Search This Blog

Tuesday, June 19, 2012

Windows Security Suite virus - The most concentrated evil juice there is

My son somehow picked up Windows Protection Suite
on his PC.  It started with a a pop up, and ended up hijacking all the browsers and making
them non functional, shut off the firewall and disabled the antivirus.   It had tricked him into
clicking a dialog that downloaded the software.  Then it pretends to be a security suite and asks you for your credit card number to upgrade it to save you from all these threats it is pretending to have detected (which it caused).  Reasonable attempts to kill processes and remove files were useless, it repaired itself on reboot.   I was able to temporarily restore Chrome by renaming the file back, but that only lasted about a minute before it was swapped back. It disables virus scanner anew every time you attempt to re-install it from USB.    I was unable to do a system restore either.  I don't know how they managed  to hose that up too.  msconfig of the startup sequence didn't help either. I advocate extreme violence  against the authors of this program.


This is not my screenshot, because my PC was dead, but it looked pretty much like this.

Windows Security Suite snapshot


Some links I found.
http://www.geek.com/articles/chips/dealing-with-the-windows-security-suite-2009113/
http://www.bleepingcomputer.com/virus-removal/remove-windows-protection-suite
http://www.2-viruses.com/remove-windows-protection-suite
http://virus.geeksailor.com/how-to-uninstall-remove-security-suite-virus-removal-guide-2/
Some web searches recommended Malwarebytes and rkill.   I think they are written by Malwarebytes, to sell their software.    After initial resistance I tried Malwarebytes and rkill and it didn't work at all.  After giving in and following their directions,  I ended up with a PC that would not boot at all.   I could not even boot it from the CD or USB stick with either windows or Linux.  I've never seen this before, I've always been able to boot from linux USB, but this time, halfway through the boot, the PC goes black and reboots. A windows install from CDROM also stops after the initial load and the PC reboots.  Holy crap.

Don't waste your time if this happens to you.  This is the most evil virus I've ever seen.  I doubt that you will ever be able to clean it out.

Now I'm buying a new hard drive and starting from scratch.   My plan is to take the old hard drive out to a Linux machine and extract some of the data I want from it then reformat it.  It will never touch a windows machine again.   I will update the post once the hard drive is replaced.    Hopefully it has not done hardware damage or screwed with the BIOS too.  I will dedicate my life to tracking these people down if it has.


Update... the computer is back up and running.
The computer hard drive and all the data was a total loss.   Started over with a new drive.  However it turned out a bad fan on the video card was the true cause of the constant rebooting, and the reason even loading ubuntu didn't work.  <Red Faced>.  Odd how this problem popped up just as the computer got this crippling virus, maybe something about the virus caused the video card to work extra hard and fail, or just plain coincidence.  However when you have two problems at once, debugging and fixing become 10 times as difficult.   I solved the problem by pulling memory modules and cards one at a time until the machine was stable, since I knew the virus was gone when I replaced the hard drive.


I still think this virus is one of the worst I've ever seen, but it's not conclusive that it caused hardware damage as well.

Sunday, June 17, 2012

Telemetry logger android app


In order to make some augmented reality apps, and some other cool robot and telemetry apps, I decided to make a small app that reads out all the accelerometer, gyroscope, compass, etc sensors and logs the values to the SD card.   From there I can analyze the data and see what sort of performance to expect.

Here are some links with information I found,
http://www.sensorplatforms.com/native-sampling
http://www.sensorplatforms.com/smartphone-performance-fundamentals-sensor-sampling
http://developer.android.com/reference/android/hardware/SensorManager.html

Hard to tell what are real sensors and what are virtual.  this was the best article I found on what is actually in the phone.
http://www.mobiledevmag.com/2011/07/using-available-sensors-in-the-android-platform-current-limitations-and-expected-improvements%E2%80%A8/

Here is how to dump the sensors on the phone


SensorManager myManager = (SensorManager)getSystemService(SENSOR_SERVICE);
        List<Sensor> sensorList = myManager.getSensorList(Sensor.TYPE_ALL);
        StringBuilder sensorString = new StringBuilder("");
        for(int i=0; i<sensorList.size(); i++) {
            sensorString.append("Type: "+sensorList.get(i).getType()).append(" ---------\n");
            sensorString.append(sensorList.get(i).getVendor()).append("\n");
            sensorString.append(sensorList.get(i).getName()).append("\nResolution: ");
            sensorString.append(sensorList.get(i).getResolution() ).append("\n");
        }


That gives me this data on my motorola droid 2 global


SiFish Android Sensor Log
Android Sensors Found:
Type: 1 ---------
Kionix
KXTF9 3-axis Accelerometer
Resolution: 0.009810001
Type: 2 ---------
Asahi Kasei
AK8975 3-axis Magnetic field sensor
Resolution: 0.0625
Type: 8 ---------
Intersil
ISL29030 Proximity sensor
Resolution: 100.0
Type: 3 ---------
Asahi Kasei
AK8975 Orientation sensor
Resolution: 0.015625
Type: 5 ---------
Intersil
ISL29030 Light sensor
Resolution: 1.0
Type: 9 ---------
Google Inc.
Gravity Sensor
Resolution: 0.009810001
Type: 10 ---------
Google Inc.
Linear Acceleration Sensor
Resolution: 0.009810001
Type: 11 ---------
Google Inc.
Rotation Vector Sensor
Resolution: 5.9604645E-8

The key code is pretty simple to access the sensors.  This may not be the most efficient or fastest code yet, it is my starting point

In your onCreate do this:


mSensorManager = (SensorManager) getSystemService(Context.SENSOR_SERVICE);       mSensorManager.registerListener(mSensorListener1, mSensorManager.getDefaultSensor(Sensor.TYPE_ACCELEROMETER), SensorManager.SENSOR_DELAY_FASTEST);  
private final SensorEventListener mSensorListener1 = new SensorEventListener() {
   public void onSensorChanged(SensorEvent se) {
     text1.setText(se.sensor.getName());      Ax = se.values[0];      Ay = se.values[1];      Az = se.values[2];      long timestamp = se.timestamp;      aXProgress.setProgress((int) Ax + 50);      aYProgress.setProgress((int) Ay + 50);      aZProgress.setProgress((int) Az + 50);
                            if (sdcard.sd_ok & logging) {     sdlog(timestamp);     }    }
 public void onAccuracyChanged(Sensor sensor, int accuracy) {  }};



Writing to the SD card turned out to be more work than I thought.  It really is pretty easy, but I got hung up on a couple things.
  • AndroidManifest.xml has to have this line in it, or it will not throw errors, it just won't work.     android:name="android.permission.WRITE_EXTERNAL_STORAGE"
  • File names should avoid  "." and ":"    I was trying to time stamp the file names and put in a ":".  Failed.
  • When the phone is plugged into the PC, the SD card is shared and you can't write to it.  You have to load your app, then unplug, and run it again to make it work.
  • I used buffered stream to keep the app from waiting for the SD card, but if you don't do a flush() it doesn't write until the buffer is full.
  • If you get exceptions like "Permission Denied"  you have to collect them and find a way to view them or display them back to the user


This is the class I wrote to handle the SD card communication


public class SDcard { File sdCard = Environment.getExternalStorageDirectory(); File dir = new File (sdCard.getAbsolutePath() + "/sifish"); File destinationFile; BufferedOutputStream buffer; public String messages; public boolean sd_ok = false; public boolean checkSD() { sd_ok = false; messages = "SD card is ".concat(Environment.getExternalStorageState()).concat("\n"); if (Environment.getExternalStorageState().equalsIgnoreCase("mounted")) { sd_ok = true; } return sd_ok; } public boolean openSDFile(String filename) { boolean success = true; //messages = "SD card is ".concat(Environment.getExternalStorageState()).concat("\n"); sdCard = Environment.getExternalStorageDirectory(); dir = new File (sdCard.getAbsolutePath() + "/sifish");  dir.mkdirs(); success = dir.canWrite(); sd_ok = success; if (!success) { messages = messages.concat("Error - Can't write to "+dir.getAbsolutePath()+" directory on SD card\n"); sd_ok=false; }
try { destinationFile = new File(dir, filename.concat((String) android.text.format.DateFormat.format("_yyyyMMdd_hhmmss", new java.util.Date())).concat(".csv")); buffer = new BufferedOutputStream(new FileOutputStream(destinationFile)); messages = messages.concat("Opened "+destinationFile.getName()+"\n"); } catch (Exception e) {   messages = messages.concat("Error - Can't open file "+destinationFile.getName()+" on SD card\n");   //messages = messages.concat(e.getMessage());   messages = messages.concat(e.toString()).concat("\n");   success = false;   sd_ok = false; } return success; } public boolean closeSDFile() { boolean success = true; try { buffer.flush(); //buffer.close(); } catch (Exception e) {   messages = messages.concat("Error - Can't close file on SD card\n");   messages = messages.concat(e.toString()).concat("\n");   //messages = messages.concat(e.getMessage());   success = false; } sd_ok = false; return success;
//destinationFile.close(); } public boolean writeSDFile(String data) { boolean success = true; try { //byte[] dataByte = Base64.decode(data, Base64.DEFAULT); char[] dataChar = data.toCharArray(); for (int i=0; i<data.length(); i++) { buffer.write(dataChar[i]);   } //buffer.flush();   //doesn't write until buffer is flushed } catch (Exception e) { messages = messages.concat("Error - Can't write to SD card file "); messages = messages.concat(e.toString()).concat("\n"); success = false; sd_ok = false; } return success; } public void dirSD() { sdCard.listFiles(); }

I'm going to clean this up and publish it to android market, but meanwhile I posted the apk file to my download page.   The data is saved to your sdcard when you run a log, under the "sifish" directory.  It creates a csv file with all the data from all the sensors on the phone.

The screenshots from the emulator don't do it justice, since the emulator has no sensors and no data shows up.




Just surf your android phone to this page:
http://code.google.com/p/arduino-java-xyzcnc/downloads/list

and download
AccelerationLogger.apk

Then look on your SD card for the output files.








Thursday, June 7, 2012

Found/Fixed an LG C729 android phone with broken screen




I found this on the street in front of my house.   It is a nice android phone that had been
run over by a car.   I couldn't believe my luck.  The screen is broken badly. This is the most fantastic thing I ever found.    The screen is splintered and I got some shards in my finger trying to see if the touch pad works.  It doesn't at all.  That is the biggest problem.  The back won't stay on and the battery is pretty roughed up too.




I set out to find out what data I could pull off the phone and what functionality I could use.  I'm a hardware experimenter, and I'd like to use it for telemetry, robot control, etc.  For that I don't need a screen, the sensors, camera, GPS and USB interface alone make it very powerful.    It has an SD card it in, a SIM card too.   Who does it belong to?   If it were an iPhone, I'd buy a screen replacement kit, but this is a fairly obscure LG C729 .
http://www.globaldirectparts.com/OEM-LG-DoublePlay-C729-Main-LCD-Screen-p/lg977470.htm
This looks like a very dicey site.  But it led me to a part number, then
http://www.ebay.com/itm/US-OEM-Tmobile-LG-Double-Play-C729-Big-Outter-LCD-Display-Screen-Part-Tools-/221039061735


Looked up model, it is an LG Doubleplay from T Mobile.  Runs Android 2.3.4  It is a practically new phone. I can't imagine why whoever dropped it and ran it over didn't come back for it.




I found the SD card was unformatted and had no data on it.  I guess the phone was pretty new.
The SIM card from Tmobile... is it still active?   I can see that the phone is saying no signal, emergency calls only, so it's cancelled as I'd expect it to be.   The phone sat around for a couple weeks before I got a chance to play with it.

A little fiddling and I was able to put the battery in, and connect the USB and power it up.   The backlight comes on and with the battery in in actually boots.   It makes sounds.  This phone seems good except for the screen.  For some reason it didn't work the first time I tried, but later it did boot.   Plug it into the USB and screen lights up but is pretty bad shape.    I think the screen lock is on, and since the touch pad is smashed, I can't unlock it with a swipe.



Another lucky part is this wacky phone has a second touch screen inside the keyboard.  That touch screen actually works still and is not broken.  However it doesn't fully run the phone.  I can open text messaging but not the contact list to see who's phone it is.



When it first booted, I was able to operate the phone.  After a while it went to screen lock due to inactivity and I can't see a way to get it out of that mode.   It is hard to turn the phone off again, because long button hold brings up a menu that I can't operate to do a shutdown.  I did find the physical keyboard space and return allow me to navigate the power down menu.  W00t!   Any other phone and I'd be nowhere, but this oddball has a physical keyboard.

Android Java SDK talks to the phone, it seems to load apps I program in, when the power is off!  When turned on I can't go through the menus to set the phone menu option to allow Settings->Applications->developement which allows USB loading of programs.   When powered on I can't talk to it with eclipse.  Very strange.  This is a major obstacle to using the phone as a hobby robot.

I thought I would need to write an app to unlock the screen when the touch swipe won't work
http://stackoverflow.com/questions/2891337/turning-on-screen-programmatically
newKeyguardLock = km.newKeyguardLock(HANDSFREE); newKeyguardLock.disableKeyguard();
However I found that opening the phone keyboard unlocks the screen.  Awesome.  That doesn't work with my droid.


At this point I'm a little stalled.  I can't program the phone with custom apps, because it isn't in developer mode.   A simple menu option that I can't get to without the touch screen.  I can't use WiFi because I can't get to the settings page.  Maybe I can program it through the USB, if only I could get to developer mode.


I may go back and buy a new screen.  Bad news is I need a screen AND a touchpad/glass to fully fix this thing.  I don't want to order direct from China.  That usually works, would save $10, but takes forever.

It would take $60 to completely repair this phone.  After that it could be unlocked and used as a phone.  If I only replaced the touch screen/glass, it would be $30.  Does that make sense if I've got it open should I go for 100% fixed?

I was curious is the ESN was good.   How you do it appears to vary with company.  Can't find much on Tmobile.  I don't plan to activate it, but it would be nice to know in case I do.
http://www.checkesn.com/how-it-works/

I opted to repair the screen and digitizer.  Partially for practice, part because I wanted a GSM phone for a trip to Europe coming up, and part because I'm finding I'm pretty stuck without any touch input.   I could have just replaced the digitizer and glass, but while I was in there, I decided to go for it.  I bought the parts from Ebay on the links above from "gadgetFix" because they shipped from the US.  It took about 4 days to get here.

Here is what I got.  Came in a little envelope.  No instructions :(



I took the battery out of the phone first

I hate instruction videos because you have to watch them slowly and waste time finding out if they are any good.  Just write instructions people!!
http://www.youtube.com/watch?v=jsspvoCF1Jg
This doesn't seem to apply very well because this is a slider phone, and taking the back off is pointless.  They do use a heat gun to melt the adhesive.   This may be necessary.
http://www.repairsuniverse.com/lg-take-apart-repair-guides.html

This is a little closer to the mark
http://www.repairsuniverse.com/lg-ally-screen-replacement-take-apart-repair-guide.html
This does show you have to start at the back, remove the motherboard, etc until you get to removing the screen.  No heat on this one at least.

I pried off the rubber bumps on the back of the screen and removed the two philips head screws.
I can pry up one side of the screen, but I can't get in. 


close up of the screw once the rubber bump is off







 I guess I have to take the screws out of the back and start prying up the mother board.
I'm not showing the photo of the back, because the photo has the MEID in the picture.  Just take out all the small phillips head screws you see.


Pryed off the back and pulled out the keypads from each side.  This allows you to wedge a screw driver in sideways and access the other two screws on the back of the sliding screen.   You have to pry up the circuit board a bit and slide the screen around until you can just wedge in the screwdriver and remove the two screws opposite the ones that are easily available under the rubber bumps.



Couldn't photo that step because it took both hands :).



Prying open the screen section.  There is a flex circuit board wiring that ties it all together.  it is taped to the back of the LCD.  Peeling it off the old LDC was scary stuff.  The connectors are the silver rectangles.  They pop off with a tiny bit of prying.  There is one for the LCD and one for the digitizer.  Just look at the new parts and you'll see where they connect.



Old screen was glued in and was a mess of broken glass.  Easy to get cut.



Peeled it out, but it's not all out yet.  Need to save the plastic bezel.  Too bad, it's pretty messy.



Plugged it back together, put back the back part of the phone so I could power it up.  Holy crap! It's alive!!!


The touch screen works, the LCD lights, the home button works.  The physical keys still work. This thing is fully functional.   Removing the sim was a mistake, when it was put back in, it wiped the phone.  No worries, I had already read the email when the screen was broken and it was totally lame stuff.



Still need to figure out how to put the front panel back together and scrape out all the old broken glass.
I'm kind of surprised the thing works, it took a ton of prying and poking to get to this point.

If you want to do this on your own phone, that you want to be good as new, geez, good luck.   I only had the nerve to do this because the phone was junk and I had wasted $$ on replacement parts and didn't want to let them go to waste.   I may never get it all back together good as new.