Paul's Tech Talk

This seems to be an virus that is getting some people hit hard. I wanted to blog about this because of the nature of Virus and Trojans. I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies. I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it. It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don't trust or know anything about. You also should know that if you need a "SPECIAL" codec, you should just go on to another site. These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

[via Avast Forums]

After you get this very bad Virus you are done for. You would need to install the Operating system from backups or even start a new. This seems to be building this week and there isn't much you can do once your infected. I do recommend a good Anti-virus and Firewall but that wouldn't fix the problem right now. You will need to pull your backups out and start the process. I suggest a complete wipe and then do the Restoring the backups. This little virus likes to infect any .EXE it can so just restoring the Windows Directory will not help. Remember only you can prevent from getting infected.

2 Comments | in

2009,

ATI,

Anti-Virus,

Avast,

Avg,

Back,

Back up,

Bad,

CES,

Call,

Codec,

EA,

Facebook,

HP,

Html,

IDE,

Inc,

LAN,

Movies,

NIN,

Online Movies,

Open,

Operating system,

Player,

Spam,

Tech-linkblog,

Tor,

UPS,

Update,

WIndows,

Will,

Windows Vista,

adobe flash,

adobe flash player,

anti virus protection,

anything,

backups,

building,

com,

dll,

download,

exe,

executable files,

guess,

href,

mean,

reason,

risk,

running processes,

time,

viruses,

vitro,

way,

win32,

windows directory

Tuesday

Feb172009

Zero Day For IE7 Being used in the wild.

Author:

Paul Sylvester | Date:

Tuesday, February 17, 2009 at 6:10AM |

It looks like IE7 patches are being used right now in the wild. According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while. Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats. The Good news is this isn't as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access. I still like the Autopatcher because it will do the job with very little input from the user. It also makes it easier for people to patch big systems. You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP. So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.

Post a Comment | in

2009,

Auto,

Autopatcher,

Big,

Blog,

Good,

Image,

Job,

Micro,

On,

Peak,

Software,

Someone,

URI,

free anti virus software,

agent,

botnet,

botnets,

company,

conten,

cve,

date,

end,

href,

internet access,

internet explorer,

isp,

patch release,

people,

security patch,

success,

track,

virus removal,

vulnerability

Saturday

Dec062008

trojan.zlob removal tricks!!

Author:

Paul Sylvester | Date:

Saturday, December 6, 2008 at 8:20AM |

[ad#ad2-right]

Aliases:
Trojan-Downloader.Win32.Zlob.qyl (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzs (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzn (Kaspersky)
Trojan.Zlob.CPP (BitDefender)
Puper (McAfee)
SystemDefender (Symantec)

Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.

[Via Windows Live OneCare]

[ad#ad2-left]This one just popped up today on my radar it seems to be a very low threat on everyone's radar according to my sources say "Trojan.Zlob.G is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page." So to remove this little Trojan you would want to download one an Anti-virus and firewall. Once you install the software the program should fix the problem for you. This one seems to be really easy to fix. So Please read my post on how to better protect your self if you want to prevent this in the future.

Post a Comment | in

Aliases,

Anti-Virus,

Better,

Bitdefender,

Direct,

Downloader,

Downloads,

EA,

Easy,

GE,

KY,

Left,

Radar,

Read,

Real,

Red,

The,

Trojan,

Via,

WIndows,

Wal,

Win,

internet explorer home page,

Windows,

Windows Live,

Windows Vista,

Zlob,

ad2,

adware,

bit,

com,

component,

cpp,

day,

download,

end,

everyone,

file,

future,

home,

internet explorer,

man,

mcafee,

net,

page,

post,

problem,

puper,

removal,

trojan downloader win32 zlob,

rogue,

say,

search,

search page,

security programs,

self,

source,

threat,

today,

tricks,

troj,

trojan downloader win32,

trojan horse,

trojan win32,

virus removal,

war,

wind

Friday

Dec052008

Trojan.PWS.ChromeInject.A is not a Firefox plugin.

Author:

Paul Sylvester | Date:

Friday, December 5, 2008 at 5:45PM |

A new type of malware designed to harvest web passwords has been detected in-the-wild by BitDefender’s antivirus research labs. This latest e-threat – called Trojan.PWS.ChromeInject.A – is intended to be delivered onto a compromised computer system by other malware for subsequent download into Mozilla Firefox's Plugin folder. Once installed it gets to work every time Firefox is started.

[Via Bitdefender]

[ad#ad2-right]So having seen this I thought I'd come up with ways around this to better protect yourself. One way to prevent this from getting your sensitive data is to get a program like Sandboxie. You could stop using Firefox that would be silly, because right now Firefox is more secure than Chrome and Internet Explorer. I'd also suggest checking out my Anti-spyware page and Anti-Virus page and get some more protection.

The key to this virus protection is just be cautious of where you go and keep all you system update to date to prevent all this from happening. It is also advisable to not have your passwords saved on Firefox, you should use something like Roboform, it is free to download and try. It will encrypt your passwords so if they don't know the master password then they are out of luck. Roboform is also good for coming up with some strong passwords. Just some suggestions to prevent from people seeing your sensitive data, you don't want anyone to get that data.

Post a Comment | in

Age,

Anti-Virus,

Anti-spyware,

Anti-virus,

App,

BOX,

Bitdefender,

Chrome,

ChromeInject,

Computer,

Data,

Detect,

Detected,

EST,

Explorer,

FIREFOX,

GE,

IE,

Install,

Internet,

KEY,

Live,

Mozilla,

NIN,

New,

Password,

Plugin,

Protection,

Red,

Sandboxie,

Secure,

Spy,

The,

Trojan,

US,

Update,

Use,

Via,

Ways,

ad2,

com,

end,

folder,

page,

pws,

ru,

search,

start,

test,

thought,

time,

troj,

type,

war,

way,

web,

web passwords,

work

Friday

Dec052008

Are you patched, Secunia Says NO

Author:

Paul Sylvester | Date:

Friday, December 5, 2008 at 9:03AM |

Think you've got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack. [ad#digg-right]So I wanted to talk about this a little and give you a few good ways to make sure you are patched. There are several ways to get your system up to almost 100%.

[ad#ad2-left]Some things to do is make sure you have your Windows systems updated. This is easy to make sure, if you have an internet connection you can just check for updates. If you don't know how to do it, it is quite simple, Just go here. If you have Windows Vista all you have to do is hit Start and type in the search box "Windows Update" and hit Enter and you will be taken to the update page.

If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you. You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

[ad#ad2-right]If you don't know what you need to update sometimes just having a program check for you can make a really good difference. The one that I like to use is Appsnap and it actually searches you computer to see what might need to be updated. I also suggest for the final suggestion is check out my Anti-Virus and Anit-Spyware Resources and make sure you have a firewall and anti-virus software. This will greatly reduce your chances of getting a virus but that isn't all you have to be careful on what you click on read this article on Some Important programs to prevent yourself from having viruses and Malware!! Read that carefully to better understand how you can protect yourself in the future.

Post a Comment | in

AT&T,

Anit,

Appsnap,

Auto,

Autopatcher,

BOX,

Better,

Chances,

Clone,

Computer,

Connect,

Don,

EST,

Easy,

Full,

GE,

Good,

How-to,

Ina,

Left,

Might,

Office,

Open,

Open Office,

Programs,

Read,

Real,

Secunia,

Security,

Software,

Spy,

US,

Update,

Updated,

Use,

Wal,

Ways,

Will,

ad2,

attack,

chance,

personal software inspector,

click,

future,

kind,

kinda,

lavasoft.com,

lt,

ninja day,

page,

secunia personal software inspector,

ru,

say,

search,

secunia psi,

self,

source,

span,

start,

talk,

thing,

time,

type,

ua,

viruses,

week,

windows systems

Sunday

Nov302008

Stop botnets in its tracks With a Firewall!

Author:

Paul Sylvester | Date:

Sunday, November 30, 2008 at 3:02AM |

According to PC World and I'll quote:

According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40 percent of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.

[via PC World]

[ad#ad2-left]Now let's talk about this, having been seeing recent surges of people getting infected. I've come to the conclusion that companies like AVG and other Anti-Virus companies are keeping up. Now true if all you have is an Anti-virus and nothing else that greatly increases your likely hood of getting a virus.

In a recent virus storm, We have people finding my site because of a Good Firewall. No if he didn't have anything but Windows firewall then it would of gotten through and you would not of known about it. So let's talk about how to prevent botnet attacks. This is relatively easy and if you follow some common rules. You to could be less likely to be infected. I will say this most people don't do these common tips and they should do them.

[ad#digg-right]So what should you do to help prevent from getting a Virus or Malware. This is really simple, you want to find an Anti-virus Software that you like, and Firewall that you like also. You'll also want to download the tools to better help you in case you do get infected. Some of these tools I recommend are Hijackthis, Spybot Search and Destroy, Hitman Pro, and Ad-aware 2007 Edition (FREE). Then Go buy a Sandisk USB memory Stick and put those on there for later use!! You will always want to keep a backup of those just in case you get infected.

[ad#ad2-right]Make sure you update Windows regularly. Having seen this time and time again, if you don't keep windows updated then you lose the battle. If you have a system that needs updating, I suggest downloading the Clone to Autopatcher. This little program will download the files needed to update your system without having to be online. Although, you can have windows update automatically every month but that might not update the recommended updates only the ones that are hot. It doesn't matter which way you prefer to update, as long as you do to update regularly, Like every 2nd Tuesday of the Month.

One last tip you should also keep your Firewall and Anti-virus updated. There is a little program that will do that, it's call AppSnap. If you follow all these recommendations you will greatly reduce your chances of getting a virus on your system.

3 Comments | in

AT&T,

Ad-aware,

Appsnap,

Arts,

Auto,

Autopatcher,

Back,

Backup,

Clone,

Common,

Destroy,

Digg,

Disk,

Don,

FireEye,

Free,

GE,

Good,

Help,

Hitman,

ICal,

IE,

Ina,

Left,

Name,

Nothing,

Online,

Part,

Red,

Spybot,

Stick,

The,

Tor,

Tuesday,

US,

Updated,

Usb,

Use,

Via,

Ways,

ad2,

battle,

case,

chance,

chief scientist,

com,

conclusion,

danger,

day,

first,

man,

memory,

memory stick,

month,

period,

recent virus,

ru,

say,

security software,

start,

storm,

surges,

thos,

ua,

virus companies,

war

Saturday

Nov292008

Spying on Spyware.ISpynow!!

Author:

Paul Sylvester | Date:

Saturday, November 29, 2008 at 7:08AM |

[ad#digg-right]This is another Virus that is going around and thought I'd tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

[ad#ad2-left]Now this one isn't to hard to figure out what happened. You have to manually install it on your system to get infected. Symantec has a great way on uninstalling this annoyance. I also suggest checking out my other program list just in case you don't want to buy Symantec Anti-Virus programs. Some other things to check out is:

Avg detected Trojan Horse Generic 12.htc? - This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.

Some Important programs to prevent yourself from having viruses and Malware!! -- This article gives you some other programs to use other than Symantec. You have a wide variety of choices on Anti-virus programs and Firewall Choices. You also have some choices on Spyware removal programs.

This is just the beginning in getting your system clean. You have to keep all you programs up to date and one way I do that is with Appsnap. This little program keeps you programs up to date from Virus to Firewall. I hope this helps people prevent and control spyware.

Post a Comment | in

ATI,

AVG,

Begin,

Don,

EST,

GE,

GENERIC,

Generic 12.htc,

Help,

Horse,

Host,

How-to,

IDE,

IE,

Important,

Info,

Install,

KEY,

Keys,

Manual,

Monitor,

Spy,

Spyware.ISphynow,

Symantec,

Trojan,

Use,

Via,

Wal,

annoyance,

article,

beginning,

case,

checking,

choices,

date,

file,

form,

going,

htc,

list,

man,

net,

perfect defender 2009,

person,

str,

stroke,

ua,

way

Tuesday

Nov252008

Microsoft kills a fake antivirus tool from 994,061 computers!

Author:

Paul Sylvester | Date:

Tuesday, November 25, 2008 at 8:38AM |

According to Arstechnica and I'll quote:

[ad#ad2-left]Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn't the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update. If you haven't updated your system just yet you should. This troublesome fake virus seems to have been killed from several systems. This could effectively make it harder for these guys who ever designed this program to make money. I hope microsoft does even more virus removals in next month. If you still want to try to get rid of these viruses don't forget to check out my tips on Virus removal.

Post a Comment | in

Advanced,

App,

Arstechnica,

Bot,

Data,

EA,

Fake,

FakeSecSen,

GE,

GUI,

IDE,

MACHINE,

Mac,

Micro,

Microsoft,

Name,

Preventer,

R Us,

Release,

Spy,

The,

Tips,

Tool,

US,

Ultimate,

Ultra,

Updated,

Use,

Via,

WIndows,

Warnings,

Win,

Windows,

Windows Vista,

XP,

XPert,

antivirus,

antivirus tool,

center,

com,

date,

dep,

effect,

end,

fun,

lt,

money,

month,

more virus,

number,

power,

quote,

removal tool,

tech,

tip,

trouble,

ua,

user,

war,

wind

Friday

Nov212008

Youtube gets ready to Launch "LIVE Event!!" 5pm PST/8pm EST

Author:

Paul Sylvester | Date:

Friday, November 21, 2008 at 8:40PM |