Categories

• Fon
• Food review
• Jay
• Lily
• Mac
• Music
• Photography
• Templates
• Ubuntu
• Web design
• Windows

Archives

• August 2010
• June 2010
• May 2010
• April 2010
• March 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006

Links

• deviantART
• YouTube
• Yahoo! Answers
• Twitter
• Facebook

Meta

• Log in

PolarClock

Here’s something cool. PolarClock is a cool screensaver for Windows and Mac. There is also a version for the iPhone and dashboard widget.

Multiple IE

Multiple IE is a program for Windows XP that allows you to install Internet Explorer 3, 4.01, 5, 5.5 and 6 concurrently.

This is extremely useful for web designers who has a strong sense of browser/backward compatibility.

Pidgin: Stop SPAM

Some of the information below are taken from here.

For those who don’t know, I use Pidgin (formerly Gaim) for instant messenging on both Windows XP and Ubuntu Linux. It supports MSN, Yahoo, Google Talk, ICQ and various other protocols. Recently I’ve been receiving a lot of SPAM through the Yahoo Messenger network. So I found a plugin called Bot Sentry which prevents contacts who are not on your contact list to message you. And you have the option to challenge unknown contacts by throwing them a question. If they answer the question correctly, then they are allowed to message you. Installation of the plugin for Windows is fairly straight-forward. Below are instructions for Ubuntu users.

Ubuntu users

1. Make sure you have the following packages:

sudo aptitude install build-essential pidgin-dev checkinstall

2. Download and extract the file “bot-sentry-1.1.0.tar.bz2″ from the link above and run the following code inside the directory:

./configure
make
sudo checkinstall

3. For some users, you need to copy the plugin over in order for it to work:

sudo cp /usr/local/lib/bot-sentry.* /usr/lib/purple-2/.

4. Restart Pidgin and go to Tools>Plugins, you should now see Bot Sentry listed.

Kill Hupigon

As for the last couple of weeks all of my computers are infected with a trojan called Hupigon. Spybot picked it up a few times after running scans and that’s when I noticed something was wrong. I did my research and found that Hupigon is not so new but lethal. It appears that the trojan is originated from China. It contains Chinese characters and is discussed widely amongst Chinese forums. You can read an article about it. The trojan is capable of keylogging, remote control of infected machines, and disables cmd.exe, msconfig.exe, regedit.exe and various other programs. It also appears that my credit card details were stolen recently and used elsewhere online so I guess this has something to do with Hupigon.

First I will discuss a little about the trojan and the background, how I discovered it, what it did to my computers, and how I deleted it. A few months ago I got a Toshiba 4GB USB flash drive from Harvey Norman. The USB drive came with a built-in software called U3, which is pretty nifty except that I don’t use it. I travel between work and home, which I own all the computers so I don’t need to run portable software. Other than that, my university does not allow software to run from any external drive, rendering my USB drive useless. So I decided to remove the U3 utility. I went to u3.com and downloaded a removal utility. Later on, I was at uni and I plugged in the USB drive to one of the machines. McAfee immediately notified a trojan called Hupigon (X:\runauto..\autorun.pif). So I selected to remove the file via McAfee which didn’t complain. A while later, I did the same thing and McAfee again notified the trojan. This time I went to see the technical support guy at uni. He copied the files on my USB drive across to a temporary location, then did a quick format of the USB drive and we thought the trojan was gone for good. The tech guy said that it could be a dodgy auturun file for the U3 utility. The autorun.pif file is sitting inside an invisible folder called runauto.. (with the double fullstops). I called Toshiba technical support in Australia and they are not sure whether the hidden folder and file are associated with their product and even if they were, Toshiba insisted that it is not malicious.

A few days/weeks later…

I was sitting at my desk at home and thought, “Oh, I will just open up msconfig.exe”. When I open the run dialog and type in msconfig (or msconfig.exe) and press enter, it displays the following error message:

Windows cannot find 'msconfig'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Annoyed by this, I did complete system scans with AVG Anti-virus, Spybot – Search & Destroy, and Lavasoft Ad-Aware. Both AVG and Ad-Aware did not pick up anything suspicious however, Spybot picked up something called “Hupigon13″. So I clicked on the fix button to fix Hupigon13. The interesting thing is that when I rebooted, the trojan comes right back, still unable to open msconfig. The next thing I did, I went to another computer and tried to run msconfig from the run dialog. It threw the same error message at me. At this point, I realised all of the machines were infected.

I have two seperate networks: one at home, another at the office. The networks are not linked in anyway but I do copy some files across the two networks from time to time. I guess that’s how one network got infected by the other. I should mention here that I suspected the trojan is capable of replicating itself and propagate through the network and jump onto different machines. I found out this later on down the track because I was fixing my laptop which removed the trojan, then when I turned on my external hard drive, the laptop was infected again. As soon as the power was turned on with the USB cable plugged in, AVG Anti-spyware notified that Hupigon is detected and is trying to create some files (specifically C:\Windows\dllhost.exe). It is probably apparent that the trojan is targeting Microsoft Windows machines.

During the next couple of days, I became highly cautious. I stopped paying bills online and transferring money over the Internet. Fearing the trojan will do further damage. I looked high and low for possible fixes to get rid of the trojan but didn’t find any solution. I visited a site called pchelpforum.com and posted a help request. One of the support guys on the forum recommended me to do a “prework” which is a set of standard procedures to install and run their recommended malicious software removal utilities. So I did this, installed AVG Anti-spyware, SuperAntiSpyware, and CCleaner. After rebooting to safe mode AVG Anti-spyware picked up 13 instances of Hupigon (possibly variants). After completing the prework, I rebooted to normal mode and the trojan infection got worse. I was unable to open msconfig.exe, regedit.exe, and cmd.exe. I have used the Malicious Software Removal Tool provided by Microsoft without any luck (article). The tool claims to remove all variants of Hupigon, apparently not the one that I was infected with.

I performed the same procedures on other machines and got the same result. Again, burned by frustration, I decided to get rid of Windows altogether and install Ubuntu instead, which I did on two machines. One morning, just before going to work, I decided to do a little more research into Hupigon and came across a Chinese forum which listed a fix for Hupigon. It’s a simple Windows scripting code which removes the files that Hupigon creates on the infected machines, bypassing all the Hupigon protection of course (Hupigon makes itself invisible and attaches itself to various Windows processes). After running this code and rebooted, the Hupigon trojan was gone for good.

Apparently, the Hupigon source code was released to public and there are many variants out there. I will post the Windows script (.bat) below so that if anyone is infected with this hard-to-remove trojan, I hope it will make it a little easy for you.

hupigon.7z

Instructions:

Do the prework first.

1. Download the file (hupigon.7z) above. You need 7zip to unzip it to somewhere (eg. desktop). Why do I use 7zip? Because it is an open format.

2. Find cmd.exe by going to the Start Menu and Search. Usually, cmd.exe is located in C:\Windows\System32\.

3. Once you find cmd.exe, create a copy of it on the desktop.

4. Rename the copy you have created to anything you like (eg. helloworld.exe).

5. Double click on the copy of cmd.exe you have created and drag the .bat file into the command prompt, then hit Enter.

6. Follow the prompt. You will be asked to press Enter to continue and select the drive letters which you want to clean. For example, if you have C, D, and G drive, you have to enter: c,d,g and press Enter.

7. Reboot once the script completes.

Now try to run msconfig.exe, regedit.exe, and cmd.exe. If you have followed the prework and instructions above, you should no longer have Hupigon infection. Otherwise, redo the prework (make sure you run those software under safe mode) and run the script again. Be sure to clean all of your drives. That means including USB flash drives and external hard drives. You can have those devices plugged in and turned on when you run the script. You MUST do this otherwise if one of your drives is still infected, it will re-infect everything again.

Note: The alternative to all of the steps above is to install Ubuntu and live in a free world. Yes, I’m being sarcastic.

Save web page as image

For Internet Explorer: IE7Pro

For Mozilla Firefox (plugin): Abduction!

GnuCash

GnuCash is personal and small-business financial-accounting software, freely licensed under the GNU GPL and available for GNU/Linux, BSD, Solaris, Mac OS X and Microsoft Windows.

Designed to be easy to use, yet powerful and flexible, GnuCash allows you to track bank accounts, stocks, income and expenses. As quick and intuitive to use as a checkbook register, it is based on professional accounting principles to ensure balanced books and accurate reports.

Scribus: open source DTP

Check out Scribus, an open source desktop publishing application.

Scribus is an open-source program that brings award-winning professional page layout to Linux/Unix, MacOS X, OS/2 and Windows desktops with a combination of “press-ready” output and new approaches to page layout.

Underneath the modern and user friendly interface, Scribus supports professional publishing features, such as CMYK color, separations, ICC color management and versatile PDF creation.

ArgoUML: open source CASE tool

ArgoUML is the leading open source UML modeling tool and includes support for all standard UML 1.4 diagrams. It runs on any Java platform and is available in ten languages.

Calgoo

Software of interest

I was looking for a cool calendar application similar to iCal and I found this one called Calgoo. It is actually quite a good idea since it directly synchronises with Google Calendar. The only reason I uninstalled it is because it took over almost 100MB of my RAM. Not a very useful feature just for a calendaring program. I’m now using Mozilla Thunderbird/Lightning again.

Blender

Software of interest

Blender – an open source 3D rendering software.