Archive for February, 2009

vundoHow to fix it, how to avoid it.

Vundo, Tojan.Vundo, Virtumonde, Virtumondo, MS Juan:  These are the common names of  a Trojan (spyware or malware) that is known to cause popups and advertising for rogue antispyware programs, and even performance degradation and denial of service with some websites including Google and Facebook.

This annoying infection has been perplexing the security forums since January 2009.  Answers seem to be scarce.  Most detection software is not yet able to remove it.  However, you can remove it manually, and luckily for you, I have found where this Trojan lives and will tell you exactly how to kill it.  It isn’t hard. I will give you the steps.  Nothing here will cost you anything.  (The best malware programs are free anyway.)

Symptoms:
You are clicking on your search results and instead of going to the intended target, you are going everywhere else: Yahoo Hotjobs, Fake Anti-Virus sites, Second rate search sites, or you are getting Error 404 Page not found. You may also be seeing popups though popups are blocked.  You may also find Internet Explorer (iexplore.exe) running in your Task Manager as a backgound process, even though you have not opened it.

The bad news:
Chances are you have a virus and a Trojan, or several.  These are exploiting a vulnerability in Java in order to write a small script into the Firefox folder which constantly redirects your search results to infected servers which may be constantly loading more and more crap onto your drives.  Annoying for you, but profitable for the “black hat” script author who is likely recieving affiliate marketing revenue from the traffic he is diverting to these advertising websites.

The good news:
Most of these redirect scripts are not likely to do harm to your data or to steal your personal info.  This latest round just simply hijacks your search results making your life on the web miserable.

The short fix:
You will find this one living in the extensions folder of Firefox.  What you need to do is find the offending file, delete or encrypt it, then replace it with a blank dummy file.
Here are the steps:

  1. Navigate to: C:\Program Files\Mozilla Firefox\extensions\, look for a folder that is a string of letters, created around the time you began having the problem.  Something like “{BCB94CDD-5542-403F-9FB3-07D3DB1E9951}”
  2. Open the folder, and then open the folder called “chrome”, then “content”, and look for a file inside called overlay.xul (variants may have different names).
  3. Verify that it is the virus: does it have code similar to this: click to see code
  4. If you have found the culprit, delete the file  (or encrypt with Axcrypt which is reversible).
  5. Replace it with a blank text file with the same name and extension.
  6. Repeat the process – you may have multiple copies in multiple folders.
  7. Test: Go back to Google, try your search results again.
  8. If no redirects: Sing Hallelujah.

The better fix:
What you will do here is the short fix listed above, plus you will also run several Malware programs, remove all old versions of Java and download the new Java.  If that doesn’t cure your problem you may need to run some more serious software. Here are the steps:

  1. Do the “short fix” listed above.
  2. Remove old versions of Java by downloading  JavaRa and unziping it to your desktop.
  3. Double-click on JavaRa.exe to start the program and Click on Remove Older Versions.
  4. Download and install the latest version of Java (Most likely the first download you see here).
  5. Install Malwarebytes and SuperAntiSpyware
  6. Update them, run them, and delete all bad stuff.
  7. Shutdown, restart, run them again.
  8. If you are clean then test for redirects in Google.
  9. If no redirects: Sing Hallelujah.

If none of the above worked then you may need some expert guidance.  Fortunately you can get this for free:  Register on a Malware forum at one of the locations listed at the bottom of this post.  All of these forums have rules for posting, read them and follow them!  Do not follow advice given to others on any forums you may read.  All advice is given based on detailed analysis of every individual system.  Wait for an expert to evaluate your situation and provide you with specific advice.  All of these forums will ask for a HJT Log.  You can download HJT for free and watch a video about how to use it by clicking here.

Try these forums:

Sindri

Hand blown glass anatomically correct heart vase?
What says “I love you” more than something that looks like it was torn out of your rib cage by force?  I found this and you know, really, this is truly a beautiful thing.  All jokes aside.  I am not sure where you stick the flowers, but I do know that it would earn a lot of attention the next time your friends and relative s come by for cheese and crackers.anatomical_heart_full

Via Supermarket

Salvador Dali with a shark nose… Van Gogh’s hat made from old paint bottles…  This was quite clever and creative and left me speechless.  Too cool!
Unfortunately the image sources had no information,
but my guess is that Dali would approve. Van Gogh? You never know.

dali

BTW. Dali’s birth name was Salvador Domingo Felipe Jacinto Dalí i Domènech. His older brother was named Salvador as well. I guess if you like a name, why not use it on all the kids.

van-gogh

Vincent must be the most postmortem-diagnosed artist! Poor guy, everyone has a theory as to why he cut off his ear (just the left lobe actually) and why he committed suicide. Was it Absinthe? Lead Poisoning? Schizophrenia? Bipolar?
Someone did an amazing job recreating him in this image. I would like to know more about this image, but I just don’t know where it originates. Any ideas out there?

Sources: .picapixel and jyouhouya3

OK, here is a simple little trick that works. I occasionally use Gmail to archive files. To compress them I zip them. Occasionally, when I try to send the executable file (like an .exe or even a .zip), gmail rejects it. In a moment of inspiration I discovered a workaround which I will share with you.

Step 1: Make sure file extensions are visible. This is accomplished by opening any folder on you computer, selecting “Tools” and then clicking on “Folder Options”. In the box you will see the sentence “Hide extensions for known filetypes”, make sure this is unchecked.
folder-options

Step 2: Delete the file extension from the file you intend to upload. This is done by right clicking and selecting “rename”. In this example I change “important-file.zip” to simply “important-file”.
file1

file2

file3

Step 3: Upload the file to Gmail.

Step 4: When the email arrives, the receiver will have to add the file extension back into the name of the file.

DONE!

I found this using StumbleUpon and found myself going back to it over and over. Existentialist philosopher Martin Heidegger once said that “Language is the house of the truth of Being”.  What is so interesting to me is how this flow of language is a mirror of the flow of spiritual ideas and religious concepts throughout history as well.
Click on the image to enlarge it:
indoeuro-sm

I think that this image almost looks like the wings from an Egyptian hieroglyph.  Or perhaps even the faravahar symbol of the Zoroastrians. Crazy?

Well, in any case, that ancient language carried with it many concepts such as monotheism, salvation, heaven, angels, demons, moral responsibility and spirituality. They traveled from those ancient roots all the way through history to us and our modern languages and religions.

Heidegger also said “Man acts as though he were the shaper and master of language, while in fact language remains the master of man.”

Isn’t that fascinating?

Image Source: Bartleby

shadow-bulb

This made me look twice, cool bulb from Melissa Borrell.

From: Supermarket