You won’t make money from W32:Sality.ao

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

• PE_SALITY.JER (Trend Micro)

• Virus.Win32.Sality.aa (Kaspersky)

• Virus.Win32.Sality.y (Ikarus)

• Virus:Win32/Sality.AM (Microsoft)

• W32.Sality.AE (Symantec)

• W32/Sality-AM (Sophos)

• W32/Sality.AE (Norman)

• W32/Sality.AH (Panda)

• W32/Sality.AK (F-Prot)

• Win32.KUKU.a (Rising)

• Win32.Sality.OG (BitDefender)

• Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

Zero Day For IE7 Being used in the wild.

It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

[Image from TrendMicro Blog]

As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

Removing Win32/Bagle.HE worm

Here is another virus that seems to be spreading lately.   From the looks of it, it sees to be another email worm.  Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

• Documents and Settings\All Users\Application Data\hidn\
  hldrrr.exe
• Documents and Settings\All Users\Application Data\hidn\
  hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

Uncovering a Virus/Trojan

Getting done with the first part really got my juices flowing. I was shopping looking and thinking about this next article. I came up to only one option turning this into a 3-5 length post due to all the content that I will have.  So where did we leave off?  Oh that is right figuring out if you have a virus/Trojan.  The instant I made a post about this 12 hours later someone make a comment and here is what he said:

Rene Van Belzen

I can’t wait to read part two of this article. I always wondered how you’d know you’re infected if a virus don’t want to be detected and no virus definitions are yet available, because the virus is so new.

Now the truth is anytime a Virus does something it usually leaves a footprint somewhere and somehow.   Even the hardest working hacker can’t plan for all possibilities and that is where we begin.   I have been helping people for a while with viruses and know that no matter how hard the virus tries to hide you can usually find it relatively quickly and easily do to virus check here are the ways I’ve done to figure out if they may or may not have a virus/Trojan.

Fix Shutdown Problems in Vista!

In the Patch Tuesday update, Microsoft quietly released the patch to fix Windows Vista machine shut problems. This patch should of came sooner.

KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

This was not a critical update and it seems to resolve so many issues with compatibility.  One thing it seemed to fix on my system has been the shutdown time.  It is now quite fast, it would normally take me 2 to 3 mins to shutdown, now it does it in less than a Minute.   So if you’ve not installed this update please install it soon.   I would like to know if people are seeing the same thing I am.   I’ve found a great resource on fixing it if you are still having problem, it talks about how to check your system performance. Although this is been doing it lately with these programs not loaded or even running, they still seem to cause problems so now I get the feeling it has to do with legacy programs.  This should fix most of the problem with older programs.

Windows 7 will sport Direct X 10 Compliance!

The new feature is called WARP10, for “Windows Advanced Rasterization Platform,” and it’s essentially a DX10-compliant, software-only rasterizer that was written by Microsoft; it runs directly on the CPU. In a situation where a DX10 app needs to run but can’t find DX10-compliant hardware, it will run on WARP10, albeit very, very slowly. Ultimately, you can think of WARP10 as a “software DX10 GPU” that will exist as a fallback in Windows.

[via Arstechnica]

Spying on Spyware.ISpynow!!

This is another Virus that is going around and thought I’d tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

Now this one isn’t to hard to figure out what happened.  You have to manually install it on your system to get infected.  Symantec has a great way on uninstalling this annoyance.  I also suggest checking out my other program list just in case you don’t want to buy Symantec Anti-Virus programs.  Some other things to check out is:

• Avg detected Trojan Horse Generic 12.htc? – This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.
  
• Some Important programs to prevent yourself from having viruses and Malware!! — This article gives you some other programs to use other than Symantec.   You have a wide variety of choices on Anti-virus programs and Firewall Choices.  You also have some choices on Spyware removal programs.

Microsoft kills a fake antivirus tool from 994,061 computers!

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update.  If you haven’t updated your system just yet you should.   This troublesome fake virus seems to have been killed  from several systems.  This could effectively make it harder for these guys who ever designed this program to make money.  I hope microsoft does even more virus removals in next month.  If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.

Left 4 Dead Sneak Peak!

Yes they finally released the demo. According to my sources and I’ll quote:

Newell said: “We will be releasing demos for both the Xbox and for the PC. I don’t know what the date is for release on that, though. I think it’s going to contain the first part of one of the campaigns. I think it’ll probably be Hospital but I’m not sure. That’s a decision that Doug Lombardi is making.”

[Via Videogamer]

If you want to see the game screen shots you and preview the pictures all you need to do is go HERE.  You can also start pre-purchasing Left 4 Dead on The PC and be ready to play when it comes out. Watch the Video from Steam for Left 4 Dead Intro In English. You can also Gift the Game for the Holidays, I would like one to get and try it out so if you want to give me the Gift just send it to me via my email address.  According to Steam, you will haveto pre-purchase Left 4 Dead and then the Demo will be available for you a week before hand!! so that is one good thing!!  So go buy it and enjoy!!!  Also you will need to install Steam to enjoy the demo.

Time to Change your clocks.

Time to change those clocks of ours

Having been looking at one of my old clocks that would automatically change for Daylight Savings Time, I’ve had to keep reminding myself that it is an hour off. Starting tonight at 2 PM, it will be right. So I thought I would help people keep there computer clocks up to date by suggesting some good programs to us to keep your system having the right time.  So people know what dates are being affected according to the Greenwichmeantime they say  this:

Beginning in 2007, Daylight Saving Time is extended one month and the schedule for the states of the United States that adopt daylight saving time will be:

2 a.m. on the Second Sunday in March
to
2 a.m. on the First Sunday of November.

So that saying goes it “Fall back, Spring Forward“  So now here are some great programs to better help you get your computer clock up to snuff:

Worldtimeclock Atomic Clock Sync Program – It is a free program for you to use with your Windows.  Although you have to make sure your selected the right timezone once it is installed all you will need in an internet connection to sync your windows time with the atomic clock.

Sony recalls 340,000 batteries.

Sony Recalls Notebook Computer Batteries Due to Previous Fires

The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.

Name of Product: Rechargeable, lithium ion batteries containing Sony cells used in Fujitsu Computer Systems Corporation, Gateway Inc., Sony Electronics Inc., and Toshiba America Information Systems Inc. notebook computers.

Units: About 340,000 batteries (an additional 3,080,000 battery packs were sold worldwide)

Battery Cell Manufacturer: Sony Energy Devices Corp., of Japan

Hazard: These lithium ion batteries can overheat, posing a fire hazard to consumers.

Incidents/Injuries: There have been 16 reports of notebook computer batteries overheating, causing minor property damage and two minor burns. All of these reported incidents and injuries have been associated with earlier recalls of notebook computer batteries containing these Sony cells. There have been no incidents involving batteries sold by the notebook manufacturers participating in this announcement.

[via U.S. Consumer Product Safety Commission]

Some bloggers are Hyping Windows 7 operating System.

After looking around the blogosphere, I’ve come to the realization that people are starting to get hyped up over Windows 7.   In one blog post from it.toolbox.com:

Windows 7 is due to hit beta and release in 2009, and odds are likely that if the pundits, all of us on the blogosphere and other places like PC World, Cnet, and others all agree that this works the way a computer was supposed to work will help drive sales. What is also interesting is that Microsoft is really pushing to get this puppy out. Along with the bloat are gone the five years of development.

[Via It.Toolbox.com]

I totally agree with what he is saying on the possibility to have an operating system actually do what it is told. Some things people have been looking for in there Searches in regards to Windows Vista are:

• Vista Shutdown Problems
• User Account Control
• Vista SuperFetch
• Vista and Battery Life
• What Microsoft Doesn’t want you to know!!