That’s why they call it windows.

We took the car to the auto electrician today, and low and behold, the parts recycler gave us the wrong dang size electric window mechanism.

So, tomorrow is going to be spent tracking down the right part, and then seeing if they can supply, if not, venturing a little further south to find one!

The auto electrician backed up my thinking that $75 was a bit rich to pay for it, but, they were cheaper then the other mob, who were both deceitful and rude.

Hopefully, they’ll be able to exchange it, if not, then, they can probably go find us rear spoiler LED brake lights.. I think that’d be pretty cool to get working again.

Anyway, more time and money spent fixing a window that should really have been tested before they passed the pink slip when it was sold. Bugger.

The other issue, was the speakers in the back need connecting properly, I’m able to do that, we just thought of a better way. Tape the new wires to the old, pull the old through, and remove the old, leaving the new one in the right place! Fantastic idea, hopefully it works in practice (so as long as the wires aren’t anchored anywhere).

In other news (sorry Sydney, not going to do the FTTH vs FTTN scenario tonight), I was fixing a laptop today, and discovered it had a rootkit on it.

You won’t generally know a laptop has a rootkit when you see it first off, mainly because it looks, acts and feels like normal most of the time, that is, until the ISP disconnects the dial up connection obviously due to SMTP activity (great idea this, if a customer is sending out spam – easily tracked, then chop the connection, repeat until they leave or its fixed).

The rootkit was a difficult issue to find and solve, mainly because it really didn’t seem to have many problems in testing, and all did look good, but I did indeed check for viruses, and PC-Cillin missed it entirely!

So, I had a poke at netstat -bno (this lists the binary that started it, numerical IPs to save on dns resolution, and the other option shows process ID as well).

Anyway, after looking at that, it was very clear the system itself was trying to spawn SMTP connections, and this was all from services.exe, so not something you can just “End Task” on.

The local computer shop wanted to charge the young girl $300 to fix the issue. Well, local computer shop, you better employ better technicians, because that issue cost no where near $300 to fix.

It was complex, it was a little out of the ordinary, but by no means did, well, we call technician time at .. $33 an hour for instore? So, 10 hours of work. No where near that. I had it for perhaps 2 hours or so, and it runs fine. No strange connections, no more foreign process running, all looks good.

The intention behind the rootkit was to find and collect mail servers, and package these and send to the admin of the IRC based bot net, so that they could use the network to spam.

The idea further was to go in undetected, so that they could escape detection (and it pretty much did escape every regular test I’d have done to find it, except netstat, which showed SMTP connections, and trend bitching about scanning outbound mail).

Trend failed to detect it as well, which is strange, the activity seemed pretty regular for an SMTP virus. Generally opens multiple connections to different servers in a short timeframe.

A regular PC user generally only opens one or two SMTP connections to one or two servers.

The fact this was trying to talk to 10 or so (I have a router I can block access to, and did so), mail servers alone was a big hint to perhaps it being virus activity.

Anyway, that’s why they call it windows. The both versions of windows can be annoying, and a little difficult to fix.


This entry was posted in Programming, Random. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *