Wednesday, October 10, 2007

Latest spyware threats XP antivirus

Here is a list of the latest spyware threat.
XP ANTIVIRUS-ROGUE SPYWARE ACTING AS A ANTI SPYWARE AGENT WHEN INDEED this prgram is spyware.

Messenger Blocker
Messenger Blocker is another example of rogue security software violating multiple criteria on the CA AntiSpyware Scorecard. First, it gives inflated, erroneous results to scare the user into buying a worthless product, not help the user. Second, it disables TaskManager so the user cannot stop it from running. Far from security software.

webspyshield
The product claims to be a security product. Installs itself without notice to user. Installs a toolbar without user consent. Also scan result gives large number of false positives even when installed on uninfected machine, which may scare and induce a user to buy the product.

Use the free tools on this site for spyware removal..

Tuesday, October 9, 2007

Your total arsenal in the war against spyware

Okay we have talked about spyware removers,hijakthis logs and other trusted spyware removal tools.But one important element of the war against spyware is a good firewall.If you are surfing the internet right now and you are not using a firewall-I can promise you have spyware malware or spyware trojans lurking on your computer.A good firewall protect your by locking out the unwanted spyware rogue programs out of your system.Just think of the doors and windows in your house.You keep those doors and windows locked most of the time for safety.Your computer has 100's of doors and windows
that a hacker can use to gain access if you dont keep them locked.They scan your computer to find out what doors and windows are open.These doors and windows are called ports.Each port has a uniqe number example TCP port 80 or UDP port 110.Some doors and windows are used so that we may surf the internet,send email,use ftp etc.Other doors and windows are used by hackers to gain access to your system.We will post a list of known ports-or doors used by the hackers later,but for know make sure you have a good firewall running on your system-the most important tool in the war against spyware.

Here is the Firewall we recommend.
ofcourse its free.


peer gurdian firewall

http://phoenixlabs.org/pg2/

Monday, October 8, 2007

Tool for scanning your computer for spyware

HijackThis scans areas of your registry and hard drive and returns a log of items which it detects. As this tool is recommended for advanced users only, we recommend you run a scan and then post your log file on a support forum, where someone will be able to suggest which entries to remove.

Here is a link for a great support forum to post your hijack this log..
SPYBOT forum SD




http://forums.spybot.info/index.php

Spybot SD latest spyware threats found

MailSkinner.rtk
A new false positive spyware discovered by Spybot SD.
Here is the link to download Spybot SD-One of the best anti spyware removers on the internet..

Here is the link.
SPYBOT SD

Thursday, October 4, 2007

The best safe free spyware malware trojan virus removers on the internet

Spyware removers best of the best on the net.
Lets start out talking about my favorite free spyware remover of all time
SPYBOT SD.This one of the best alltime spyware removers known to man,and incredibly its free.
Here is the link.
SPYBOT SD

Enjoy..
Send me a beer later!!
Tuffy
intergrated@cox.net

Tuesday, October 2, 2007

Removal tool for the Netsky W32/Netsky-B, W32/Netsky-C, W32/Netsky-E, W32/Netsky-F, W32/Netsky-G, W32/Netsky-H, W32

Here is a awesome link to instructions on the nasty Netsky trojans and viruses..

Netsky removal tools for all netsky variants

Understanding the W32 Netsky Q Worm

This section helps you to understand how it behaves


W32/Netsky-Q is a mass-mailing worm which spreads by emailing itself to
addresses harvested from files on local drives.

W32/Netsky-Q harvests email addresses from files with the following extensions:

EML, TXT, PHP, ASP, WAB, DOC, SHT, OFT, MSG, VBS,
RTF, UIN, SHTM, CGI, DHTM, ADB, TBB, DBX, PL, HTM,
HTML, JSP, WSH, XML, CFG, MBX, MDX, MHT, NMF, NCH,
ODS, STM, XLS, PPT

W32/Netsky-Q will not harvest addresses containing the following strings:

@microsof
@antivi
@symantex
@spam
@avp
@f-secur
@bitdefender
@norman
@mcaffee
@kaspersky
@f-pro
@norton
@fbi
abuse@
@messagel
@skynet
@pandasof
@freeav
@sophos
ntivir
@viruslis
noreply@
spam@
reports@

W32/Netsky-Q will attempt to mass-mail itself to the harvested addresses on
31st March, 5th April, 12th April, 19th April and 26th April 2004. The worm
tries to send itself in two seperate emails to each of the addresses, one in
plain text and the other in MIME. The subject lines, message texts and
attachment filenames are randomly chosen from the following possibilities:

Subject lines, followed by the harvested name in parantheses:

Delivery Error
Delivery Failure
Delivery
Mail Delivery failure
Mail Delivery System
Mail System
Delivery
Delivery Message
Error
Status
Failure
Failed
Unknown Exception
Delivery Failed
Deliver Mail
Server Error
Delivery Bot

Message text part 1, followed by "------------- failed message ----------"
(this section can be repeated multiple times):

Mail Delivery - This mail couldn't be displayed
Mail Delivery Failure - This mail couldn't be represented
Mail Delivery Error - This mail contains unicode characters
Mail Transaction Failed - This mail couldn't be converted
Mail Delivery System - This mail contains binary characters
Mail Delivery Failure - This mail couldn't be shown
Delivery Failure - Invalid mail specification
Delivery Agent - Translation failed

Message text part 2:

The message has been sent as a binary attachment
Partial message is available and has been sent as a binary attachment
Received message has been attached
Message has been sent as a binary attachment
Translated message has been attached
Received message has been sent as an encoded attachment
Modified message has been sent as a binary attachment
Note: Received message has been sent as a binary file

Attached filename, followed by a random number and either .PIF or .ZIP
(W32/Netsky-Q can send itself zipped or unzipped):

message
msg
mail
data

If sent as a zipped file, the worm will have one of the following filenames
inside the zip, followed by a large number of spaces and then a .SCR extension:

message.eml
msg.eml
mail.eml
data.eml

In the MIME email W32/Netsky-Q can attempt to use an IFRAME exploit in order to
execute the attachment even if the receiver chooses not to execute it.

W32/Netsky-Q drops itself to the following files in the Windows folder with
in a Base64 encoded form, ready to mass-mail itself:

base64.tmp
zippedbase64.tmp
zipo0.txt
zipo1.txt
zipo2.txt
zipo3.txt

W32/Netsky-Q will attempt to launch a Denial Of Service attack on the following
websites between the 8th and 11th April 2004:

www.cracks.st
www.cracks.am
www.emule-project.net
www.kazaa.com
www.edonkey2000.com

All day on the 30th March 2004 W32/Netsky-Q will cause infected machines to
emit intermit beeps of random pitch and duration.

W32/Netsky-Q contains the following encrypted message:

"We are the only SkyNet, we don't have any criminal inspirations. Due to many
reports, we do not have any backdoors included for spam relaying. and we aren't
children. Due to this, many reports are wrong. We don't use any virus creation
toolkits, only the higher language Microsoft Visual C++ 6.0. We want to prevent
hacking, sharing with illegal stuff and similar illegal content. Hey, big firms
only want to make a lot of money. That is what we don't prefer. We want to
solve and avoid it. Note: Users do not need a new av-upgrade, they need a
better education! We will envelope... - Best regeards, the SkyNet Antivirus
Team, Russia 05:11 P.M"

Recovery
Summary Description Recovery Advanced
This section tells you how to remove the threat.
Please read the instructions for removing W32/Netsky-Q.

Advanced
Summary Description Recovery Advanced
This section is for technical experts who want to know more.
W32/Netsky-Q is a mass-mailing worm which spreads by emailing itself to
addresses harvested from files on local drives.

The worm copies itself to the Windows folder as SysMonXP.exe, as well as
dropping a DLL file to the Windows folder as firewalllogger.txt. The worm then
sets the following registry entry so as to run itself on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysMonXP

The worm tries to delete the following registry entries:

HKR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
HKR\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF
HKR\System\CurrentControlSet\Services\WksPatch4

The worm also attempts to delete a number of other registry entries but due to
a bug in the code it will never succeed. Some of the deleted registry entries
relate to the W32/Bagle family of worms.

If run from a file other than SysMonXP in the Windows folder the worm will
attempt open the file TEMP.EML in notepad in addition to its normal execution.

W32/Netsky-Q harvests email addresses from files with the following extensions:

EML, TXT, PHP, ASP, WAB, DOC, SHT, OFT, MSG, VBS,
RTF, UIN, SHTM, CGI, DHTM, ADB, TBB, DBX, PL, HTM,
HTML, JSP, WSH, XML, CFG, MBX, MDX, MHT, NMF, NCH,
ODS, STM, XLS, PPT

W32/Netsky-Q will not harvest addresses containing the following strings:

@microsof
@antivi
@symantex
@spam
@avp
@f-secur
@bitdefender
@norman
@mcaffee
@kaspersky
@f-pro
@norton
@fbi
abuse@
@messagel
@skynet
@pandasof
@freeav
@sophos
ntivir
@viruslis
noreply@
spam@
reports@

W32/Netsky-Q will attempt to mass-mail itself to the harvested addresses on
31st March, 5th April, 12th April, 19th April and 26th April 2004. The worm
tries to send itself in two seperate emails to each of the addresses, one in
plain text and the other in MIME. The subject lines, message texts and
attachment filenames are randomly chosen from the following possibilities:

Subject lines, followed by the harvested name in parantheses:

Delivery Error
Delivery Failure
Delivery
Mail Delivery failure
Mail Delivery System
Mail System
Delivery
Delivery Message
Error
Status
Failure
Failed
Unknown Exception
Delivery Failed
Deliver Mail
Server Error
Delivery Bot

Message text part 1, followed by "------------- failed message ----------"
(this section can be repeated multiple times):

Mail Delivery - This mail couldn't be displayed
Mail Delivery Failure - This mail couldn't be represented
Mail Delivery Error - This mail contains unicode characters
Mail Transaction Failed - This mail couldn't be converted
Mail Delivery System - This mail contains binary characters
Mail Delivery Failure - This mail couldn't be shown
Delivery Failure - Invalid mail specification
Delivery Agent - Translation failed

Message text part 2:

The message has been sent as a binary attachment
Partial message is available and has been sent as a binary attachment
Received message has been attached
Message has been sent as a binary attachment
Translated message has been attached
Received message has been sent as an encoded attachment
Modified message has been sent as a binary attachment
Note: Received message has been sent as a binary file

Attached filename, followed by a random number and either .PIF or .ZIP
(W32/Netsky-Q can send itself zipped or unzipped):

message
msg
mail
data

If sent as a zipped file, the worm will have one of the following filenames
inside the zip, followed by a large number of spaces and then a .SCR extension:

message.eml
msg.eml
mail.eml
data.eml

In the MIME email W32/Netsky-Q can attempt to use an IFRAME exploit in order to
execute the attachment even if the receiver chooses not to execute it.

W32/Netsky-Q drops itself to the following files in the Windows folder with
in a Base64 encoded form, ready to mass-mail itself:

base64.tmp
zippedbase64.tmp
zipo0.txt
zipo1.txt
zipo2.txt
zipo3.txt

W32/Netsky-Q will attempt to launch a Denial Of Service attack on the following
websites between the 8th and 11th April 2004:

www.cracks.st
www.cracks.am
www.emule-project.net
www.kazaa.com
www.edonkey2000.com

All day on the 30th March 2004 W32/Netsky-Q will cause infected machines to
emit intermit beeps of random pitch and duration.

W32/Netsky-Q contains the following encrypted message:

"We are the only SkyNet, we don't have any criminal inspirations. Due to many
reports, we do not have any backdoors included for spam relaying. and we aren't
children. Due to this, many reports are wrong. We don't use any virus creation
toolkits, only the higher language Microsoft Visual C++ 6.0. We want to prevent
hacking, sharing with illegal stuff and similar illegal content. Hey, big firms
only want to make a lot of money. That is what we don't prefer. We want to
solve and avoid it. Note: Users do not need a new av-upgrade, they need a
better education! We will envelope... - Best regeards, the SkyNet Antivirus
Team, Russia 05:11 P.M"



Link to F-SECURE NETSKY REMOVAL