Spyware: My Web Search (MWSOEMON.EXE)

My dad's been installing random stuff again.
It seems some spyware has gotten through.

Luckily, its pretty straight forward to get rid of.

Just go to the "Control Panel" and then "Add/Remove Programs" and uninstall "MyWebSearch".

[ Source ]

Typical Infected folders:

  • c:\program files\mywebsearch

Uninstall Myway MySpeedbar. It might be called 'My Search Bar', 'MyWay Speed Bar' or 'My Web Search Bar'. Remove what you find. Also remove 'Fun Web Products Easy Installer' if it is present.

Reboot and scan using SpyBot to ensure that it is gone.

Increase hard drive size for VMware disk

1. Open up command prompt.
2. Go to your installation of VMware (ie. "C:\Program Files\VMware\VMware Workstation")
3. Type: vmware-vdiskmanager -x sizeGb "filename"

Example
vmware-vdiskmanager -x 20Gb "K:\Virtual Machines\Kubuntu\vmware-vdiskmanager.exe"
4. Once you're done with that, use some software within the VM to change the partition size.
Linux generally have their own partition software within the setup CD/DVD, whereas Windows would have Acronis Disk Director or Partition Magic.

Personally I'd install Disk Director, because I've lost data on my actual computer before when using Partition Magic. Plus its now a Symantec product, which brings to mind the expression "the cure is worse than the disease".

Either way, the demo would work fine since its a VM.

[ Source ]

*edit 30/03/2009*
I've noticed alot of people getting to this blog in hopes to find a way to stop VM ware from lagging your computer after you suspend a guest.

Google seems to be returning the wrong results as the menu contains a link to the right post.

You can find that post here.

Useful ways of using an FTP server on your desktop

While searching through the net on various ways to set up my SVN server, I found a few tutorials on "how to map an FTP drive", some of which was utter bullshit as it only created a stupid shortcut in your Windows Explorer. [ Example 1, Example 2 ]


1. Use an FTP client
OK, this one is pretty straight forward.
Download a client like CuteFTP, SmarFTP or FileZilla and you're on your merry way.


2. Create a shortcut
Handy, but not terribly useful. As shown in the example earlier, simply right-click "My Computer" and select "Map Network Drive".

A wizard dialog appears, and click on the "Sign up for online storage or connect to a network server" link at the bottom.

Skip the intro page of the new wizard. Select "Choose another network location" and enter in your FTP address, such as "ftp://ftp.blogspot.com".

Next you can enter in your account details and give it a name.

Whalla, it appears under "My Network Places" with the given name, and also "Internet Explorer" as the given FTP address.

This method allows for drag and drop functionality as well as cut/copy/paste too.

Free Image Hosting at www.ImageShack.us


3. WebDisk
If your web host is using cPanel as a CMS, you can access your host via WebDisk.

In your cPanel home page, click on "Web Disk" and then "Access Web Disk".

Select the appropriate operating system and follow the instructions from there.

Its not as versatile as the shortcut method, but this would work for other operating systems.

Free Image Hosting at www.ImageShack.us


4. Map to a drive using WebDrive (3rd party software)
South River Technologies have developed a nifty peice of software called WebDrive, which allows you to map various protocols to a Windows drive. Unfortunately, it isnt free.

Once you've set up the details for your FTP site and assign it a letter, it'll work like a normal folder in your Windows Explorer. Definitely my favourite solution by far.

Free Image Hosting at www.ImageShack.us

4 WebDrive - UNC Paths (Optional)
WebDrive also has an option to create a UNC path for this mapped FTP site, making it accessible via the path format of "//hostname_of_your_choice/share_folder". This is the method I used to set up my SVN server.

The options can be found under the "Advanced" item of the site properties dialog.

Remove Bonjour! (mDNSResponder.exe)

Bonjour is Apple's implementation of set of techniques which allow for a zero-configuration IP based network. It comes standard with Mac OS X, and mDNSResponder.exe is the Windows port/version.

In laymens terms, that translates to a simple setup of devices on a network which "just work" without the need of specialised servers or configuration. It makes it easier to find printers, other computers, share files, etc.

The service runs in the background broadcasting your networking information so other devices (such as printers) can respond if they offer a service you may require.

I've noticed it bundled in installers such as Adobe Photoshop, Skype and iTunes.
The annoying thing is theres no uninstallation option for it!

For me, being the sort that likes to set things up myself, I don't need it.
And it is annoying having another application running unecessarily in the background.

To remove Bonjour, follow the steps below:

1. Open command prompt.
2. Type: "cd %PROGRAMFILES%\Bonjour"
3. Type: "mDNSResponder.exe -remove"
4. Type: "rename mdnsNSP.dll mdnsNSP_old.dll"
5. Restart your computer.
6. Once Windows has rebooted, delete that folder and its contents.

Sources
ProcessLibrary, Raymond.cc, Wikipedia

SVN server on Windows XP with repository on remote FTP server

The situation:
My dad's computer died about a fortnight ago. With it down, the SVN repository containing all my nerdish projects also went missing.

So, I took the opportunity to start fresh and rework the structure of my Subversion server.


The plan:
I am going to set up my PC as the server, and store my repository on a remote FTP server online. Since my web host provides daily backups, I wont lose my projects anymore!

I would connect to my FTP server as a mapped network drive, and give it a drive letter. That way, I could treat it like a normal directory and it'd just work. Sweet!

The last time I set up SVN as a service, it was a walk in the park...
This time... "Its just an upgrade to the server, what could go wrong?"
Answer: Lots.


What happened?
So I downloaded SVN from the official site. You can select binary packages for either "Apache 2.0" or "Apache 2.2". (In case you're wondering, download the binaries with the filename similar to "svn-win32-1.5.4.zip")
Personally I dont really care as I dont integrate it with Apache, but its best to pick the version which matches in case you change your mind later down the track.

Extract the contents of the file to where you want SVN to be installed.
For me, I set it up at "C:\Server\svn".


(Optional)
Add ";C:\Server\svn\bin" to your %PATHS% environment variable.
To do that, right click "My Computer" > "Properties" > "Advanced" > "Environment Variables".
Select "Path" from the "System Variables" list and append the string.


Creating a service
Before typing up the commands, be sure to note that the syntax requires a space AFTER the "=" sign. I don't know why Microsoft decided upon that syntax, its stupid.

[ Source ]
To install svnserve as a native Windows service, execute the following command (all in one line).

sc create subversion binpath= "C:\Server\svn\bin\svnserve.exe --service --root Z:\svn_repository" displayname= "Subversion" depend= tcpip start= auto

If any of the paths include spaces, you have to use (escaped) quotes around the path, like this:

sc create subversion binpath= "\"C:\Program Files\Subversion\bin\svnserve.exe\" --service --root C:\ServerFiles\svn_repository" displayname= "Subversion" depend= tcpip start= auto
A breakdown of the command arguments is shown below.
  • "sc create subversion"
    Creates a service named "subversion".
  • "binpath= "
    The executable file.
  • "--service"
    Run it within the Windows native service wrapper.
  • "--root= "
    The root folder for repositories.
  • "displayname= "
    A nice name for the service in the Service Manager.
  • "depend= "
    Dependencies for this service.
  • "start= "
    The starting method.
For more information, see the Microsoft's KB251192.
If you typed something wrong, type "sc delete subversion" to delete the service and start again.

Once created, type "net start subversion" to start it.
If you encounter any error messages, refer to "the problem" section later in this post.


Creating a repository
As I have chosen "Z:\svn_repository" as the root repository folder, thats where all the repositories should be created.

To create a new repository, type "svnadmin create "Z:\svn_repository\new_repository_name""

Using an SVN client (I prefer to use TortoiseSVN), check out a copy of the repository by entering "svn://localhost/new_repository_name" as the location.


Authentication
Once you've tested your repository and know it works, modify the "svnserve.conf" file to disallow anonymous read access by adding the line "anon-access = none" under "[general]".

Also, uncomment the use of the password file where it says "password-db = passwd".
Edit the "passwd" file and give yourself an account.


The problem
Sometime between v1.4 and 1.5, the folks at SVN decided to add native Windows service support to "svnserve.exe".

[ Notable sources: Source 1, Source 2 ]
Although this may seem great, it makes life horrible for people who want to stash their repository on a mapped network drive. Services, by default, are run on the account "NT Authority\Local Service", which has no access to mapped network drives.

When trying to start the service from the Service Manager, I kept getting an error message.
Error 1053: The service did not respond to the start or control request in a timely fashion.
Spent a good few hours learning that lesson.
Great, there goes my initial idea.
Up until now its been smooth sailing.

I've tried running as my current login, giving it a password, changing to interact mode, switching to "NT AUTHORITY\NETWORK SERVICE" account and so many other little things that its caused me so much mental distress that my mind choses not to remember. They all failed.

Luckily, all that research didn't go to waste as I discovered an alternative, which is to access the FTP via a UNC pathname.

[ Crosspost: How to configure WebDrive ]
So rather than using "Z:\svn_repository", I configured the FTP server to a UNC path "//uncpath/home" using WebDrive.

The command to create a sevice becomes...
sc create subversion binpath= "C:\Server\svn\bin\svnserve.exe --service --root //uncpath/home/svn_repository" displayname= "Subversion" depend= tcpip start= auto
Now my SVN server runs off my home PC and stores the files onto the remote host via FTP.

In the wise words of Jeremy Clarkson, "SWEEEEEEEET!"

Spyware: Remove Infostealer.Avisa

Since the download off the official site wasn't running at full speed, I decided to grab the demo off bit torrent instead. After (stupidly) installing a program from bit torrent, without first checking the comments, I had trouble moving the setup files after I was done.
Doing a little snooping, I was surprised to find a few extra executables in my Task Manager with somewhat suspicious filenames.

There were 2 instances of "rundii32.exe", as opposed to the usual "rundLL32.exe".

Great! Less than 2 weeks ago I got another virus, wasting another day off.
What a way to kill time.
I'm setting a new record here folks!

The culprit (File properties):
Filename:rundii32.exe
Size:1.30 MB (1,372,160 bytes)

How it got there:
Stupidly I didnt check the comments on the torrent before downloading and installing.

The installer was bundled with a trojan which extracted itself upon execution, making it seem authentic as the application actually installed properly.

The damage:
I'm still not quite sure which strand it was, but it created a file called "rundii32.exe" within the temporary folders "%TEMP%\IXP000.TMP" and "%TEMP%\IXP001.TMP" (where "%TEMP%" is your system temporary folder).

This may just be in my case, as it is a common trait of installer packagers to put files into directories with that naming convention.

I suppose these executables sit around and steal info.

Also, it adds itself into the startup.

The fix:
A nifty program that scans your running tasks (and startup) is Trend Micro HijackThis.
(Yes, I was surprised to find that Trend bought them out too!)

A quick scan showed that it had added itself to RunOnce, so to remove it...
I fired up TuneUp Utilities Registry Editor again.

Locating the keys within "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce", delete the 2 entries which refer to "IXP000.TMP" and "IXP001.TMP".

Now type in "%TEMP%\IXP000.TMP" and "%TEMP%\IXP001.TMP" into explorer to locate the "rundii32.exe" files and delete them.

That should be enough to clear it.
A through scan with an updated antivirus afterwards should do the trick.

What is SVCHOST.EXE ?

Alot of the time I check services through the services manager ("Start" > "Run" > "services.msc"). That's all fine and dandy if you just want to start/stop/disable them, but if one goes rouge and hogs up your memory or cpu time, the Windows XP "Task Manager" wont show you what it is (unless you're running Vista, but I'd rather use LinuxMint).

All that it shows in the Task Manager are a bunch of "svchost.exe" processes. These executables provide a common entry point to execute services (in either DLL or executable formats).

So if you need to know what service resides within the "svchost.exe" which is causing you problems, go to Task manager and then "View" > "Select Columns" to ensure that PIDs are showing. Keep the task manager open.

Then open up command prompt and type "tasklist /svc" to list all services. Find the service information by matching the PID from Task Manager.

Software Update Checker

One day I was curious to see if someone had a good implementation of an idea I had.
Something that checks all the software on my computer to see if it is up to date, and provided some sort of mechanism to update things easily.

Well, its been done already and pretty well at that!

FileHippo have a pretty good software database already and their software seems pretty accurate!
http://www.filehippo.com/updatechecker

Give it a go. Its a tiny download if you use the standalone.
No installation required.

Remove Dell Solution Center link from Start Menu

For those who cant be stuffed reformatting the O/S from the factory default, you can remove the "Dell Solution Center" from the start menu by following the steps below.
  1. Right click on the taskbar and click "Properties"
  2. Click on the "Start Menu" tab and then "Customise"
  3. Click on the "Advanced" tab
  4. Under "Start menu items", scroll down to find "Manufacturer link" and untick it.
  5. Click OK and save your settings.
The settings should take place immediately.

Marvel Ultimate Alliance: Disable Intro Movies

[ Source ]
Props to GoldDragon (for this hack) and Marvel (for this awesome game!)

Its ridiculous how many intro movies they have at the start of this game!
No matter how awesome this game is, I cant stand pressing enter to skip about 6-7 intro movies everytime I play it!
I mean I dont mind them showing that the first time, but cmon!

Yet, theres a surprisingly simple way of disabling the bulk of them.

1. Find the folder which you installed MUA.
2. Explore to the folder "scripts\menus\" and backup "intro_normal.py"
3. Once backed up, edit the original file using Notepad.
4. Comment out every line by adding a "#" character in front of it, except for "openmenu("main_beenox")" so it looks like this.
#startMovie("i102", "afterMovie1")
#waitsignal("afterMovie1")
#startMovie("i101", "afterMovie2")
#waitsignal("afterMovie2")
#startMovie("i103", "afterMovie3")
#waitsignal("afterMovie3")
#startMovie("i100", "afterMovie4")
#waitsignal("afterMovie4")
#startMovie("i104", "afterMovie5")
#waitsignal("afterMovie5")
#startMovie("i105", "afterMovie6")
#waitsignal("afterMovie6")
openmenu("main_beenox")

Starting MUA will still show the ESRB screen, followed by the main menu.
The cursor will not show, but still work. You can still navigate using the keyboard as usual.
Once the game has started, the mouse will reappear and behave as usual.
To keep the mouse in the menu, leave at least one video active.

W32.Harakit

Being a lazy Sunday, I decided to clean up some folders on my computer.
I noticed in my Shared folder that there was a file named "gfvjfe.exe" with the folder icon.
Stupidly, I double-clicked it and executed it thinking it'd browse into it.
When nothing happened, I instantly realised I've been had and disabled my internet connection.

Quickly skimming through task manager processes, nothing seemed out of place.
My Windows Explorer options were changed though, hidden files were now hidden and system folders/files arent showing.

Something is up.

The culprit (File properties):
Filename: gfvjfe.exe
File version: 5.0.0.2
Language: Russian
Size: 497kb

How it got there:
It spreads itself via the network through share folders which have write access or removable drives. Luckily, its fairly simple to fix and doesnt do much damage.

The damage:
It creates a file called "csrcs.exe" in the System32 folder under Windows.

First notable change, as already mentioned, is that it hides hidden/system folders and files.

Second noticable change was that csrcs.exe attempts to create "autorun.inf" in system32, triggering my NOD32 to display a giant red screen.

The fix:
Using task manager to kill off csrcs.exe, I then deleted it and scanned my registry.

It links itself in the registry in the following locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Edit the "Shell" key from "Explorer.exe csrcs.exe" to "Explorer.exe"
Lastly, clean up multiple 0 byte "khq" files found at the root of your drives (ie. C:\khq, D:\khq, etc)

If you have a more severe infection of this trojan, check out this link for more information.
 
Update: 05/04/2010
I forgot to mention, I had all ports forwarded to my computer and there were some unprotected shared folders which had write access.
 
Block off public access to those ports and you should be fine. To figure out which ports it is, see here.

C# - Use different fore/back color for each subitem

Frustrating sometimes when you cant even set a simple color.

The C# listview is an awesome control for displaying data, but when you find yourself checking your code over and over to see if its setting the colors correctly, its quite annoying when you find out its a default setting thats fucking up your groove.

You see, .NET has a little flag on the ListViewItem object called 'UseItemStyleForSubItems' that uses the ListViewItem style for all subitems in that row. Most likely enabled by default for performance reasons, but also the cause of alot of wasted time.

ListViewItem lvi = new ListViewItem();
lvi.UseItemStyleForSubItems = false;

Disable Nero Scout

[ source ]

Every once in a while, I have to format a computer and reinstall some disc burning software. Normally I turn straight to Nero Express, and the copy I got with my writer works great... except for one little thing, it adds some bloat.

Aside from disabling EVERYTHING during the installation apart from the core files, it STILL installs Nero Scout. This extra bit of bloat runs in the background, constantly scanning your computer for new MP3s, images, etc.

Err, why!? That’s ok, I already know what I want to burn!

To disable Nero Scout, go to Windows Explorer and right click on "Nero Scout". Select "Options" and untick "Enable Nero Scout".

If that option is not available for you, then simply run the command below.
regsvr32 /u "%COMMONPROGRAMFILES%\Ahead\Lib\MediaLibraryNSE.dll"
You might also want to take a quick moment to make sure to drive the last stake through its heart and disable the "NMIndexingService" service.

Enabling Hibernation on older PCs

If for some reason you cant seem to use the Hibernation feature, see if the BIOS settings has something silly disabled.

[ source ]
Firstly, check if ACPI is currently enabled or not by...

1. Going to the the Device Manager window and expanding Computer.
2. If the Advanced Configuration and Power Interface (ACPI) PC option is not displayed, your computer does not support ACPI features.

Reboot and check your BIOS settings and check if anything is disabling ACPI or APM.
 
Copyright © Twig's Tech Tips
Theme by BloggerThemes & TopWPThemes Sponsored by iBlogtoBlog