Sunday 14 December 2008

Am I virus free?

A few days back, Windows Defender popped up a message to say that a process was attempting to modify my hosts file. I didn't think anything of it for a while as I was running a number of applications that were harmless contenders (such as Mojo CMS, Microsoft Mesh, IIS) and furthermore an anoying URLRedirect service was installed be default on my XP desktop as part of the Dell desktop package which changes your homepage dynamically when a URL is not found.

Initial Virus Scan
As a precaution, I looked up the "SettingsModifier:Win32/PossibleHostsFileHijack" error that was being displayed and followed the advice to perform a full virus scan. I ran a full scan using both Windows Defender AND Semantic (Norton) Antivirus (corporate edition). Both of these gave me a clean bill of health which was encouraging - or so I thought.


After a reboot and after working in VS for a couple of minutes, I received the hosts file hijack error again. I was now rumbled and determined to find out what was causing this. I allowed the process to modify my hosts file to see what was happening. was being redirected to localhost. I then went onto and downloaded both the autoruns application (a tool to determine which processes are launched at startup) and process explorer - an advanced task manager with process tree information and file dependencies.

The first thing that browse all autorun processes. In this list there were 4 libraries and exeutables that were NOT registered to any company. This was suspicious. I searched for the corresponsing entries in google and all of them pointed to a worm or trojan. I found the corresponding executables through the tool and deleted them from my system, some of which were locked hidden system files requiring me to kill the host processes using the sysinternals.

I then peformed the same search using the sysinternals process explorer and found another 5 processes that were not registered to any company. Some of these were desktop extensions that were more than likely harmless (such as Filezilla and Tortoise SVN) but I wasn't going to take any risks. I remove the files and killed the processes.

I then went on a mission to remove any software and files that I was no longer using, simply to allow the virus scanners to run more quickly.

4 hours later and after a subsequent reboot I was still not comfortable. I was receiving a Windows Defender warning from a proces called Kontiki (which is a peer-to-peer media sharing tool). This was likely to be harmless again as it is installed by the media streaming services such as 4OD, but by this stage I was not taking any chances. I have prided myself for having avoided viruses for years, since the disk sharing days of the Commodore Amiga, something had allowed by system to be compromised (perhaps the prevelence of USB keys in the workplace). My firewall is on, my wireless is encrypted and includeds MAC address filters!

I manually removed Kontiki from the startup registry entries (again using sysinternals) and from the program files folder.

Insufficient virus scanners?
I was really concerned that my two virus scanners, both of which were fully up-to-date, had not detected any problems after a full system scan. A collegue had recommened AVG. I downloaded, installed and performed yet another full system scan. AVG found 4 additional Trojans that I had not detected. Fortunately these were not running and were easily quarantined by AVG.

So what is the message? Firstly I am now nervous that I am not clear of viruses based upon the inconsistencies between the virus checking software. Secondly, how on earth is a typical home user supposed to deal with viruses. I am extremely careful, but I will be even more so now. I am still extremely tempted to upgrade my desktop to Vista now that we are moving across to BizTalk 2006 R2 (R1 is not supported on Vista). Hopefully UAC will further mimimise the risks.

Cheers - Jon.

Friday 12 December 2008

ASP.NET and AJAX unit testing with Watin

I stumbled across a great .NET library for unit testing our websites. This was listed alongside a question that I answered about "must-have" .NET libraries on stackoverflow.

The Watin tool (pronounced "What-In") is a .NET library which allows you to issue simple commands for navigting around your web site and more importantly supports the Microsoft AJAX control toolkit (as well as other Ajax implementations).
I used the following code to login to our travel product, navigate to the hotels page and search for a hotels with a town via an ASP.NET autocompleter control.

IE ie = new IE("http://localhost/mytavelproduct");


//goto the hotel search pageie.Link(Find.ByUrl("http://localhost/mytavelproduct/Hotel/HotelSearch.aspx")).Click();

//gradually populate the ajax autocompleter field in the town field

TextField field = ie.TextField(Find.ByName("ctl00$cphM$ucHotelLocationSection$txtTown"));


//the autocomplete dropdown should have appeared at this stage...

However, in order for the above code to work with the Ajax autocomplete dropdown control, I had to jump through a few hoops.

The first issue is detailed as follows on blogspot

Adding an attribute to the ajax control on page load, performed some "Runtime event reanimation" which allowed the TypeText methods of Watin to be captured by the ajax control.Without this the mocked key presses are ignored.

The second issue was related to javascript that we had on the page. The Watin code appears to loose focus, or blur the control between methods. Unfortunately the onblur event is used by us to clear the text value if nothing has been selected from the ajax autocompleter. By removing this javascript code from the control (with a view to moving it to the page Submit button?) the ajax dropdown is now displayed during the Thread.Sleep periods.

Having completed this and by browsing various blogs for the answer, I also found something that will generated the above code for you!!

This is not perfect (as the ajax stuff requires a bit of hand crafting) but this will take the leg work out of 90% of the coding.

Finally I have found a community out there building frameworks and further examples on how to use Watin.

This has been a long time coming. The Microsoft Web tests have simply not delivered, this is going to make life much easier

Cheers - Jon.