Thursday, June 10, 2004
Breakfast at home: oatmeal, oranges. Dealt with a rather pernicious trojan (or something) which had gotten on Chris's computer in the process of upgrading from Win 2000 to Win XP. The first symptom was that Windows Updates would appear to install successfully but when I revisited the Windows Updates page they appeared to have not been installed. Further investigation revealed unusual behavior: msconfig and regedit and regedt32 would close by themselves after 3 to 10 seconds of being open. Running 'netstat -an' at a DOS prompt revealed connections established to 291.248.79.162 and 206.63.81.82 both on ports 6667—IRC trojan? Sophos 3.80 with today's virus defs and today's copy of Stinger both failed to identify these nasties. I resolved the problem by disconnecting the machine from the network, restarting in Safe Mode, changing Windows Explorer to display hidden and system files, finding kuamgrd.exe and smsc.exe in the system32 folder and deleting them, deleting all instances of kuamgrd.exe and smsc.exe in regedt32, removing other unfamiliar items from keys such as ( HKLM | HKCU ) /Software /Microsoft /Windows /CurrentVersion /Run, reviewing Black Viper's Web site to make sure I didn't make services too restrictive, deleting all files in the Windows Prefetch folder, and restarting normally. I identified these 2 exes as the culprits because when I'd delete references to them, they'd reappear after restarting. In msconfig, smsc.exe identifies itself as "Win32 USB2 driver" and kuamgrd.exe identifies itself as "Microsoft Update Machine." There was another thing I got rid of in various places called Netropa Multimedia Keyboard—I have no idea what that was, so out it goes. (No exe file associated with that that I could tell.) Debrah's USB mouse wasn't working—I unplugged it and plugged it back in and it was fine—took only a minute. Worked on the VPN issues and software requirements documents. Quick lunch at the cafeteria: chicken sandwich, onion rings, water. Computer support coordinators meeting. Weight training at home: arms. Dinner at home with Patrick: chips and salsa, shrimp quesadillas, Mexican rice.