Paul Know's Tech

Entries in process (10)

Thursday

Feb192009

PolyMorphic Win32:Vitro Most Viraulent Virus

Author:

Paul Sylvester | Date:

Thursday, February 19, 2009 at 5:09AM |

Permalink

This seems to be an virus that is getting some people hit hard. I wanted to blog about this because of the nature of Virus and Trojans. I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies. I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it. It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don't trust or know anything about. You also should know that if you need a "SPECIAL" codec, you should just go on to another site. These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

[via Avast Forums]

After you get this very bad Virus you are done for. You would need to install the Operating system from backups or even start a new. This seems to be building this week and there isn't much you can do once your infected. I do recommend a good Anti-virus and Firewall but that wouldn't fix the problem right now. You will need to pull your backups out and start the process. I suggest a complete wipe and then do the Restoring the backups. This little virus likes to infect any .EXE it can so just restoring the Windows Directory will not help. Remember only you can prevent from getting infected.

2 Comments | in

2009,

ATI,

Anti-Virus,

Avast,

Avg,

Back,

Back up,

Bad,

CES,

Call,

Codec,

Down,

EA,

Event,

Facebook,

Firewall,

HP,

Html,

IDE,

Inc,

LAN,

Make,

Movies,

NIN,

Online Movies,

Open,

Operating system,

Player,

Spam,

Tech-linkblog,

Tor,

UPS,

Update,

Virus,

Vista,

WIndows,

Will,

Window,

Windows Vista,

adobe flash,

adobe flash player,

anti virus protection,

anything,

backups,

building,

com,

dll,

download,

exe,

executable files,

guess,

href,

mean,

reason,

right,

risk,

running processes,

time,

viruses,

vitro,

way,

win32,

windows directory

Monday

Dec152008

Removing Win32/Bagle.HE worm

Author:

Paul Sylvester | Date:

Monday, December 15, 2008 at 8:23AM |

Permalink

Here is another virus that seems to be spreading lately. From the looks of it, it sees to be another email worm. Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

[ad#ad2-right]Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

Documents and Settings\All Users\Application Data\hidn\
hldrrr.exe

Documents and Settings\All Users\Application Data\hidn\
hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

[ad#ad2-left]It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

[via 411 on PC Security]

According to this site you can remove it by doing some steps. I think Kaspersky has an easier way to remove it and it looks like most anti-virus software will remove this. You need to remember that only you can prevent this from the future. You should also update your windows update and make sure your system is up to date.

15 Comments | in

411,

Bagle,

Data,

Email,

HKEY,

Run,

Show,

Tooso,

Trojan,

Uncategorized,

Virus,

Win,

danger,

date,

documents and settings,

download,

drv,

e mail,

eset,

future,

gen,

hidn,

hldrrr,

mcafee,

order,

popup,

site,

size,

threat,

user,

way,

worm

Saturday

Dec132008

Figuring out the Email-Worm Win32.Zafi.b

Author:

Paul Sylvester | Date:

Saturday, December 13, 2008 at 10:28AM |

Permalink

This is another just I just saw on the web and wanted to talk about what this little Worm does and what it's known Aliases:

Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)

[ad#ad2-left]This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.

This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe

It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.

[ad#ad2-right]It also attempts to conduct DoS attacks on the following sites:

www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu

This seems to be a very big virus and can be removed with the use of Kapersky Virus removal tool for free for this type of virus. In order to prevent this virus in the future the user has to remember about not getting opening unknown documents or emails and not running any unkown program from an unknown file sharing. Also remember you need to have an anti-virus and also a firewall to protect yourself in the future.

Post a Comment | in

ALWIL,

Aliases,

Anti-virus,

BEDV,

Computer,

DOS,

Erkez,

FSG,

Hazafi,

I-Worm,

Internet,

Jammer,

Kapersky,

Kaspersky,

Lab,

Micro,

SOFTWIN,

Symantec,

Trend,

Use,

Virus,

Vista,

Win,

Zafi,

clamav,

copy,

doctor web,

dos attacks,

exe,

form,

h bedv,

mcafee,

panda,

sophos,

thing,

type,

worm,

www,

zafi b worm

Thursday

Dec112008

CBS Confirms the Axe of Layoffs for CNET

Author:

Paul Sylvester | Date:

Thursday, December 11, 2008 at 4:02PM |

Permalink

CBS throws the gauntlet and says in a statement :

CBS Interactive continues its integration process, which now calls for the further combination of several portions of the division into unified groups oriented around similar content. This important move allows us to better align our premium content for our audiences and our advertisers, and also results in reduction in certain areas that are now duplicated in the new organization structure. We believe these moves are necessary to continue building CBS Interactive into the most creative, most efficient, most profitable and fastest growing Internet company in the media business.”

[ad#ad2-right]Now I can Only guess as to what they will re-organized but if it is anything like Jeff Gerstmann and how we heard people might resign over that little fiasco. I'd give the likely hood of several people from Gamespot and Probably even more people from C-NET. I don't know who they will lay off but I do know they are going to re-organization. You will probably have to pay for content from them in one way or the other. This is somewhat not un-expected due to the Economic Stress we are currently in and Probably will be for some time.

If I hear what happens I'll will update my post and all. If you want to check out the other lay offs in the technology industry please feel free and click here. I am sure to have more in the coming months. Time is the only constant and will always be moving forward.

Post a Comment | in

Axe,

C-NET,

CBS,

CNET,

Stress,

fiasco,

hood,

layoff,

move,

organization structure,

way

Wednesday

Dec032008

Is this Hardcore PC Falcon Northwest Mach V Extreme or not?

Author:

Paul Sylvester | Date:

Wednesday, December 3, 2008 at 9:29AM |

Permalink

[ad#ad2-right]Just saw this on PcWorld Reviews and thought I'd talk about the specs. I would love to get one of these for my self. It comes with:

Silverstone Temjin TJ03 full tower case

Intel Core i7 965 Extreme processor -- Overclocked to 3.8 GHZ

12GB of DDR3-1066

7200-rpm Hitachi Deskstar 7K1000 hard drive

dual 2GB ATI Radeon HD 4870 X2 graphics

22-inch Samsung 2243 LCD

All these are links are for those who would like to make this computer yourself. The links are where you could go to buy the parts. The price after you buy the parts are estimated at $7395 price and I think you could get that down to 5000$ if you look for rebates and other incentives. I wouldn't mind having this computer for gaming myself. It sure would be nice to give for someone on the holidays. This would be good for people wh o are looking to computer game developers or people who are into 3D rendering. Just though I share this little review with you. They really did a fantastic review of this product on there site.

Post a Comment | in

ATI,

Arts,

Clock,

Computer,

Core,

DDR,

Down,

EST,

Falcon V,

Full,

GE,

GHZ,

Game,

Gaming,

Good,

Graphics,

HD,

Hardcore,

Hitachi,

IE,

Inc,

Inch,

Intel,

Links,

Make,

Other,

Part,

PcWorld,

RPM,

Radeon,

Real,

Review,

Reviews,

Samsung,

Someone,

The,

Tor,

US,

ad2,

buy,

com,

computer game developers,

ddr3,

desk,

full tower case,

hard drive,

hitachi deskstar 7k1000,

people,

price,

process,

product,

reactor,

rebate,

right,

self,

share,

site,

talk,

temjin,

tower,

ua,

world,

Friday

Nov142008

Looks like a scam to me : Personal Shopping Assistant!

Author:

Paul Sylvester | Date:

Friday, November 14, 2008 at 5:30PM |

Permalink

[ad#ad2-left]

Good afternoon!

We found your resume at _________________ and we would like to propose you a
position of Personal Shopping Assistant.

Imagine having an exciting job with incredible salary (up to $100,000/year) that
lets you use your creativity while being paid to shop. Welcome to the world of
personal shopping!

As we know shopping is the world's favorite leisure activity, but in our busy
society an increasing number of people need to hire someone to do their
shopping. Thus personal shoppers are more in demand than ever before.

There are absolutely NO START-UP FEES and NO FEES for being employed at this
position. As long as you live in the USA, and you have a credit card or any
other line of credit, have 1 or 2 free hours during the day – you are eligible
for this job!

[ad#ad2-right]This is what you will have to do in short:
• Purchase the requested goods using your credit card.
• Send us receipts.
• Wait for us to issue a credit to your credit card in the amount of purchase
plus shipping fee plus your commission which comprises 10%.
• Ship out the goods.
• You are finished, come back for a new list of goods.

If you are interested in Personal Shopping Assistant position please fill in the
form below and send it to: Open2usa.job.dep@gmail.com
Our manager will contact you within two working days.

------------------------------------------------FORM-------------------------------------
Full name ______________________
Residence country _____________________
Age _____________________
Contact phone ______________________
Availability time _______________________
------------------------------------------------FORM-------------------------------------

This letter confirms your resume has been duly processed and your skills
completely meet our requirements for Personal Shopping Assistant Vacancy.

Thank You,
John Walker

[ad#ad2-left-1]I wanted to bring this up because of two things that I saw first off that made this look like a scam. One is they want to "CREDIT" your credit card and two they use a GMAIL account. I am going to say this is looking more and more like a scam. If anyone else has any other ideas about this just leave your comment. I don't see how this can be real. I am thinking once they have your credit card information, they'll start using it.

7 Comments | in

ATI,

Account,

Age,

Assistant,

Back,

Builder,

Cam,

Career,

Careerbuilder,

Commission,

EA,

Fees,

Free,

Full,

Gmail,

IDE,

Job,

John Walker I,

Live,

Name,

Open,

Personal,

Real,

Red,

Ship,

Spam,

The,

Thinking,

US,

USA,

Use,

Will,

amount,

com,

credit,

day,

demand,

dep,

first,

form,

going,

list,

look,

man,

manager,

mission,

need,

number,

phone,

quest,

resume,

salary,

scam,

shipping fee,

society,

start,

thing,

time,

try,

vacancy,

while,

work,

world,

year

Monday

Nov032008

Alien Ware Extreme Gaming Notebook M17 17 Inch

Author:

Paul Sylvester | Date:

Monday, November 3, 2008 at 10:38AM |

Permalink

Looks like they are out of stock on this Laptop but they do have Alienware M17x-2857DSB 17-Inch Laptop (Black) which looks to be an upgraded version of this one!!!

Windows Vista® Home Premium (32- and 64-bit)(default)

Windows Vista® Ultimate (32- and 64-bit)

Intel® Core™2 Duo Or Quad and Extreme Processors (12MB Cache, 1066MHz FSB)
Intel® PM45 + ICH9M-E Chipset up to 4 GB
ATI Mobility Radeon™ HD 3870 (Also Comes with CrossfireX Enabled)

Dual Harddrive In Raid 0 Config or you can have a single hard drive
1. 5400 RPM – Up to 1TB (2 x 500GB)
1. 7200 RPM – Up to 640GB (2 x 320GB)

So I saw this and had to tell people this is a sweet laptop for people who like to go and play games in a large group. You would be able to play for hours on end, all you would need is an power cord. I would love one of these to try out. If you want to go check it out or buy it. Here's the Alienware M17x-2857DSB 17-Inch Laptop (Black).

Find Other Alienware Products

3 Comments | in

500GB,

ATI,

Alienware,

Book,

Core,

CrossfireX,

Duo,

Enabled,

Gaming,

HD,

Inc,

Inch,

Intel,

Laptop,

Mobi,

RPM,

Radeon,

Raid,

Review,

The,

Win,

bit,

cache,

chip,

click,

com,

config,

default,

end,

extreme gaming,

fault,

fsb,

games,

home,

link,

lt,

need,

power,

right,

set,

site,

try,

wind,

windows vista home premium

Saturday

Oct252008

Toshiba Rolls out the Mobile Gaming Laptop!

Author:

Paul Sylvester | Date:

Saturday, October 25, 2008 at 1:09PM |

Permalink

[ad]

o Genuine Windows Vista Ultimate (SP1, 64-bit7 version) (default)
o Genuine Windows Vista Home Premium (SP1, 32-bit version)
* Intel Core 2 Extreme Processor1 QX9300* 4096MB PC38500 DDR3 1066MHz SDRAM3
* 128GB Serial ATA SSD3
* 320GB (7200 RPM) Serial ATA HDD3
* DVD SuperMulti (+/- double layer) with Labelflash drive
* NVIDIA GeForce 9800M GTS graphics with NVIDIA SLI technology 512MBx2, GDDR3 discrete graphics memory
* Atheros 802.11 b/g/n wireless-LAN

This looking so sweet, to get the full picture check out the Toshiba Gaming website : Qosmio: X305 Let me know if anyone wants to buy me one!! ;) I wouldn't mind one these myself!!

Post a Comment | in

Atheros,

DDR,

DVD,

Flash,

Gaming,

Intel,

LAN,

Labelflash,

Laptop,

Lay,

M GTS,

Mobile,

Processor,

Qosimo,

Qosmio,

RPM,

SLI,

SSD,

TOS,

The,

Win,

anyone,

bit,

check,

fault,

games,

home,

label,

layer,

look,

mind,

nvidia,

picture,

process,

sager,

site,

spielegrotte.de,

tiger direct,

vostro a90,

wind,

x305

Wednesday

Oct222008

Mahalo Lay's off around 10% of it's workforce!!

Author:

Paul Sylvester | Date:

Wednesday, October 22, 2008 at 8:56PM |

Permalink

[ad#ad2-left]In an email he sent to the readers of his publication, Jason Calicanis talks about having to lay off around 10% of people from Mahalo. Here's the quote:

We've laid off a just under 10% of our full-time staff, cut our overhead by doing smart things like renting desks (we have six desks/offices available fyi), and reorganized our editorial department to focus on freelance positions over in-house editors. The net result
of the effort is we are giving Mahalo another year of "dry powder" (or runway) to complete our mission.

This is not to be unexpected after all the talk about the recession coming our way. It does however emphasizes the need for companies to consider there profit margins and accounting strategy.

Mahalo was launched in May 2007 as an Alpha test. That is to say only a select number of people were able to access the site and create feedback to the development of the site. As of January of 2008 it is in what we call the Beta test phase. Which means more people are testing it out and find out it's flaws to report back about where they need to improve. Mahalo's directory employs human editors to review websites and search engine results.

[ad#ad2-right]Saying that Mahalo is in Beta still doesn't lessen the fact that they are worried about there revenue model and expect a drastic decrease in revenue over the next 2 years due to the Recession still hanging over our heads. This is where it comes to pure talent and understanding that most people in the business has to worry being laid off for example Merck Laid off 13% of it's workforce. Most people know the dread and fear of having the possibility of a Layoff hanging over your head and it is bound to affect even the most stubborn person and independent person. It is going to come at a time like Christmas or the first a year and you will have to scrounge around and try to find another job. It's tough and I've got a list that will help you :5 ways to improve your chance of getting hired.

With this list you will be able to get a better grip of the future and maybe create a better future in the process.

Mahalo is still in it's infancy and will still need time to grow and mature and with this recession looming over everyone's head they will have quite a time making heads or tails of the future. So why try to create the future if you don't know what will happen? That comes with the territory of blogging and website that are 2.0. It's a hit or miss when it comes to people finding the best content and sometimes finds the worst content. This is where you as a reader have to choice what to listen to and who to listen too. I don't say that will be easy but it is essential in finding what you need at the time you need it.

If we don't do anything, this will be the last you will see of some of these big name sites. We need to gather around them and show our support, by reading there content and providing feedback if there is something that needs to be change. That is your power to help these websites become the best they can. So go comment on your favorite website, tell them something you think they can do to better the content. So why aren't you doing that now?

Post a Comment | in

Alpha,

Beta,

Call,

Halo,

LAN,

Launch,

Mahalo,

Office,

Other,

Part,

Review,

Tor,

effort,

engine,

fact,

first,

future,

fyi,

house,

list,

mission,

model,

need,

number,

person,

phase,

powder,

quote,

rep,

result,

revenue,

runway,

search,

something,

strategy,

support,

talent,

test,

time,

way,

workforce,

year

Friday

Oct172008

Little Big Planet Delayed Due to offending phrases.

Author:

Paul Sylvester | Date:

Friday, October 17, 2008 at 3:34PM |

Permalink

Just off the presses folks, "Little Big Planet" has been delayed. Here's what Sony is saying:

"During the review process prior to the release of LittleBigPlanet, it has been brought to our attention that one of the background music tracks licensed from a record label for use in the game contains two expressions that can be found in the Qur'an.

"We have taken immediate action to rectify this and we sincerely apologize for any offense that this may have caused. We'll confirm the new launch date shortly."

[via dot.life]

[ad]

So here I am as a gamer waiting to see all this and they have to stop it due to so called "offending phrases", I would like to know what they were.

I am going to take a guess that it will be a short delay they have to get all the product they shipped and ship new ones to the stores. It will create a big deal in the US due to all the new releases that are coming out just before Christmas so I would have to think around December if they are lucky.

Are you mad about this? Were you going to buy this game for a christmas gift?