Friday, April 30, 2010

We need better weapons for the war on viruses!

We need a real breakthrough in the war on computer viruses. As I have said before that the anti-virus programs only catch about 1/2 of Virus's. Using two anti-virus programs may raise the detection level to 75%, but there is still a huge gap there. I am not talking about the problem where it takes a few hours from the time that the virus starts spreading to when the anti-virus programs are able to detect the virus. That in itself is a huge problem and the anti-virus programs are starting to combat that problem by also having a dictionary of allowed/safe programs. If one that is not listed tries to run it pops up and tells you about it and asks if you want to run the program. I am talking about actual long term infections. I have observed this for a few years now.

My first obvious case was a computer that was downloading porn on its own. When nothing could detect the problem I replaced the hard drive. When I copied their old desktop items to the new hard drive guess what? The porn download virus came with it. The anti-virus program did not detect a thing. Then there was the storm spam virus. I chased it to a computer and replaced the hard drive. The virus infected emails stopped but after 6 months none out of three anti-virus programs could detect the virus on the old hard drive. I offered to mail it to them if they wanted to analyze it. I got no response; I don't think they really care.

The only solution is still to replace the infected hard drive and be very careful as to what you copy off the old hard drive. Copy only their documents and pictures from the old drive. Anything else could be an undetectable virus.

What am I seeing these days? How about a computer that one day insists a file size is 0 bytes when it is really several KB? Or the next day it does not update the date of the file when you make changes to it? How about a computer that does all kinds of strange things on the network on strange ports all day long? In both cases 3 anti-virus programs find nothing at all! It is so frustrating!

We need a super weapon that can go the very core of the hard drive and analyze everything to see if it is a trusted program and flag it if it is not. Yes I know about ‘Hijack This’, I have an 11 page log on one of the problematic computers. It does not help. The virus writers know about HJT and I am sure they have a way around it.

I found a recent article that reflects some of my disappointments;
http://www.theregister.co.uk/2010/04/13/winxp_anti_malware_tests/

I wonder if part of the problem is what happened during the election several years ago. All of the news Medias reported the wrong results because they were all using the same incorrect sources. Where do the anti-virus people get their viruses to detect? Do they all use the same sources? Do they only use email viruses? Something is really amiss here with so many viruses going totally undetected.

Then there is also the instability problem (Kaspersky IS 2010 crashing/locking up computers - see my other posts). There is also their effectiveness in removing the viruses – for Instance AVG saying the ‘virus vault is full, no more room for viruses’. Sometimes it is just easier to replace the hard drive and start over. Then copy their files off the old hard drive.

Signed – One Very Frustrated Virus Fighter.

Thursday, April 29, 2010

Dell X300 hinges

Lately I have been fixing up a lot of Dell X300 laptops to send to Africa.  One of their problems is that the hinges go bad and the screen falls down flat.  As it turns out the fix for that is quick and easy.  Remove the hinges, tap the pin back in with a hammer or on a vice and it works.  The hardest part is getting them out of the laptop to fix them.  Somehow they slowly work their way out then there are no barbs to catch on and they go loose.  They can be fixed while in the laptop but that is dangerous as the wires are in the way.

Monday, April 26, 2010

Fake Office 2003 Cd's on EBay

First of all I have purchased MS Office 2003 on EBay before with no problems.  However recently there has been a big rash of FAKE MS Office 2003 CD's up for sale on EBay.  The CD's do not work, it looks like the coating was too thin as there are some spots near the center that let light through.  If you try to use the CD it will ask for the license number then lock up forever.  If you try to read or copy the CD it will lock up your computer forever, until you eject the CD.  Either way the CD's simply do not work. 

Also look closely at the center hub area, the pattern there is not quite correct for a real MS CD.  IF you angle the CD to a light the entire top surface looks dimpled all over like it did not adhere correctly.  The license numbers are not correct for Microsoft and do not work with a normal MS Office CD.  The license 'genuine' ribbon is obviously fake.
I went to microsoft.com and searched for information on the Fake Office 2003 CD's.  They reported that the fakes were just a sticker on a normal CD.  So I felt for the edge of the sticker and sure enough it is a sticker that makes a CD look like the MS Cd.  The sticker easily peals right off exposing a normal CD underneath.  This does not happen on a real MS CD!
BUYER BEWARE!

Friday, April 23, 2010

Cold Nuclear Fusion Revisited

Many years ago I came up with the idea of crossing ‘gas plasma electrolysis’ with ‘sonoluminesance’. My hope was to get ‘sonoluminesance’ and ‘gas plasma electrolysis’ to both take place in the same jar. Both are hard to start but my hope was that by combining them it would be easy to start. There were several problems to overcome. Like for instance, the frequency of sonoluminesance changes with the temperature of the water. So I was not able to get it to work. Maybe someone out there can get this idea working.

http://sites.google.com/site/bobdavis321/high-efficiency-devices

Think of all the energy we can save if we can easily produce hydrogen from water? We could end our dependence on foreign oil. We can stop tearing up the landscape in Pennsylvania trying to extract the gas from the ground. This idea really could save the world!

Wednesday, April 21, 2010

Is Linux as safe as they say it is?

Last week I was vacationing on my honeymoon. I was only gone from work for one week. Surely they could survive without me that long? Well maybe not. On Friday I got a call saying that there was no Internet access at work. They still had working email, just no Internet. I told them to switch back to an older Netgear router and then everything started working again.

When I got back from vacation, I checked the now offline IPCop Internet server. It had a screen full of error messages. It was also running URL filter and somehow the update had gone bad and as a result just about every web site was being blocked. I promptly pulled out the IPCop CD and then reinstalled IPCop. Sure enough it worked fine. Then I reinstalled URL filter and again everything worked fine.

The question remains, did something go wrong with the URL filter program, with its updating, or did someone hack the IPCop server? If it was hacking, then that is proof that Linux is hack-able. That’s a scary thought.

Now back to trying to figure out why a 6 month old installation of Windows XP is slower than molasses in January. Perhaps it is infected with something that Kaspersky, and Malware Bytes cannot find?

On the good news side, Firefox has disabled JavaScript! That is something that I said needed to be done a long time ago. In fact I have been running a JavaScript blocking add on program on my computer.

Friday, April 2, 2010

Fake Antivirus: Total XP Security

I had another round of fighting a fake antivirus called 'Total XP Security'. First I used Windows explorer to delete all the temporary files, then I deleted all of the temporary internet files but that did not help at all. Then I used Msconfig to disable all the startup options and then to disable everything, but it was all to no avail.


Next I tried goggling for ‘Total XP Security’. After reading some information on it I decided to use regedit to delete the following two keys:

‘HKEY_CURRENT_USER\Software\Classes\.exe’

‘HKEY_CURRENT_USER\Software\Classes\secfile’.

That worked! Then I downloaded and installed Malware Bytes Anti-Malware (MBAM) and told it to do a thorough scan. It found and fixed a number of registry entries that had disabled the firewall and disabled the real antivirus software that was running on that computer.  I did this screen capture after I had deleted the entries.

Here is what got me about the latest incarnation of the fake antivirus, the real antivirus running on the computer did not prevent the fake antivirus from being installed, it did not detect the virus while it was running and the real antivirus appeared to be able to do a full system scan and find nothing wrong with the infected computer. How did they do that?

The first giveaway that it was an infection was that I could not install MBAM because the virus had disabled running any 'exe' files via the registry entry listed above that I then deleted. BTW the name of the actual virus file is ‘ave.exe’.