Sunday, August 24, 2014

If you use Blogger with Google+ for comments you will lose the ability to review comments

This is just a quick FYI - I have turned off Google+ for my blog because I cannot moderate the comments properly using Google+. I was hoping that Google would fix this sooner rather than later and it seems like it isn't a priority for them. The reason this is a problem for me is that when someone leaves me a comment in Google+ I have no idea unless I am looking at my Google+ feed. I never look at my feed because I don't like social media platforms.

The old Blogger comments system lets me know if I have comments pending and I can review them all in one place without having to go to each post individually. With Google+ I have to visit each of my posts individually to find unanswered/unreviewed comments; I refuse to fish for my pending comments.

Anyhow - sorry for any inconvenience this may have caused for people who have left Google+ comments in my past posts, but I cannot continue using Google+ until Google wises up and provides me a proper way to review comments. I was reading that there is a way to make each comment system run side by side, but I need more time to look into this claim.

Related links:
http://www.southernspeakers.net/2013/10/say-hello-to-google-comments.html
http://www.blogxpertise.com/2013/04/bringing-g-comments-to-your-blogger.html

Saturday, August 23, 2014

How I got Trovi on my computer and why you should never install CDisplayEx

Introduction

I wanted to view some comics a friend recently gave me. If you haven't heard of Berserk, you should go check it out. The anime does the manga justice, but the manga, just like all original sources, is way better than the anime because it doesn't leave anything out. Anyhow, getting to the problem. In all of my excitement to start reading the manga I downloaded the first comic viewer I found because I vaguely remembered the name and I never would have suspected what happened next.

NEVER INSTALL CDisplayEx EVER

Before I start ranting, I just need to say that I almost never present opinion or uncertainties on my blog because I don't like putting misinformation out on the internet. I am slamming CDisplayEx because the installer they offer on their site, www.cdisplayex.com, gave me malware. Not just one piece of malware, I got about 20-25 pieces (objects) of malware on my machine and I never agreed to any of it while installing the software. I am usually very careful about this kind of thing and I don't install a lot of programs without recommendation or research... usually. Therefore I will be putting my foot in my mouth right now because the one time I put my guard down because I am excited to read my manga, I get hit with a program that is acting as a Trojan horse for 20-25 pieces (objects) of malware.

Hence I am telling anyone who is reading this right now to NOT INSTALL CDisplayEx EVER it harbors bullshit in it. If you check out that site I provided above, there is no mention anywhere on the site that you are installing a bunch of other crap with CDisplayEx. The EULA says you are taking the program as-is, yeah usually that mean just that program - not that you are going to get hit with a bunch of malware.

Before I ran Malware bytes, I uninstalled Mezza and Search Protect manually from my PC. I got hit with the following list of Malware which luckily I was able to remove using Malwarebytes. Thank goodness for free antivirus scans and removal tools and shame on Microsoft for their native antivirus, Windows Defender, for failing horribly on Windows 8. I ran a scan with Windows Defender and it found nothing! One of those pieces of Malware was a search engine hijacker named Trovi. I will get into why this is bad news for you if you use Chrome.
Registry Keys: 2
  1. PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3800025958-4139502185-2390362187-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [03992d9c95e6da5c83c63b35768c2dd3], 
  2. PUP.Optional.Mezza, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\MZA, , [712b52775526d85e260bf5f24bb757a9], 
Folders: 4
  1. PUP.Optional.OpenCandy, C:\Users\[UserName]\AppData\Roaming\OpenCandy, , [25776267c8b34de9c0231aa27989619f], 
  2. PUP.Optional.OpenCandy, C:\Users\[UserName]\AppData\Roaming\OpenCandy\F2DCE73D13D54943ACEEE0596DA783E6, , [25776267c8b34de9c0231aa27989619f], 
  3. PUP.Optional.Extutil.A, C:\Users\[UserName]\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [861620a94f2c231331dd0dc836cc817f], 
  4. PUP.Optional.Managera.A, C:\Users\[UserName]\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [f6a6d1f8a7d4e254729d1cb99b6728d8], 
Files: 13
  1. PUP.Optional.OpenCandy.A, C:\Users\[UserName]\AppData\Roaming\OpenCandy\F2DCE73D13D54943ACEEE0596DA783E6\dlm.exe, , [c8d49732f68523134220ce5d748deb15], 
  2. PUP.Optional.Mezza, C:\Users\[UserName]\AppData\Roaming\OpenCandy\F2DCE73D13D54943ACEEE0596DA783E6\MZAAppSetupx30001.exe, , [712b488196e596a036748f1ae41d6997], 
  3. PUP.Optional.SearchProtect.A, C:\Users\[UserName]\AppData\Local\Temp\nsjC834.tmp, , [1785e6e3b8c30b2bf5865e3a09f8e31d], 
  4. PUP.Optional.Conduit.A, C:\Users\[UserName]\AppData\Local\Temp\nskFDC0.exe, , [316b0cbd1b605adc90c4b9d5d829cc34], 
  5. PUP.Optional.Conduit.A, C:\Users\[UserName]\AppData\Local\Temp\nsl11C.exe, , [5d3f3e8b82f9e3532f25e7a71ae7b749], 
  6. PUP.Optional.Conduit.A, C:\Users\[UserName]\AppData\Local\Temp\nsrDD92.exe, , [c5d7ad1ce3980e281044e0aec23fee12], 
  7. PUP.Optional.Conduit.A, C:\Users\[UserName]\AppData\Local\Temp\nst949F.exe, , [aeee329795e65ed8490b7f0f3ac7e11f], 
  8. PUP.Optional.Conduit.A, C:\Users\[UserName]\AppData\Local\Temp\nsvDAF1.exe, , [fba10ebb7efd82b4aba9eea040c1c43c], 
  9. PUP.Optional.Extutil.A, C:\Users\[UserName]\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [861620a94f2c231331dd0dc836cc817f], 
  10. PUP.Optional.Extutil.A, C:\Users\[UserName]\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [861620a94f2c231331dd0dc836cc817f], 
  11. PUP.Optional.Extutil.A, C:\Users\[UserName]\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [861620a94f2c231331dd0dc836cc817f], 
  12. PUP.Optional.Managera.A, C:\Users\[UserName]\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [f6a6d1f8a7d4e254729d1cb99b6728d8], 
  13. PUP.Optional.Managera.A, C:\Users\[UserName]\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [f6a6d1f8a7d4e254729d1cb99b6728d8], 

How does this affect Chrome?

I have Chrome installed on all of my computers, which is about five PCs right now. Two of those PC's are my work PC's. Imagine my psychotic rage when I found a browser hijacker on my work PC. I don't take risks with my work machine EVER. How the hell did Trovi find it's way on my work PC. Well the one thing that I LOVE about Chrome is a double edged sword in this situation. My default search engine was switched on all chrome instances on all five PC's to Trovi. This makes it ultra confusing to find the culprit. The culprit being my Windows 8 Surface Pro 2 because I installed that nefarious piece of software, if it can be called that now, CDisplayEx.

I had a different experience removing Trovi from each PC. I wasn't recording what I was doing while I was panicking to remove this pest from my machines. I was more concerned about eliminating the threat than writing a blog article. The experience I had pretty much came down to one thing:
  1. Uninstall Chrome completely
  2. When it asks you if you want to delete your data, to be on the safe side say Yes
  3. Reinstall Chrome - reconnect your Google account etc etc etc
This helped me get rid of Trovi. Unfortunately with viruses and malware, you are never 100% sure if you got rid of it. Just because Malwarebytes and Windows Defender are saying that I don't have any threats detected doesn't mean that something isn't still lurking around.

Your host file is altered without your permission

This may not mean much to a lot of people, but it is a big deal if you actually use your host file. I use my host file heavily and the only reason I even noticed that this even happened was because I have my host file open on my work PC all of the time. What is scary about this is that this happened on a PC that just had the search engine changed on it to Trovi via Chrome as the delivery method. That's pretty screwed up. I am still scratching my head on that one.

Anyhow, if you want to check your host file go to this directory:
C:\Windows\System32\drivers\etc      - the file is named "host" no extension

I had two different experiences:
  1. My host file was deleted outright
  2. My host file was backed up for me (gee thanks!) - which is still kind of like being deleted

Actions taken

This pissed me off enough to report these bastards to the FBI. Now I know you had to take a double take at what you just read, yes you can submit a complaint to the IC3 in order to report internet and cyber crimes. This definitely falls under that category because programs were installed on my computer with malicious intent and without my consent. I want to see how far I can take this. The IC3 works, I have reported sites before for different reasons and I had bad sites investigated and eventually shut down. Let's see how far I can take this.

Update 11/14/2015

I was looking for a new comic book reader to use and I stumbled across this article by LifeHacker:

I am adding this to my post to defend my position on CDisplayEx and why you shouldn't install it. Call this reinforcement of my argument. I don't care if it was a good program, the point is it isn't anymore because of the Malware that is obviously present.

Here is an excerpt from the article dated 12/28/14 8:00am:
Earlier this week we asked you to tell us which comic book readers you thought were the best, since our previous picks were getting a little out of date (and our previous champion, CDisplayEx, apparently is bundled with a boatload of malware that many of you have written in to complain about.) You offered up tons of great nominations—and defenses of CDisplayEx—but we only have room for your top five. Here they are, in no particular order:
 Therefore once again, those of you who want to criticise this post are just being belligerent because I am presenting facts not opinion. In other words even if you disagree with me, you are wrong.

Conclusion

Don't just install programs that look okay, even when you are excited about reading your favorite manga of all time.