Why talk about it now?

Archive for January, 2010

Why McMaster Carr Sucks

Posted by aonomus on January 23, 2010

So as a Canadian, I typically find myself ordering parts from both within Canada and the US, and at times needing to order something specifically from the US due to availability. Having used Digikey and Mouser, McMaster Carr would also be on the list of companies that I send my dollars to, but this is not so. Several years ago McMaster Carr changed its policy on Canadian orders, stating: “Thank you for your order. Unfortunately, due to the ever increasing complexity of United States export regulations, McMaster-Carr can only process orders from a few long-established customers in Canada. We sincerely regret any inconvenience this causes you.

Frankly, they don’t regret the inconvenience, nor do they regret the loss of customers apparently. An ‘export regulations’ change might as well mean you can add Canada to the list of terrorist nations, so I can’t order some food grade tubing, metal shaft couplers, or worm gears.

I might be in a slightly snippy mood because I spent 3 hours over a crappy drill press to make a low precision shaft coupler to try out an idea of mine.

Posted in Other, Rant, Uncategorized | Tagged: | Leave a Comment »

Dealing with rootkits – Zeus Trojan

Posted by aonomus on January 13, 2010

Today, I tangled with a rootkit. I won. So in point form, here is a sequence of events (and eventual resolution):

  1. Visited google homepage, Spybot Search & Destroy Tea Timer (background app which requests user approval for registry setting changes) pops up and asks whether to allow the following registry change:Userinit registry key [found in My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    to be changed from
    ‘C:\Windows\system32\userinit.exe’ to
  2. I say ‘Disallow’ and remember my answer, thinking that it is some sort of malware. Instantly, my window fills up with popups from Tea Timer saying that its preventing the registry change. Whatever is trying to change it, is trying darn hard.
  3. Immediate shutdown and restart in safe mode with networking. A little bit of Google work for the term ‘lowsec.exe’ shows that a related file, sdra64.exe, and lowsec.exe are typical filenames for a rootkit. Great.
  4. Typical hiding spots include system32, and such places. No such luck finding filenames that match. The process isn’t listed in task manager or process explorer. It must be hooked into a svchost.
  5. Download the Kaspersky removal tool, find out the type of trojan/rootkit. Ran the tool, trojan eliminated from active processes in memory, files deleted.
  6. Cleanup time – Firefox is prevented from running, something fishy is about. The error “this action has been cancelled due to restrictions in effect. Please contact your system administrator”. Some searching in regedit showed that there were registry keys in [My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun] that prevented several browsers from running. The key names were 1, 2, 3, and the values were oprah.exe, firefox.exe, and chrome.exe.
  7. Downloaded HijackThis and scanned the system – several keys were found showing MSIE restrictions (preventing IE options from being opened), and many keys adding many suspect domains to the trusted zone of MSIE. I deleted keys which were out of place and unfamiliar.
  8. Ran a scan for hidden streams using HijackThis, 2 streams found in a temp folder where the malware originated from. Baleeted.

So there you have it. Rootkit eliminated (insert FF7 victory jingle here).

I found it interesting that the malware would force the user to use MSIE with security settings turned off, malware sites added to the trusted zone (so any embedded crap on pages would automatically be trusted and ran, then installed), and Firefox, Oprah, and Chrome were all prevented from running (and the MSIE options window blocked). Essentially, forcing the user to operate as if they were stark naked on the internet. Malware no longer seeks to damage the users computer or such, but instead to install more malware, and harvest personal information.

Posted in Uncategorized | Tagged: , , , | 1 Comment »

STM8S Discovery!

Posted by aonomus on January 5, 2010

So, I finally got my hands on the blogosphere-popularized STM8 Discovery dev board, the $8 dev board wonder. Not even the uber cheap Arduino clone clones can top that.

Read the rest of this entry »

Posted in Electronics | Tagged: , | 1 Comment »

Crystal growing goodness

Posted by aonomus on January 1, 2010

Last week I took a 50mL beaker and loaded it with a few mL of CuSO4 saturated solution and left it in a dessicator loaded with some sodium hydroxide prills. After a few days, crystal growth started.

I think it would be fun to try to grow crystals of pretty much every salt I have in my possession… perhaps I need to improvise a bigger dessicator.

Posted in Chemistry, Science | Leave a Comment »

Happy new year!

Posted by aonomus on January 1, 2010

So its now 2010 on the east coast, and I must wonder what is in store for us? Positive things, negative things?

Posted in Other | Leave a Comment »