Snap.Do Malware Removal

I have the unfortunate (or fortunate?) responsibility of being the in-house “geek squad” for my family members any time something happens to their computers. My sister is notorious for getting the strangest malware and adware on her laptop, and this weekend she present me with her latest acquisition… the Snap.Do malware. I hadn’t heard of it or seen it prior to this weekend, but it had me stumped for a while, and it appears it has the rest of the Interwebz stumped as well. What I found is that many people searching for the removal of this malware were unsuccessful in the “tried and true” methods such as Control Panel > Add/Remove Programs, Virus scans, etc. Below is a screenshot of the page that I was being redirected to when launching IE. Also note that my “Home Page” setting in Internet Options was not affected, it correctly stated “http://www.google.com”, but the redirect on launch would still happen.

snapdolanding

Below, I will show you what I did to ultimately rid her machine of this baddie. What stumped me the most was that I had seemed to remove it, yet Internet Explorer (version 9) specifically would still redirect the home page to http://search.snap.do or http://feed.snap.do. No matter how many times I cleaned the registry or ran Hijackthis, it would still redirect. As I was nearing the conclusion that I was just going to reformat, I remembered that there is a 32bit and a 64bit version of Internet Explorer installed, so just for kicks I launched the 64bit version. No Redirect!!?? This was interesting! It was only redirecting on the 32bit version. So on another whim, I navigated to the iexplore.exe executable in the Program Files folder and launched IE from there. No Redirect!! So now I had my answer!

The answer was hiding in a command line parameter that was passed with the shortcut that was in the Taskbar and on the Desktop. The screenshots below will show what the malware did, and also how to fix it. If you right click the shortcut in your Taskbar (by the Start button) or on the Desktop, you will most likely see the “Target” field below in which a URL is specified after the executable path. You have two options.. 1) Delete everything after the closing quotation marks, or 2) Delete the shortcut altogether and create new ones. I would recommend option 2 just because it’s guaranteed to work and it’s probably faster to do anyway.

Here is what the Target field had in it:

“C:\Program Files (x86)\Internet Explorer\iexplore.exe” http://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=62542d99-d5c8-4ef0-8677-723ce708c829&searchtype=sc

snapdoparameter

I would also like to note that there was no Toolbar installed and there was nothing about Snap.Do in the Add/Remove Programs list. It appears it had been “successfully” removed by Norton or some other antivirus she used, but it left this nasty remnant which I found others chasing on the net without a valid resolution. Hopefully this helps someone else out in the same boat. It tripped me up for the better part of a weekend. I’d love to hear if it worked for you!

Idea for next development project

Hey followers,
Work is a bit slow at the moment with the holidays and such, and after finally finishing Graduate school, I have a lot more time on my hands to give to development projects. I’m looking for ideas for my next development project to work on. Feel free to post your ideas for any software or websites you’d like to see developed. Let me know what your ideas are!

ioncube not loading? This might be the fix!

Recently, a client reported that one of their websites was not loading all of a sudden due to an “ioncube” error that suddenly appeared. After checking out the error, it was apparent that the loaders were not loading and the page directed me to update my php.ini file with the location of the loader file. Simple enough right? Wrong. After checking about 30 times to make sure all my file paths were right in the php.ini file, I finally asked the client if anything had changed on the server recently, as I knew it was working at one point. I was told that the server was changed from CentOS 32-bit to 64-bit. Aha!

This gave me some traction.. I broke my number one rule of “check the log files first”, but eventually it’s where I ended up. In it, you will see an error that says something along the lines of “wrong ELF class: ELFCLASS32“. A bit cryptic, but it basically means you’re using the 32-bit loaders on a 64-bit system.

Head on over to the ioncube site and download the zip file containing the 64-bit version of the loaders.

Convenient Link Alert: http://www.ioncube.com/loaders.php

Once downloaded, you need to upload them to your ioncube directory using “binary” mode of your FTP client. Once uploaded, that should be all. Refresh your error-ridden page and you should be staring at an error-free page!

Go grab a rock star and add one to the win column!

Latest Project now available! Listburn – a site like Craigslist with additional features for local classified ads

Hey followers,
My latest project is now online! After about a month of lonely nights and code-mangling in between other projects, I’ve managed to get the site’s core built and functioning. Listburn is a site similar to Craigslist, but there were some things that I didn’t particularly care for about Craigslist that really turned me off of the site and I haven’t used it in quite a while. I have added some features that I think are pretty neat and make looking for local items a lot easier.

Here’s some of the notable features:
SafeSites – Visitor-submitted “Safe” spots for meeting other Listers to purchase or sell items. With Craigslist, it was always a bit scary meeting someone at a location you’ve never been to or heard of, so SafeSites allows Listers to agree to meet at a spot that others have met and given the “Listburn Seal of Approval”!

Twitter Subscriptions – Listburn allows you to perform a keyword search for items and subscribe via Twitter anytime someone lists an item with those keywords in the title and is in your area. If I search for “cell phone”, I can receive a tweet anytime someone lists an item with “cell phone” in the title that is located in San Antonio, Texas! This saves you from having to search the site daily to see if any new items are posted yet.

Multiple-city search – This was one of my biggest gripes with Craigslist. While it is a “local” ads site, it was sometimes necessary to search in a city nearby that was a bit larger, or had a better demographic for the item I was looking for. Listburn performs a nation-wide search by default, and allows the visitor to one-click filter to a particular city. This saves you from repeatedly having to edit the URL to navigate to a different city and perform the search multiple times.

Hotlist! – The Hotlist! is still being worked on, but it allows the Lister to have his or her item/listing gain front-page, nation-wide exposure for as long as it takes someone to “bump” it from one of the top 5 slots. The cost to bump someone is an ever-increasing amount that is decided by the last person to upgrade to the Hotlist!.

Attributes – Each listed item currently has 4 attributes associated with it: SafeSite meeting only, Shipping Available, Discretion Required, and Has Image.

  • SafeSite meeting only tells the buyer that the Lister is only willing to meet at a registered SafeSite.
  • Shipping Available lets the buyer know that the Lister is willing to ship the item.
  • Discretion Required is a flag that tells the visitor that the particular item is an adult item. When attempting to view an item that has been marked with the Discretion Required flag, it will first alert the visitor and requires the visitor’s consent to proceed to the item. I thought this feature was needed as a safety precaution for younger visitors or people not interested in seeing John Doe’s collection of blow-up dolls that he is selling.
  • Has Image tells the user that the item has been listed with an image of the item attached.

It’s hard for these types of sites to really take off as you need items to be listed for people to search for, so I welcome you and your friends, family, neighbors, coworkers, and anyone else you know to give it a try! Try listing your first item on Listburn and let me know what you love or hate about it!

Listburn – Free Classifieds Done Right

Tell your friends!

ps: You’ll never see an advertisement on Listburn!

VB.NET WebBrowser dialog popup automatic handling

A recent site visitor had a fairly simple requirement which involved crawling a specific web page and clicking a button. Pretty basic stuff. And then it happened… clicking that button produced a javascript “confirm()” dialog with OK and Cancel buttons. “Well this won’t be easy” I thought to myself. Just to ensure there wouldn’t be any other surprises, I continued along through the entire “manual” version of the process, and lo and behold, ANOTHER javascript dialog box, this time with “Yes” & “No” buttons! Not wanting to let my visitor down (and more so not to be defeated by javascript!), I set to work…

Now, I’m no fan of re-inventing the wheel, nor am I a fan of using “3rd party code”, but knowing that the solution would involve a lot of API work, I knew someone has probably come up with something that could save me some time with this. I found various pieces of code online that used some of the API’s that would be needed. I have consolidated this work into a reusable Class that can be used in any project where automatic handling of WebBrowser dialog popups is needed.

The DialogHandler Class:

Imports System.Runtime.InteropServices

Public Class DialogHandler
‘API CONSTANTS
Const WM_GETTEXT As Long = &HD
Const WM_GETTEXTLENGTH As Long = &HE
Const GW_ENABLEDPOPUP As Long = 6
Const BM_CLICK As Long = &HF5&
Const GW_CHILD As Long = 5
Const GW_HWNDNEXT As Long = 2

‘FINDS CHILD WINDOWS
Private Declare Auto Function GetWindow Lib “user32.dll” (ByVal hWnd As IntPtr, ByVal uCmd As Integer) As IntPtr

‘SEND MESSAGES TO THE BUTTON
Private Declare Auto Function SendMessage Lib “user32.dll” Alias “SendMessage” (ByVal hWnd As IntPtr, ByVal Msg As Integer, _
ByVal wParam As Integer, ByRef lParam As IntPtr) As IntPtr

‘GETS WINDOW TEXT
Private Declare Auto Function SendMessageA Lib “user32.dll” Alias “SendMessageA” (ByVal hWnd As IntPtr, ByVal Msg As Integer, _
ByVal wParam As IntPtr, ByRef lParam As IntPtr) As IntPtr
Public Shared Function SendMessageString(ByVal hwnd As IntPtr, _
ByVal wMsg As Integer, ByVal wparam As Integer, ByVal lparam As System.Text.StringBuilder) As IntPtr
End Function

Private Function GetChildWindowHandles(ByVal ParentWindowHandle As IntPtr) As ArrayList

Dim ptrChild As IntPtr
Dim clsRet As New ArrayList

‘GET FIRST CHILD HANDLE
ptrChild = GetChildWindowHandle(ParentWindowHandle)

Do Until ptrChild.Equals(IntPtr.Zero)
‘ADD TO COLLECTION OF HANDLES
clsRet.Add(ptrChild)
‘GET NEXT CHILD
ptrChild = GetNextWindowHandle(ptrChild)
Loop

Return clsRet

End Function

Private Function GetChildWindowHandle(ByVal ParentWindowHandle As IntPtr) As IntPtr
Return GetWindow(ParentWindowHandle, GW_CHILD)
End Function

Private Function GetNextWindowHandle(ByVal CurrentWindowhandle As IntPtr) As IntPtr
Return GetWindow(CurrentWindowhandle, GW_HWNDNEXT)
End Function

‘RETURNS TEXT OF THE WINDOW FOR CONFIRMATION OF CORRECT DIALOG
Private Function GetWindowText(ByVal WindowHandle As IntPtr) As String

Dim ptrRet As IntPtr
Dim ptrLength As IntPtr

‘LENGTH OF BUFFER
ptrLength = SendMessageA(WindowHandle, WM_GETTEXTLENGTH, IntPtr.Zero, IntPtr.Zero)

‘BUFFER NEEDED FOR RETURN VALUE
Dim sb As New System.Text.StringBuilder(ptrLength.ToInt32 + 1)

‘WINDOW TEXT
ptrRet = SendMessageString(WindowHandle, WM_GETTEXT, ptrLength.ToInt32 + 1, sb)

Return sb.ToString

End Function

‘SEND A ‘CLICK’ TO THE BUTTON (“WINDOW”)
Private Sub PerformClick(ByVal WindowHandle As IntPtr)
SendMessage(WindowHandle, BM_CLICK, 0, IntPtr.Zero)
End Sub

Public Sub LookForAndCloseIEPopup(ByVal whichButton As String)

‘GET HANDLE OF ANY POPUP WINDOW ASSOCIATED WITH MAIN FORM
Dim ptrDialogWindow As IntPtr = GetWindow(Process.GetCurrentProcess.MainWindowHandle, GW_ENABLEDPOPUP)

‘IF IT’S A BROWSER POPUP, HANDLE IT
If GetWindowText(ptrDialogWindow) = “Microsoft Internet Explorer” Or GetWindowText(ptrDialogWindow) = “Message from webpage” Or GetWindowText(ptrDialogWindow) = “Windows Internet Explorer” Then
ClosePopup(ptrDialogWindow, whichButton)
End If

End Sub

Private Sub ClosePopup(ByVal WindowHandle As IntPtr, ByVal whichButton As String)

Dim clsChildHandles As ArrayList = GetChildWindowHandles(WindowHandle)

For Each ptrHandle As IntPtr In clsChildHandles
‘IF IT FINDS A BUTTON WITH THE TEXT SPECIFIED, CLICK IT
If GetWindowText(ptrHandle).Contains(whichButton) Then PerformClick(ptrHandle) : Exit For
Next

End Sub
End Class

To use the Class in your application, simply use:

Dim dh As New DialogHandler
dh.LookForAndCloseIEPopup(“OK”) ‘This single parameter is the text of the button you want to click (case insensitive)

This should handle any dialog popups that should appear during the course of any scraping/automating you may encounter. In my visitor’s case, I simply added that call to a Timer that was started on Form Load. This timer periodically “checked” for dialog popups and handled them accordingly. No user intervention required!

So, if you find yourself faced with nagging WebBrowser dialog popups and need a way to automate clicking the OK, Cancel, Yes, or No nuttons, you can use the DialogHandler Class above to take care of it.

Comments Welcome.

Download DialogHandler Class Download DialogHandler Class

Phoenix Fetch v2.0!

Well if you’re a student attending the University of Phoenix Online, you may have noticed a number of changes, both to the eCampus and their student tools. They’ve completely redesigned the eCampus site, which of course meant the Phoenix Fetch tool needed to be updated. They also have a new “App” that is similar to Phoenix Fetch, but unfortunately it’s only available for Apple devices (iPad, iPhone, etc.)… Sucks for us Android users huh?

Well I’m happy to report I’ve finished updating Phoenix Fetch to work properly with the new eCampus.

Comments welcome.

The Goods:

Download:

Download Phoenix Fetch

Phoenix Fetch

Well I just started my Master’s degree program with the University of Phoenix! While I do love the online structure and tools available, I quickly noticed that I found myself logging in repeatedly throughout the day to see if there were new posts. Many times there are no new posts, so it gets frustrating after doing this repeatedly day after day. I searched high and low within the site to see if there was some form of notification system, whether it be by email or some other medium, but found nothing…

…so I set to work!

I just finished up my first release of what I’m dubbing “Phoenix Fetch.” A small desktop utility that runs in the system tray (GUI included) that checks your registered course’s discussion forum for new posts. I’ve added some options such as check interval (can be set between 1 minute to every 5 minutes), as well as audio and visual notifications in the system tray. It’s been working wonderfully for me so far and I can see my response time to new discussion posts increase. Imagine if everyone in your class received instant notifications, it might just promote greater discussions with more input, more consistently!

I am working on integrating email notifications as we speak, but wanted to put a release out there to solicit feedback for future releases. Let me know if you find it useful, and it doesn’t hurt to spread the word!

Comments welcome.

The Goods:

Download:

Link removed. See updated “Phoenix Fetch v2.0” Post for latest version.

Detecting completely loaded page using VB.Net WebBrowser including all frames

Something I depend on quite frequently is determining when a web page in a WebBrowser control has completely loaded, including all frames. If you’ve ever worked with this control and relied on the DocumentCompleted event, you may have come across the inconsistency with it when dealing with pages that contain HTML frames. The little snippet below does a very good job with detecting completely loaded pages using the VB.Net WebBrowser control, including all HTML frames on the page. Works with AJAX too!

Private Sub WebBrowser1_DocumentCompleted( _
ByVal sender As Object, _
ByVal e As WebBrowserDocumentCompletedEventArgs _
) Handles WebBrowser1.DocumentCompleted
If Me.WebBrowser1.ReadyState = WebBrowserReadyState.Complete Then
MsgBox(“completely loaded”)
End If
End Sub

Comments welcome.

Loop through HTML elements to set or retrieve values

So, in this week’s installment, we’ll look at some basic HTML parsing methods and also how to fill out forms and submit them via code. I still see a lot people asking how to get the text from a specific hyperlink or setting the value of an input box on a web page. In this post, I’ll try to cover the method I use most when working with HTML parsing. I’ll show you how to get the link text from a hyperlink, set the text of an input box or textarea field, and I’ll also show you how to click form buttons to submit forms.

Every HTML element, such as anchors, divs, img, input, all have what’s called “attributes.” Here is an example of some general HTML code that shows you the use of attributes:

<input type="text" name="log" id="user_login" class="input" value="" size="20" tabindex="10" />
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" />
<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" tabindex="100" />

In each of those lines above, every word that comes before an equals sign (=) is considered an attribute. Each HTML element has specific attributes, some of which are common among all of them, but I do not want to go into that with this post. A basic understanding of what they are and how they’ll be used in our VB world is all that is needed for this post.

So now that we understand attributes and are familiar with their syntax, placement, and function, let’s look at how we can set them and retrieve them using VB. In VB, there are two methods that will be your “go to” tactics for doing this: .SetAttribute and .GetAttribute (can you guess which one gets and which one sets? *wink*)

Set the value of an input box or textarea:
There are 2 ways to do this. One option is to use the .GetElementById method of the HTML Document. If you’re lucky, the web page you’re working with will use the ID attribute of every HTML element in the HTML code. This makes it a lot easier to parse it with VB. Here is an example of setting the value of an input box with the ID of “id”:

WebBrowser1.Document.GetElementById(“id”).SetAttribute(“value”, “New Value”)

What we’ve done there is fetched the HTML element “id” and set its “value” attribute to “New Value.” For input boxes, the value is what is shown inside the input box.
The other way to set the value of an input box with VB is to loop through the HTML collection of inputs and find the one you need based on an attribute value. The following code chunk should be put in your black book of code tricks as you’ll be using it a lot if HTML parsing is something you do often:

Dim theElementCollection As HtmlElementCollection = WebBrowser1.Document.GetElementsByTagName(“input”)
For Each curElement As HtmlElement In theElementCollection
curElement.SetAttribute(“value”, “New Value”)
Next

Without getting into the details, the above code merely gets all the elements with the tag “input” and stores them in an “HTML Element Collection”. This allows us to then loop through this collection of “inputs” and do what we’d like with each one. Here are a couple of ways to get different tags:

To get all hyperlinks: .GetElementsByTagName(“a”)
To get all inputs: .GetElementsByTagName(“input”)
To get all divs: .GetElementsByTagName(“div”)
To get all spans: .GetElementsByTagName(“span”)
To get all images: .GetElementsByTagName(“img”)

The For Loop then loops through the collection and for each element (curElement), you have the available fore-mentioned methods to use to get/do what you need. Using .SetAttribute allows you to set the value of any attribute for that element, while .GetAttribute allows you to retrieve the value of any attribute. In addition to retrieving the attribtue values, VB also allows you to fetch other things like the .InnerHTML (HTML inside the element’s tags), the .InnerText (text between the element’s tags), .OuterHTML (HTML of the element’s parent), and .OuterText (the text between the parent’s elements’ tags).

Clicking an HTML element such as a button or hyperlink:
Now let’s look at how to “click” things with our code. You can pretty much click anything you want. Many people often ask, “What if the link or button calls a javascript function?”. Simple answer: “Doesn’t matter.” As we’ll be “clicking” the link or button just as a visitor would, the normal “happenings” that would occur are going to happen as they usually would. It’s not like we’re having to call the javascript function directly or something…

So.. the HTML element we’ll be using this for most commonly is the “input” button, which will usually have an attribute of “type”. When looking to click a button, the attribute “type” will usually have a value of “submit”. That is the one we want!

Pop Quiz: Question: How many ways are there to do this? Answer: 2!

We can address the input button by ID if it is provided in the HTML code, or we can loop through the collection of Input elements. If we have to take the loop route, what we would do is test the .GetAttribute(“type”) value to see if it is equal to “submit”. If it is, then we’ll “click” it. Here’s how that would look:

Dim theElementCollection As HtmlElementCollection = WebBrowser1.Document.GetElementsByTagName(“input”)
For Each curElement As HtmlElement In theElementCollection
If curElement.GetAttribute(“type”).ToLower = “submit” Then
curElement.InvokeMember(“click”)
End If
Next

We call the .InvokeMember method on the HTML element which basically translates to “perform the following action on this element”. In our case, the action is to “click” it. This works for input buttons, hyperlinks, images, or anything else that you would be able to click normally with a mouse!

While this isn’t the most in-depth look at HTML automation, hopefully it will give you a rough idea of the procedures used most commonly to set an HTML field’s value, or retrieve a particular value from the HTML. I make use of this “go to” HTML loop in my Scraper class to make it even easier to use!

Comments welcome.

VB.Net Automated login to WordPress site

Here is a handy little method that will automate the login process of a WordPress blog/site using VB.Net. This has many uses, such as scraping data from WordPress blogs, adding new posts to a blog from an application, or any other uses you can think of.

Private Sub LogInToWordpress(ByVal username As String, ByVal password As String)
Dim wbd As HtmlDocument = WebBrowser1.Document
Dim usernameinput, passwordinput As HtmlElement
usernameinput = wbd.GetElementById(“user_login”)
passwordinput = wbd.GetElementById(“user_pass”)

‘Set the values to the passed arguments
usernameinput.SetAttribute(“value”, username)
passwordinput.SetAttribute(“value”, password)

‘Now Submit the form
Dim submitbutton As HtmlElement
submitbutton = wbd.GetElementById(“wp-submit”).InvokeMember(“click”)
End Sub

To use it in your code, simply call LogInToWordpress and supply it two parameters, the username and password with which you wish to log in with.

LogInToWordpress(“admin”, “p@ssw0rd!”)

That’s it!

Here’s how it works…

WordPress is “developer-friendly”, in that it uses ID’s and names throughout the HTML to identify different document objects. This saves us from having to loop through all the objects of the same type and performing conditional statements to see if we have the right one. With this in mind, we can use the “GetElementById” method of the HTMLDocument class to retrieve the object with the given ID. In WordPress’ case, the 3 objects we are after are titled, “user_login”, “user_pass” and the submit button “wp-submit”.

Here is the HTML of those 3 elements:

'<input type="text" name="log" id="user_login" class="input" value="" size="20" tabindex="10" />
'<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" />
'<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" tabindex="100" />

What my method does, is fetches the first two elements, the input fields and uses the “SetAttribute” method of the HTMLDocument class to “fill in” the values of these fields programatically. We fill them in with the arguments we pass to the method, the username and password. After that, we use the “InvokeMember” method to programatically “click” the submit button once the fields are populated.

This should hopefully help you speed up the process of logging in to a WordPress blog from your VB.Net application, and should give you an idea of how the process works if you wanted to automate logging in to other sites that require authentication.

Comments welcome.