I had to remove a few more spyware infections this week, and I actually learned a couple of more tricks in the process. On one machine, something called “WINLOGON.EXE” was started from the little known registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run. This process seemed to be moving the focus from the currently selected application to itself periodically, perhaps as a method to gather passwords and account numbers. It seems that most spyware masks it’s invocation by adding a subkey to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, or, when it’s really being tricky, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Recently, it appears that some spyware authors have discovered how to use this Explorer policy key as well as registering their malware as a service and using the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices key as a way to conceal itself from the user.

Of course, in addition to the obligatory registry key deletions, I employed the usual cadre of tools to scan and delete various files and registry keys off the system. Typically, I use Ad Aware, Spybot, and HiJack This! before and after I go in and insure that the Registry run keys have been eliminated.

In addition, I use Sysinternals’ Process Explorer to profile the running process list. Sysinternals haven’t seemed to update their tool in a long time, but it’s still useful to see what’s known to be good versus what’s unknown. The only problem is that dll’s registered as services are run by svchost which is a harmless Windows executable, but it can be running a malevolent dll. So, Process Explorer’s assessment is slowly becoming useless as a way to profile your process list.

At any rate, by brute force or removal applications, I was able to fix two machines. I’ve been saying it for a long time, the best way to prevent these sort of infections is use Internet Explorer’s Security Zones, Proximitron, and, when possible, Firefox.

Hmmmm, now Yahoo! has released a desktop search tool to compete with Google’s desktop search tool. Red Hat Linux has had the “locate” tool for some time now, and it works well enough. I guess it could be made easier, but I don’t understand what the big deal is here. Convergence between intraweb and local machine search? I guess anything is better than that silly searchin’ cat that Microvole shipped with XP. Imma keep using locate and find, you kids go on now with your desktop search agents and search kitties.

Hmmmm… I tried using Purejpeg to remove EXIF and Application Metadata for all JPEG images on involution.com. It had the following effect:

jperrie@homestar ~ $ du -ksH images images2
93MB    images
92MB    images2

It didn’t matter all that much for me, however, I have used Jpegoptim already on most of the JPEGs on my site. JpegOptim doesn’t catch some of the application data apparently, but it is way cooler in that it runs on *nix.

Bumper is taking an innovative approach to dealing with hotlinkers by updating a couple of images grokked by the Modesto Junior College Criminal Justice Page. I’ve petitioned him to have Sterrance/Rendoggle Day, and I think he’s going to do it given enough pressure from the blogging community.

There’s been some initial churn about using some or none of involution.com’s SQL rendering php as part of a new project called distjournal. I did finally put together a source package for my site, but it’s not ready for public use yet. I will post the back-end code under some-type of open source license very soon though.

I’ve tried news aggregators like the Sage plugin for Firefox, but I didn’t really care for how it displayed the feeds. So, I just pootled along using my Firefox Live Bookmarks as my “aggregator”. However, after Yahoo! started allowing custom RSS feeds to be added , I setup an awesome page of feeds from my Live Bookmark collection. Now, mind you Yahoo! does have advertisements, but if you use the AdBlock Firefox-plugin with Proximitron, their detriment is rather marginal. The only thing I’m kind of wanting now is for the page to sort the feeds in the order of whose been updated last.

You can add involution.com’s rss feed to your My Yahoo! by clicking here:

Is it some kind of warning sign when it takes two days and 57 DVD+Rs to backup one’s home directory? I knew I should have gotten that DL burner…

I’ve been using x2vnc to navigate between my Linux workstation and Windows laptop.
If you’re not familiar with the software, it basically works like this. X2vnc will let you use two screens on two different computers as if they were connected to the same computer. Even if one of the computers runs Windows 95/98/NT and the other one runs Linux/X11. There were two minor annoyances with x2vnc though. The first problem was that when I unhooked my laptop from the port replicator and the network, I had to restart x2vnc at the command-line. That problem I instantly solved with my mighty script, x2vnc_restart. The other problem, which was more difficult, was that the Windows and Windows Properties key seemed to have no effect on my Windows laptop. I set out to solve that problem today using xmodmap and vnc foo. The first thing I did was to setup the Windows keys in xmodmap by using the following .xmodmaprc. In the X11 world, the right and left Windows keys are modifiers named Super_R and Super_L respectively while the Windows Properties key is Hyper_R. You can see the key code for these by running the xev utility and dutifully pressing each of the buttons. Even after performing the xmodmap foo, my Windows keys were as useful as a whistle on a plow e.g. they still didn’t work. So, after upgrading x2vnc and TightVNC on Windows didn’t work, I tried using RealVNC (another VNC Client/Server install). After that, the Windows keys work as expected. See, it’s just that easy to setup a cross-platform development environment. ;-)