Archive for the ‘Off-topic’ Category:
Viral NetScheduleJobAdd
Something unrecognized started showing Internet Explorer based popups… Obviously it is of a viral source, there is an executable with arbitrary eight character name created in %WINDIR%\system32 which also uses NetScheduleJobAdd to add a number of delayed start job to launch Internet Explorer and navigate to free lotto, diversity visa and other advertised websites. Google search on NetScheduleJobAdd, however, did not give any matching description for a known virus, trojan or malware. Fresh AdAware is also not yet aware…
Update 1: Similar symptoms described here in German.
Update 2: I started Process Monitor to record creation of a new file in %WINDIR%\system32 to find out where it comes from on next re-spawning of the popup. It took some time to wait and here it goes. There was again an IE popup and new AT/Scheduled Task entries. A new process %WINDIR%\dnQS28v6.exe was started. The image was created by another process gC5AHp1a.exe from user’s Temp which was already terminated and the file was deleted to the moment. Still logs are here.
The process gC5AHp1a.exe was created by… Mozilla Firefox 3! None of the DLLs loaded into Firefox process look suspicious.
Update 3: Firefox 3.0.1 available, fixed security issues.
Freakonomics
Freakonomics: A Rogue Economist Explores the Hidden Side of Everything - the book was advertised a number of times by blog buddies, so I wanted to take a look. Torrents offered a scanned 26 megabyte heavy PDF, which is available, but of rather poor quality (low JPEG compression levels used).
A quick search using Google on “staring into a funhouse mirror” brought an OCR’ed copy to the top.
The book looks nice (from the start, I am not even close to the half), maybe just a bit like soap opera.
- The Book
- The Blog
- Freakonomics on Wikipedia
- Amazon Link
- Special Thanks to Skilluminati Research
Google search specifics
I am curious if Google has a bias against Microsoft websites in search results. It was rather unexpected to see this site first in search for _CONVERSION_DONT_USE_THREAD_LOCALE with following results from connect.microsoft.com and blogs.msdn.com (at least as relevant as I think).

Collection Bureau
Someone, maybe Julia Cow (or Crow? whatever), provided my voice mail number as her own and I started receiving messages from so called First National Collection Bureau. It would be quite amusing unless they keep throwing messages on a daily basis, including 5 second calls with a sexy breath on the other side of the phone line. I am reluctant to give them a long distance call just to try to prove I am not Julia and why would they believe? A quick googling did not show a method to leave them a message via network, so let’s get ready for more pressing attempts to collect debt.
Update (oh they ARE annoying!):
- How do you block calls from collection agency, meant for someone else? // Yahoo Answers
- How can I stop getting harassing phone calls from a collection agency looking for someone I don’t know? // Yahoo Answers
- US National Do Not Call Registry
- US National and State Do Not Call Lists
The good news they provide Caller-ID: 775-322-0444 so it is just easy to trash their calls.

Subscribe to the comments for this post

