Thursday, September 27, 2007

Mailwasher Pro Updated

 

One of my favourite programs has been updated and version 6.0 is now available for download.

Mailwasher helps you to identify and deal with spam and dangerous emails before they ever get a chance to be downloaded to your email client on your computer.

What’s new in version 6?

Easier to use
Many of you didn’t know how to train MailWasher to block spam, so this has been made easier with the Action column. The Action column lets you specify whether an email is ‘GOOD’ or ‘SPAM’ and from this, MailWasher will quickly and automatically learn which of your email is spam and which is good, saving you time.
All the settings for options, email accounts and spam tools are now able to be changed in one area. All accessible via the ‘Settings’ button on the front of MailWasher.
Additionally, there are many small tweaks to improve your experience of using MailWasher Pro.

Recycle Bin
Many of you never knew you could rescue accidentally deleted email. So a button called the ‘Recycle Bin’ has been placed on the front of MailWasher and this allows you to restore any email you have lost.

A new look
MailWasher is now a bit brighter and shinier. It was looking a bit scruffy, so hopefully you like the subtle changes.

Updated spam algorithms
We’ve updated the spam algorithms so you should see a big difference in the spam catching ability of MailWasher if you’re using FirstAlert.

Vista Compatible
Yes, this version is fully compatible with Windows Vista. Finally.

There is also a natty little video showing you some of Mailwashers new features when you first start the program. See below,

mailw.jpg
Mailwasher is an excellent product and one I would thoroughly recommend.

Note: I think everyone must have gotten their update notifications at the same time I did as the Firetrust server seems to be having some problems, if you can’t get to the site then just bookmark the page and pop back later.

Monday, September 24, 2007

NOD32 Update 2548 (20070924)

NOD32 Antivirus detection database has been updated to version 2548 (20070924)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

Win32/Agent.BJT, Win32/Agent.BTQ, Win32/Agent.NGX (3), Win32/AutoRun.AO (3), Win32/Hupigon.MXV, Win32/PSW.LdPinch.NCB, Win32/PSW.OnLineGames.NCU, Win32/PSW.OnLineGames.NEP, Win32/Rustock.NCS, Win32/Spy.Banker.NRG, Win32/Spy.Banker.OKB (2), Win32/Spy.Goldun.NBY, Win32/Spy.VB.QJ, Win32/TrojanDownloader.QQHelper.AET, Win32/TrojanDownloader.QQHelper.NDQ (3), Win32/TrojanDownloader.Small.FTW (2), Win32/TrojanDownloader.Zlob.BEP (2), Win32/TrojanDownloader.Zlob.BEQ (11), Win32/TrojanDropper.VB.NBW, Win32/Virut, Win32/Virut.Q

CounterSpy 2.5 Update 637

CounterSpy 2.5 latest update definition is 637

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Here is a partial list of selected threats in this update. For a full list of the updates, see Spyware Definitions on the Sunbelt site.

This uppdate has many updates, but mostly with names like trojan dropper and password stealer. I did find this one's name interesting: Zenotecnico. Also know as Adware.ZenoSearch, Adware.Zenosearch.B.

Winfixer, SpySheriff, AdwareSpy and the ubiquitous Storm Worm get updated definitions as well.

RogueRemover and a Short History of Rogues

RogueRemover has been around for awhile, but I like to be thorough and wait till I know a program is good. There's lots of talk here and around the Net about rogue antispyware programs, but what are they?

In short, it is a program that is supposed to be helpful but really is useless or even has been put on your computer to try to sell itself. The most famous of these are the ones from the Smitfraud group from the Russian mob scam artists. Names like SpyAxe, SpyFalcon and WinAntivirus are just a few of them. Back in 2005, the first one, SpyAxe, hit the Internet and ticked off alot of people. I posted removal instructions on my old blog on how to remove it. Most of the 200,000+ page views for that one post came in the first 3 months. By then, SpyAxe was out and a new rogue SpywareStrike was screwing up people's computers. Many people found out it was easier to use trojans to infect people's computers and then offer a solution. Now there are many of these rogue programs.

SmitFraudFix targets the actual trojan, usual called zlob, to rid your computer of these pests. RougeRemover targets the fake programs that get installed. So here i'll start giving updates for RougeRemover, since it is a good tool to remove the fake antispyware programs we call rogue programs.

RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers.

You can download RogueRemove from Malwarebytes.org and a few other sites like MajorGeeks. You can read more about it at Malwarebytes.

Here are the recent programs it removes, plus selected older rogues.

Current Version is 151

Added: AntiVirGear, CryptDrive, OSBodyGuard, PCSleep Error Cleaner, SafeStrip, SpywareLocker, SystemDefender

Updated: Rogue.Infector

Previous additions: virusProtectPro, VideoAccessCodec, Spyware-Sweeper, SpyHeal, VirusHeal, BPS Spyware Remover, SpyLocked, Ultimate Cleaner, MalwareWiped, SpyCrush, SpyDawn, VirusRescue and oldies like SpyAxe and SpyFalcon

Sunday, September 23, 2007

CounterSpy 2.5 Update 636

CounterSpy 2.5 latest update definition is 636

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Here is a partial list of selected threats in this update. For a full list of the updates, see Spyware Definitions.

Added:
AdWare.Win32.BHO.ge, AdwareRemover2007, Backdoor.Hupigon.FNT, Backdoor.Lecna.AC, Backdoor.Mailbot.R, Backdoor.T.TR, Backdoor.Win32.Agent.bqz, Backdoor.Win32.Haxdoor.gh, Backdoor.Win32.Rbot.dyx, Email-Worm.Win32.Nulprot.e, Exploit.JS.Agent.ar, Spy-Agent.ba, Trojan-Clicker.HTML.IFrame.as, Trojan-Clicker.HTML.IFrame.au, Trojan-Downloader.JS.Agent.hv, Trojan-Downloader.JS.Agent.qk, Trojan-Downloader.S.TR, Trojan-Downloader.Win32.Agent(many variants), Trojan-Downloader.Win32.AutoIt.v, Trojan-Downloader.Win32.BHO.bf, Trojan-Downloader.Win32.Mediket.dw, Trojan-Downloader.Win32.Small.fox, Trojan-Downloader.Win32.Tiny.lq, Trojan-Downloader.Win32.VB.bia, Trojan-Dropper.Agent.BOX, Trojan-Dropper.Win32.Agent.bvb, Trojan-Dropper.Win32.Agent.bwh, Trojan-Dropper.Win32.Killav.e, Trojan-Proxy.Win32.Delf.db, Trojan-PSW.Win32.Agent.pl, Trojan-PSW.Win32.Delf.aas, Trojan-PSW.Win32.LdPinch.cub, Trojan-PSW.Win32.OnLineGames (many variants), Trojan-PSW.Win32.WOW.wk, Trojan-PSW.Win32.WOW.wz, Trojan-Spy.HTML.Bankfraud.pu, Trojan-Spy.Win32.Banker.dkb, Trojan-Spy.Win32.Delf.agk, Trojan-Spy.Win32.Delf.ago, Trojan-Spy.Win32.Delf.bax, Trojan-Spy.Win32.Webmoner.ch, Trojan-Spy.Win32.Zbot.n, Trojan.Adw.SaveNow, Trojan.Duntek.A, Trojan.Horse.Downloader3.RUR, Trojan.Kobcka.M, Trojan.Win32.Agent(many variants), Trojan.Win32.Obfuscated.hq, Trojan.Win32.Obfuscated.ic, Trojan.Win32.Obfuscated.id, Trojan.Win32.VB.bfu, Trojan.Zayan.B, win32/Madangel.remnants, Worm.Win32.Viking.mc

Updated:
Adware.Cinmus, Adware.SecToolbar, Adware.Webprefix, Adware.Win32.Agent.am, Ardamax Keylogger, CarpeDiem, CasinoOnNet, ClickSpring.PuritySCAN, Dialer.Maxd, Dialer.Target, Dialer.Win32.GBDialer.j, DialerPlatform, DrAntispy, Email-Worm.Win32.NetSky.r, Goldun.Fam, Hacktool.Spammer, Hyperlinks Rotator, MagicAntiSpy, NetPumper, PC Tattletale, Perfect Keylogger, PWS-Banker.gen.aa, PWS-Pinch, Rabio, Rootkit.Win32.Agent.ea, Rootkit.Win32.Agent.ii, SC-KeyLog, SpySheriff, SpywareLocker, SpywareSoftStop, Storm.Worm, Virtumonde, Web Buying, Win32.ExplorerHijack, Win32.Worm.IM.Sohanat.B, Win32.Worm.Nuj.A, Win32.Worm.Winko.I, Worm-Win32/Allaple.gen!dam, Worm-Win32/Emerleox.gen!C

Saturday, September 22, 2007

MVPS HOSTS File Updated September 21

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? … because in certain cases “Ad Servers” like Doubleclick (and many others) will try to open a separate connection on the webpage you are viewing.

Lots more information and download links and installation instructions at Blocking Unwanted Parasites with a Hosts File

smallvista.gif Vista users make sure you read the special instructions here



Download: hosts.zip (144 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource
for determining possible culprits ... (626 kb)
http://www.mvps.org/winhelp2002/hosts.txt

Spyware Doctor 5.08170

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 5.08170
Intelli-Signatures: 648676

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

5.08170- P2P-Worm.Kingdom, P2P-Worm.Poopoo, Email-Worm.Scano, P2P-Worm.Druagz, Email-Worm.Monikey.H, Trojan.Agent.HM, PSWTool.IpdBrute, P2P-Worm.Smeagol, Backdoor.SdBot.BXR


5.08160 - Trojan-Spy.VB.NB, Trojan-Downloader.Konix, Trojan-Downloader.Tiner, Trojan-Downloader.Wirefall, Trojan-Downloader.Small.AYP, Trojan.Enfal, Trojan-Downloader.Small.CUL, Trojan.Klone

Extended Intelli-Signatures:

5.08170- Spyware.SpywareNuker, Trojan.RPCC_Spammer, Trojan-Downloader.Small.GEN, Application.MailPass_Viewer, Adware.WSearch.O, Application.MessenPass, Spyware.JimmyHelp, Application.Ardamax_Keylogger, RogueAntiSpyware.SpyAxe, Adware.MediaGateway, Trojan.PurityScan, Adware.Security_Toolbar, Trojan.Clagger.H, Trojan.Smartallyes, Trojan-Downloader.VB, Adware.Aureate, Trojan-Proxy.Xorpix, Adware.CoolWebSearch_OLE_Automation_Server, Trojan-Proxy.Wopla, ActiveX Objects


5.08160 - Trojan-Downloader.NTWorkStan, Trojan.Danmec, Adware.Agent.BN, Spyware.BaiDu, Trojan-Downloader.Small.GEN, Trojan-Dropper.Agent.AMR, Dialer.Dialupass, Rootkit.Agent.EX, Trojan-Downloader.Obfuscated, Trojan-Spy.Flux, Worm.Mytob, RogueAntiSpyware.SpyAxe, Application.MailPass_Viewer, Trojan-Downloader.QQHelper


Deleted Intelli-Signatures: Trojan.Agent.MultiDrop

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Update 2544 (20070923)

NOD32 Antivirus detection database has been updated to version 2544 (20070923)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Free fully functional trial is available.

Threats added in this update include the following:

INF/Autorun, Win32/Black.A, Win32/Delf.ABR, Win32/Nuwar.Gen, Win32/Obfuscated.GY, Win32/Qhost (2), Win32/Qhost.NBW, Win32/Qhost.NBX, Win32/Rbot (2), Win32/Sohanad.AP, Win32/TrojanDownloader.Agent.NPQ (2), Win32/TrojanDownloader.Agent.NQP, Win32/TrojanDownloader.Agent.NQQ, Win32/TrojanDownloader.Small.NXC (2)

Added in earlier updates:

Win32/Bagle.JU, Win32/Brocat.G, Win32/Diazom, Win32/IRCBot.ZH, Win32/Rbot (2), Win32/TrojanDownloader.Agent.NQX, Win32/TrojanDownloader.Agent.NQY, Win32/DNSChanger.NAD, Win32/Hoax.Renos.NDC (2), Win32/PSW.LdPinch.NEL, Win32/TrojanDownloader.Zlob.BAX, Win32/TrojanDownloader.Zlob.BEL (12), Win32/Agent.AVM (2), Win32/Grum.D, Win32/Small.QI

Thursday, September 20, 2007

More E-mails (Spam)

Some botnet somewhere has been busy.. I’ve had about a gazillion spammy emails today.

So… just for the record!

No.. I haven’t won the lottery.. I’m sure my email must be a very lucky address because it’s been winning all sorts of lotteries about 10 times a day just recently.

Nat West Bank/Western Union/Mastercard/Amazon etc etc etc all want me to log into my account. Hmmm… well I might just check out my account if I had an account with them!!

Some girl (with a blokey sounding email address) keeps sending me emails telling me she wants a chat. Strange, it’s the same message only coming from different email addresses.

I get loads of emails telling me that I’ll be able to satisfy the girls if I click here to get enhanced.. I’m a girl by the way! :o

I also get loads of emails telling me that I can buy all sorts of medicines if I wish.. I trust my doctor to know what I need though thank you very much.

Then there is the postcard from a friend/family member……… oh Joy!!

Well, it keeps me entertained! :D

Wednesday, September 19, 2007

Office 2003 Service Pack 3 Released

Microsoft has release Service Pack 3 for Office 2003. Being a service pack, there are many updates, fixes and improvements. To see all of the issues fixed and more information, you can read knowledgebase article 923618. Just like the Windows OS, the Office products are subject to security threats that can be used to attack your computer. This update fixes many potential problems that the bad guys can use to harm your computer.

Supported Operating Systems: Windows 2000 Service Pack 3; Windows Server 2003 Service Pack 1; Windows Vista; Windows XP Service Pack 2

This update applies to the following programs:

  • Office Basic Edition 2003
  • Office Professional Edition 2003
  • Office Small Business Edition 2003
  • Office Standard Edition 2003
  • Office Student and Teacher Edition 2003
  • Office Access 2003
  • Office Access 2003 Runtime
  • Office Excel 2003
  • Office FrontPage 2003
  • Office InfoPath 2003
  • Office Outlook 2003
  • Office PowerPoint 2003
  • Office Publisher 2003
  • Office Word 2003
  • Office 2003 Web Components
  • Office XP Web Components
The download page is here. This is a large download, over 100 MB, so allow yourself some time to download and install this. There will be a CD available soon with the update if you are on dial up or want a hard copy of the update.

Firefox Update 2.0.0.7

My favorite web browser Firefox release a small but important update today. This update fixes a security issue with Quicktime Media link files. Since Quicktime is all over the Net, I would update as soon as you can. This update is for Firefox Windows, Mac OS X and Linux.

Firefox 2.0.0.7 download

Speaking of Quicktime, there have been some important security updates for it as well recently. You can download it with or without iTunes on the Quicktime download page. You don't have to put in an email address to download.

NOD32 Update 2539 (20070918)

NOD32 Antivirus detection database has been updated to version 2539 (20070918)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

IRC/SdBot (4), Win32/Banwor.NAC (3), Win32/Hupigon, Win32/IRCBot, Win32/KeyLogger.Ardamax (3), Win32/KeyLogger.Ardamax.E (2), Win32/Nuwar.AQ, Win32/Nuwar.AR, Win32/TrojanClicker.VB.NDG, Win32/TrojanDownloader.Agent.NQP, Win32/TrojanDownloader.Banload.DPS (2), Win32/TrojanDownloader.Dadobra.IA, Win32/TrojanDownloader.VB.BBQ, Win32/TrojanDropper.Agent.NGF

Updates earlier in the day:

IRC/SdBot (2), Win32/Adware.Cinmus (5), Win32/Adware.Virtumonde (2), Win32/Adware.Virtumonde.FP, Win32/Agent.QT (2), Win32/AutoRun.AN (2), Win32/Bifrose.ACI, Win32/IRCBot.ZG, Win32/Mytob.VY (2), Win32/Neshta, Win32/Persky.K, Win32/Rbot, Win32/Rustock.NCR (2), Win32/Small.CJT (4), Win32/Small.NCG (4), Win32/TrojanClicker.Agent.LL (2), Win32/TrojanDownloader.Agent.NPQ, Win32/TrojanDownloader.Agent.NQV (2), Win32/TrojanDownloader.Delf.NYZ, Win32/TrojanDownloader.QQHelper.UV, Win32/TrojanDownloader.VB.BJQ (2), Win32/TrojanDownloader.VB.NMT, Win32/TrojanDownloader.Zlob.BED, Win32/TrojanDownloader.Zlob.BEJ, Win32/TrojanDropper.Delf.NFO (2), Win32/VB.NNA (2) W97M/TrojanDropper.Agent.NAB, W97M/TrojanDropper.Agent.NAC, W97M/TrojanDropper.Agent.NAD, W97M/TrojanDropper.Agent.NAE, Win32/Agent.BUL, Win32/Agent.CI (2), Win32/Agent.NEJ (2), Win32/Autoit.AK (2), Win32/AutoRun.AM (3), Win32/Bagle.JT (4), Win32/Dialer.HO, Win32/Dialer.NDQ (2), Win32/IRCBot.WO (2), Win32/Nuwar.Gen, Win32/PSW.Agent.NDP, Win32/PSW.LdPinch.NCB, Win32/PSW.Legendmir.NFC, Win32/PSW.OnLineGames.NEG (3), Win32/PSW.OnLineGames.NFF (4), Win32/PSW.WOW.NCD, Win32/Spy.Agent.M (2), Win32/TrojanDownloader.Zlob.BEH (12), Win32/TrojanDownloader.Zlob.BEI (6), Win32/TrojanDropper.Agent.BVR, HTML/TrojanDownloader.Agent.FS, IRC/SdBot (2), JS/TrojanDownloader.Agent.NW, Win32/Adware.NaviPromo, Win32/PcClient.NAW (3), Win32/Rootkit.Agent.HU, Win32/Rootkit.Agent.II (2), Win32/Spy.Banker.OGZ, Win32/TrojanDownloader.Agent.DJT (2), Win32/TrojanDownloader.Murlo.NAG, Win32/TrojanDropper.Agent.NGE, Win32/TrojanDropper.Decept.30.D (2), Win32/VB.NMZ (2)

Tuesday, September 18, 2007

Spybot Search & Destroy Now at Version 1.5

Spybot Search and Destroy is now at version 1.5 with new features and improvements to the program. Updating and the Immunization feature are the best improvements in my opinion. Support for Firefox Immunization has been added. Of course the scanning and spyware removal has been improved as well, but that works in the background where you won't notice as much. Windows Vista is fully supported now, and Windows 95 support has returned. Not sure who is still using 95 but Spybot is probably the only option you have for antispyware on that old OS.

Here is a list of some of the changes:

  • Restored Win95 compatibility
  • New Immunization for Firefox & Mozilla
  • Fixed HyperThreading issues
  • Improved 64 bit immunization
  • Support for multi-line bookmarks (IE 7 / Vista)
  • Improved Immunization for Opera
  • New warnings about missing admin rights on Windows Vista
  • Improved SDHelper dialogs and block/allow choices
  • New confirmation dialog for system restore points
  • Added support for renaming services before stopping/killing/deleting them
  • Improved hosts file location algo
There are many more. You can see them and screen shots of the program on the Spybot 1.5 info page.

One thing that I would change is that Tea Timer is enable by default when installing. In the older Spybot 1.4 install, it was not checked. Now it is checked and will be enabled after the install is complete. While Tea Timer is a good resident protection program, it can be a bit overwhelming for some people.

Another recommendation is to undo the Immunization in 1.4 and uninstall it before installing the 1.5 version. While not required, Immunize adds alot of entries to the registry and the newer version may handle them differently. Also, if 1.4 hasn't been updated to the latest Immunize data, there could be entries left on your system that should have been removed already that 1.5 will not. While I am not aware of any entries that would do this, better safe than sorry.

Overall, this is a good update to Spybot and everyone should update to version 1.5. You can download it from Spybot's download page as well as major download sites like Download.com.

Friday, September 14, 2007

CounterSpy 2 Update 631

CounterSpy 2.0 latest update definition is 631

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Here is a partial list of selected threats in this update. For a full list of the updates, see Spyware Definitions 547

Added

Email-Worm.Win32.Nulprot.d, Rootkit.Win32.Agent.io, Trojan-Downloader.JS.Psyme.mf, trojan-Downloader.Win32.Agent.djt, Trojan-Downloader.Win32.Agent.dju, Trojan-Downloader.Win32.Small.fqe, Trojan-Downloader.Win32.Small.fsc, Trojan-Downloader.Win32.Small.fsf, Trojan-Dropper.Win32.Small.bae, Trojan-Proxy.Win32.Pixoliz.c, Trojan-Proxy.Win32.Slaper.bd, Trojan-Spy.Win32.Agent.aah, Trojan.Bdld, Trojan.GMWX, Trojan.Win32.Inject.ev, Trojan.Win32.Small.qh

Updated

Backdoor.Rustock, Backdoor.Unidentified.gen, Backdoor.Win32.Small.lu, Dialer.Maxd, Email-Worm.Win32.Locksky.be, Exploit-VBS/Phel.E, Infostealer.Metafisher, Infostealer.Nuklus, IRC/Sensi.11, JS/Exploit_based.A, JS/Exploit_based.B, mIRC/Gen_COM, Packed.Win32.PolyCrypt.d, Rootkit.Win32.Agent.ea, Rootkit.Win32.Agent.ey, SpamTool.Win32.Agent.u, SpywareSoftStop, Storm.Worm, Trojan-Clicker.HTML.IFrame.al, Trojan-DOS/CryptMBR.A, Trojan-Downloader.Gen, Trojan-Downloader.Matcash, Trojan-Downloader.Monurl.I, Trojan-Downloader.Trojan, Trojan-Downloader.Vxgame.z, Trojan-Downloader.Win32.Agent.azg, Trojan-Downloader.Win32.Small.evh, Trojan-Downloader.Win32.Small.ex, Trojan-Dropper.Win32.Small.gen, Trojan-JS/Alogo, Trojan-Proxy.Win32.Agent.sw, Trojan-Proxy.Win32.Xorpix.Fam, Trojan-PSW.Win32.Hooker.24.c, Trojan-Spy.Win32.Banker.dko, Trojan-Spy.Win32.Banker.dvn, Trojan.Autorun.EU, Trojan.DNSChanger, Trojan.DNSChanger.Gen, Trojan.FakeAlert, Trojan.LowZones, Trojan.Pandex, Trojan.Qhosts, Trojan.Vxgame.z, Trojan.Win32.BHO.dm, Trojan.Win32.DNSChanger.jf, Trojan.Win32.DNSChanger.ka, Trojan.Win32.Patched.ah, Trojan.Win32.Qhost.it, Trojan.Win32/Anomaly.gen!A, Trojan.XPL.ADODB, VBS/Generic2, webHancer

Tom Coyote Is Now What the Tech

One of my favorite security and help sites, Tomcoyote.org, has changed names to What the Tech. The old Tom Coyote url will be redirected to the new site, but it is still a good idea to update your bookmarks.

Site: http://whatthetech.com
Forum: http://forums.whatthetech.com/forums.html

Spyware Doctor 5.08150

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 5.08150
Intelli-Signatures: 648,460

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

5.08150 - Constructor.FakeMSN, P2P-Worm.Blaxe, P2P-Worm.Zaka, Trojan.Decept, Trojan-Clicker.Agent.EL, Trojan-Downloader.Small.CQG, Trojan-Downloader.Small.CQO, Trojan-Downloader.Small.W, Trojan-PWS.FakeAIM.A, Trojan-PWS.FakeMSN.A, Trojan-PWS.Mima, Trojan-Spy.Banker.YG, Trojan-Spy.DiabloII.G, Trojan-Spy.Gologger, Trojan-Spy.KeyLogger.AO, Worm.Collo, Worm.Donk.C, Worm.Skipi.A


5.08140 - P2P-Worm.Cake, P2P-Worm.Cozit, Trojan-Clicker.Agent.EQ, Trojan-Downloader.Zlob.FS, Trojan-Spy.DiabloII.D, Trojan-Spy.SpyAnyTime.C, Worm.Bymer, Worm.Donk.B


5.08130 - P2P-Worm.Benjamin.A, Trojan.Banker.D, Trojan-Clicker.Agent.DW, Trojan-Downloader.Agent.CRY, Trojan-Downloader.Delf.MOP, Trojan-Downloader.Small.BSN, Trojan-Downloader.Small.CPW, Trojan-Downloader.Tiny.GX, Trojan-PWS.Gamania.AD, Trojan-PWS.Gamania.AL, Trojan-Spy.Godmoney


Extended Intelli-Signatures:

5.08150 - Adware.Agent.BN, Adware.CDN, Adware.WSearch.O, Backdoor.Delf.GEN, Email-Worm.Zhelatin, Rootkit.Agent.EY, Trojan.Agent.AOY, Trojan.Banker, Trojan.CWS, Trojan.Desktop_Hijacker, Trojan.Mailbot, Trojan.Popuper, Trojan.PurityScan, Trojan.Virtumonde, Trojan-Dropper.Agent.BE, Trojan-PWS.Delf, Trojan-PWS.Hazif, Trojan-Spy.Banker.CMB


5.08140 - Application.Logitech_Inc., Dialer.Dialupass, Trojan.AVKillers, Trojan.Nuklus, Trojan-Downloader.Banload.ACK, Trojan-Downloader.Small.GEN, Trojan-PWS.Hangame, Trojan-Spy.Banker.AHY, Trojan-Spy.Bankject, Trojan-Spy.Tofger


5.08130 - Adware.Agent.BN, Adware.Zeno_Search_Assistant, Application.Logitech_Inc., Rootkit.Agent.EY, Trojan.DNS_Changer, Trojan.PurityScan, Trojan.Virtumonde, Trojan-Downloader.Alphabet.GEN, Trojan-Dropper.Agent.BE, Trojan-PWS.Magania, Trojan-PWS.Sincom, Trojan-Spy.Agent.EW, Trojan-Spy.Bankject


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

AntiVirGear New Rogue to Remove

AntiVirGear is the newest fake antispyware program connected with the zlob trojan. It's been awhile since there has been a new one, but this program is garbage just like the rest. It will find spyware on your computer and then offer to remove it after you pay.

Bleeping Computer has a guide on how to remove AntiVirGear until most reputable antispyware programs are able to fix it.

Files and information related to AntiVirGear:

Hijackthis entry:

O4 - HKLM\..\Run: [AntiVirGear 3.7] "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe" /h

Files:

C:\Windows\System32\wqzdtjg.dll
C:\Windows\System32\ddllup.dll
C:\ProgramFiles\AntiVirGear 3.7

Wednesday, September 12, 2007

Are You A Security Wizard?

I found this neat quiz over at Agnitum. Are you a Security Wizard?








Are you an Internet Security Wizard?
Are You an Internet
Security Wizard?

Monday, September 10, 2007

New Skype Worm

Whether you want to call it w32/Ramex.A or Bubbles, I couldn’t explain it any better than Chris Boyd (aka Paperghost) does.  So trolly on over to Spywareguide.com to see what he has to say with some pretty pictures too.

Saturday, September 08, 2007

Winpatrol Updated

When Winpatrol 2007 was released I thought it was fab and I absolutely adore Scotty in his blue Vista bubble. But not everyone agrees with me.

Winpatrol has listened to customer feedback and have today released a minor update that among other things will enable users to have the original black Scotty icon back in your system tray.

If you like Scotty as he is and you aren't having any problems with Winpatrol Plus features then there is no rush to download the update.

Check out Bits from Bill for all the latest Winpatrol News and more.

Friday, September 07, 2007

Microsoft Security Bulletin Advance Notification for September 2007

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don’t forget to prepare for the updates as I’ve outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 11 September 2007 Microsoft is planning to release:
Security Updates

One Critical Bulletin in total.

  • One Microsoft Security Bulletin affecting Microsoft Windows 2000 Service Pack 4 with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Four Important Bulletins in total.

  • One Microsoft Security Bulletin affecting Visual Studio with a Maximum Severity rating of Important. This update may require a restart and will be detectable using the Enterprise Update Scan Tool and Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Windows Services for UNIX, Subsystem for UNIX-based Applications, with a Maximum Severity rating of Important. This update will require a restart and will be detectable using the Enterprise Update Scan Tool and the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting MSN Messenger, Windows Live Messenger, with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the built-in mechanisms for automatic detection and deployment of updates for this software.
  • One Microsoft Security Bulletin affecting Windows SharePoint Server, with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Note that this tool will NOT be distributed using Software Update Services

Non-security High Priority updates on MU, WU,WSUS and SUS

  • Microsoft will release zero NON-SECURITY High-Priority Updates for Windows on Windows Update (WU)
  • Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for “security_patch”.
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086

Microsoft will host a Webcast to address customer questions on these bulletins on Wednesday, September 12, 2007, at 11:00 AM Pacific Time (US & Canada),for attendees to ask questions about the bulletins and get answers from the security experts.

Monday, September 03, 2007

Parental Controls For Windows Live Messenger And More

Windows Live Family Safety (Beta)

As a parent, do you worry about your children’s safety on the internet? Of course you do. Microsoft have a product that may be able to help. Windows Live Family Safety is still in beta, but in my opinion it is worth trying out. Microsoft can only make it a better product with your feedback.

It’s available for free, you need either Windows XP (sp2) or Vista and a Windows Live ID. Here is some blurb for you.

Safer browsing with guidance you personalise
Help protect your kids from the online content you don’t want them to see with filters you can customise to fit your children’s ages and your own values. Get guidance from the American Academy of Pediatrics and other trusted sources such as the NSPCC. Activity reports show you which sites your kids are visiting.

Safer Instant Messaging and blogging
Family Safety Beta’s new built-in contact approval helps you know exactly who your kids are talking to on IM or their blogs. You approve or disapprove each new contact for their Windows Live Messenger and Windows Live Spaces.

Safer searching, safer learning
Family Safety Beta works with Live Search to help block inappropriate search results, and with MSN Encarta to help deliver only information that’s age-appropriate.

Stay informed, from any PC, anywhere
Your child can easily ask you for permission to see a blocked site or to add a new Messenger or Spaces contact—right from the Web. Whether you’re at work or on the road, you can review and approve or block their requests from almost any Web-connected PC.

Windows Live Family Safety

Sitemeter