Posts Tagged ‘X-Cleaner’

W32.Kmeth Removal Tool

Seeing quite a few searches on the site for a W32.Kmeth removal tool. X-Cleaner will remove the Kmeth worm. It is one of the best spyware removal tools on the internet, it is updated constantly, and, if for some reason it won’t clean your computer, they will walk you threw removing it manually. The guys who make this software are also the guys who find lots of these malicious programs, so they know exactly what they do and how to remove them. Use Coupon Code: TPS-4NS3-DR and save $7.49 off the normal price of $29.95, for a final price of only $22.46!

Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

This worm downloads and installs itself through javascript code exploiting IE. It will install 2 files to the infected PCs Temp directory and run them. It can then distribute itself through Yahoo’s Instant Messenging program whether the user knows it or not. It manipulates the status message in Yahoo’s IM which leads to an infection link. Source:

Remember to Use Coupon Code: TPS-4NS3-DR and get it for only $22.46!

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 6, 2006 at 8:42 pm

Categories: How To, Spyware Info   Tags: , ,

Pipeline Worm Floods AIM with Botnet Drones

For removal, X-Cleaner.

A new worm is crawling through AIM – using a sophisticated network of “chain” installs, the bad guys can start the process of infection with any of the files and still hit you with the rest. Or they can target you with a certain selection of files depending on what they want you to do as part of their Botnet. Its like a 10-hit Tekken combo, one that you are on the receiving end. Start with an innocent message like, “hey would it be ok if i upload this picture of you to my blog?”, which, upon clicking, starts you off be plabing you in their botnet where they can pretty much do whatever they want to with you.

They can get you many different ways, but here are three they detailed on their blog, all which start with the downloading of the file (disguised as a jpeg). Running the file results in csts.exe being created in your system32 Folder:

1) Running the file results in csts.exe being created in your system32 Folder. At this point, you may well be part of a Botnet (though not in all cases) and the infection has the potential to call down new files onto your PC, which are randomly selected from the numerous files waiting in “storage” that have been spread around the Net.

2) The infection has the potential to call numerous other files, such as files with fixed, unchanging names and randomly named executables which are constantly being updated. Depending on what files you end up with, the infection may create an unwanted service named RPCDB, opens up smtp port 25 (mail) and attempts to connect to a file upload site. In addition, some files attempt to exploit ADS (alternate data streams).

3) The infection has the potential to call numerous other files, such as d227_seven2.exe and randomly named executables which are constantly being updated. Depending on what files you end up with, the infection may create an unwanted service named RPCDB, opens up smtp port 25 (mail) and attempts to connect to a file upload site. In addition, some files attempt to exploit ADS (alternate data streams). You will also potentially end up with a Rootkit on your PC as a result of this particular scenario.

At this point, the infected PC is a Botnet drone and can be commanded to send new infection messages via AIM such as:

“hey is it alright if i put this picture of you on my egallery album? “, which will download the file (again, disguised as a jpeg).

At this point, the cycle begins again and they can look to infect fresh victims with this exploit.

X-Cleaner will remove w32.pipeline from your computer.

read more | digg story

I also blogged about this at

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 18, 2006 at 12:15 pm

Categories: Botnets, Security, Spyware Info   Tags: , ,

Internet Security Threat Report and How to Avoid Most Threats

Symantec has released the latest copy of their Internet Security Threat Report, and, not surprisingly, the nature of the threats are becoming more economical in nature. As more and more criminal activity moves to the web, it will just keep getting worse and worse, it’s too easy for people to take advantage of other people in today’s internet, I can make a fake email right now for paypal and spam it around the internet and probably have people’s login details the first day, and I’ve never, ever done anything like that before, that’s how easy it is. It’s way to easy to fashion a piece of spyware as well, distribute it through security holes and other bad websites across the web and be knocking down great money in no time.

The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, and future trends. The latest report, released March 7, is now available.

This volume of the Internet Security Threat Report offers an overview of threat activity that took place between July 1 and December 31, 2005. In this edition, the new threat landscape is shown to be increasingly dominated by attacks and malicious code that are used to commit cyber crime, criminal acts that incorporate a computer or Internet component. Attackers have moved away from large, multipurpose attacks on network perimeters and toward smaller, more focused attacks on client-side targets.

The threat landscape is coming to be dominated by emerging threats such as bot networks and customizable modular malicious code. Targeted attacks on Web applications and Web browsers are increasingly becoming the focal point for cyber criminals. Whereas traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are motivated by profit. They often attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud, for financial gain.

Over the last six months of 2005, Symantec detected an average of 1,402 Denial of Service (DoS) attacks per day. This is an increase of 51 percent from the first half of 2005, when Symantec detected an average of 927 DoS attacks per day. Source: Symantec.

I wish I could teach everyone how to use the internet in one big session, but I’ll try to do as many here as I can.

1) Never, ever click on any links in your emails, like the ones you get from eBay and paypal, etc, always type it in the address bar in internet explorer or fire fox, or whatever browser you are using. It’s way to easy to make a fake email that looks like it came from paypal, you click on a link and try to login to a website that looks like paypal, and they have your paypal info right then and can start spending your money immediately.

2) You can see exactly where a link goes on any webpage, all you have to do is hold down the mouse button when you click on a link, and you can see where the link goes in the bottom of internet explorer, if you want to go there, simply release the button, if you don’t, keep the button held down and slide your mouse away from the link, and it will not cause the click to happen.

3) Nothing is free on the internet, it will cost you in some way. Most, not all, but most, free screensaver sites load some form of adware or spyware if it doesn’t cost you anything to purchase it. A lot of game sites, and celebrity sites will do the same thing, as they have to pay for all the bandwidth they are using.

4) When installing software, there is always a license agreement, read it. I know, I know, no one reads these things, but at least scan through them as they are supposed to list in it if they install any other software.

5) Do NOT forward anything that says forward to everyone or ten people or whatever. None of it works, none of it is true, it’s sole reason for existing is to waste bandwidth, and that is exactly what happens when you forward this latest email to everyone you know.

6) When posting on forums or wherever, do a search while you are there first, if it is a common question, the answers will already be there and no one will be calling you noob or newbie and telling you to search for the answer first.

7) Don’t believe everything you read, even the big news sites get things wrong some days, although they are usually the most trustworthy, just like this site. ;)

8) If you like a site, support it by buying stuff through their links, or donating if they have a donate button. It does cost money to run a website, and the more popular it is, the more expensive it is.

9) Always have an anti virus program and an anti spyware program, the ones I like are Panda for anti virus, that link is for their free online scan, and X-Cleaner for anti spyware.

10) If you use a peer to peer network to get music, movies, whatever, you will end up with loads of spyware and you may get caught and possibly fined by the RIAA, or whoever is trying to stop the file sharing now. You have been warned.

Of course, these are for newbie?s and non technical people, if you know anything about computers, then you probably already know these.

Symantec’s latest Internet Security Threat Report, to be issued on March 7, 2006, analyzes data collected from over 24,000 security devices deployed in over 180 countries. It covers the six-month period from July 1 ? December 31, 2005 and includes analysis of network-based attacks, a review of known vulnerabilities, highlights of Adware, Spyware, and malicious code, an analysis of Spam and Phishing data and a forward looking analysis in Future Watch.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 9, 2006 at 12:10 pm

Categories: Reviews, Spyware Info, Tech News, Virus Info   Tags: , , , , , , ,

Windows Defender Beta 2 Review

Suzi Turner, of fame, had said she would do a review of Windows Defender Beta 2, and she’s finally gotten around to it. I myself plan on reviewing it, but it’s little league baseball time and I have been very busy in the evenings. I may end up waiting until my son get’s his machine all infected again.

As promised a few days ago, I finally got a virtual machine upgraded to Service Pack 2 for testing Windows Defender Beta 2. For the sake of convenience, I’ll refer to it as WD for most of this post. When I wrote about WD previously, I mentioned the review at where WD was tested against 6 keyloggers, which is not a particularly valuable test in my opinion.

The tests were done on a virtual machine with Windows XP with SP2, fully patched, running in VMware Workstation 5.5.1. Testing consisted of two parts. For the first test, I had WD running with all components of real-time protection turned on. I surfed to Claria’s website and downloaded two Claria apps, GotSmiley and a screensaver. When I downloaded the apps, Windows Defender presented an alert and asked whether or not to remove, get more information or ignore. I chose ignore and allowed the installation. After installation, I did the full scan and WD detected both apps correctly and asked me to select an action.

In the second test, I went to a website known to spyware researchers as a consistently reliable source of spyware. Immediately prior to going to the site, I ran InCtrl5 in order to track changes to the system. I turned off WD’s real-time protection for this test so I could test scan and removal capabilities. I had to restart the test twice because the vm quickly became so infested it froze. On the third try, after about 5 minutes on the site, I disconnected NAT, killing the internet connection for the vm, so I didn’t lose control of the machine. Before running any scans I ran InCtrl5 again. In less than 6 minutes, the spyware had added 230 registry keys, deleted 32 keys, added 386 values, deleted 82 values, changed 46 values, added 16 folders, and added 389 files. I ended up with the following:

CmdServices, also known as Command
NetMon aka Network Monitor
Paytime.exe, related to CoolWebSearch
AvenueMedia/Internet Optimizer also known as DyFuCa
CAS-Client (ConsumerAlertSystem)
TagASaurus, aka enbrowser
drsmartload1.exe aka Troj/Drsmartl-N
MoneyTree Dialer
Service: Windows Overlay Components – file name C:\WINDOWS\tihotdj.exe, aka Trojan.Adclicker
My homepage was changed to c:\secure32.html

Click here to read the results, they are very interesting as it includes some info about the major free anti spyware programs. I just wish she would’ve included X-Cleaner in it as well, as it is one of the best programs, in my personal opinion. Suzi posted an article about the review here, but that just links to the zdnet post, the main reason to click there is to read everything else, loads and loads of spyware info, including research and info on our favorite spyware app, 180solutions.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 8, 2006 at 2:34 pm

Categories: Reviews, Spyware Info   Tags: , , ,

Rating the Google Pack

Download the Google Pack free.

On his Winsupersite, Paul Thurrott has reviewed the new Google Pack. I myself have not even had a chance to look at it, so I can offer no opinion other than I really like Picasa and hate Norton Antivirus, never did like Norton’s, their utilities were okay, until you found their competition, hehe, never did like Realplayer either, I’ve always favored Windows Media Player to it. Ofcourse I have and still use Adaware, nowadays you have to have more than one antispyware program, although X-Cleaner is by far the best. Here is part of his review, which you can read here.

Google Pack is indeed a collection of free software. Whether it’s useful or improves the online experience is, I suppose, up to the individual. From what I can see, Google Pack is decidedly mixed. And if you’re interested in installing this package, you’re going to want to choose which applications you install quite carefully.

The problems are legion. First, few users will want all of the applications Google is offering here. And though some of the applications are quite good, most of them spew system tray, Quick Launch, and desktop icons all over your system, and silently pad your PC with additional tasks to run at boot-up, slowing the boot process and taking up valuable resources. The effect is similar to that you get when you purchase new PC from a company such as HP: There are unwanted and unnecessary programs strewn all over the system, and you can spend hours removing them all. In some ways, that’s the worst part about getting a new PC, isn’t it?

And though Google goes to great pains to tout how each application in Google Pack is free, it’s worth noting that many of these applications feature annoying upgrade advertisements aimed at getting you to purchase the full versions. They’re limited in other ways too, as I’ll describe below. But most problematic, many of these applications aren’t even up-to-date. For example, the free version of Norton Antivirus includes virus definitions that are, as of this writing, an astonishing four months out of date. And the spyware definitions in Ad-Aware SE were over 120 days out of date when I installed that application. That’s simply irresponsible. The sheer amount of work that a user needs to perform in order to make sure that each application Google provides is updated completely contradicts the benefits of having an integrated installer with “only one license agreement ? and no wizards.” That’s only true until you actually try to use any of these applications.

His conclusion:

While virtually every computer company on earth is scared to death of Google, and virtually every PC user seems to be in love with them, Google Pack serves nicely as a reality check. Not only is Google human, buts the flaws in Google Pack suggest that this company has a long, long way to go before it can ever justify its insanely lofty stock price. Google Pack is a mixed bag of applications, some useful and some not, though virtually all are deficient in some way as packaged here. I applaud Google for trying to make the PC experience simpler and more secure, but shipping out-of-date security products is even worse than not shipping them at all, because users will get a false sense of security and believe they’re protected when in fact they are not. Google Pack is still in beta, so the more glaring issues can be fixed by a final release, if there is one. But this initial version of Google Pack is an embarrassment to the company. It’s just a mess.

Click here to read the whole thing, and many other fantastic news and reviews at Paul’s site.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - January 8, 2006 at 10:52 pm

Categories: Tech News   Tags: , , ,