KE5PRL

The EICAR Test File

KE5PRL — Wed, 25 Aug 2010 16:46:29 +0000

EICAR is the European Expert Group for IT-Security and they maintain the EICAR Anti-Malware Testfile. It is a small innocuous executable used for testing antivirus software. It is discussed in several places on the Internet so rather than repeat the information I will present a list of links.

The file comes in several different packages (.zip, .com, and .txt) so you can see if your anti-virus software is working on these files. Links to all of the files are found on http://www.eicar.org/anti_virus_test_file.htm. To test my software I simply clicked on the link to eicar.com (the executable) and was immediately notified that a virus had been blocked. Exactly the reaction I wanted! Same results with the .txt and .zip files.

Word of the Day: jekjxcntwdhsencnj

KE5PRL — Mon, 23 Aug 2010 13:26:48 +0000

Not surprisingly, I get a lot of spam comments to this blog. Recently I noticed strings of letters appearing in the text of the comments. For example, “jekjxcntwdhsencnj” is in several comments that contain links to a registry cleaner. One must ask why make an obvious spam comment stand out any more than it already does? I’ll speculate that it gives the spammer a way to track their comments and concentrate on sites that allow comments to be posted without moderation. In fact a quick Google search of “jekjxcntwdhsencnj” found 748 hits and a search of “jekjxcntwdhsencnj registry” found 821 hits. Many of these sites were flagged as questionable by Norton Internet Security.

Several means are available to combat spam comments.

Turn the comment feature off on your blogging platform.
Moderate comments. In other words, you must check all comments and allow only the real ones into the system.
Blacklist the IP address. This option allows you to completely block the IP address of the spammer but is easily bypassed if you cannot specify an address range.
Work with your hosting provider to explore other options.

Coming to a Computer Near You: IPv6

KE5PRL — Mon, 23 Aug 2010 12:26:11 +0000

With the address space for IPv4 practically used up we must migrate to IPv6. I’m already seeing IPv6 type traffic at work and even at home; therefore, I wanted to get a grip on some of the command line tools offered to work with the new protocol. Earlier this week I started using ping6 and issued the following command:
ping6 fe80:0000:1234:5678:abcd:00ef
On Windows and Linux I recieved error messages because I did not specify which NIC to use. Also, I could have left out leading zeros and saved a few keystrokes. The corrected command is shown below:
ping6 fe80::1234:5678:abcd:ef%1 (for Windows)
ping6 fe80::1234:5678:abcd:ef%eth0 (for Linux)

PSK Reporter for Analyzing Antenna Performance

KE5PRL — Mon, 16 Aug 2010 01:57:20 +0000

PSK Reporter is a Web site that collects spotting information from DM780 and fldigi. When a callsign is detected by either of these software packages the information is automatically sent to the PSK Reporter Web site if that feature has been enabled by the receiving station. When you are looking for DX PSK Reporter is a good place to start.

It is a great way to analyze antenna performance as well. Here is a list of stations that heard me operating PSK31 on 20 meters one evening in June as I tested a new Buddipole configuration.
N2MLP 20m PSK31 909 miles 23:18:51
W0SE 20m PSK31 743 miles 23:18:51
KQ7W 20m PSK31 1926 miles 23:18:50
K0GOP 20m PSK31 859 miles 23:18:50
AI4OF 20m PSK31 621 miles 23:18:50
N8YSZ 20m PSK31 758 miles 23:18:50
VA3FU 20m PSK31 874 miles 23:18:50
KD0FYF 20m PSK31 936 miles 23:18:50
WA5ZNU 20m PSK31 1823 miles 23:29:51
KG3BOZ 20m PSK31 779 miles 23:29:17
WG2J 20m PSK31 574 miles 23:29:16
W5RDS 20m PSK31 997 miles 23:27:32
K6SID 20m PSK31 1829 miles 23:24:01
KA6HXI 20m PSK31 1582 miles 23:23:58
KK1D 20m PSK31 1060 miles 23:23:54
ZL4KF 20m PSK31 8390 miles 23:21:08
K8TOM 20m PSK31 1903 miles 23:21:08
N3TAV 20m PSK31 676 miles 23:21:06
K6VVK 20m PSK31 1824 miles 23:20:34
WO8J 20m PSK31 1907 miles 23:20:34
KI6UIB 20m PSK31 1669 miles 23:20:01
N8NM 20m PSK31 660 miles 23:19:59
KE7KFH 20m PSK31 1901 miles 23:19:25
AB3BO 20m PSK31 798 miles 23:19:07

The Application Data folder in XP

KE5PRL — Thu, 29 Jul 2010 12:21:33 +0000

Occasionally I have to access the Application Data folder in XP. What is it? Simple answer: It is a place where programs cache information about user settings. Unfortunately, it seems rather easy to accumulate a lot of junk files in there as well. On my machine I have found a lot of files associated with programs I have uninstalled.

To see this folder open My Computer and click through the following sequence: “Tools”, “Folder Options…”, “View”, and finally “Show hidden files and folders”. You will need to be logged in as an Admin to do this.

Scheduling your PC to Turn Off

KE5PRL — Wed, 16 Jun 2010 13:32:28 +0000

I often process my Windows updates at the end of the day. Sometimes these updates take a long time to process and I don’t want to wait around for them to finish. It’s easy to schedule your PC to shutdown every night at the same time, and as you will see, the built-in task scheduler takes care of many of the exceptions you are probably thinking about.

Open Control Panel in Classic View and double-click on Scheduled Tasks.
Double-click on Add Scheduled Task followed by Next in the Scheduled Task Wizard
Click the Browse button, navigate to C:\Windows\system32\ and choose shutdown.exe.
Give the task a name – something like shutdown would be appropriate.
Choose Daily and then click Next.
Choose a Start time that fits your schedule – for me 9 PM.
Choose Every Day under Perform this task, today’s date under Start date and then click Next.
Enter your user name and password and then click Next.
Make sure that the Open advanced properties… box has a checkmark in it and click Finish.
Check the box at the bottom of the Settings tab to enable this job.
Refer to the image below for guidance on completing the Settings tab. After completing this tab click OK and your PC will now shutdown all by itself.

In summary this task will run the shudown.exe file at 9 PM every night if the PC has been idle for 10 or more minutes. If the PC is idle for 10 minutes at any time within the next 4 hours this task will run; if not then the job will expire.

Buddistick™ Antenna and MFJ-269 HF/VHF/UHF SWR Analyzer

KE5PRL — Sun, 23 May 2010 22:43:37 +0000

I recently purchased the MFJ-269 HF/VHF/UHF SWR Analyzer and I have owned a Buddistick™ from Buddipole Antennas for a while. My station does not have a 6M antenna so I wanted to use my new MFJ-269 to configure the Buddistick™ to be resonant (or at least have low SWR) in that band. Specifically I wanted a SWR low enough that I would not have to use an antenna tuner.

Through trial and error I was able to configure the Buddistick™ for SWR of 1.2 on 50.12 MHz. The base of the antenna was mounted at 6 feet from ground level, and antenna length was 68 inches. It was composed of two equal-sized solid pieces (11.25 inches each) and one telescoping piece extended to complete the 68 inches. Counterpoise wire was attached to the antenna base and extended approximately 12 feet and was about 5 feet from the ground at its lowest point. All of these components are part of the Buddistick™ Deluxe package.

Hello World Shell Script

KE5PRL — Mon, 10 May 2010 15:02:46 +0000

Using the directions from http://www.freeos.com/guides/lsst/ch02sec01.html you can easily put together a quick ‘Hello World’ shell script. What’s shell? It is software that allows interaction between users and the OS (read more at http://en.wikipedia.org/wiki/Shell_(computing)). In general the commands you run at the command line are available to use in a shell script.
# #Filename: hello.sh #Programmer: PFP #Birthdate: 2010-05-10 #Notes: Hello world script. # clear echo "Hello World"
You can enter these few lines by using vi or any other editor on your Linux machine. Be sure to set the file as executable by running chmod 755 hello.sh from the command line. To execute the script you simply type ./hello.sh at the command line.

Download a Web Page with Perl

KE5PRL — Mon, 10 May 2010 01:33:15 +0000

This is a simple Perl script to download a Web page and display the downloaded text on the screen.
use LWP::Simple; $URL=http://www.google.com; $contents = get($URL); print $contents;

Malware – Process Explorer to the Rescue

KE5PRL — Wed, 24 Mar 2010 16:45:50 +0000

These are screen captures from a recent malware infection that I was asked to remove. The malware advertises that it is XP AntiMalware 2010 but don’t be fooled by it. This is a crafty piece of malware.

The first screen capture shows a pop-up and a balloon indicating a possible intrusion from 59.132.100.175 but this was impossible since the ethernet cable to the PC was disconnected.

Another dialog box trying to lure you in. Notice the larger version of the shield does not look like the real Security Center icon (also shown below).

Follow the steps outlined below to use Process Explorer to stop this malware. Note that this does not delete the malware but does stop it until you can get it removed. If I find out how to remove it I will make another post on how to do that. Process Explorer may be downloaded from Microsoft at the link below.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

DO NOT click on the dialog boxes or balloons that are associated with this malware.
Unplug or otherwise disconnect the infected PC from the Internet.
Start Process Explorer by double clicking it.
Find the process named “ave.exe”. If you can’t find that process then read the caveat at the end of this post.
Right-click on the process and choose Suspend from the menu.

Your system may perform slowly but that’s better than the malware working its way deeper into your PC. Preventing malware is much easier than dealing with it post-infection so be sure to keep your operating system and anti-virus software updated.

Caveat: You may have noticed that I referred to “this malware” instead of the name shown in the dialog boxes. That’s because the malware may have a list of names that it rotates through. In fact, it may even alter the name of the executable (ave.exe) to something else.