Points"  is a list of registry entries that load and run programs.  Look at the program names, you ought to recognize the names as legitimate programs, such as your wireless card driver.  Names you don't recognize are worth checking out, they might be virii, but most of 'em will turn out to be legit programs.
IF, and only IF, you recognize a virus loading entry, you need to use regedit to blow the entry out of the registry and then zap the file being loaded off your harddrive with explorer
"Supplimentary Scan" is a more registry keys that seem suspicious to Combofix.
"Orphans Removed" is a list of registry entries that Combofix has blown away.
"Catchme" is a report from the rootkit finder/zapper.
"Locked Registry Keys" is a list of locked registry entries.  Locked entries are suspicious because that's how virii protect their registry keys.   In my computer the only locked registry key belongs to Internet Explorer, which I think is harmless.    
"DLL's loaded under running processes"  shows all the dll's currently in memory and doing things, and which programs are using them.  Running processes that you recognize are OK.  A running process that you don't recognize wants to be checked out.  Likewise for dll's.
"Other Running Processes" is all the code in memory and executing.  If you recognize the process, fine.  Strange processes that you don't recognize again want to be checked out. 





Windows XP System File Checker SFC /scannow

SFC comes with Windows.  It's a DOS program, you have to click on the start menu, click on :Run, and then type sfc /scannow into the run box.  SFC is supposed to check the core windows files and report/replace any that are missing/out-of-date/corrupt.  Just how SFC decides that a file is good or in need of replacement is unclear, since Windows Update keeps replacing  files with updated versions.  Just how SFC keeps up with this is unclear/unknown to me, but I think it works, somehow. 
   When SFC finds a file that it wants to replace, it will ask you to put your Windows install CD into the CD drive.  However, many of us  don't have a Windows install CD.  We bought new computers that didn't come with Windows CD's. 
  But there is a fix.  Computers without Windows CD's  have a hard disk partition, (D: usually) that has all the stuff the Windows install CD has on it.  I just burned it into a CD, left the CD in the drive, and then SFC ran to completion.  I had to do a little trimming.  The D: hard drive had too much stuff to fit onto a 600 MByte CD.  I only put the "I386" stuff on the CD, and I even had to trim that a little bit to make it fit. 

Tuesday, December 31, 2013

Stalingrad

The Russians have a security problem.  Terrorists bombed a railway station (awful video showing the bomb flash and smoke is on TV) and then bombed a trolley bus.  Thirty or forty people dead.  These atrocities occured in "Volgograd" , "400 miles south and east of Moscow". 
   It wasn't until the next day that one newsie finally figured out that Volgograd is better known in the West by it's Word War II name, Stalingrad.  The newsie vaguely mentioned that a battle had been fought there. 
  The newsie didn't mention that the battle of Stalingrad was a turning point in World War II.  It was the first time the Russians managed to beat the Germans in a big standup fight.  Before Stalingrad, the Germans beat the Russians every time.  That turned around after Stalingrad and the Russians beat the Germans every time. The Russian victory at Stalingrad was crushing, they surrounded the German army and took them all captive.  Germany lost 250,000 men at Stalingrad.  The movie "Enemy at the Gates" was about the battle of Stalingrad.
  You would think that after such a legendary victory in the Great Patriotic War, the city would still be known as Stalingrad.  But, when "deStalinization" happened under Khrushchev in the late 1950's, part of "deStalinization" involved taking Stalin's name off his city on the Volga.   

Combofix

My computer survived Combofix.  This car climbed Mt. Washington.  Poor old desktop was still sluggish so I tried the roughest toughest anti virus out there.  Combofix, spoken of in awed tones by computer geeks. I downloaded it from Bleeping Computer and turned it loose.  It took it's time, made at least two passes.  On pass one it reported another rootkit Zero.Layer.something or other, hiding in the TCP-IP stack.  Claimed to have killed it.  Warned that I might encounter some problems getting back on the internet, but promised a fix.
Any how, after a long run it reported success and printed out a LONG log file.  It listed a lot of files that it zapped, all the "run" keys it found in the registry, and a bunch of other Windows files.  Surprisingly it didn't list the rootkit it claimed to have zapped.  You would think the programmers would be happy to claim a trophy like a root kit.  The log file looks a lot like the file created by Hijack This, in fact the Combofix developers may have borrowed all the Hijack This code to print the log.  I haven't acted on anything in the log file yet.  I recognize all the run keys, they are running legitimate programs like the wireless modem driver.
   I'll Google on the windows files it lists, and see if I can find Microsoft certified, pure as the driven snow, replacements, just in case.
  But not tonight.  It's bed time.  And the desktop is running better.  Quicker keyboard and mouse response.
   Anyhow, if you have a really tough virus that ordinary anti virus programs cannot see or cannot zap, try Combofix.  It's powerful.  And free.   Just running it ain't hard, just click on it and it goes to work.
   The log file is kinda cryptic and you do have to know stuff to understand it.  Don't blow anything away just cause it shows up in the log file.

Monday, December 30, 2013

MSM is STILL out there selling Obama Tales

The New York Times on Sunday published a big story to support the original Obama excuses for the Benghazi disaster.  As you might remember, at the time, the Obama folk blamed the attack on the US consulate in Benghazi on an obscure video posted on the Internet.  They sent Susan Rice, high ranking adminstration official to appear on all five Sunday pundit TV shows to push the video theory.
  Anyhow, the Times just printed a big story retelling the "nasty video caused attack" theory.
  And that, ladies and gentlemen, is even handed MSM support for a beleaguered  Obama administration.

Microsoft Security Essentials

Poor old desktop, just hasn't been the same since the root kit got into her over Christmas.  So I been looking for virii, anti virii, rootkit killers, anything.  There is something in her that makes her boot slow, load slow, and its so bad it makes the sound stutter.  Just the the normal Windows "Ka-ching" boot noise comes out funny sounding.
  So I tried the Microsoft Security Essentials package, from the Windows Update site.  It took an hour to download, another hour to update itself, and another hour to scan my hard disk.  Didn't find anything.  Speedy it is not.  Typical Microsoft.  So I shut down last night and went to bed.
   This morning I boot up to check email and the slows are worse.  Like really bad.  It's good old Microsoft Security Essentials, it's hogging up to 95% of CPU time.  Apparently it loads itself and starts a disk scan every morning whether I need it or not.  It' not a polite program, it hogs so much CPU time as to freeze the mouse and everything else.  So I removed it this morning.   I don't recommend it to anyone.