I am writing this from somebody else's computer. Mine blew up the other night. Not with flames and all, but in an explosion of hard drive errors. I had it booted up in safe mode when the phone rang.
*ring*
Hello?
Hi. I'm from Microsoft support. We've been getting error messages from your computer. I will walk you through some steps to fix the problem.
(Microsoft calling me to help me with my computer? This is highly unusual ... but I have been having problems lately...) You've been getting messages from my computer?
Yes, for a long time. You computer has been infected with viruses and malware for a long time.
(Well I have had virus problems, but why did they wait so long to call if they knew I had a problem? ) I can take control of your computer and get rid of the problem, now go and turn on your computer.
My computer is on, but it's in safe mode so I doubt you can take it over; but I'm not sure I want to ...
What key is next to your left control key?
Uh .. the windows key.
Good, press the windows key and the "R" key.
What does that do?
Just hold down the windows key and press R. What do you see?
Tell me what it does first.
I'm going to help you fix your problem. Just hold down the windows key and press R. What do you see?
Geeze, okay: the 'run' command opens. (Boy is this guy ever rude...)
Good, now type e-v-e-n-t-v-w-r.. What do you see?
What does that do?
Just type e-v-e-n-t-v-w-r. What do you see in front of you?
Tell me what it does first.
Just type it sir. What do you see?
Look dude, I don't know who the hell you are. I'm not going to type it unless you tell me what it does first.
Just type the command. Okay, what do you see on your screen?
Can I have your phone number?
No, just type the command. I'll give you the phone number after you log in. Now enter e-v-e-n-t-v-w-r. What do you see in front of you?
I'm going to hang up unless you give me your phone number.
Just type the command first.
Okay goodbye. *click*
A quick search on the 'net shows that this scam has been going on for a long time. Eventvwr itself is harmless, but it produces computer logs which few people understand and may appear to indicate that your computer has a problem. The scammers use this to convince you to download a program which allows them to obtain control of your PC, and then you're fucked.
The weak link in this scam is the notion that Microsoft would actually call you to help you with your computer. The only thing that made this even remotely plausible in my case is that by coincidence my computer completely crapped out shortly before he called. I know my readers are far too sharp to fall for something like this, so I post this for your ammusement rather than as a warning necessarily.
This isn't the first time I've been scammed. My favourite was a 2-page handwritten letter in 2003 from Uganda. It had Ugandan stamps and was post-marked Uganda. The return address was a box at the Kabale Police Station, which appears to be a real place. It refered to me by name and came to my address, but it did not ask for money outright. The letter writer claimed he was a police officer who was guarding my father. He says "It is a really long time since we last met at Kabalagala Kansanga Kampala at the residence of your father... ". Wow, thats pretty bloody specifc! It's also not accurate. He goes on to mention other inaccurate details including relative's names and so on ... to the point where I almost wonder if the letter was legit and just went to the wrong person. It's impossible that they would randomly mail that to somebody who actually fit the narrative of the letter.
The letter ends with him explaining that his brother died and left him with 5 kids, and that he is struggling with money. Ah here we go, I thought. He wants money.. Still, the whole thing was so intriguing that I held on to the letter. I would scan it for you, except that my PC is toast. Maybe some day, if I ever make it to Uganda, I'll stop in at the Kabale Police Station and ask if Tumwebaze Alfred ever worked there.
Saturday, 26 November 2011
Gone phishing / letters from Uganda
Monday, 22 November 2010
For sale: svchost.exe virus. Excellent condition!
Blogging is a little bit like working out. It's hard to get to the gym, but after a couple of workouts you can feel it in your muscles and it makes you want to go back and work out some more. With blogging, you get the feedback from the hits and the comments and so on, and it makes you want to post more. But when you fall out of it, you kinda lose that motivation a little bit. Or at least I do. Maybe it's a post-civic election slump. Post electoral depression. It's been a week since I've posted .. which isn't much .. but I've already lost that blogging mojo.
Work got in the way last week, as well as viruses. Computer viruses. Nasty ones. Ones that my virus program can't clean and that keep coming back like that damned cat.
They're sneaky little devils. They take
on the same names as legitimate windows executables: svchost.exe, shell.exe, dwm.exe, etc.. except they locate themselves in the application data of your windows profile, and other places they're not supposed to be. You can delete them, but then seconds later they're back. My Trend Micro would usually block them, but that meant a warning box was popping up literally every 3 or 4 seconds saying that something was blocked, and then another window would pop up saying svchost.exe failed to initialize.
That's annoying.
I would run my virus scan, and it did catch and quarantine a few of them, but not all. And it can't clean the quarantined files either. I tired manually deleting the bad files from safe mode, but that works for all of 18 nanoseconds. I tried running Spybot Serach & Destroy, but it mostly finds bad cookies and that sort of thing. It might have helped a little. Then I ran the CCleaner registry cleaner in the hope of cleaning whatever registry entries were causing these stupid little things to keep coming back. Then I tried Combofix. Then I tried running Trend Micro from safe mode.
Then I rebooted and I still had the Goddamned viruses.
Then I turned to the internet. Not very helpful. A bunch of sites try to get you to buy their phony product with phony reviews ("I downloaded it and now everything is perfect!") when the program you're downloading is probably loaded with more viruses than a refugee ship from Burma. There are also some sites that tell you to clean them manually by deleting autorun.ini and other files from your System32 directory, and then going into Regedit and deleting a bunch of lines in there.
Uhm. No. You first.
I finally got rid of them (I think ... mostly ...) using an internet scanner from Trend Micro called Housecall. Seemed to work well. Which makes me wonder why the Trend Micro program on my computer that I pay for can't do the same thing.
So that was my weekend. Thanks for humouring me, as I attempt to get back into the blogging groove by sharing my problems with the world.
Friday, 13 August 2010
MTS Customer Service
If Brian Kelcey is looking for content for his new www.mtscustomerservice.com domain, I direct him to dogbert:
Sunday, 31 January 2010
An iPost for my eBlog
I am sure the folks at Apple pride themselves on being ahead of the curve with respect to technology, but they are in the stone ages when it comes to naming their products.
It was not always this way. Appple was one of the first companies to name a computer after a fruit, for example. But this practice of prefixing names with lower-case vowels has run it's course.
For their latest product, as you know, the cavemen in the Apple marketing departments chiseled out "iPad". Four years after Mad TV mocked that very same name, and three years after a Canadian Company named Coconut Grove started selling bra inserts (yes, ladies, pads for your bra) also with that very same name. Not to mention the 
hand-held inventory device by Fujitsu.
My opinion: Apple should go back to apples. I think "Gala" would have been a great name for their new tablet. Mind you, Gala would also be a great name for a product that makes your boobs look big.
