"Gumblar" Computer Virus A Growing Threat

Posted by Joseph Rios | Tuesday, October 5, 2010 | Labels: , | 0 comments

Experts Say Web Site Compromise Attack Spreading To New Computers, Already Worse Than Conficker

The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K., ScanSafe said last week.

As Web site operators cleaned up their sites, the attackers replaced the original malicious code with dynamically generated and obfuscated JavaScript, making it difficult for security tools to identify. The scripts attempt to exploit vulnerabilities in Adobe's Acrobat Reader and Flash Player to deliver code that injects malicious search results when a user searches Google on Internet Explorer, as well as search the victim's system for FTP credentials that can be used to compromise additional Web sites.

The domain was changed to martuz.cn before both domains were shut down. And now, the malware is coming from sites including liteautotop.cn and autobestwestern.cn, among others, according to ScanSafe.

"Fortunately, it appears the name servers themselves are being shut down," the company said in a statement. "However, even after Gumblar-related attacks subside, cyber criminals will still possess the botnet of infected computers obtained via Gumblar."

ScanSafe contends that Gumblar is worse than Conficker, a worm that spreads via a hole in Windows, through removable storage devices and network shares with weak passwords, as well as disables security software and installs fake antivirus software.

Gumblar, which was responsible for 37 percent of all malware blocked by ScanSafe during the first two weeks in May, has more intrusive behavior--it intercepts and monitors Web traffic, as well as installs a data-theft Trojan that steals usernames and passwords from infected computers, ScanSafe said.

In addition, once a Conficker infection is remediated there is no further spread of the worm. However, Gumblar can use the FTP credentials it steals to compromise even more Web sites, potentially exposing many more victims, the company said.

To find out if a computer is infected:

1) Locate sqlsodbc.chm in the Windows system folder (by default under Windows XP, the location is C:\Windows\System32\);
2) Obtain the Sha1 of the installed sqlsodbc.chm. File Alyzer is a free tool that can be used to obtain the SHA1 of a file;
3) Compare the obtained Sha1 to the list located on the Scan Safe STAT Blog ;
4) If the SHA1 and corresponding file size do not match with a pair on the reference list, it could be an indication of a Gumblar infection.

The most effective way to remedy an infection is to do a full reformat and reinstallation, according to ScanSafe. Passwords or login details that were stored or used on infected machines should also be changed.

Source :- www.cbsnews.com

Remove Wireshark Rogue Antivirus from PC

Posted by Joseph Rios | Wednesday, September 22, 2010 | Labels: , | 0 comments
Wireshark Antivirus is a rogue antivirus program that uses the name of the well-known software company Wireshark™ to sell a fake program. Just like other fake antivirus applications, Wireshark Antivirus attempts to push the user into purchasing a software license to the software. Once installed, Wireshark Antivirus will load itself up as a startup service with the help of the Trojan, and then it will proceed to perform a large number of fake antivirus scans on the user's system, subsequently reporting that there are a dangerous amount of viruses present on the user's computer. Wireshark Antivirus accentuates these claims with fake virus warning pop-ups that get generated from the Windows Taskbar.

If there is any installation of this dangerous malware application on your computer, you should immediately take action to remove Wireshark Antivirus. In order to delete Wireshark Antivirus, you need to stop its processes, unregister its DLL files, delete its files and folders and remove its registry entries.

Removal of Wireshark:
Use Spyware Doctor anti-spyware software to remove the rogue Wireshark Antivirus from system. This software will completely remove rogue antivirus and make your system infection free.

Remove “The Auto Dialer Virus”

Posted by Joseph Rios | Sunday, September 12, 2010 | Labels: , | 0 comments
Imagine your phone bill, thicker and heavier than normal. When you open it, instead of "statement stuffers" from the phone companies marketing department, the bill is dozens of pages long ending in a one-month total of almost $5,400. A quick glance at the details reveals that there are hundreds of calls to the same 1-900 number. “A mistake”. Actually, this is not a mistake. In reality you had fallen victim to one of the oldest computer scams around: “The Auto-Dialer Virus”.

The Auto-Dialer installed itself, checked for the presence of a modem and dial tone, and then proceeded to dial an overseas 900 number over and over again. Even though you surfed using an always-on broadband Internet connection, the modem remained ON to send and receive faxes. One problem: not using the modem, it remained plugged into the phone jack.

There is no single solution to avoid these types of malicious acts. A short list of protective measures would include:

1. If you no longer need a modem in your computer, remove it. Or at least disconnect the phone line from the modem.

2. Install anti-virus software such as Trend Micro or Symantec''s Norton Anti-Virus. Many are designed to prevent this kind of malicious software, or "Malware." More importantly, make sure your subscription for new virus patterns is current and configured to automatically download and install updates.

3. Install and regularly run Adware protection solutions such as LavaSoft''s Ad-Aware or SpyBot Search & Destroy and do not, aunder any circumstances, blindly hit "OK" to pop-ups or similar annoyances without first making sure what you are agreeing to.

Remove Antimalware Doctor, A Rogue Anti-spyware

Posted by Joseph Rios | Sunday, July 18, 2010 | Labels: , | 0 comments
In present era with the rapid development of computer technology more and more computer users become the victims of computer threats. Except replicating itself, a virus can also make a computer break down through infecting all the documents on it. There is a rogue anti-spyware program called Antimalware Doctor which also infects PC.

How infection arises:
When an infected file on your PC is executing, virus will replicate itself and produce a DLL file under directory %System%. DLL file will be added in other running applications and then virus will execute the main routine code. Antimalware Doctor contains Trojans virus and it will infect most executive applications on your hard disk by writing some DLL files.

Removal way:
If you think about restoring your computer when get infects with Antimalware Doctor, the most effective way should be formatting the infecting hard disk. But to format the hard disks on a system may result in many troubles since the user always saves many important data and files on them. There is another great method to resolve it. That is to use professional anti-virus program. Download and install Spyware Cease, an excellent and powerful security program designed for computer users. To get better removing effect, you can run and execute the removal under safe mode.

Uninstall Sunbelt CounterSpy

Posted by Joseph Rios | Sunday, July 11, 2010 | Labels: , | 0 comments
Sunbelt CounterSpy can be removed from system in two ways. One is a standard method and second is by using removal tool.

Method 1:
Firstly, use standard way to uninstall Sunbelt CounterSpy by add/remove program list:
Step 1. Click the “Start” menu on the left bottom of your screen.
Step 2. Select “Control Panel”.
Step 3. Locate and choose “Add/Remove Programs”.
Step 4. In the “Add/Remove Programs” list, you will see a whole list of programs and applications that are installed on your computer. Find and highlight Sunbelt CounterSpy and click “Uninstall”.
Step 5. Click “Remove” to uninstall Sunbelt CounterSpy.

Method 2:
You can use a good uninstaller to automatically uninstall Sunbelt CounterSpy in seconds. Such a removal tool can remove programs including those cannot be removed completely through “Windows Add/Remove Programs”, delete the empty and corrupt registry entries as well as the related files, backup your registry and improve your overall PC performance.

There is actually a fantastic removal tool that can help you fully uninstall Sunbelt CounterSpy Antivirus with great success and make sure all the now-defunct Registry entries and related files are eliminated automatically with a few clicks.

Remove Norton Internet Security Tool from PC

Posted by Branden dicoster | Thursday, June 24, 2010 | Labels: , | 0 comments
Norton Removal Tool was developed to remove some Norton software from computer.Norton Removal Tool runs on Window Operating System. Norton Removal Tool should be used only if you have tried to uninstall the Norton program using Windows Add/Remove Programs and that did not work.
Remove Norton Internet Security Tool:
1. Click the Start menu on your desktop, then click "Control Panel."
2. Double-click "Add/Remove Programs."
3. Look for the "Norton Internet Security Tool" or the "Norton Internet Security" icon in the list of programs generated.
4. Click the "Remove" button on the right side of the window to start the removal process.
5. Follow the on-screen prompts to remove the Norton Internet Security tool from your device.

Microsoft justifies lost Office 2010 upgrades

Posted by Branden dicoster | Wednesday, June 16, 2010 | Labels: , | 0 comments

Microsoft told why it has killed a tried and tested way for loyal consumers to obtain a new edition of Office for a low price.

The company is not allowing upgrades to Office 2010, released to retailers on Tuesday, from older versions of its productivity suite. The move means you must get a completely new copy of its suite.

Microsoft briefly told consumers in a FAQ on the site promoting Office 2010 that it's killed upgrades from Office 2007 and the like in order to, er, "simplify" its product offering.

You can catch Microsoft's FAQ here and gauge the early reaction here.
Upgrade versions provided a lower-priced and convenient way of getting the latest edition of the software without existing users needing to spring for the full product - call it a loyalty bonus.

Upgrade versions are offered elsewhere by Microsoft, such as on Windows 7, and by other software makers.

Earlier this year, Forrester warned of potential problems for users upgrading to Office 2010 from its predecessor Office 2007.

Forrester said there would be potential "speed bumps" - problems between the 32- and 64-bit versions of Office - as ActiveX controls and add-in dynamic link libraries (DLLs) written for 32-bit would not work in 64-bit. New features like the Outlook Social Connector would also experience problems working with the re-engineered SharePoint Workspace.

Microsoft's new, low-priced Office option is the Product Key Card - only you'll either need a brand new PC to obtain one or buy Office as a download, and then it'll still be a full copy of Office 2010.
Subscribe to: Posts (Atom)