Tuesday, January 7, 2020

ok, so i snuck in and out. hopefully, my decoy worked.

well, these guys are motherfuckers.

i got a two line email from the oiprd suggesting they consent to allowing the addendum and informing me that they'll serve me by the end of the week. but, they said that last month.

i guess i'll call the court tomorrow morning, then.

and, hopefully the forwarding works from here on in. that also gives me a backup email archive...
and, really?

if you're going to spend a month on a beach, you might want to think twice about looking like a bum when you get back.

'cause people might think you kind of are one.
the conservatives should get those pictures out into ads, pronto.

all of a sudden, sexy justin is absolutely revolting and gross.
canadians will not vote for a man in a beard. it's unprofessional and dirty looking.
beards are disgusting under all contexts, and trudeau looks like an idiot and should shave it pronto.

facial hair has an exceedingly poor track record on politicians in canada. 

and, i'll tell you this flat out - he'll lose the next election if he walks into it with a beard. full stop.
what i should do is set up forwarding to the fake address when i get back in.
and, listen.

as shitty as this is, at least i don't have a boss telling me what to do. as wasteful as this is, at least i'm not wasting my time making a profit. 

i'm sitting buck naked in my bed typing. i can sleep if i want to. i can read if i want to.

it could be a lot better. but it could be a lot worse.
nope.

the machine seems free of anything problematic, though.

i should perhaps point out that if i can't get into the hard drive because i can't load the sata drivers because i can't see the install screen....

yeah. i think i'm being too optimistic in ruling out the bios. what can i do, though, besides edit the registry offline?

well, i guess i could do that.

as a troubleshooting step, it seems over the top...

this was why i didn't install clean in the first place, i'm remembering.

the truth is that it was a logical shortcut; if i could prove it was the bios, i'd have to turf the board and buy a new one. but, if i could rule out the bios, and i had a virus in the install, i'd have to clean it anyways.

so, i should just work my way through the issues with the machine, first, and see what happens, see when things get messy.

one of the things i've noticed through these installs is that the registry doesn't wipe itself out entirely. certain persistent issues reappear on reinstall that i thought were dealt with. i suppose it will be useful to figure out when, exactly, these things jump back up.

so, this is going to be a bit of a process, then. and, i'm considering how to check my email, in the mean time.

i'm using a fake address here so i don't expose my password, but how much sense am i making, given that my machine is so compromised? that pc hasn't been on the internet in years, and i'm skeptical about letting it back on. but, this driver issue appears lengthy.

based on previous experience, even a few seconds exposure could be catastrophic. i'm under attack by pros, here.

as it is, the issue kind of ruled itself out as the operating system will no longer read my input devices. they work fine. i'm going to assume that my drivers got screwed up. but, i had to reset the bios and i'm going to reformat and start again.

what is going on with the court stuff right now? i'm waiting for responses. it's not like anything that the oiprd sends me is worth any kind of immediate acknowledgement, and i'm not interested in mediation or settlement. the singular point of this process is to get the issue in front of a judge. i want the data, but i don't need it immediately. and, if there's concerns about the safety of my network, they are more important.

but, i don't trust this chromebook connection.

i'll wait...
grargh.

so, you install to your pc. it understands the drivers for the hardware in your pc. things seem fine.

you take your hard drive out of your pc and put it in your laptop for testing. normally, you'd expect to maybe get a prompt for a few drivers.

but, your screen is burnt out, so you're relying on vga drivers, which are one of the last things to load, so you can't see a damned thing until you're done booting.

as such, your machine is stuck at the nag screens. what do you do?

i have the exes from intel, but i have to get into the os before i can run them. i tried to run them on the desktop anyways - at least windows will know the files are there, now. let's see if that works.

but, this was merely a troubleshooting step, one i may be willing to forego. it does not appear as though the bios is inserting these kill events. thankfully.

i guess it is useful to figure out if they may come back from one of the internal drives, if something is hiding in there. so, i guess that's the next step.

and, the next batch of troubleshooting is going to occur on the pc, anyways, because i have to determine where the break is. i don't think it's in the registry. we'll find out, though.
what i'm doing right now - logical, step-by-step troubleshooting - is what they taught me when i trained to be a tech support agent.

this is what a tech support job is actually like: you have to use logical thinking and the power of elimination to isolate and identify the problem....

you don't just look at it and know the answer, like some kind of savant. it's slow, boring work. but, it's how you have to do it.
so, i've rebooted this clean install repeatedly, i've screwed around with the cat files and i've taken a lot of actually useful log files from various third party software, and i've come to the conclusion that the bios in the pc is clean, at least.

a few notes..

- the squiggly file does reappear. but, it doesn't actually load. this is consistent with previous behaviour.
- my restart/shutdown mutants are not appearing in process explorer. as mentioned, i think these are the reasons my computer is shutting down (after the updates install)
- sorting through autoruns, particularly in regards to the networking, was kind of an eye-opener. stuff that i thought was default clearly isn't. so, i'm going to need to clean that out.
- i have a clean driver list to compare with.

the next thing to do is see what happens when i plug the clean install into the laptop, without connecting to the internet. if i get some nasty behaviour, that strongly suggests the bios. and, that's a problem.
i did take that shower after all, i might even need to be showering twice daily down here with the dry air, which is just oppressive, it's like a fucking desert, and i am back up.

i'm the type that would be happy to live in a rainforest. i've been known to quip that i'd like to live near the equator, if it weren't for the muslims and the wild animals. 

i've got pails of water out to try and fight the dry heat, and i'm still chapped.

with the fan on the higher setting, the smell is at least mostly gone. still...

so, i'm going to mess around on the factory install for a while and see what happens. what happens after a few reboots? are those weird files coming back? are there servers installing in the background?

i've been clear enough that i really think this is government, but what if it's some script kiddie, like i thought before?

i need to let you in on something, kid. my internet? it's a 6 mbps connection. max.

and, i made that choice partly because of kids just like you.
yes, i'll sit and read all winter.

i did it before..

what else am i going to do?

i will not be moving on to the next stage until i'm done what i'm doing. it's not a question of multitasking, it's a question of linearity. it simply makes no sense to move to the next thing until i'm done what i'm doing.

and, then, what else is there to do?

that's fine. i need to get done those asimov texts for the alter-reality, anyways.
so, what's my hypothesis, so far?

that weird clsid seems to be connected to the dberr.txt file, but it seems to be indirectly - the clsid seems to be quarterbacking some kind of install process, but the various policy settings that i've put in place have mostly stopped it from working. so, i just get errors.

whomever is doing this seems to be a professional. these aren't hacked together scripts. they're, like, corporate deployment files. this person would appear to be a trained network admin. again: i can't imagine anybody but the cops.

i'm going to guess that the restarts are related to the windows update that's running in the background, and i can't figure out.

eventually, after a few restarts, it tries to install something with an unsigned driver, and i get the lock screen. if i turn off signing - something i'll never do ever again - then the install process goes to the next step, and starts installing the list of packages that somehow ended up in the catroot directory. at that point, i'm no doubt sending off updates to the cop shop - or, at least, i would be, if i didn't have all of the networking dismantled. 

what i learned is that the "worm" is probably in the bios, now, and i might need to buy a new windows 7 laptop at the pawn shop before i can get back to what i was doing. i'm very sorry, but i don't otherwise know how i can flash it. that could take me a few months of saving up, in which case i guess i'm going to spend most of the winter reading. it would also mean i'd have to stay in for the spring, because i wouldn't have any money to party with.

i suppose the other option is that it's in the registry, but that doesn't make a lot of sense to me.

the format is at 50%. we'll find out in a few hours.

in the mean time, i'll keep posting here to the laptop. i'm wide awake, and will need to wait until tonight to take a shower, now, because it's too late. so, i guess i'll take a look at the news while i'm waiting.
also, the ayatollah sucks and i hope the iranian people lynch him in the public square.
i don't want to compete.

i'm not going to retaliate.

and, i won't be silenced, either.

i just want to try to get my life back on track as quickly as possible.
so, you might think you're tough, or you're smart.

but, i'm disabled, and have no background in this topic.

so, knocking me off the network - for a day or two at most - is equivalent to sneaking up behind a little girl in the playground that is eating ice cream and punching her in the face.

if that makes you feel manly, seek help.
i mean, if you're trying to prove you're a more elite hacker than me, that's fine.

i'll concede the point.

i never made any claims to being one, in the first place. i can probably beat you in an argument, but i'm not going to beat a competent hacker, and have no desire to be somebody that could.

i'm a musician that's being cut off from my art by somebody with a childish ego and/or sense of humour. i'm wasting huge amounts of time and want it to stop. so, put the situation in context...
i walked away from a programming degree because i didn't want to do it, so this is particularly frustrating to me.

again: my degree is in math. the additional 19.5/20 comp. sci. credits i have are programming credits. so, i can program in c and java and scheme and some other languages. i can't do much else.

i enrolled in the program solely to get a job, and dropped out of it because the only thing i really learned was that i didn't have any interest in it.

i don't game. i don't script. i don't hang out with these kids, and they could knock me over without much effort, as i'm checking the reference manual.

and, i mean, that's fine, with me - because i don't care if i win or lose this, i just want to get back to my art.
i need to be clear.

i'm *not* a hacker.

if this fight gets out of control, i'm going to eventually lose it. of my ~60 university courses, that is ~120 1/2 year university courses, not one of them was in networking.

i repeat: i have never taken a course in networking. you don't have to swim very deep, here, to get out over my head. in context, a smart person should recognize their ignorance. 

but, what am i supposed to do? i'm under cyberattack. palestinians may look stupid throwing rocks at tanks, but they can hardly just lie down and get steamrolled....

my ability to defend myself is minimal. i grasp this. but, i need to check my email by the end of the day, too.
so, what actually happened?

well, they managed to install this driver, somehow. i'm not sure which one it is yet, but it seems like it's a windows update related thing.

after i allowed the boot without driver verification, those error messages stopped and whatever zombie process is running was able to actually install this list of cat files in the catroot folder, which initially included a lot of scary things like iis servers (but had been deleted by the time the script got to running).

so, if i were to actually boot without the driver signing verification, it would install this pile of garbage on my system.

i have little choice but to reformat, and take a much closer look at what's going on. it may be using some kind of background logging script, which i may have to completely dismantle.

but, that seems to be the crux of it - they want me to turn the verification off so i can install some kind of surveillance server.
so, guess what happened?

i hadn't connected to the internet yet. all i'd done was delete some cache files, turn up the group policy and mess with some file ownership. it's only the last option that should make any difference, here.

the solution on the internet is to disable driver signing, but that's a shitty answer all around. first, i don't actually want to do that - i like driver signing, it's a good idea. it stops the cops from installing drivers on your system, for example. second, i don't get the screen to pick the option, because my lamp is burned out. i couldn't do it if i wanted to (which i don't).

previously, i just took it as a sign that i was hacked and needed to format. this time, i need to take a closer look at it. so, i disabled driver signature verification...

....and it did work.

so, i turned on the bootlogger, and it hung at afd. that's winsock. firewalls. great. but, disabling it (offline. temporarily.) didn't actually work.

i *can* boot the system, but there's obviously something loading that i don't want there.

so, i ran sigverif and, in conjunction with autoruns, i now have a list of unsigned drivers to check, and we'll have to work it via trial and error.
so, i made some group policy changes and it let me delete some of those files. that's progress.

oddly, the dll that the shutdown & restart mutants are referencing doesn't actually exist on my machine. so, that might be a false positive.

i'll be back up soon...