extirpating Think-Adz

The self-styled winantiviruspro2007 has a cute little install pop-up that says 'Click OK to cancel this install'. This fooled number-one-son into clicking 'Cancel', which of course double-negatives into actually installing the winantiviruspro2007. Removing this lying thieving bastard was straightforward, between Scotty and Clamwin, no troubles.

However it brings Think-Adz along with it. That has a cunning trick whereby it re-installs itself every thirty seconds or so. None of the usual helpmeets could touch this - Scotty disabled its startup tasks and marked the dll files for deletion at startup, but after startup, the pox just re-installs; Clamwin didn't find anything, Ad-Aware and Spyware Blaster failed too. I went through the registry and pulled each key out, but before I could restart, it had re-installed. Hm.

Google failed me too: lots of references to Think-Adz, but all the 'solutions' involved buying someone's dodgy-looking software, or helpful 'tips' like "use Add/Remove programs to uninstall". Of course Think-Adz does not list itself in Add/Remove, and if it did, I'm certain the Remove would install something else noxious, plus keep T-A itself.

When in disgrace with fortune and men's eyes, not to say Windows, I trouble not deaf heaven with my bootless cries, but instead go to Sysinternals. Process Explorer (PE) and Autoruns are the essential tools. The Sysinternals tools overlap with Scotty's functionality - Scotty is usually more readable, the tools have useful extras. Since I didn't find this anywhere else, here's a step-by-step for rooting out Think-Adz, and mutatis mutandis, similar infections.

Scotty will show the rogue processes, using tab 'active processes'. This step involves knowing what's usually running on the system, so the skellums can be identified. If the usually running processes are not known, unsigned processes (no Company Name or Version information) are a good place to start. Google the process names for more information, and read with a jaundiced eye. Often infections will give their processes the same names as real Windows executables, and install them in C:\WINNT\system32\, so they look legit. In this case, the rascals were owinpmdt.exe and dwdsrngt.exe, running indeed from \system32.

For this case, look in \system32 using Windows Explorer (WE) or similar, sort by 'Modified Date', and check the files that were installed at a similar time to the known rogues. In this case the files all had recent timestamps from the install, so they all sorted to the top of the heap. Apart from the .exes, there were also two dll files installed in system32, xxyaaxu.dll and awvtt.dll.

These dll's and .exe's can't be deleted from WE, since they are marked 'in use'. Scotty can delete the .exe files - rightclick on the process in Scotty, and select 'delete file on reboot'. The dll's can be removed similarly using another Sysinternals tool, PendMoves, but I prefer to first find out what's using the dll's, to make sure I didn't miss some process.

To do this, start the Process Explorer, then use Find to enter a dll name and see which processes are using it. This revealed the xxyaaxu and awvtt were used by the known rogues, but also by Winlogon.exe, which is a legitimate Windows process. The Winlogon turned out to be where the reinstalls were coming from. Killing Winlogon also terminates Windows very rudely, so there's no simple way to stop the reinstallations. Luckily PE has another option: rightclick on the process in PE and select 'Suspend'. Obviously some bits on Windows won't work right while this is suspended, so complete the T-A removal as a priority.

Now use Scotty and Autoruns to see what new horrors have been scheduled to run at startup. As for the processes, it's good to know what is legitimately started, so the rogues can be identified. If not known, proceed as before to check the signatures and Google the unknowns. As for processes, use Scotty to rightclick on the task and select 'delete file on reboot' for the known bad guys, and 'disable' for the suspected bad guys. Check with Autoruns that Scotty found everything.

I found
C:\WINNT\system32\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
and
streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
in my setup. Neither of these looked legitimate, so deleted them both as well.

Reboot. After reboot, verify that the dlls and exes were deleted from their locations. In my case the dll's still existed, but weren't in use anymore, so that WE could delete them.

For completeness' sake, run a registry edit and search to look for other traces of the beast. If the process above doesn't get rid of it, this will be required. First re-do the steps of the above process up to but not including the reboot. Then, Start/Run or open a command prompt, and run regedit. Read the awful warnings from Microsoft about editing the registry, take a deep breath, and proceed. Backup the registry first if you are feeling timid, but I usually don't bother. Note that in XP and Vista, there will be automatic System Restore points created by Windows, which can be used to restore the registry if need be. If doing this, select a date before the system was infected ;-)

Select 'My Computer' in the left-hand pane of regedit, then use the Edit menu to find all mentions of the known bads, owinpmdt, dwdsrngt, xxyaaxu and awvtt. Delete all keys containing references to these, unless they belong to BillP Studios, which is Scotty. BillP Studios will have references to the bad 'uns, which allow Scotty to delete the files upon reboot. To delete the keys, note that the find will show the reference in the right-hand pane. It's not immediately obvious which key is involved, but look at the bottom of the window, which will list the full key name. Select this key in the left-hand tab, then rightclick and select 'Delete'.

Also search the registry for Think-Adz, and any related data. For example Google turned up ExploreUpdSched, BrowserUpdateSched, kwinkrex.exe, ljdsrngk.exe and twinkmdt.exe as being related to Think-Adz. I didn't see these on my infection, but check and make sure.

After a mere three to four hours' work, you'll be back to an undiseased state. Hooray. Maybe it's time to upgrade to Ubuntu Linux.

strolling

The traffic is busy under an uncomprehending sky of wide and varied clouds. In the open space between office blocks, the harvest is ready: green leaves below the straw-yellow stalks and grain. There's no-one who knows what the grains are, nor will the harvest happen. Our food comes more easily, from China or the other side of the world. Blackbirds in the sky do not care.

When I can't workout at lunch time, due to increasing frailty, I walk with a book. At the end of the walk some fragments collect at the bottom of my consciousness. Often the fragments are the same as last years', both the walk and the thoughts are out and back again.

user-hostile design

The designers of the Kenmore Ultrawash Model 665 appear to think that cold water in the machine is sufficient reason to disable the entire appliance. The 'Clean' light starts blinking in a pathetic call for help, and nothing else responds. The manual directs us to 'call Sears maintenance'. Sears maintenance has a two-week lead time, and a $65 minimum. Washing dishes by hand for the next two weeks sends my evening 45-minute kitchen cleanup into an hour-and-a-half, which pushes bedtime back to well after 11, which means I’m short two hours of sleep every night instead of just one.

Luckily Google is our friend, and reveals the secret keypad dance that may unlock the frozen software bowels of this bugger.

Clean light flashes 7 times, only function available is drain. Start flashes quickly when pressed.
I was told the water temp. going into the machine was too cold and that you should run the water at the sink before starting the machine.
To clear the flashing light code, hit 'heated dry' then 'normal wash', then 'heated dry' and 'normal wash' and then all lights will light up. Hit 'cancel' and it's hi-ho Silver, awaay we go.

This is spectacularly user-hostile. The feature appears to be shared with several Whirlpool machines as well - a good argument for buying AEG.

Update 9/20: $200 for a new heater element. Coincidentally, the warranty period expired just two months ago. Also, there's a recall on some earlier models for fire hazards. Kenmore had a good record in Consumer Reports for repair history but I think it just lost it.

A day in Rocky Mtn NP

By the numbers: 12 hour day, 5 hours hiking; for 13-14 miles and about 2500ft of climbing; three turkey/cheese sandwiches, two liters water, one Coke, one candy bar, two peaches, four oat crunchies; one broken big-toe-nail; one brown trout, one Colorado River cutt, a dozen rainbows, uncounted brookies; lots of gorgeous high-country sunshine and views (ok, that's not a number, sue me).

Started out from the Bear Lake trailhead, milled about a bit (see map) at the forks for Glacier Gorge and other trails before getting on the right road down to the creek. This trail was very little used, looked to be going back to an elk path. After 10 minutes, cut back off the trail into the woods, with that momentary frisson of fear that going trailless always inspires. Glacier creek was small but pleasant, holding water needed to be at least 2 feet deep. Often in these smaller creeks the fish can be found in the shallow riffles as well, but today they wanted good deep water nearby. Opened the batting with a nice 12" brown, then a 10" rainbow followed by a passel of smaller bows 8-9", then a Co. river cutt, then a brookie. Hum, a grand slam. I nearly hopped out to go to the Roaring River to add a green-back cutt and get a 5-species slam, but it was too much like a riskless counting coup. Prospect Canyon is only about 20 feet deep, with a pretty 3-step waterfall into a good pool at its exit, missed a sizeable rainbow there. The rest of the canyon had some holding water, then a major tributary comes in, above which the creek is just a series of rocky cascades with not much visible potential. Good if you like fishing wet rocks.

There were at least 2 guided parties on the lower section. I took a wide loop through the woods around both, tried to give them a quarter mile or so of undisturbed water, but wasn’t too worried. It is a puzzle to me that there are sports willing to pay $300+/day to be walked 100yds off the road and shown easy trout.

Clambered back up through the woods to the elk trail, found a spray-cooled spot by a small falls for the first lunch of the day at 12. Battered up the crowded trail towards Mills lake, pausing to investigate the stream at a flattish spot. Shallow braided gravelly channels, with scatterings of small brookies was all. Those flat-water wild fish are as spooky as they come. I barely even try them anymore, too discouraging - stick a rodtip out of the bushes and the whole pool flushes. Any time you do manage to sneak up on the good-looking ones, some unseen sprats from the tailout panic and tear frantically upstream to startle everything else. These days I just go looking for better water. Second lunch at 1:30pm, quietly by the stream. Bypassed Mills to get up to Black, quite a pull over those 2.8 miles. I had lots of company on the trail, mostly older than me, indomitable old ladies with walking sticks and the occasional greybearded companion. At least they were friendlier than the serious young guys on a mission, hiking fast and silent and unshaven on some imperceptible quest of their own. Lovely stream along this section, plenty of waterfalls and good-looking holes.

Black Lake is very fishy-looking, a huge deep green hole under cliffs with streams tinkling in on two sides. A few mayflies (at 10800 ft ??) coming off, no rises though. Coke and a candy bar in the shade of the krummholz, since I was dragging a bit at this stage. Fat greenbacked brookie in the first puddle of the inlet stream, more brookies on up to the cascades again, to about 11". The stream was only just wide enough for the 11" to turn around. At the bottom of the cascades, a pocket of water about the size of a shoebox, six inches deep with every pebble visible: tossed an ant onto the water, and a ten-inch brookie materialized out of the pebbles. Hanging there eying the ant with its pectorals flared, it looked like a minor shark, a dizzying change of perspective. Tried various things including bobber fishing (hey, I was tired) in the lake, but couldn't find anything more than lanky black brookies to 10" or so. On the way back down, another luminous green-backed brookie of 12" in a plunge pool below a small waterfall, very pretty. Of course there should be green-back cutthroat trout up here: it's a ponderable whether the brookies are developing a similar colouration as the years of evolution produced in the cutts. Small thoughts for a long walk.

Back to Mills lake by 6, sunset on the high barren peaks. The lake had risers, hooked 5 of them but got none to hand. All looked about 10-11", nothing big, and I’m guessing brookies.

7:30pm and time to go. Finished the hike with a flashlight, last man off the mountain. A complete success, all in all. I said I’d go fishing and I did.. although I’m still listing slightly to the right when I walk, which I’ve been trying to avoid because it hurts.

My shoulders were sore for two days after lumping around the daypack with 3 extra layers, raingear, food and water. I was thinking it's really tedious to always pack all the emergency stuff while hiking around with fifty other folks on the trail, but it got quite lonely towards evening. A cautionary tale - it turns out my fishing buddy Ken had been benighted a couple of days ago elsewhere in the park with his (girl) cousin, and a dysfunctional high-tech lighter that wasn't able to make fire. Their guide had gotten ahead of them and lost track of his party. It always ticks me off when hiking/canoeing in tricky areas, some people just don't get the 'stick together' idea and it often ends in tears. That's the African training, get in trouble in the African backcountry and there are damn-all helicopters to get you out again, your own bloody stumps are the only way. Ken's bad joke - I slept with my cousin, and it was the worst night I've ever had !

USAT Sprint championships

short race report: felt like I was going to die, then I didn't. That'll have to count as the victory for the day.

eh. Lightheaded and weak during the swim, and never got better. Front brake rubbing for the first four miles of bike, but fixing it didn't help. Hard painful run, slogged it out.
Long race report may follow if I can regain the use of my faculties..

a successful presidency

The inimitable, yet manly, Lance Mannion has a fine line in invective about Chairman George in an essay on how startlingly successful the Bush presidency has been. 'Success' here being defined not as ordinary mortals might, as being for the general good: rather in terms of the cowboy way, achieving everything his paltry independent individual heart longed for. Torture ? got it. A war, so he could feel good ? got that too. Tax cuts for his friends ? whee !
Read the whole thing, as they say.

I diverge into my own woods at this point. Raised in a police state, complicit in torture long before the age of reason, each day of my adult life was lived in a thin but constant fog of shame, guilt and fear. Although my membership in the oppressing class was wholly involuntary, it was worn on my skin, ineluctable. Among the complex of reasons for leaving S Africa, one of the more powerful motivations was knowing that my taxes went to support a government that tortured in my name. There was no way to vote the bums out, the courage of my convictions led straight to jail and I didn't have those. I thought it couldn't happen here. Again I'm waking up in the morning and wondering if what I can do is enough: again I have to find out how much courage I really can muster. How much do I owe myself and my family, and how much to common humanity ?

I worked in Chief of Staff Intelligence for several years during the late 80s, as a conscript and afterwards. It was known but never whispered what really went on at that farm up north of Pretoria (Tshwane, now). That didn't turn out well. In philosophy 101, we were told that knowledge is 'justified true belief'. The tortured may be telling truth, but until there is some justification there is no knowledge. It's well known that torture does not work - fine for revenge and sadism, but as an intelligence-gathering tool it is practically useless. Don't believe me, listen instead to one of the tortured from Stalin's Russia, Vladimir Bukovsky: "torture is the professional disease of any investigative machinery. Investigation is a subtle process, requiring patience and fine analytical ability, as well as a skill in cultivating one's sources. When torture is condoned, these rare talented people leave the service, having been outstripped by less gifted colleagues with their quick-fix methods, and the service itself degenerates into a playground for sadists.. if Vice President Cheney is right and that some 'cruel, inhumane or degrading' (CID) treatment of captives is a necessary tool for winning the war on terrorism, then the war is lost already."

I emigrated to the USA instead of any of the other countries I could have gone to, in part because it's still (thought he in his innocence) the only country in the world founded on a dream of decency and justice for all. Now I find the majority of my fellow citizens dream happily of torturing other human beings, and I can't account for it.

Edit December 07: Often I feel like an oversensitive old lady with the vapours, agonizing over things that a Real Man would scarcely notice. From a review of J.M. Coetzee's latest novel, in the New Yorker,
**
In Coetzee’s work, emotions like shame, guilt, and disgrace surge beyond rational discussion just as cruelty surges beyond bearable depiction. And here, in his latest novel, another novelist protagonist gives voice to a feeling of unbearable shame, this time at the Bush Administration’s connivance at torture:
"Their shamelessness is quite extraordinary. Their denials are less than half-hearted. . . . The issue for individual Americans becomes a moral one: how, in the face of this shame to which I am subjected, do I behave? How do I save my honour? "
Later, this protagonist asserts that if he heard that some American had committed suicide “rather than live in disgrace, I would fully understand.” He can understand because “the generation of white South Africans to which I belong, and the next generation, and perhaps the generation after that too, will go bowed under the shame of the crimes that were committed in their name.”
**
that's about right.

south africa 2007

Johannesburg is now a reasonable simulation of hell. LA-style traffic, an hour to drive 6 miles at any time of day after 5am, plus carjackings (5000 in the first 6 months of 2007, 52000 violent robberies, and that’s just the official police statistics). Life is lived behind razor wire plus electrified fences, and with regular security patrols (300 000 private security personnel in the country, only 120 000 police). We didn't get carjacked or robbed even once, pretty good going I thought.

It's no longer possible to run in Joburg. I got two different points of view: the one said don't do it unless in a group of three or more, the other pooh-poohed that as mere lily-livered timidity and said just take off your wedding ring and watch, don't wear expensive sunglasses or new shoes, and you'll be fine, just fine. I didn’t try it, too much of a coward. Instead I ran in the Waterberg (met bushbuck and sunbirds), near the Kruger Park (met baboons, zebra, kudu and impala, heard hippos and lions on the other side of the game fence), in Cape Town on the slopes of Table Mountain (met baboons, too many of them, a bit nerve-wracking), and in the Drakensberg (nothing but a beautiful silence).

One of our friends has a game lodge in the Waterberg, in the north near Botswana. We spent a weekend with them up there in palatial luxury. Our bedroom had a view of the waterhole so we could sit in bed sipping tea (delivered to the door, naturally) at 6am, watching giraffes etc also having their morning drinks. The kids slept in a central lodge, so we had the bedroom to ourselves for once, also nice. The downside is that the occasional rinkhals or Mozambique spitting cobra makes its way into the shower looking for cool and damp. One unfortunate girl met a rinkhals there, and leapt out the window, hanging from the window ledge one story up until rescued by one of the rangers. She doesn't go to the bush any more, funny that.

My brother-in-law Peter has fractional ownership of two holiday houses, one near Crocodile Bridge entrance to Kruger, the other in the Berg, so we got weekends in both of them, how kind. The drive to Kruger is nasty, single-lane toll road (?) full of heavy traffic to/from Maputo, but once out in the bush it's still beautiful. I made small square cooking fires in a corner of the huge firepit at the house, using that marvellous hard heavy bush wood. Sitting out under the Southern Cross with a beer while hippos grunted in the pools of the Crocodile, Saffrica seemed quite appealing again. We stole some sugarcane from the plantations on the drive to the gate the next day, C eyed it with suspicion but after biting into it, said with surprise 'this is really good'. Saw four of the five, including a big pride of lions lolling about, but no leopard of course.

We even got to the beach in Cape Town, had a 70 degree day in midwinter. C declared 'it's a perfect day for the beach', so we went to Boulders beach where are more penguins than I’ve ever seen before. It’s now part of Table Mountain National Park: they claim to have stopped trawling for pilchards in False Bay, so there’s been a population explosion of the jackass (now called African) penguins. C was getting very frustrated building a sandcastle, we were trying to help when he yelled 'but it works with snow !' and the rest of the beach laughed. CT is still very pleasant and mellow, house prices are insane, and for the first time in my recollection the private security firms are in evidence. Pete’s house in Kalk Bay bought for R180k is now worth R3-4m.

Out in the Drakensberg (now a Unesco World Heritage site) it’s still pleasant too. The house we stayed in is on a ridge above the D'berg Sun hotel, hike out the front door and into the little Berg, very nice indeed. There were even trout in the hotel dam. We did some kid hikes, to Cleo's Pool where there was a bat in a cave, and up on to the first bump of the little Berg. I'd forgotten how perfect the silence is up there. There's always a jet overhead in the US, no matter where you are. If you want to hike anywhere in the Heritage Site, you have to pay a ‘community guide’ to accompany you – not sure if you could pay them but not take them along. Fair enough I guess, it’s one way to get the tourism dollars into the local community, all of which helps protect the resource.

The trout dam had deep clear water and lots of anhingas. Tough fishing, had only a floating line and some beadheads courtesy of Peter. Used the beadheads as weight to trail a Mrs Simpson or small olive Hamill's Killer, nothing all weekend on the beadheads, only on the nondescripts. I have no confidence in beadheads actually – might get the stockers, or perfectly wild fish, but for the hard-hammered populations that I usually encounter, I don’t believe in them. (Same thing with crankbaits here in the US, everything has a confounded rattle, so the original Rapala is the only thing worth spending money on). Lost a strong 14" the first morning after two blank hours. A fat 16" that evening while trolling from the rowboat. #1 son started to practice fly casting, good show. Next morning went to a fishy corner over by the wall, missed a take first cast, then a chunky 17" off a long cast, first pull tightened into him. Frosty ground and crisp early morning, fish running strong and leaping high. Then a bouncy 12" hit hard right by my feet. Nothing else despite trying for another couple of hours.

Interestingly they’ve just passed a law that makes it an offence to catch and release a trout, R200k fine for doing it. Catch and kill is OK. This is a side-effect of a law concerning alien and invasive species, both carp and trout are considered alien invaders. Not sure how that will pan out.