clicking search page links,
results in randomly redirected URL pages
svchost.exe and rundll32.exe used to load malware/spyware DLL

Today, for the second time in a month, I was asked to help remove a spyware/malware from a computer running Windows XP SP3. In both cases, the symptoms were identical. The user immediately noticed something was wrong because their web browser started to behave oddly. Here is what happened:

1. Open the web browser of choice (IE or Firefox or Opera) and load a search portal (Google, MSN or Yahoo) site
2. type in something to search (“winter coat”)
3. on the results page, if you right-click on a link and “open in new tab/window”, the page opens and immediately gets redirected to some other random page (usually some other portal site)
4. HOWEVER, if you right-click on a link and select “copy shortcut”, then MANUALLY open a tab and paste the link, the page opens just fine

The first time this happened (Feb. 3, 2010), it was on a friend’s computer and he is a veteran IT person (network system administrator for 10+ years). He keeps his computer very secure, usually.

We checked the usual system settings (network settings, proxy settings, “odd” programs running, etc.). We ran the usual anti-spyware and anti-virus scans, call came back clean as usual.

Avast AntiVirus – clean
ClamAV – clean
HiJackThis – normal
MalwareBytes – clean
Spybot SD – clean

However, running the SysInternals utility, PROCEXP.EXE, I happened to notice this line:
C:\WINDOWS\system32\rundll32.exe “C:\WINDOWS\system32\efsadub.dll”,DWLGXPLFFX
which was running as a sub-process under svchost.exe (C:\WINDOWS\system32\svchost.exe -k netsvcs).

The file “C:\WINDOWS\system32\efsadub.dll” (notice the “b” in the filename) had its special bits set as “read-only”, “hidden” and “system”. When we try to change the attributes, we get “Access Denied” (even from an Administrator account). Hell, we even tried to access this in Safe-Mode Command Prompt Only, we get the same error. We could not rename the file either, obviously.

I was finally able to change the attributes and rename the file after running “CACLS.EXE efsadub.dll /G EVERYONE:F” on the file. Once the file was renamed and the computer rebooted, the problem went away. I was able to delete the offending file afterwords.

For the VirusTotal analysis report on the file “efsadub.dll“, goto:
http://www.virustotal.com/analisis/b1ff584a9b490418a159ab4afe85ae1802e4c4634c942756640a4411467ef25d-1264975725

Today (March 5, 2010), a client called and his computer had the same symptoms. Again, I checked the usual suspects (running programs, etc.) and performed the usual scans (anti-virus, anti-malware, etc.). They all came back “clean”. However, I did notice that the signatures were slightly dated (about a month old). When I tried to update them, error messages resulted. MalwareBytes gave an error and hung in a loop. Symantec Anti-Virus LiveUpdates just failed.

ClamAV – clean
MalwareBytes – clean
Symantec Anti-Virus – clean

I then ran the PROCEXP.EXE utility from SysInternals. There were no odd DLLs loaded like the last time. Hmm… so this is not exactly the same as last time.

Since this had to be a malware that loaded at startup, I decided to check the System Services. I then noticed an “odd” service running named “Server WebCheckChannelAgent Performance Folder Provisioning Icon Driver CPL”, with a short-name of “srvoko6”. I tried to disable it and it kept resetting to “Automatic”.

Looking at the properties of this service, revealed that it was loading via “%SYSTEM%\svchost.exe –k netsvc6”. I searched the web on the terms “srvoko6” and “netsvc6”, I came across this site:
http://www.threatexpert.com/report.aspx?md5=c801bd4576fc95cb03e918950edd21a1
which mentions the “ok6o.dll” and “ok6o.sys” files. So I searched for those files, and found them (they were not hidden). Trying to rename them worked, but they were immediately recreated by the malware.

NOTE: the above ThreatExpert site reports that this service was also named “Office Workstation Remote”. This tells me that the service display name can vary.

Instead, I used “CACLS.EXE” to change access permissions to these files so that nobody (or system service) was allowed to access them. Rebooted the computer and verified that the malware was no longer actively running. This time, I was able to successfully disable the service and renamed the “ok6o.dll” and “ok6o.sys” files.

I was then able to restore permissions to those files and delete them. Updated signatures for MalwareBytes and Symantec Anti-Virus, followed by a complete system scan. This time those programs found the installer stub files “C:\WINDOWS\bill103.exe” and “C:\WINDOWS\rdr_1267369102.exe” (which most likely are random filenames the initial download script created).

For the VirusTotal analysis on the file “o6ko.dll“, goto:
http://www.virustotal.com/analisis/7d6d2edc4eac763bc687e578008474dc85245b1e55d5ca5ae958d220f4802fbf-1267641995

For the VirusTotal analysis on the file “o6ko.sys“, goto:
http://www.virustotal.com/analisis/d599b5fb31b6387ff7e540fabb655bbde0990ce9db1e6f1918bec6ac21d43278-1267374431

As you can see from the VirusTotal analysis reports, not all anti-virus scanners detect or flag these files. So, for most of these malware/spyware, it still requires manual detection and removal.

STRONG WARNING: be very careful of websites that tells you do download an executable to remove the malware/spyware. If you are not familiar with the website, DO NOT download and run the program, it can possibly install another piece of malwayre/spyware onto your computer. It is best to call a professional (or at least someone who knows with 100% certainty what they are doing) to clean your computer.

NOTICE: when renaming files and changing attributes or permissions, it is strongly advised that you do those via command-line commands in the “Command Prompt” window. If the malware/spyware is attached to the Windows Explorer process and/or its handles, it can intercept your mouse-click commands, making it seem like you did what you wanted to, but in reality the malware/spyware actually created another copy of itself with a different name and reinstalled itself using those new copies. The “Command Prompt” method is the most secure way of doing this work; however it is a lot of typing.

Feel free to post comments below if you need help or have recommendations.

Well, RIMM / Blackberry broke the Google MAIL Messages Integration in their BIS service, but the GMAIL plug-in works as described (and that is GREAT). Here is what I found.

If you have a working GMAIL account on your Blackberry, think twice before proceeding.

Once you’ve re-add the GMAIL account using the default Blackberry method (fill in the e-mail address and password, then Blackberry figures out the rest). So this mode is what some service providers are calling “G-IMAP”. Also, this seems the only option if you are adding the accounts from the handset itself. Once you have “synced up” (activated) the account, your GMAIL INBOX messages can be found in the “email address” icon and the Blackberry Messages (which is what it should do). However, your GMAIL ARCHIVED messages (those that “skip the inbox” via a GMAIL filter automatically) will also show in your Blackberry Messages (all messages folder, the “M” button), which is NOT what it is suppose to do. That is a problem for me, as I have a lot of e-mail that I filter away from the INBOX and do not want to see on my Blackberry.

So, I decided to try setting up the account and force it to use the old IMAP setting. To do this you must be adding the e-mail account from the BIS web interface from your service provider; go to add another e-mail to the Blackberry, but this time, I leave the password field blank so that it would now ask me for the server settings. On the next screen, put in “imap.gmail.com” for you server settings. Again, Blackberry figures out the rest of the settings. Let us now call this “IMAP” setup, which it is (and it does NOT use the new Blackberry GMAIL plug-in). However, Blackberry decides that for this particular IMAP server (imap.gmail.com), it should check “All Mail” and not the “INBOX” folder. Once again, we face the same situation with GMAIL ARCHIVED messages showing up in the “Messages” folder on the Blackberry.

Now, for a work around. For the “IMAP” setting configuration we just did, we can go and change the IMAP server name to “gmail-imap.l.google.com” (which is a CNAME for “imap.gmail.com”). Save your settings. Your GMAIL account is now back to the way it should work (before Blackberry decided to make its non-standard changes and break the GMAIL integration). NOTE: this does not use the Blackberry GMAIL plug-in, so in order to “mark as spam” or “change labels” you need to install the Google GMail App.

I’ve spent over 4 hours on the phone today explaining first to T-Mobile, then to a RIMM Blackberry customer service, then a Blackberry tech at RIMM, and then finally another RIMM Blackberry tech who had “access to a RIMM Blackberry Analysis:”. They kept saying it was my Blackberry configuration that was wrong, like my BIS Filters were set incorrectly (which were set correctly) and that my “Service Book IDs” were incorrect causing the problem. To top it off, they say that because I kept deleting the account and recreating it, my “Service Book IDs” will keep changing and resulting in blah blah blah.

Finally, I got him (Don) to agree to try it out on a handset himself. So Don was adventurous and said he had no problems with his GMAIL working on his Blackberry. He went ahead and deleted his GMAIL account from his Blackberry and recreated it. Then he want to his GMAIL account and created a filter (for all messages with Subject:archive, “skip the inbox” and “marked as read”). Now I had him send a test message with the subject “archive” from another account to his GMAIL account. He now saw that archived message showed up in his Blackberry Messages “as opened”, which should not have happened. He said “Ah, I see what you are talking about now” and went to talk to an Analyst.

So now Don tells me, it seems to be an isolated case with my account and that he would look into it further. Gave me a case number and said that I should call back in a few days for status updates. What!?!?! I told him that he should “Google” it and see how many other cases of this problem there are. He said he would keep the ticket open for the next 5 days. Oh my goodness, Research In Motion really wants some more bad press?

Damn, must we provide them the code too? All they have to do is fix their “special code” (probably one conditional statement) which pertains to “imap.gmail.com” and no other servers. Most likely they have something that says if the IMAP server is “imap.gmail.com” then check “All Mail” folder instead of letting it check the standard “INBOX” folder like all other IMAP servers it checks.

If you have experienced this issue with your Blackberry, please add a comment below and/or a URL to your forum posts.

What caught my eye, is this section:

Not only has the use of full-body image scanners raised the ire of passengers and serious questions about their constitutionality, but they may also present a serious health risk.

The devices operate on a combination of X-ray technology and millimeter wave technology . Relatively new on the scene, millimeter wave technology has been proven capable of interfering with human DNA. The ultimate results of this exposure remain unknown. Though technically medical devices, the scanners have never been tested or approved by the FDA.

This new “millimeter wave” X-ray technology seems to raise some serious concerns. I, for one, am concerned for my family when it comes to these full body scanners. Some of the questions were raised on the Stranded Passengers blog site are of serious concern. Things like, would it cause birth defects? Cause infertility? Cause birth defects in future babies? Can it cause brain damage? The “millimeter wave” is believed to damage DNA, which cannot be “fixed” or “repaired”. It can permanently affect you and your offspring, as DNA is passed to your future children and grandchildren.

The other technology used in full body scanners is called “backscatter X-ray“.

Other references:
http://strandedpassengers.blogspot.com/2010/01/full-body-scanners-used-on-air.html (they have links to BusinessWeek and New York Times articles)

http://www.reddit.com/r/science/comments/aopsk/the_energy_emitted_by_millimeter_wave_scanners/

I cannot believe that the NY/NJ Port Authority is not using a “more proprietary” radio frequency. Listening to the radio transmissions, it seems that they are on the same frequency as other civilian businesses using UHF radios. Whoever decided on using those “store bought” (well it has to be from a specialized 2-way radio dealer) radios is kind of a joke.

Literally, terrorists can simply get onto that frequency by purchasing one of those easily obtainable radios and keep it keyed up. The Port Authority police would basically have no 2-way radio service. Unlike the Fox 5 News report, it is not a “concern” it is a disaster waiting to happen.

Just imagine, if the TV station transmitters were easily available for purchase by civilians. All that a terrorist needs to do is have one of these transmitters on and send a blank signal (well, more exactly “radio noise”) and effectively it would kill the true signal and nobody would be able to watch a particular TV channel (over-the-air, that is). Now imagine that happening with the cell tower frequencies. Hmmm…. yeah, that is why those frequencies are restricted from civilians.

I think Homeland Security and the NYC Anti-Terrorism Task Force (maybe even the mayor and governors of both states) needs to force the Port Authority to resolve this issue ASAP. It is an easy fix. Just replace the radios and the repeaters. Keeping them UHF radios, would not require them to replace antennas (which can be more difficult). It really is a no-brainer, it is only some money. President Obama seems to be printing them out of the Treasury, so what is another truck load? At least these would actually save lives, unlike those full body scanners which can cause some unknown DNS damage (but that is another post).

So beware while driving through the NY/NJ tunnels and bridges. This issue seems to affect all of them.

I can see it now, some dumb TSA agent with a bad day (or a have “fun” day) would take a cell phone video of their scans and post them on YouTube (much like what we see in the news reports today). Granted we are told that the TSA agent would not see the person and be in another room. However, what stops 2 of these agents from working together and coordinating a recording session for pure kicks. The day these start showing up on YouTube or Vimeo and go viral, is the day the lawyers would start having their next few years worth of vacations paid for by the US taxpayers.

On top of that, there is a concern of ionizing radiation exposure. Although they keep saying that the amounts are 1% of a dental X-ray, it is still too much. Consider that during a dental X-ray your body is covered with a lead shield and all metal objects are moved away from the X-ray path. Are we all going to strip our jewelry, watches, coins, keys, cell phones, etc. from our person before being digital strip searched? How much time is this going to take per person? Say in the ideal condition it takes 2 minutes per passenger. Multiply that by the number passengers per flight and flights per hour during peak travel times … we need to take a day off from work just to fly to our meeting that evening (if not the next day).

Since these body scans are 3D, what is stopping some enterprising person from capturing the images and making physical dolls of some famous person or celebrity, then selling them? How many people would like to have their physical characteristics made publicly available to the world to see and touch?

These new scanners are designed to see-through the clothes. What happens when a terrorist decides to weave the bomb into their clothing? Are we all suppose to fly naked next? Computer programmed code is the “secret sauce” behind these scanners. What is to stop someone from “reversing” or “hacking” this video stream and show the facial features of the person being scanned? (already happened, see links at the bottom of this blog) Remember, the recent TSA issue of the digitally blacked-out operations manual, which outlined all of their security weaknesses?

Bottom line, my opinion is that these full body scanners are:
1. an invasion of privacy (just imagine a sexy, well figured, lady having her TSA body scan images posted all over the Internet)
2. a few years from now, we will start hearing about people who travel more frequent than average having tumors
3. the delays would cause the travel industry to take another hit and may even cause more airlines to go out of business; how does that help the economy?

Lastly, has the government even considered getting that head out of the hole in the wall and realize that the flying cargo goes 90% unchecked? To get a bomb to go off in a plane can be as simple as shipping something as air cargo in the belly of the flight you want to permanently cancel.

I think if the United States would stop telling other countries what they should or shouldn’t do, we will have a lot less terrorism and hatred aim toward us. Granted I believe is spreading democracy, however, President Obama “demanding” other countries to do what he says is going too far. It just pisses off (or at least give reason) for Al-Qaeda and others extremist groups to target America. Time for America to demonstrate with loving actions to others that we are there to help and not control other countries. Hell, America can start by helping our own American citizens. Obama, where is the mid-class American citizen’s bailout? We should have never bailed out people and companies who made bad decisions, but that is for another blog entry.

Given all these extra technological steps (mostly useless, in my opinion) to prevent terrorism (more like an invasion of privacy), no wonder why so many more people are driving to their destinations when possible, instead of flying. At least I know I won’t get digitally strip searched and potentially have those images posted on the Internet before I jump into my car and drive.

—–
Updates:
info posted by ABC News 7online: http://abclocal.go.com/wabc/video?id=7197652

read: TSA lies exposed: Full-body scanner machines do save and transmit images, secret documents reveal

full-body scanned images can be inverted to show image of nude women (with her face), see: Full-body scanner cannot replace diplomacy but imposes indecency on billions. Law says indecent exposure is crime, doesn’t it?

more proof of how perverted the scans can be, see: Ban ‘naked body’ scanners

—–
see what people are tweeting about on this topic:
http://twitter.com/#search?q=body%20scanner
.

My previous post on this: http://www.johnnychin.com/blog/2009/12/chase-credit-cards-royally-suck/

I cannot believe the video feeds are NOT encrypted! In this day and age, what is the Department of Defense thinking?

Today, this old song played on the radio in the car and it reminded me of what Christmas should be about. It should be about the love of Jesus Christ and remembering his birth. In celebration of his birth we should be help those around us just has He taught us. Unfortunately, with the current state of the economy, many of us feel that we cannot offer much in terms of finances or gifts. Others have said that we can offer our time. However for many, like myself, are stressed and overworked with our jobs, so “time” is not something we have much to offer to others.

So this holiday season, I am hoping I can gain some Christmas spirit and be able to bring a some love and joy to those around me. May God bless you this Christmas holiday with warmth and love.

Enjoy the video:

Merry Christmas … Happy Holidays !!!

WTF! This is ridiculous! $16 in fees for a $49 charge for one-day late! That is almost loan-sharking at 979.59% per MONTH (which equals to 11755.10% per year). Gee wouldn’t it be nice to make those kinds of returns! If any citizen did this, they would be locked up!

I then proceeded to call Chase and see if they can reverse the charges. The first customer service rep said “Late is late. And you are late by one day, so there is nothing that I can do. Unless it is a Chase fault, we cannot do anything.” She then proceed to try and sell me a credit protection service. I hung up and called back. The 2nd customer service rep was even worse. He basically said, “there is nothing I can do and if you don’t like our policy, you can close the account.”

Holy crap! I guess they don’t like customers who pay off their credit card bills each month, despite the fact they make 2-3% off the merchants where I use their cards.

Another surprise. When I called back a 3rd time, the customer service rep told me that Chase sent out a notice with their statements a few months ago stating that there is a 5-day change in their grace period. She claims that Chase increased the grace period to 20-days. Upon more careful examination, I found that Chase reduced it to 20-days; but that is not all and this is what I found:
My statement closing dates were always the 27th or 28th of the month and my charges were due on the same day (historically for years).
Now, my statements still close on the same 27th or 28th. However, the due dates are now 5-6 days earlier! To make things worse, I’ve noticed that my statements are not arriving before the 1st of the month like they used to. Instead, they are now arriving around the 4th or 5th of the month. So this means they are holding (or printing late) the statements before they mail them out. This basically cuts the time we have to look over the statements before paying them, down to less than 10 days from 20 days (taking into account 2-5 days Chase holds the money before posting it to the credit card account). In my recent case, the funds cleared out of my bank on the 20th, yet Chase posted it on my statement on the 23rd.

This royally sucks! Chase is basically playing with our money for those few days all interest free and yet, they want to rape their long-time customers because they are not making enough from us simply paying on-time (fundamentally no risk to Chase for making 1-3% per charge from the merchants, after the upto 1% cash back they give the card holder). Chase now wants their good paying customers to pay them 200-300% per year like those higher risk customers who defaults or file bankruptcy.

Totally ridiculous. I guess this is the way JP Morgan Chase makes up the money their investment banking side is losing to rival Goldman Sacks. Something has to look decent on the balance sheets for their shareholders.

Well as of today, I am going to move all of my monthly recurring charges to non-Chase cards (and I have a few Chase cards). The Amazon.com, Buy.com and Toys-R-Us cards now going into the drawer and staying there (except for the one charge per year to keep the card active). I am not closing the accounts as that would end up hurting my credit score with a lower debt to credit ratio (as per Suze Orman).

I hope you don’t experience this yourself.

The only fix for now is to disable updates and go back to a previous signature file that is not “bad”.

Luckily I have another machine which has not yet taken down this update, so I saved the 400.vps file from C:\Program Files\Alwil Software\Avast4\DATA into my USB key. I then copied this older version of the 400.vps file onto the computer with bad 091203-0 VPS signature file. I placed it into C:\ for easy access later (because we will be using the Command Prompt, so everything would be typed).

Now on the computer with the bad VPS signature file,
disable the Avast updates by setting it to “Manual”.

Reboot the computer (assuming Windows XP) into
“Safe Mode with Command Prompt”
and type the following:
cd “C:\Program Files\Alwil Software\Avast4\DATA”
ren 400.vps 400.vps.091203-0.bad
copy C:\400.vps

(this is why I recommended putting it in C:\ above, less typing)
Then reboot the computer back to Normal mode.
Your Avast VPS signatures should now be reverted to the older version.

Good luck!

Update: December 3, 2009 8:25AM EST
Avast released an updated signature file (VPS 091203-1) that is suppose to resolve the bug. Goto http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=377
.

Well, a quick Internet search all turned up with suggestions on uninstalling and reinstalling LimeWire. This is great if you have the installer to the version that was installed on the machine readily available. In my friend’s case, that was not the case. Besides, he didn’t want to redo all of his settings (tweaks) which has been working great for years.

While tinkering around on his laptop, I started to think it would be a quick fix if I could make LimeWire re-download the list of current peers. Hopefully do this without losing all of the other LimeWire settings.

So here is the QUICK FIX, all WITHOUT losing the other LimeWire settings:
Exit out of LimeWire completely and make sure it is NOT running.
In Windows (I am sure there is a comparable equivalent on the Mac and Linux),
open the folder %USERPROFILE%\Application Data\LimeWire
(on some older profiles, it maybe in %USERPROFILE%\.limewire).
Delete the file gnutella.net.
Restart LimeWire and it should download a new peers list.
The file gnutella.net is automatically recreated when you exit LimeWire.

NOTE: this worked for my friend’s LimeWire Pro v4.12.3; so it may or may not work with other versions. If it works or does not work for you please leave me a comment with your LimeWire version, so the info can help others.

I hope this little bit of information helps you.

Jessica Biel most ‘dangerous’ celeb in cyberspace. Followed by Beyoncé, Jennifer Aniston, Tom Brady, and Jessica Simpson to round out the top 5.

Source: http://news.cnet.com/8301-1009_3-10317029-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Suggestion: use a safer browser like Mozilla Firefox 3.5.

Upon further investigation, I find that whenever I reloaded a NewEgg page, especially if it was a page with lots of images, several of these TCP sessions would open up again. So I decided to look at the source code of the NewEgg page.

Doing a NSLOOKUP on the hostname c1.neweggimages.com gave me a very interesting result.

Non-authoritative answer:
Name: a200.g.akamai.net
Addresses: 24.29.138.176, 24.29.138.186
Aliases: c1.neweggimages.com, images10.newegg.com.edgesuite.net

The IP addresses 24.29.138.176 and 24.19.138.186, both are residential RoadRunner cable modem dynamic IPs according to NYC RoadRunner; reverse resolving to cpe-24-29-138-176.nyc.res.rr.com and cpe-24-29-138-186.nyc.res.rr.com, respectively. It struck me very odd that Akamai would use such home-grade dynamic broadband connections to provide their expensive edge-of-network services.

A few minutes later, I did another NSLOOKUP and the IPs changed, as it should with the Akamai service to spread the traffic around their servers.

Non-authoritative answer:
Name: a200.g.akamai.net
Addresses: 209.107.209.91, 209.107.209.122
Aliases: c1.neweggimages.com, images10.newegg.com.edgesuite.net

Non-authoritative answer:
Name: a200.g.akamai.net
Addresses: 77.67.91.72, 77.67.91.122
Aliases: c1.neweggimages.com, images10.newegg.com.edgesuite.net

And as I am writing this blog entry, c1.neweggimages.com now resolves to:

Non-authoritative answer:
Name: a200.g.akamai.net
Addresses: 24.29.138.172, 24.29.138.162
Aliases: c1.neweggimages.com, images10.newegg.com.edgesuite.net

Once again traffic routed back onto RoadRunner residential service in NYC (reverse resolving to cpe-24-29-138-172.nyc.res.rr.com and cpe-24-29-138-162.nyc.res.rr.com). Looks like Akamai is using a lot of residential IPs within the NYC RoadRunner network.

As a result, some of these residential IPs do not work all the time, causing the NewEgg (and now BUY.COM) pages not to load and just hang.

Would you pay Akamai to basically host your images at someone’s home using a cable modem?
I know I would not pay premium dollars to get stuff hosted at a home. I like the redundancy of a data center.
 

Source: http://www.cnbc.com/id/32297641/

Source: http://america.esolar.com/
 

I just upgraded to Firefox 3.5 and realized that Microsoft snuck in (spyware-like installation, without user acknowledgment) an extension to Firefox 3.0 that is not compatible with Firefox 3.5, that extension is the Microsoft .NET Framework Assistant 1.0.

Microsoft has released a newer version of that extension, version 1.1, which is compatible with Firefox 3.5. However, Firefox 3.5 cannot automatically update to it, you have to do it manually and can be found here:
https://addons.mozilla.org/en-US/firefox/addon/9449

Well … being that I want to use Firefox and stay away from Microsoft’s browser and plug-ins, I wanted to find a way to remove the Microsoft .NET Framework Assistant 1.0 extension, since you cannot just click “Uninstall” like all the other extensions I have in Firefox. Besides, why would I want to keep an extension installed that I did not install myself? Would you knowingly keep a piece of spyware running on your computer? Heck no!

So digging around, I found clues on how to remove it. Here is a script that I wrote to remove the extension from the computer and remove it from Firefox. However, I still had to manually remove the additional information Microsoft added to the Firefox UserAgent header.

@echo off
echo Removing dotNET Assistant Extension files …
rd /s “%windir%\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension”
echo.
echo Removing dotNET extension from registry …
REG.EXE DELETE “HKLM\SOFTWARE\Mozilla\Firefox\Extensions” /v “{20a82645-c095-46ed-80e3-08825760534b}” /f
echo.
echo.
echo MUST manually remove the UserAgent setting from each Firefox profile …
echo.
echo you can manually delete this line from each prefs.js:
echo user_pref(“general.useragent.extra.microsoftdotnet”, “(.NET CLR 3.5.30729)”);
echo.
echo or do it from “about:config” within Firefox
echo.

However, this code did NOT work for all of my workstations. I found that in those cases I needed to manually remove an entry from the registry, so I created this .REG file:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
“{20a82645-c095-46ed-80e3-08825760534b}”=-

Finally, to remove the added text from the UserAgent header in Firefox.

One way to do this is to simply open the prefs.js for your Firefox profile and remove the line which reads:

user_pref(“general.useragent.extra.microsoftdotnet”, “(.NET CLR 3.5.30729)”);

Or you can … in Firefox, type “about:config” into the URL box and you should see this:

Now in the filter box, type “useragent” and you should see something like this:

Right-click on the “general.useragent.extra.microsoftdotnet” line brings up a menu, select “Reset”.
Now close out of Firefox completely and restart it. You are now done.
 
 
Reference: http://support.microsoft.com/kb/963707
 

Google for some reason started to blocking access to everything Google today. It is really preventing my clients with China offices from doing their work. Especially since they use Google Apps for their e-mail. When will China join the rest of the world and realize that the network is now global for many companies.

China must have done something with their Great Firewall to even block proxy traffic. My client has a proxy server in the US which they use in Firefox. Even that was blocked today. It results in a message saying that the “network was interrupted”.

Anyone know of a way to prevent that (blocking of the proxy, that is)?
 

Source: http://www.google.com/appsstatus
 

FDA: Zicam Nasal Spray Can Cause Loss Of Smell

The Food and Drug Administration says Zicam nasal spray can permanently damage users’ sense of smell. The FDA says consumers should stop using Zicam Cold Remedy nasal gel and related products immediately. All the over-the-counter products contain zinc. Scientists say that ingredient may damage nerves in the nose needed for smell.

Source: CBS News 2 NYC
Source: Eyewitness News ABC 7 NYC
 

Source: http://blog.twitter.com/2009/06/down-time-rescheduled.html
 

Source: https://www.xpressreg.net/register/phot109/hallonly/promostart.asp

NOTE: I am not affiliated in any way with this Expo. I am just planning to attend it.
 

However, with their recent merger or acquisition by MyPhotoAlbum, things have really gone down the drain, to the point where I would say dotPhoto reliability actually sucks! It appears that since the merger or acquisition, their policies have changed and so have the customer service (or lack thereof). Guess that all happened (unannounced) sometime in 2008, because service was still good back in 2007.

The reliability of retaining my digital content is important to us, so we no longer recommend dotPhoto to anyone. Not even for casual fun family and friends photos. Not unless you don’t care that they can disappear in a few hours.

So, this is what happened to me in the last 24 hours is inexcusable for an online Internet company. I logged into my dotPhoto account, all of my original albums were there (some dating back a few years). I went ahead and uploaded 2 new albums, totaling about 1500+ photos. It took several hours to upload. It completed without any errors and I was able to view the albums. Several hours later, I log back into my account. Surprise! All the albums have been deleted except for the first of the two new album that I uploaded. Even the most recent uploaded album was deleted. WTF?!

• Calling their customer service number use to get you a live person (I would say pre-2008). Today, you get a voice prompts that leads you into a mailbox with a message that says “the mailbox you are trying to reach is full, please try again later” and hangs up on you. By the way, their current phone number is 609-643-0090 x400 (the same as pressing 1 for customer service).
• The dotPhoto servers delete photo albums at random without warning. Yes, that is correct. Their system removes photo albums without warning. When you contact customer service about it. They claim that you either gave the password to someone and that person deleted the albums. Another excuse is that you uploaded corrupt photos and the system deleted them. Yeah right! Those albums have been there for years. Now all of a sudden they are all gone?
• Searching on line for reviews on dotPhoto and MyPhotoAlbum returned some very interesting results. Others have experienced the same thing. Even professional accounts had albums deleted without warning. Also many others had great experiences with dotPhoto up until 2008. Today, it appears that the policies of dotPhoto reflect those of MyPhotoAlbum (read: they suck).
• Contacting dotPhoto customer service is all via e-mail (support@dotphoto.com) and everything that comes back in replies are pretty much canned responses. Most of which is stating (in nicer terms) “hey idiot, it is user error”. The explanations ranged from me giving my password to someone and they deleted my albums, to me deleting all of my albums, to someone guessed my “easy” password (which happens to be 10 alpha-numeric with 2 punctuation symbols, oh sure that is “easy” to guess) and gained access to my account, to I uploaded corrupt images (yeah I must have time-machine and went back in time to upload them today, since those albums were years old). Eventually, like other web posts, dotPhoto customer service just stops responding without reason or reply.
• dotPhoto customer service claims that they reserve the right to delete anything inactive over 90 days without warning. To us, that is totally unacceptable because it is our digital content. At least give a warning and ask us to order a backup copy on DVD.
• Apparently, dotPhoto is an online photo service company that does not want to really provide customer service.

All in all, this is pretty much the last straw. I cannot work with a company that is this unreliable and does not care about their customer’s digital content, even if it was just for fun family photos. Especially not for any of my professional photography stuff. How can I have photo galleries online for clients to see, if the hosting company can randomly decide to remove them without notice? Heck, it is embarrassing to have family and friends goto a gallery link that was sent to them in e-mail resulting in a redirection to the dotPhoto home page.

NOTE: dotPhoto is no longer consistent in their prints between batches and prices are not the most competitive online photo printer around.

Thankfully, my professional photo galleries are hosted by SmugMug. Their support team is beyond fantastic. Too bad the labs they use (ez-prints and BayPhoto) is a little more pricey for my average family fun photos.

I now need to research which inexpensive photo printer will allow us to store our photos for reprints later … and not delete them. So, if you have a suggestion, please let me know.
 

You should give it a try. It may be interesting to see how branding affects perceived search engine results.

NOTE: the programmer is working for Microsoft, but claims this side project has nothing to do with Microsoft. Hmmm… I wonder why bing.com is one of the search engines it queries. The other two being Google and Yahoo.
 

Posted using ShareThis

This couple should have just retired and gave up spying … at their age, they should enjoy what life they have left. Now they have none.
 

Then goto http://adblockplus.org/en/subscriptions and add the following lists (at the bottom of the list):

• EasyPrivacy+EasyList
• Malware Domains
• MySpace Junk Filters

Watch this 80 minute video. It is worth every minute of it. It blows your mind as to what Google is doing. Top it off, they are going to make this thing open-source and make it available for free for everyone to use. For more information on the Google Wave API, goto http://code.google.com/apis/wave/.

The self-created text UI (user interface) that they showed during the last 10 minutes of the video is awesome! I just love the efficientcy of text UIs, it gets the job done (of course not for photos or other visually/graphically required stuff).

Personally, I would love to be able to develop this new Google wave platform. Cannot wait until it is opened to everyone.

Real-time message conversations, better than threaded. Not just e-mail like or IM-like, but it is like a textual and visual conference via your browser and the Internet. It shares photos in real-time. It links (actually integrates) to social networking sites. It can do so much integration it makes wave the new Office suite. Microsoft look out!

Their translation robot is great, especially for multilingual companies. The spell checking extension robot is so good that I think that it would make people even worse spellers. Now this is really something that would tap the power of high-speed broadband and fast processing computers to good uses.
 

Download links below are for the United States English version of Internet Explorer 8. Click on a link below to download for the operating system of your choice:

• Windows XP (32-bit)
• Windows XP (64-bit)
• Windows Vista (32-bit)
• Windows Vista 64-bit
• Windows Server 2003 (32-bit)
• Windows Server 2003 64-bit
• Windows Server 2008 (32-bit)
• Windows Server 2008 64-bit

If you want to download a localized versions of IE8 (other languages, etc), you can download them from here.

I needed these standalone installers for a client who wanted to upgrade all their workstations to Internet Explorer 8. Personally, I still prefer to use Mozilla Firefox.
 

Letter dated: May 26, 2009 (click on image to see larger view)

From the Advanta Bank Corp. website, it appears they are closing all of their credit card accounts; pretty much getting out of the credit card business.

Maybe this is a preemptive measure against the new Obama credit card regulations. I guess the new regulations may not be effective enough. If credit card companies just start to close down existing credit accounts, it effectively gives them the right to make new rules at anytime and force cardholders to adhere to them. For example, if they want to raise the interest rates next month from 9.9% to 29.9%, all they have to do is send out a letter like the one I received from Advanta, giving customers a 3-5 days notice that their accounts would be canceled; then offer a new card application at the higher interest rate and new terms. Guess that is the new loophole in the credit card law.

I guess I am going to expect all of my credit cards (MasterCard and Visa, anyway) is going to make drastic changes to force cardholders off their rewards and cash back programs. Not to mention they are going to raise everyone’s interest rates.
 

It has many PDFs, ranging from his 2010 Budget Proposal to his Small Business Emergency Rescue Plan. Go see for yourself (link).

Since they disabled “embedding” on YouTube for the actual (original) music videos here are the links to them:
http://www.youtube.com/watch?v=a0QCCNCkvzI
or
http://www.youtube.com/watch?v=vG9XfJxMY8A

This is one of my favorite songs. Love the message this song delivers.
 

NY Times article: Obama to Toughen Rules on Emissions and Mileage

And if the credit card companies start charging annual fees again, how is MasterCard or Visa any different from American Express? Of course, American Express has much better card member customer service. Maybe that is the difference that MasterCard and Visa are banking on … charging annual fees like AMEX, yet save that fee and continue with average customer service.

Hmmm … makes you think … maybe the Obama administration should regulate the credit card industry with fairness for good credit paying customers as well, not just rules to protect the delinquent payers. Then again, it might part of a bigger scheme from the Obama administration to redistribute money to those who are not working and waiting for the government to pay for their life (welfare, food stamps, government paid health care, utilities, rent, etc.).
 

Read more about it at from the
Wall Street Journal – Some Lobbyists Try to Skirt Stimulus Ban.

A Washington DC lawyer wrote on his blog that lobbyists are protected:
Stop the gag order. Lobbyists are protected by the First Amendment.
 

Mr. Paulson and Mr. Bernanke

According to a New York Times article, the US Treasury pushed Bank of America into closing the merger deal with Merrill Lynch.

What is becoming of America? It seems that this new Presidency and his cabinet is muscling corporations like the mob muscled small businesses for security protection from the mob itself. I just cannot believe the tactics that was placed onto Bank of America by the top people (Mr. Bernanke and Mr. Paulson) running the US Treasury.

I think that both, Mr. Bernanke and Mr. Paulson, should resign or be charged with racketeering. It sure sounded like it by what they made Bank of America do; not to mention all the money that shareholders and taxpayers lost as a result.

I guess banks taking the US government’s TARP fund is now being power extorted by the government. Mr. Lewis should have spoken up sooner.

I am sure more information is going to come out from this … and maybe someone would get indicted.

The Obama Deception HQ Full length version

Here is the story on SI Live (link).

A video provided by Fox 5 News.

Suze Orman is giving away, for FREE, access to her Will & Trust kit (online edition).

According to her website (link):

PLEASE NOTE: This program is an Online Version. You will receive your activation information within your e-mail confirmation. You WILL NOT receive an item in the mail.

The activation code allows you to upgrade to the all new on-line version of
the Ultimate Protection Portfolio / Will & Trust Kit for FREE.

If you wish to activate your kit at a later date, all you have to do is visit this web site page: https://www.suzeormanwillandtrust.com/account/activate_kit

I was able to find a review of the Suze Orman Will & Trust Kit can be found online:
http://www.bargaineering.com/articles/suze-ormans-will-trust-kit-review.html
 

For example, this Post is highlighted in “shade”, so I added the tag “highlight-shade” to this Post and added the following line to my styles.css:

NOTE: the “tag” prefix to the stylesheet entry.

I guess you can have fun with tags and various stylesheet effects now.
 

It is not only about Asian names. What about Jewish names? Greek names? German names? French names? Norwegian names? Dutch names? Latin names? Spanish names? African names? Middle-Eastern names?

Ms. Betty Brown, why don’t you change your name to something we all (including all foreign immigrants) can pronounce easily? Like “Jane Doe”.

Heck, why don’t we all be named “John Doe” and “Jane Doe”. We don’t have to worry about identity theft then. We will all share each others credit history and if our Command-in-Chief has it, share the money we work so hard to save. We should all be the same. Everyone can go by the same names, does the same job (lazily doing nothing, enjoying the air we breath), getting the same pay and appreciating the fact that the government can make all the decisions for us (oh wait, they are going to be the same “John Doe” and “Jane Doe”, getting the same pay, doing the same things, lazily enjoying the air). Hmm… that is one America I cannot imagine living in. It would be so un-American! So un-capitalistic. Shall I say it? So socialistic.

Just because something is different for you to comprehend, you want them to change to match your personal beliefs and tastes. That would make life very boring, in my opinion. Where would the ingenuity be? No more uniqueness?

Ms. Brown, your comment is so anti-American. If you don’t like being American and the American “melting pot”, please leave the country.

The diversity of America is what makes America unique. It is what makes America strong. Freedom to have different ideas and be creative, coming up with different ways to make tomorrow a better day for our children.

It would be a very sad day when we lose the American uniqueness.

By the way, Ms. Brown, what would you suggest our President, Barack Obama, change his name to? How about “Bob Brown”? Would that make it easier for you? After all, it is about you pronouncing it, right?

Folks, feel free to voice you opinion to Ms. Betty Brown, here is her contact info:
Email: betty.brown@house.state.tx.us
Phone: (512)463-0458   Fax: (512)463-2040

With WordPress v2.7, you can now mark a post as “Sticky”, which puts it at the top of the page. If you are using a WordPress 2.7 compatible theme, then it should work right out of the box. However, for older themes, you need to make a few simple modifications to your theme template and stylesheet.

In your template index.php file,

Add this to your template styles.css file:

Now any posts that is checked as “Stick this post to the front page” will be highlighted and moved to the top of the front page.

Just the thought of Google’s search technology and current relevant content (stuff people are Twitter’ng about) could mean a mega-advertising revenue stream for Google. I think if Google buys Twitter, we can possible see Google serving up ads in our Twitter feeds. It would be on of the most immediate direct-to-consumer model for marketing relevant ads. I predict that if this happens, the Google (NASDAQ:GOOG) would jump on the news.
 

Well, my friend Jimmy found it and posted on his blog.

So here is an article on FoxNews.

Cyberspies Penetrate U.S. Electrical Grid,
Leave Software That Could Disrupt System

Well some simple editing of the plugins’ code can make it look like this:

First … we modify the CSS stylesheet for the Sociable plugin. Change the first line in …/wp-content/plugins/sociable/sociable.css

Next … we modify the code of the AddThis Social Bookmarking Widget plugin and the ShareThis plugin; changing DIV and P tags to a corresponding SPAN tag.

To make it easier for you here are their respective Unix patch files:
addthis_social_widget.php.patch and sharethis.php.patch.

NOTE: whenever you update these plugins, you must modify the code again (unless the authors alter their code).

Enjoy!

Government Lab Tests
‘Super’ Power Cables for New York City

It would be more cool if they can deliver electricity for less. I wonder how much it would cost to cool this new super power cable. Definitely not a good thing if electricity costs continue to rise as we all need to use more of it for everything.

This photo received an honorable mention at the photo competition held on April 1, 2009 by Gateway Photographers of Staten Island.

Note: posts prior to this one were imported from my previous “test” blogs.