by annabelle

Sunday, August 31, 2008



Monday, August 28, 2006

Journey to Malware

( A Horror Story)

Its really odd that my latest post does not talk about pristine beaches or restaurant experiences. Nor does it talk about incompetent golf club employees.

To me, it is still a journey...and a horrible experience with malicious ware, Trojans, worms and Microsoft MVPs (Most Valuable Professionals) ...which is the reason why I have not posted for the past two (2) days...and have not slept well for almost a week.

My journey started last week when I was at this forum where I am a member. I have dedicated some of my time to this forum helping people by responding to their inquiry which is mostly related to immigration.

Responding to the topics and getting replies gives me a little sense of relief and accomplishment having been to similar situations and now teaching them some of the "how to" steps.

An anonymous member posted an ad and a URL in one of our threads. He posted so many ads that they blocked all our important topics at the message board.

So I copied the link and pasted it to my trial version of the ActiveWhois by JOHNRU, a network tool you can use to find any information about the owners of IP address or Internet domain.

I found that the domain belonged to a gentleman from Europe. So silly me, I confronted him on the thread if his name was so and so and ask him to stop posting. Later, I asked my moderator to delete the posts.

What I did not know was while I was right-clicking his link on the read to copy and paste it to ActiveWhois, it opened a new window and embedded executable files to my system!

It was horrible. The page was full of photos of women having sex with farm animals. The page was embedded with Trojans and spywares. My pc went crashing.

I restarted the pc to safe mode and scanned Ewid0 4.0 , an anti-malware program that rids your computer of Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers and supplements existing security applications to create a complete security system .

I have to upgrade it as it has become outdated. I found out that i have 22 infections in my computer. So I clicked the recommended action and thought that i destroyed everything.

But the malware seemed to keep coming and my computer has started to run low.

I saved the Ewido report and made a new scan with Hijack This, an expert tool that displays a log of legitimate and illegitimate programs which usually can't be detected by other tools. It will also indicate whether or not your computer is running unknown to you.

Sunday morning, before taking the trip to Lake Berryessa, I gathered the two (2) reports from Ewido and HJT, I submitted it to a Windows support group composed of highly intelligent experts called AumHa Forum for analysis.

My husband told me so many times that i spent too much time on the computer. I was scared to tell him what happened.

As the Aumha professionals are volunteers and have their own jobs and personal lives aside from helping in the posts, you'll have to wait for hours to get your response.

So by the time I received them, it was already Monday. I got some replies telling me to fix some system files with Hijack This clean-up. I was also asked to update my Java. I followed their instructions religiously.

Then my phone rings and I talk to my friend for an hour. While on the phone, I make the bed, sweep the floor, clean the rug, wash the dishes, clean the bathroom, and by the time we hang up, I'm done turning the sprinklers on. I go back to my computer.

I was asked to download the Avenger, a file removal software by Swandog.I ran the Avenger and by the time I'm done its time to pick up the kids. I walked two blocks to the children's school, get them, and walked back home.

I ran Ewido again. I ran HJT again. And this time I was asked to download ( Oh my God, I’m going nuts!) Active Scan by Panda,another anti malware.

I ran the software and by the time I'm done and saved a log, my husband arrives and I have leave my computer to get back to my real life.

After dinner was video time.We were viewing Nanny McPhee but my mind was seeing other things. I was thinking of the Hijack logs and the spyware embedded in my pc. I imagined them as little ninjas trying to open my files and getting as much information as they can.

I couldn't wait for the movie to finish so I can get back to my pc.I waited for my husband to brush his teeth and go to bed. By the time he is sleeping its already 11pm..and I'm still awake and very exhausted.

I went back to my work and I was asked to make another HJT Log.I made some errors with Ewido and I have to run it over again.Ewido runs for approximately 35 minutes. Before I was done, I fell asleep.Its 1:30 am.

Its Tuesday 5:30 am and the alarm rings.I turn the the pc and the Ewido scan is done waiting for me to aplly recommended action. I removed two infections.I saved the report and got up to get the kids ready.

Im getting frustrated. Im not getting the response I expected.And an MVP reprimanded me for highlighting some texts red which is of course a mistake on my part.

I use to have a similar problem but it wasn't this complicated.Now I realized its gething complicated.

I was asked to run the programs again and again like they never ended.I then ran the CCleaner, a system optimization tool that removes unused files from your system.

By Wednesday I was making progress.I was also asked not to surf the net or check my email using the same computer until I get my updates.

Thursday, I was asked to download the Windows XP SP2 from Windows Update. This is where the bomber started. Windows would not validate my XP stating that I may be a victim of counterfeit software! I was then asked if I have a COA sticker on my tower. I checked, Yes I have one.

An MVP from Aumha asked me to ran the WGA Diagnostic Tool, save the data and post it in the Windows Genuine Advantage Forum.

I was told that they were hopeful.I was ask to download and run Belarc, a tool used to read your license codes, so I can match the numbers in my sticker to the one Belarc is reading.

Que Horror ! My the numbers don't match. I went back to the Windows Forum to see if I got a reply. I did get a reply. It read:

" Your MGA Diagnostic Data indicates the presence of an illegal Volume License Product Key. Dell does not ship their computers with a Volume License version of Windows XP, only "OEM" versions. Contact Dell support and order their Dell Reinstallation CD (if you do not have one) and then proceed with a "clean install"...."

"...Also, your copy of Microsoft Office XP Professional with FrontPage is non-genuine. You'll need to uninstall it, then visit a nearby store that sells computer software and purchase a genuine version of Microsoft Office. "

I said, "What?!!"It couldn't be. We never installed a new XP after purchase. Did we? Let me recall how many technicians we hired to fix it and allowed them to install new software..two,four,seven? I'm not sure anymore.

Suddenly I didn't feel safe anymore. The Windows moderator asked me to purchase new sofware. How am I going to tell my husband that the PC crashed because it is filled with ugly trojans and spyware. How can I tell him that we have to purchase a new XP? How am I going to tell him that we cannot purchase online until the PCs clean? HELP!!!!

I shut down my system.

My Husband arrived and we went to have dinner at a Mexican restaurant in Benecia.We went home. We went to bed. I was not asleep. I couldn't sleep.

Friday, I have not told Him yet. My computer is walking ( not running) slow and I needed to make it run fast until I can tell him. It shouldn't be too obvious.

I went back to my previous thread on malware where I was given advice on how to remove malware and make my system run fast again. I ran Ewido and Spyware Doctor in Safe Mode. I ran the CCleaner .

Believing that everything is squeaky clean, I went to System Restore and restored the system to an earlier time.

I uninstalled my Avant Browser and reinstalled it. I needed to have a temporary firewall. I went to CNET and downloaded a trial version of Trend Micro's PC- cillin Internet Security . I updated the firewall and enabled all possible security.I restared my PC.

Voila! My computer was running fast. Or so it seemed. I’m cooking dinner. Spaghetti with Shrimps, tomatoes and capers and a bottle of Muscat. I slept well that night.

And then came Saturday. Another weekend for one of those awesome and bloggable family get-aways! Destination UC Berkeley and the Chinese Festival in Oakland. I'm so excited. I can take more photos and post it in the Blog. The Blog? Yes, the blog that I have forsaken because malware has taken so much of my time.

And then my husband asked if he could use my computer. I said sure why not? Why not? I still have not told him. I was waiting for his best mood. And I was confident because I thought I repaired it on Friday. Not a problem.

My husband was looking for the the quickest way to Berkeley. He typed the URL and looked for directions to Martin Luther King Jr. Suddenly the computer was running so slow. He reloaded the page and type the same directions...Nada.

He looked in my direction with an angry face. Uh-O! I’m in trouble. I was forced to tell the Truth.I felt like a 5-year old girl expecting a time-out for turning the cartoon show on.

Then my husband said, "Okay, we'll have it fixed Monday. How did this happen...and then....Feeling' better Luv?"


I never thought it would be that easy. If I told him at an earlier time, I would have been saved from that horrible experience. What a week.

The world of MALWARE is not a pretty thing. It’s a dirty jungle. And you have to be persevering, experimental, and updated to be able to win the battle. I learned my lesson the hard way. But, I am happy.

Sunday, I have a blog to write....

Tuesday, August 22, 2006

Lake Berryessa

A sequel

Forget the Jag forget the Boat. Just bring your swimwear and drive to the to the Northern part of Lake Berryessa and discover beaches and nature at its best in the end of summer.

Last weekend when we were there we made a slight mistake. We went South and did not know that where we went was a very small portion of the great lake which in itself was already breathtaking.

Last weekend we saw men fishing, a retiree testing his new boat with his favorite grandson,and some regulars water skiing.We saw a couple of kids in their swimsuits but we're not sure if they ever swam or got wet from fishing.

This Sunday, my husband and I decided to take the North road and we did not regret doing it.

The detour led us to a long and winding road which made my kids feel a little groggy.

But at the end of this road we marveled at the beautiful pristine beaches of the Lake Berryessa.

We have reached the Spanish Flat.

As we were approaching the entrance we found that the day park is free for entrance as well as the vest for the children ( park rangers will get the vest back after an hour.) The park ranger guided us to Coyote Beach, a shallow water that is suitable for kids. There were four rangers in the vicinity.

There are concrete restrooms available and dogs are also allowed in the beach. The place is not crowded. We saw five families enjoying the water and some couples.

The water is quite warm. After an hour of swimming, we drove back home.

What a beautiful Sunday.

A Google image of Lake Berryessa. The red arrow indicates where
we were last week. The blue arrow indicates where we were this weekend.

Children enjoying their last weekend at Lake Berryessa before school starts.

Sunday, August 20, 2006

Mare Island Outdoor Movie

The developer Lennar Mare Island has a very nice way of attracting customers . They invited everybody in Vallejo to watch Shrek2 under the evening sky for free, with free popcorn and cookies.

So my family after driving from Davis prepared to watch the 8:30 movie. We brought with us 2 blankets, chips and guacamole, orange juice for the kids, and a bottle of blushed wine.

Arriving at the Morton Field, we walked to the information booth for " free for all" popcorn, toys and other goodies .

The people were already in their mats in front of a giant screen showing Elmer trying to catch Bugs Bunny.

The audience was composed of young families from the Vallejo area, residents of Mare Island and some scattered groups of decent looking youngsters insensitive to the cold night air.

The movie Shrek2 played and laughter can be heard from beginning to end. After the movie, people were very conscious of cleanliness gathering all their trash, folded their blankets and headed home.

And after looking at the decent crowd, the friendly people, you would want to consider living in the island (except for that incident where my friend had an encounter with a Mare Island Golf Club Employee.)

It was a beautiful night.

A group of young girls waiting for Shrek2 to start at
Morton Field, Mare Island. They were really well-behaved.

Saturday, August 19, 2006

Driving to Davis California

We got up early to watch a soccer match in Davis,CA a city aproximately 40 miles North of Solano.Unfortunately Hwy 80 was a parking lot, so that we did not make it to the match.We made it to the second game though.

Davis is a university town being home to UCLA Davis.It is a bicycle friendly town with
wide streets, bike lanes and bike paths.

Another popular attraction to Davis is its farm produce.We dropped by Ikeda's Orchard Market, near Hwy 80 to buy fresh eggs, fresh tomatoes,fresh cucumber, dried fruits which are priced reasonably and a blackberry pie which is a bit expensive but has a
nice taste to it.

Driving to Davis gives you the nostalgia of driving to a farm town and buying the goods straight from the farmer.

In reality, the farmer's son who isnext in line will no longer be the farmer. He has gone to university in pursuit of a degree in medicine.

Ikeda Orchard Market Hyway 80,Davis

Freshly picked plump red tomatoes
Ikeda Orchard Market, Davis

Friday, August 18, 2006

Benecia Farmer's Market

Its Thursday Night and we decided to take a stroll at the Benecia Farmer's Market. We found some fresh oysters at $3 for 4 pieces. They were fresh and succulent. The vegetables were fresh. You see the same people you see in every farmer's market around California.

In one corner, I see a a middle-aged man playing the the Eagle's Best of my Love.

We walked along the shore and the you can actually smell the salt in the air. And the seagulls are a lovely view as well.

Benecia is a beautiful city by the water. Founded in 1847, the city was named after General Mariano Vallejo's wife Francesca Benicia. In 1853 it became the Capital of California for 13 months. Today the historic State Capitol is preserved at 115 West G. Street.

Benecia also became an important port when the Pacific Mail Steamship Company was established in the 19th century.

Today Benecia is an ideal town for retirees.The waterfront is breathtaking.The air is fresh.The residents are friendly.

Families spending their afternoons at
the waterfront
in Benecia,Ca.

Benecia farmer's market

A musician at the farmer's market

Sunset in Benecia.

Tuesday, August 15, 2006

Lake Berryessa, Napa, CA

If you were to choose between

A JAG ....



and you've seen Lake Berryessa for the first time on the weekend, what would you choose?

I would choose....a Jag....and a boat
....and another weekend at Lake Berryessa...

A Google aerial photograph of Lake Berryessa

plus a yearly upgradeable "uknowhat" on my wedding anniversary ( Luv you Honey!!! Mwah mwah mwah!)

I couldn't get enough of Lake Berryessa. And its just next to Napa! I wish we can have a boat one of these days ;-) Went there in the afternoon and I really wished we brought our swimwears.
The view is awesome. The water is warm. And there are people with their fishing rods. We stayed there for barely an hour. Wished we went earlier. You have to be there to really appreciate its beauty. I should go back there. So I can have more to write ;-)