Author Archives: Steven

Plane pictures

The first two weeks of July were school holidays. I also took off the first week but I had a head-cold so we decided to mostly hang around at home. The weather was clear but cool and very windy. We are fairly close to Sydney (Kingsford Smith) Airport, about 7kms as the crow flies, so we sometimes have planes taking off over us. They aren’t unpleasantly loud and the take-off paths are spread over all the compass directions so we don’t mind at all. But during that week at home I noticed that many planes were taking off directly above us. It seemed that the wind was blowing very strongly from the south west so most planes were taking off straight into it and over us. The rear of our house faces north east, directly towards the airport so I decided to spend time on our timber deck and photograph some planes.

A few years ago we bought a camera to take photos of the boys playing cricket, a Konica Minolta DiMAGE Z3. It is not a great camera for all situations, in low light it is pretty poor, but it has a 12x optical zoom and in good light is a decent sport camera. I soon realised I could photograph the underside of each plane then google its registation number to find out all about it. The web is full of sites devoted to plane-spotting, plane photography, aeronautics, national airlines and so on.

I’ve selected some pics and put them in our album.

Ransomware Trojan

On Saturday the boys’ PC got a bad virus, specifically a type of malware called Trojan.Ransomware. ‘Ransomware’ refers to the technique of holding a PC hostage until a ransom is paid. In practice it is more subtle than it sounds. In our case the PC boots to the normal Windows 7 login screen. When a user enters their credentials they get a full screen error message:

System process at address OxE4783995 have just crashed,
please follow these steps to deactivate it from your system.
1. Call one of the following numbers:
0088213090413
00261221000186
0037190100546
0088213240069
0025270701161
00263778289408
2. Wait for the answer and write down your deactivation key
3. Enter the deactivation keyreceived by phone, click “Next” to continue

Of course this is a bogus error message, but what is the point of making you call these numbers? Well apparently they are international premium service numbers which attract very high charges. You get a recorded message saying hold the line, during which time  you get charged for the wait. Somehow the scammer benefits financially.

During my googling I discovered many variations but this guy seemed the closest. I also found a solution  but it didn’t work for me. I got into windows recovery mode and tried making the suggested registry edits but the changes made by our trojan were quite different. Also it had not created a new user with a numerical username (eg C:\users\Michael\22997148\22997148.EXE). I found some information about related trojans that make multiple registry changes similar to what I was finding but after a while I decided it was easier to reinstall Windows 7 – I’d only rebuilt this PC a few weeks ago so there was not much software on it yet. Luckily I’d used a system partition and a data partition so I could leave the docs, music etc untouched.