Filed Under (WordPress, fix) by chris on 01-21-2010
For quite sometime, the post date format has not bee what I wanted. It was displaying day-month-year ( 21-1-10). This was confusing some of my readers. I tried to change it in the WordPress dashboard under Settings, but it never made a difference. I searched for a solution and found several people had the same problem but no one actually had a good answer. However, one of the posts refered me to Customizing the Time and Date and while this was just the formatting of the date and time, it did give me a clue of what to look for.
WordPress is written in the programming language PHP. The date formatting functions in WordPress use PHP’s built-in date formatting functions. You can use the table of date format characters on the PHP website as a reference for building date format strings for use in WordPress.
Armed with this information, I went to my WordPress dashboard and clicked on Appearance and then Editor. Then I started going through the Template Theme files. Sure enough, I found <?php the_time(‘D, m-d-Y’) in the Main Index Template (index.php) file. So I went back to the Format page to see what options I had and decided on the day, month-date-year for my format. So I changed <?php the_time(‘D, m-d-Y’) to <?php the_time(‘D, m-d-Y’) and then clicked on update. And as you can see, the dates of my posts, on the main page, now have the post date formatted the way I wanted.
The other place you can change the time and date format is in Single Post (single.php) which I did a little different that my main page. I decided to go with l, F jS, Y which will look like: Friday, January 22nd, 2010
UPDATE: I found a couple other places that needed to be changed in my theme. So here is a list of the files that I could change my date format in.
Archives (archive.php)
Comments (comment.php)
Main Index Template (index.php)
Single Post (single.php)
Hope this helps. If you have any questions, leave me a comment and I will try to help.
Filed Under (fix, malware, scams, virus) by chris on 10-22-2009
As you may know, I was never able to get Web Tattoo to install into IE7. Something I have done during the removal of it and Fast Browser Search from Firefox somehow causes the install file to crash when I tried to install it in IE7. This is fine for me, but because I never could get MakeTheWebBetter installed in IE7 or IE8, I couldn’t figure out how to uninstall it and tell you how.
Over on a google forum is a link to my first post on removing Fast Browser Search from Firefox. So I subscribed to that thread and today when I checked my e-mail, I found this in it, how to remove Fast Browser Search from IE7 & IE8
Re: [Web Search Help] How do I remove “Fast Browser Search”?
Inbox X
Reply
|
Google Help
to me
show details Oct 14 (9 days ago)
from Google Help
to
date Wed, Oct 14, 2009 at 12:35 AM
subject Re: [Web Search Help] How do I remove “Fast Browser Search”?
mailed-by confucius.bounces.google.com
signed-by google.com
hide details Oct 14 (9 days ago)
Kundan555 has posted an answer to the question “How do I remove “Fast Browser Search”?”:
PLEASE FOLLOW THE INSTRUCTIONS AND RESOLVE THE ISSUE FOR IE8 AND IE7.
=================================================================
Please uninstall fast browser from the program and features in vista and, add and remove program in XP. Then
To fix the new tab issue you need to be comfortable using regedit. Run regedit and navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
under Tabs, clear the fastwebsearch junk and input the following as value data:
res://ieframe.dll/tabswelcome.htm or any entry related with fastbrowser listed over there.
close and restart IE.
I have been unable to verify this, however my knowledge of the registry tells me this could fix it and would be worth trying. Just be CAREFUL any time you run regedit. Messing around in the registry could really bork your system.
Here’s the links to my other Fast Browser Search removal posts
http://www.pccybertek.com/2009/08/my-web-tattoo-fast-browser-search-search-gurad-plus-uninstall-removal/
http://www.pccybertek.com/2009/08/more-my-web-tatto-removal-information/
http://www.pccybertek.com/2009/07/removing-my-web-tattoo-phone-number/
http://www.pccybertek.com/2009/06/project-web-tattoo-fast-browser-search-removal-update/
http://www.pccybertek.com/2009/06/project-web-tattoo-fast-browser-search-remove-part-1/
http://www.pccybertek.com/2009/05/remove-fast-browser-search/
There is a fake adobe flash player updater that monitors your google searches. It looks just like the adobe flash installer. I’m not sure where I picked it up, but luckily I found this fake adobe flash player on a computer running firefox. Good thing I run NOD 32. I have been getting a notice that NOD 32 was blocking an outbound connection 
I found out that I was infected by this Fake Adobe Flash Player
While that website does tell you how to figure out if you have it or not, it doesn’t really tell you how to remove it, unless you buy their program. So I’m currently in the process of removing it. If you do have it, you’ll want to stop it right now! I’ve found that by going into Firefox’s extensions (Tools -> Addons -> extensions) you can disable Adobe Player 0.2 and restart Firefox. After doing this, I no longer got the warning for NOD 32 that it’s blocking the connection that msjupdate site, which I don’t know why it hasn’t been shut down yet.
I found socks.exe was running and when I looked for that file, I found it in my Windows/system folder with a creation date of 09-09-09, so I stopped socks.exe and renamed it socks.bak I would have deleted it but just in case it wasn’t installed by this Trojan, I figure it’s better to rename it. If some legit program I have starts complaining that socks.exe is missing, I can always rename it back to socks.exe
Once I’ve figured out how to completely remove it, I will update this post. In the meantime, disabling it will work. It’s after 3AM and I should have been in bed hours ago, but this was too important not to immediately warn you about it and give you at least a way of stopping it until I can post removal instructions.
This just in from the Internet Storm Center
Juha-Matti pointed out multple reports on a vulnerability in the widely used wordpress blog software that supposedly allows lets remote users reset the administrative password. They all lead to an original post on a full disclosure mailing list.
You can get all the details from the original post – Wordpress unauthenticated administrator password reset
You can find the fix here
Basically you just need to change line 190 in wp-login.php from
if ( empty( $key )
to
if ( empty( $key ) || is_array( $key ) )
If line 190 in wp-login.php doesn’t match the example, you should update Word Press.
I’ve already done it here and everything still works. I also tried it on a version of Word Press that isn’t the latest version. I had to search for the string that needed changing because it’s not on line 190 in the older version. I updated the info and everything is working there too.
I’m afraid I have some bad news on my mission to install Web Tattoo and remove it and the Fast Browser Search redirector that takes over your web browser.. First I couldn’t find it on Facebook anymore. I don’t know if it was finally removed because of the problems it caused or maybe I’m just not searching correctly but it appears to be gone. So I did a google search for it and was able to find the website where it could be downloaded and installed. Unfortunately, I can’t get it to install into Internet Explorer 7. Every time I’ve tried to install it into IE7, I got an error and it just hangs or quits.
So it’s back the drawing board. Just writing this has given me a couple of ideas of why it won’t install this time. I haven’t given up but I’m afraid it’s already taking longer than I expected. So stay tuned and with any luck, the next update will be the solution.
UPDATE: Here is some info I found about removing fast browser search from Internet Explorer (IE) http://www.pccybertek.com/2009/10/remove-fast-browser-search-from-ie-7-ie8
One post has brought this site more traffic than anything else ever before. My article on removing Fast Browser Search. That nasty little search re-director that gets installed when you install a Facebook plug in called Web Tattoo.
The story thus far. For some reason I decided to install web tattoo. I knew it was probably going to install something else. Rule #1 – Programs on the internet that claim to be free, especially add-ons for social sites, aren’t really free. I just figured I could uninstall whatever it slipped in. After I uninstalled Web Tattoo, from FireFox and using add and remove programs in the windows control panel, and it was still redirecting my traffic to Fast Browser Search, I’d just remove it with Spybot or Ad-Aware or Hi-Jack This and remove it from the registry. However, none of these detected it and I couldn’t find any sign of it in the registry. Then I did a search on the internet and couldn’t find anything about removing it either. So I did some thinking and figured out how to remove it. Seeing how there was such a lack of articles dealing with this pest, I figured it would be the perfect thing for my blog. So I wrote this article on how I removed it from FireFox .
Next thing I know there’s a spike in the traffic coming to my little unknown blog. I was happy to learn that referrers were search engine results for “fast browser remove” and other similar queries. All of them looking for a way to take out this blasted thing. For a short time, my blog was on the first page in google if you were searching for a way to remove it. This got me pretty jazzed. I’ve had this blog for a couple years but never had much traffic before. After a couple weeks, the traffic to that article I wrote started tapering off. I was no longer in the first page or two when people searched for it. Then all the sudden it spiked again. Turns out someone on a google forum had Fast Browser Search take over their browser. Next thing I know I’m getting a ton of hits again, this time all comming from this post. Now if the people this helped would just click on my google adds, I could earn a couple cents in this tough economy 
There was only one problem. My article only covered how to remove it from FireFox. Turns out there are plenty of people with Internet Explorer who have been attacked by this scourge known as Fast Browser Search. So here is what I’m going to do. Initially I was going to install Windows XP on a virtual Machine. But this would take quite some time and work before I could deliberately infect myself with Fast Browser Search. So I decided to take a short cut. After I’m done writing this, I’m going to create a new user account in windows, head over to Facebook and install Web Tattoo while using Internet Explorer. Then I’m going to figure out how to remove it and write part 2 of this article. So check back in a day or so, hopefully it won’t take me longer than that to figure out. If you would like to show some appreciation, click on my google adds, or leave me a reply. I love getting replies and hearing from you.
Filed Under (fix, malware) by chris on 05-19-2009
[If you find this site helpful, please visit one of our sponsors.]
First I have to admit, I did something stupid. I decided to install My Web Tattoo on my Facebook page. I knew with all the spam about this addon it would try and sneak in some kind of malware. Being the “I know how to fix anything” PC Tech that I am, I pretty much dared it to install something. Which it promptly did. It changed my default search to some crap called “Fast Browser Search.” I tried Spybot and BHO Remover, both of which found my system clean. I looked in the addons under firefox and uninstalled My Web Tatoo. Then I found that some of my search’s were still getting redirected to Fast Browser Search. So I searched my registry for Fast Browser Search and various combinations of those words. Nothing…. I searched the internet for Fast Browser Search and their site has nothing about how to remove it, big surprise. I won’t go into how it should be illegal for companies to pull this !#$!. I did find a page from the My Web Tattoo people that said you can remove it from the addons in firefox. Well I already did that, and it was still redirecting. Then I remembered the config settings in Firefox. And there it was.
Since this was such a nightmare to find and remove, I felt it was my duty to pass on this to you, my faithful readers Type about:config in the address bar in Firefox. In the filter, type fast. This should bring up all the instances of where Fast Browser Search has taken over. Right click on each of the Fast Browser Search entry s and select reset. This should put most of them back to google. And that’s it!
UPDATE: One of our readers, ED, has added another step
There was a few more steps i needed to do to remove it from list…in the search engine toolbar I had forgotten to click that and manage search engines as well, after the Tools/Add-on removal. Also , in the about:config area, I also typed in … fbs … in the filter section and found more fast browser search stuff in that filter set. Just in case, I reset them as well.=)
Thanks for the info Ed
MORE HELP
I figured out some more information on removing this. I can tell buy some of the replies that not everyone has seen the other posts I made later. Here is another one that might help if the above info didn’t.
more-my-web-tatto-removal-information
With all the media hype about conficker, I thought you might like a good collection of trustworthy resources. Beware of websites that have recently registered as “conficker help.” In fact, just avoid them all together. There’s also reports of malicious software masquerading as detection and cleaning tools for Conficker-infected computers, as well as spam offering the same.
There’s no need to try and figure out what’s safe or real and what has more sinister plans in mind. The good folks at dshield.org have been keeping an updated list of third party information on conficker. Here you can find plenty of free conficker detection and removal tools, general information and the microsoft patch. That should help keep you updated, safe and informed.
I’ve also found out about one other real neat way of detecting it, but it’s for more advanced users, so I’m going to make a seperate post about it.
It has been recently disclosed that Adobe Acrobat Reader is vulnerable to a virus attack. Known as Adobe Reader PDF File Handling Remote Code Execution Vulnerability. A .pdf file, which is what you are reading with acrobat, is created with some code in it that uses java to exploit your computer.
After checking the usual exploit sites, I found several versions of this attack and proof of concepts. I tested them against several anti virus programs, and so far none of them detect it. I believe it is because of the way this attack is implemented. And I don’t think they will detect it since it’s not an “infected” file but a .pdf document. I could be wrong about this and maybe there will be some anti virus software that will detect it. Let me clarify this. The exploits I found were not detected. There is a trojan going around, called Pidief.E, which uses this vulnerability to install a second piece of malware. This second piece of malware takes screen shots and installs a keylogger. The screen shots and what you have typed on your computer are uploaded somewhere so the bad guys can go through it, and look for user names, passwords, credit card numbers, etc.
This particular malware can be detected, it’s the others that are out there that are worrisome.
I was more concerned with finding a fix now, because Adobe has said the flaw will be closed by March 11th, through updates to Acrobat Reader 9. Updates for earlier versions will be released later.
For now I have found to fixes. The first is a “homebrew” patch from soucerfire and can be found here. While I applaud their efforts, replacing the .dll file with their patch could have unknown results. The second fix, which I have been implimenting all day it work today, is to disable java script in acrobat reader. This is easy enough to do. Simply run Adobe Acrobat Reader. Select edit and go down to teh bottom and select prefrences. Once prefrences is open, you will see JavaScript on the left side, under catagories. After you have selected JavaScript, you will see your options on the right. The first box that is checked says Enable Acrobat Java Script. Just uncheck this box, and you are done.
If you open a .pdf file in the future and it asks you to re-enable java script, be sure to tell it no. And be sure to update Acrobat Reader when Adobe does post the update.
