October 29, 2012 at 7:33 pm
Stefan Krzywicki (10/29/2012)
SQLRNNR (10/29/2012)
Revenant (10/29/2012)
Koen Verbeeck (10/29/2012)
Brandie Tarvin (10/29/2012)
This is the first I've heard of ransomware. Thanks for the heads up on it.They can be pretty nasty.
Most of them disable the task manager, regedit and your desktop.
Some of them also disable keyboard and/or mouse.
I hope Devil has a special place in Hell for people who write these things.
+100000000000000000000000000000000000000
Great, you just caused a type overflow.
One of the great problems with SQL Server is that it doesn't have a 256 bit integer type which would avoid such overflows. For myself, I would like to be able to add another 35 or so 0s onto the end of that number (assuming it's decimal, that is).
Tom
October 29, 2012 at 7:48 pm
L' Eomot Inversé (10/29/2012)
Stefan Krzywicki (10/29/2012)
SQLRNNR (10/29/2012)
Revenant (10/29/2012)
Koen Verbeeck (10/29/2012)
Brandie Tarvin (10/29/2012)
This is the first I've heard of ransomware. Thanks for the heads up on it.They can be pretty nasty.
Most of them disable the task manager, regedit and your desktop.
Some of them also disable keyboard and/or mouse.
I hope Devil has a special place in Hell for people who write these things.
+100000000000000000000000000000000000000
Great, you just caused a type overflow.
One of the great problems with SQL Server is that it doesn't have a 256 bit integer type which would avoid such overflows. For myself, I would like to be able to add another 35 or so 0s onto the end of that number (assuming it's decimal, that is).
I think that was a VARBINARY(39) data type.
My thought question: Have you ever been told that your query runs too fast?
My advice:
INDEXing a poor-performing query is like putting sugar on cat food. Yeah, it probably tastes better but are you sure you want to eat it?
The path of least resistance can be a slippery slope. Take care that fixing your fixes of fixes doesn't snowball and end up costing you more than fixing the root cause would have in the first place.
Need to UNPIVOT? Why not CROSS APPLY VALUES instead?[/url]
Since random numbers are too important to be left to chance, let's generate some![/url]
Learn to understand recursive CTEs by example.[/url]
[url url=http://www.sqlservercentral.com/articles/St
October 29, 2012 at 8:05 pm
I (installed and) ran SUPERAntiSpyware. It told me "I've found three things infected; I won't tell you what with, and I won't tell you which things. Maybe you can find out later when you look at my log, but no promises on that, and anyway you've got to decide now before you see my log or can know any of that whether to let me delete stuff". I let it delete stuff, on the theory that if it was crazy I wouldn't have people telling me it was reliable. Well, at least it does produce those logs, so not too horrible. So I let it go ahead and delete stuff. But then I looked at its log. Next I restored the stuff it had deleted!
I've deleted SUPERAntiSpyware from the list of stuff I might ever use again.
edit: And now, to top my dislike of that software, I discovered that it had (without asking me) changed my default browser from Firefox to Chrome (a browser which, IMHO, only those who have no concept of privacy could ever use). Not only that, it had destroyed my Firefoxc browser session and replaced it with a Chrome session that covered only some of the tabs - the rest were lost. And to cap it all it had installed chrome in a user which had carefully avoided as much as possible of googles anti-privacy crap (certainly avoided Chrome), without asking me if I wanted it installed.
As well as deleting that piece of rubbish from the list of stuff I might ever use again I've deleted three people from my llist of people who might ever be regarded as reliable sources of information on the usefulness and safety of software tools!
Tom
October 30, 2012 at 12:07 am
L' Eomot Inversé (10/29/2012)
I (installed and) ran SUPERAntiSpyware. It told me "I've found three things infected; I won't tell you what with, and I won't tell you which things. Maybe you can find out later when you look at my log, but no promises on that, and anyway you've got to decide now before you see my log or can know any of that whether to let me delete stuff". I let it delete stuff, on the theory that if it was crazy I wouldn't have people telling me it was reliable. Well, at least it does produce those logs, so not too horrible. So I let it go ahead and delete stuff. But then I looked at its log. Next I restored the stuff it had deleted!I've deleted SUPERAntiSpyware from the list of stuff I might ever use again.
edit: And now, to top my dislike of that software, I discovered that it had (without asking me) changed my default browser from Firefox to Chrome (a browser which, IMHO, only those who have no concept of privacy could ever use). Not only that, it had destroyed my Firefoxc browser session and replaced it with a Chrome session that covered only some of the tabs - the rest were lost. And to cap it all it had installed chrome in a user which had carefully avoided as much as possible of googles anti-privacy crap (certainly avoided Chrome), without asking me if I wanted it installed.
As well as deleting that piece of rubbish from the list of stuff I might ever use again I've deleted three people from my llist of people who might ever be regarded as reliable sources of information on the usefulness and safety of software tools!
I hate it when good tools go bad. I just downloaded the new spybot and found that it is now a pay model and wasn't worth a lick in detecting infections. Luckily i still have the old one that still works and is a good tool. I don't have the old superantispyware. I won't try to dig it up either. That kind of behavior is enough to discontinue any use of it imho (old or new).
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
October 30, 2012 at 12:22 am
SQLRNNR (10/30/2012)
L' Eomot Inversé (10/29/2012)
I (installed and) ran SUPERAntiSpyware. It told me "I've found three things infected; I won't tell you what with, and I won't tell you which things. Maybe you can find out later when you look at my log, but no promises on that, and anyway you've got to decide now before you see my log or can know any of that whether to let me delete stuff". I let it delete stuff, on the theory that if it was crazy I wouldn't have people telling me it was reliable. Well, at least it does produce those logs, so not too horrible. So I let it go ahead and delete stuff. But then I looked at its log. Next I restored the stuff it had deleted!I've deleted SUPERAntiSpyware from the list of stuff I might ever use again.
edit: And now, to top my dislike of that software, I discovered that it had (without asking me) changed my default browser from Firefox to Chrome (a browser which, IMHO, only those who have no concept of privacy could ever use). Not only that, it had destroyed my Firefoxc browser session and replaced it with a Chrome session that covered only some of the tabs - the rest were lost. And to cap it all it had installed chrome in a user which had carefully avoided as much as possible of googles anti-privacy crap (certainly avoided Chrome), without asking me if I wanted it installed.
As well as deleting that piece of rubbish from the list of stuff I might ever use again I've deleted three people from my llist of people who might ever be regarded as reliable sources of information on the usefulness and safety of software tools!
I hate it when good tools go bad. I just downloaded the new spybot and found that it is now a pay model and wasn't worth a lick in detecting infections. Luckily i still have the old one that still works and is a good tool. I don't have the old superantispyware. I won't try to dig it up either. That kind of behavior is enough to discontinue any use of it imho (old or new).
I use AVG Free and it seems to be pretty effective against all but the unknown unknowns.
http://free.avg.com/ww-en/homepage
There's a pay version too that I've never tried.
My thought question: Have you ever been told that your query runs too fast?
My advice:
INDEXing a poor-performing query is like putting sugar on cat food. Yeah, it probably tastes better but are you sure you want to eat it?
The path of least resistance can be a slippery slope. Take care that fixing your fixes of fixes doesn't snowball and end up costing you more than fixing the root cause would have in the first place.
Need to UNPIVOT? Why not CROSS APPLY VALUES instead?[/url]
Since random numbers are too important to be left to chance, let's generate some![/url]
Learn to understand recursive CTEs by example.[/url]
[url url=http://www.sqlservercentral.com/articles/St
October 30, 2012 at 7:04 am
Gail, when do you start your trip, and how has the flight cancellations in the NE USA affected it?
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
October 30, 2012 at 1:24 pm
L' Eomot Inversé (10/29/2012)
WayneS (10/29/2012)
Geez Tom, that's quite a bit of stuff you went through - hope I never have to do something like this. Sure am glad that you got it all fixed.Long story short... had some issues, but ended up victorious! 😀
Well, I wasn't that optimistic, which is why I said "maybe the machine is now clean" and "I have no reaon to be optimistic so I shall do everything possible to detect anything that may be there". And further scanning has turned up some more things.
Since then I've run mbam, it found a couple of strange registry entries that had to be fixed. Also the DrWeb cureit scanner, which found 14 things it reckoned were infected, but none of the infections it claimed were there would account for any of the symptoms I had (although either of two of them could have been the delivery vehicle for whatever hit me). Started doing a long overdue clean-out (you know the sort of thing - uninstalling stuff that I installed in 2007 and haven't used since 2009, and so on - some of the infections found by cureit were in things like that). Ran a full msert scan because I had only run a quick one before, it too detected some (harmless) registry corruption. Replaced my OpenDNScryptService.exe and OpenDNSInterface.exe with shiny new clean versions because some of my symptoms had appeared to be DNS interference, although there's no evidence at all that either of those was infected. Installed Trend Browserguard and will leave it in place for a few days to see if it detects anything (it's RTP only, no scan function); installed Trend RUBotted, and it says thinks the computer is not botted, but that's withing minutes of installation so doesn't yet mean anything, I'll leave that in place for a while too because bots phoning home is not a continuous thing (at least not if the malware writer knows anything about avoiding detection).
I'm still not prepared to use the machine to log into paypal, for example, because I haven't seen anything remove anything that would account for all the issues I had. I'm happy using it for things like browsing and (non-financial) email, though - different standards of security for different applications, as usual.
So next I'm going to run SUPERAntiSpyware I wasn't quite sure about that one because the name is so similar to some well-known fake anti-spyware rip-off packages - the authors of those are an even lower form of vermin than ransomware authors - but Jason's post above means I now have 3 apparently intelligent people who use it and reckon it's genuine, so I'll do it now. And I think I'll also install free AVG and run a scan with that (if I can work out how to do it without too much conflict with existing installed stuff) - I used to use AVG on my home desktop, but decided it was no longer up to scratch quite some time back; but it's been getting better and now it gets very good reports (not as good as MSE, but better than most other free things). If superantispyware detects nothing, and AVG detects nothing, and BrowserGuard and RUBotted still find nothing wrong after a week, I'll either trust the machine again or get all my data into a tin, format the laptop hard drive, and reinstall from scratch (depends how paranoid I'm feeling). If I do that I'll have a look and see if I can find a bios for the laptop that will support Windows 7 (I'll bet Toshiba won't be at all helpful on that, so I'll probably fail) so that I can run SQL 2012; using XP Pro I can't go beyond 2008 R2.
edit: Maybe I'll also try the combofix thing that Koen mentioned too. Haven't come across it before, so would do some checking first.
Last time I got hit like this, I just flatlined the machine and reinstalled the OS... and all the software.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
October 30, 2012 at 1:30 pm
WayneS (10/30/2012)
Gail, when do you start your trip, and how has the flight cancellations in the NE USA affected it?
Friday and probably not at all, the flight path goes further north than any hurricane ever will.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
October 30, 2012 at 4:32 pm
Grant Fritchey (10/30/2012)
L' Eomot Inversé (10/29/2012)
WayneS (10/29/2012)
Geez Tom, that's quite a bit of stuff you went through - hope I never have to do something like this. Sure am glad that you got it all fixed.<snip>
Last time I got hit like this, I just flatlined the machine and reinstalled the OS... and all the software.
Yes, I did the same. Figured it was faster than trying to find a culprit, particularly if they can switch off the things that should find them.
I segregate the files I need to keep, often on a dedicated drive, so I can just blast C: and begin anew. Over time you tend to accumulate crap that you never use and that runs regardless and it's amazing just how much performance improves after a reaming, so there's a benefit to be had with this also.
But I still get awfully annoyed when it happens to me. :angry:
S.
October 30, 2012 at 5:44 pm
GilaMonster (10/30/2012)
WayneS (10/30/2012)
Gail, when do you start your trip, and how has the flight cancellations in the NE USA affected it?Friday and probably not at all, the flight path goes further north than any hurricane ever will.
Good. Looking forward to seeing you again.
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
October 30, 2012 at 5:56 pm
I was recently assaulted in a dark alley by some Ransomware, Tom, so I feel your pain. It took me a few bouts of safe mode and random timing on the software boot order, including the Ransomware being foolish and not locking out my second monitor, but I finally got good ol' Norton's to reactivate.
Now, that's not Norton's fault. I hadn't renewed in over 3 years and was running un-protected. My own fault.
However, Norton's took a few attempts to recognize the new attack. It apparently wasn't in the library for it, being a brand new ransomware. On the second reboot, Nortons walked up to it and mugged IT in a dark alley.
AVG, Spybot, etc... did nothing. I finally had to go and just pay for Norton's. I have to say, after that, I've no reason to look back... and will probably put them on autorenewal.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
November 2, 2012 at 11:46 am
Knock on wood. Machines mostly safe here, hoping it stays that way.
November 2, 2012 at 11:59 am
Jack? Other NE U.S. peeps? Are you okay post-Sandy?
There's a lot of news coming out of the storm recovery and I haven't heard from you so wanted to touch base.
November 2, 2012 at 12:03 pm
Brandie Tarvin (11/2/2012)
Jack? Other NE U.S. peeps? Are you okay post-Sandy?There's a lot of news coming out of the storm recovery and I haven't heard from you so wanted to touch base.
Most everything is fine up here in NE. Some people may still be without power, but the numbers are small compared to elsewhere. Sandy mostly missed us. High waves on Monday, high winds that took down some trees & power lines, but that's about it.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
November 4, 2012 at 9:22 pm
Just arrived in Seattle. No chest pains, no shortness of breath. So far so good. 😛
__________________________________________________
Against stupidity the gods themselves contend in vain. -- Friedrich Schiller
Stop, children, what's that sound? Everybody look what's going down. -- Stephen Stills
Viewing 15 posts - 38,221 through 38,235 (of 66,712 total)
You must be logged in to reply to this topic. Login to reply