October 26, 2012 at 10:31 am
We're all DBAs. Aren't we supposed to love Full Text Search?
@=)
October 26, 2012 at 10:36 am
Brandie Tarvin (10/26/2012)
We're all DBAs. Aren't we supposed to love Full Text Search?@=)
um sure
it's a love/hate relationship right?
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
October 26, 2012 at 10:38 am
SQLRNNR (10/26/2012)
Brandie Tarvin (10/26/2012)
We're all DBAs. Aren't we supposed to love Full Text Search?@=)
um sure
it's a love/hate relationship right?
Mine bakes me brownies. Why would I hate it?
October 26, 2012 at 10:49 am
Brandie Tarvin (10/26/2012)
SQLRNNR (10/26/2012)
Brandie Tarvin (10/26/2012)
We're all DBAs. Aren't we supposed to love Full Text Search?@=)
um sure
it's a love/hate relationship right?
Mine bakes me brownies. Why would I hate it?
it wouldn't be brownies like this would it 😉
http://valetudocafe.files.wordpress.com/2011/04/pic_12822608807854.jpg?w=570
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
October 26, 2012 at 10:52 am
SQLRNNR (10/26/2012)
Brandie Tarvin (10/26/2012)
SQLRNNR (10/26/2012)
Brandie Tarvin (10/26/2012)
We're all DBAs. Aren't we supposed to love Full Text Search?@=)
um sure
it's a love/hate relationship right?
Mine bakes me brownies. Why would I hate it?
it wouldn't be brownies like this would it 😉
http://valetudocafe.files.wordpress.com/2011/04/pic_12822608807854.jpg?w=570
Drooooooooooooooooooooooooooooool.
October 26, 2012 at 10:57 am
Brandie Tarvin (10/26/2012)
SQLRNNR (10/26/2012)
Brandie Tarvin (10/26/2012)
SQLRNNR (10/26/2012)
Brandie Tarvin (10/26/2012)
We're all DBAs. Aren't we supposed to love Full Text Search?@=)
um sure
it's a love/hate relationship right?
Mine bakes me brownies. Why would I hate it?
it wouldn't be brownies like this would it 😉
http://valetudocafe.files.wordpress.com/2011/04/pic_12822608807854.jpg?w=570
Drooooooooooooooooooooooooooooool.
Careful, I hear they make you crave more.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
October 26, 2012 at 12:23 pm
WayneS (10/25/2012)
Anyone still alive out here? 3 days with no comments... that has to be a record for The Thread.
Crushed between workload, personal life, and illness. Haven't had much time to just goof around on here, but I'm breathin'.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
October 26, 2012 at 1:35 pm
WayneS (10/25/2012)
Anyone still alive out here? 3 days with no comments... that has to be a record for The Thread.
Some malware has reduced my time for looking at the thread rather a lot, so I didn't notice the long gap; when I have time I'll post that story. I'm still dubious as to cleanness of my laptop, so still throwing tests and scans at it.
Tom
October 26, 2012 at 1:38 pm
SQLRNNR (10/26/2012)
Brandie Tarvin (10/26/2012)
We're all DBAs. Aren't we supposed to love Full Text Search?@=)
um sure
it's a love/hate relationship right?
maybe more of a hate/abhorrence relationship, perhaps?
Tom
October 27, 2012 at 8:41 pm
L' Eomot Inversé (10/26/2012)
WayneS (10/25/2012)
Anyone still alive out here? 3 days with no comments... that has to be a record for The Thread.Some malware has reduced my time for looking at the thread rather a lot, so I didn't notice the long gap; when I have time I'll post that story. I'm still dubious as to cleanness of my laptop, so still throwing tests and scans at it.
And now we have another long (about 30 hours) gap with no posts in the thread. What has happened? Is it a holiday in the USA? Or something worth watching on TV in the USA (I'd find that one hard to believe, but I guess it could happen).
Anyway, now I have solme time, so here's my somewhat bizarre horror story.
A few days ago, I started getting a funny effect with goodle search - click on a result, and it redirected to a google search screen with empty search box and no results, instead of to the page google had found. Some sort of broken link redirection malware, perhaps? If it was, MSE realtime protection hadn't stopped it.
So I loaded Trend Housecall and ran a full scan, but it found nothing. I ran an MSE full scan as well, just in case it could detect something that the MSE real-time didn't, but that too (as expected) found nothing. So I tried to see if it happened in IE as well as in Firefox, and it didn't. Obvious guess: corrupt firefox (with something that neither MSE nor Housecall would detect), so uninstall FF (that would inevitably have some consequential pain, I would have to retype all my usernames and passwords, but with PasswordSafe it wouldn't be too much pain) and reinstall clean.
Whoops: wrong guess! It was now happening in both FF and IE. Well, maybe a rogue BHO? So, run a full scan of Spybot S&D (again, the real-time protectin ought to have caught something) and this time, as result: Spybot told me that the MS antimalware service was disabled. So: try enabling the service, and starting it: looks OK. Try to run MSE - no luck, MS Antimalware service is stopped and disabled as soon as I try to run MSE. Check that this happens consistently. So maybe some MSE component is corrupt - uninstall it, reinstall it, has no useful effect (and since I can't run MSE to update antimalware code or data, I'm even worse off).
Play with the browsers some more, since redirection to google seelms harmless (alright, I know that's stupid, as the code that does the redirection could be doing all sorts of other damage; but maybe not so stupid, as if so it's already done it): now the redirections are no longer to google, but to all sorts of other pages (well, not all sorts: not to pages any sane person would wwant to go to); what fun, it's got worse! Quick check try the link which google displays on the second line of the result - and there's no redirection: so, it's not a DNS hijack.
So what next? Well, most redirection malware uses a root-kit, rather than simple browser or dns-client infection, but some of those root-kits don't work in safe mode: so reboot into safe mode - and MS Antimalware Service can be enabled, so I can load latest updates and I can do a full scan (but of course MSE does no real-time protection in safe mode, and neither does Spybot S&D): maybe the first MSE scan was perverted by the malware? Well, this full scan returns the same result - no problem found. Run Trend Housecall again (in safe mode this time, full scan again of course - you can see where all my time went, each full scan takes a few hours). Whatever the malware is, it's pretty good at hiding!
Then remember that two or three years back there was a problem with MS antivirus and Spybot S&D - has this some back? So back to normal mode, disable Spybot S&D resident, and see what happens: no change, so that's not it (it shouldn't be, the problem was fixed - by MS - at least two years ago).
So now try killing off most auto-start entries (all the ones that don't work in safe-mode, except the ones that are indespensible in normal mode) and switching services from auto to manual, and reboot to see if I can get MSE to work in normal mode by recucing the difference from safe mode: doesn't achieve anything.
At this point I am beginning to contemplate extreme measures: so push up to date copies of personal stuff (password safe, outlook app data, bookmark files from 3 browsers, and so on - but absolutely no code) onto an external disc in case I'm going to reformat the laptops HDD.
Now start doing things I wouldn't normally do: download most recent version of rkill and run it: it reports that the Toshiba hard disc protection service is malware - so I check the code, which is identical to the code on my recovery disc, so rkill is getting false positives again. Fortunately rkill only kills processes (processes which it thinks are blocking anti-malware software) so a reboot fixes whatever damage rkill may have done).
Now I have to wonder what to try next: assuming that I'm suffering one of the nastier redirection malwares (the nastier ones are the ones that disable or pervert any AV or ASW software on the machine) I ought to be trying a serious root kit detector or a serious hijack detector. Hijackthis is far too much pain to use unless even more desparate than I am at this point, so I see it as a choice between Microsoft's msert, Trend's Rubotted, Trend's RootKitBuster, and Malwarebyte's MBam; of those four, a full scan with msert takes a silly amount of time, two of the other three require setup and the remaining one - RootKitBuster - runs as downloaded with no setupor installation. I'm lazy, so guess which one I tried first.
RootKitBuster deteced that the registry key for Microsoft AntiMalware Service had incorrect data in one of its subkeys, and had permissions ncorrectly set; and fixed it when told to. So now I could get the antimalware servce running and run MSE; but it didn't detect any malware. At this point I (naturally) ran MSE full scan, Housecall full scan, and Spyboy S&D full scan again. Neither MSE nor Housecall detected anything, but Housecall now detected that the Windows Security Centre registry data was screwed; that was easily fixed by running (the latest version of) wscsvcfix.exe (but of course Spybot then complained that I hadn't told it to fix it, which is one of its irritating habits - there have been, over the years, several things that it's better to fix otherwise than letting Spybot S&D do it, and I suspected that this would be another one).
At this point, nothing all of Housecall, MSE, Spybot S&D semmed to be working fine, and dectecting no problems; but no malware had been detected, just screwed up registry entries specific to the AV software on the laptop (the sort of screwup deliberately done by malware to prevent the AV software from detecting it) and the AV software was still detecting no malware. BUt I tried Firefox, and tried IE, and all the foul redirections had gone away. So maybe the machine is now clean.
But as no malware has been deleted, I don't trust it. I ran RootKitBuster again, and this time it came up wqith 1300 false positives (as it is wont to do if you make the mistake of ticking the filestream checkbox), so I ran it again with the checkbox that should never be ticked unticked (must have been finger trouble on the first run) and nothing was detected.
So now I ran Microsoft's msert, just a quick scan, and it too found nothing - I will run a full scan when I don't want to use the laptop for a few hours. I also want to run mbam (which will take ages, like all the others) and Trend's BrowserGuard (I've never run that before, so I don't know how long it will take) and SUPERAntiSpyware (if I can find someone who will give it a clean bill of health - the name makes me a bit cautious) and maybe something from DoctorWeb (some Russian software is really good). Although my laptop now is showing no symptoms, no malware has actually been removed by anything I've run up to now; of course it's possible that msMPEng removed after it changed the registry but before the registry changes prevented MSMPEng from running, but I have no reaon to be optimistic so I shall do everything possible to detect anything that may be there.
Anyway, whatever it was that hit me, I hope it doesn't hit any of you.
Tom
October 28, 2012 at 5:58 am
L' Eomot Inversé (10/27/2012)
L' Eomot Inversé (10/26/2012)
WayneS (10/25/2012)
Anyone still alive out here? 3 days with no comments... that has to be a record for The Thread.Some malware has reduced my time for looking at the thread rather a lot, so I didn't notice the long gap; when I have time I'll post that story. I'm still dubious as to cleanness of my laptop, so still throwing tests and scans at it.
And now we have another long (about 30 hours) gap with no posts in the thread. What has happened? Is it a holiday in the USA? Or something worth watching on TV in the USA (I'd find that one hard to believe, but I guess it could happen).
Anyway, now I have solme time, so here's my somewhat bizarre horror story.
<<snip>>
Anyway, whatever it was that hit me, I hope it doesn't hit any of you.
Thanks for sharing, Tom. What a nightmare. I had something vaguely similar on this lappy - problems with web pages and occasional admail popping up. Norton 360 didn't show up anything, neither did MS malware check. It went from irritating to almost impossible to work on webpages within a day, around the 16th. I ran disk check - about 6hrs, found nothing, and memory check - about 3 hours, which powered the lappy down halfway through part 2. New memory arrived the next morning, 8gb to replace the 4gb installed. Problems were reduced but still there. By the end of that day however, any web access caused the lappy to hang. By next morning, rebooting raised a menu with two options - start windows normally, or check disk. Starting windows normally raised the same menu. I have backups of all important docs but nothing software or system related, so I raised the low-level diagnostic menu (F11 during boot), ran a full backup onto a new lappy drive in a tin, and then chose the option for factory installation. After this had completed, I restored from the full backup - but of course, it only restores to the users you've got, and only restores data. Reinstalling software and then putting data back where it should be brought the total time to recover up to well over 30 hours.
The lappy is now fine. As I support a website and moderate a forum, I bought a desktop which I'll run in parallel with the lappy to eliminate downtime in future.
Three days absence from homework (including ssc) and a total cost of about £600.
For better assistance in answering your questions, please read this[/url].
Hidden RBAR: Triangular Joins[/url] / The "Numbers" or "Tally" Table: What it is and how it replaces a loop[/url] Jeff Moden[/url]
October 29, 2012 at 4:25 am
Hey, all. Those of you on the East Coast, please be safe. Frankenstorm is coming and I hope you have enough hot cocoa and fireplace wood to get through the storm.
October 29, 2012 at 4:33 am
ChrisM@home (10/28/2012)
L' Eomot Inversé (10/27/2012)
L' Eomot Inversé (10/26/2012)
WayneS (10/25/2012)
Anyone still alive out here? 3 days with no comments... that has to be a record for The Thread.Some malware has reduced my time for looking at the thread rather a lot, so I didn't notice the long gap; when I have time I'll post that story. I'm still dubious as to cleanness of my laptop, so still throwing tests and scans at it.
And now we have another long (about 30 hours) gap with no posts in the thread. What has happened? Is it a holiday in the USA? Or something worth watching on TV in the USA (I'd find that one hard to believe, but I guess it could happen).
Anyway, now I have solme time, so here's my somewhat bizarre horror story.
<<snip>>
Anyway, whatever it was that hit me, I hope it doesn't hit any of you.
Thanks for sharing, Tom. What a nightmare. <snip snip>
Three days absence from homework (including ssc) and a total cost of about £600.
I had some issues with malware as well in the last couple of weeks. In my case it was more obvious: twice I had ransomware which demanded me to pay up if I wanted my computer back. Luckily the malware wasn't smart enough to prevent me switching to another user and attacking it from there. I had found a pretty good anti-malware tool: combofix[/url]. It's a pretty straightforward tool. Just launch it and it will shut down your internet connection and it will remove every malware it can find. It got rid of my two infections pretty easily.
What's worrying is that both infections occured when visiting legitimate sites. Probably sites with minimal security which were hacked and malware placed upon.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
October 29, 2012 at 4:43 am
This is the first I've heard of ransomware. Thanks for the heads up on it.
October 29, 2012 at 4:49 am
Brandie Tarvin (10/29/2012)
This is the first I've heard of ransomware. Thanks for the heads up on it.
They can be pretty nasty.
Most of them disable the task manager, regedit and your desktop.
Some of them also disable keyboard and/or mouse.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
Viewing 15 posts - 38,191 through 38,205 (of 66,712 total)
You must be logged in to reply to this topic. Login to reply