Defeating the fake Antivirus

This applies to things like “Windows Antivirus Pro”, “Antivirus 2010”, “Antivirus Live”, “Antivirus Pro 2009”, among others. They’re a dime a dozen and the names change often.

There’s two ways these nasty things work: some install a module that keeps any but a few programs from starting in the first place, others close down programs they don’t want to let you run after the fact.

Often, the first kind can be defeated by right-clicking the program you want to run and clicking “Run as”, then selecting this user and un-checking the box to protect your computer from the program.

That bypasses the weakest of the modules that won’t let programs run.

The others can usually be defeated by renaming the executable you’re trying to run to iexplore.exe or explorer.exe.

The trick is to then shut down the fake antivirus that’s blocking removal tools. I usually start by running the Windows task manager, taskman.exe, and shutting down as much as I can – shut down the most random-looking process names first, then if there’s nothing that’s not part of windows left, shut down explorer.exe. Within task manager, you can run things like the installers for anti-malware tools, web browsers, etc. If you’ve got the first sort of blocker, you’ll have to rename each executable to get ‘em to run, if running from Run As didn’t do the trick.

I usually open up regedit and look in HKLMSoftwareMicrosoftWindowsCurrentVersionRun and HKCUSoftwareMicrosoftWindowsCurrentVersionRun for anything I don’t recognize; temporary folders especially. Nothing in there is critical, so remove things and sort them out later if you’re not sure what they are.

Next look in HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon. Check the userinit value for paths other than to userinit.exe. Remove them if so. Look in the subkey notification and look for modules with odd names. Antiviruses usually show up here, as well as Windows Genuine Advantage modules. Sometimes something obvious shows up here. Google if you have to.

You may have to run netsh winsock reset to get network access running again.

Once you can get something like Malware Bytes Anti-Malware running and scanning, you’re usually golden. Do a quick scan, then a full scan. Get your preferred antivirus installed and up to date.

With any luck, you’ve defeated the fake antiviruses.

Sea Vegetable and Garlic Dressing

1/2 cup canola oil 2 tablespoons balsamic vinegar 1 tablespoon lime juice 1 tablespoon ume plum vinegar 1 tablespoons soy sauce 1 tablespoon kelp granules 1 tablespoon dulse flakes 1-2 tablespoons brown rice syrup 4-5 cloves of garlic, chopped fine

Just mix and shake. The syrup and carageenan in the kelp together make a decent emulsifier, so this separates more slowly than other vinaigrettes.

KB977165 causes a blue screen

Apparently it’s quite common for the fix to MS010-15, that is Tuesday’s KB977165 to cause a blue-screen of death after it’s installed.

The computer reboots in an endless loop, and if you start it up disabling the reboot after crash, you see a STOP error:

Page_Fault_In_Non-Paged_Area

STOP 0x00000050 (0x80097004,0x00000001,0x80516103,0x00000000)

The security fix fixes one of the longest-standing bugs in the Windows kernel, a seventeen year old bug that’s recently been used in the Chinese attacks on Google, among other attacks.

A prime cause of the crash is being infected with a virus that relies on the old bug. Viruses like this live in device drivers, particularly ATAPI.SYS (the CD ROM device driver)

Fixing the problem involves uninstalling KB977165 while started into the rescue console from the Windows CD, and replacing ATAPI.SYS with the stock copy from the CD:

cd windows$NTUninstallKB977165$spuninst batch spuninst.txt cd windowssystem32drivers expand d:i386atapi.sy_ exit

Do a virus scan afterward, and re-install KB977165. The Virus ESET Nod32 detects is Win32/Olmarik.SJ in my case; others may have similar or the same symptoms and fix.

Making BIOS update CDs on a Mac

I use VirtualBox to run Windows to prepare Windows-only BIOS updates for customer computers, especially since floppy disks are so rare now.

Make a folder to work in:

mkdir CD

In the Mac OS Terminal, create an empty floppy disk image:

dd if=/dev/zero of=CD/bios.img bs=10k count=144

Attach it as a floppy image in Virtualbox running Windows. Run the BIOS update disk creator in Windows.

Detach the floppy image, then create a CD image with the bootable disk image:

hdiutil makehybrid -o boot.iso -joliet -iso -eltorito-boot CD/boot.img CD

Then burn the CD:

hdiutil burn boot.iso

Great. Video. Great. Idea.

Dr. Parkinson reimagines primary care

Duplicating CDs on MacOS

First, install cdrdao – if you use macports: sudo port install cdrdao

To rip the CD to an image:

sudo cdrdao read-cd --device IODVDServices file.toc

To write the image back to CD:

sudo cdrdao write --device IODVDServices file.toc

Make sure that the CD isn’t mounted before reading, use disk utility to make sure.

Spiffy game!

My friend pseudomammal made this spiffy game, Khromax, and I think it’s excellent. I really love simple, addictive, clever games like this. Give it a try.

rpc.statd goes wild!

I came in to work today to find my mac workstation spinning running rpc.statd at 100% CPU.

A quick dtruss -n rpc.statc showed that it was looping trying to read its database in /var/db/statd.status

Removing the database solves the problem neatly.

Crustimony Proseed Cake

Inspired by Winnie The Pooh, by A. A. Milne

Make the vegan vanilla base cake recipe, and add toasted sesame seeds, toasted coconut, toasted poppyseeds, and whatever dried fruit you have handy. Bake as usual. Then turn out of the pan (upside-down), brush with honey or agave, and stick under the broiler briefly until a crisp crust develops.

Ann Swissdorf's Cocoa Cake (and a generally good vegan cake base recipe)

  • 1 cup white flour
  • ⅔ cup whole wheat flour
  • ½ cup sugar
  • ¼ cup cocoa powder
  • 1 teaspoon baking powder
  • ½ teaspoon salt
  • 1 cup water
  • ⅓ cup canola oil
  • 1 teaspoon vinegar
  • 1 teaspoon vanilla

Mix dry ingredients. Add the remaining and beat until well blended. Pour into a greased 8 or 9-inch pan and bake at 350 °F for 30 to 40 minutes.

You can make a white cake by omitting the cocoa and using double the vanilla.

Makes an excellent base to make gingerbread cake, banana cake, marble cake (mix half cocoa and white cake batter in the pan, leaving a swirl), and it’s the base for my Crustimony Proseed Cake.

Useful Javascript

I just created a drop-down menu with an option to add your own entries. Feel free to use.

The skinny. Demo.

IPv6 Glue at Tucows/OpenSRS

I just asked my OpenSRS/Tucows domain reseller rep about AAAA (IPv6) glue records: They are planning to support them soon! In the mean time, they can configure them manually.

Avocado Ranch Dressing

Blend 1 ripe avocado, 300 ml buttermilk, a spoonful of garlic powder, some chopped parsley, salt, pepper and a dash of lemon juice.

Syncing AOL contacts into Gmail (or other software)

Finally there’s a way to sync contacts out of AOL and into something free. Since AOL Sync is based on Funambol, it uses SyncML, and the Funambol clients.

You’ll need Java, and then:

  1. Download the Funambol Google Plug-In. If you want to sync into Outlook, use the AOL Sync client, or look at the other Funambol plug-ins for other systems.
  2. Extract it, and run it — look in the funambol, pug-ins, then bin folders. The file is called “runGoogle.cmd” on Windows, and “runGoogle.sh” for Unix systems.
  3. Go to Edit, then Communication Settings
  4. Put in http://m.sync.aol.com/sync for the Server URL. Fill in your AOL username and password, and your Gmail username and password.
  5. Hit OK
  6. Hit Synchronize

Voila, your contacts are in Gmail

Say good-bye to a provider that has until now worked very hard on locking your contacts in.

It's its!

My new cell phone has a qwerty keyboard that lacks an apostrophe.

Spectacular cell phone fail.