Roger's Tumblrs: Archive

FreeFixer now supports Windows 8: http://www.freefixer.com/

Oct 16th

Windows 8, VMWare, HAL_INITIALIZATION_FAILED, VirtualBox and broken network bridging. http://goo.gl/T2s5Z

Oct 5th

My code that verifies a file’s signature using catalog files and WinVerifyTrust don’t work on Windows 8. Investigating…

Oct 2nd

Starting to port FreeFixer to Windows 8.

Oct 1st

Adolist v0.12 up and running. You can now edit your todos. http://www.adolist.com/

Aug 31st

Running FreeFixer v0.59 on some real world malware. So far so good.

Jun 22nd

Adding “$err, hr” in Visual Studio’s watch window will show the value of GetLastError() and the associated error message.

Jun 13th

Sveriges statsskuld 2011-06-10: 1053665000000 SEK

Jun 13th

I’ve just uploaded a minor update at adolist.com. Anyone had the chance to try it? http://www.adolist.com/

May 29th

What do you think about my latest project? http://www.adolist.com

May 9th

www.qooqlle.com.. Anyone know how this start page gets its way into the machines out there?

Jan 26th

Anyone using Flattr? How do you like it?

Jan 22nd

Getting a “Unexpected token in attribute selector: ‘!’” in Firefox just by including jQuery 1.4.4.

Jan 16th

Ran into some new malware. LO0Pvkl.exe and LO0Pvkl20.dll. Detection rate around 33%: http://www.freefixer.com/library/file/66325/

Jan 8th

Parsing raw NTFS

Oct 10th

andy128.exe is a new Koobface variant: http://www.freefixer.com/library/file/62397/

Sep 16th

FreeFixer.com is now sending files to VirusTotal again for malware scanning. Thanks to great people over at VirusTotal for the new API.

Sep 11th

Getting a 502 Bad Gateway while uploading files with VirusTotal’s new API :(

Aug 29th

Writing new code to upload files to VirusTotal using the VirusTotal API.

Aug 24th

Oh, meant MAX_PATH, not PATH_MAX.

Jul 16th

PathCanonicalize is great, but what if my path is longer than PATH_MAX characters? Any suggestions? #win32

Jul 16th

GetFileVersionInfoSize(“c:Program FilesAux”) blocks forever on Windows XP. Is that an OS bug?

Jul 14th

srvklw32.exe - new Bredolab worm variant. Discovered a few days ago. 15% detection rate: http://www.freefixer.com/library/file/59990/

Jul 13th

bill114.exe - another update of the Koobface download. http://www.freefixer.com/library/file/59929/

Jul 8th

npi.dll nad npi.sys comes with the Koobface worm. Only Mcafee detects it at the moment: http://www.freefixer.com/library/file/59802/

Jul 6th

Added rel=”canonical” to some of the file info pages on the FreeFixer.com web site.

Jul 6th

sisytj32.exe is a Bredolab variant. A typical sign of infection is svchost.exe using 100% CPU. http://www.freefixer.com/library/file/59777/

Jul 5th

Playing around with the C++ tr1 binders.

Jul 4th

bill113.exe, yet another Koobface variant: http://www.freefixer.com/library/file/59577/

Jun 29th

uClassify back-end server now available for download: http://blog.uclassify.com/download-evaluation-server/

Jun 19th

Uploads to VirusTotal up and running again. Disabled cURLs “Expect: 100-continue” HTTP header and that solved the problem.

Jun 14th

“Ping.fm have temporarily suspended the use of twitterfeed with their service” That’s why my feeds are not posted anymore :(

Jun 13th

xiaosos.exe, xiaodll0.dll, xiaodll1.dll and xiaodll2.dll comes with a password stealer: http://www.freefixer.com/library/file/58980/

Jun 13th

bill112.exe removal instructions: http://www.freefixer.com/library/file/58829/

Jun 9th

TR/Buzus.dhxv blocks access to freefixer.com: http://www.avira.com/en/threats/section/fulldetails/id_vir/5193/tr_buzus.dhxv.html

Jun 9th

netbhl32.exe comes with the Bredolab worm. I’ve posted removal instructions here: http://www.freefixer.com/library/file/58794/

Jun 9th

ping.fm + twitterfeed does not work for me anymore. Anyone else also having the same problem?

Jun 8th

Virustotal.com up and running again :) The 28 files in the queue at FreeFixer.com should be scanned shortly.

Jun 6th

FreeFixer.com now running on 64-bit Linux. Please let me know if you see any problems.

Jun 6th

bill111.exe, new Koobface downloader: http://www.freefixer.com/library/file/58672/

Jun 5th

siszpe32.exe looks like a new Bredolab variant: http://www.freefixer.com/library/file/58569/

Jun 3rd

Just finished some performance improvements for the uClassify back-end server.

May 31st

Back from a job interview ;)

May 28th

dimax.dll and hlemunt.sys are two new Koobface files. http://www.freefixer.com/library/file/58122/

May 24th

monmzb32.exe, new Bredolab variant: http://www.freefixer.com/library/file/57967/

May 22nd

Enumerating files by parsing the NTFS Master File Table.

May 18th

FreeFixer v0.58 up and running: http://www.freefixer.com/about/release-notes.html#0.58

May 17th

Ran into a new Koobface variant. bill110.exe, devconus.dll and multikey.sys: http://www.freefixer.com/library/file/57446/

May 12th

CryptCATAdminCalcHashFromFileHandle fails with ERROR_INVALID_PARAMETER when hashing a .hxs file. Anyone know why?

May 12th

wwwzuc32.exe, probably a new Bredolab variant: http://www.freefixer.com/library/file/57375/

May 11th