Thursday, December 11, 2008

Antivirus 360 Replaces Antivirus 2009 As New Rogue

The Vundo trojan is now using Antivirus 360 in it's effort to scam money out of victims. The name is play off of Norton 360 it appears. Like all rogue antispyware products, the malware that found it's way on your computer is from the same group that is trying to sell you the solution.

Antivirus 360 removal guide
found Bleeping Computer. Hijackthis log symptoms and files:

O4 - HKCU\..\Run: [13376694984709702142491016734454] C:\Program Files\A360\av360.exe

c:\Program Files\A360
c:\Program Files\A360\av360.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
%UserProfile%\Desktop\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360
%UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Help.lnk
%UserProfile%\Start Menu\Antivirus 360\Registration.lnk

Tuesday, December 09, 2008

Spywareinfo Domain Now Linking Rogues

The domain spywareinfo.com once was one of the main sites to help with stopping spyware and helping people remove spyware. Once a good source of information and news, it began a slow decline in 2006 when the owner Mike Healan disappeared from the net for personal reasons. The domain was bought recently and is now hosting links to undesirable removal programs, including Antivirus 2009.

Spywareinfo's legacy still lives on. The forums were moved to their own domain and can be found at spywareinfoforum.com . An archive of the old spywareinfo site can be found at spywareinfoforum.info. While archive of spywareinfo is mostly old and out of date, the forums are current , up to date and a good place to go if you need help.

More on the change of ownership of spywareinfo:

Warning at the spywareinfoforum site.

DSLreports security forums discuss the change.

Analysis of the new links.

Sunday, December 07, 2008

Need An Update

My poor blog is almost dead. Silly work and real life keeping me from updating it.

Saturday, September 13, 2008

Is your Computer running slowly?

Whoops, three months went by without a post. Oh well, no time like now to get back to it.

Malware Removal just put up a page to help with keeping your Windows computer from slowing down and what you can do to keep it from slowing down.

We get a lot of people coming here complaining of slow running computers, and posting HijackThis logs for us to look at. They suspect that an infection is causing their problem. In a great many cases, Malware is not the cause of the problem, and a few simple procedures are all that it takes to resolve things.



Is your Computer running slowly

Wednesday, June 11, 2008

AntiSpyCheck Rogue Program

AntiSpycheck is a new rogue spyware program. It's installed by the zlob trojan, giving fake alerts that try to get you to purchase it. The zlob trojan disguises itself as a video codec that is supposedly needed to view a video. It really installs spyware to make fake alerts and installs AntiSpyCheck to trick you into buying it.

Here are some lines from Hijackthis that you may find if you are infected:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll
O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O22 - SharedTaskScheduler: campaniform - {5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f} - C:\WINDOWS\system32\kfcpnd.dll

Here are some files that you my have if you are infected with this trojan:

c:\Program Files\AntiSpyCheck
c:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
c:\Program Files\AntiSpyCheck\IEWarning.dll
c:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru
c:\Program Files\NetProject
c:\Program Files\NetProject\sbmdl.dll
c:\Program Files\NetProject\sbmntr.exe
c:\Program Files\NetProject\sbsm.exe
c:\Program Files\NetProject\sbun.exe
c:\Program Files\NetProject\scit.exe
c:\Program Files\NetProject\scm.exe
c:\Program Files\NetProject\scu.exe
c:\WINDOWS\system32\kfcpnd.dll
c:\WINDOWS\system32\514852\514852.dll

For full details and a free removal guide, take a look at Bleeping Computer's AntiSpyCheck Removal Guide.

Monday, June 02, 2008

Internet Explorer Flaw Plus Safari Equals Trouble

An undisclosed vulnerability in Internet Explorer, combined with exploiting Safari for Windows' ability to download files without being prompted, apparently allows the bad guys to take over Windows. This affects XP, Vista and IE versions 6 and 7. The unnamed Internet Explorer bug has been around for awhile. Combined with the Windows version of Safari, where files can be downloaded without an option to prompt before doing so, the flaw can be used to take over Windows, reports Aviv Raff.

The flaw in Internet Explorer uses the calculator program in conjunction with Safari for Windows to make two moderate vulnerabilities into a critical one. Microsoft has issued a bulletin, but it doesn't really say too much. Even if Microsoft patches IE, there's still Safari's "carpet bomb" issue that can allow unwanted downloads. Right now, Apple doesn't appear to want to fix this. Simply adding the option to prompt for all downloads before doing the download would help prevent this. Stopbadware wrote on their blog to urge Apple to do so.

You have to visit a specially crafted web page for this exploit to work. So it is not an all out fiasco. So far, there is not a known use of this problem. Right now, the only guaranteed fix to prevent this is to uninstall Safari for Windows. This may not be a bad idea, since there could be more bugs like this that can be exploited in Safari for Windows, said Raff in an interview with Macworld.

Thursday, May 29, 2008

Service Pack 3 Available On CD

For those who are not on a good Internet connection or one where you are limited in bandwidth, you can get Service Pack 3 on CD now. You can also download a disk image or stand alone installer, which you can use to take home or save for a re-install. Having SP 3 available will help if you do need to re-install, so you won' have to go online and expose yourself to the evils of the Internet. You can check it out on Microsoft TechNet.

Wednesday, May 28, 2008

Mac OS 10.5.3 for leopard, Security Update for Tiger

A few hours ago, Apple made the 10.5.3 update available on Software Update. There's lots of changes and fixes in this one. If you have 10.4 Tiger, you do get a nice set of security updates so you don't feel left out.  


The 10.5.3 update details can be found at Apple. The kbase article mentions inprovements or fixes for: Address Book, Automator, Airport, iCal, iChat, Mail, Parental Controls, Spaces, Time Machine and voice Over. I also noticed changes to Back to My Mac and Finder. 

For BTMM, there is now a red, green and yellow indicator for the service. I think it is just checking connectivity to the BTMM servers and successful login. I'm behind a crapy Linksys router that doesn't like to keep UPnP on, but I get a green light. So I can see the other mac, but connections still fail, as should since Universal Plug n Play isn't on. 

Finder now has a more accurate display of uploads to network drives, like iDisk. It used to sit on the closing file and would stay there until the file was finished uploading. That could be another 20 minutes or longer. Now it displays a rough estimate of the time remaining in the upload. 

If you have Tiger or haven't updated to 10.5.3, then you still want to use check updates for Security Update 2008-003. Updates include AFP Server, Apache, AppKit, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, Common Unix Printing System (CUPS), Flash Player Plug-in, iCal, LoginWindow, Mail, Wiki Server and  more. 

I installed 10.5.3 and had no problems. It was faster than the 10.5.2 update. So far, I'v only seen the usual people who seem to have trouble with every update complain. I see no reason to hold off of this set of updates.

Saturday, May 24, 2008

Spyware Doctor False Positive Flags Part of XP Service Pack 3

Apparantly, Spyware Doctor may be detecting Rundll32.exe as having Trojan-Spy.Pophot.WX. The latest update, 5.09900, should fix this. In any event, you should run Spyware Doctor's Smart Update t be safe.

Friday, May 23, 2008

MacWindows

Since moving to Mac from Windows, it's been quite refreshing not having to keep multiple security programs running and updated. Sure, I still have several Windows machines here and have used them, but not so much anymore. Now that I have VMWare Fusion on my iMac with a 2.8 GHz Core 2 Duo, 4 Gigs of RAM, and 24 inch screen, I can run them all. Now I need to get a 2nd display so I can run Windows Full screen side by side with OS X. I've got XP and Vista and can run them at the same time :) Though Aero won't work while I am running it in virtual machine. I can reboot to Vista using Bootcamp and Aero will pop on.

Anyways, with all the Windows going on, I'll need to keep up with the security stuff and will get back to updating here more. I haven't decided what changes there'll be, but I think a real template for this blog is past due. One thing to think about is what to display in updates. Most security programs these days have so many updates with similar names, that it's hard to pick out what it means. It used to be simple. A Look2Me here, a Vundo there and whatever the Zlob trojan was calling itself this week.

I'll see what i can come up with.

Spybot Search & Destroy May 21st

2008-05-21

Keylogger
+ KGBKeylogger ++ KGBKeylogger.REFOG ++ SmartPCKeylogger

Malware
++ AntiSpyCheck ++ BugDoctor + ConOpt.BHO (3) ++ DeusCleaner ++ DoctorCleaner ++ EliteProtector + ErrorDoctor + FakeAlert.cc ++ LiveAntispy ++ MalwareDestructor + MyNetProtector ++ PCSleek.FreeErrorCleaner + Smitfraud-C. ++ Spyburner ++ SpyKill + Trojan-Guarder + Vario.AntiVirus + Win32.BHO.je + Win32.Renos + WinSpyKiller + Worldsecurityonline.FakeAlert

PUPS
++ SpyPry

Security
+ Microsoft.Windows.AppFirewallBypass

Trojan
+ Smitfraud-C.MSVPS + Virtumonde.ddc ++ Win32.Agent.abd ++ Win32.Agent.ark ++ Win32.Agent.byc + Win32.AutoRun ++ Win32.Delf.bj ++ Win32.Friendown + Win32.PcClient.agu + Win32.Small.ih

Total: 609774 fingerprints in 159642 rules for 3951 products.

http://spybot.info/en/updatehistory/index.html

Spyware Doctor 5.09900

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 5.09900
Intelli-Signatures: 520,229

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

5.09900 - Trojan.Delf.CDI


5.09890 - Trojan-PWS.QQTen, Trojan.PHP.Agent, RogueAntiSpyware.MalWarrior


5.09880 - Trojan-Downloader.WMA.Wimad, Trojan-Downloader.Small.FQO, Trojan-Downloader.Firu, Adware.Agent.BYY, Trojan-Downloader.Banload.MCC, Trojan.Agent.LRY, PSWTool.SAMInside, Trojan-Dropper.Agent.NHA

Extended Intelli-Signatures:

5.09900 - Trojan.Mebroot, Trojan.DNS_Changer, PWSTool.QQPass, Exploit.MSWord, Exploit.MSPpt, Exploit.MSExcel, Backdoor.PCclient, Backdoor.Hupigon.GEN, Backdoor.Graybird.GEN, Adware.NewWeb, Adware.ILookup_Begin2Search, Trojan.QQHook.A, Trojan.Riler, Trojan-PWS.Lineage


5.09890 - Worm.Mytob, Trojan-Spy.Zbot, Trojan-Spy.VB, Trojan-Spy.Qeds, Trojan-Spy.Lyndra, Trojan-Spy.Agent, Trojan-PWS.QQRob, Trojan-PWS.QQRob.U, Trojan-PWS.QQPass.UP, Trojan-PWS.QQPass.GE, Trojan-PWS.OnlineGames, Trojan-PWS.OnLineGames.GEN, Trojan.Zquest, Trojan.Startpage, Trojan.Downloader, Trojan.Agent.LPV, Trojan.Agent.EMB, Trojan.AdRotator, Spyware.SahAgent, Spyware.Known_Bad_Sites, Rootkit.Agent, Exploit.MSPpt, Exploit.JS.Agent, Backdoor.Hupigon, Backdoor.Hupigon.GEN, Backdoor.Graybird.GEN, Backdoor.Bifrose, Backdoor.Bifrose.ACI, Backdoor.Agent, Application.Perfect_Keylogger, Adware.Zeno_Search_Assistant, Adware.TTC, Adware.PodcastbarMini, Adware.OneStepSearch, Adware.MokeAd, Adware.Deskbar, Adware.Cinmus, Adware.Agent.BN, Adware.Adsponsor


5.09880 - Trojan.Virtumonde, Adware.Mokead, Trojan.DNS_Changer, Trojan-PWS.OnLineGames.GEN, Adware.Loadscc, Trojan.Agent.BOW, Trojan-Downloader.Zlob.GEN, Backdoor.Hupigon.GEN, Trojan-Spy.VB, Trojan-Spy.Banker.ALR, Trojan-Downloader.Agent.NVP, Backdoor.Hupigon , Application.HP-Compaq, Trojan-PWS.OnlineGames.HZJ, Worm.Mytob, Trojan-Spy.Pophot.WX, Trojan-Dropper.Agent.BPF

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Wednesday, April 23, 2008

Nod32 Update 3046 (20080422)

NOD32 Antivirus detection database has been updated to version 3046 (20080422)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.



Threats added in this update include the following:

3046 (20080422)
Win32/Adware.Vapsup (3), Win32/Adware.Vapsup.AB (2), Win32/Adware.Vapsup.AI, Win32/Adware.Vapsup.W, Win32/Adware.Virtumonde, Win32/Adware.Virtumonde.FP, Win32/Agent.NTQ, Win32/Agent.NTS, Win32/AutoRun.LQ (3), Win32/AutoRun.LR (2), Win32/AutoRun.LS (2), Win32/IRCBot.AEY, Win32/Mypis.AH (2), Win32/Pacex.Gen (6), Win32/Privaz.V (8), Win32/PSW.LdPinch.SUI, Win32/PSW.OnLineGames.NFF, Win32/PSW.OnLineGames.NHY, Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NMX, Win32/PSW.OnLineGames.NMY, Win32/PSW.OnLineGames.NNU, Win32/PSW.OnLineGames.NOH (2), Win32/PSW.OnLineGames.NOI (2), Win32/PSW.OnLineGames.ODJ, Win32/PSW.OnLineGames.XTT (2), Win32/PSW.QQRob.NAQ, Win32/Qhost, Win32/Rootkit.Vanti.NBM (2), Win32/Socks.EQ (2), Win32/Spy.Agent.NES (3), Win32/Spy.Agent.NGA, Win32/Spy.Delf.NHF (3), Win32/Spy.Delf.NHV, Win32/Spy.Delf.NIG (3), Win32/Spy.Delf.NIK (5), Win32/Spy.Delf.NIL (5), Win32/Spy.KeyLogger.AEV, Win32/TrojanDownloader.Dadobra.IA, Win32/TrojanDownloader.Zlob.BTY, Win32/TrojanDownloader.Zlob.BUZ (2), Win32/TrojanDownloader.Zlob.BVD, Win32/TrojanDownloader.Zlob.BVE (16), Win32/TrojanDropper.Agent.NJR, Win32/Ysmarsys.H (3), Win32/Ysmarsys.I, Win32/Ysmarsys.J, Win32/Ysmarsys.K

Earlier
Update 3045 (20080422)

IRC/SdBot, PDF/Exploit.Pidief.M, VBS/Agent.AI (3), Win32/Adware.BHO.APH (2), Win32/Adware.Cinmus, Win32/Adware.Vapsup (5), Win32/Adware.Vapsup.AB, Win32/Adware.Vapsup.AI (2), Win32/Adware.Vapsup.W, Win32/Adware.Virtumonde.FP, Win32/Agent.KKP, Win32/Agent.KLQ, Win32/Agent.NHE, Win32/Agent.NKJ (6), Win32/Agent.NTV, Win32/BHO.NDR (2), Win32/DNSChanger, Win32/Hupigon (4), Win32/Inject.BCJ, Win32/Obfuscated.NBH (2), Win32/Pacex.Gen (5), Win32/PSW.Agent.NHN (46), Win32/PSW.LdPinch.NEL, Win32/PSW.OnLineGames.NFF, Win32/PSW.OnLineGames.NFL (2), Win32/PSW.OnLineGames.NHY, Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NNU (5), Win32/PSW.OnLineGames.NOF, Win32/PSW.OnLineGames.NOH (3), Win32/PSW.OnLineGames.WEA, Win32/PSW.OnLineGames.XTT (3), Win32/Rootkit.Vanti.NBM, Win32/Small.NDV, Win32/Spy.Agent.NFZ, Win32/Spy.Banker.LPX (2), Win32/Spy.Banker.LRB, Win32/Spy.Banker.OTP (2), Win32/TrojanDownloader.Agent.NXT, Win32/TrojanDownloader.Agent.NXU, Win32/TrojanDownloader.Agent.NXV, Win32/TrojanDownloader.Banload.LFX (2), Win32/TrojanDownloader.Delf.FBX (2), Win32/TrojanDownloader.FakeAlert.CD (2), Win32/TrojanDownloader.Zlob.BUZ (2), Win32/TrojanDownloader.Zlob.BVC (3), Win32/TrojanDownloader.Zlob.BVD (17), Win32/TrojanDropper.Agent.NJV (2), Win32/Ysmarsys.G (2)

Spyware Doctor 5.09660

Spyware Doctor has been updated with new spyware definitions.


Latest Database Version: 5.09660

Intelli-Signatures: 641,913



Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer.

A free scan is available from the Spyware Doctor Homepage:

http://www.pctools.com/spyware-doctor/



New Intelli-Signatures:

5.09660 - Adware.BHO.AJ, RogueAntiSpyware.AntiSpywareMaster, Trojan.BurningHardDisk.HOAX, Trojan.Chaincodr, Trojan-Downloader.Agent.HNP, Trojan-PWS.OnlineGames.CVQ, Trojan-PWS.OnlineGames.NFE, Trojan-PWS.QQPass.ARG, Trojan-PWS.Tibia.DB, Trojan-Spy.Agent.AZB, Trojan-Spy.Agent.BBO, Trojan-Spy.Bancos.U, Trojan-Spy.Yazoka

5.09650 - Backdoor.Hupigon, Backdoor.VB.BDZ

5.09640 - HackTool.QQShou, IM-Worm.Kelvir, Trojan.Startpage.U, Trojan-Spy.Lorex

Extended Intelli-Signatures:

5.09660 - Adware.Adbars, Adware.BHO.GEN, Adware.Borlander, Adware.Cinmus, Adware.WebDir, Application.Ardamax_Keylogger, Backdoor.Bifrose.ACI, Backdoor.Cakl, Backdoor.Hupigon, Backdoor.PCclient, Backdoor.Sdbot.AAD, HackTool.Hupigon, PSWTool.Brutus, Trojan.Startpage, Trojan-Downloader.Banload, Trojan-Downloader.Small.GEN, Trojan-PWS.Lineage.ACJ, Trojan-PWS.Lineage, Trojan-PWS.Magania, Trojan-PWS.OnlineGames, Trojan-PWS.QQPass, Trojan-PWS.Tibia, Trojan-Spy.Banker.CHC

5.09650 - Adware.Comet_Cursor, Adware.NewdotNet, Adware.NewWeb, Adware.OneStepSearch, Adware.Sogou, Adware.Starware, Adware.WhenU_SaveNow, Backdoor.Beastdoor, Backdoor.CIADoor, Backdoor.G_Door, Backdoor.Hupigon.GEN, Backdoor.Nuclear, RogueAntiSpyware.Ultimate_Defender, Trojan.Dumaru, Trojan.SC_Keylogger, Trojan.Vipgsm, Trojan-PWS.Magania, Trojan-PWS.OnlineGames, Trojan-PWS.Tibia, Trojan-Spy.Banbra.H, Trojan-Spy.Banker.GEN

5.09640 - Adware.EliteBar, Adware.Webbuying, Backdoor.IRC.Flood, Backdoor.Poison, Backdoor.SkRat, PSWTool.Brutus, Rootkit.Agent, Trojan.FakeAlert, Trojan.Laoshen, Trojan.Popuper, Trojan-Downloader.Agent.AKQ, Trojan-Downloader.Small.BUY, Trojan-Downloader.Small.GEN, Trojan-PWS.LdPinch, Trojan-PWS.OnlineGames, Trojan-PWS.QQShou, Worm.Spybot


General Information:

Updates are posted 5 times per week on average.

Updates are installed by running Spyware Doctors' Smart Update feature.

Tuesday, April 22, 2008

Firefox 2.0.0.14 Update

Firefox v2.0.0.14 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/firefox/

What's new:
- http://www.mozilla.com/en-US/firefox.../releasenotes/
April 16, 2008

- http://www.mozilla.org/projects/secu...irefox2.0.0.14

- http://secunia.com/advisories/29787/

Release Date: 2008-04-17
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.14.

Tuesday, February 12, 2008

Leopard Graphics Update for 10.5.2

After you update to Mac OS 10.5.2 Leopard, there's an update for your video graphics. Not much detail provided on the download page, but performance is reported to greatly increase for World of Warcraft. After you update to 10.5.2, run software update again to get this update.

Monday, February 11, 2008

Mac OS 10.5.2 and Security Update 2008-001

Apple released the next big update for Leopard today, 10.5.2. There's also a security update for users running 10.4 Tiger, Security Update 2008-001. Security updates for Leopard are included in 10.5.2 while tiger will have the 2008-001 as an update.


Mac OS 10.5.2 includes updates for Airport, Back to My Mac, iCal, iChat, Mail, Printing, Safari, Time Machine, and much more. The security update includes fixes for Safari, Mail, Parental Controls, Samba, Terminal and X11.

Here are links to more information about the Leopard 10.5.2 update and Security Update 2008-001. To get these updates, click the Apple in the top left of the screen and select Software Update.

Friday, February 08, 2008

VirusHeat, Yet Another Rogue

The latest fake antispyware program is called VirusHeat. It does the usual fake warning ballon down by the clock telling you have spyware and other scary stuff. Luckily, it's not hard to remove, and the crew at Bleeping Computer have a VirusHeat removal guide.

SmitFraudFix can get this pest off your PC and it's free. So click the link above to see how to get this crap off your computer.


Here's what the fake warning looks like. It may say something different, but it's the same idea.

Tuesday, January 15, 2008

Macs Join the Rogue Program Club

F-Secure has reported about the first known rogue antispyware program for MacIntosh computers. Macsweeper is what it goes by. With the growing number of reported fake codec zlob trojans made for Macs, this doesn't surprise me. The first known Mac fake codec was reported just last November. Since then, there has been a steady release of Mac fake codecs to go along with the Windows versions. The last one discovered was on January 11th. If you go through Sunbelt's blog, you'll find many more.

For now, I'm not sure how you remove it, but it appears to be mainly a nuisance. More updates on this later.

Saturday, January 05, 2008

Microsoft Advance Security Bulletin For January 2008

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don’t forget to prepare for the updates as I’ve outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 8th January 2008 Microsoft is planning to release:

Security Updates

One Critical Bulletin.

  • One Microsoft Security Bulletin affecting Microsoft Windows with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

One Important Bulletin.

  • One Microsoft Security Bulletin affecting Windows with a Maximum Severity rating of Important. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Centre.

Non-security High Priority updates on MU, WU,WSUS and SUS

  • Microsoft will release two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU)
  • Microsoft will release five NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for “security update”.
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.

Microsoft will host a webcast to address customer questions on these bulletins on January 9, 2008, at 11:00 AM Pacific Time (US & Canada). Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Thursday, January 03, 2008

Ad-Aware SE No Longer Supported

If you are using Lavasoft’s Ad-Aware SE then you must uninstall it and replace it with Ad-Aware 2007 Free.  Lavasoft will no longer provide definition updates for Ad-Aware SE.. and an anti-malware program that doesn’t get regular updates is as much use to you as a chocolate teapot.

Please note; Ad-Aware 2007 Free is only compatible with Windows 2000, XP, 2003 Server and Vista(32-bit).  If you are running earlier versions of Windows (Windows 98 or ME) then you will not be able to use it.

Sitemeter