Tuesday, October 6, 2009

Free Anonymous Surfing

Operator is my clear first choice, a portable version of Opera with an included and well integrated Tor engine that uses the free Tor network. OperaTor is small and relatively fast, using just 6Mb of memory for it’s Tor engine, 2Mb for the Polipo caching proxy, 3Mb for the OperaTor loader and 18Mb for Opera. In my experience, OperaTor is by far the fastest browser, even with multiple proxies on the Tor network so that the browsing trail is frequently changing for greater security. Some people don't like the fact that OperaTor is not released with source code available (at least not that we have yet located) which may influence the choice in whether to use it or not. I believe that unless a user is proficient in programming, or at least reading the development language of any particular application, this becomes rather irrelevant, unless some amount of comfort or security might be perceived in knowing that source is available and others might be checking it even if the user of the application can not read it personally. Even closed source projects that become popular generally receive enough user and peer scrutiny that most problems would be quickly exposed.

JonDo anonymous network

JonDo (previously known as JAP) is my second choice and is in some ways a more flexible option, in that it is simply a Java application that performs the role of a local (PC based) proxy server that redirects browser requests via the JonDo (formerly JAP) network. This allows the user to configure their choice of any browser rather than requiring a change to Opera. Unfortunately, being Java based means that the application becomes somewhat bloated, requiring 54Mb of memory just for the Java JonDo application, as well as another few Mb for the JAP engine, and then whatever additional is required for the web browser of choice. JonDo does have quite a nice GUI display which shows the strength of the anonymity based on the number of anonymizing proxy servers, and takes care of managing the random proxy changes for greater anonymity. A commercial service known as JonDonym has been introduced which uses dedicated servers to provide higher speeds, higher levels of availability and more security along with support for chat, ftp and ssh in addition to web browsing. Another offering from the commercial JonDonym group is JonDoFox, a customized version of Firefox with JonDo code embedded along with other anonymizing optimizations. Unfortunately, JonDo not being a network like Tor is prone to some limitations in terms of the numbers of free servers, and some subsequent downtimes may be more likely with the smaller server base.

Vidalia using Tor anonymizing network

Vidalia is my third choice, a close match to JonDo in that it is quite a bit lighter in memory use and generally feels faster, but may not have the same level of anonymizing as JonDo. Vidalia is another integrated package using a combination of Privoxy and a Tor engine to connect to the Tor network, but it offers many new features. As with JonDo, Vidalia behaves as a local proxy for use by any browser, but it also provides configurations allowing it to run either as a simple standalone process or as a Windows service (for security and performance reasons, among others). Vidalia allows the user to participate in the anonymizing process by becoming a Tor Relay to help censored users in a similar way to becoming a BitTorrent relay, and a live realtime facility is available showing a map of the earth with lines representing connections to the Tor server participants. Vidalia uses 24 - 32Mb of memory, with an additional 4Mb used for Privoxy and another 16.5Mb for the Tor engine. One initially confusing aspect of Vidalia is that it provides a configuration access through port 9051, but it is not immediately obvious that Privoxy is listening on port 8118. Browsers using the Vidalia bundle must be configured to use the Privoxy port 8118 as the proxy server, not port 9051. Like JonDo, the Vidalia/Privoxy combination constantly changes proxy servers to mask the trail to provide greater anonymity.

Whatever your preference, both JAP and Tor networks offer a level of secrecy that is better than many commercial systems, though they are not watertight. Expect your surfing to slow down, in some case substantially, because you'll be relayed through a chain of servers, all heavily impacted by BitTorrent users seeking to hide from the RIAA. Note: the latest V5 release of JAP now allows Tor users to use JAP as a software access point to the Tor network.

XeroBank Firefox based browser

The XeroBank Browser (previously known as TorPark) provides a new customized version of the Firefox browser configured to work with the free Tor anonymizing service, or with a subscription service for higher speeds using dedicated servers, and other features. Firefox users may feel more comfortable with XeroBank, as it is based on Firefox, but also need not make any changes at all if they make use of either the JonDo or Vidalia bundles to access the Tor engine other than to set the proxy server, and of course, manual cleanup of the cache, cookies and browsing history after use. XeroBank claims to have many advanced features, but for the average user most of these may not be apparent, unless the subscription service is used. While the XeroBank browser is free to use on the Tor network, the XeroBank web site promotes the use of their subscription-based account. During installation, the XeroBank Browser offers the choice of using either the commercial XeroBank Client or the free Tor service. Caution! Some antivirus scanners report trojan infected code in the XeroBank download. Use http://jotti.org to verify all downloads, and use XeroBank and all other applications with caution, but be aware that some of the virus scanners used by jotti.org may also be overly zealous in their reporting of infections. Some claimed virus or trojan infections in various applications are no more than firewall detection, or software product key reporting capabilities mis-diagnosed by the scanner as a potential threat.

The downside of XeroBank as contrasted with using JonDo or Vidalia, is that you would need to use XeroBank for anonymous browsing and your regular browser for other surfing. Using JonDo or Vidalia, you can use the browser of your choice, and just reconfigure to use the proxy when you want to anonymous surfing. This won't automatically clean out all other personal data (cache, history, cookies etc.) when the application is shut down, which OperaTor and XeroBank do.

For all anonymizing services, check that you are running in anonymous mode by first browsing to one of many servers which reports your IP address, for example http://www.whatismyip.com/ and take note of your IP address. Reconfigure your browser to make use of the anonymizing service, and reload / refresh the browser and verify that the reported IP address has changed. Some IP reporting servers will also tell you which country, and even which city you now appear to be connecting from.

Most of the services reviewed are able to run directly from a USB flash drive if the executables are simply copied as is from their installation directories. This works really well, just plug your flash drive into any PC with a USB port, launch both the anonymizing proxy software and a browser, set the browser to redirect via the anonymizer and you will be in business. In the case of both OperaTor and XeroBank, all you need to is launch the browser from your flash drive and you will be ready to start browsing.

XeroBank XBMachine Live CD running under QEMU virtual machineWhile some 'LiveCD' applications such as XeroBank Machine and Incognito Live CD have been created and may provide similar functions, they mostly seem to be currently released in various stages of alpha or beta test versions and have bugs or limitations. For example, the XeroBank Machine provides two options. You can either run the xBMachine.exe from a Windows prompt which starts a QEMU virtual machine and then runs a GenToo Linux kernel, or by booting from a "Live CD". This Live CD boots the same customized GenToo Linux environment from CD without any Windows involvement. In simple terms, both xBMachine options simply provide a different "hardened" OS platform to run the Firefox based XeroBank Browser. Is LiveCD really useful? To some people, yes, not to me. It does mean that like SandBoxie, your guest operating system is protected from malicious web sites via your browsing, and when you stop the QEMU virtual machine or reboot the PC from hard disk rather than CD all traces are removed. I am a Unix / Linux geek so I am totally at home with them, but for the average person, I suspect the LiveCD and QEMU based options will provide a confusing level of complexity that will just interfere with their browsing and desire to be safe. Not much can beat truly safe browsing habits, whatever browser or add-on tools you use. xBMachine is a 380Mb zip file download, which unpacked yields a 391Mb ISO image to create a CD as well as another 10Mb or so of the QEMU environment. The QEMU hosted browser uses 292+Mb of XeroBank XBMachine Live CD running under QEMU virtual machinememory, requires the ISO image present, and took more than 5 minutes to load and be ready for use on a 1.8Ghz dual core Intel PC with 1Gb or memory. It provides a Linux X-Windows GUI with a profile configuration, a network configuration, xBBrowser, e-mail, Pidgin instant messenger, terminal and an option to configure for the paid subscription network. I don't know about you, but I am not willing to wait 5 or more minutes and have close to 300Mb of disk space tied up in a browser that took another minute or two to load, and then in my case never managed to connect out anyway. For those who feel that having source available makes a better product, go ahead and try to download the XeroBank source. All of the links gave me a 7Mb source zip file which was corrupted and would not open. Would this give you "open source available" feelings of security? I don't think so.

I'm a freeware and open source fan, I can read and write programs, but not when the source file is corrupted, and I am not likely to start poring through tens of thousands of lines of code even if I could unpack the source. Even if it does unpack, how do we know that exact source was used to build the tool, and not another set of customized source with a built in Trojan or spyware? The reality is that we really don't know unless we both inspect the source code and then compile it and compare the distributed executable.

One final comment on anonymizing, your browsing activities will never be 100% secure and guaranteed to be anonymous. It will be very difficult for anyone to trace you while browsing through the Tor network, except as reported in the Tor wiki, "when you access pages that use Java, Javascript, Macromedia Flash and Shockwave, QuickTime, RealAudio, ActiveX controls, and VBScript are all known to be able to access local information about your operating system and local network. These technologies will work over proxies and can tunnel the information back to their source."


Friday, August 14, 2009

In Loving Memory of: LES PAUL

The World Has Lost a Remarkable Innovator and Musician: Les Paul Passes Away at 94


New York, NY...August 13, 2009...Les Paul, acclaimed guitar player, entertainer and inventor, passed away today from complications of severe pneumonia at White Plains Hospital in White Plains, New York, surrounded by family and loved ones. He had been receiving the best available treatment through this final battle and in keeping with his persona, he showed incredible strength, tenacity and courage. The family would like to express their heartfelt thanks for the thoughts and prayers from his dear friends and fans. Les Paul was 94.

One of the foremost influences on 20th century sound and responsible for the world's most famous guitar, the Les Paul model, Les Paul's prestigious career in music and invention spans from the 1930s to the present. Though he's indisputably one of America's most popular, influential, and accomplished electric guitarists, Les Paul is best known as an early innovator in the development of the solid body guitar. His groundbreaking design would become the template for Gibson's best-selling electric, the Les Paul model, introduced in 1952. Today, countless musical legends still consider Paul's iconic guitar unmatched in sound and prowess. Among Paul's most enduring contributions are those in the technological realm, including ingenious developments in multi-track recording, guitar effects, and the mechanics of sound in general.

Born Lester William Polsfuss in Waukesha, Wisconsin on June 9, 1915, Les Paul was already performing publicly as a honky-tonk guitarist by the age of 13. So clear was his calling that Paul dropped out of high school at 17 to play in Sunny Joe Wolverton's Radio Band in St. Louis. As Paul's mentor, Wolverton was the one to christen him with the stage name “Rhubarb Red," a moniker that would follow him to Chicago in 1934. There, Paul became a bona fide radio star, known as both hillbilly picker Rhubarb Red and Django Reinhardt-informed jazz guitarist Les Paul. His first recordings were done in 1936 on an acoustic—alone as Rhubarb Red, as well as backing blues singer Georgia White. The next year he formed his first trio, but by 1938 he'd moved to New York to begin his tenure on national radio with one of the more popular dance orchestras in the country, Fred Waring's Pennsylvanians.

Tinkering with electronics and guitar amplification since his youth, Les Paul began constructing his own electric guitar in the late '30s. Unhappy with the first generation of commercially available hollowbodies because of their thin tone, lack of sustain, and feedback problems, Paul opted to build an entirely new structure. “I was interested in proving that a vibration-free top was the way to go," he has said. “I even built a guitar out of a railroad rail to prove it. What I wanted was to amplify pure string vibration, without the resonance of the wood getting involved in the sound." With the good graces of Epiphone president Epi Stathopoulo, Paul used the Epiphone plant and machinery in 1941 to bring his vision to fruition. He affectionately dubbed the guitar “The Log."

Les Paul's tireless experiments sometimes proved to be dangerous, and he nearly electrocuted himself in 1940 during a session in the cellar of his Queens apartment. During the next two years of rehabilitation, Les earned his living producing radio music. Forced to put the Pennsylvanians and the rest of his career on hold, Les Paul moved to Hollywood. During World War II, he was drafted into the Army but permitted to stay in California, where he became a regular player for Armed Forces Radio Service. By 1943 he had assembled a trio that regularly performed live, on the radio, and on V-Discs. In 1944 he entered the jazz spotlight—thanks to his dazzling work filling in for Oscar Moore alongside Nat King Cole, Illinois Jacquet, and other superstars —at the first of the prestigious Jazz at the Philharmonic concerts.

By his mid-thirties, Paul had successfully combined Reinhardt-inspired jazz playing and the western swing and twang of his Rhubarb Red persona into one distinctive, electrifying style. In the Les Paul Trio he translated the dizzying runs and unusual harmonies found on Jazz at the Philharmonic into a slower, subtler, more commercial approach. His novelty instrumentals were tighter, brasher, and punctuated with effects. Overall, the trademark Les Paul sound was razor-sharp, clean-shaven, and divinely smooth.

As small combos eclipsed big bands toward the end of World War II, Les Paul Trio's popularity grew. They cut records for Decca both alone and behind the likes of Helen Forrest, the Andrews Sisters, the Delta Rhythm Boys, Dick Hayes, and, most notably, Bing Crosby. Since 1945, when the crooner brought them into the studio to back him on a few numbers, the Trio had become regular guests on Crosby's hit radio show. The highlight of the session was Paul's first No. 1 hit and million-seller, the gorgeous “It's Been a Long, Long Time."

Meanwhile, Paul began to experiment with dubbing live tracks over recorded tracks, also altering the playback speed. This resulted in “Lover (When You're Near Me)," his revolutionary 1947 predecessor to multi-track recording. The hit instrumental featured Les Paul on eight different electric guitar parts, all playing together.

In 1948, Paul nearly lost his life to a devastating car crash that shattered his right arm and elbow. Still, he convinced doctors to set his broken arm in the guitar-picking and cradling position. Laid up but undaunted, Paul acquired a first generation Ampex tape recorder from Crosby in 1949, and began his most important multi-tracking adventure, adding a fourth head to the recorder to create sound-on-sound recordings. While tinkering with the machine and its many possibilities, he also came up with tape delay. These tricks, along with another recent Les Paul innovation—close mic-ing vocals—were integrated for the first time on a single recording: the 1950 No. 1 tour de force “How High the Moon."

This historic track was performed during a duo with future wife Mary Ford. The couple's prolific string of hits for Capitol Records not only included some of the most popular recordings of the early 1950s, but also wrote the book on contemporary studio production. The dense but crystal clear harmonic layering of guitars and vocals, along with Ford's close mic-ed voice and Paul's guitar effects, produced distinctively contemporary recordings with unprecedented sonic qualities. Through hits, tours, and popular radio shows, Paul and Ford kept one foot in the technological vanguard and the other in the cultural mainstream.

All the while, Les Paul continued to pine for the perfect guitar. Though The Log came close, it wasn't quite what he was after. In the early 1950s, Gibson Guitar would cultivate a partnership with Paul that would lead to the creation of the guitar he'd seen only in his dreams. In 1948, Gibson elected to design its first solidbody, and Paul, a self-described “dyed-in-the-wool Gibson man," seemed the right man for the job. Gibson avidly courted the guitar legend, even driving deep into the Pennsylvania mountains to deliver the first model to newlyweds Les Paul and Mary Ford.

“Les played it, and his eyes lighted up," then-Gibson President Ted McCarty has recalled. The year was 1950, and Paul had just signed on as the namesake of Gibson's first electric solidbody, with exclusive design privileges. Working closely with Paul, Gibson forged a relationship that would change popular culture forever. The Gibson Les Paul model—the most powerful and respected electric guitar in history—began with the 1952 release of the Les Paul Goldtop. After introducing the original Les Paul Goldtop in 1952, Gibson issued the Black Beauty, the mahogany-topped Les Paul Custom, in 1954. The Les Paul Junior (1954) and Special (1955) were also introduced before the canonical Les Paul Standard hit the market in 1958. With revolutionary humbucker pickups, this sunburst classic has remained unchanged for the half-century since it hit the market.

“The world has lost a truly innovative and exceptional human being today. I cannot imagine life without Les Paul. He would walk into a room and put a smile on anyone's face. His musical charm was extraordinary and his techniques unmatched anywhere in the world," said Henry Juszkiewicz, Chairman and CEO of Gibson Guitar. “We will dedicate ourselves to preserving Les' legacy to insure that it lives on forever. He touched so many lives throughout his remarkable life and his influence extends around the globe and across every boundary. I have lost a dear, personal friend and mentor, a man who has changed so many of our lives for the better."

“I don't think any words can describe the man we know as Les Paul adequately. The English language does not contain words that can pay enough homage to someone like Les. As the “Father of the Electric Guitar", he was not only one of the world's greatest innovators but a legend who created, inspired and contributed to the success of musicians around the world," said Dave Berryman, President of Gibson Guitar. “I have had the privilege to know and work with Les for many, many years and his passing has left a deep personal void. He was simply put – remarkable in every way. As a person, a musician, a friend, an inventor. He will be sorely missed by us all."

With the rise of the rock 'n' roll revolution of 1955, Les Paul and Mary Ford's popularity began to wane with younger listeners, though Paul would prove to be a massive influence on younger generation of guitarists. Still, Paul and Ford maintained their iconic presence with their wildly popular television show, which ran from 1953-1960. In 1964, the couple, parents to a son and daughter, divorced. Paul began playing in Japan, and recorded an LP for London Records before poor health forced him to take time off—as much as someone so inspired can take time off.

In the 1977, Paul resurfaced with a Grammy-winning Chet Atkins collaboration, Chester and Lester. Then the ailing guitarist, who'd already suffered arthritis and permanent hearing loss, had a heart attack, followed by bypass surgery.

Ever stubborn, Les recovered, and returned to live performance in the late 1980s. Until recently Les continued to perform two weekly New York shows with the Les Paul Trio, even releasing the 2005 double-Grammy winner Les Paul & Friends: American Made World Played, featuring collaborations with a veritable who's who of the electric guitar, including dozens of illustrious fans like Keith Richards, Buddy Guy, Billy Gibbons, Jeff Beck, Eric Clapton, and Joe Perry. In 2008, The Rock and Roll Hall of Fame paid tribute to Les Paul in a week-long celebration of his life which culminated with a live performance by Les himself.

Les Paul has since become the only individual to share membership into the Grammy Hall of Fame, the Rock and Roll Hall of Fame, the National Inventors Hall of Fame, and the National Broadcasters Hall of Fame. Les is survived by his three sons Lester (Rus) G. Paul, Gene W. Paul and Robert (Bobby) R. Paul, his daughter Colleen Wess, son-in-law Gary Wess, long time friend Arlene Palmer, five grandchildren and five great grandchildren. A private Funeral service will be held in New York. A service in Waukesha, WI will be announced at a later date. Details will follow and will be announced for all services. Memorial tributes for the public will be announced at a future date. The family asks that in lieu of flowers, donations be made to the Les Paul Foundation, 236 West 30th Street, 7th Floor, New York, New York 10001.

Slash said, "Les Paul was a shining example of how full one's life can be, he was so vibrant and full of positive energy. I'm honored and humbled to have known and played with him over the years, he was an exceptionally brilliant man."

Joe Satriani said, "Les Paul set a standard for musicianship and innovation that remains unsurpassed. He was the original guitar hero, and the kindest of souls. Last October I joined him onstage at The Iridium club in NYC, and he was still shredding. He was and still is an inspiration to us all."

Keb' Mo' said, “He's a guy who played right up to the end, that's what we all want to do! With his brilliant playing and invention of multi track recording, Les Paul changed the face of music history."

Bootsy Collins said, "Yes, it is very painful when you lose a man, his music, and his everyday presence here on this planet called earth. For us musicians that knew the bar that this man Mr. Les Paul set, not only for guitar players but for music in general, especially rock music, the world will never be the same. His famous Gibson Les Paul brand Guitar's are still to this day the number one hottest rock guitar on the market. I got the opportunity in 1991 to do a session with Mr. Paul when I was with Dee-Lite, we did a song called: "A little More of Les". yes, one of my corky titles of course, but It was such an inspiration to be in the presence of such greatness, he will be sadly missed by many. We love you Les!"

Joan Jett said, "I, and everyone at Blackheart Records, mourn the passing of our dear friend, Les Paul. He was a genius inventor, musical innovator, and a wonderful person. Without the advances he pioneered, the recording sciences and the electric guitar would have been left years behind. I will miss him so much."

Ace Frehley said, "The music industry has lost a giant! I'm very saddened by the news of Les Paul's passing. I was lucky enough to have known Les as a friend, and admired him as a musician and innovator. He forever changed the way we listen to music."

Butch Walker said, "Les Paul... I will always owe you.. bigtime..."

Billy Gibbons said, "Les Paul brought six strings to electricity and electricity to six strings. Les Paul was an innovator, a groundbreaker, a risk taker, a mentor and a friend. Try to imagine what we'd be doing if he hadn't come along and changed the world. There will always be more Les to come. That's certified."

Keith Urban said, “I have a mix of emotions today. On one hand, I am deeply saddened at Les Paul’s passing, and on the other a feeling of incredible gratitude and awe for his unquantifiable contribution to the world of music. His name adorns so many of the creations that I communicate through every night out here on the road...He is also very present every time I set foot in the studio and am able to lay multiple tracks as I record, when I use echo, etc., the list of his inventions, in addition to his famous signature model Gibson, are extraordinary. I also feel that even in his nineties, the fact he was still playing every Monday night in New York is perhaps the most beautiful and inspiring achievement of all. As Vince Gill would say, “Go rest high on that mountain Les...cause son, your work on earth is done.”

Joe Perry said, "As a guitarist and a fan of music in general, I know the amazing contributions Les Paul made in his lifetime to the art of making music. I think if the general public knew how much of that influence is heard every day in the music that they listen to, they would be amazed. He was a true genius. The few times that I had met him, he made me feel like I had known him forever. He was always sharp, ready to rock and he was always talking about his next gig. Knowing that he is not walking the earth anymore is sad and I have lost a friend. But every time I pick up a guitar I’ll know that his spirit is alive and well right next to me. "

Derek Trucks said, "Les Paul played until the day he died. I admire that... That's the way you live a life."

On his many achievements Derek Trucks said, "You could take any one of the many things he did and it would have been enough for most people. Inventing multi-tracking and then the 1st great solid body electric guitar. The amount of things he pulled off is pretty astounding."

Mick Jones said, “As a child I was introduced to the sound of Les Paul through my parent's record collection. It was a spellbinding moment when I first heard ‘How High The Moon’ featuring Mary Ford. His innovation and recording techniques contributed greatly to the creation of Rock music.”

Rickey Medlocke said, "I'm so thankful that this guy was such an incredible genius for developing such a great guitar. I am a 3rd generation Gibson user and I always will be. God bless Les Paul."

Tad Kubler said, "There are very few human beings in history that touched so many people the way Les Paul did. He shared his gifts with everyone and brought people together with his brilliance and devotion to music and the art of sound. It was a privilege to have met him. He will be incredibly missed. But our blessing is to know his spirit and soul will live for eternity in music everywhere."

Wes Scantlon said, "Les and I have the same birthday – it is an honor to have been born on the same day as such a genius guitarist, innovator and human being"

Neil Portnow (President/CEO of The Recording Academy®) said, "Three-time GRAMMY® winner Les Paul was a musical mastermind whose innovations in electric guitar and recorded music are unparalleled. A 1983 Trustees Award recipient and a 2001 Technical GRAMMY Award recipient, his career and contributions to popular music will forever be celebrated, and will continue to influence future generations of musicians. His magnetic charm and sunny disposition matched his incredible skill set, and he will always be remembered with great fondness, humility, and respect. The music industry has lost a true innovator and legend."

Terry Stewart (President of the Rock and Roll Hall of Fame and Museum) said, "Without Les Paul, we would not have rock and roll as we know it," said Terry Stewart, president and CEO of the Rock and Roll Hall of Fame and Museum. “His inventions created the infrastructure for the music and his playing style will ripple through generations. He was truly an architect of rock and roll."

Elliott Easton said, "I am deeply saddened by the passing of Les Paul. It is simply impossible to overstate the impact he has had on the modern world and our culture. There are those that refer to Les as "the Thomas Edison of Music Technology". To me that is inadequate. Thomas Edison never invented a device that could make the world fall in love with you. There isn't a person working in the music industry today that doesn't benefit in some way from Les' pioneering work."

Brian Wilson said, "Les Paul and Mary Ford were among my most favorite musicians in the 50's. He was the first guy to do multi guitar multi track recording and that turned me on to guitars and stacking vocals for our records."

Johnny A. said, "I am personally very saddened by the passing of Mr. Les Paul. As well as being such an iconic figure in the world of music, as a player and inventor, Les was truly a gentleman with an unbeatable sense of humor. It has been my honor to have known and played with him. His spirit will surely be missed."

Dave Navarro, "Les is single handedly responsible for the direction and evolution of the modern rock movement. Period. If you are a fan of modern music, you owe Les Paul an enormous THANK YOU!"

Don Miggs said, "I used to promise myself that every trip back home to NY should be capped off with seeing Les perform. I knew he wasn't going to be around forever and seeing him was a "must-do." Sadly, I never made good on my promise but one night I was walking into a deli and who do I see? Yup. My palms went sweaty, my tongue felt thick and I got a pit in my stomach, but I stopped him with a grunt of some sort. He looked me square in eye like "don't miss this moment," and I gulped and said, "It's because of you I can put food on my family's table, thank you," and he said, "You've done that for yourself, son, but thank you." And he was gone. Ah, Les, thank you thank you."

Randy Bachman said, "I am deeply touched by the passing of Les Paul who I first met in 1959. As a guitarist, composer, electronic innovator and inventor he was beyong genius and there was none other like him. He was a true musical gift from God to the world and spent his life honoring that gift. I proudly play my Les Paul guitars every night on stage and never forget the moments we shared."

Gary Rossington said, "I am very saddened to hear about the passing of Les Paul, he was an amazing guitarist. I play a Les Paul guitar every night and it's the best sounding guitar ever made. I have a framed t-shirt on my wall, signed by Les Paul that I admire when I'm at home, Les was the best!"


Tuesday, July 28, 2009

Manual Uninstallation of OEM BIOS Loader EMU

f you have applied and installed software based OEM BIOS emulator which is of Emu Loader type such as Vista Loader 1.0 (vstladr of softmod.iso) and Vista Loader 2.0 (grldr), you may face the problem that your computer unable to boot up anymore. Unlike Paradox OEM BIOS Emulation Toolkit 1.0 (repacked by Pantheon) which is software based driver emulator, Vista Loader actually makes use of boot manager (GRUB or GRUB4DOS) which is the first thing computer loads during boot up process, hence considerably increase the risk to use the crack for Windows Vista activation. Luckily, the Vista Loaders come with a uninstaller script that can automatically uninstall the crack patch from the boot loader.

However, if you already unable to boot up and start the operating system on your computer, the uninstallation script will be useless as you can’t run it. That’s why users are encourage to try the bootable CD method to apply the Vista OEM BIOS Emu Loader before patching the crack into hard disk. If you’re in this situation without access to Windows desktop, here are a trick and hack that you can use to repair boot sector and possible MBR (master boot record) of your computer, so that Windows can be loaded again without reinstallation.

Trick to execute Uninstall.cmd of Vista Loader

  1. Boot up the computer with Windows Vista installation DVD.
  2. Choose Install.
  3. At the screen where you’re asked to input product key, press Shift + F10 keyboard shortcut to trigger command prompt.
  4. Change directory to the folder where Vista Loader 2.0 or softmod.rar or softmod.iso is extracted.
  5. Execute uninstall command.

If you can still access Windows Vista, but for whatever reason such as decision to go genuine, you want to uninstall Vista Loader crack, but uninstall.cmd script fails to properly clean the crack, then you can use the following steps to manually uninstall the Vista Loader.

Manually uninstall Vista Loader 2.0 (grldr)

  1. Click on Start button, select “All Programs” -> “Accessories”, right click on “Command Prompt” and select “Run as Administrator”. Then confirm any UAC security warning pop-ups.
  2. Change directory to the date folder of Vista Loader 2.0.
  3. Type the following commands in italic, pressing Enter after each line:

    bootrest /nt60 d: (d: is to change to your boot volume of Windows Vista)

    attrib d:\grldr -r -h -s (change the d: to your boot volume, to remove special attributes)

    del d:\grldr (delete the softmod mod loader program)

Manually uninstall Vista Loader 1.0 (softmod)

  1. Click on Start button, select “All Programs” -> “Accessories”, right click on “Command Prompt” and select “Run as Administrator”. Then confirm any UAC security warning pop-ups.
  2. Change directory to the date folder of softmod archive.
  3. Type the following commands in italic, pressing Enter after each line:

    mbr_rest /nt60 d: (change d: to the boot volume of Windows Vista, can also use bootrest command)

    attrib d:\vstaldr -r -h -s (change the d: to your boot volume, to remove special attributes)

    attrib d:\menu.lst -r -h -s

    del d:\vstaldr (delete the softmod mod loader program)

    del d:\menu.lst (delete the software mod loader config file)

Source: http://www.mydigitallife.info/2007/03/10/manual-uninstallation-of-oem-bios-loader-emu-vista-loader-or-softmod-windows-vista-crack/

Nokia Aeon - Depicted on Echelon Conspiracy Movie

Take one part Bourne series, one part Global Frequency, and one part Colossus: The Forbin Project (with a dash of Star Trek: The Changeling and the Bruce Sterling short story Maneki Neko also thrown in) and that describes Echelon Conspiracy, a movie too ambitious and too derivative for its own good.

Still, I want that phone!











Nokia's research and development team have kicked it up a gear with an attractive "aeon" concept phone showing up in the R&D section of the company's website. The most prominent design feature of aeon is a touchscreen that stretches over the full surface area of the phone, similar to BenQ-Siemens's Black box concept phone we saw recently. Currently mobile technology isn't quite up to realizing this fantasy, but we'll sleep better tonight knowing that at least one of the cellphone industry's biggest names shares the same dream as we do -- BenQ's dream didn't count, unfortunately.

Source: Engadget & Makcanepics

Tuesday, June 16, 2009

Hide Drives in Windows Vista

If you’ve got drives in My Computer that you never access, such as a USB Flash drive that you are using solely for ReadyBoost, a floppy drive, or a network drive only used for a particular piece of software, then you might want to simply hide the drive from your computer.

This tip will only hide the drive from being displayed, applications and the command prompt will still have access to it, and you can still manually browse to the folder if you type in the path.

Now what’s that floppy drive doing there?


Configure the Hidden Drives

Open up regedit.exe by using the start menu search box, and then browse down to the following key.


If the Explorer key does not exist, you can right-click on Policies, select New Key and name it Explorer.


The NoDrives key most likely does not exist by default, so you’ll need to create it with right-click \ new 32-bit DWORD and name it NoDrives.

This value is a 32 bit number, and the bits are arranged in reverse order with a value of 1 hiding that drive. For example, if we wanted to hide drives A: and F: we would arrange it like this:

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1

Converting 100001 to decimal we end up with a decimal value of 33 or a hex value of 0×21, so if you double-click on the key in the registry editor, choose Decimal and then enter 33 into the value field.


In order to see these changes, you’ll need to restart explorer.exe, which you can do easily from Task Manager or the longer way by just logging off and back on.

Uninstall Tweak

To disable this tweak, simply remove the NoDrives registry key entirely.

Reference Info

Here’s a list of the values you’ll want to enter for a few different drive letters.

Drive Letter Decimal Hex
A 1 1
B 2 2
C 4 4
D 8 8
E 16 10
F 32 20
G 64 40
H 128 80

If you want to hide multiple drives, you’ll need to use the table of all the drive letters to figure out the correct binary code, and then convert that to decimal or hex. (hint: you can use the calculator in scientific mode)

Look, now that worthless floppy drive is gone!


Naturally it would be better to disable the floppy drive in your BIOS, but this tip is still valid for other types of drives.

Note that this also works on Windows XP.

Source: www.howtogeek.com

Thursday, May 28, 2009

SAMSUNG Unveils Wide Touch Screen Multimedia Phone; The SAMSUNG F490


SAMSUNG’s latest mobile phone with a touch sensitive 16:9 wide screen and a 5 megapixel camera is to launch in the UK and Europe before the rest of the world

SAMSUNG F490 - Wide Touch Screen Multimedia Phone

London, 10 January 2008 - SAMSUNG Mobile has today announced the launch of the new SAMSUNG F490, a powerful high speed multimedia phone with a touch sensitive 16:9 wide screen and intuitive user interface. The SAMSUNG F490 will be available in the UK from mid-February. After being launched in the UK and Europe, it will be introduced to the U.S. and Asian markets.

The SAMSUNG F490’s debut comes amid rising popularity of touch screen technology. With a class-leading 3.2 inch 16:9 wide screen, the SAMSUNG F490 provides a panoramic view of pictures or videos as well as a larger screen space for Internet surfing. To make Internet browsing easy and enjoyable, the SAMSUNG F490 also features the Google search engine optimised for mobile use and full Internet browser for viewing web pages both vertically and horizontally.

At just 11.8mm deep, the new handset’s slimline design features rounded corners and a glossy surface that looks chic, making the SAMSUNG F490 a pleasure to hold and use. The stylish and intuitive 'Croix UI' user interface, which won the iF Communication Design Award 2007, involves two bars that cross-hatch, enabling users to control the phone’s many features by simply tapping and dragging.

For example, the intuitive nature of the user interface is demonstrated during song playback where users can easily move left/right to rewind/fast forward and move up/down to adjust volume. This addition of the ‘Croix UI’ interface brings new levels of usability to the SAMSUNG F490 and makes basic navigation, Internet browsing, task management and other activity easier than ever before. Furthermore, haptic feedback from the phone’s keypad offers tangible assurance that a command has been inputted.

From listening to music to snapping photos and video with its 5 megapixel digital camera, the SAMSUNG F490 boasts the very latest in audio and video technology. For connectivity and storage purposes it combines the standard 3.5mm audio jack, support for compatible microSD cards and 130MB internal memory.

The SAMSUNG F490 is geared to offer the ultimate multimedia experience with fast HSDPA connectivity. Downloading large files, streaming videos, and holding video conversations is all easier than ever with speeds as fast as 3.6Mbps. The handset also features Bluetooth 2.0 and USB 2.0 so that users will also be able to connect to a range of peripherals including wireless headsets and mobile printers.

The SAMSUNG F490 will be available in the UK from the mid-February. For more information, please visit www.samsungmobile.com

SAMSUNG F490 Specification
Standard: HSDPA 3.6 mbps / UMTS/ EDGE (900/1800/1900/2100)
Camera: 5 Megapixel Camera
Display: 3.2" 16:9 Wide Full Touch LCD (262K Colors)
Features: Croix UI; Video Recording (MPEG4, QVGA@15fps), Video Playback (WMV, MPEG4, H.263, H.264, VGA@30fps); Bluetooth 2.0 (A2DP+ AVRCP); USB 2.0 (High speed); Google Search, NetFront 3.4 browser, Mail; MP3, AAC+, AAC+(e), WMA; OMA DRM v2.0, WMDRM, Multitasking
Memory: 130MB internal memory + microSD
Size: 115 x 53.5 x 11.8mm
Weight: 102g

Sunday, May 24, 2009

10 mistakes new Linux administrators make

Author: Jack Wallen

If you’re new to Linux, a few common mistakes are likely to get you into trouble. Learn about them up front so you can avoid major problems as you become increasingly Linux-savvy.

For many, migrating to Linux is a rite of passage that equates to a thing of joy. For others, it’s a nightmare waiting to happen. It’s wonderful when it’s the former; it’s a real show stopper when it’s the latter. But that nightmare doesn’t have to happen, especially when you know, first hand, the most common mistakes new Linux administrators make. This article will help you avoid those mistakes by laying out the most typical Linux missteps.

Note: This information is also available as a PDF download.

#1: Installing applications from various types

This might not seem like such a bad idea at first. You are running Ubuntu so you know the package management system uses .deb packages. But there are a number of applications that you find only in source form. No big deal right? They install, they work. Why shouldn’t you? Simple, your package management system can’t keep track of what you have installed if it’s installed from source. So what happens when package A (that you installed from source) depends upon package B (that was installed from a .deb binary) and package B is upgraded from the update manager? Package A might still work or it might not. But if both package A and B are installed from .debs, the chances of them both working are far higher. Also, updating packages is much easier when all packages are from the same binary type.

#2: Neglecting updates

Okay, this one doesn’t point out Linux as much as it does poor administration skills. But many admins get Linux up and running and think they have to do nothing more. It’s solid, it’s secure, it works. Well, new updates can patch new exploits. Keeping up with your updates can make the difference between a compromised system and a secure one. And just because you can rest on the security of Linux doesn’t mean you should. For security, for new features, for stability — the same reasons we have all grown accustomed to updating with Windows — you should always keep up with your Linux updates.

#3: Poor root password choice

Okay, repeat after me: “The root password is the key to the kingdom.” So why would you make the key to the kingdom simple to crack? Sure, make your standard user password something you can easily remember and/or type. But that root password — you know, the one that’s protecting your enterprise database server — give that a much higher difficulty level. Make that password one you might have to store, encrypted, on a USB key, requiring you to slide that USB key into the machine, mount it, decrypt the password, and use it.

#4: Avoiding the command line

No one wants to have to memorize a bunch of commands. And for the most part, the GUI takes care of a vast majority of them. But there are times when the command line is easier, faster, more secure, and more reliable. Avoiding the command line should be considered a cardinal sin of Linux administration. You should at least have a solid understanding of how the command line works and a small arsenal of commands you can use without having to RTFM. With a small selection of command-line tools on top of the GUI tools, you should be ready for just about anything.

#5: Not keeping a working kernel installed

Let’s face it, you don’t need 12 kernels installed on one machine. But you do need to update your kernel, and the update process doesn’t delete previous kernels. What do you do? You keep at least the most recently working kernel at all times. Let’s say you have 2.6.22 as your current working kernel and 2.6.20 as your backup. If you update to 2.6.26 and all is working well, you can remove 2.6.20. If you use an rpm-based system, you can use this method to remove the old kernels: rpm -qa | grep -i kernel followed by rpm-e kernel-{VERSION}.

#6: Not backing up critical configuration files

How many times have you upgraded X11 only to find the new version fubar’d your xorg.conf file to the point where you can no longer use X? It used to happen to me a lot when I was new to Linux. But now, anytime X is going to be updated I always back up /etc/X11/xorg.conf in case the upgrade goes bad. Sure, an X update tries to back up xorg.conf, but it does so within the /etc/X11 directory. And even though this often works seamlessly, you are better off keeping that backup under your own control. I always back up xorg.conf to the /root directory so I know only the root user can even access it. Better safe than sorry. This applies to other critical backups, such as Samba, Apache, and MySQL, too.

#7: Booting a server to X

When a machine is a dedicated server, you might want to have X installed so some administration tasks are easier. But this doesn’t mean you should have that server boot to X. This will waste precious memory and CPU cycles. Instead, stop the boot process at runlevel 3 so you are left at the command line. Not only will this leave all of your resources to the servers, it will also keep prying eyes out of your machine (unless they know the command line and passwords to log in). To log into X, you will simply have to log in and run the command startx to bring up your desktop.

#8: Not understanding permissions

Permissions can make your life really easy, but if done poorly, can make life really easy for hackers. The simplest way to handle permissions is using the rwx method. Here’s what they mean: r=read, w=write, x=execute. Say you want a user to be able to read a file but not write to a file. To do this, you would issue chmod u+r,u-wx filename. What often happens is that a new user sees an error saying they do not have permission to use a file, so they hit the file with something akin to chmod 777 filename to avoid the problem. But this can actually cause more problems because it gives the file executable privileges. Remember this: 777 gives a file rwx permissions to all users (root, group, and other), 666 gives the file rw privileges to all users, 555 gives the file rx permissions to all users, 444 gives r privileges to all users, 333 gives wx privileges to all users, 222 gives w privileges to all users, 111 gives x privileges to all users, and 000 gives no privileges to all users.

#9: Logging in as root user

I can’t stress this enough. Do NOT log in as root. If you need root privileges to execute or configure an application, su to root in a standard user account. Why is logging in as root bad? Well, when you log on as a standard user, all running X applications still have access only to the system limited to that user. If you log in as root, X has all root permissions. This can cause two problems: 1) if you make a big mistake via a GUI, that mistake can be catastrophic to the system and 2) with X running as root that makes your system more vulnerable.

#10: Ignoring log files

There is a reason /var/log exists. It is a single location for all log files. This makes it simple to remember where you first need to look when there is a problem. Possible security issue? Check /var/log/secure. One of the very first places I look is /var/log/messages. This log file is the common log file where all generic errors and such are logged to. In this file you will get messages about networking, media changes, etc. When administering a machine you can always use a third-party application such as logwatch that can create various reports for you based on your /var/log files.

Sidestep the problems

These 10 mistakes are pretty common among new Linux administrators. Avoiding the pitfalls will take you through the Linux migration rite of passage faster, and you will come out on the other side a much better administrator.

First Quad-core Mobile Laptop

Alienware, Dell’s extreme-high performance computing arm, has announced the arrival of its M17 laptop, one of the first such machines powered by the Intel Core 2 Extreme QX9300 (2.53 GHz, 12MB cache, 1066MHz FSB), the world’s first mobile quad-core processor.

Ladies and gentlemen, start your engines.

Alienware M17 (back)

Alienware M17 (front)Typical of the company’s products, the machine is a barnburner: For one, the 17-inch notebook is the company’s first with ATI CrossFireX multi-GPU technology, featuring dual ATI Mobility Radeon HD 3870 cards. (That means solid HD video playback, full DirectX 10.1 support and frame rates up to 80 percent higher than single GPU setups.) You’ll have up to 4GB of DDR3 memory at your disposal, achieving speedy transfer rates, data retrieval, load times and multitasking.

Of course, and that devilishly-fast QX9300 processor, too, which also appeared in Lenovo’s ThinkPad W700 earlier this year. (About; benchmarks)

On the storage front, dual 500GB hard drives linked in a RAID 0 configuration offer a massive 1TB storage capacity. Your Blu-ray and HD video will enjoy the 17-inch “Extreme High-Definition” 1920 x 1200 resolution display.

Alienware M17 (rear)Plus, all the typical Alienware amenities, including the Alienware Command Center control panel, which includes the AlienFusion power management system, AlienSense facial recognition software and AlienTouch touchpad controls.

What color does that Skullcap case come in? Matte black. As if you even had to ask.

The company notes that power users and gamers on a budget can even get in on the action: The M17 starts at $1,399, and a configuration with an Intel Core 2 Duo processor, ATI CrossFireX technology, 3GB of DDR3 memory and a 1920 x 1200 Extreme High-Definition LCD can be had for under $2,000.

Alienware M17 (detail)On the other hand, a fully loaded machine with all the trimmings will run you a cool $4,199. Anyone want to donate to the Toybox gift fund?

The M17 is available today in the U.S. and Europe.

(Posted By: Andrew J. Nusca is an assistant editor for ZDNet.com)

Tuesday, May 19, 2009

Four more Hayden s*x videos

stir.ph-by: Edgar O. Cruz | STIR Editor (Chief Agitator)
18 May 2009 | 10:56 AM

hayden kho sex video“Yeah,” answers Vicki Belo when daughter Crystalle Henares asked her if she had seen the Hayden Kho and Katrina Halili “Careless Whispers” video.

Vicki had admitted Hayden and her are more than f___king friends. They have returned as boyfriend/girlfriend. The buzz is Hayden already got back his luxury SUV and high-end condo unit, both gifts from Vicki which she took back in their split last January. To start off Hayden on his own, Vicki is also going to build his own clinic. She did this despite Hayden’s confirmed streak of infidelity which is turning out to be psychological sickness.

It now appears the “Careless Whispers” video is just a preview to the release of the real thing: the Katrina-Hayden’s sex video!

First to come out is a 40-minute sex bout with Katrina Halili in what appears like a hotel room showing them in all kinds of sex including animal-style copulation. Two more videos are taken, before Hayden was notoriously popular, with a Filipina model that are

hayden kho sex video

18 and 27 minutes long. Another video is with a Brazilian model. Except for the last one, video qualities are exceptionally clear, indicating they were purposely videotaped.

To be released next is Rufa Mae Quinto’s sex video with Hayden. To preempt public opinion, Rufa Mae has admitted she has a sex video. She strongly denied this before. Another sex video with Katrina is coming out. These sex videos has been compiled in DVD by Quiapo pirates known as the “Hayden Video Scandal.” And everybody’s worst fears...Hayden’s sex video with Vicki.
Somebody’s clearly not happy with the Vicki-Hayden reconciliation. The buzz is the person releasing these

videos is the same ex-best friend who gave Hayden’s stolen laptop to Vicki that caused their split. As previously reported by STIR, this person and his group of friends tried to get even with Hayden to punish him for wronging thisperson’s girlfriend.

It’s clear they are back at it again. If not, why are these sex videos appearing only now?

“What can I do?” Crystalle Henares says in frustration when questioned how she feels about the reconciliation of Vicki and Hayden. Elder brother Quark Henares and Crystalle are openly against the relationship. They have warned Vicki that they will leave the family house if Hayden enters it again. But brother and sister cannot slam their mother out of love for him Crystalle reconsiders, “Ang important ngayon masaya ang mommy ko.”

When told about her mom’s sex video, Crystalle could only exhale, “Naku! Huwag naman!”

(***Due to the sensitive nature of the videos, STIR decided not to post them. This article contains nude photos and is not advisable to be viewed minors***)

Monday, May 4, 2009

Windows XP integrated in Windows 7

In a few days, exactly April 30th, the Release Candidate of Windows 7, the operating system of Microsoft, will be available for download by MSDN and TechNet subscribers (public availability will begin on May 5th) and Microsoft announced that they have integrated in Windows 7 a feature Windows XP Mode (XPM).

Windows XP Mode is specifically designed to help small businesses move to Windows 7. Windows XP Mode provides you with the flexibility to run many older productivity applications on a Windows 7 based PC.

All you need to do is to install suitable applications directly in Windows XP Mode which is a virtual Windows XP environment running under Windows Virtual PC. The applications will be published to the Windows 7 desktop and then you can run them directly from Windows 7.

Windows XP Mode and Windows Virtual PC are best experienced on your new Windows 7 PC. We will be soon releasing the beta of Windows XP Mode and Windows Virtual PC for Windows 7 Professional and Windows 7 Ultimate.


Specifically designed to help businesses move smoothly to Windows 7, Windows XP Mode runs using the Virtual PC technology. Thus, many applications designed for Windows XP can be installed and runned without risk of incompatibility on a PC with Windows 7 and a processor based virtualization.

Available for Windows 7 Professional and Windows 7 Ultimate, all information will be accessible directly from the desktop of Windows 7.

Windows XP mode


  • CrystalXP on your site (RSS Feed)

Wednesday, February 11, 2009

Downup / Conficker / Downadup / Kido Worm

Technical details

This malicious program exploits the MS08-067 vulnerability to spread via network resources and removable storage media.

This modification of the worm is a Windows PE DLL file. The file is 158110 bytes in size. It is packed using UPX.


The worm copies its executable file with random names to the following directories:

%Program Files%\Internet Explorer\.dll
%Program Files%\Movie Maker\.dll
%All Users Application Data%\.dll

is a random string of symbols.

In order to ensure that the worm is launched next time the system is started, it creates a system service which launches the worm’s executable file each time Windows is booted. The following registry key will be created:


The name of the service will be created from combining words from the list below:


The worm also modifies the following system registry key value:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs" = " %System%\.dll"

The worm hides its files in Explorer by modifying the registry key value shown below:

[HKCR\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "dword: 0x00000002"
"SuperHidden" = "dword: 0x00000000"
"CheckedValue" = "dword: 0x00000000"

The worm flags its presence in the system by creating the unique identifier shown below:



In order to spread quickly via networks, the worm uses tcpip.sys functions to increase the number of potential network connections.

The worm connects to the servers shown below in order to determine the external IP address of the victim machine:


The worm then launches an HTTP server on a random TCP port; this is then used to download the worm's executable file to other computers.

Copies of the worm have the extensions listed below:


The worm gets the IP addresses of computers in the same network as the victim machine and attacks them via a buffer overrun vulnerability (MS08-067) in the Server service. More details about the vulnerability can be found here: www.microsoft.com/technet/security/Bulletin/MS08-067.mspx. The worm sends a specially crafted RPC request to TCP ports 139 (NetBIOS) and 445 (Direct hosted SMB) remote machines on remote machines. This causes a buffer overrun when the wcscpy_s function is called in netapi32.dll, which launches code that downloads the worm's executable file to the victim machine and launches it. The worm is then installed on the new victim machine.

The worm then hooks the NetpwPathCanonicalize API call (netapi.dll) to prevent buffer overruns caused by the absence of a check on the size of outgoing strings. By doing this, the worm makes repeat exploitation of the vulnerability impossible.

In order to speed up propagation, the worm modifies the following registry value:

[HKLM\ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"TcpNumConnections" = "dword:0x00FFFFFE"

In order to exploit the vulnerability described above, the worm attempts to connect to the Administrator account on the remote machine. It searches the network for an appropriate machine and gets a list of users. It then attempts to brute force each user account using the passwords shown below:z



In order to gain administrator access, the worm copies itself to the following shared folders:


The worm can then be launched remotely or scheduled for remote launch using the following commands:

rundll32.exe ,

Spreading via removable storage media

The worm copies its executable file to all removable media under the following name:

%d%>-%d%>\.vmx, rnd is a string of random lower case letters; d is a random number; X
is the disk

In addition to its executable file, the worm also places the file shown below in the root of every disk:


This file will launch the worm's executable file each time Explorer is used to open the infected disk.


When launching, the worm injects its code into the address space of one of the “svchost.exe” system processes. (The worm may also write its code to the “explorer.exe” and “services.exe” processes.) This code delivers the worm's main malicious payload and:

  1. disables the following services:
    Windows Automatic Update Service (wuauserv)
    Background Intelligent Transfer Service (BITS)
    Windows Security Center Service (wscsvc)
    Windows Defender Service (WinDefend, WinDefender)
    Windows Error Reporting Service (ERSvc)
    Windows Error Reporting Service (WerSvc)
  2. blocks access to addresses which contain any of the strings listed below:

In Windows Vista, the worm will disable autoconfiguration of the TCP/IP stack in order to speed up propagation via network channels by using a fixed window size for TCP packets:

netsh interface tcp set global autotuning=disabled

The worm also hooks the following API calls (dnsrslvr.dll) in order to block access to the list of user domains:


The worm may also download files from links of the type shown below:


rnd2 is a random number; URL is a link generated by a special algorithm which uses the current date. The worm gets the current date from one of the sites shown below:


Downloaded files are saved to the Windows system directory under their original names.

Removal instructions

If your computer does not have an up-to-date antivirus solution, or does not have an antivirus solution at all, you can either use a special removal tool (which can be found here or follow the instructions below:

More details about the vulnerability can be found here:

Or follow the instructions below:

  1. Delete the following system registrykey:
  2. Delete “%System%\.dll” from the system registry key value shown below:
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
  3. Revert the following registry key values:
    [HKCR\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "Hidden" = "dword: 0x00000002"
    "SuperHidden" = "dword: 0x00000000"


    [HKCR\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "Hidden" = "dword: 0x00000001"
    "SuperHidden" = "dword: 0x00000001"
    "CheckedValue" = "dword: 0x00000000"


    "CheckedValue" = "dword: 0x00000001"
  4. Reboot the computer.
  5. Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).
  6. Delete copies of the worm:
    %Program Files%\Internet Explorer\.dll
    %All Users Application Data%\.dll
    is a random string of symbols.
  7. Delete the files shown below from all removable storage media:
  8. Download and install updates for the operating system:
  9. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
  10. Or download f-secure here:


Detection added: 01-06-2009
Update released: Jan 06 2009 22:05 GMT
Description Added:
Jan 21 2009

Source: http://www.viruslist.com