Explained absense, and more news!

So, its been a long time since my last sign of activity both on this blog and on youtube and I apologize for anyone that has subscribed to this blog. I’ve been in a bit of a funk recently with work, life, and drama. But, I’m over that now and I’ll stop whining! To tease you the reader, I have a bunch of good news:

Most of my personal project time over the past few months has been spent working on a academic project which will (hopefully) be published in J. Chem Ed. in near future. My major contribution to the project is now complete, so now I have some more time to focus on my own projects. And even while I was in my dry spell, I was still working to design in CAD several electronics projects which need to be fabricated ASAP to meet some deadlines.

Now that I’m ramping back up for high gear on my own personal projects, I’m going to resume my normal blogging habits and attempt at least a weekly update to keep everyone interested in cool happenings. Its not my usual style to blog on topical stuff vs showcasing a project (or progress thereof), but I’ll give it my best shot.

Next on the chopping block: sprucing up my workbench so that it looks cleaner on video, and that leads me to my next point, hopefully weekly videos. I have a nice long list of chemistry technique videos as well as experiments that I’ve wanted to showcase on video for some time now, but been primarily discouraged by the unprofessional look of the bench. Soon enough that will change! I’m refinishing my benchtop surface and adding a back to the bench to clean up the look.

On top of the upgrades to the workspace, I’ve got a new computer to edit videos faster, more lighting in the basement for clearer videos, and a more streamlined workflow. Stay tuned…

New Big Project: Power Wheels Racing

So its been a while since I’ve posted an update; I’ve been busy with the job hunt and other things pertaining to my impending graduation. Regardless, I’ve found time to work on a major project: Power Wheels Racing.

I’ve been busy at work helping to soup up a toy Power Wheels jeep and make it go fast. Really fast.

You can track our progress at Megacycle Labs and the Power Racing Series websites.

The actual race will be at the Detroit Makerfaire, July 31-August 1, 2010; at the Henry Ford Museum. Full details of the event time/location pending.

Geocaching!

Yesterday I went geocaching with digimer and rucus around Mount Nemo in the Niagara Escarpment – beautiful weather and views, almost zero bugs, and some fun off the trail. Its a good reason to get out and explore.

For those of you that haven’t heard of geocaching, here is a video to explain:

I think I’ve been bit by the bug, I’ve located geocaches near my university and will have to drop by them some time….

Why McMaster Carr Sucks

So as a Canadian, I typically find myself ordering parts from both within Canada and the US, and at times needing to order something specifically from the US due to availability. Having used Digikey and Mouser, McMaster Carr would also be on the list of companies that I send my dollars to, but this is not so. Several years ago McMaster Carr changed its policy on Canadian orders, stating: “Thank you for your order. Unfortunately, due to the ever increasing complexity of United States export regulations, McMaster-Carr can only process orders from a few long-established customers in Canada. We sincerely regret any inconvenience this causes you.”

Frankly, they don’t regret the inconvenience, nor do they regret the loss of customers apparently. An ‘export regulations’ change might as well mean you can add Canada to the list of terrorist nations, so I can’t order some food grade tubing, metal shaft couplers, or worm gears.

I might be in a slightly snippy mood because I spent 3 hours over a crappy drill press to make a low precision shaft coupler to try out an idea of mine.

Dealing with rootkits – Zeus Trojan

Today, I tangled with a rootkit. I won. So in point form, here is a sequence of events (and eventual resolution):

1. Visited google homepage, Spybot Search & Destroy Tea Timer (background app which requests user approval for registry setting changes) pops up and asks whether to allow the following registry change:Userinit registry key [found in My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   to be changed from
   ‘C:\Windows\system32\userinit.exe’ to
   ‘C:\Windows\system32\userinit32.exe,C:\Windows\system32\lowsec.exe’
2. I say ‘Disallow’ and remember my answer, thinking that it is some sort of malware. Instantly, my window fills up with popups from Tea Timer saying that its preventing the registry change. Whatever is trying to change it, is trying darn hard.
3. Immediate shutdown and restart in safe mode with networking. A little bit of Google work for the term ‘lowsec.exe’ shows that a related file, sdra64.exe, and lowsec.exe are typical filenames for a rootkit. Great.
4. Typical hiding spots include system32, and such places. No such luck finding filenames that match. The process isn’t listed in task manager or process explorer. It must be hooked into a svchost.
5. Download the Kaspersky removal tool, find out the type of trojan/rootkit. Ran the tool, trojan eliminated from active processes in memory, files deleted.
6. Cleanup time – Firefox is prevented from running, something fishy is about. The error “this action has been cancelled due to restrictions in effect. Please contact your system administrator”. Some searching in regedit showed that there were registry keys in [My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun] that prevented several browsers from running. The key names were 1, 2, 3, and the values were oprah.exe, firefox.exe, and chrome.exe.
7. Downloaded HijackThis and scanned the system – several keys were found showing MSIE restrictions (preventing IE options from being opened), and many keys adding many suspect domains to the trusted zone of MSIE. I deleted keys which were out of place and unfamiliar.
8. Ran a scan for hidden streams using HijackThis, 2 streams found in a temp folder where the malware originated from. Baleeted.

So there you have it. Rootkit eliminated (insert FF7 victory jingle here).

I found it interesting that the malware would force the user to use MSIE with security settings turned off, malware sites added to the trusted zone (so any embedded crap on pages would automatically be trusted and ran, then installed), and Firefox, Oprah, and Chrome were all prevented from running (and the MSIE options window blocked). Essentially, forcing the user to operate as if they were stark naked on the internet. Malware no longer seeks to damage the users computer or such, but instead to install more malware, and harvest personal information.