Spyware

Software: Panda AV offering FREE USB Vaccine to help stop malware from spreading via external drives

Aug 29th

Posted by anovelo in Must Have Products (Free)

1 comment

     As a tech, one of the biggest headaches involves someone bring there USB key (or external hard drive) from home, full of malware infections because the user doesn’t know how to protect their home pc.  They go to the office and start “Copying that Excel sheet” or even better “The cute pictures of their kids” so that it can be seen on every pc.  Unfortunately as that drive keeps getting plugged in, every machine it goes into get infected with malware because of what is know as the autorun feature.

     Panda Labs is offering a FREE download (http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ (http://www NULL.pandasecurity NULL.com/usa/homeusers/downloads/usbvaccine/) ) that can be used on your external drives and on each pc, which will basically disable the autorun feature.  With the feature disabled, you should be able to scan your external drive, and make sure its ok, prior to it being able to cause malware havoc.

********************************************************************

   From the Panda Website

There is an increasing amount of malware which, like the dangerous Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players, digital cameras, etc. To do this, these malicious codes modify the AutoRun file on these devices.


Panda USB Vaccine is a free solution designed to protect against this threat. It offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices:

Vaccine for computers: This is a ‘vaccine’ for computers to prevent any AutoRun file from running, regardless of whether the device (memory stick, CD, etc.) is infected or not.

Vaccine for USB devices: This is a ‘vaccine’ for removable USB devices, preventing the AutoRun file from becoming a source of infection. The tool disables this file so it cannot be read, modified or replaced by malicious code.

This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows. This provides users with a simple way of disabling this feature, offering a high degree of protection against infections from removable drives and devices.

*********************************************************************

Just remember that this needs to be used both on the external drives and PC.  Even if you don’t have an external drive yourself, its a good thing to run it on your pc, in case some one visits (or your kids or co-workers) and brings an external drive with them.

, ,
CAeTrustAntiVirus.jpg

Alert: CA Anti-Virus does it again! Releases an update that start treating system files like virus

Aug 14th

Posted by anovelo in CA Anti-Virus

1 comment

    CA-eTrust-Anti-Virus (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/08/caetrustantivirus NULL.jpg) For the second time in ONE MONTH, CA releases an update that incorrectly treats legit files as virus infected files.  The “False positive” this time reports that windows and various programs files are infected with the StdWin32 virus.  The issue occurred Thursday 8/13 but I still am getting reports from some clients of machines that are basically broken still from this update today. The problem this time comes for those using the CA Threat Manager version of software ( http://www.ca.com/us/products/product.aspx?ID=5926 (http://www NULL.ca NULL.com/us/products/product NULL.aspx?ID=5926) if you would like to see what’s different in Threat Manager)

     The problem release quarantined (and renamed the files to .AVB) various binary files, breaking programs like MS Visual Studio,Exchange and Arcserve.  It seems that eventually it even started to detect some of CA Anti-Virus own files as infected files and moving even those files into quarantine.  The net result of all of this was a really messed up system. 

CA released the following statement:

“Last night, CA released a new updated antimalware engine. This new release has resulted in false positive detections of a number of files. CA Threat Manager customers are the only customers being affected by this issue. This is not a result of signature updates and does not impact CA consumer Internet security products.
To resolve the issue, CA has rolled back the new engine and re-released its previous antimalware engine. CA customer support representatives are on call to answer customer questions and to provide remediation support. A remediation tool to rename the quarantined files is now available through CA support and will soon be accessible online.
CA is aggressively working to resolve the issue, assist any customers who have been affected, as well as identify the root cause of the incident. We apologize for this inconvenience and look forward to the roll out of our new antimalware engine, which will ultimately offer our customers many benefits including enhanced malware protection and improved performance.”

Additionally from CA Tech Support

For the files which are already renamed or quarantined, we have uploaded the rename and un-quarantine tool to below mentioned link.
ftp://ftp.ca.com/outgoing/8888888/17943192-01 (ftp://ftp NULL.ca NULL.com/outgoing/8888888/17943192-01)
File name: Renameavb2exe_with_date.rar
File Name: CA_Unquarantine.rar
File Name: Password.txt

Please download and run the rename tool or un-quarantine tool first to restore the files and then update the machines to version 34.0.0.6674.

Thanks
Tech Support

(SOAPBOX)

     With all the increased Malware and Virus threats out there I understand why there is a need to update signature files on any Anti-Virus program every few hours.  However, considering how much more of our lives are now depended to online activity, AV companies can NOT get careless with things like this update.  For CA this is the 2nd time in a month, and I’m sure this has got to cost them customer.  I have recommended CA to my clients for a few years now as McAfee and Symantec have been bloatware in the past, but it is really hard to continue support for a product that makes the same mistake 2x’s in such a short time frame.

, , , , ,
400pxKlingonflag_svg.jpg

Software: How did anyone get this approved as a concept.

May 23rd

Posted by anovelo in And More!

No comments

    400px-Klingon-flag_svg (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/05/400pxklingonflag_svg NULL.jpg) I just came across a new release from Sophos antivirus, it is a Klingon version of Sophos anti-virus.  I know the new Star trek Movie was just released, and part of me can see how trying to get some Trekkie out there to look at your product, but (really) someone had the nerve to have gone up to a member of management somewhere and said “You know if we translate our software into Klingon we can tap into a seriously underserved part of the market”.  Even better is that whoever took that meeting in management agreed.

      Sophos doesn’t rank as a top choice for Anti-virus in my opinion, but if your a trekkie (or want to mess with someone who uses a computer and really isn’t into Star Trek, so they wouldn’t have a clue what they were seeing) you can download the software from the Sophos website  http://www.sophos.com/klingon-anti-virus/ (http://www NULL.sophos NULL.com/klingon-anti-virus/) .

     Next we will have a Tribble.a virus. Beam me up.

From the Klingon website itself:

Why did we translate it into Klingon?

Our routine monitoring of sub-space transmissions alerted Sophos that the loss of the Klingon battlecruiser Klothos was not due to Romulan incursion into the Khitomer system, but a result of trying to remove VBS/PeachyPDF-A from the battle computer using M’swoN’kar after Commander Kor opened an attachment from the system S’cam-419.

Immediately our Product Marketing away team embarked on a mission to explore strange new worlds, to seek out new life and flog them Network Access Control solutions. Sadly they chose Qo’noS as their first destination and when their severed heads were beamed back to Sophos, the engineering team created this software, not in a spontaneous display of gratitude to the Klingon race (as the Register would have you believe) but to honour their memory.

, , ,

Conflicker – Test your pc

Apr 19th

Posted by anovelo in Microsoft

No comments

     A very simple test has been developed to check and see if your pc has been infected with the Conflicker worm.  If you go to confickerworkinggroup.org (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html (http://www NULL.confickerworkinggroup NULL.org/infection_test/cfeyechart NULL.html)), you will get a page where you should see 6 images. There is also a chart below the 6 images showing how to interpret if your infected or not.

,
computervirus.jpg

Conflicker – It just wont go away. (UPDATE)

Apr 19th

Posted by anovelo in Microsoft

No comments

Computer-Virus (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/04/computervirus NULL.jpg)

     Something that was brought to my attention.  In my previous post, I said to install Malwarebytes and Avast Antivirus, if your infected. If you have an already installed Antivirus you will need to uninstall it prior to installing Avast as having 2 antivirus programs could cause more problems and its not recommended ever.

,
troj-fakeav-axl2.jpg

Conflicker – It just wont go away.

Apr 18th

Posted by anovelo in Microsoft

No comments

   There are reports that new payloads are being downloaded to machines infected with various versions of Conflicker. The conflicker worm will connect via p2p and download files that can be very annoying (if your lucky) and could cause you to have your information compromised (if your unlucky) once they are on your machine.  One of the payloads that it seems to download is for a program called spyware protect 2009. 

TROJ_FAKEAV_AXL2 (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/04/troj-fakeav-axl2 NULL.jpg)

    This program will look like a legit program telling you that your machine has been infected, but in fact, it is designed to trick you into giving up personal and credit card information.  This is not a real program, if a fake program that was written by someone who wanted to get information and money out of people.

   The best way you can remove Spyware Protect 2009 is to download and install Malwarebytes  (http://www.malwarebytes.org/mbam.php (http://www NULL.malwarebytes NULL.org/mbam NULL.php)) and Avast (http://www.avast.com/eng/avast_4_home.html (http://www NULL.avast NULL.com/eng/avast_4_home NULL.html)) AV  so that the machine installs both.

If your machine is already infected you may not be able to access those sites so you may need to download them on another pc and then burn the installs to a cd. **Do NOT put the downloads on a USB flash drive or external hard drive as those devices will also get infected as soon as you plug them into the machine that is infected.  The only safe way is to burn the files to a cd as files can not be saved to cd without a 3rd party program (Nero, Roxio, etc…). Once they are installed make sure you run the software update button so that they have all the latest fixes….

    Once you have completed the install and updates. Shut down your pc (NOT Reboot) and then once its completely off, turn it on and immediately start pressing the F6 key on your keyboard (Yes those keys serve a purpose).  You should see a screen asking you if you want to go into safe mode as well as a number of other options.  safemode (http://www NULL.rj-diamond NULL.com/alex/wp-content/uploads/2009/04/safemode NULL.jpg)

     Select safe mode and let the pc log in safe mode. In safe mode your screen will look a little funny and not all your files will appear, that is because safe mode a version that only starts just enough of the Windows operating system to turn on, but all the additional bells and whistles that everyone is used will not be operating. 

    Once you are in safe mode run a full scan of your entire pc using Malwarebytes and then avast. The scans will discover most of the infects and ask if you want to remove them say yes to all.  Lastly an option in avast is a scan on boot up. Configure the boot up can and reboot…..

To set up Avast boot up scan:

Boot time Avast Antivirus Scanning

Avast Antivirus offers a "boot time" virus scan of your PC. This allows the antivirus engine to scan all of the files on your hard drive before any other programs load – useful in cases where you have an infection which cannot be cleaned because the "file is in use"

To schedule a boot-time scan using Avast:

  1. Right click on the blue a logo at the bottom right of your taskbar and then select the "Start avast! Antivirus" option from the menu which appears
    Right click the blue A Avast logo
  2. Avast will run a memory scan on your PC and you’ll see this screen while the scan completes and the control panel opens. Just let this finish
    Wait for this Avast screen to pass
  3. Once Avast! loads, you’ll see this strange looking control panel – don’t worry, we don’t need to decipher any of the buttons – we just want to click using the right mouse button anywhere in the grey area.
    Avast control centre
  4. When you right click on the control centre, you’ll see a new menu. From this menu, select the "Schedule Boot-Time Scan…" option:
    Schedule Boot-Time Scan
  5. You’ll now get a new screen, as shown below. Select the option "Scan all local disks" and tick the "Advanced Options" box. Select the options "Move infected file to Chest" and "Allow delete or move" from the two menus in the bottom half of the window, before pressing Schedule:
    Scheduling a boot-time scan in Avast
  6. Once you have presses OK, you will be given a prompt to reboot your PC. Check that you have no unsaved work open and then click "Yes". Your PC will reboot, and before Windows reloads, Avast will perform a virus scan.
    Operating system restart needed
    The virus scan will take about 30-45 minutes on your PC, and should be completely automatic. The scan will be complete when your PC reloads Windows, and you need take no further action.

    And as always – Make sure that you go to the Microsoft Updates site (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US (http://update NULL.microsoft NULL.com/microsoftupdate/v6/default NULL.aspx?ln=en-US)) and make sure your system has the latest updates installed. 

Commentary:

    For all those who are none tech, if you had a small drip in a pipe in your house would you fix it at that moment or would you let it stay dripping so that it got bigger and then burst the pipe causing a flood and a mess.  Updating your windows machine is just like that pipe, update it now and its no big deal, wait and you will have a mess.

, ,
« First...23456