AntiVirus 2008 Infections Getting Pretty Sneaky

The other day I had a user call me to let me know their PC was getting an error message and that her co-worker had tried to fix it for her but couldn’t. The computer was off when I got there and when it booted up, it went to a blue screen of death with the problem listed as “Panic Stack Switch”, and, although that is an actual error message, it made me believe that it was a fake message, as I had never seen it before and had not searched for any occurrences online. While I was reading the error message though, the user hit her spacebar and the blue screen immediately went away to show me one of those your infected backgrounds that malware, such as Win Antivirus 2008 uses. You can imagine my surprise as the computer should not boot into windows after a blue screen of death, so this was yet another indicator that malware was involved, so I just went about cleaning the machine.

It was infected with the AntiVirus, or Win AntiVirus, XP 2008 malware, and was surprisingly simple to remove, certainly a lot easier than other infections I had dealt with, probably because Spybot and her antivirus software was blocking portions of it. All I had to do was delete the folder the malware was in, I believe it was called rchpcg or something similar, I used the Sysinternals program autoruns to remove any programs that were set to run automatically that shouldn’t, a couple had names something like blphctp9j0ea5.scr or lphctp9j0ea5j.exe or something similar, don’t quote me on those, and I went ahead and removed some of those programs that run in the background just to check to see if their software needs updated, etc, stuff no one really needs running all the time.
Read more…

Be the first to comment - What do you think?  Posted by Jimmy Daniels - August 28, 2008 at 11:08 am

Categories: Antivirus XP 2008, Malicious Websites, Malware, Security, Spyware Info   Tags: , ,

China Censoring Internet Access from the Olympic Games

I just finished reading about China censoring internet access during the Olympic games, those that discuss Tibetan succession, Taiwanese independence, the violent crackdown in Tiananmen Square and the sites of Amnesty International, Radio Free Asia and several Hong Kong newspapers, are already blocked and I am sure more will be added.

“It has been our policy to provide the media with convenient and sufficient access to the Internet,” said Sun Weide, the chief spokesman for the Beijing Olympics organizing committee. “I believe our policy will not affect reporters’ coverage of the Olympic Games.” Source: China to Limit Web Access During Games

If these reporters are tech savvy, it shouldn’t affect them at all. I have three words for them: VPN or virtual private networking. All they need to do is set it up on a server at their worksite and connect to it when they get online and it’s like they never left. They will browse the web, email, etc, just like they were still sitting on their local lan, unfettered.

Of course, if they are blocking VPN, I’ve seen no mention of it in any of the stories from the NY Times, Reuters, or the Guardian, then the point is moot I guess.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 30, 2008 at 5:42 pm

Categories: Security, Tech News   Tags: ,

Cross Site Scripting

Hah, I was just looking at some tools to check for XSS-vulnerabilities, or cross site scripting vulnerabilities and Threat Level posts about one on the site, check out this link to

Be the first to comment - What do you think?  Posted by Jimmy Daniels - April 15, 2008 at 12:10 pm

Categories: Security   Tags:

How to Stay Out of Botnets

Just finished reading this article on USAToday, Botnet scams are exploding, about how much botnets have increased and how they estimate that on a typical day, 40% of the 800 million computers on the internet are in a botnet. That is just ridiculous, but, probably true. Why? People don’t want to have to do anything to make something work, they just want it to work, and while you can buy a car and jump in it and take off, the same cannot be said for computers. With a new computer, you are already in the whole because you need to make sure your anti virus is up to date, make sure your machine has all of the latest patches and get some kind of spyware scanner. But, who wants to do all of that? Most people just jump online and take off, which is a bad, bad thing, unless you have been on the internet for awhile and actually know not to open emails from people you don’t know, etc. While this article on USAToday is good in informing the public about botnets, it does nothing to let you know how to keep them off of your computer.

Two days after actor Heath Ledger died, e-mails began moving across the Internet purportedly carrying a link to a detailed police report divulging “the real reason” behind the actor’s death. Ledger had been summarily drafted into the service of a botnet.

Bots are compromised computers controlled by profit-minded crooks. Those e-mails were spread by a network of thousands of bots, called a botnet. Anyone who clicked on the link got instantly absorbed into the fast-spreading Mega-D botnet, says security firm Marshal. Mega-D enriches its operators, mainly by distributing spam for male-enhancement pills.

Largely unnoticed by the public, botnets have come to inundate the Internet. On a typical day, 40% of the 800 million computers connected to the Internet are bots engaged in distributing e-mail spam, stealing sensitive data typed at banking and shopping websites, bombarding websites as part of extortionist denial-of-service attacks, and spreading fresh infections, says Rick Wesson, CEO of Support Intelligence, a San Francisco-based company that tracks and sells threat data.

The whole article is worth a read for sure, as you get some background info on how botnets work and what some of the current botnet “herders” are doing and how they evade the scanning systems, etc, of the gate keepers, such as your ISP. So, if you are buying a new computer, here is how to get started safely on the internet. I will post an article later and link to it from here for the ones who are already infected or think they might be.

Download all of the latest patches from Windows Update and install them. Make sure to set your computer to download the latest patches and to notify you when they are received. This is how computers end up in botnets, unpatched computers. If their is a hole in your operating system somebody will, or already is, exploiting it somewhere, a patched and up to date computer is your best friend. If you are surfing with an unpatched computer you are just asking for trouble eventually, mark my words.

In Internet Explorer, click on tools, then click on Windows Update. Or, you can go to, it should redirect you to the latest version. If you have other Microsoft products installed, like Microsoft Office, go ahead and click on the Upgrade to Microsoft Update link on the right, and you can get the latest patches automatically for those programs as well. Select and install all of the patches that it brings up and have a seat as this could take awhile.

Windows Update

Next, update the antivirus software you have installed, or install the one you are going to use and then update it, most will have a button that says check for updates when you go into the program. In the screenshot, using Network Associates Virusscan, you can click on Auto Update and the click the green arrow to go at the top. Once that is done, double click auto update and then click on schedule to set it to automatically get the updates everyday. I would set it to check at least once daily, maybe twice, if you leave it on all day. Note: Each program is different, the steps to do this will be in the manual or are probably easily found on their website.

Network Associates Antivirus

Download a spyware/malware scanner, my advice is to get more than one as all of these programs are not the same. Some will catch infections that others will not. If I have missed one that you like or recommend, drop a comment and let me know so I can try it. I will be adding others as I go, this list will probably never be comprehensive, as I am only adding the ones that I have used.

Recommended Programs: Spybot, Search and Destroy This program is free and is highly recommended by about everyone I know. Once you have it installed and setup, make sure you go to the immunize tab and let it run. This will stop many spyware or malware programs from even running.

Adaware – They have a pay version, but they have a free version as well here.

AVG Anti Spyware – This one is free for a month, then you will need to pay for it. It is worth paying for and they probably have a lot more customers because of me. I have caught malware on several machines that most free one’s do not find.

Prevx – They also sell this program, but they have a free pc check here. This is another program that has caught several malware programs for me that the others did not.

Microsoft Oncecare – Microsoft has really done a pretty good job with this program, if you look at the Prevx site listed above, you can see by the graph on the front page that it caught more stuff than a lot of the other programs. This is a pay program as well, but they have a 90 day free trial.

X-Cleaner – Another program you have to pay for, this one is also excellent and frequently updated. The makers of this program have a free online scan here.

Panda Antivirus – This is a 30 day free trial.

Once your spyware scanner is installed, your computer is patched and your anti virus is updated, you should be covered from most things, but there are always ways to get you. Spam is the botnets biggest weapon as they can spam out interesting things to get you to click on them, once clicked, you will be redirected to or through their site, their botnet program is installed, and it may likely forward you to a proper site, and you may not even have noticed what just happened. So, in your email program, set it to read email in plain text format to keep them from being able to do anything to your computer without you even opening an email, or, if you prefer the graphical format, you should get rid of the preview pane so it does not automatically run any programs or display any pictures.

Another suggestion is to use an alternate browser, such as Firefox, that are widely considered as being more secure.

Anyway, that is my little take and something they should’ve added to the article, or published in another article to actually help keep people out of spammers botnets.

Keep your computer clean and it will run better, faster and last a lot longer, guaranteed.

Note: Now all you techies out there are going to say, you can do this, you need to run that, use this operating system, etc. I’m not saying that this is comprehensive at all, but, the absolute minimum you should do is on this page. But I would also recommend not running under and administrator account, turning on your firewall, turning off your computers or your internet access when it is not being used, not opening emails from strangers, not opening strange emails from people you know without asking them what it is, and always pay attention to the websites you are going to online. When you click on a link, if you hold it down, it will show you where you are going, you can slide your mouse off without releasing the button to keep from going there or just letting go of the button to go ahead and visit that website. This article will change as necessary.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 18, 2008 at 6:41 pm

Categories: Botnets, Security, Windows Update   Tags:

Death to Digital Vandals

Here are some interesting videos from Panda Software.

Death to Digital Vandals One.

Death to Digital Vandals Two.

Panda Security.

Panda Software company presentation.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 7, 2008 at 2:14 am

Categories: Security, Spam, Spyware Info, Virus Info   Tags:

CCTV Security Cameras & PC Security Systems

We recently purchased some surveillance cameras where I work, a set of four network cameras, and I wish I would’ve found these wireless cameras that I found on the 123 CCTV website first. We could’ve purchased the same number of wireless, color cameras for half the price of the ones we bought, or we could’ve bought a set of four, dome, color and infrared cameras for a little over half of the price.

They also have a large selection of hidden cameras, like the wireless cigarette cam

wireless cigarette cam

or the clock hidden camera

clock hidden camera

or even one hidden in a working VCR!

VCR hidden camera

This company manufactures some of their own stuff and they resell surveillance cameras from other manufacturers like Sony. They sell PC security systems, interior cameras, exterior cameras, Digital Video (DVR) Systems, and they even have some dummy cameras in case you want the look, but don’t want to spend the money on surveillance equipment.

Specializing in security cameras, systems & surveillance equipment of various types. Has served the Pentagon to the home owner delivering numerous protection systems for varied needs. Hi-tech surveillance equipment to more reasonably priced equipment is sold to both the retail market, as well as to over a thousand Dealers of ours around the world.

Definitely a website to bookmark and check out if you are in the market for security cameras and surveillance equipment. If I can talk them into it, I will try to get one and do a hands on review.

This is a Sponsored Review.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - February 29, 2008 at 4:37 pm

Categories: Hardware, Security   Tags: ,

Google Enabled TV?

Just read a post on Techcrunch that says Google is entering into a deal that will allow users to access Google “content” on their flat screen TV’s.

Japanese manufacturer Matsushita (Panasonic) has signed a deal with Google that will see the company launch flat panel television sets that allow users to access YouTube and other Google services such as Picasa Web Albums. Source: Google Enabled Televisions Coming Soon

Ya, this sounds like a fantastic idea, Youtube “quality” videos and spam on my TV in exchange for them getting to see whatever I watch on TV, as well as the annoying please update your software, or even worse, we just updated your software messages. Then, when Google does finally loose all my info to some hacker, he can see all my buying habits, surfing habits, web surfing habits and all the email I’ve sent using Gmail. Sounds great.

Time to rethink careers here, if every TV ends up with something like this on it, there will bound to be a need to keep older TV’s running…..

Be the first to comment - What do you think?  Posted by Jimmy Daniels - January 8, 2008 at 1:13 pm

Categories: Google, Security, Televisions   Tags:

Security News for December 12, 2007

Here are some Windows security news items, as well as some patch Tuesday information.

From: The Register Hey, HP laptop owners: click here to get hijacked If you use a Hewlett-Packard laptop, chances are a hacker can hijack your machine simply by luring you to a malicious website.

The pwnage comes courtesy of “HP Info Center”, which comes installed on most HP laptops, according to a post made Tuesday to

From: Infoworld DNS attack could signal Phishing 2.0 Only recently have hackers lined up the technology and technique to reap open-recursive DNS servers’ weaknesses. Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.

From: TrendLabs Malware Blog Patch Tuesday, December Edition Just in time for the holidays, Microsoft has released seven (and hopefully last) security bulletins for this year.

From: Microsoft Microsoft Security Bulletin MS07-064 – Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

From: WSJ A Spam-Filled Holiday Season If you’ve been getting a lot of emails offering a deal on a Rolex, here’s why: Spam emails accounted for 72% of all email traffic last month, the highest rate in years.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - December 12, 2007 at 3:23 pm

Categories: Security   Tags:

Google Search Results Poisoned Again

Yesterday I mentioned that some Google search results contained many malicious sites trying to, among other things, install Spy-shredder, a rogue antispyware program. Google removed many of those sites, but according to the Sunbelt Blog, the same group and a new group are now re-poisoning the search results again with fresh .cn domain sites. The new group appears to be trying to get traffic to make money with, using affiliate programs, etc.

Google has removed the sites responsible for the recent massive Google poisoning attack.

However, we’re seeing indications that another attack may be on the way. We have seen another spate of websites freshly registered, using the similar .cn domains. There seem to be two different groups here. Source: HEADS UP: More Google poisoning on the way?

My advice is still good from yesterday, watch for the gibberish domain names, if it doesn’t make sense when you look at it, don’t click on it. They noted that they are not serving any exploits, but this could change very quickly at any time.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - November 30, 2007 at 9:00 pm

Categories: Malicious Websites, Malware, Security   Tags:

Be Careful Searching This Holiday Season

Sunbelt Software, one of the leading developers of security software and hardware, has found large amounts of websites that are there only to stuff malware onto your computer, and these websites are listed high on search terms for search engines like Google, Yahoo and Live. A user whose patches are not up to date that clicks on one of these websites, will be force fed a diet of malware that could cause their machine to just die, or worse, monitor and track everything they do online.

The good news is, if you are fully patched, you shouldn’t have much to worry about, also, if you actually look at the websites you are going to visit before you click them, you can tell if they are good results or not. All of the websites I have seen listed are nonsense name, .cn domain names, etc. Check out this image that I grabbed from the Sunbelt site.

Malware Links

See all of the domain names that are in the highlighted red boxes? Those are the types of domains they are using, as an example,, so don’t click on any of those links, also be careful of the .cn domain names, as they are using many of those. Google has been notified of the problem and have already removed some, but I can still find some of the sites right now, so there is more work to be done.

As the guy from Hill Street Blues used to say, “Hey, lets be careful out there.”

Here are some mentions about this problem on the Sunbelt and other sites.

BREAKING: Massive amounts of malware redirects in searches The original post about this problem from Sunbelt Software, here is a follow up post from them, Malware redirects: The aftermath.

Update: Subverted search sites lead to massive malware attack in progress Trojans, rootkits, password stealers hit users who click on a bad link after a search.

Malware Poisoning Results for Innocent Searches Tens of thousands of malware-serving pages, crafted to reach a high search engine ranking, are showing up in the first page of returns from Google, Yahoo and Live.

1 comment - What do you think?  Posted by Jimmy Daniels - November 28, 2007 at 4:04 pm

Categories: Adware, Malicious Websites, Malware, Security   Tags:

Next Page »