Sunday, March 22, 2009

HKLM\Software\UAC* key prompt in RootKitRevealer

After about a month of troubled computing, I finally ran the rootkitrevealer and the first prompt that I got was that of the key HKLM\Software\UAC*
If you also get it, chances are that you have been rootkited by Win32:Rootkit-gen.
A lot of googling revealed nothing as the rootkit team was unaware of the origin of the key.

So, I just started XP in safe mode and started Avast! Antivirus (Free Edition) and it detected a trojan in my operating system memory and recommended a boot scan.

To see how to schedule a boot scan click here.

The bootscan revealed 9 files in system32 infected by the Trojan Horse "WIN32: Fasec" and it had infected dll files in the System32, Temp and System32/drivers folders which not to my surprise were named as UACqumepxb.dll , UACdnberxns.dll etc, so you see the names are like UAC*. I just moved all the files to Chest (although I was prompted that the files i am about to move are System Files) as I was pretty sure that the DLLs were generated by the trojan and wrere named like UAC followed by a random string.

And now another RootKitRevealer scan doesn't show those keys!

It also solved another problem. my C: was not being mounted in the RKR scan which is now being scanned as well.

This is what my Scan Report looked like, it can be found in C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.

03/22/2009 19:59
Scan of all local drives

File C:\WINDOWS\system32\drivers\UACbqumepxb.sys is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\WINDOWS\system32\UACdnberxns.dll is infected by Win32:Fasec [Trj], Moved to chest
File C:\WINDOWS\system32\UACiorjdptm.dll is infected by Win32:Fasec [Trj], Moved to chest
File C:\WINDOWS\system32\UACqjbpjwbm.dll is infected by Win32:Fasec [Trj], Moved to chest
File C:\WINDOWS\system32\UACwpwcdooe.dll is infected by Win32:Fasec [Trj], Moved to chest
File C:\WINDOWS\Temp\UAC828d.tmp is infected by Win32:Fasec [Trj], Moved to chest
File C:\WINDOWS\Temp\UAC8608.tmp is infected by Win32:Fasec [Trj], Moved to chest
File C:\WINDOWS\Temp\UAC9e24.tmp is infected by Win32:Fasec [Trj], Moved to chest
Number of searched folders: 15607
Number of tested files: 148765
Number of infected files: 8

Sunday, March 1, 2009

Getting Youtube Videos to run on your phone

So you have just seen a video on You Tube and are wondering how you can run it on your phone which supports only 3GP videos, like my Nokia 5300, never mind if it plays MP4 or AVI too, the steps are the same.

First of all you will have to download and install the following softwares, don't frown, they are all freewares and they are not paying me any commission.

Real Player

Doremisoft FLV to 3GP Converter

DVD VIDEO SOFT

Now go to your favourite video on You Tube or any other site for that matter.

Right Click on the video and click on "Download this video to Real Player".

Now run the FLV to 3GP Converter and select your input and output files, and you get a 3GP video.

Now, if this does not run on your phone, you will need DVD Video Soft to decrease the resolution of the video. Thats pretty easy, select your input and output files and from the Presets drop-down list, select the appropriate resolution and you are done!