(no subject)

[ladynisa.livejournal.com]

Hey Guys,

I know I've been silent lately, but its cause I'm gong through training for a new job! lol, so in 2 more weeks, i'll be posting a lot more again.

Anywhoo, the new apartment that we are moving into has qwest dsl service. I know where to get my dsl modem from, but does anyone have thoughts, concerns, etc. on the actual qwest service? I've never used them for anything, always gone with Cox cable internet.

I just have to say this

[abstrak-tokatl.livejournal.com]

If you ever worked there you know what i'm talking about

So FUCK HELETECH!! fuck them up their ass! Death to the Death star....

When a good idea goes very wrong.

[coyoteden.livejournal.com]

OK, so this evening I was helping out my former employer with a couple of tricky jobs. One of which was cleaning up his own computer. We're all careful about security, but it got hijacked by CoolWebSearch. Don't ask.

Now, this was one of the nastier variants that loads from HKLM/.../Run like most stuff, but then hides itself from the process list, spawns copies, hides the files on disk, puts all the copies in startup, and deletes the original file. If you remove any of the registry keys, it puts them right back. You can't kill it with the usual tools because you just can't see the fnords. The files change every time you reboot, and if you don't get EVERY file from safe mode, it will come right back.

Well, I thought I killed it. I KNOW I killed it. The files had been deleted and the system had been scanned from safe mode.... but the registry keys just kept coming back. Uh-oh. I loaded up Regmon and took a look at what was writing that key in the registry.

"Ad-watch.exe"

Fucking Ad-Aware. Goat-fucking Ad-Aware Pro to be precise. The real-time protection was restoring the damn CoolWebSearch keys (including the browser hijacks!) every time I removed them! And giving no warning. At all.