the spotted blog

Tuesday, September 25, 2007

Human vs Virus

It's an age old battle. Full of heroism and valour. For centuries brilliant minds toiled against epidemics, risked their families to devise vaccines and what not. But this has nothing to do with them. This is far more trivial. It's not about humans against nature, it's war in its most perverse form, human versus human. This is about computer viruses.

You could say I was asking for it, I had checked the date of creation of the exe (16-Sept-2007 .. 5 days ago), and yet I decided to click on it. I guess too much faith on the Antivirus software running in the background did me in. It didn't mutter a word when I had unzipped the contents of the archive onto my hard-disk. It was minutes later when the windows explorer disappeared without a warning that realization finally set in. Infection.

Reboots, reaffirmed. The explorer won't come back. I was left staring at my wallpaper after each reboot. No desktop icons. No menu bar. Luckily the three fingered salute worked. Giving me a hole to work through. And so did the booting into console. From the console command menu, I was able to determine the last modified files were 3 system files in the C:\windows\system32 directory.

geedb.dll, yayayyv.dll and wpa.dbl

wpa.dbl turned out to be related to Windows Product Activation, maintaining the license and some configuration details. And is supposedly written at every shutdown. Anyway it had been created months ago. Dos command, dir /O:D /T:W, sorts based on latest written file. Whereas, dir /O:D /T:C, sorts based on time of creation. Also I couldn't find any legitimate reference for the other two files on the internet. So they were highly suspect.

If ever you find yourself in a situation where you feel that your system has just been infected due to something that you have done, I would recommend noting down the time right then. It helps to identify which files were modified at the instant.

I tried to relocate these files to a location where they would remain inert, but failed as windows was running and these DLLs were registered for a couple of processes, including winlogon.exe. Windows wouldn't let me do it, so I tried booting using my Ubuntu live CD, but alas my SATA drives weren't visible to ubuntu.

Further googling led me to the Process Explorer. In an instant it could show me that the aforementioned DLLs were not just relocated but were also packed to hide the code they contained. Those two were the only packed DLLs in the whole list, now in front of me...exposed because they tried to hide. :)

Process explorer also allows you to terminate certain threads of the process which caused particular DLL to be associated with it. Searching within all active processes for the references to particular DLLs is also possible. All in all its an awesome tool.

After terminating the relevant threads I could safely delete the two DLLs. And my system was restored to normal. I ran hijackthis as a confirmation. And found that yayayyv.dll had registered itself as a Browse Helper Object (BHO). Hijackthis could get rid of such registrations for me.

Now I am on the look out for a good live CD which provides rescue and security tools. Systemrescuecd looks like a good option.

Thursday, September 13, 2007

Audiophile


Roy Doty Hi-Fi Originally uploaded by Glen Mullaly.

If it hadn't been for the integration in semiconductors, this would have been present day reality for an audiophile.

Tuesday, September 11, 2007

bodhiTree - Sabka Katega (Unreleased)


Din kate naa Raat ...


(spoken)
What brought us together,
might remain unspoken.
What held us together,
might be worn off and broken.
Even if your way was different,
as I felt was mine,
Now I want our paths to cross,
waiting for my time.
(spoken piece ends)

Din kate naa, Raat kate naa,
Subah kate naa, Shaam,
Dhoop hate naa, Chaon hate naa,
Gham hate naa, Jaam.

Dekho sabka katega, Sabka katega, Raam.
Yuhin kat-ta rahega, Sabka katega Raam.

Teri yaadon mein kal ki raien bitaayi thi,
Meri aankhon mein phirsey aas bhar aayi thi.
Shaakhon sey phool toote raahon mey jiske.
Dil dooba, nam hua pyaar mein uske.
Pyaar ghate na, Yaad badhe yeh,
Yaad badhe har saans.
Pyaas mein teri jaane kitne kaat chuka main jaam.

Dekho sabka katega, Sabka katega, Raam.
Yuhin kat-ta rahega, Sabka katega Raam.

Phir sey subah hogi, kabhi to tere dar par,
Phir sey tere man mein, ham rahen har pal.
Phir sey subah hogi kabhi to tere dar par,
Phir sey tere man mein ham rahen har pal.
Kya hua jo jhoot kaha ki mujhe naa tumse pyaar,
Maan bhi jao kat jaayega pyaar mein jeevan yaar.

Jaise sabka katega, Sabka katega, Raam.
Yuhin kat-ta rahega, Sabka katega Yaar.

Sabka katega yaar ..

============

A soulful love song beseeching a parted lover to return. Or a tongue-in-cheek ballad, poking fun at the notion of love. A beautiful melody enlaced with simple honest words. Or just some ambiguous sarcasm and feigned yearning. You choose. I get solemn and smile every time I listen to it.

It's interesting to observe how the song is structured and is mostly the reason why it doesn't fail to amuse me every time. The spoken words at the opening give you a background of where we are headed. True to the introduction you are led through a wondrous stanza filled with pining. But then it comes. The abrupt "sabka katega", leaving you in disbelief and wondering if the intended meaning was the one you really want it too mean (hehe). However unnerving, the ambiguity is left to prevail.

You are given an opportunity to slip back to the reverie induced by such evocative lines as "nam hua pyaar mein uske". Just when you are about to forgive and forget the prior rude interjection, the last line of the second stanza leads you back to "sabka katega". This time though through a peculiar usage in "kaat chuka main jaam". You are in deeper water, the usage was almost legitimate. Was something else intended here? You have some purchase now, but its still very narrow to relax.

By now accustomed, you are led back to the usual singing. But you are expecting it now. It should be back anytime. And finally the wait ends. "Maan bhi jao kat jaayega pyaar mein jeevan yaar" .. "jaise sabka katega.." Brilliant .. it all fits.

Or does it? ;)

Haven't yet heard?

Friday, September 07, 2007

FSX Screenshots



Found an awesome guide from nVidia detailing the optimum values for the game settings of FSX and I got some stunning results. Click the photo which shall lead you Flickr for some more shots. You can view the pics at their original size by clicking on the "all sizes" button just above the pic.