Wednesday, April 27, 2011

Reddit-Headed Step Child?

Once again, Reddit has suffered a temporary meltdown.

CAPTAIN'S LOG, LAGDATE 6/24/2011... A brief emergency read-only mode last night, duplicate comments, sporadic 502 and 504 errors, and the occasional overloaded notification. Things bode ill for the weekend, but stay tuned.

Condé Nast Digital, parent company of Reddit, is one of several corporate entities owned by Advance Publications, Inc., a communications and print conglomerate.

Featuring among its ranks major sites like Wired, Vogue, Ars Technica, and others, many Reddit users, myself included, find it hard to believe that a site with upwards of one billion monthly pageviews seems to not get the creddit it deserves, in the form of infrastructure, staff, and just plain funding.

In short, why is Reddit seemingly Condé Nast Digital's red-headed step child?

Granted, since the diggsaster some months ago, Reddit has had an influx of new users which perhaps outpaced its anticipated growth. Further, Reddit recently dealt with some issues attributed to Amazon's Elastic Block Service (EBS) as well as a failure of a server which hadn't been updated to benefit from the redundancy of RAID. 

I really enjoy Reddit, it's a great site to find news, interact with people, and throw out horrible puns without threat of being stabbed with a narwhal tusk. Uptime, however, hasn't been it's strong point, so here's hoping things improve with help of some new and returning staff

Every site has issues occasionally, but given enough squeaking, the wheel gets greased...

ToCondé Nast Digital
     Advance Publications, Inc.

From: The Reddit Users

RE: Grease


UPDATE (5/6/2011): Another emergency downtime for most of the day, preceded by sporadic 0 / 502 / 504 errors and apparent database corruption (including misdirected comments and private messages) in addition to the usual sluggishness around midday EST. Eep!

Sunday, April 17, 2011

Motorola Razr meets PCI Simple Communications Controller

I picked up a used Alltel-branded Motorola Razr v3b for $2 at a yard sale recently. After reeling for a moment that new this phone probably ran for $150+ and now lay abandoned among pots and pans and power tools and other discarded housewares, I decided to charge it up and see whether any ringtones and other crap were on the phone.

I installed Motorola Phone Tools in an effort to transfer the data to my PC.

However, upon connecting the phone to my PC with a compatible USB data cable, one new device appeared in my system's Device Manager, a "PCI Simple Communications Controller" whose driver failed to install.

I opened the Properties of the device and selected the Hardware Ids property from the Details tab.

I searched for hits on the top entry: 


This revealed that the device is the Intel Management Engine Interface, which lives on my Intel DP965LT motherboard. However, for whatever reason (perhaps just obsolescence) my Windows 7 Ultimate install couldn't find the appropriate drivers.

I downloaded the Intel® ME: Management Engine Driver for Intel 963/965 Chipset-Based Desktop Boards, but the installer supports XP and Vista, not 7. I found various forum posts that suggested working around this by trying to run the installer as administrator and in Vista compatibility mode, but this didn't work; the installer refused to run beyond copying the files to my PC at this location: 

     C:\Program Files\Intel Desktop Board\HECI_allOS_2.1.22.1033_PV 

I found another post that suggested attempting to update the drivers by having Windows search for drivers in the folder created above, and this did the trick. 

I right-clicked on the PCI Simple Communications Controller, clicked Update Driver Software..., then Browse my computer for driver software. I input the path to the drivers unpacked from the management engine package (C:\Program Files\Intel Desktop Board), then clicked Next:

The PCI Simple Communications Controller disappeared and in its place an Intel(R) Management Engine Interface device appeared instead under the System devices category:

When I again plugged the Motorola Razr v3b in via USB, this time the Driver Software Installation dialog reported success across the board, and Motorola Phone Tools could now properly communicate with the phone.

If nothing else, it'll serve me well as a spare digital camera, or maybe as a prop in some twisted video involving the destruction of formerly cutting edge electronics.

Wednesday, April 13, 2011

Malware Redirects Google Search Results

Encountered what appears to be malware with some javascript which caused Microsoft Security Essentials (MSE) to throw errors and almost, but not quite, infect a system.

Popup notifications appeared in the systray every few seconds, and the MSE process MsMpEng.exe was gobbling up 50%+ CPU trying to keep whatever was trying to infect this Windows XP service pack 3 PC under control.

MSE's log showed the following error at the top of the details:
Microsoft Security Essentials encountered the following error: Error code 0x800703e4. Overlapped I/O event is not in a signaled state.

It listed numerous instances of the following as the most recent triggers for the cleanup:

Interestingly, the malware kept triggering the alerts from a specific path on the system:
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\14\3cb28b8e-3c71bd02->lort/cooter.class

Apparently lort/cooter.class is related to a family of malware dubbed JAVA/Exdoer, based on a log file I found posted here. The system's default browser (Firefox) was redirecting Google search results to various sites with advertising. While MSE seemed to be detecting and responding to whatever active component of this malware, freshly-updated installs of SpyBot, MalwareBytes, and PrevX did not detect it.

I decided first to try to simply close all browsers, then run a utility called GOOREDFIX.EXE as described in this forum post. It returned the following log info:
GooredFix by jpshortstuff (
Log created at 15:54 on 13/04/2011 (Jan)
Firefox version 3.6.16 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{A1E5480F-729F-4237-AD8E-2C46BA793DFE} -> Success!
Deleting C:\Documents and Settings\User\Local Settings\Application Data\{A1E5480F-729F-4237-AD8E-2C46BA793DFE} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:53 08/03/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) [18:19 08/03/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [20:30 16/01/2010]

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c06n7342.User\extensions\ [01:37 14/03/2011]
{20a82645-c095-46ed-80e3-08825760534b} [01:08 27/12/2010]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [19:18 12/04/2011]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [16:22 27/03/2011]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:46 30/09/2009]
""="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:30 16/01/2010]


However, something seemed to reactivate the malware upon reopening Firefox, and the MSE systray popups began again.

I closed the browser, ensured that neither firefox.exe nor any other suspicious executables were present among the running processes, reran GOOREDFIX.EXE, then simply deleted the following folder:
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\

Upon reopening Firefox, no further MSE notification popups appeared, and after running a full scan with MSE, no threats in memory nor in the file system were reported. So far, at least, it looks like whatever this malware was has been eliminated, but we shall see!