Thursday, December 11, 2008
Antivirus 360 Replaces Antivirus 2009 As New Rogue
Antivirus 360 removal guide found Bleeping Computer. Hijackthis log symptoms and files:
O4 - HKCU\..\Run: [13376694984709702142491016734454] C:\Program Files\A360\av360.exe
c:\Program Files\A360
c:\Program Files\A360\av360.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
%UserProfile%\Desktop\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360
%UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Help.lnk
%UserProfile%\Start Menu\Antivirus 360\Registration.lnk
Tuesday, December 09, 2008
Spywareinfo Domain Now Linking Rogues
Spywareinfo's legacy still lives on. The forums were moved to their own domain and can be found at spywareinfoforum.com . An archive of the old spywareinfo site can be found at spywareinfoforum.info. While archive of spywareinfo is mostly old and out of date, the forums are current , up to date and a good place to go if you need help.
More on the change of ownership of spywareinfo:
Warning at the spywareinfoforum site.
DSLreports security forums discuss the change.
Analysis of the new links.
Sunday, December 07, 2008
Saturday, September 13, 2008
Is your Computer running slowly?
Malware Removal just put up a page to help with keeping your Windows computer from slowing down and what you can do to keep it from slowing down.
We get a lot of people coming here complaining of slow running computers, and posting HijackThis logs for us to look at. They suspect that an infection is causing their problem. In a great many cases, Malware is not the cause of the problem, and a few simple procedures are all that it takes to resolve things.
Is your Computer running slowly
Wednesday, June 11, 2008
AntiSpyCheck Rogue Program
Here are some lines from Hijackthis that you may find if you are infected:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll
O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O22 - SharedTaskScheduler: campaniform - {5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f} - C:\WINDOWS\system32\kfcpnd.dll
Here are some files that you my have if you are infected with this trojan:
c:\Program Files\AntiSpyCheck
c:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
c:\Program Files\AntiSpyCheck\IEWarning.dll
c:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru
c:\Program Files\NetProject
c:\Program Files\NetProject\sbmdl.dll
c:\Program Files\NetProject\sbmntr.exe
c:\Program Files\NetProject\sbsm.exe
c:\Program Files\NetProject\sbun.exe
c:\Program Files\NetProject\scit.exe
c:\Program Files\NetProject\scm.exe
c:\Program Files\NetProject\scu.exe
c:\WINDOWS\system32\kfcpnd.dll
c:\WINDOWS\system32\514852\514852.dll
For full details and a free removal guide, take a look at Bleeping Computer's AntiSpyCheck Removal Guide.
Monday, June 02, 2008
Internet Explorer Flaw Plus Safari Equals Trouble
The flaw in Internet Explorer uses the calculator program in conjunction with Safari for Windows to make two moderate vulnerabilities into a critical one. Microsoft has issued a bulletin, but it doesn't really say too much. Even if Microsoft patches IE, there's still Safari's "carpet bomb" issue that can allow unwanted downloads. Right now, Apple doesn't appear to want to fix this. Simply adding the option to prompt for all downloads before doing the download would help prevent this. Stopbadware wrote on their blog to urge Apple to do so.
You have to visit a specially crafted web page for this exploit to work. So it is not an all out fiasco. So far, there is not a known use of this problem. Right now, the only guaranteed fix to prevent this is to uninstall Safari for Windows. This may not be a bad idea, since there could be more bugs like this that can be exploited in Safari for Windows, said Raff in an interview with Macworld.
Thursday, May 29, 2008
Service Pack 3 Available On CD
Wednesday, May 28, 2008
Mac OS 10.5.3 for leopard, Security Update for Tiger
Saturday, May 24, 2008
Spyware Doctor False Positive Flags Part of XP Service Pack 3
Friday, May 23, 2008
MacWindows
Anyways, with all the Windows going on, I'll need to keep up with the security stuff and will get back to updating here more. I haven't decided what changes there'll be, but I think a real template for this blog is past due. One thing to think about is what to display in updates. Most security programs these days have so many updates with similar names, that it's hard to pick out what it means. It used to be simple. A Look2Me here, a Vundo there and whatever the Zlob trojan was calling itself this week.
I'll see what i can come up with.
Spybot Search & Destroy May 21st
Keylogger
+ KGBKeylogger ++ KGBKeylogger.REFOG ++ SmartPCKeylogger
Malware
++ AntiSpyCheck ++ BugDoctor + ConOpt.BHO (3) ++ DeusCleaner ++ DoctorCleaner ++ EliteProtector + ErrorDoctor + FakeAlert.cc ++ LiveAntispy ++ MalwareDestructor + MyNetProtector ++ PCSleek.FreeErrorCleaner + Smitfraud-C. ++ Spyburner ++ SpyKill + Trojan-Guarder + Vario.AntiVirus + Win32.BHO.je + Win32.Renos + WinSpyKiller + Worldsecurityonline.FakeAlert
PUPS
++ SpyPry
Security
+ Microsoft.Windows.AppFirewallBypass
Trojan
+ Smitfraud-C.MSVPS + Virtumonde.ddc ++ Win32.Agent.abd ++ Win32.Agent.ark ++ Win32.Agent.byc + Win32.AutoRun ++ Win32.Delf.bj ++ Win32.Friendown + Win32.PcClient.agu + Win32.Small.ih
Total: 609774 fingerprints in 159642 rules for 3951 products.
http://spybot.info/en/updatehistory/index.html
Spyware Doctor 5.09900
Latest Database Version: 5.09900
Intelli-Signatures: 520,229
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
5.09900 - Trojan.Delf.CDI
5.09890 - Trojan-PWS.QQTen, Trojan.PHP.Agent, RogueAntiSpyware.MalWarrior
5.09880 - Trojan-Downloader.WMA.Wimad, Trojan-Downloader.Small.FQO, Trojan-Downloader.Firu, Adware.Agent.BYY, Trojan-Downloader.Banload.MCC, Trojan.Agent.LRY, PSWTool.SAMInside, Trojan-Dropper.Agent.NHA
Extended Intelli-Signatures:
5.09900 - Trojan.Mebroot, Trojan.DNS_Changer, PWSTool.QQPass, Exploit.MSWord, Exploit.MSPpt, Exploit.MSExcel, Backdoor.PCclient, Backdoor.Hupigon.GEN, Backdoor.Graybird.GEN, Adware.NewWeb, Adware.ILookup_Begin2Search, Trojan.QQHook.A, Trojan.Riler, Trojan-PWS.Lineage
5.09890 - Worm.Mytob, Trojan-Spy.Zbot, Trojan-Spy.VB, Trojan-Spy.Qeds, Trojan-Spy.Lyndra, Trojan-Spy.Agent, Trojan-PWS.QQRob, Trojan-PWS.QQRob.U, Trojan-PWS.QQPass.UP, Trojan-PWS.QQPass.GE, Trojan-PWS.OnlineGames, Trojan-PWS.OnLineGames.GEN, Trojan.Zquest, Trojan.Startpage, Trojan.Downloader, Trojan.Agent.LPV, Trojan.Agent.EMB, Trojan.AdRotator, Spyware.SahAgent, Spyware.Known_Bad_Sites, Rootkit.Agent, Exploit.MSPpt, Exploit.JS.Agent, Backdoor.Hupigon, Backdoor.Hupigon.GEN, Backdoor.Graybird.GEN, Backdoor.Bifrose, Backdoor.Bifrose.ACI, Backdoor.Agent, Application.Perfect_Keylogger, Adware.Zeno_Search_Assistant, Adware.TTC, Adware.PodcastbarMini, Adware.OneStepSearch, Adware.MokeAd, Adware.Deskbar, Adware.Cinmus, Adware.Agent.BN, Adware.Adsponsor
5.09880 - Trojan.Virtumonde, Adware.Mokead, Trojan.DNS_Changer, Trojan-PWS.OnLineGames.GEN, Adware.Loadscc, Trojan.Agent.BOW, Trojan-Downloader.Zlob.GEN, Backdoor.Hupigon.GEN, Trojan-Spy.VB, Trojan-Spy.Banker.ALR, Trojan-Downloader.Agent.NVP, Backdoor.Hupigon , Application.HP-Compaq, Trojan-PWS.OnlineGames.HZJ, Worm.Mytob, Trojan-Spy.Pophot.WX, Trojan-Dropper.Agent.BPF
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Wednesday, April 23, 2008
Nod32 Update 3046 (20080422)
NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.
Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's AssociationFrom Eset's NOD32 product information page.
Threats added in this update include the following:
3046 (20080422)
Win32/Adware.Vapsup (3), Win32/Adware.Vapsup.AB (2), Win32/Adware.Vapsup.AI, Win32/Adware.Vapsup.W, Win32/Adware.Virtumonde, Win32/Adware.Virtumonde.FP, Win32/Agent.NTQ, Win32/Agent.NTS, Win32/AutoRun.LQ (3), Win32/AutoRun.LR (2), Win32/AutoRun.LS (2), Win32/IRCBot.AEY, Win32/Mypis.AH (2), Win32/Pacex.Gen (6), Win32/Privaz.V (8), Win32/PSW.LdPinch.SUI, Win32/PSW.OnLineGames.NFF, Win32/PSW.OnLineGames.NHY, Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NMX, Win32/PSW.OnLineGames.NMY, Win32/PSW.OnLineGames.NNU, Win32/PSW.OnLineGames.NOH (2), Win32/PSW.OnLineGames.NOI (2), Win32/PSW.OnLineGames.ODJ, Win32/PSW.OnLineGames.XTT (2), Win32/PSW.QQRob.NAQ, Win32/Qhost, Win32/Rootkit.Vanti.NBM (2), Win32/Socks.EQ (2), Win32/Spy.Agent.NES (3), Win32/Spy.Agent.NGA, Win32/Spy.Delf.NHF (3), Win32/Spy.Delf.NHV, Win32/Spy.Delf.NIG (3), Win32/Spy.Delf.NIK (5), Win32/Spy.Delf.NIL (5), Win32/Spy.KeyLogger.AEV, Win32/TrojanDownloader.Dadobra.IA, Win32/TrojanDownloader.Zlob.BTY, Win32/TrojanDownloader.Zlob.BUZ (2), Win32/TrojanDownloader.Zlob.BVD, Win32/TrojanDownloader.Zlob.BVE (16), Win32/TrojanDropper.Agent.NJR, Win32/Ysmarsys.H (3), Win32/Ysmarsys.I, Win32/Ysmarsys.J, Win32/Ysmarsys.K
Earlier
Update 3045 (20080422)
IRC/SdBot, PDF/Exploit.Pidief.M, VBS/Agent.AI (3), Win32/Adware.BHO.APH (2), Win32/Adware.Cinmus, Win32/Adware.Vapsup (5), Win32/Adware.Vapsup.AB, Win32/Adware.Vapsup.AI (2), Win32/Adware.Vapsup.W, Win32/Adware.Virtumonde.FP, Win32/Agent.KKP, Win32/Agent.KLQ, Win32/Agent.NHE, Win32/Agent.NKJ (6), Win32/Agent.NTV, Win32/BHO.NDR (2), Win32/DNSChanger, Win32/Hupigon (4), Win32/Inject.BCJ, Win32/Obfuscated.NBH (2), Win32/Pacex.Gen (5), Win32/PSW.Agent.NHN (46), Win32/PSW.LdPinch.NEL, Win32/PSW.OnLineGames.NFF, Win32/PSW.OnLineGames.NFL (2), Win32/PSW.OnLineGames.NHY, Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NNU (5), Win32/PSW.OnLineGames.NOF, Win32/PSW.OnLineGames.NOH (3), Win32/PSW.OnLineGames.WEA, Win32/PSW.OnLineGames.XTT (3), Win32/Rootkit.Vanti.NBM, Win32/Small.NDV, Win32/Spy.Agent.NFZ, Win32/Spy.Banker.LPX (2), Win32/Spy.Banker.LRB, Win32/Spy.Banker.OTP (2), Win32/TrojanDownloader.Agent.NXT, Win32/TrojanDownloader.Agent.NXU, Win32/TrojanDownloader.Agent.NXV, Win32/TrojanDownloader.Banload.LFX (2), Win32/TrojanDownloader.Delf.FBX (2), Win32/TrojanDownloader.FakeAlert.CD (2), Win32/TrojanDownloader.Zlob.BUZ (2), Win32/TrojanDownloader.Zlob.BVC (3), Win32/TrojanDownloader.Zlob.BVD (17), Win32/TrojanDropper.Agent.NJV (2), Win32/Ysmarsys.G (2)
Spyware Doctor 5.09660
Latest Database Version: 5.09660
Intelli-Signatures: 641,913
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
5.09660 - Adware.BHO.AJ, RogueAntiSpyware.AntiSpywareMaster, Trojan.BurningHardDisk.HOAX, Trojan.Chaincodr, Trojan-Downloader.Agent.HNP, Trojan-PWS.OnlineGames.CVQ, Trojan-PWS.OnlineGames.NFE, Trojan-PWS.QQPass.ARG, Trojan-PWS.Tibia.DB, Trojan-Spy.Agent.AZB, Trojan-Spy.Agent.BBO, Trojan-Spy.Bancos.U, Trojan-Spy.Yazoka
5.09650 - Backdoor.Hupigon, Backdoor.VB.BDZ
5.09640 - HackTool.QQShou, IM-Worm.Kelvir, Trojan.Startpage.U, Trojan-Spy.Lorex
Extended Intelli-Signatures:
5.09660 - Adware.Adbars, Adware.BHO.GEN, Adware.Borlander, Adware.Cinmus, Adware.WebDir, Application.Ardamax_Keylogger, Backdoor.Bifrose.ACI, Backdoor.Cakl, Backdoor.Hupigon, Backdoor.PCclient, Backdoor.Sdbot.AAD, HackTool.Hupigon, PSWTool.Brutus, Trojan.Startpage, Trojan-Downloader.Banload, Trojan-Downloader.Small.GEN, Trojan-PWS.Lineage.ACJ, Trojan-PWS.Lineage, Trojan-PWS.Magania, Trojan-PWS.OnlineGames, Trojan-PWS.QQPass, Trojan-PWS.Tibia, Trojan-Spy.Banker.CHC
5.09650 - Adware.Comet_Cursor, Adware.NewdotNet, Adware.NewWeb, Adware.OneStepSearch, Adware.Sogou, Adware.Starware, Adware.WhenU_SaveNow, Backdoor.Beastdoor, Backdoor.CIADoor, Backdoor.G_Door, Backdoor.Hupigon.GEN, Backdoor.Nuclear, RogueAntiSpyware.Ultimate_Defender, Trojan.Dumaru, Trojan.SC_Keylogger, Trojan.Vipgsm, Trojan-PWS.Magania, Trojan-PWS.OnlineGames, Trojan-PWS.Tibia, Trojan-Spy.Banbra.H, Trojan-Spy.Banker.GEN
5.09640 - Adware.EliteBar, Adware.Webbuying, Backdoor.IRC.Flood, Backdoor.Poison, Backdoor.SkRat, PSWTool.Brutus, Rootkit.Agent, Trojan.FakeAlert, Trojan.Laoshen, Trojan.Popuper, Trojan-Downloader.Agent.AKQ, Trojan-Downloader.Small.BUY, Trojan-Downloader.Small.GEN, Trojan-PWS.LdPinch, Trojan-PWS.OnlineGames, Trojan-PWS.QQShou, Worm.Spybot
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Tuesday, April 22, 2008
Firefox 2.0.0.14 Update
From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download
- http://www.mozilla.com/firefox/
What's new:
- http://www.mozilla.com/en-US/firefox.../releasenotes/
April 16, 2008
- http://www.mozilla.org/projects/secu...irefox2.0.0.14
- http://secunia.com/advisories/29787/
Release Date: 2008-04-17
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.14.
Tuesday, February 12, 2008
Leopard Graphics Update for 10.5.2
Monday, February 11, 2008
Mac OS 10.5.2 and Security Update 2008-001
Friday, February 08, 2008
VirusHeat, Yet Another Rogue
SmitFraudFix can get this pest off your PC and it's free. So click the link above to see how to get this crap off your computer.
Here's what the fake warning looks like. It may say something different, but it's the same idea.
Tuesday, January 15, 2008
Macs Join the Rogue Program Club
For now, I'm not sure how you remove it, but it appears to be mainly a nuisance. More updates on this later.
Saturday, January 05, 2008
Microsoft Advance Security Bulletin For January 2008
Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don’t forget to prepare for the updates as I’ve outlined in an earlier entry - How To Prepare for Patch Tuesday.
On 8th January 2008 Microsoft is planning to release:
Security Updates
One Critical Bulletin.
- One Microsoft Security Bulletin affecting Microsoft Windows with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
One Important Bulletin.
- One Microsoft Security Bulletin affecting Windows with a Maximum Severity rating of Important. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
Microsoft Windows Malicious Software Removal Tool
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Centre.
Non-security High Priority updates on MU, WU,WSUS and SUS
- Microsoft will release two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU)
- Microsoft will release five NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Obtaining Other Security Updates
Updates for other security issues are available from the following locations:
- Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for “security update”.
- Updates for consumer platforms are available from Microsoft Update.
- You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.
Microsoft will host a webcast to address customer questions on these bulletins on January 9, 2008, at 11:00 AM Pacific Time (US & Canada). Register now for the January Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
Thursday, January 03, 2008
Ad-Aware SE No Longer Supported
If you are using Lavasoft’s Ad-Aware SE then you must uninstall it and replace it with Ad-Aware 2007 Free. Lavasoft will no longer provide definition updates for Ad-Aware SE.. and an anti-malware program that doesn’t get regular updates is as much use to you as a chocolate teapot.
Please note; Ad-Aware 2007 Free is only compatible with Windows 2000, XP, 2003 Server and Vista(32-bit). If you are running earlier versions of Windows (Windows 98 or ME) then you will not be able to use it.