tag:blogger.com,1999:blog-67763933806369729282024-02-20T08:22:11.926+02:00JB's [John Brock] BlogFinally I get to tell others about my trials and tribulations!John Brockhttp://www.blogger.com/profile/03421209461143618070noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-6776393380636972928.post-74154076651377121032023-11-18T10:47:00.003+02:002024-01-23T13:32:26.594+02:00The Kingdom Resort - Pilansberg Park<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaVgucBadvxHIOuTVefFaxFMgcJ-Oxp29HtrHeoAPG1vaIQu8dKa2Gyes74exFrRbwPDCO7BBRja4glRl7g9ApCCHyFdo1hCfTu9nBz2qnxB2ONqiCQWgfbp9Am9DjlOPJNafUyPFmY_9a15b1gDDmowOyDQb4KupI1zB48hVKYv2oLHOM0yWYZW1ryMi5/s2310/20231116_150541.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1393" data-original-width="2310" height="193" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaVgucBadvxHIOuTVefFaxFMgcJ-Oxp29HtrHeoAPG1vaIQu8dKa2Gyes74exFrRbwPDCO7BBRja4glRl7g9ApCCHyFdo1hCfTu9nBz2qnxB2ONqiCQWgfbp9Am9DjlOPJNafUyPFmY_9a15b1gDDmowOyDQb4KupI1zB48hVKYv2oLHOM0yWYZW1ryMi5/s320/20231116_150541.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf6K8qEnoFwN9kKtv79BNIpMkxj5jXuQTmGIIAF34t1r1jvEBVkP4Mtl_6tsMbw5k2EBGw-js0Sj60AyyR9s18_EmYZ_FmGQ_6Bh0qPl0ZqR4sNACjUWTJpMJQ8mdg4MZvLNIvn_Sk7d7h_tThiFf0E2_m4mKPdrnv6y3n7HPJrecir12ZHhzeyNmNTqVa/s4160/20231116_114034.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3120" data-original-width="4160" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf6K8qEnoFwN9kKtv79BNIpMkxj5jXuQTmGIIAF34t1r1jvEBVkP4Mtl_6tsMbw5k2EBGw-js0Sj60AyyR9s18_EmYZ_FmGQ_6Bh0qPl0ZqR4sNACjUWTJpMJQ8mdg4MZvLNIvn_Sk7d7h_tThiFf0E2_m4mKPdrnv6y3n7HPJrecir12ZHhzeyNmNTqVa/s320/20231116_114034.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKnuZu8kEMlB9tgxYx-OOEZLcMCn0IahqvV-faOAE3VqCiIhXDdcI33KHNoEFdNPAgy-3qo5rhUmBADtJpqjuWWLE9spFJQu0wF1bASuD5lvN2W8ec42n1MAb3W4mrBlcD2ic4mFOAgsj4eO8ADqUtXiyveelA1sJLobX2NeEnHxxTGO_786pn8gIG8abC/s4160/20231116_114011.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3120" data-original-width="4160" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKnuZu8kEMlB9tgxYx-OOEZLcMCn0IahqvV-faOAE3VqCiIhXDdcI33KHNoEFdNPAgy-3qo5rhUmBADtJpqjuWWLE9spFJQu0wF1bASuD5lvN2W8ec42n1MAb3W4mrBlcD2ic4mFOAgsj4eO8ADqUtXiyveelA1sJLobX2NeEnHxxTGO_786pn8gIG8abC/s320/20231116_114011.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh761qxzv8-b6AQcT1NNGZODzYBgmHyOALRvTMvMWeascYLxwkB-lnvp4vN95z45bYDU1AduIw8gAfnVDgUvx_uSRiczBwz2E5SUpNadcHFwnaca85ILgB3ABQqduO7tEh9YcJrchAlI-Ri93hsgVWEWiH_zwq8tBBi_Wm0SiSxP71jkqSXDceXp9MF6ppp/s4160/20231116_084603.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4160" data-original-width="3120" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh761qxzv8-b6AQcT1NNGZODzYBgmHyOALRvTMvMWeascYLxwkB-lnvp4vN95z45bYDU1AduIw8gAfnVDgUvx_uSRiczBwz2E5SUpNadcHFwnaca85ILgB3ABQqduO7tEh9YcJrchAlI-Ri93hsgVWEWiH_zwq8tBBi_Wm0SiSxP71jkqSXDceXp9MF6ppp/s320/20231116_084603.jpg" width="240" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhidVyQj3JzWRoMHVYbFisqtgX6-29rZrM7KdIu-Q6NocWc6QndYcbM-gn4tbKip_GsUOK9fBONiASxn0gJL8PzTV19M0oKybxUJCvBNFFI3kydAAadSelzSRbnZ1BlqBH_Ydmsw5FBm-mrLPCA7ad8FJAcyTx0t24GbN2rEWJSMx_DppkdNaKMYbGko3Nv/s4160/20231116_084557.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4160" data-original-width="3120" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhidVyQj3JzWRoMHVYbFisqtgX6-29rZrM7KdIu-Q6NocWc6QndYcbM-gn4tbKip_GsUOK9fBONiASxn0gJL8PzTV19M0oKybxUJCvBNFFI3kydAAadSelzSRbnZ1BlqBH_Ydmsw5FBm-mrLPCA7ad8FJAcyTx0t24GbN2rEWJSMx_DppkdNaKMYbGko3Nv/s320/20231116_084557.jpg" width="240" /></a></div><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGsIXwuk8xwFEpAE8tnEAwp_04xPftuH87Na0ejO8A_2r2TyMsKaSURuUSEZUkFzzTa-4ONSUEb3ROnHaRwaMJVrUs34-NFb3gNbCxZbJjRYqknmWv-8Z4f23szMCw6nDEJWaSn5Sw1j1AusgTGN6SJUXals0WEPv7fEFDj9Ll02Y3HiCMKt49MquQTdTV/s2196/20231114_104842.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2196" data-original-width="1553" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGsIXwuk8xwFEpAE8tnEAwp_04xPftuH87Na0ejO8A_2r2TyMsKaSURuUSEZUkFzzTa-4ONSUEb3ROnHaRwaMJVrUs34-NFb3gNbCxZbJjRYqknmWv-8Z4f23szMCw6nDEJWaSn5Sw1j1AusgTGN6SJUXals0WEPv7fEFDj9Ll02Y3HiCMKt49MquQTdTV/s320/20231114_104842.jpg" width="226" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9UXWcoVubcO8me1__AZvW187NWxgjLfwJaye_jrIhphvpLlDNyHRhsxXYlD0o6X61riEzXwdX_K6i96DCOQ1qdzZ8M3SFehc4PVXatWhzEdpQ_YP-eMw02Fa5m1XmYYAkbKNFZR1mjhM-yVREEGeYJVJ1XJt08COd38cyIekRdQgEc96EMPgDgVfYYuug/s4160/20231114_105630.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3120" data-original-width="4160" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9UXWcoVubcO8me1__AZvW187NWxgjLfwJaye_jrIhphvpLlDNyHRhsxXYlD0o6X61riEzXwdX_K6i96DCOQ1qdzZ8M3SFehc4PVXatWhzEdpQ_YP-eMw02Fa5m1XmYYAkbKNFZR1mjhM-yVREEGeYJVJ1XJt08COd38cyIekRdQgEc96EMPgDgVfYYuug/s320/20231114_105630.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkPWBdE7u-bw928hNjEKa0ax-4NecMemDncFwsdxT3tKCjAC2LdX9jH78xhvCK6CNBV5mRD6wlyiI6TLLN1sCcCTxOeqASqyj1-kOIUiyd-U2Tl6d2LMx2upVzYPlTDfC0zlIgJHGlhxxsa-P704H-XMxRPu8wxGrJfXZo4LIj7Sj0vMWj_hbmfwBdGXgS/s4160/20231114_122307.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3120" data-original-width="4160" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkPWBdE7u-bw928hNjEKa0ax-4NecMemDncFwsdxT3tKCjAC2LdX9jH78xhvCK6CNBV5mRD6wlyiI6TLLN1sCcCTxOeqASqyj1-kOIUiyd-U2Tl6d2LMx2upVzYPlTDfC0zlIgJHGlhxxsa-P704H-XMxRPu8wxGrJfXZo4LIj7Sj0vMWj_hbmfwBdGXgS/s320/20231114_122307.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSgXwfM6gPMaI3rFLYEYp2dKgwnYGx0eSWEgcvZydQb4vvWHN79Em_370GNA7be0zuUfF90cZE8_5_5oZx-ma6EKkFWt3yvwYyHm8ABsNOA-FFnYsyo2ok-6VNOPZu28agKdg_Jr7aO1I5uEOBkeBgv-qoawNXQ6yn1dh5ezc9E8MOf6-KnKiM3RzzxSEz/s4160/20231114_125957.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4160" data-original-width="3120" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSgXwfM6gPMaI3rFLYEYp2dKgwnYGx0eSWEgcvZydQb4vvWHN79Em_370GNA7be0zuUfF90cZE8_5_5oZx-ma6EKkFWt3yvwYyHm8ABsNOA-FFnYsyo2ok-6VNOPZu28agKdg_Jr7aO1I5uEOBkeBgv-qoawNXQ6yn1dh5ezc9E8MOf6-KnKiM3RzzxSEz/s320/20231114_125957.jpg" width="240" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhznwfLXJ0vV_Mfr5_eM70szx1JWO6qBUuBsit7Hw-_KqODrrdZF88RrMyazLw-P1KxLl2zqI4TlaPexgoyJa1FVGbtErDbw5X4yp00_rFMIGxMa2gINOuXlerGCuEqUDP5gZu7JCBrxEzp7oZNIZnnsqArurFcxqKPjFIgA1Ksnmbzexkb9hvbshqG9YuP/s4160/20231114_170029.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4160" data-original-width="3120" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhznwfLXJ0vV_Mfr5_eM70szx1JWO6qBUuBsit7Hw-_KqODrrdZF88RrMyazLw-P1KxLl2zqI4TlaPexgoyJa1FVGbtErDbw5X4yp00_rFMIGxMa2gINOuXlerGCuEqUDP5gZu7JCBrxEzp7oZNIZnnsqArurFcxqKPjFIgA1Ksnmbzexkb9hvbshqG9YuP/s320/20231114_170029.jpg" width="240" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp4ZfNLnxoh7loRzq1dA2Mffg8i8yDv-tQxrd7SJlpmrzsFyKK1kTlF8Asj3rGIWjNqFOpVKek8oxE9lrozz5ZHX1wPpOQdyn4ULSZpMQLAK7GcGYbSCJ9QZ7B7pPD_8EHUCJHeZmGXzH4LNqdTaQfTcH5IFIul9fArtIxpD7SIaV5paJmFwKTlLKxCoOd/s4160/20231115_184320.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4160" data-original-width="3120" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp4ZfNLnxoh7loRzq1dA2Mffg8i8yDv-tQxrd7SJlpmrzsFyKK1kTlF8Asj3rGIWjNqFOpVKek8oxE9lrozz5ZHX1wPpOQdyn4ULSZpMQLAK7GcGYbSCJ9QZ7B7pPD_8EHUCJHeZmGXzH4LNqdTaQfTcH5IFIul9fArtIxpD7SIaV5paJmFwKTlLKxCoOd/s320/20231115_184320.jpg" width="240" /></a></div><a href="https://photos.app.goo.gl/PwowhbUrP6KhR1sW8" target="_blank">The Rest on Google Photo</a>s<br /><p></p>John Brockhttp://www.blogger.com/profile/03421209461143618070noreply@blogger.com0tag:blogger.com,1999:blog-6776393380636972928.post-73387224965074563082023-04-26T09:26:00.001+02:002023-04-26T09:26:52.362+02:00From a "Grumpy Man"<p><span style="font-family: verdana;"><span style="font-size: small;">I am fed up with load shedding. I am fed up with being woken up when the power comes back on in the middle of the night.</span></span></p><p><span style="font-family: verdana; font-size: small;">This post was written in anger.</span></p><p style="text-align: justify;">So
I have been a 'Grumpy [] Man' for a while now. Lots of things tend to
annoy me. If it isn't the dog from the back house above us barking, its
something else...</p><p style="text-align: justify;">Anyway
Blogger [this site] has some advantages over the Wordpress site.
Especially as it is free. It provides a simple means of getting whatever
out there for the rest of the 'internet'. It does not appear to have a
limit on storage and it doesn't impact your Google storage either. </p><p style="text-align: justify;">It can of course be accessed from anywhere you have an internet connection. </p><p style="text-align: justify;">Alright it doesn't have the 'social network' aspect built in or applied. Though you can earn cents from adverts on your 'blog'.</p><p style="text-align: justify;">I
find it so much easier to work with. My jbcs site was 'converted' to
Wordpress a while ago by Edith's son. And he left me to upload content
into the 'editor'. This proved to be too time consuming for me. I am a
retired electronics engineer with a dependent wife. I would take about
three-quarters of a day to type and place pictures into the 'editor'. It
is NOT a word processor. Which I would have preferred to use. </p><p style="text-align: justify;">My
usual 'thing to do' on a monthly basis was to upload the YL News. This
did not get done! As I would be always diverted or distracted by
something/someone else. </p><p style="text-align: justify;">With
Blogger, I can copy and paste text directly and upload pictures. Final
corrections and adjustments would take minutes. Sure things tend to jump
around on screen. Especially when you have a 'hesitant' connection to
the internet. But you can change the settings to suit when you need to.</p><p style="text-align: justify;">It
does spell checking and auto-saving when you are not typing. You will
see a little cloud change to a whirly circle and back to a cloud. A
cloud with a slash through it means it didn't manage to connect. It will
try again and become a cloud with a tick in it.</p><p style="text-align: justify;">There is more to come...</p><p style="text-align: justify;"><br /><br /></p><p></p>John Brockhttp://www.blogger.com/profile/03421209461143618070noreply@blogger.com0Roodekrans, Roodepoort, 1724, South Africa-26.1073654 27.8457956-54.417599236178845 -7.3104544000000011 2.2028684361788464 63.0020456tag:blogger.com,1999:blog-6776393380636972928.post-91045513211883753002022-06-02T11:39:00.002+02:002023-04-25T09:10:00.085+02:00I can't handle Wordpress!<p> I tried. I really did. But it needs far too much of my time to handle a post.</p><p>So I am giving up. Maybe I shall use this again.</p><p><br /></p><p>Lets see...</p><p><br /></p>John Brockhttp://www.blogger.com/profile/03421209461143618070noreply@blogger.com0tag:blogger.com,1999:blog-6776393380636972928.post-48745850250061955942011-04-28T10:02:00.001+02:002023-04-25T09:10:00.623+02:00This weekend has been informative, instructive and wet!A relatively peaceful weekend from Friday but with another 'incident' in Windows XP.<br /><br />My friend Roy, came to me with a "Scareware Virus" called MS Removal Tool. (My first thought was - what a good idea - maybe Ubuntu...) But no, this turned into a 'major mission' to remove and recover control of his PC. It would not allow him to use any of the standard anti-virus measures nor run any diagnostic software like 'Task Manager'. <br /><br /><br /><br /><b>How did he get it? </b><br /><br />Very simple, he went to a web site that had been 'click-jacked' and without him knowing, the 'virus' was installed on his PC. He was using Internet Explorer and he has Microsoft's Security Essentials. Unfortunately both are side-tracked and bypassed by this rogue software.<br /><br /><br /><br />This is the same category of malware that disrupted another client's PC recently. There it was called 'AntiVir'. It would not allow the user to remove the virus without going into 'safe mode'. This is not the easiest of methods for an inexperienced user who may have never seen 'Press F8 to enter safe mode.'<br /><br /><br /><br />[Since this time, a few more of my clients have come to me to 'remove' the 'ScareWare' worms and virri.]<br /><br /><br /><br /><br /><br /><div class="western" style="margin-bottom: 0mm; page-break-before: always;"><br /><span style="font-size: x-small;"><b>Live Security Platinum is the<br />latest 'scareware' worm to hit here in SA [2012]</b></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">This<br />worm/trojan puts up a 'front' and shows you a scanning of your hard<br />disk with a load of virii etc. While loading its 'hooks' into your<br />system to 'own' (pwn) it. </span><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><b>Live<br />Security Platinum – ThreatExpert submission [2012-07]</b></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">http://www.threatexpert.com/report.aspx?md5=e5602b9c25da9a41cf555b8e35af9742</span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">This<br />submission is dated 11th July 2012. So it is quite 'up to date'.</span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><b>New and Improved<br />Worms and Virii are being made right now. </b><br /></div><br /><div align="JUSTIFY" class="western" style="margin-bottom: 0mm;"><br /><b>'Scareware'<br />does more 'damage' to user confidence and productivity than previous<br />types. It also carries with it a 'payload' of worms and virii. Most<br />are detectable but some are variations that have not yet been<br />'captured' in the wild.</b></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div align="JUSTIFY" class="western" style="margin-bottom: 0mm;"><br />[The<br />'variation on a theme' seems to be prevalent as well. Meaning that<br />old and workable virusii can be 'recycled' into new and even more<br />upsetting variations. In the 'process' they are disguised so that the<br />latest anti-virus products do not recognise them.]</div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br />“<b>Data Recovery”<br />- what a joke!</b></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">This<br />was to be expected. As more and more 'black hats' discover the<br />usefulness of 'bots' and worms that really can do 'damage', they are<br />getting to release these on the day of your anti-virus 'update'.<br />Otherwise known as 'zero day exploits'. </span><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="color: red;"><b>DO<br />UPDATE YOUR Microsoft Security Essentials when you can.</b></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><b>DO NOT HAVE TWO OR<br />MORE Anti-Virus products installed on your PC. The Microsoft Security<br />Essentials, formerly called 'Windows Defender' works. Don't accept<br />Mcafee as part of ADOBE's update. You will have to de-install it<br />later if you do.</b></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western"><br /><span style="color: #7f7f7f;"><span style="font-size: x-small;">Sent<br />at 8:45 AM on Thursday</span></span></div><br /><div class="western"><br /><span style="font-size: x-small;">John: I see<br />my M$ sec essentials has gone from 411 to 601 in a few days. Your<br />contribution I am sure has helped 'update' it...</span></div><br /><div class="western"><br /><span style="font-size: x-small;">This is on my<br />'no 2' PC not my 'no 1' PC. This one was updated yesterday. And this<br />morning. Thanks Nick!</span></div><br /><div class="western"><br /><span style="font-size: x-small;">Now you<br />should start using FireFox and or Chrome. Also update Internet<br />Exploder to the latest possible version.</span></div><br /><div class="western"><br /><span style="color: #7f7f7f;"><span style="font-size: x-small;">Sent<br />at 9:20 AM on Thursday</span></span></div><br /><div class="western"><br /><span style="font-size: x-small;">John: I think<br />you should run 'Windows Update' as well now. The IE8 version has just<br />'re-installed' the activeX control for IE8 and Windows Update. I<br />think that the previous version has been 'compromised'.</span></div><br /><div class="western"><br /><br /></div><br /><div class="western"><br /><span style="font-size: x-small;">Yes! Install<br />it.</span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br />[Alternate <b>'Data<br />Recovery'</b> removal instructions:</div><br /><div class="western" style="margin-bottom: 0mm;"><br />1. First of all, you<br />need to unhide the files and folders. Select Run... from the Start<br />Menu or just hit the key combination CTRL+R on your keyboard. In the<br />Open: field, enter cmd and hit Enter or click OK.</div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br />At the command prompt,<br />enter attrib -h /s /d and hit Enter. Now, you should see all your<br />files and folders. NOTE: you may have to repeat this step because the<br />malware may hide your files again. --- This does work. But does not<br />remove all the 'hooks'. ]</div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><b>'By<br />the rivers of Babylon' – To 'remove' Babylon...</b></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">Open<br />a dos shell, or execute "RegEdit" through the launch menu.</span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">Find<br />the key: [taint there! WinXP]</span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><i>HKEY_LOCAL_MACHINE</i></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br />...</div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><i>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet<br />Explorer\About URLs\Tabs</i></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">and<br />change the entry that points to babylon search, to the one you desire<br />(be it google, bing, or whatever)."</span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><b>Alternate<br />removal: run </b></span><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">C:\Program<br />Files\Babylon\Babylon-Pro\Utils\uninstbb.exe </span><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><b>Microsoft<br />Security Advisory (2719615)</b></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><b>Vulnerability<br />in Microsoft XML Core Services Could Allow Remote Code Execution</b></span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;"><b>Published:<br />Tuesday, June 12, 2012</b> </span><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-size: x-small;">http://technet.microsoft.com/en-us/security/advisory/2719615</span></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br />[reply to email from client]</div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Hi<br />Steven </span></span><br /></div><br /><div class="western" style="margin-bottom: 1.76mm; margin-top: 1.76mm;"><br /><span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Thank<br />you for the nice compliments. I have never liked making money from<br />the misery of others. The sort of virii and worms we have today have<br />a far more devastating impact on the running of a business than last<br />century. </span></span><br /></div><br /><div class="western" style="margin-bottom: 1.76mm; margin-top: 1.76mm;"><br /><span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Your<br />'incident' has actually taught me a new way of counteracting the<br />'scareware'. I can now boot the infested PC with a memory stick or<br />CD. Then copy the Microsoft 'search and destroy' software to the hard<br />disk. Also at that time, I can remove any obvious infestation. Files<br />that are placed as a 'payload' by the scareware. Then rebooting into<br />safe mode with networking, I run the msert program. The program can<br />be deleted now as it only works for 10 days. Requiring an update at<br />that time. If you had let it alone, the PC would have 'announced'<br />itself on the Internet as a PC that can be 'owned' and run as part of<br />the extensive networks of 'Bots'. These 'Botnets' are used to deny<br />access to major servers and spam vast numbers of recipients. All<br />operating without your knowledge and participation. </span></span><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Little<br />wonder that 'organised crime' have found this more profitable than<br />drugs! </span></span><br /></div><br /><div class="western" style="margin-bottom: 0mm;"><br /><span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">All<br />of the best for the future. </span></span><br /></div><br /><div class="western" style="margin-bottom: 1.76mm; margin-top: 1.76mm;"><br /><span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Best<br />regards<br />John Brock</span></span><br /><br /><br /></div><br /><div style="text-align: center;"><br />--------------------------------------------------------------------------</div><br /><br /><br /><b>Tools of the trade</b><br /><br />Various web sites offer software 'tools' that will 'get rid of' this malware. One is:<br /><br /><b>Spyware doctor</b><br /><br />http://www.spyware-experts.com/ms-removal-tool/<br /><br />another is:<br /><br /><b>MalwareBytes Anti-malware</b><br /><br />http://www.malwarebytes.org/<br /><br /><br /><br />There are a lot of others, too numerous to go into here. Some give manual methods for removal. But state that this will be limited in effectiveness as the 'virus' changes the file names and registry entries on a daily basis. This also confirms the conclusion that I had come to, that no single anti-malware product is going to be 100% effective. <br /><br /><br /><br /><b>What did I use?</b><br /><br />I used the latest 'Hiren's Boot CD' to boot his PC into mini Windows XP. [You can download it from: http://www.hirensbootcd.org/download/] Then I ran three of the malware removal tools on that CD. All ran and said that they had completed a 'removal' or 'clean'. We then rebooted into his Windows XP and ran 'msert'. <br /><br /><br /><br />That is Microsoft's Safety Scanner tool that you can download from:<br /><br />http://www.microsoft.com/security/scanner/en-za/default.aspx<br /><br /><br /><br />This 'tool' runs, scans and removes with an up to date malware table. It 'expires' in 10 days so that you will always need to download the latest version.<br /><br /><br /><br />When we rebooted his PC into Windows, we found no trace of the virus. Thank goodness.John Brockhttp://www.blogger.com/profile/03421209461143618070noreply@blogger.com011 Spantou St, Roodepoort 1724, South Africa-26.1021 27.85521-26.1038825 27.852742499999998 -26.1003175 27.8576775tag:blogger.com,1999:blog-6776393380636972928.post-84024820345028743872011-04-28T10:02:00.000+02:002012-07-31T10:03:15.348+02:00This weekend has been informative, instructive and wet!A relatively peaceful weekend from Friday but with another 'incident' in Windows XP.<br />
My friend Roy, came to me with a "Scareware Virus" called MS Removal Tool. (My first thought was - what a good idea - maybe Ubuntu...) But no, this turned into a 'major mission' to remove and recover control of his PC. It would not allow him to use any of the standard anti-virus measures nor run any diagnostic software like 'Task Manager'. <br />
<br />
<b>How did he get it? </b><br />
Very simple, he went to a web site that had been 'click-jacked' and without him knowing, the 'virus' was installed on his PC. He was using Internet Explorer and he has Microsoft's Security Essentials. Unfortunately both are side-tracked and bypassed by this rogue software.<br />
<br />
This is the same category of malware that disrupted another client's PC recently. There it was called 'AntiVir'. It would not allow the user to remove the virus without going into 'safe mode'. This is not the easiest of methods for an inexperienced user who may have never seen 'Press F8 to enter safe mode.'<br />
<br />
[Since this time, a few more of my clients have come to me to 'remove' the 'ScareWare' worms and virri.]<br />
<br />
<br />
<div class="western" style="margin-bottom: 0mm; page-break-before: always;">
<span style="font-size: x-small;"><b>Live Security Platinum is the
latest 'scareware' worm to hit here in SA [2012]</b></span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">This
worm/trojan puts up a 'front' and shows you a scanning of your hard
disk with a load of virii etc. While loading its 'hooks' into your
system to 'own' (pwn) it. </span>
</div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><b>Live
Security Platinum – ThreatExpert submission [2012-07]</b></span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">http://www.threatexpert.com/report.aspx?md5=e5602b9c25da9a41cf555b8e35af9742</span></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">This
submission is dated 11th July 2012. So it is quite 'up to date'.</span></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<b>New and Improved
Worms and Virii are being made right now. </b>
</div>
<div align="JUSTIFY" class="western" style="margin-bottom: 0mm;">
<b>'Scareware'
does more 'damage' to user confidence and productivity than previous
types. It also carries with it a 'payload' of worms and virii. Most
are detectable but some are variations that have not yet been
'captured' in the wild.</b></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div align="JUSTIFY" class="western" style="margin-bottom: 0mm;">
[The
'variation on a theme' seems to be prevalent as well. Meaning that
old and workable virusii can be 'recycled' into new and even more
upsetting variations. In the 'process' they are disguised so that the
latest anti-virus products do not recognise them.]</div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
“<b>Data Recovery”
- what a joke!</b></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">This
was to be expected. As more and more 'black hats' discover the
usefulness of 'bots' and worms that really can do 'damage', they are
getting to release these on the day of your anti-virus 'update'.
Otherwise known as 'zero day exploits'. </span>
</div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="color: red;"><b>DO
UPDATE YOUR Microsoft Security Essentials when you can.</b></span></div>
<div class="western" style="margin-bottom: 0mm;">
<b>DO NOT HAVE TWO OR
MORE Anti-Virus products installed on your PC. The Microsoft Security
Essentials, formerly called 'Windows Defender' works. Don't accept
Mcafee as part of ADOBE's update. You will have to de-install it
later if you do.</b></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western">
<span style="color: #7f7f7f;"><span style="font-size: x-small;">Sent
at 8:45 AM on Thursday</span></span></div>
<div class="western">
<span style="font-size: x-small;">John: I see
my M$ sec essentials has gone from 411 to 601 in a few days. Your
contribution I am sure has helped 'update' it...</span></div>
<div class="western">
<span style="font-size: x-small;">This is on my
'no 2' PC not my 'no 1' PC. This one was updated yesterday. And this
morning. Thanks Nick!</span></div>
<div class="western">
<span style="font-size: x-small;">Now you
should start using FireFox and or Chrome. Also update Internet
Exploder to the latest possible version.</span></div>
<div class="western">
<span style="color: #7f7f7f;"><span style="font-size: x-small;">Sent
at 9:20 AM on Thursday</span></span></div>
<div class="western">
<span style="font-size: x-small;">John: I think
you should run 'Windows Update' as well now. The IE8 version has just
're-installed' the activeX control for IE8 and Windows Update. I
think that the previous version has been 'compromised'.</span></div>
<div class="western">
<br /></div>
<div class="western">
<span style="font-size: x-small;">Yes! Install
it.</span></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
[Alternate <b>'Data
Recovery'</b> removal instructions:</div>
<div class="western" style="margin-bottom: 0mm;">
1. First of all, you
need to unhide the files and folders. Select Run... from the Start
Menu or just hit the key combination CTRL+R on your keyboard. In the
Open: field, enter cmd and hit Enter or click OK.</div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
At the command prompt,
enter attrib -h /s /d and hit Enter. Now, you should see all your
files and folders. NOTE: you may have to repeat this step because the
malware may hide your files again. --- This does work. But does not
remove all the 'hooks'. ]</div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><b>'By
the rivers of Babylon' – To 'remove' Babylon...</b></span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">Open
a dos shell, or execute "RegEdit" through the launch menu.</span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">Find
the key: [taint there! WinXP]</span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><i>HKEY_LOCAL_MACHINE</i></span></div>
<div class="western" style="margin-bottom: 0mm;">
...</div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><i>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\About URLs\Tabs</i></span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">and
change the entry that points to babylon search, to the one you desire
(be it google, bing, or whatever)."</span></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><b>Alternate
removal: run </b></span>
</div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">C:\Program
Files\Babylon\Babylon-Pro\Utils\uninstbb.exe </span>
</div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><b>Microsoft
Security Advisory (2719615)</b></span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><b>Vulnerability
in Microsoft XML Core Services Could Allow Remote Code Execution</b></span></div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;"><b>Published:
Tuesday, June 12, 2012</b> </span>
</div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-size: x-small;">http://technet.microsoft.com/en-us/security/advisory/2719615</span></div>
<div class="western" style="margin-bottom: 0mm;">
<br /></div>
<div class="western" style="margin-bottom: 0mm;">
[reply to email from client]</div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Hi
Steven </span></span>
</div>
<div class="western" style="margin-bottom: 1.76mm; margin-top: 1.76mm;">
<span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Thank
you for the nice compliments. I have never liked making money from
the misery of others. The sort of virii and worms we have today have
a far more devastating impact on the running of a business than last
century. </span></span>
</div>
<div class="western" style="margin-bottom: 1.76mm; margin-top: 1.76mm;">
<span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Your
'incident' has actually taught me a new way of counteracting the
'scareware'. I can now boot the infested PC with a memory stick or
CD. Then copy the Microsoft 'search and destroy' software to the hard
disk. Also at that time, I can remove any obvious infestation. Files
that are placed as a 'payload' by the scareware. Then rebooting into
safe mode with networking, I run the msert program. The program can
be deleted now as it only works for 10 days. Requiring an update at
that time. If you had let it alone, the PC would have 'announced'
itself on the Internet as a PC that can be 'owned' and run as part of
the extensive networks of 'Bots'. These 'Botnets' are used to deny
access to major servers and spam vast numbers of recipients. All
operating without your knowledge and participation. </span></span>
</div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Little
wonder that 'organised crime' have found this more profitable than
drugs! </span></span>
</div>
<div class="western" style="margin-bottom: 0mm;">
<span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">All
of the best for the future. </span></span>
</div>
<div class="western" style="margin-bottom: 1.76mm; margin-top: 1.76mm;">
<span style="font-family: Verdana,sans-serif;"><span style="font-size: x-small;">Best
regards<br />John Brock</span></span><br />
<br /></div>
<div style="text-align: center;">
--------------------------------------------------------------------------</div>
<br />
<b>Tools of the trade</b><br />
Various web sites offer software 'tools' that will 'get rid of' this malware. One is:<br />
<b>Spyware doctor</b><br />
http://www.spyware-experts.com/ms-removal-tool/<br />
another is:<br />
<b>MalwareBytes Anti-malware</b><br />
http://www.malwarebytes.org/<br />
<br />
There are a lot of others, too numerous to go into here. Some give manual methods for removal. But state that this will be limited in effectiveness as the 'virus' changes the file names and registry entries on a daily basis. This also confirms the conclusion that I had come to, that no single anti-malware product is going to be 100% effective. <br />
<br />
<b>What did I use?</b><br />
I used the latest 'Hiren's Boot CD' to boot his PC into mini Windows XP. [You can download it from: http://www.hirensbootcd.org/download/] Then I ran three of the malware removal tools on that CD. All ran and said that they had completed a 'removal' or 'clean'. We then rebooted into his Windows XP and ran 'msert'. <br />
<br />
That is Microsoft's Safety Scanner tool that you can download from:<br />
http://www.microsoft.com/security/scanner/en-za/default.aspx<br />
<br />
This 'tool' runs, scans and removes with an up to date malware table. It 'expires' in 10 days so that you will always need to download the latest version.<br />
<br />
When we rebooted his PC into Windows, we found no trace of the virus. Thank goodness.John Brockhttp://www.blogger.com/profile/03421209461143618070noreply@blogger.com011 Spantou St, Roodepoort 1724, South Africa-26.1021 27.85521-26.1038825 27.852742499999998 -26.1003175 27.8576775