Surf the Mind

Archive for the ‘General’ Category

Today I discovered a strange behavior on my WinXP box. No websites would appear in Google Chrome. Internet Explorer would spontaneously open to serve ads, and occasionally popups would appear in Firefox too.

I ran a virus scan, and Zone Alarm pinpointed a .dll file in windows/system32 as the culprit. I quarantined it, and thought I was done with the problem.

Not so! It seems that whenever I rebooted the machine, the malicious file would return, only with a different name.

So, I checked all the usual places…

I ran regedit and found a registry entry in HKLM\Software\Microsoft\Windows\CurrentVersion\Run that was using RunDLL32.exe to run a dll called wumomara.dll and another that was identical running nusoyeta.dll.

I’m guessing these are random names generated by whatever trojan started the whole thing in the first place. They’re both 8 characters long with alternating consonants and vowels.

I deleted both, then did a search for wumomara in the registry, and noticed that it had reappeared as quickly as I had deleted it.

Crap.

I downloaded Mike Lin’s Startup Control Panel, and tried to delete it from there. Still no luck. As soon as I disabled one, an identical entry would appear.

I tried the same things after rebooting in Safe Mode. Still no luck.

I went to c:\windows\system32 and looked for the DLLs. They were hidden. So, I changed settings and permissions on the whole dang folder until I could see them.

Tried to delete them. Permission denied.

Tried to rename them. Permission denied.

Finally had some success when I tried to move them. CTRL-X from the system32 directory and CTRL-V on the desktop.

Yay!

Then I created new text files called nusoyeta.dll and wumomara.dll in system32 and made them readonly.

Upon rebooting, I got bombarded with errors that wumomara was not a valid file. Not a problem, everything started up.

Then I went back to regedit, and did another search for wumomara.

This time, I found it all over the registry and I started removing entries.

This time, when I deleted the entry from HKLM\Software\Microsoft\Windows\CurrentVersion\Run it stayed gone.

YAY!

Rebooting one more time showed that the errors were all gone.

Then, since somewhere along the line my firewall got buggy, I reinstalled ZoneAlarm, and ran a full “deep” scan. It found one remaining file… guhapiba.dll.vzr… which it was able to quarantine.

Chrome once again shows websites as it ought. No more unwanted popups are appearing, and my computer seems just a little faster.

I decided, after downloading and fiddling with Google’s new browser this evening, that a pretty good test of its mettle would be to do some Entrecard dropping with it.

First, I should note that every site I went to rendered just fine. I’m sure that makes all the web designers in the world heave a big sigh of relief. The last thing anyone needed was another set of odd CSS hacks they needed to incorporate into their designs.

It was also fast. Although there’s no Linky-like feature in Chrome, and I had to individually middle-click each link to load it in a new tab, there was absolutely no delay or stuttering while I did so. All the new tabs loaded happily on the screen. Unlike Firefox, which has scrolling arrows when you get too many tabs, Chrome just makes the tabs smaller, so when you’ve got lots loaded, it looks like a goofy looking mountain range at the top of the screen.

The biggest thing I noticed was that, even while the last sites were still loading, there was no delay when clicking the widget. You clicked the word Drop, and the next instant the Thanks, or Awesome was there.

Just to make sure this wasn’t just caused by a superfast Entrecard server tonight, I dropped my last 50 cards in Firefox. There’s a 6-8 second period where the yellow bar goes black in Firefox when some of the tabs have not finished loading.

The other thing I noticed is that when a script on someone’s site causes major malfunctions, Firefox closes completely, while Chrome just crashes the tab and keeps everything else running normally.

Actually, it doesn’t crash the tab, it just makes it unhappy. You gotta love those Google guys. Even a crashed web page becomes cute.

Finally, the extra screen space with Chrome might have also sped up the process, since I could see more of the widgets above the fold.

Overall, I really like Chrome. I am just hoping to see lots of cool add-ons like Firefox has.

I’m giving away 100 Entrecard Credits to the first 50 EC users who send me a secret code….

All you have to do is click this link to subscribe to my Google Links, then do a Google.com search for
Hello Mindsurfer to see the code and instructions.

Image via WikipediaToday, I am sitting outside watching a few tables at a community yard sale.

Usually, I must admit, I am a ‘throw it out’ kind of gal, but I suppose this is somewhat better for the environment.

The last time I participated in any sort of junk sale was when my parents moved out of their home and into an apartment. I hope I don’t get wrangled into anything like it for another 10 years. Tire kickers and bargain hunters are not my favorite people to deal with.

What I was quite pleased and pleasantly surprised to discover, however, is that my 5-year-old son is a natural pitchman. He was as happy as a clam selling toasters and jewelery to unsuspecting passers-by. I had no idea he could be so assertive and bold. And he asked for the sale every time.

He came home with enough money to buy a few Lego sets, and enough confidence to make me feel incredibly good about the whole experience… tirekickers and all.

I don’t know why I’m posting this. Perhaps because it’s so radically altered my reality I had to spoil someone else’s enjoyment of hard rock too.