Category Archives: General

Removing the Reveton Trojan from Windows

Recently, a friend of mine asked me for some help with her Windows PC. Her son got bitten by a nasty bit of ransomware. A giant screen came up saying “YOUR COMPUTER HAS BEEN LOCKED”, claiming that the NSA’s PRISM program had detected illegal content on the machine. Only by paying $300 to the “NSA” could the computer be unlocked. The screen is insidiuos; there’s no way to get around this splash screen. You can launch other apps, but they’re instantly covered up by the screen.

I don’t do a lot with Windows these days (and this incident reminded me why I don’t have a Windows machine at home for my kids to use), but I figured I could help out. I thought it would be much like other malware I’d encountered in the past.

Apparently, this ransomware has been around in one form or another for a few years. The message changes (kudos to the bastards who write this for changing the graphics to take advantage of all the recent PRISM publicity), but the app is the same. Much of the advice I found online was from web sites that are 100% focused on malware — for some reason, I am quite skeptical of these sites. I don’t know what their motivation is — are they just copying content from elsewhere on the web, are they just trying to sell their own software/services, or are they just publishing wrong information. I had hoped to find some individual guy’s blog article on the topic. Since I didn’t find much like this, I figured I would write an article to share my experience.

The malware in question is known as “W32/Reveton”. Here are a few links:

There was a lot of advice online about booting into safe mode. This doesn’t seem to help. The app still launches as soon as you log into your machine in safe mode. It blocks any attempt to interact with other software, so you can’t run any sort of anti spyware software.

Some sites advised botting from UBCD4Win. I didn’t pursue this, because I needed a windows machine to build a minimal windows image on the CD. This seemed like too much of a hassle.

Finally, I stumbled across Windows Defender Offline. You have to use another Windows machine to run the executable which builds the ISO, but it seems less complicated than building a UBCD image. I was able to build this ISO on a virtual machine on my Mac. Booting from this CD was exactly what I needed to do. The application found W32/Reveton right away and cleaned up the infection.

I hope this helps somebody out there!

Samsung Epic and slow launcher with Froyo

After using Froyo on the Epic 4G for a few weeks, I came to the conclusion that something was very wrong with the launcher.  Often, I would return to the homescreen after using an application, and I would have to wait several seconds for the icons to redraw.  This happened most frequently if I changed orientation while in the application, so that when I came back to the launcher, it needed to lay itself out in the new orientation.

I didn’t see this happen on my wife’s Epic (at least not as bad as on mine).  I have no idea what’s different between them.  But fear not, if you’re seeing this problem, too — there is hope.

 

Continue reading Samsung Epic and slow launcher with Froyo