Of Dragonborn

The Dragonborn arrive in Eberron and Cormyr and while they are not the normal race I would play, I must say I really do like the look of them.  They remind me of Draconians from Dragonlance.

While venturing around in Kings Forest, I was left little choice in killing a kin-race.     I’ve got mixed feelings on this one.  I was willing to negotiate;  give me your treasure and you can live.   Simple enough terms I thought.   Anyways, dead dragon it is.

ScreenShot00005

Battle of the P.U.P

A PUP is a Potentially Unwanted Program.    Not necessarily a virus, nor malware, malicious code but something that just messes with your system.

So a little background before I dive into what happened.   I’ve been working in the IT industry for 20+ years, I know my way around IT “stuff” and computer savvy.    I exercise care with my personal information on the web, I don’t use a password more than once. I have a number of safe guards in place to prevent an attack as best I can, measures to mitigate damage and processes for recovery and restoration.

Mid week one of my computers began to behave oddly, hard to articulate but I know how my system should be performing and I knew something was going on.

A number of virus scanning tools, some well known names, reported my system was cleaning.   In each case, signatures were up to date, heuristic scanning being performed.   I tried an AV a friend had mentioned on more than one occasion in the past and while it couldn’t find the problem at least it was popping up telling me something was going on.

Lots and lots of stuff, all taking place inside my temp directory.    The traditional AV vendors were not up to the task and I was in a fortunate position to alter the battlefield.

Enter Cylance.    Why fortunate?  As far as I know this still is not available to the everyday user, much to the delight of the other AV vendors I’m sure, but we use this at a corporate level and I deployed this onto my home PC.

This was the tipping point.   Cylance put a stop to the behavioral activity of this PUP and that let me get in front of it.   None of the products at my disposal could find this, but at least I halted its progress.  I had to find this, the old fashioned way.

Rebooted into Windows Command repair mode and cleaned out the temp directories.   Sadly stuff came back.   This time a clue to a directory named “kerhdom”.    Found this and wiped it out.   Checked the registry for references to “kerhdom”, wiped them out.  Some of those had further references to MIO.exe.    Rinse and repeat.    Then further references to msi files inside c:\windows\installer.   Not only did I delete them, but fired up my local group policy editor and created my own software restriction policy to prevent these from executing.

Deeper and deeper, chasing reference after reference methodically cleaning out this garbage.  Last were tied to windows task scheduler that was running active script at login.   I tailored Cylance and blocked ALL scripting.

It was a tanlged web employing several different technologies to carry on its nasty business all in plain site of active and up to date AV programs.   Signatures, heuristics all failing.   Behavioral detected did the trick.

It took a good 3 hours over a period of two days to get in front of this.

So what was the PUP.  Well I don’t know for sure but from the files and references I did find, it was establishing its own proxy server on my PC to inject advertising ( and who knows what else ) into my browser.

I raised this with several of my work colleagues as a cautionary note.    What hope does the average computer user have in situation like this.

Nothing fancy

I found myself in a situation where the “end game” elements of DDO were exhausting and repetitive.   Worse now, for me at least, was the Anniversary event.    I’m not into events as such.    It’s a glossy coating for a different type of grinding.   This is not unique to DDO, it happens in most MMOs.   So I under went the process of True Reincarnation a couple of weeks back, starting over from level 1.     My class of choice this time round was the Bard.   This was motivated by having a tried and tested build to follow.

It was quiet today, I’d done my errands and found that it was time for Xuro to breach Splinterskull.

screenshot00002
Xuro, in all her bardy glory

I’d not been in there that long when a spindly gimpy wizard made an appearance, and for my part, took very little convincing to join me.  The two of us plus four hirelings,  yay for full group.

Splinterskull annoys me, in and then out, and repeat time and time again.  Going deeper and deeper into the fortress.    Out numbered and outgunned we didn’t have an fancy gear at our disposal.  Just our wits.   The wizard Obsydhia popped a web in the door and I opened the door.   Choke point fighting, effective to be sure   Using their lack of line of sight to avoid nasty spell fire.   I would throw in my hypnotise when the web was stressing and followed up with fascinate.    Between the three crowd control abilities at our disposal we were able to whittle down the enemy numbers.    Having the enemy either entangled or standing dormant while you kill them certainly helps.

Despite Obsydhias’ repeated proclamation of being useless, she did save the day by carrying my soul stone to a shrine.   I lagged right into a spinning blade trap, and boom.

No one tanking, no access to decent ranged attacks or devastating warlock spells.   Just some crowd control, our wits and a penchant for going slow; the Flower Sniffer way.