“Hi, I think my computer has a virus.”
“Yeah, Windows doesn’t load properly, I get my wallpaper, but there’s no icons and no taskbar, and I get an error message saying-”
“Userinit.exe failed to initialize, 0xc0000005?”
“Yep. Seen it a lot lately. Bring it in.”
It’s a new strain of the Virtumonde or Vundo virus, or whatever it’s calling itself these days. We’ve seen about nine machines come into the shop with it in the last 3 days or so, and it’s recent enough that none of the usual tools are seeing it. Not even the venerable NOD32 (Australian site) seems to know about it yet.
I fought it to a standstill by scanning with everything – and then there was one last little file that none of them could see that caused the above situation. It was c:\windows\__c00f220b.dat and to get rid of it without using a DOS or Live boot disc I needed killbox.
Update: 16th August
Here’s a screenshot of c:\windows\system32 in explorer, with all the files you should delete selected:
Things to note:
Update: 22nd July
I’ve seen Combofix take care of this virus all by itself, in one shot. From the walkthrough on that page it looks like there’s a few more steps than what I’ve written out below, but doesn’t make it as easy to screw up and delete the wrong files as with my method.
Update: 23rd June 2008
Some facts we’ve gathered:
You can still log into your machine and keep using it by doing the following:
The following seems to be a pretty foolproof way to kill the virus. You’ll need Spybot Search & Destroy (remember www.safer-networking.org is the genuine address if you have to google it later) and Killbox.
I’ve seen this a lot at work lately: You run automatic updates, but there’s a pile of them for Office 2003 applications that just fail every time.
Microsoft describe the problem in KB827467, and the fix is short and sweet:
That’s it. Cancel out of the installer at the first opportunity, and it’ll reset whatever’s broken so the updates can install.
(Thanks to dannyman, whose post I somehow found before the KB article.)
ASRock aren’t the best known company in the world, but their products are common enough. They’re basically the budget arm of ASUS, who make great boards. Wikipedia would like to point out they put expensive features like WiFi and long-life caps on pretty cheap boards.
I like them for a different reason entirely: they make some of the coolest shit I’ve ever seen. Read the rest of this entry »
See those metal fins? That’s where the sweet, cooling air used to go.
This video card hit 98 degrees celcius before we cleaned it. Now it peaks at 68 working as hard as it can.
More dust stalagmites, because the light today was perfect and my phone cam rocks:
Here’s why air compressors are cool. Before:
And lastly: Note the blueness, the insides of an expensive laser printer, the insides of a cheap mass-produced cockroach…
The object in the above photo is the I/O backplate from a cheap computer case.
Cheerfully rolled up. By hand.
It’s made of steel, as is the thing on the left, which was an expansion slot cover.
The case itself was of such amazing quality that the hard drive didn’t fit in the proper bay, so I had to bend out the little tabs that would normally hold a drive there while you screwed it in.
Again, by hand.
This is a bit of a problem in the PC sales industry. Things get sold by the numbers with the slimmest possible profit margins, and to hell with the quality, a box is a box. And fair enough, a PC case basically is just a box with funny cutouts and a plastic swooshy curvy front bit.
But the cheap ones are made with the finest, cheapest steel in all of Guangzhou, occasionally don’t line up right (making building a PC in them frustrating), and can be designed so badly they’re quite capable of shorting out random parts of a motherboard (making building a PC in them exciting occasionally smoky a crappy way to end up not saving money overall).
Why should you buy a brandname card reader from a shop for $40 when you can get one on ebay for $4 including delivery? because you get a warranty that doesn’t cost double the item to fulfill, and you get a far better quality item overall anyway. Cheap USB card readers sometimes won’t read cards bigger than 1GB, or they might have a painfully slow transfer speed (and someday that’s going to be the difference between catching or missing a bus). It’s worth it to splash out on the Sandisk reader.
That broadband modem might be $20 cheaper than the one next to it on the shelf, but you’ll pay for that. The software that runs it might be less stable, less well programmed, the hardware itself might be unreliable. It’s still a modem, and it’s still a wireless access point, but the modem might be slow at negotiation so you’ll spend 10x the time waiting for the sodding thing to connect, and the access point might be less reliable, less secure by default, and you might not be able to watch streaming video over it (a nasty surprise – if you can’t watch 720p (about 7 megabits a second) over 54mbps wireless, take it the hell back). After my own experiences, I’m never again buying anything that isn’t from Linksys or Draytek.
You could save $10 by getting the cheaper wireless keyboard and mouse combo, but you shouldn’t. The keyboard will feel a bit less nice, the mouse wheel will wear out and spin freely after 3 months, the buttons will wobble, you’ll get a month of battery life instead of 6 and you might as well have cables for all the wireless range you’ll get.
Logitech wireless gear comes with Duracell batteries; offbrand keyboards come with offbrand cells. The difference there is more than symbolic. (Medion is a grey area.)
And don’t even get me started on Bluetooth. If the biggest word written on it isn’t a brandname, don’t buy it.
Paying a little more for something a whole lot better carries on up to full computers, too. If you’re strapped for cash, a $600 laptop will do; it’ll have an LCD widescreen, a 120GB hard drive, maybe a gig of memory, and these days wireless networking no matter what. It’ll have a Turion or maybe a Celeron, which are perfectly good CPUs if you don’t particularly know what a CPU is. You might even snag it with a two year warranty in a good deal, so the machine itself should be running for a while.
Warranty just isn’t what it used to be, though. It used to mean that the manufacturer warrants it’ll be free of defects for a period of time; nowadays it just means they’re obligated to give you a new or fixed one when it breaks over and over until the 12 months are up.
And there’s no substitute for buying something better in the first place.
Another one or two hundred bucks will ideally net you a Centrino notebook, which means Intel provided the CPU, graphics and main chipset. Generally this means you’ll get a machine that’ll run on batteries for probably 3-5 hours straight, connect to wireless networks with the least amount of pain, won’t melt your testicles off, and won’t be unspeakable agony to find drivers for 4 years down the track when you format it and hand it to your nephew to play with for school.
To be fair, I did buy my Dell Centrino with two batteries, and Intel’s 855 graphics chip was a bit underwhelming. That said, it’s now approaching its third birthday, still runs under its own steam for five or six hours off a full charge, and it’s still utterly silent if I’m not playing Halo on it.
Just try and tell me your 3 year old Acer does that.