\u201cTransparency and the rule of law will be the touchstones of this presidency.\u201d<\/p>\n
President Barack Obama, January 31, 2009<\/p>\n
Today was the day I was going to catch up, but at 2 PM I was still in my pajamas and hadn\u2019t had lunch yet. I generally dress upstairs in my bathroom, so I have breakfast in my pajamas, so that wasn\u2019t unusual; but about 10, when I was ready to go up to shower and dress, Roberta came to tell me of a tale of woe. Saturday she generally tries to Skype with one or another grandchild, and before she talked to one of them she had wanted to look up something about the education system, and she couldn\u2019t do it. Her Internet browser exploded in advertisements, and she couldn\u2019t even find Google. Clearly something had got into her system that ought not be there.<\/p>\n I went in to have a look. It was a mess all right. Something had changed the home page of both Internet Explorer and Firefox to Trovi, as well as the search engine. There were other problems. Control Panel showed me a number of programs I\u2019d never heard of were installed. I removed several of them \u2013 Roberta couldn\u2019t remember using them \u2013 but when it came to trovi and sizlysearch, the Microsoft operating system couldn\u2019t remove them. Instead I was taken to a web browser page with one of those \u201care you human?\u201d things to fill out which would take me to the Trove Uninstaller. God knows what that would do to her system, so I declined the offer. Task Manager showed me that several trovi and sizlesearch processes were running. I could close them, but seconds later they came back again.<\/p>\n Same with Internet Explorer and Firefox: I went in to remove all addins and extensions, but neither sizylsearch nor trovi could be disabled; the disable button was greyed out. There were a couple of other undisableable addins. <\/p>\n Since the search engines weren\u2019t reliable as a means of finding out how to get rid of hijacked search engines, I asked my advisor team for advice, and also went up to my own systems to see what I could find. Online searches with uncontaminated systems told me that Trovi and Sizylsearch were notorious: not exactly malware, but certainly adware, and annoying. They also intentionally made it difficult to eliminate them, which moves them to malware status in my judgment.<\/p>\n Meanwhile, I had turned on Microsoft Security Essentials deep scan on Roberta\u2019s machine. When I went back to her system the screen was dark. Nothing I could do with keyboard or mouse would get me a signal from it. Curiouser and curiouser. I pushed the hardware on\/off button. A message about restoring windows appeared. That seemed a bit odd, but Windows came up all right, along with a Microsoft Security Essentials report that it had found WORM: Win32\/GAMARUE and removed it. Looking that up advises me to scan any hard drive that her system has ever been connected with. That\u2019s fairly easy since her machine isn\u2019t part of the Chaos Manor networking system, and she doesn\u2019t access other sites here. I also restarted Microsoft Security Essentials and told it to do a full deep scan. This took a while, but eventually it ran to completion having found no other malware.<\/p>\n Except there was: that is, if you count swizlesearch and trovi as malware. They were both still active, raining ads in new windows and generally being aggressive, enough so that her system was in essence unusable on the Internet. Also something about extreme weather was periodically giving us voice messages along with sponsoring commercials.<\/p>\n By now I had a consensus among both advisors and from my on line search: what I needed was malwarebytes.org and their scanner. I could not get Internet Explorer to go where I wanted it to. I couldn\u2019t get internet Explorer even to open a new tab with a right click. Trovi really owned that program. I turned to Firefox. At least I could get a new tab, but I noted that Google was no longer available as a search engine. I had to trick Firefox into going there by directly typing the full https:\/\/malwarebytes.org<\/a> address into the address window \u2013 no search needed \u2013 and even then it popped up three more windows \u2013 not tabs, but new windows \u2013 each offering technical expertise about malwarebytes.org but none of them having that address. They were pretenders hoping I\u2019d go to them for help rather than malwarebytes.org. I patiently closed each of those windows and the next ones that popped up,and some after that, and by then the original window had got itself to the malwarebytes.org site. That site offers a free and a paid scan download. I chose free. That came down fast, and I ran the installation program. It updated itself, and began the scan; in seconds it had detected 19 threats. I looked at them (clicked details) and lo! sizlsearch had four entries, and Trovi had three. There were others including extreme weather reporting \u2013 it was that one which kept giving us sound messages along with sponsors \u2013 and some other stuff that I\u2019d never seen before.I kept checking the scan progress, and it was finding a few every few minutes. Eventually it found 49, and announced the scan complete. I let the malwarebytes scanner quarantine them all, reset Roberta\u2019s machine, said a few words of potent white magic, and when her system came up I opened Internet Explorer.<\/p>\n I was greeted by the Google home page, which is what Roberta uses. Trovi had hijacked that, but now Trovi was nowhere to be seen. Task manager showed that no trovi or sizyle processes were running, and now, several hours later, they are still gone. Of course we\u2019re changing passwords just in case.<\/p>\n And I downloaded the malwarebytes.org scanner to this machine and ran it: it found one ancient file it wanted to quarantine, but nothing else. I\u2019ll buy the professional edition and set it to scan all the other machines up here at intervals, since it catches stuff that Windows Security Essentials doesn\u2019t believe is malware.. And it\u2019s 4:30 in the afternoon. <\/p>\n A Republic if you can keep it.<\/p>\n <\/p>\n So I still haven\u2019t caught up. I have to pay bills, and there\u2019s other stuff that didn\u2019t get done while I was still in my pajamas at 2 PM. But I\u2019ve dressed, showered, had my lunch, and I\u2019ve put this in the day book, from where it will be easy enough to consult for writing into the column, and now it\u2019s time to post this and pay the bills. I have some other stuff to write about, including the difference between a democracy, which the Framers of 1787 detested \u2013 \u201cThere never was a democracy that didn\u2019t commit suicide\u2026\u201d \u2013 and a republic, which is what Franklin said they had created. \u201cA republic. If you can keep it.\u201d<\/p>\n While I was dressing I thought about the concept of \u201cfair play\u201d and \u201cfair game\u201d. In the old honor system, some people were outside it: they were not treated as honorable opponents, they were \u201ctreated as wolves are.\u201d This was the sentence passed by the Roman Senate on the surviving members of the Catalinarian rebellion. To be regarded and treated as wolves are. I suppose we are too civilized for this, and we are bound to treat our barbarian enemies as if they were entitled to be treated as we do other men, but it makes you think. Especially when they behead journalists and stone young girls for not marrying whom they are supposed to marry. Now of course I was thinking about the creators of trovi and sizylesearch and how we ought to think of them: they use Internet freedom to get as close to the malware line as they possibly can \u2013 there is some evidence that at least one of those started with the best of intentions \u2013 but end up costing thousands of people hours of time, adding up to more hours than there are in a long life; all wasted on countering their efforts. That\u2019s sort of the equivalent of murder. But I haven\u2019t time to think all this through. Another time.<\/p>\n <\/p>\n But first I have to catch up. Beginning with paying the bills.<\/p>\n For those interested in travel and what we carried in the year 2000, see http:\/\/www.jerrypournelle.com\/reports\/jerryp\/adventure2000.html<\/a><\/p>\n Rick Hellewell, my security advisor, says<\/p>\n <\/p>\n It looks like Sizlsearch is installed as part of a ‘you must install video software to view that movie’ kind of thing. Which should never be done. Prompts such as that are never to be trusted. If you think you need a video player, go to the source (Adobe Flash Player, I suppose) manually, never via a link or a message while browsing.<\/p>\n And, although Malwarebytes has a good reputation (as does Tom’s Hardware site), not sure that having two antivirus programs is a good idea. <\/p>\n But no anti-virus program will protect against a user installing an ‘add-on video player’, which is almost always a vector for installing malware.<\/p>\n I’d also recommend, after a power-off restart, a re-run of any malware scanner programs, just to make sure that things are safe.<\/p>\n …Rick…<\/p>\n<\/blockquote>\n Regarding two scanners, I can see they might interfere with each other, as each looks at the other\u2019s data base. An interesting experiment, and I do silly things so you don\u2019t have to\u2026<\/p>\n But note what Rick is saying. If you try to open a movie of the grandchildren, and up pops an offer to give you free software to view that movie with, don\u2019t do it. Leave the offer on screen and get someone who knows about this stuff to look at it. And be careful how you close that screen. I generally close the whole browser rather than click anywhere in a potential malware screen, because just because it looks like a \u201cclose this window\u201d place to click, you don\u2019t know what it\u2019s actually connected to. Or at least I don\u2019t. <\/p>\n As to the programs needed to view that video, chances are you already have programs that will open that movie, and you only need to know how to do that, But do not let accept the offer of free movie viewing software from some friendly but unknown site, and do not give unknowns permission to install stuff on your computer. And do not trust it simply because a once reliable publication says you can. I\u2019ve told you that twice before. What I tell you three times is true.<\/p>\n And I am reminded that I should tell you that malwarebytes is not a primary anti-virus and worm defense. Microsoft Security Essentials remains essential. But MSE does not remove some of the annoyingware that can make you crazy. Malwarebytes.org will do that. Use them both.<\/p>\n The California Sixth Grade Reader http:\/\/www.amazon.com\/dp\/B00LZ7PB7E\/ref=as_li_tf_til?tag=chaosmanor-20&camp=14573&creative=327641<\/a> contains the stories and introductions from the original official California 6th Grade Reader in 1916. Similar readers, most of them containing the same stories as the California reader, were in use in well over half the other states. I had a Sixth Grade reader with most \u2013 nearly all \u2013 the same poems and stories in a country school, two grades to a room, in Capleville, Tennessee in 1943. These are the stories that Americans all had read, and formed part of the common American culture. I have added a few introductions and a foreword directed to those who will be reading this book, and with a lot of help from readers and my advisors we have published it as an electronic Book. It is available on Amazon and readable in the free Kindle Apps for most tablets, PC\u2019s, and smart phones like iPhone. My six year old grand daughter likes some of the stories, particularly the one about Beethoven and the Moonlight Sonata. <\/p>\n On closing malware popups:<\/p>\n Rick Hellewell, our security guy, says<\/p>\n A "normal" popup window will have the usual "x" in the upper right corner of the window, so you use that to close the errant window.<\/p>\n A popup window can be created without the ‘x’, or can disable the ‘x’ normal function. Or they can put a ‘fake’ ‘x’ button that actually does something else. So you may have to use another method. <\/p>\n If the popup window has the ‘focus’ (is the ‘active’ window), then you can try Alt+F4 to close it. Or you can look at the taskbar (usually the bottom of the screen) where you might find the indicator of multiple browser instances. You can then find the ‘bad’ instance, and right-click that instance to close it.<\/p>\n If that doesn’t work (sometimes new popups can be spawned), then you might need to go into the Task Manager (right-click the Task Bar, then select Start Task Manager; in Windows 8 I believe you can hit the Window button, then just type in Task Manager to start it). From there, you might see multiple instances of your browser program, and you can force stop it.<\/p>\n If still persistent, a last resort is a full shutdown\/restart might be needed. And, after that, perhaps a malware scan might be in order.<\/p>\n This page has pictures and instructions on the process: http:\/\/www.wikihow.com\/Close-an-Internet-Pop-Up<\/a> .<\/p>\n …Rick..<\/p>\n<\/blockquote>\n Eric adds:<\/p>\n When in doubt I go to task manager and kill the browser entirely. "Nuke it from orbit. It’s the only way to be sure."<\/p>\n<\/blockquote>\n <\/p>\n When in doubt use task manager. <\/p>\n <\/p>\n And thanks for the sales spike in the California Sixth Grade Reader http:\/\/www.amazon.com\/dp\/B00LZ7PB7E\/ref=as_li_tf_til?tag=chaosmanor-20&camp=14573&creative=327641<\/a><\/p>\n Freedom is not free. Free men are not equal. Equal men are not free. <\/p>\n View 841 Saturday, September 06, 2014 Edits and additions through Monday, September 8, 2014 \u201cTransparency and the rule of law will be the touchstones of this presidency.\u201d President Barack Obama, January 31, 2009 Today was the day I was going to catch up, but at 2 PM I was still \u2026 Continue reading ![\"clip_image002\"](\"http:\/\/www.jerrypournelle.com\/chaosmanor\/wp-content\/uploads\/2014\/09\/clip_image0027.gif\" "\\"clip_image002\\"")
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n\n
<\/a><\/p>\n<\/a><\/p>\n\n
\n
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"