I picked up a used Alltel-branded Motorola Razr v3b for $2 at a yard sale recently. After reeling for a moment that new this phone probably ran for $150+ and now lay abandoned among pots and pans and power tools and other discarded housewares, I decided to charge it up and see whether any ringtones and other crap were on the phone.
I installed Motorola Phone Tools in an effort to transfer the data to my PC.
However, upon connecting the phone to my PC with a compatible USB data cable, one new device appeared in my system's Device Manager, a "PCI Simple Communications Controller" whose driver failed to install.
I opened the Properties of the device and selected the Hardware Ids property from the Details tab.
I searched for hits on the top entry:
PCI\VEN_8086&DEV_29A4&SUBSYS_514D8086&REV_02
This revealed that the device is the Intel Management Engine Interface, which lives on my Intel DP965LT motherboard. However, for whatever reason (perhaps just obsolescence) my Windows 7 Ultimate install couldn't find the appropriate drivers.
I downloaded the Intel® ME: Management Engine Driver for Intel 963/965 Chipset-Based Desktop Boards, but the installer supports XP and Vista, not 7. I found various forum posts that suggested working around this by trying to run the installer as administrator and in Vista compatibility mode, but this didn't work; the installer refused to run beyond copying the files to my PC at this location:
C:\Program Files\Intel Desktop Board\HECI_allOS_2.1.22.1033_PV
I found another post that suggested attempting to update the drivers by having Windows search for drivers in the folder created above, and this did the trick.
I right-clicked on the PCI Simple Communications Controller, clicked Update Driver Software..., then Browse my computer for driver software. I input the path to the drivers unpacked from the management engine package (C:\Program Files\Intel Desktop Board), then clicked Next:
The PCI Simple Communications Controller disappeared and in its place an Intel(R) Management Engine Interface device appeared instead under the System devices category:
When I again plugged the Motorola Razr v3b in via USB, this time the Driver Software Installation dialog reported success across the board, and Motorola Phone Tools could now properly communicate with the phone.
If nothing else, it'll serve me well as a spare digital camera, or maybe as a prop in some twisted video involving the destruction of formerly cutting edge electronics.
Encountered what appears to be malware with some javascript which caused Microsoft Security Essentials (MSE) to throw errors and almost, but not quite, infect a system.
Popup notifications appeared in the systray every few seconds, and the MSE process MsMpEng.exe was gobbling up 50%+ CPU trying to keep whatever was trying to infect this Windows XP service pack 3 PC under control.
MSE's log showed the following error at the top of the details:
Microsoft Security Essentials encountered the following error: Error code 0x800703e4. Overlapped I/O event is not in a signaled state.
It listed numerous instances of the following as the most recent triggers for the cleanup:
TrojanDownloader:Java/OpenConnection.J
TrojanDownloader:Java/OpenConnection.JJ
Interestingly, the malware kept triggering the alerts from a specific path on the system:
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\14\3cb28b8e-3c71bd02->lort/cooter.class
Apparently lort/cooter.class is related to a family of malware dubbed JAVA/Exdoer, based on a log file I found posted here. The system's default browser (Firefox) was redirecting Google search results to various sites with advertising. While MSE seemed to be detecting and responding to whatever active component of this malware, freshly-updated installs of SpyBot, MalwareBytes, and PrevX did not detect it.
I decided first to try to simply close all browsers, then run a utility called GOOREDFIX.EXE as described in this forum post. It returned the following log info:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:54 on 13/04/2011 (Jan)
Firefox version 3.6.16 (en-US)
========== GooredScan ==========
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{A1E5480F-729F-4237-AD8E-2C46BA793DFE} -> Success!
Deleting C:\Documents and Settings\User\Local Settings\Application Data\{A1E5480F-729F-4237-AD8E-2C46BA793DFE} -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:53 08/03/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) [18:19 08/03/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [20:30 16/01/2010]
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c06n7342.User\extensions\
adblockpopups@jessehakanen.net [01:37 14/03/2011]
{20a82645-c095-46ed-80e3-08825760534b} [01:08 27/12/2010]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [19:18 12/04/2011]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [16:22 27/03/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:46 30/09/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:30 16/01/2010]
-=E.O.F=-
However, something seemed to reactivate the malware upon reopening Firefox, and the MSE systray popups began again.
I closed the browser, ensured that neither firefox.exe nor any other suspicious executables were present among the running processes, reran GOOREDFIX.EXE, then simply deleted the following folder:
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\
Upon reopening Firefox, no further MSE notification popups appeared, and after running a full scan with MSE, no threats in memory nor in the file system were reported. So far, at least, it looks like whatever this malware was has been eliminated, but we shall see!
Google recently unveiled a tremendous new feature which allows you to block sites from their search results.
A feature previously only available as an extension for Chrome, users with a Google Account can now maintain their own, personal blacklist of sites whose search results aren't useful.
The original entry about this release on the Google blog tells the story, and you can click the following link to actually access your very own Manage Blocked Sites screen (assuming you're signed in to your Google account).
I mainly use Google, Bing, and Ask for my searches, but now Google is in my top spot solely for this feature. Too often I've submitted a query to a search engine only to be bombarded by useless results consisting of anything from advertising to porn to advertising about porn to malware, and habitually I'd just click the third or fourth page of results in the hope that I'd find some worthwhile content. Now I can shape my search results by eliminating much of the fluff, which translates into much more productive searches.
Creators of fluff are on notice:
"Sites will be blocked only for you, but Google may use everyone's blocking information to improve the ranking of search results overall."
Content is king, as the saying goes, and this is one big step in helping us mere users leverage the system by enabling us to trim away the fluff as we find it.
Well played, Google!
