I always do a little eye roll when I see crazy spec ads or package designs for cool products. Yeah, it’s great, you did a funny ad for condoms. I’m sure it made your friends laugh. I’ll throw it on the pile of funny ads for condoms. What else do you have? Quirky wine labels! Outstanding.

What I’m really interested in seeing is how you do something difficult.

#3, I Hate It When by Stefanie Stalder made me happy.

To criticize, it might be a little too much of the “clean look with text” thing. But our of those four, it’s not the most eye-catching or obviously clever. But wouldn’t you hire the person trying to find more difficult challenges and solve them?

Andrew Sullivan

One way to look at how the Bush administration redefined torture out of existence, so that it could, er, torture human beings, is to compare their criteria for “enhanced interrogation” with those for rape. Raping someone need not leave any long-term physical scars; it certainly doesn’t permanently impair any bodily organ; it has no uniquely graphic dimensions …. and although it’s cruel, it’s hardly unusual….

So ask yourself: if Abu Zubaydah had been raped 83 times, would we be talking about no legal consequences for his rapist – or the people who monitored and authorized the rape?

So the moon book… I wrote a new chapter two this weekend, and it’s all about thrilling stuff like server virtualization, network design, and other deeply geeky stuff. It’s probably totally hilarious and awesome to everyone who’s worked tech support or at a deeply underfunded school or government agency, and I’m equally sure any future editor’s going to read it, frown, and cross through the whole thing with a red pen.

And then I’ll publish it as the author’s cut or or something. Go all Piers Anthony “What of Earth” style.

My Mac Mini project is complete. I am soooo loving it. I’m already barely using my dying PC after only a few days, which is surprising. So here’s the scoop.

1: bought a Mini.
2: bought an ergonomic USB keyboard + mouse, hard drive, and the wrong RAM. What I should have bought was *204* pin RAM, not 240. I can’t believe I did that. It was a great moment when I got the case open (there’s a reason Apple considers it not user-serviceable)
3: installed the better hard drive
4: ordered and waited for the right memory, installed it

I really want to put some kind of massive super-antenna on it now, but I’m going to let that go.

What I ended up with is a fantastically quick, stable-as-a-rock, silent Mac that makes writing or doing dev work a pleasant, quiet activity. I love it, and doing a lot of the work myself, it cost less than I’d figured it’d end up taking to get my PC back up. Sometimes being a geek pays off.

Writing business plans is like writing a strange, high-level spec that causes my stomach to flip over a lot with anxiety.

A business plan for black hats with a modicum of patience
—
1. Wait for one of the URL-shortening services that has no revenue model to go under.
2. Buy it for $1
3. Buy an exploit for which there’s no patch yet (or wait for a patch release, hire someone to compile it)
4. Insert a new advertising interstitial page with the malware payload, so everyone who hits http:/evilu.rl/as29_1 gets pushed to the malware page and then on to their destination
5. Ta-da! The internet’s deep reservoir of existing unverifiable links now feeds directly into your malware factory and only the most paranoid users (who are likely not clicking on blind links anyway) will stay away.

For added evilness, load the malware only on the redirect to certain sites, which will then be blamed.

The great thing about this is that it’s hard to buy up an existing domain with as wide of an existing link exposure, and really hard to build that kind of link network naturally. It’s almost worth building something like is.gd and shaving one or two characters, launching it, and then waiting.

Until someone implements the short URL RFC or otherwise standardizes trustworthy short URLs, this is going to be tempting bad people.

I’ve been trying to figure out some PC issues for a while now and I’ll push this to the cloud so some future generation doesn’t have to face this.

Symptoms:
– lot of blue-screen errors
– lot of dead processes, many of them off on rundll32.exe
– weird connectivity issues (DNS timeouts, pages not loading)
– then this week, a couple of weird pop-up issues

Now here’s the thing… I run full antivirus, firewall, the whole kit and kaboodle, and I practice safe computing. I haven’t had any kind of issue like this in ten years, easily.

Interestingly, because I don’t use IE much, I didn’t notice what was going on for a long time, because that’s where it fires off all the pop-up windows (etc).

Anyway, the tale continues.

There are many weird entries in my startup:
yodokuge, rundll32.exe c:\windows\system32\yodokuge.dll”,b
yojinafi, rundll32.exe c:\windows\system32\yojinafi.dll”,s
yodokuge, rundll32.exe c:\windows\system32\yodokuge.dll”,b
munemume, rundll32.exe c:\windows\system32\munemume.dll”,a

Information on this is scant. Here’s a McAffe post on the last one. This is intentional, of course: they’re using randomly-generated names to make them harder to detect and, presumably, harder to troubleshoot.

And it’s all over the place. When I run Hijack This!, there’s a ton of this:

O2 - BHO: (no name) - {4c9e468c-2390-4182-91ff-0f82b3d9ee48} - C:\WINDOWS\system32\vupeteho.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\hewalote.dll c:\windows\system32\femawiko.dll c:\windows\system32\munemume.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\munemume.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\munemume.dll

That thing wants to be run in the worst way.

I believe that this is “Vundo.H” which is… well, check out Google… there’s a lot of people who are just hosed.

First, and I can’t recommend this highly enough, if you have a clean box, use it to do the research and potentially the downloading/CD burning/etc you’ll require. There’s going to be a lot of rebooting ahead of you.

Figuring out what you’ve come down with
– crack open task manager, and look for any strange rundll32.exe processes you see.
– scan the process list for any other unfamiliar process names
– open up msconfig (windows-R, type msconfig) and look through the startup list. You should see a bunch of weird rundll32 items.
– if you’ve got it, run Hijack This! which will produce a sweet log file you can scour.
– scour that log file

Optional
– Fix yourself a cold beverage, because this is going to take a while

Tools
– Hijack This!
– I used Malwarebytes’ Anti-Malware 1.36

Fixing (how I finally got it to work, your mileage will vary)
1. In task manager, try and kill off the weird rundll32 processes. You may have no success as they spawn new ones, but if it works it’ll save you a lot of trouble down the line
2. Run your anti-malware tool of choice. The first time through, you’re probably not going to make much progress, so do the quick scan, it’ll find like ~20 things in memory/startup/whatever. Fix them. It’ll ask you to reboot. Don’t.
3. If you can, run a full anti-virus scan, with updated definitions and everything. Hopefully it’ll turn up a metric ton of files with names like wuwuaua.dll.bak and so on, and be able to nuke them.
4. Reboot in safe mode. Run a set of full scans. Fix everything.
5. Repeat step 4 until nothing comes up. This will take a couple of cycles.

It took me pretty much a whole evening to fix, though obviously you’re not involved the whole time. I watched a baseball game. Each time you go through the cycle, you’re eliminating places the files can live, ways it can load, and closing off places it can go.

And some of the loops… like the extremely thorough virus scan I just did, take a long, long time (35h). But it finally came up clean.

Anyway, so yeah, future generations: be persistent, patient, and you can win. But if you just wipe, reinstall everything, and go on your merry way, well, I wouldn’t blame you.