Thursday, December 24, 2009

Merry Christmas

To those of you who celebrate Christmas: Merry Christmas!

Our office will be close on Dec 25, 2009. Any orders placed online will be processed on Saturday, Dec 26.

NetScanTools LE Status

Well it won't be out before Christmas. Much as I wanted to get it done, it's not quite done. The post-purchase registration system is just about done and is being tested today. The next step is finalizing the fileset and building the installer. Then release. Watch this space for news.

NetScanTools LE is the "Law Enforcement" version: see

NetScanTools Pro Maintenance Plan Renewal Sale

Did you forget to renew your NetScanTools Pro v10 Maintenance Plan? -maybe by a lot? -maybe even by a year or more?

Here is your chance to be back on the plan and get the Windows 7 friendly 10.94 version! Special price reduction on the "Over 180 days Late" v10 Maintenance Plan renewal - instead of $150, the renewal price is $135 through December 31, 2009. Call us (360) 683-9888 or go to the maintenance plan page below for a link to order online:

Tuesday, December 15, 2009

Boeing 787 Dreamliner' First Flight over Sequim WA

I took this video about 10 minutes after the 787 first took off. It was headed out the Strait of Juan de Fuca towards the relatively unpopulated areas of the Washington coast--like Forks. Sorry about the quality, it was high up and there were clouds which made it tough for the camera to focus. You can see the 787 and the chase plane. There were two chase planes when it took off, but only one stayed with it. Notice how quiet it is. You can see the landing gear still out if you look carefully.

Kirk Thomas

Friday, December 11, 2009

Weekend Sale Dec 11-14

The Managed Switch Port Mapping Tool is 35% off this weekend - Black Friday continues! See this page:

Monday, December 7, 2009

Windows Trojan removal using Knoppix

My brother called me to say his Windows XP laptop had trojan problems. He said it all started after he applied for a game testing job over the internet where the company had him download an executable application to use as part of the process (not a good idea).

The first thing I did was tell him to download MalwareBytes antiMalware and HiJack This. I had him run HiJack This and send me the scan dump text. Some malware won't even let you download or run those, so he was lucky. I spent a bit of time going through the list, but right off I saw a few obvious pieces of malware in the startup and a bunch of junk like old printer driver accessories that needed to go.

The obvious malware looked like this under the categories AppInit_DLLs, SSODL, and SharedTaskScheduler:

wehazibi.dll, gaganoza.dll, mudabihu.dll, wukoraga.dll, jujutoji.dll, jaduzumi.dll, bezijigi.dll, wegagolu.dll

And this entry
MySQL c:\Program.exe (file missing)

Another interesting file was c:\windows\system32\GameMon.des.exe (file missing). Various sources say this is not good to have, so I put it on the list.

The problem was that HiJack This couldn't remove all the things I listed, nor could Malware Bytes because the malware was not letting him boot into Safe Mode. But that was OK because I told him to use Knoppix. He had never heard of it, but eventually he understood that Knoppix is a CD based Linux that can access your hard drive if you want it to. And the best part is that it's another OS, so it's completely unaffected by the viruses or trojans on your Windows hard drive.

I had him set the laptop to boot from the CD drive and had him burn a CD of the Adriane version of Knoppix 6.2.0. He chose to use the command line interface from the Knoppix menu instead of the X-Windows interface, but that's OK if you know how to use 'cd' to change directories and 'rm' to remove files. I prefer the X-windows interface because it has a full file manager. But sometimes Knoppix has trouble with the mouse especially if it's a laser mouse (hopefully this gets improved), so he probably made a good choice - I don't know how it works with a touch pad on a laptop either.

Anyway, after booting to Knoppix he was able to cd to those file locations and delete them off the C drive. Then he rebooted and was able to use HiJack This to remove the startup entries, then he ran Malware Bytes anti-malware to clean up 'droppings'. Plus I had him update Java and other things like Adobe Acrobat.

People don't realize that Knoppix can be used to view hard drives without actually booting Windows, you simply put in the Knoppix CD, reboot and go from there. I learned about this technique from a Law Enforcement customer - they use it to view files on bad guy computers without booting Windows. But you can also use it to remove malware files if you know where they are already.

NetScanTools Pro at Laura Chappell's Summit 09

Laura Chappell is holding her 3 day Summit 09 "Hands-On Tools, Troubleshooting and Security" conference right now Dec 7-9. NetScanTools Pro will be used on Wednesday for demonstrations and hands on experience in traceback and reconnaissance.