Applied Indifference

Here’s a new twist on the old “Russian Mafia” trojan. You know the type - you delete it, it re-installs itself. You kill it, it respawns. Now, so you won’t notice it, IT DOESN’T SHOW UP IN TASK MANGLER.

NOTE: I only found this because I had a customer with a machine that refused to run 16-bit windows apps. In the process of rebooting it, I got an error about a file that it claimed was in use (pqwp.exe) in the “All Users\Start Menu\Programs\Startup” folder. Knowing that executables don’t belong there, I deleted it. After a restart, it came back. Spybot didn’t see it, HijackThis didn’t see it. I saw it. Deleted it again.

Now, here’s the fun bit. Having dealt with this crap before, I opened the command prompt, went looking for hidden .EXE files, system .EXE files, and finally, just looking (date sorted) through ALL .EXE files. Of course, I got a few with random names, which is almost always bullshit.

Delete first one. Delete second one - access denied! But it’s not in task manager?!?! PSKill it - it tells me it killed a process. Delete file, all gone.

Reboot, IT’S FUCKING BACK!

So, I go looking some more, and HijackThis had pointed out a program called “starter.exe”, which HijackThis flagged as “EnsoniqMixer”. This was incorrect. starter.exe is another hide-from-task-mangler process that is not a mixer, but the base virus installer. Kill and delete it, kill and delete the other two, and finally nuke the pqwp.exe.

All clear now.

Moral: you need to get yourself “PSTOOLS” from www.sysinternals.com. Now.
We are starting to see more rootkit-like behaviour out of standard trojans. This is NOT a good thing.

Tags: Computers by Brian Corbino
Comments Off

I was having an issue with up2date in FC4. Every package was greeted with the “is not signed with a GPG signature” message. Stumped, I turned to the trusty google.

Here’s what I found after aggregating information from about a dozen sites, none of which I remember. Attributions to those who already know they deserve it. I’m only putting this here as a public service.

Chances are that the keyring is hosed. Mine was apparently incomplete. Here’s how I fixed it:

as root:

gpg –no-default-keyring –keyring /etc/sysconfig/rhn/up2date-keyring.gpg –import /usr/share/rhn/RPM-GPG-KEY
gpg –no-default-keyring –keyring /etc/sysconfig/rhn/up2date-keyring.gpg –import /usr/share/rhn/RPM-GPG-KEY-fedora
gpg –no-default-keyring –keyring /etc/sysconfig/rhn/up2date-keyring.gpg –import /usr/share/rhn/RPM-GPG-KEY-fedora-test

That worked for me. Don’t be a putz and delete the up2date-uuid file from /etc/sysconfig/rhn. I did that, and had to manually rebuild it.

Once I rebuilt the keyring, I was able to download all the updates, which are signed, and my system was happily able to process them.

Tags: Computers by Brian Corbino
Comments Off

It’s official. I hate computers. Really, I mean it.

Case in point: Pentium II box, Windows 98. Someone plugs a USB pen-drive into the USB port on the back (not knowing that it won’t work anyhow, because 98 needs drivers for such things), the machine freaks out, crashes, and won’t come up. Complains that it cannot load HIMEM.SYS because of something with the A20 line.

After 30 minutes of attempting to get a boot floppy, and trying to boot the machine, we notice that the keyboard isn’t working. It had come unplugged. Plugged it in, rebooted, machine comes up.

I know what you’re saying - “What the hell does the keyboard have to do with HIMEM.SYS?”

I’ll tell you a little story about Backward Compatibility…
[Read more →]

Tags: Computers by Brian Corbino
Comments Off

There has been much written about Moore’s Law, and how it’s demise is just around the corner.

Of course, for the past 20 years, it has failed to fail. Circuit density has indeed continued to double every 18 months or so. It has always been regarded that physics would lead to the ultimate demise of Moore’s Law, as quantum effects began to infect circuit designs. Indeed, as we approach the 65 nm feature size, quantum effects are being observed. Chip designers, however, think they’ve got the quantum effects licked.

I have an alternate theory for what’s going to stop Moore’s law. Economics.

You’re no doubt laughing right now. Go ahead, get it out of your system. I’ll wait.

OK, better now?

As I was saying: economics will be the undoing of Moore’s law. It now costs so much to build a new plant to do production at the next feature size (node), that it becomes more and more difficult for the plants to pay for themselves. We’ve got the twin bugbears of power consumption and heat dissipation as well, and the costs for dealing with them.

I suspect that research will continue, and there will be niche products at ever smaller nodes (so Moore’s law won’t actually be dead), but mass-produced products are going to have to find more innovative ways to squeeze more performance out of chips rather than relying on the “shrink and ramp up the clock” method that has been going on for 30 years.

We’ve already seen the beginning - dual-core CPUs from AMD and Intel, Sony’s Cell architecture, the multi-core chip for the XBox360.

I suspect that with technologies like PCI-Express and HyperTransport that distributing computing over multiple packages will come back in to vogue, allowing for the distribution of power consumption (the new PentiumD 840 draws up to 125A on it’s 1.45v main power line), and heat dissipation (that chip can dissipate well over 100W at full operating load).

Intel has already demoed a CPU built on the 65 nm node, and heat concentration is even more problematic than at the 90 nm node. They had to go to 90 because clock speeds couldn’t go higher at 130. But it seems that the point of diminishing returns has been hit.

I suspect that if there are major performance gains to be had, they lie in either new semiconductor technologies (Bipolar hit the wall a long time ago, maybe CMOS time is nearly up), new design strategies, or even new materials.

Tags: Computers by Brian Corbino
Comments Off

For the past two days, my DSL has been resetting itself with some irregularity. I swapped out the Cayman router for the old DSL modem (relax, it’s still connected thru a Linksys). No joy. Then I realized that it was going down whenever I hung up the phone.

Then I realized that 2 days ago, I put in my new LCDs, and took the cordless phone off the desk. It had been connected to a line filter, but in its new home (the living room of death) it had no such thing. I put a filter on it, and the DSL has been up solid ever since. And I wasn’t using the cordless to make the calls!

Lesson: The filters aren’t there to protect the phone from DSL noise, they are there to protect the DSL from phone noise!

Tags: Computers by Brian Corbino
Comments Off

Trenton Computer Festival, 30th anniversary. Back to the beginning, at The College of New Jersey.

What struck me was just how small it’s become. The flea market is quite tiny now, under 200 tables. 18 years ago when I first started going, it was nearly 1,000 tables in the flea market. And the indoor fair is just as tiny.

Of course, that was not the original intent of TCF, but that’s why I always went. TCF was always about the talks, and the fora. I’ve been attending more of the talks in recent trips. Whether I’ll go next year is directly dependent upon who the keynote is, and what other speakers and fora will be happening.

This year’s keynote was Brian Kernighan. Yes, the ‘K’ in K&R. He gave a nice little talk about digital life. Nothing too geeky, but just geeky enough. He was talking mostly about the futility of trying to control the flow of information in a digital world. Turns out everything is just 1’s and 0’s!

There was a neat little (emphasis on little) exhibit of ancient history, including an operational PDP-8! Absolutely amazing piece of machinery. I want one. I have no idea what I would do with it, but I want it anyhow.

And there was a repeat performance of the Apollo Guidance Computer presentation. I’m still floored by that machine and what it did in the late 1960s.

Can you enjoy something and be disappointed at the same time? That’s about where I feel about it right now. I’ll probably go back next year, but it’ll most likely be for the speeches, and not the flea market.

Tags: Computers by Brian Corbino
Comments Off

My workstation ate itself last night. Not fun. It was crying about the registry being corrupted, although I was able to read the registry just fine with a recovery disc.

Interesting factoid: the SYSTEM registry file was 150 MB. On every other machine I own, and on other machines I looked at, this file was closer to 7-10 MB. This file has been like this for a while, if the restore point folders are to be believed.

Unbelievably enough, I was able to recover it with a Windows XP Repair installation. The system appears stable, and all my apps are still installed and working. And the SYSTEM registry hive is only 5.5 MB.

Anyhow, it’s running again, and the app that I blamed for the blowout (McAfee VirusScan) is installed and running happily.

Now we’ll see how long it lasts.

Tags: Computers by Brian Corbino
Comments Off

Symantec, as you may know, has a line of centrally managed enterprise anti-virus packages. Their software requires you to purchase annual licenses so that it will continue getting updates. I do not have a problem with this, as the money to pay for continuing Anti-virus research has to come from somewhere. But you’d figure that they would make it easy to do, right? No.

So, customer gets message that his subscription is expiring, and needs to go to X web site to purchase a renewal. After purchasing what he guesses is the right package (not like it gives you a PART NUMBER or anything), he buys it, and is told to click the “download” button to download the license. Except that there’s no download button.

After a very confusing e-mail exchange with Symantec, in which they assured him that he should have a download button, there was no resolution.

Three days later, a license file shows up in an e-mail to be installed with an undocumented license tool that took three hours to find!

Tell me again why I want to buy your product, if you are going to make it this difficult to continue using it?

Tags: Computers by Brian Corbino
Comments Off

Take THAT DMCA!

If you buy yourself the new Velvet Revolver CD and decide to play it on your Windows-based computer, do yourself a favor, and hold down Mr. Shift Key so it doesn’t autorun. Just before you see the “License Agreement” that tells you that they won’t let you listen to the CD in it’s unadulterated glory on your PC it installs a little driver on your system, without warning you, that makes the CD skip when you try to play it with any application that pulls the CD-DA data off the disc directly (pretty much everything once you get into XP-land).

Guess what, boys? That qualifies as a Trojan Horse! You broke federal law by installing this driver on my system without my explicit knowledge or permission. Very bad.

Anyhow, if you are unlucky enough to have been “infected” by this malware, it’s easy to kill off, and you don’t even need a reboot to do it on XP.
[Read more →]

Tags: Computers by Brian Corbino
Comments Off

Finally, something GOOD to write about.

Slackware 10 is out! Slackware 3.4 (or was it 3.3… have to dig it out) was the first linux distro I ever used (Kernel 1.9!).

Then there was Red Hat, and SuSE, and Debian, and…

But I’ve always held a special place in my heart for Slackware. Back in the good old days of dialup, and Walnut Creek (ftp.cdrom.com, now Digital River), and FLOPPY INSTALLS! Ahhh, memories.

So, I’ll probably buy it just to put my coin in to keep the project alive. You should too.

Tags: Computers by Brian Corbino
Comments Off