Sunday, December 14, 2008

Er… that was a long break…

Sorries! ^^;

We finished our final exams earlier this month, and lately I’ve been taking a break from most stuff, and catching up on my artwork. Don’t worry, I’ll finish my blog series :D

Project Nelson 1.0 Build 19 is well under way, and I hope to release it next month. I’ll also be putting up some of the other stuff I’ve been working on, but I probably’ll have to do it next month as well.

Oh, and I finally bought a copy of Windows Vista! It’s here, sitting all nice and shiny on my main computer. It means I can work out all the bugs of PN on Vista, implement UAC support, all that rot. ;) (It also means I no longer have to test against a beta version on a old computer that still thinks it’s 2006… ^^)

Tuesday, September 23, 2008

Bad Things Programmers Do

Saturday, September 20, 2008

The recent increase in male pregnancy is a big contributor to global warming.

Apparently, I’m in some video on YouTube:

It appears I’ve been a Asian immigrant from The China all this time and never knew it. :)

Tip o’ the hat to the people from 10ASJ.

Sunday, August 24, 2008

Spatial Browsing: The Case For The Explorer

Saturday, July 19, 2008

Project Nelson, meet world

Tuesday, July 01, 2008

Congratulations!!! You are that expert!

As the three of you who read my blog will probably know, our school just[1] had its mid-year exams. Yay. It’s also almost time for winter holidays (next week..) Yays!

One of my problems with story-based word problems is that they seem too... kludgy, too contrived. I mean, why would some big-wig professional-type dude hire a kid who’s half-failing math as it is to do their consulting work?

The title, btw, is a direct quote from our Sampling test. Clearly, one exclamation mark didn’t suffice in conveying just how exciting mathematics really is.

Footnotes:

[1] The word “just” here meaning “over the period of about three weeks”.

Friday, May 02, 2008

Software, freeze!

Friday, March 21, 2008

We're geeks bearing gifts...

Sunday, February 10, 2008

Welcome to teh blog!

Well, here it is. Meh new bloggeh! Feel free to make yourselves at home, but don't touch the walls - the paint's still a little wet. :D

Well, there's some anecdotes that happened over the summer that I've forgotten to blog about. Rest assured, they're coming... So too are some geeky stuff, but I'm sure you're all used to that by now. :)

--MarkKB

Sunday, February 03, 2008

Moving...

This post was originally posted at my Windows Live Spaces blog. Yes, I'm well aware of the irony involved. [View original post]

I'm sorry, Windows Live Spaces. No, it's not you, it's me.

Okaaay, bad metaphor. Still, the fact remains that I'm moving this blog to http://markkeyb.blogspot.com/. For the four or five people who read this blog (yes, that's an overestimation), that means you'll get to see new posties an' stuff. For everyone else... well... I'll give you candy? OK, well I can't give you candy due to obvious technological hurdles, but the instant they invent a way of transferring candy over the Internet, I'll be right on it. ;)

What about all the old posties? Well, they're coming too, so you don't have to switch between blogs to see them. It also makes it easier for those types who read all the posts to the beginning and then moan about having to go back yet another blog. :D

See ya on the other side!
--MarkKB

Sunday, January 06, 2008

Trojans, locking and scams, oh my!

This post was originally posted at my Windows Live Spaces blog. [View original post]

Disclaimer: While this post is about something that happens to everybody, it might get a tad too geeky[1]. Continue at your peril.
Note: This account is based on what I remember, and so might be a smidge inaccurate. I only took a few screenshots, and in hindsight I realise I probably should have taken more. Ah well, what's done is done.
I'd also like to note that I don't usually do stuff like this. It just so happens that my bro's computer got a trojan that I needed to manually remove, and I like to tell you guys about my experiences. However, I don't go out looking for nasties just to document them. Such things are best left to the likes of Paperghost and the Sunbelt guy(s).

While I was going to post about this sometime-or-another, what prompted me to do so today was a post I came across in the security-minded Sunbelt Blog with a chillingly familiar screenshot. (You'll see how familiar in a second.) The Sunbelt post is more investigative on the who rather than the what, but it's still an interesting read.

One day in late December, my younger brother Andrew mentioned something like "Windows XP [on his computer] needs to activate". I thought it was odd, as nothing went wrong during activation (I had recently reinstalled it), and I decided I would do something about it the next day.

The next day came, and Andrew called the problem to my attention again. Looking at the screen, I saw the following:

trojan-2

Riiiiiight. Clicky-button probably equals lotsa nasties. This was a trojan horse.

Cleverly, the usual key combinations (<Ctrl>+<Alt>+<Del>, <Ctrl>+<Shift>+<Esc>, <Alt>+<F4>, <Super>+Anything[2]) had been disabled, the only recourse being to reboot your computer or to give in to the program's demands. Note that the keys work fine until the program pops up, suggesting some kind of key-hooking.

So I rebooted into Windows 2000 and scanned the computer for evil stuff with Spybot.

spybot-18

16 nasties found and removed = problem gone, right?

trojan-2 trojan-1-0

Wrong. This time it also popped up with what seemed like an IE shell (selectable text, permanent scroll bar to the right, right-clickyness). Oh, and the spelling! What exactly is "exprited" anyway, death by Sprite? I guess when you drink several bottles in a row, it could get rather dangerows...

OK, enough with the bad puns. During the process of trying-to-beat-the-trojan-at-startup, I discovered that if you open the start menu and leave it open while the program loads, it stays up, thus enabling me to run Windows Explorer, and thus Task Manager, with which I can kill the offending processes (locker.exe and iexplore.exe). Me 1, Trojan 0.

During this, I had noticed two interesting things: The "IE shell" wasn't one at all, but rather Internet Explorer itself, stripped down to its bare bones. If one had his Search sidebar up, it would also appear in the trojan-thingy, and so I had a little fun using it as an actual web browser. Also, once you terminated "locker.exe", the keys listed above would continue to be inoperable. A separate TSR perhaps?

It's registry time! As the trojan had seemingly also removed msconfig, I traversed to HKLM\Microsoft\Software\Windows\CurrentVersion\Shell\Run. Sure enough, we had a key that launched something called "License". So, on a hunch, I looked up App Paths. Bingo! "License" linked to locker.exe. Removing both entries ensured that locker.exe would never darken our startup again. Two for two!

Another interesting thing is that it seems to have eaten the Computer Browser, Security Center and Windows Firewall services. As a result, it can't explore the local network, the computer's wide open and the security center won't tell you about the lack of a firewall.

Of cause, many trojans install themselves into the Windows directory, and so I travelled there and surprise, surprise: locker.exe. Sorting by date revealed two other files created the same day as locker.exe: WinLockDll.dll, and wl.exe. So I moved them to a zip file where they could no longer do no harm (at least, in theory), intending to send them as samples to a security research thingy. With all due respect to Batman, BIFF! BAM! POW!

So, if I'm right, locker.exe uses either wl.exe or WinLockDll.dll to "lock" the computer. It then proceeds to display a screen prompting you to renew your license (the black one), and then launches IE (presumably with arguments that force it to shed most of it's stuff) which shows a (webpage-based) fake anti-whatever downloader. Or something.

trojan-1-3 trojan-1-1 trojan-1-0 trojan-1-2

The webpage in itself is quite interesting. It starts off with a loading graphic (far left). Once the dialog is "loaded", it "attempts" to download some "update files" on a public channel (mid left) with a ridiculously long estimation. It then "fails" (mid-right). The private channel is advertised as being a ridiculously short estimation (35 sec v. two days?) but, of cause, you have to pay for it. A nice touch is that the dialog is moveable (far right).

The whole charade seems to be aimed at those people who frequently download from "free" file hosting services and/or GameSpy's file download site, both of which usually advertise free vs premium accounts, where premium dudes don't have to wait in line and/or get faster servers. Most people will look at it and think "getting in my way, must get rid of it", which, of cause, means "activating" your "account", and won't even look at the rest of the stuff.

So, now we have a de-gunkafied computer, although it looks like I might have to do a repair reinstallation of Windows XP (again). Ah well. Happy new year, and may your days be without malware!

Footnotes:

[1] Mandatory disclaimer, as most of the readers of this blog will be my peers in high school.

[2] <Super> is more commonly known as the Windows key.