Article Categories
Article Archives

A NEEDLESS CATASTROPHE

Published January 19, 2005 | By ttpn

I troll Microsoft newsgroups regularly. It’s part of duties. Normally I troll development newsgroups, particularly those involving databases. However, now I’m doing a stint in XP newsgroups.

Last week I described a catastrophe in the making that I was able to avert. This week I’m describing one I ran across last night, but too late.

The person wrote:

Help! My computer has been hijacked by a Trojan. (I doubt it was a Trojan, but that’s not important.) I can’t connect to the internet or to Outlook. I can’t access my Windows firewall. There’s an icon in my task bar that says my LAN (the fellow had ADSL) has limited or no connectivity.

I’ll summarize the rest. The victim has spoken to his phone company and his ISP. They ran tests. There was nothing wrong with his Samsung ADSL modem. The signal was getting through from his computer to the phone. His ISP said his account was in order. But nothing worked.

Some error messages mentioned his winsock was not functioning.

What is winsock?

windows sockets: (Winsock) A specification for Microsoft Windows network software, describing how applications can access network services, especially TCP/IP. Winsock is intended to provide a single API to which application developers should program and to which multiple network software vendors should conform. For any particular version of Microsoft Windows, it defines a binary interface (ABI) such that an application written to the Windows Sockets API can work with a conformant protocol implementation from any network software vendor.

Where did I get this.? From Google, of course.

Several people had answered him. None of the answers fixed the problem. Finally he replied that he had backed up all his data and reformatted his hard disk, and then reinstalled everything.

Too bad I hadn’t read the article sooner. If this happens to you, there’s a much simpler answer. I knew it from earlier reading, but checked it with Microsoft Israel before writing it in this column.

Click START then click on run.

wizard_12105a.jpg

Type in the following command, then click OK.

wizard_12105b.jpg

And that’s that.

Now, an admonishment. This fellow, in my opinion, was probably not a victim, but a thief — a thief using what’s known as a “crack site.” These sites provide the user with keygenerators or other ‘fixes’ for trial versions of software to turn them into versions that won’t expire. Beyond the dishonesty, the price for using them is that the most vicious intruders come from crack sites.

Furthermore, the sites give the user fair warning of the risk you are taking. Let’s give an example. I took some screen shots of a popular crack site. I searched for Snagit, the screen capture program I use to illustrate this column, among other work.

wizard_12105c.jpg

wizard_12105d.jpg

Once I clicked on Techsmith Snagit I got the following window.

wizard_12105e.jpg

Most likely, this fellow (and the fellow I discussed last week also), facing this warning, chose to install the Active X control. How they chose to do so is beyond me. The public is barraged with TV shows, newspaper and magazine article about security risks of using Microsoft’s Active X when surfing the net. These people know that, know they are at really nasty sites, but just to save $39.95, ruined their computers.

With Snagit, for example, click the Help menu, click on ‘check for upgrades’ and:

wizard_12105f.jpg

Beside the upgrades, I get support and tutorials.

On a related topic, some intruders may hijack Internet Explorer’s home page, search page default, or change other features, such as turning the firewall off.

If you’ve taken my advice and bought Spy Sweeper, you can reverse it all with a few clicks of the mouse.

On the one hand, you can give Spy Sweeper permission to return to default without notification.

wizard_12105g.jpg

Or at any time you can click the ‘Reset IE Page Settings to Defaults’.

Dennis Turner

Dr. Jack’s Classics