Friday, April 29, 2005

American Life in Poetry #4: Ruth Stone.

BY TED KOOSER, U.S. POET LAUREATE

None of us can fix the past. Mistakes we've made can burden us for many years, delivering their pain to the present as if they had happened just yesterday. In the following poem we join with Ruth Stone in revisiting a hurried decision, and we empathize with the intense regret of being unable to take that decision back, or any other decision, for that matter.


Another Feeling

Once you saw a drove of young pigs
crossing the highway. One of them
pulling his body by the front feet,
the hind legs dragging flat.
Without thinking,
you called the Humane Society.
They came with a net and went for him.
They were matter of fact, uniformed;
there were two of them,
their truck ominous, with a cage.
He was hiding in the weeds. It was then
you saw his eyes. He understood.
He was trembling.
After they took him, you began to suffer regret.
Years later, you remember his misfit body
scrambling to reach the others.
Even at this moment, your heart
is going too fast; your hands sweat.


Reprinted from "In the Dark," Copper Canyon Press, 2004, by permission of the author and publisher. This weekly column is supported by The Poetry Foundation, The Library of Congress and the Department of English at the University of Nebraska, Lincoln. This column does not accept unsolicited poetry.



Also at Virtual Grub Street by/about Ted Kooser:

Wednesday, April 27, 2005

Is Google Associated with a SearchMiracle Knock-Off?

Related Story: How to Remove Mirar Toolbar "It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log."


The Internet is changing the world in more ways than immediately meet the eye. The world has become a vastly more complex place as a result of it. What may seem wonderfully simple -- starting a blog, for example, or adding advertising to one's site -- is freighted with issues that only unfold with the passage of time.

This blog is hosted by Blogspot.com. Originally intended to be an arts and lit blog, an early posting/article about the spyware pest SearchMiracle/EliteBar was so popular, throughout the web, that it became known as an adware/spyware blog. It became so popular, in fact, that it seemed reasonable to include some unobtrusive Google Ads.

In February of 2003, Google bought the company that owned Blogspot blogs and it has since offered its bloggers a quick and easy way to contract for advertising revenues. The revenues are based upon the number of times the Google Ads on a site are clicked. The contract is a much simplified version of similar contracts signed between search engines and the companies that pay to advertise on them.

These decisions were made easier by the fact that I think very highly of Google. Its search engine is by far the best on the web. To "Google it" is common practice now for millions, myself very much included. The company's handling of its Initial Public Offering (IPO), while harrowing, suggested that its owners didn't want to be just another company -- that they wanted to be fairer and more responsible than most.

Of course, adware is, at base, an attempt to make greater profits through pay-per-click (or pay-per-display) advertising contracts. I was not unaware of the potential conflict between Obiter Dicta's role as a source of information and commentary on slash and burn pay-per-click Internet advertising and its relationship with Google Ads. But the risk seemed small. I accept the inevitable role of responsible advertising in developing the net. I draw my boundary lines at: stealth downloading of adware; downloads achieved through misleading or intentionally confusing a user; hijacking of start pages; disabling and altering a user's resident software (thus damaging private property); providing no effective means of uninstalling the software; and harvesting a user's private information (perhaps even to sell as a secondary income stream). I was being consistent.

The reader may imagine my curiosity when I began, while grazing HijackThis logs of computers infested with Enternet Media's SearchMiracle/EliteBar, to notice a new listing: another pseudo search page: http://ny.contentmatch.net/. The listing seems to have begun appearing in numerous SearchMiracle-related logs in March of this year (2005).

The page is yet another front page represeting itself as an information directory while doing nothing more than inserting canned search terms into a search engine. The directory even looks suspiciously like the SearchMiracle and YupSearch directories. It is the target of another Browser Helper Object (BHO), this one referred to as the "Mirar Toolbar". Like SearchMiracle, it has more than one directory page fronting on the same search engine.: http://awbeta.net-nucleus.com/ being another. In the modern world, success breeds... well... knock-offs.

Again, after the fashion in these matters, the home page for Mirar, http://www.getmirar.com/, was notably unhelpful. It contained nothing more than a bright photo spread, a link to a toolbar download and a generic e-mail contact address. Of course, people very rarely download from these home pages so there is no link to a EULA and no descriptive information about Mirar's wonderful product. There is a link to an uninstall page which begins by offering the reader a number of "free gifts," for which the user must register, and refuses to allow him or her to proceed until at least one is chosen. While there may be a means to uninstall, the user who tries this route must traverse a labyrinth in order to get to it.

After considerable searching, I discovered that there was, indeed, a EULA for the Mirar Toolbar. It is located at http://policy.getmirar.com/EULA.html. The link from the Mirar homepage -- or to any page for that matter -- seems to have been forgotten.

The EULA provides information required by the laws of most civilized countries. The reader learns that Mirar is the product of a company called Net Nucleus based out of Toronto, Ontario. Until about a week ago, it included a statement of Net Nucleus's relationship with a company called WhenU:


By downloading the Software, you will also automatically receive a bundled software product called SaveNow and SearchBar, proprietary software products of WhenU.com Inc. (“WhenU”). By clicking on the “I Accept” or “Yes” button, you are also consenting to the terms of the license granted by WhenU, which are provided below.
WhenU is infamous for any number of reasons not the least of which is having briefly been removed from both the Google and Yahoo search engines [story] for engaging in a practice called cloaking. It has been accused, by malware watchdog Ben Edelman, of failing to obey its own privacy policy [details]. While it denied the allegations, it changed its policy to more accurately reflect that fact that it collects users' personal information:


As described in WhenU's Response, WhenU changed its privacy policy subsequent to the posting of this research. In particular, WhenU revised the privacy policy posted on some pages of its public web sites, but failed to revise other pages, and failed to revise the privacy policy and other privacy promises embedded within WhenU software installers.

It is not clear whether a relationship continues between the two companies.

Both WhenU and Mirar Toolbar often bundle their product with third party software. Mirar is widely reputed to utilize stealth downloads. This may also be what is meant by Symantec's vague warning that:


It will also attempt to download and install the Mirar toolbar from a predetermined Web site.

Mirar's recent habit of appearing in HijackThis logs infested with SearchMiracle/EliteBar, known to stealth download via malicious Java Scripts, suggests the possibility that it has expanded its old bundling approach.

In the open, as it were, where it is not camouflaged by being a small part of a big bundled infection, the Mirar Toolbar tends to be described as in the following letter to the InfoPackets Newsletter (May 2004):


Gazette Reader 'SweetImage' writes: " Dennis is there any way to get rid of the Mirar toolbar once and for all? I have searched sites where I have found loads of people having the same problem. I have used at least 8 different Adware-blocking programs to remove the toolbar from my system, but none of them can get rid of this rotten thing! Mirar support has not answered my emails and I am going absolutely crazy trying to remove it from my system. I cannot use the Windows System Restore because it won't allow me to roll back (except for today's date) -- and furthermore, Dell can't help me. Am I stuck with this toolbar? I don't even know where it came from! Thank you very much if you can help! "

Such is the sound of yet another satisfied customer.

All of this said, this would be just another sad but all too familiar story if it weren't for one fact. The surprise of this story comes when a visitor to http://ny.contentmatch.net/ or http://awbeta.net-nucleus.com/ clicks on one of the canned search engine terms only to find that the Mirar directory, to which it forcibly redirects a user's browser, is a portal to the Google Search Engine.

Of course, these directories are uniformly created as a source of advertising revenue. A question begs the asking: How does NetNucleus generate revenue from its Mirar search directory if it enters search terms in the Google Search Engine? Put more directly: Does Google have a business relationship with NetNucleus -- a company widely reputed to use stealth downloads and that recently shows up with alarming frequency in HijackThis logs together with software utilizing startpage trojans to install spyware -- to enhance advertising revenues from its search engine?

I, for one, will be pleased to learn that there is no such relationship, that there is another explanation and that Mirar will be required to cease its practice of downloading (stealthily or otherwise) portals to the Google Search Engine. Also that my tiny part in the Google empire will not be considered to be the actual bad business arrangement. It seems that starting a blog is not so wonderfully simple as it would appear. It is only natural to experience some amount of anxiety over the vast interconnectedness that threatens to leave us all subject to situations that seem beyond our ability to foresee. In light of the many issues this article touches upon, the question can only be asked: For all of the potential of it, just how real is this electronic democracy? How real can it remain?



Also See:
  • Sunbelt Tangles with NetNucleus (February 7, 2007). NetNucleus, purveyor of the Mirar Toolbar, threatens to sue Sunbelt Software for labeling it's product "Adware". Sunbelt replies with a devastating overview of Mirar's stealth installation methods (and more).
  • How to Remove Mirar Toolbar "It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log."
  • Adware & Malware Identifier Index (May 9, 2005). "The following is an in-progress index of some of the more common malware toolbars/browser helper objects at large on the Internet."
  • Online Bibliography (Regularly updated). A bibliography of Gilbert Wesley Purdy's work on the Web and elsewhere including computer topics.

Saturday, April 23, 2005

HijackThis vs. the Elitebar Removal Tool

The following HijackThis thread, from Web User Forums, highlights a number of key points about the modus operandi of the SearchMiracle/EliteBar downloader. It also highlights the comparative merits of SimplyTech's EliteBar Removal Tool.

The user's opening comments are typical:

I've just started getting IE pop-up windows appearing every so often. They appear regardless of whether I'm actually using my browser (Maxthon).

I've run [Ad-Aware], [SpyBot S&D], and installed SpywareBlaster and SpywareGuard. Removed a heap of items, but the popups are still appearing. Included below is a [HijackThis] log (created immediately after a reboot).


No standard anti-spy software has managed to fend off the infection entirely. A HijackThis log is posted together with a plea for help.

The expert's instructions are typical of the early strategy attempted by HijackThis experts:

*Open [HijackThis], take another scan and place a checkmark next to these entries.

R3 - URLSearchHook: IncrediFindBHO Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exeO4 - HKLM\..\Run: [Windows Online Updater] dllman.exe
O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitekck32.exe
O4 - HKLM\..\RunServices: [Windows Online Updater] dllman.exe
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll [see VGS's Key File Index for more information on this file]

*Close all open Windows except [HijackThis] and click on "fix Checked".

* Open Windows Explorer, navigate to and delete the following
Files/Folders:

C:\Program Files\Common files\SearchUpgrader\>>>folder
C:\winnt\system32\elitekck32.exe>>>file
C:\WINNT\system32\NavLogon.dll>>>file [see VGS's Key File Index for more information on this file]

Reboot the Computer in normal mode, then click the "Post Reply" button and post a new log in this thread for further review and evaluation.



While this approach may provide some limited, and temporary, relief, SearchMiracle will soon be back in full force. As HijackThis experts have generally discovered, the downloader for the infection detects, and, if necessary, reinstalls itself from RAM as Windows is closed. (The related file can have different names for different variations of the infection but always appears, to date, in the form "elite***32.exe".) This explains the next set of comments from the user:

I've done everything as you suggested, noting:

"C:\winnt\system32\elitekck32.exe>>>file": This file wasn't there. Searched entire HD and couldn't find it.
"C:\WINNT\system32\NavLogon.dll": Deleted *after* reboot, as was in use before reboot. [see VGS's Key File Index for more information on this file]

After 1st reboot, the elitekck32.exe entry (O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitekck32.exe) had reappeared, so I fixed it again and rebooted a 2nd time. It's still there, see new HJT log below. The pop-up windows are still appearing.

The file for "elitekck32.exe" is no longer on the hard drive. The resident file was deleted by SearchMiracle itself when "eleitekck32.exe" was removed. The file is probably designed to be deleted in order to avoid the problem of having to rename it in order to successfully re-install.

The second round of instructions (in response to the updated HijackThis log) make the matter still clearer:

*Open [HijackThis], take another scan and place a checkmark next to these entries.

O4 - HKLM\..\Run: [load32] C:\WINNT\system32\winldra.exe [see VGS's Key File Index for more information on this file]

O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitekck32.exe
O21 - SSODL: NnjrTTQcGY - {372715F7-9D8D-BF5D-D9F5-F29E65298DCD} - C:\WINNT\system32\xqzq.dll (file missing)

*Close all open Windows except [HijackThis] and click on "fix Checked".
*Open Windows Explorer, navigate to and delete the following Files/Folders if present:

C:\WINNT\system32\winldra.exe >>>file [see VGS's Key File Index for more information on this file]
C:\winnt\system32\elitekck32.exe >>>file
C:\WINNT\system32\xqzq.dll >>> file

*
*
*


Reboot the Computer in normal mode, then click the "Post Reply" button and post a new log in this thread for further review and evaluation.



A number of files have returned: first the downloader exe and then the files it has begun to reinstall. The HijackThis expert, in this particular case, is stumped. He keeps advising that the user reboot in normal mode which will only reload elitekck.32.exe back up into RAM from where it will reinstall when Windows is closed. In the new, successful Hijackthis threads the expert knows to reboot in Safe Mode and then delete the file. This prevents elite***.32.exe from loading up into RAM. If it can't get to RAM it can't download back onto the hard drive.

This thread will end up successful, however, and for an intersting reason. The user takes the matter of getting rid of elite***32.exe into her/his own hands:

Hi, think I've got to the bottom of the elitekck32.exe file.

Another forum (http://forum.iamnotageek.com/history/topic.php/1819049822-1.html) put me onto this [Elite Toolbar Remover]... I've run it and it's removed the Elitekck32.exe malware, as shown in the new HJT log below. I've not posted logs for each account as I suspect that's not the problem.


She/he has downloaded and run the Elitebar Removal Tool and now returns to clean up some loose ends not related to SearchMiracle/EliteBar.

Again, this thread seems to highlight the relative merits of HijackThis and the Elitebar Removal Tool. The removal tool is quickly downloaded and specifically targets the problematical elite***32.exe file. HijackThis is not limited to a single strain of infection(s). Given some time for the HijackThis expert community to get a grasp of a particular infection there is an excellent chance that a fix can be developed.Using it can also add to the user's knowledge level about infections and his/her computer.



Also see:


[re: SearchMiracle.EliteBar Search Miracle Elite Bar EliteToolBar Elite Toolbar Elite Tool Bar Elitum ETBrun YupSearch Yup Search.]

Friday, April 22, 2005

American Life in Poetry #3: Marnie Walsh.

BY TED KOOSER, U.S. POET LAUREATE

A poem need not go on at great length to accomplish the work of conveying something meaningful to its readers. In the following poem by the late Marnie Walsh, just a few words, written as if they'd been recorded in exactly the manner in which they'd been spoken, tell us not only about the missing woman in the red high heels, but a little something about the speaker as well.


Bessie Dreaming Bear
Rosebud, So. Dak., 1960


we all went to town one day
went to a store
bought you new shoes
red high heels

ain't seen you since.


Reprinted from "A Taste of the Knife," Ahsahta Press, 1976, by permission of Tom Trusky, literary executor of the Walsh estate. This weekly column is supported by The Poetry Foundation, The Library of Congress and the Department of English at the University of Nebraska, Lincoln. This column does not accept unsolicited poetry.



Also at Virtual Grub Street by/about Ted Kooser:

Wednesday, April 20, 2005

Computer Tips and How To's

The following new link to Obiter Dicta has recently been posted: Computer's Tip's and How To's (in the sidebar). CTHT is a new blog with a single post as this is being written. That post is chock-a-block full of helpful information and downloads, however, and I, for one, intend to stop by to check out its progress on a regular basis.

A recent link has also been posted at a Smart Computing message thread.

Monday, April 18, 2005

EliteBar Removal Tool Alert: Update V.1.2.2.!!!

or How to Remove SearchMiracle/EliteBar (Alt. 1, Rev. 1)


The thousands of people who are still flocking to the O.D. article How to Remove SearchMiracle/ EliteBar (also known as ETBRUN), and the scores of links to the various O.D. articles on SearchMiracle/EliteBar and related adware/spyware, make it clear that Giancarlo Calo's freeware EliteBar Removal Tool is still the clear means of choice for removing this pest. The removal tool, however, is not limited strictly to SearchMiracle. Calo lists the following variant toolbars that can be removed by this software:


EliteBar (adware toolbar); EliteToolbar (adware toolbar); EliteSidebar (adware toolbar); Browser Aid (adware toolbar); CashToolbar (adware toolbar); SearchMeUp (adware toolbar); navpsrvc.exe (also known as: W32/Forbot-EF, worm); FreshBar (also known as: ADW_FRESHBAR.B, adware).

Recently Calo's Elite Toolbar Remover has received its most powerful endorsement to date. The newest updates of SearchMiracle/EliteBar incorporate code designed specifically to attack the remover:


We, at SimplyTech.it, in early January 2005, released a freeware utility that helped you restore your OS functionality by killing this malware. Since this version 1.0 of our EliteToolbar Remover, the silly guys at EliteToolbar have released some new variants of their malware. The variants in circulation from the end of January 2005, in fact, do a cache detect of the words: "EliteToolbarRemoverV10.zip" which was the old name of our previous version 1.0.

If you are trying to download it from a mirror site you will receive the following error:

''Cannot copy file, Cannot read from file source or disk''

This is not a message from your operating system, but a stupid message from the malware that is actually running in your PC.

The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there! After all, these are very clever programmers, aren't they?

Anyway, it is sure that these people will also blacklist the new name of the zip we are using now, so if this occurs and some new variants will circulate the Internet from today we suggest you to download the software to another PC and take it on a diskette or a USB pendrive and run it on the infected PC in Safe Mode, as usual.

So then, it is vitally important to be sure that you are downloading the latest (EliteToolbar Remover V.1.2.2) version of the remover. It is also important to read the informative Elite Toolbar Remover page at Simply Tech.

The software provided by Simply Tech is entirely freeware. The group offsets it cost as best it can by donations. A PayPal link is provided at the bottom of the Elite Toolbar Remover page. Please help them keep up their fine efforts if you can.



Also see:



[re: SearchMiracle.EliteBar Search Miracle Elite Bar EliteToolBar Elite Toolbar Elite Tool Bar Elitum ETBrun YupSearch Yup Search.]

Friday, April 15, 2005

American Life in Poetry #2: Jonathan Greene

BY TED KOOSER, U.S. POET LAUREATE

Many of us have felt helpless when we've tried to assist friends who are dealing with the deaths of loved ones. Here the Kentucky poet and publisher, Jonathan Greene, conveys that feeling of inadequacy in a single sentence. The brevity of the poem reflects the measured and halting speech of people attempting to offer words of condolence:


At the Grave

As Death often
sidelines us

it is good
to contribute

even if so little
as to shovel

some earth
into earth.


Copyright 2003 by Jonathan Greene. Reprinted by permission of the author. This weekly column is supported by The Poetry Foundation, The Library of Congress and the Department of English at the University of Nebraska, Lincoln.




Also at Virtual Grub Street by/about Ted Kooser:

Wednesday, April 13, 2005

One Woman in Her Time.

The following review has just appeared in the online journal Eclectica:
*
*
*
One Woman in Her Time: Michelle Cameron's In
the Shadow of the Globe

In the Shadow of the Globe
Michelle Cameron
Lit Pot Press (2003) 204 pages
ISBN 0-9743919-2-1



In one of his best known passages, Shakespeare reminds us, in the character of Jacques, from the play As You Like It, that:

All the world's a stage,
And all the men and women merely players:
They have their exits and their entrances,
And one man in his time plays many parts.


In this spirit, Michelle Cameron has given us her first book of poetry, In the Shadow of the Globe, a verse play, of sorts, on the life of the Bard of Avon. The characters are Shakespeare himself and the supporting cast that formed the theatrical world through which he moved.... [cont'd]

>

>

Source: Eclectica.

Recent Link to OD

The following new link to Obiter Dicta has recently been posted: The New Game Board.

Monday, April 11, 2005

HijackThis vs. SearchMiracle/EliteBar

HijackThis is a very popular tool used to glean detailed information on spyware, adware and trojans that may have invaded a computer. As described on the Tom Coyote HijackThis page, When launched, it creates a log of "certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It's up to you to decide what should be removed."

The log in question is a great confusion to the uninitiated. When their computers become infected, they flock to "expert" forums where they post their raw logs and beg for further instructions. The process is highly informative and more than a little amusing.

Since the Enternet Media adware program SearchMiracle/EliteBar (also known as ETBRUN, Elitum, Elite Toolbar etc.) has been at large on the net, logs of infected computers have begun to appear in profusion. Early on, the HijackThis faithful showed every confidence that their anti-spy program was up to the task of removing the pest. In the meantime, it has become clear that there are few HijackThis forum threads that end with the adware and its associated StartPage.sj trojan having been successfully removed.

Whether due to frustration with SearchMiracle in particular, or difficult logs in general, the forum experts have begun adding an imposing list of other anti-adware/spyware programs that they require the supplicant to download into her or his computer before they will consent to attempt a fix. The following list, from the Tech Support Forum, is exemplary:

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download and install SpyBot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Please download Ad-Aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into [Ad-Aware]->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the
hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the HijackThis forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Still, most threads break off with the supplicant crying out that pop-ups remain in control of their computers. StartPage.sj (or the then most recent version of StartPage) appears to load key files in areas of the computer that HijackThis does not log.

Recently, a more promising approach has begun to be used. In a Tech Guide Forum thread, of March 9, 2005, the expert has suggested a new tack, and, while he/she was not overflowing with confidence, the thread ended with a smiley face emoticon. The infection is Adware.HuntBar, a close variant on SearchMiracle that also utilizes the infamous StartPage.sj trojan.

The new approach? Scan first with Panda Online Scan and then address the remaining items on the HijackThis log:

Go to this link >>>Online virus scan at Panda's http://www.pandasoftware.com/activescan/co...n_principal.htm
Don't start it yet

Now, this is VERY IMPORTANT
Close out all unnecessary programs running in the background
Close out all Windows

Bring up the Task Manager(right click the bottom taskbar and select Task Manager) End process on these if you can...

After that is done you will have only the Task Manager and the page from Panda's open

Click the SCAN MY PC button>>>This should bring up a pop up window from Panda's

Close down the IE page that I linked you to Panda's but keep their popup window open...


It involved a bit of a struggle but the final outcome was worth the effort. Those who have read OD's original SearchMiracle/EliteBar piece, Elite Bar Adventures, are already aware that the Online Panda Scan is able and willing to remove the StartPage.sj trojan for free.

There are two points that may not be clear in the thread, however. After the first Panda Online Scan, the StartPage.sj trojan remained in several files. My personal experience was that Panda had to clean twice before StartPage's EliteBar downloader file could be removed. Also, it is not likely that the final step of this thread will work for SearchMiracle/EliteBar.

Geek Girl at Computer Technical Support Forums also started with Online scanning, on March 20th, and a set of initial instructions quite similar to those posted at Tech Guide Forum. On this occasion the infection was SearchMiracle itself. Her scanning instruction were slightly enhanced:

Scan your pc with one of these free online scanners:
Panda ActiveScan
RAV AntiVirus
Housecall. Be sure to put a check the box beside AutoClean.

Whether or not RAV or Housecall are able to remove StartPage.sj for free, I can not say. These instructions would seem to argue that they are.

This is not to say that HijackThis simply can not remove SearchMiracle without the help of an online scan, as evidenced by this thread at Geeks to Go in which the Staff Expert provided a swatch of code to be used in concert with a safe mode boot. Those guys must be working overtime over there. Whether or not it removed the most recent version of SearchMiracle, however, is impossible to tell.

Of course, there is also no telling whether the infection rose from the ashes, in any of these cases, and the disgusted supplicant decided not to return to the given forum. However much resurgence of the infection doesn't appear to have occurred, OD makes no representations about any of the software, fixes, etc., cited above. As always, the rule is "Supplicant Beware!"



Also see:



[re: SearchMiracle.EliteBar Search Miracle Elite Bar EliteToolBar Elite Toolbar Elite Tool Bar Elitum ETBrun YupSearch Yup Search.]

Friday, April 08, 2005

American Life in Poetry #1: David Allan Evans.

BY TED KOOSER, U.S. POET LAUREATE

We all know that the manner in which people behave toward one another can tell us a lot about their private lives. In this amusing poem by David Allan Evans, Poet Laureate of South Dakota, we learn something about a marriage by being shown a couple as they take on an ordinary household task.



Neighbors


They live alone
together,

she with her wide hind
and bird face,
he with his hung belly
and crewcut.

They never talk
but keep busy.

Today they are
washing windows
(each window together)
she on the inside,
he on the outside.
He squirts Windex
at her face,
she squirts Windex
at his face.

Now they are waving
to each other
with rags,
not smiling.



Reprinted from "Train Windows," Ohio University Press, 1976, by permission of the author, whose most recent book is "The Bull Rider's Advice: New and Selected Poems." This weekly column is supported by The Poetry Foundation, The Library of Congress, and the Department of English at the University of Nebraska, Lincoln.



Also at Virtual Grub Street by/about Ted Kooser:

Ted Kooser and the American Life in Poetry column

>
Obiter Dicta will be posting the weekly American Life in Poetry column, by Ted Kooser, courtesy of The Poetry Foundation and the Library of Congress. The first column will follow this acknowledgment.



The Poetry Foundation has formed a partnership with the Library of Congress to support the American Life in Poetry project, an initiative of Ted Kooser, the Poet Laureate Consultant in Poetry to the Library of Congress. [cont'd]


Source: American Life in Poetry.



Also at Obiter Dicta by/about Ted Kooser: American Gothic (a review of Delights and Shadows by Ted Kooser. Copper Canyon Press, 2004); American Life in Poetry #1: David Allan Evans; American Life in Poetry #2: Jonathan Greene; American Life in Poetry #3: Marnie Walsh; American Life in Poetry #4: Ruth Stone; American Life in Poetry #5: David Baker; American Life in Poetry #6: Barton Sutter.

Monday, April 04, 2005

John Ashbery and Off-the-Rack Japanese Wives.

>
The following New York Sun piece, about John Ashbery, a poet who types his poems on "a large black office-model manual Royal typewriter made in 1949", and whose most recent book of poems had an astonishing first press run of 9,000 copies, qualifies as commentary on more levels than intended. Note, for one, the advertisement for "Japanese Women to Share Your Life With" that heads the piece.

Oh well, The Sun will be able to pay its salaries. The Destina Japan "match-making" service will close a few contracts. Brendan Bernhard gets to publish an indepth piece (1,550 words: a veritable tome!) out of the deal. Ashbery gets a bit of ego-gratification and his publisher can hope to sell a few more copies of the most recent. A few guys will get a docile domestic partner and a few Japanese ladies American citizenship and a crack at the American dream. How delightfully Post-Modern, don't you think?



The Blather Is Profound and Beautifully FormedProfile: John Ashbery
BY BRENDAN BERNHARD
March 30, 2005

Marcel Duchamp said that you're not famous unless taxi drivers recognize you. Once, back in the 1970s, John Ashbery was recognized by a hippie cab driver in Greenwich Village. "Hello, John!" the man called out with a mocking lilt to his voice, before speeding off. Mr. Ashbery said no other cab driver has recognized him since.... [cont'd]




Source: The Page>The New York Sun.

The Japan Times on Destina Japan.

This fascinating little quote from Nick Naruse, Chairman and CEO of Destina Japan, in an article that appeared, on March 7th, 2005, in the Japan Times:


"Japanese women are very popular among the British and Americans for their exotic features, high education level, as well as for being reserved and humble. They also tend to have a well-balanced personality as a result of being brought up properly," says Naruse. [Read full the article]



In re: John Ashbery and Off-the-Rack Japanese Wives.
Source: Benador Associates.

Saturday, April 02, 2005

New Internet Bibliography Links

The following new links have been posted at the Gilbert Wesley Purdy Internet Bibliography:


The free software downloads are now also listed on the Obiter Dicta sidebar.

Friday, April 01, 2005

Norm Schall at NSComputers1

Thanks to Norm Schall, at NSComputers1 for linking to O.D. from his "Links" page. Norm has recently begun a computer business in the West Palm Beach, Florida, area and has achieved a considerable success in a short time. The "Protection Downloads" page of his site lists a number of free and trial-basis software downloads.

How to Remove KeenValue.

The following is a detail page of Virtual Grub Street's Adware & Malware Indentifier Index:

The information in the Adware & Malware Indentifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.



KeenValue, SearchUpgrader Toolbar
  • Executable Files: SearchUpgrader.exe.
  • Dynamic Link Libraries: bho.dll; pwrs0rbi.dll; IncFindBHO.dll.
  • Directory/Search Page: http://www.searchupgrader.com/.
  • Uninstall Page URL:
  • Related Articles: Important Removal Tool Note. Fighting Malware with Standard Windows Tools (February 25, 2007). You may have more in your bag of tricks than you realize.
  • Notes: Some versions of these infections are also known as eUniverse (Ad-Aware), KeenValue (Mcafee), Euniverse (PestPatrol), PowerSearch (PestPatrol), eUniverse.IncrediFind (Spybot), KeenValue.PerfectNav (Spybot), Adware.Keenval (Symantec), SPYW_KEENVAL.A (Trend Micro). This infection can be removed by both Lavasoft's Ad-Aware freeware and by SpyBot S&D freeware.




VGS encourages you to post comments about the service it offers, and, in particular, about your experiences with the removal tools suggested in its pages. Removal tool comments will be most effective in helping those who come after you if you post them to the individual detail page for the malware item you used the tool to remove. Please be as clear and as detailed as possible. The most effective comments might include such information as: 1) What browser and operating system you are are running on your computer (i.e. Windows 98, NT, XP, Linux, Internet Explorer 6.0, Firefox); 2) What updates are installed (i.e. SP1, SP2); 3) What anti-virus/malware package(s) are resident in your computer; and 4) the actions you took in the order you took them.

How to Remove Claria, Gain, Gator.

The following is a detail page of Virtual Grub Street's Adware & Malware Indentifier Index:

The information in the Adware & Malware Indentifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.



Claria, Gain, Gator


Also See:

How to Remove ISearchTech.SideFind

The following is a detail page of Virtual Grub Street's Adware & Malware Indentifier Index:

The information in the Adware & Malware Indentifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.

This page has been moved and is no longer being updated. The new page is located >>> Here.


ISearchTech.SideFind







VGS encourages you to post comments about the service it offers, and, in particular, about your experiences with the removal tools suggested in its pages. Removal tool comments will be most effective in helping those who come after you if you post them to the individual detail page for the malware item you used the tool to remove. Please be as clear and as detailed as possible. The most effective comments might include such information as: 1) What browser and operating system you are are running on your computer (i.e. Windows 98, NT, XP, Linux, Internet Explorer 6.0, Firefox); 2) What updates are installed (i.e. SP1, SP2); 3) What anti-virus/malware package(s) are resident in your computer

How to Remove ConfuSearch.

The following is a detail page of Virtual Grub Street's Adware & Malware Identifier Index:

The information in the Adware & Malware Identifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.


ConfuSearch

VGS encourages you to post comments about the service it offers, and, in particular, about your experiences with the removal tools suggested in its pages. Removal tool comments will be most effective in helping those who come after you if you post them to the individual detail page for the malware item you used the tool to remove. Please be as clear and as detailed as possible. The most effective comments might include such information as: 1) What browser and operating system you are are running on your computer (i.e. Windows 98, NT, XP, Linux, Internet Explorer 6.0, Firefox); 2) What updates are installed (i.e. SP1, SP2); 3) What anti-virus/malware package(s) are resident in your computer; and 4) the actions you took in the order you took them.

How to Remove nCase, Zango

The following is a detail page of Virtual Grub Street's Adware & Malware Identifier Index:

The information in the Adware & Malware Identifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.


nCase, Zango

  • Executable Files: 180adsolution.exe; 180ax.exe; msbb.exe; saap.exe; saie.exe; sain.exe; sais.exe; salm.exe; zango.exe.
  • Dynamic Link Libraries: 180adsolutionhook.dll ; 180axhook.dll; atpartners.dll; msbbhook.dll; ncmyb.dll; saaphook.dll; saiehook.dll; sainhook.dll; saishook.dll; zangohook.dll.
  • Directory/Search Page:
  • Uninstall page URL:
  • Related Articles: Important Removal Tool Note. Fighting Malware with Standard Windows Tools (February 25, 2007). You may have more in your bag of tricks than you realize.
  • Notes: These items stealth install. See Spyware Information Center on Zango variant: "Based on eTrust PestPatrol Spyware Scorecard v2.05.03 Zango violates the following criteria: First, Installs itself or any other item without user permission or knowledge at time of installation...." This infection can be removed by SpyBot S&D.


Also See:

How to Remove IELoader

The following is a detail page of Virtual Grub Street's Adware & Malware Identifier Index:

The information in the Adware & Malware Identifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.


IELoader:
  • Executable Files: aaa.exe; bbb.exe; iagold.exe; msudpb.exe ; py.exe; zzb.exe.
  • Dynamic Link Libraries: ieloader.dll; msudpb.dll.
  • Directory/Search Page:
  • Uninstall page URL:
  • Related Articles: Important Removal Tool Note. Fighting Malware with Standard Windows Tools (February 25, 2007). You may have more in your bag of tricks than you realize.
  • Notes: Added by TrojanDownloader.Small.RR. Installs TrojanDialer.Freeload, which, according to Symantec, "is an ActiveX component that can be used by Web pages to download dialer programs. The dialer program may be used to access premium-rate services including pornographic and astrological services." This infection can be removed by Lavasoft's Ad-Aware freeware.




VGS encourages you to post comments about the service it offers, and, in particular, about your experiences with the removal tools suggested in its pages. Removal tool comments will be most effective in helping those who come after you if you post them to the individual detail page for the malware item you used the tool to remove. Please be as clear and as detailed as possible. The most effective comments might include such information as: 1) What browser and operating system you are are running on your computer (i.e. Windows 98, NT, XP, Linux, Internet Explorer 6.0, Firefox); 2) What updates are installed (i.e. SP1, SP2); 3) What anti-virus/malware package(s) are resident in your computer; and 4) the actions you took in the order you took them.

How to Remove ISTBar

The following is a detail page of Virtual Grub Street's Adware & Malware Identifier Index:

The information in the Adware & Malware Identifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.


ISTBar, SideFind
  • Executable Files: gjefpet.exe; istdownload.exe; istrecover.exe; istsvc.exe; juhpad.exe; sfsetup.exe; sidefind.exe; srchupdt.exe.
  • Dynamic Link Libraries: cmctl.dll; istactivex.dll; istbar.dll; istbarcm.dll; istbar_dh.dll; mscache.dll; sfbho.dll; sidefind.dll; sidefind13.dll; srchfst.dll; ysb.dll; ysbactivex.dll.
  • Directory/Search Page:
  • Uninstall page URL:
  • Related Articles: Fighting Malware with Standard Windows Tools (February 25, 2007). You may have more in your bag of tricks than you realize. How to Remove ISearchTech.SideFind; ISearchTech.SideFind Update (08-27-05); How to Remove YourSiteBar; Important Removal Tool Note.
  • Notes: According to the Spyware Information Center, this infection is also known as: Adware/SearchFast [Panda], Adware/SideFind [Panda], Spyware/ISTbar [Panda], Trojan Horse [Panda], TrojanDownloader.Win32.Istbar.eo, TrojanDownloader.Win32.IstBar.gen [Kaspersky]. This infection is spread by stealth downloads, generally from game and porn sites. Numerous variants are at large and some may not be removable by the removal tool referenced on this page. All variants use a corresponding variant of the TrojanDownloader.Win32.IstBar. ISTBar may download various other parasites while installed. These items may have to be removed separately.
  • This infection can be removed by Ewido Security Suite.
  • Some versions of this infection can now be removed by using Spybot S&D.





VGS encourages you to post comments about the service it offers, and, in particular, about your experiences with the removal tools suggested in its pages. Removal tool comments will be most effective in helping those who come after you if you post them to the individual detail page for the malware item you used the tool to remove. Please be as clear and as detailed as possible. The most effective comments might include such information as: 1) What browser and operating system you are are running on your computer (i.e. Windows 98, NT, XP, Linux, Internet Explorer 6.0, Firefox); 2) What updates are installed (i.e. SP1, SP2); 3) What anti-virus/malware package(s) are resident in your computer; and 4) the actions you took in the order you took them.