Tuesday, 28 October 2008

Olivier Messiaen

Messiaen - Oiseaux Exotiques - Aimard, Boulez Part 1

Ondes Martenot / Messiaen 4° Feuillet Inédit by Thomas Bloch

Theremin Lesson One

Thomas Grillo

Sunday, 26 October 2008

Intruders II

Today after a scan, the following message appeared in Spybot (antirootkit software - looks decent), it was deleting a key in the registry, probably from my last operations, see post Intruders.

Company: Marketflip Technologies, LLC
Product: RegistryFix
Threat: Malware

Company URL:
Company product URL:

Software belongs to Marketflip Technologies like the rogue antispyware software NoAdware or Spyware Solver. Its domain is registered through domains by proxy. Neither license nor website state proper contact information or any information about the company. False positives and warning messages serve to make the user buy the software. This software is identical to ErrorClean which is also from Marketflip Technologies.

Saturday, 18 October 2008

Laurie Anderson

only an expert

the ugly one with the jewels


Friday, 17 October 2008


On the 12th of October, I've inadvertedly turned off my firewall/anti virus for a few minutes. The result as you can imagine is that I've got infected, not me, my computer, by a series of weird diseases, all grouped in the same package, or probably from the result of the same original sin. My firewall started shooting scary messages like the one in the picture. The funny thing is that when I clicked on "enable protection", it'd just send me to a page telling me to buy antimalware/antivirus software from two different brand. To buy an antivirus I didn't even know?! I thought it was really weird. And scary, seen the nature of the messages popping up in my screen. So I took note of the names of the trojans, and after digging in the net here's what came up.


Trojan-Clicker.Win32.Tiny.h Description
Trojan-Clicker.Win32.Tiny.h is an imaginary Trojan name used to threaten and trick users into buying the rogue anti-spyware application PC Antispy. The user gets infected after downloading the video codec that infects the computer with a nasty Trojan. This Trojan then displays a fake "Windows Security Alert" message which recommends to download a software (most probably PC Antispy) to resolve the issue. The message reads:

"Windows Security Alert
To help protect your computer, Windows Firewall has detected activity of harmful software. Do you want to block this software from sending data over the internet?
Name: Trojan-Clicker.Win32.Tiny.h
Risk Level: CRITICAL
Description: This is spy trojan that installs itself to the system, hides itself and then captures screen images and saves them to disk files in encrypted form. Thus it allows to a hacker to watch screen images."

PC Antispy or whatever software the fake Trojan-Clicker.Win32.Tiny.h alert message recommends will not fix your PC but might actually expose you to more security threats
from "http://www.spywareremove.com/removeTrojanClickerWin32Tinyh.html"

PCAntispy, also known as PC-Antispy and PC Anti Spy, is a rogue anti-spyware program that sells itself as a spyware removal superhero under the slogan: "Protecting Against Intruders". Ironically, PCAntispy is an intruder itself. PCAntispy is a clone of PCAntispyware and will use any means necessary to lure you into buying the full PCAntispy program.

Zlob Description
Spyware Image
It is a backdoor designed to give the attacker remote control over a compromised PC. It changes essential computer settings and modifies certain files. Zlob starts automatically on every Windows startup and hides its activities by injecting code into explorere.exe. It waits for remote connections and allows the attacker to download and install additional software, execute certain commands and manage the entire computer. Zlob can be very dangerous. Use antivirus and malware removal tools in order to get rid of this spyware.
from "http://www.spywareremove.com/removeZlob.html"

This Trojan opens a range of web pages without the knowledge or consent of the user. It is a Windows PE EXE file. It is 5120 bytes in size. It is packed using FSG. The unpacked file is approximately 23KB in size.

The Trojan adds a rule to the Windows Firewall which permits any network activity caused by the Trojan.
from "http://www.viruslist.com/en/viruses/encyclopedia?virusid=108900"

Trojan-Spy.HTML.Bankfraud.dq (Kaspersky Lab) is also known as: Phish-BankFraud.eml.a (McAfee), Trojan.Bankfraud (Doctor Web), HTML.Phishing.Bank-1 (ClamAV), HTML/Bankfraud.gen (Eset)
from "http://www.viruslist.com/en/viruses/encyclopedia?virusid=75870"

First off, never trust a bug that tells you to buy something to get rid of it. It's always a scam, exportion to be exact.

Run the McAfee free scan and see exactly which virus you have and list it out here. If the one you think you have is "Trojan.spy.html.bankfraud.dq" you need to dig a little deeper. That trojan was targeted towards a specific bank's customers (unless you are a Regions bank customer.).

I would run MSCONFIG and stop disable all programs you do not recognize, then reboot and perform another scan. Then go to TrendMicro.com and reseach each one of them. Trend is pretty good at giving the manual removal workaround.
from "http://answers.yahoo.com/question/index?qid=20080728223233AAzKkOh"

I checked a few forums, all saying to download such and such software, which I did for a few, but after running them, nothing could be found, desperatly. On one the forums, someone had the idea (I've lost the address of that source, forgive) to check all files created and modified during the last two days, in the System32 folder in Windows, you know, with the search tool (or find, on other OS's). In the list that's come up, there was someting called "juxslopm.exe" which caught my attention, well that a very strange name that I've never come across before. At first, I could not delete it, which was a quite risky solution if my suspicion was proved wrong. So I changed its name to C:\Windows\System32\juxslopmOld.exe and left it for a while. After a few hours, the creepy messages were gone, and all was back to normal. So I've assumed that was my culprit, I've moved to my desktop, and now it allows me to delete. And more, my antivirus (AVG) has recognized it and accused,
trojan horse generic11.azou
process Name: C:\Windows\Explorer.EXE
Process ID: 3440

too late, I did it first. I still don't understand why it took so long to identify the trojan. It's still on my desk, where I can see its dead corpse, yeah, I feel like a bounty killer.
Conclusion: they infect me and then offer to cure me, my computer actually, I'm still allright. That's a bit sci-fi, but probably a good marketing strategy, for who is not, or can't afford to inform himself. Those guys who are selling the miraculous software should have problems for doing that.

Friday, 3 October 2008

About Tesla coil (II)

"Energie" de Thorsten Fleisch - 2007
Thorsten Fleisch

Another blog worth checking. Esoteric.
Outro blog de interesse que vale a pena percorrer. Esotérico.


About Tesla coils

A few sites for the seriously mad with tendencies for moments of high voltage.

Apenas uns sites para apanhados do clima em último grau com fracos para momentos de alta voltagem.

Florians Teslacoilpage

Tesla Downunder

Alfred Hitchcock Presents

Cure for insomnia

Wednesday, 1 October 2008


First take





Tom Waits

Tom Waits Press Conference