Why you shouldn’t mess with your registry!

By Paul | Mar 8, 2010

You going along and Windows seems to be slow and not so responsive. You go and start messing around with the Registry and later when you reboot your systems becomes frozen and nothing you do will get it back.

What is the Windows Registry used for?

The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the Registry. The registry also provides a means to access counters for profiling system performance.
[Wikipedia]

What programs can I use to repair or Clean the Registry?

There are several different programs that can be used to help fix the registry or remove the unnecessary registry entries. I can suggest a few good utilities to help you fix or repair Windows Registry:

Registry Utilities Professional – This is good program for repairing small registry problems. This won’t fix major problems but it might help you get Windows back and running.

List of Malware sites for Dec 10, 2009

By Paul | Dec 10, 2009

Comments Off

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4349):

update-protection-z4.cn
update-protection-z6.cn
lenovosecurity01.cn
lenovosecurity51.cn
new-antimalware01.cn
update-protection-z1.cn
ferrari-scan9.cn
radius-protect-c1.cn
radius-protect-a1.cn
radius-protect-b1.cn
intel-secure10.cn
intel-secure20.cn
intel-secure90.cn
intel-secure02.cn
intel-secure01.cn
atomantispyware11.cn
atomantispyware21.cn
atomantispyware31.cn
atomantispyware51.cn
atomantispyware61.cn
pc-antispy013.cn
pc-antispy999.cn
pc-antispy051.cn
pc-antispy001.cn
windefscanm9.cn
windefscanm0.cn
vip-protectionv9.cn
vip-protectionz4.cn
windefscanm1.cn
vip-protectionv8.cn
top2009security.cn

Internet Antivirus Pro Scareware

ewiali.cn
ewiaguh.cn
inb6sh.com
divyza.cn
jynuroh.cn
jypebgi.cn
diwehym.cn
enoihup.cn
kanjiur.cn

Fake Scanner Pages:

scan.dewesan.cn

Rogue Antivirus scareware sites:

siteadware.com
antitroy.com
letmeguard-yourzone-pc.com
systempc-scan-check.net
livepcguard.com
downloadavr13.com
clean-vironmypc.net
cleanvir-onmypc.net
cleanviron-mypc.net
cleanvironmypc.net
internal-scanforpc.com
internal-scanforpc.net
internalscanforpc.com
internalscanforpc.net
safetyantispywareshop.com

List of malware sites for Sept 1, 2009

By Paul | Aug 31, 2009

Comments Off

Well with it being the end of the month it was to be expected here is a long list of sites. So please read these carefully.

Personal Antivirus Scareware Site and How to Remove them:

live-virus-scanner9.com
tryantivirusscan.com
antispyware-scanner2.com
bewareofvirusattacks2.com
antivirus-scanner6.com
valueantivirusshop1.com

Internet Antivirus Pro Scareware*SUPERAntispyware gets rid of these too*

adjudg.info
atwain.info
caretz.info
gaudad.info
krapen.info
nevils.info
outliv.info
penvie.info
stampo.info
ticedu.info
unwept.info
gelded.info
dolchi.info
figgle.info
botled.info

Rogue Antivirus scareware sites:

securepcshield.com
myprotectedzone.net

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

AVG 8.5 Free Version Best on my system

By Paul | Aug 25, 2009

Comments Off

Pcworld has a released there top free Antivirus software picks. Now let’s be clear on this, I am an a average user, and have tested these products out on my own laptop plus others and here is what I find.

According to Pcworld, Avira Antivir Personal is the top pick and claims to block 98.9 percent of samples:

Such less-than-friendly default behaviors make Avira AntiVir Personal a better choice for tech-savvy users who know how to muck about in the settings. If you’re willing to put up with a somewhat clumsy interface and the recurring pop-up ads, in return you’ll enjoy top-notch, free protection against malware. It’s not a bad trade-off by any means.

[Via Pcworld : Avira Antivir Personal Antivirus]

Now with Pcworld saying it isn’t a bad trade-off to have the Pop-ups and the default behaviors of this program, it doesn’t make me want to use this program since I am a gamer and the pop-ups would interfere with playing online games, not to mention if your not that tech savy person you’d have a lot of head scratching to figure out this program.

List of Fake AV sites for Aug 22, 2009

By Paul | Aug 21, 2009

Comments Off

If you know anything about the Malware writers they are always registering new domains and here is the newest ones they are using:

Personal Antivirus Scareware Site:

antispywarebestscanner.com

professionalvirusscanv3.com
professionalcomputerscanv2.com
scan-your-pc-now.com
professionalspywarescanv8.com

Internet Antivirus Pro Scareware:

hopest.info
suffic.info
cressy.info
unowed.info
inclin.info

Rogue Antivirus scareware sites:

securitytoolsite.com (Fake Scanner)
webscansecurepc.com (Fake Scanner)

Threat to System : Moderate

Computer Security : How not to get Infected.

By Paul | Jul 24, 2009

Comments Off

In my previous blog post we talked about how the computer would get infected with Malware. Now on this blog post we will discuss how you can prevent most to all of these from ever happening again on your system.

Now let’s face it we are more and more going to be on the internet. This is almost a necessity for a business or individuals. You see Businesses have built there product around the internet and that is why it is necessary to be on the internet.

What program not to use to Surf the web

You should consider getting away from Internet Explorer, I don’t say this lightly. It may take Microsoft Months to fix a hole in something that involves ActiveX or Something like that. We know how Microsoft will only push out the really big security holes out of Cycle but keep the minor ones in Cycle. Hackers have jumped on exploits before when it comes Internet Explorer and use them on Black Wednesday, not less than 24 hours after the patches have been released.

Although these examples I showing doesn’t mean that they haven’t been fixed they are showing you how long it takes sometimes to fix them.

A few Zero Day Exploits in the wild — Heads up

By Paul | Jul 6, 2009

Comments Off

Several different Security Vendors are Reporting that there is an ActiveX and Directshow exploits out in the wild.

The Directshow file in question is : msvidctl.dll

[A work around to prevent this]

It involves an ActiveX control called the Microsoft Streaming Video control and there is no workaround that I know of just yet. Microsoft is aware of these exploits but we don’t know when they will release the patches.
These flaws mean that if you visit an Infected site you will most likely install software that you really don’t need or want. You should be cautious where you go especially on chinese servers because some of them are reporting that they have seen an overnight bloom of sites that have these exploits in place.

People should take care and install anti-virus and firewalls even the free ones are the best choices right now to defend againts these types of attacks. You should also make sure you have the updated virus definitions and make sure you have the latest version of the AV program.

It is also suggest for users to not use Internet Explorer to prevent some of these exploits but take care and install a good browser, I would suggest Firefox to better protect your computer from some of these exploits.

Microsoft Drops a 9 Security updates on Patch Tuesday

By Paul | Jun 9, 2009

Comments Off

So I get home and here is what they updated for those who would like to keep track:

Vulnerabilities in Active Directory Could Allow Remote Code Execution (KB971055) — This update is only for Microsoft Windows 2000 Server, Windows Server 2003, Windows XP Professional and Windows Server 2003. This one is Rated critical due to Remote Code Execution, which means a program can install malware or viruses on your system and you wouldn’t know it.
Cumulative Security Update for Internet Explorer (KB970483) –This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication.
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (KB969462) — This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object.

Ms Patch Tuesday For June 2009

By Paul | Jun 4, 2009

Comments Off

Photo by Andrew Magill

Microsoft has released the upcoming patch information for this Tuesday, and boy does it look like a big one. It looks like there will be 10 bulletins this time around:

Bulletin 1: Critical (Remote Code Execution): Windows
Bulletin 2: Critical (Remote Code Execution): Windows
Bulletin 3: Critical (Remote Code Execution): Windows, Internet Explorer
Bulletin 4: Critical (Remote Code Execution): Office
Bulletin 5: Critical (Remote Code Execution): Office
Bulletin 6: Critical (Remote Code Execution): Office
Bulletin 7: Important (Elevation of Privilege): Windows
Bulletin 8: Important (Elevation of Privilege): Windows
Bulletin 9: Important (Elevation of Privilege): Windows
Bulletin 10: Moderate (Information Disclosure): Windows

It will also include one or more updates on WSUS and Windows update, and Microsoft Windows Malicious Software Removal Tool. This looks to be quite a big set of updates. Each one is very serious and will probably be a big download. If your in corporate IT you may want to get ready the Autopatcher program this will help update all the important files on each system without having to have a internet Connection.

Microsoft to Release One Crictical update for Tuesday

By Paul | May 9, 2009

Comments Off

Microsoft has release the information for May’s Patch Tuesday and it looks like there is one major update for Power point:

The Affected software is MS Office 2000, MS office Xp, MS Office 2003, Ms Office 2007, Power point viewer, and MS compatibility pack for Word, Excel, and Power point 2007.

What will be coming out for Tuesday is as Followers for Non-security Releated:

Windows PowerShell 1.0 for Windows Vista (KB928439)
Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)
Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
Windows Malicious Software Removal Tool – May 2009 (KB890830)/Windows Malicious Software Removal Tool – May 2009 (KB890830) – Internet Explorer Version
Update for Windows Mail Junk E-mail Filter [May 2009] (KB905866)

Although some of this is usual like the Malicious software removal tool, and Windows Junke e-mail filter, we won’t know what else will be released until Tuesday. Some of the updates will be minor like the Powershell, I am guessing tis will help get ready for SP2, and the SP1 for the .NET framwork also looks to be getting ready for SP2. So I will keep you updated if i find out what else is released on Tuesday!

Miketechshow Listener Roundtable : #242 Backups

By Paul | May 3, 2009

Comments Off

We had a great time talking about backing up our system. On a side note, I’d like to tell people that During the Round table, I was restoring my system due to a major network issue. The system wouldn’t stay connected at all to my network or my USB A600 Cricket Modem. I used the A600 Modem during the podcast with Skype, so the quality isn’t as good as it should but that is due to two different factors. One I had a cheap headset and two the bandwidth limitations. This however shows that this is possible and works really well. I also used the Antenna for the Skype meeting. It actually seems like a stable connection. Although Mike has told us in his email this might be the last Round Table, so if you want this to continue you can either email him or twitter him telling him you want to keep seeing these podcasts. I also talk about Roboform and how I make sure the passwords are backed up. We did talk about making sure to test our backups, so we know if the backup process works. I have to say my backup procedure was without doubt working for me. Even though I had some issues with Vista security updates after the restore, my restore to laptop didn’t take more than an hour to get the programs that I wanted back on the system.
Mike Tech Show Listener Roundtable #242 Backups

Twitter Spam attempt: “See the NSFW pics twitter deleted from my profile here”

By Paul | May 1, 2009

Comments Off

Looks like this might have been a improper adult content or maybe a Malware attack:

If people are wonder what NSFW means:

Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]

It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install Free Anti-virus and Free Firewalls to help prevent from getting Viruses or Malware.

Adobe PDF Zero Day Warnings : Experts agree

By Paul | Apr 29, 2009

Comments Off

All the Security experts online are talking about The 2 Zero Day Adobe Vulnerabilities:

As you can see this seems to be one of those Adobe problems we had in the past with Javascript. They seem to be having a major problem with Javascript vulnerability and the old saying is to just to disable Javascript in PDF’S again. Adobe is calling this a Potential Adobe Reader issue and is suggesting that the users disable Javascript until this is fixed with a security update.

This is mostly affect the corporate world more than the private sector because of the fact corporate world will use PDF by sending them through emails. I suggest installing another reader and these are all free.

Be advised the vulnerabilities affects Linux, Windows, and Macintosh systems. This will most likely mean that even Macintoshes could be used to create even more botnets and will need to disable there Javascript until this issue is fixed or maybe they would like to find another reader themselves. This also goes for Linux users but I have not heard of anything in the wild yet.

Don’t forget to install some free Anti-virus and Free Firewalls to help protect your system from becoming a botnet.

Microsoft sends out KB955430 to get ready for SP2

By Paul | Apr 28, 2009

View Comments

This looks like it is to help with some problems with other issues of updates that they have been having. I am unsure of why they are wanting to install this update but it doesn’t look to be harmful. I am betting this is to fix a flaw that has been exploited by the warez community to make them either pay for there copy or go with another OS. For the one fact that this “will enable future updates” and “This update may be required before selected future updates can be installed“.

I went to KB9555430 support page:

Updates to the Windows Vista and Windows Server 2008 installation software are included in this update. The installation software is the component that handles the installation and the removal of software updates, language packs, optional Windows features, and service packs. This update is necessary to successfully install and to remove Windows Vista SP2 and Windows Server 2008 SP2 on all versions of Windows Vista and Windows Server 2008. This update is not necessary to successfully install the service pack if you install the full file version of the service pack. The full file version of the service pack includes this update.

Microsoft released April Patch list for Patch Tuesday

By Paul | Apr 9, 2009

Comments Off

To see what systems are affected please see the bulletin for further details. Some of the updates have to do with IE 6 and IE 7, maybe it is time to update to IE 8. It looks like if you update to IE 8 you will not have to worry about the Remote Code Execution. There also seems to be a remote code execution for DirectX 9.0A, B, and C. This however doesn’t affect DirectX 10 and if you have a Vista machine please consider updating to DirectX 10.

The other one is a MSDTC program that has a vulnerability of Elevation of Privileges that needs to be fixed. There will of course be more than this for April but these are the ones that Microsoft has determined to be release for Tuesday. There are going to be at least 8 Different patches for Windows XP, and some For Vista. Some will be only for XP and others will be for XP and Vista.

Then Microsoft Internet Security andAcceleration server will have an update to prevent a Denial of Service attack. This will be needed to patch on the server side as soon as possible. Then there is the Excel Remote Code execution that needs to be fixed. It looks like CVE-2009-0238 is the one that this is being patched for but this is only a guess.

Now is the best time to get Autopatcher ready for this update because this will be quite a big update. You should also update your anti-virus software and Firewall.

Electric Company fear Mongering gone wrong!!

By Paul | Apr 9, 2009

Comments Off

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

By Paul | Apr 2, 2009

Comments Off

Well, this had to happen sooner or later. It looks like Powerpoint can be exploited with a Remote Code Execution. So Microsoft today has issued an Advisory for KB969136.

In there post they say:

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren’t expecting either scan it good with a free anti-virus. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it’s an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don’t think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

Conficker Discussion Part 2 – Even more stuff to talk about

By Paul | Mar 30, 2009

Comments Off

We’ve heard in the coming days there will be an update for the Conficker.C Worm and Microsoft has Released even more information about it: For Instance:

Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.(was reported to Microsoft on February 20, 2009.)

Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker. (was reported to Microsoft on March 4, 2009.)

As you can tell, this seems to be two different Variants starting to emerge. Now let’s go a little bit more deeper shall we. According to US-CERT(United States – Computer Emergency Readiness Team) , They claim that this is Widespread infection and have posted about it on there website TA09-088A.

Windows 7 Beta Second RC to be released in May

By Paul | Mar 26, 2009

Comments Off

According to Arstechnica, the Next version of Windows 7 Beta will be Released In May.

It looks like someone flipped the switch a little early. The Windows 7 Release Candidate download page on TechNet has made a premature appearance, much like the beta download page did before the beta was released to the public. The public RC will apparently be coming in May 2009, and not in April as previously rumored. The RC testing program will be available at least through June 2009, and the actual build will expire June 1, 2010. Both 32-bit and 64-bit versions will be available in English, German, Japanese, French, and Spanish.
[Via windows-7-rc-download-page-goes-up-early-coming-in-may.ars">Arstechnica]

It will be available soon to download. According to Ars this will be good until 2010, I am guessing around February or March but that is just speculation on my part.

Remember:

This is a Beta and when it is over you won’t be able to use the OS anymore
This isn’t the complete OS, Knowing Microsoft this will be limited in some way to encourage your to buy the full version down the road. Also they want to have some features for only Commercial Release.
There will always be security holes when it comes to Windows 7 so don’t use it exclusively, since this is a beta. Microsoft will not keep it up to date until it goes Commercial!

I did a podcast on this OS and if you want to hear the two discussion we talk:

Mike Tech Show Listener Round Table Topic: Symantec issue, Security, Web Hosting, Windows 7 Beta
Mike Tech Show Listener Round Table Topic: Windows 7 Beta

The Seriousness of the Twitter Vulnerability?

By Paul | Mar 25, 2009

Comments Off

The main question is how much do you want to know about this? Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

We’ve seen that there have been twitter phishing in the past, and Facebook phishing have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye. For one using the URL redirects could be one way this could be used. No telling what other vulnerabilities lay for the client side twitter programs. Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

Are You and Your Friends Fine — Virus Spam

By Paul | Mar 22, 2009

Comments Off

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan. It blocked it, but the file that it is downloaded called “save.exe” and I have talked about flash player fake updates. I have seen other blogs talking about dirty bomb news report leads to malware. I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links. It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans. You should have a firewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.

Free Syncronization and Backup programs

By Paul | Mar 18, 2009

Comments Off

So I talked about finding some free backup utilities on the Mike Tech Show Listener Roundtable Show # 234.

I said I would publish some good free ones programs to backup your system files and I think I have done it. Here’s are some great ones that I recommend for anyone who doesn’t want to pay for a backup program:

Allway Sync – Works with Windows Vista/XP. It supports : Hard Drives, Removable Hard Drives, Network Drives, Amazon S3, FTP Server, Offsitebox.com, and WEBDAV Folder. This program is also quite portable and can be used on more than one computer with the portable version.(A600 USB Broadband Modem for Free after Instant online web only rebate + Mail in rebate. First month free and free shipping. Buy now!)

ViceVersa — Windows 98, Me, 2000, XP, Vista. Vice Verse FREE will compare files in two folders (source and target) and synchronize file differences. There isn’t much else you can do with this but It does look to be good for small backups and older system.

Acebackups — is a powerful tool to create completely secure backups of your data. Store your data on any local storage device, on CD, DVD or on your remote FTP server!

Malicious Spammers target Bank of America

By Paul | Mar 14, 2009

Comments Off

I’ve saw two different security firms talking about Bank of America and I wanted to share with you:

Picture from F-secure

The two sites are F-secure and Pandalabs who are talking about Bank of America and how they try to get you to install malware. With Adobe having just sent out the new updates last month it looks like spammers are using this to get people to install Malware.

It is also been known to be floating around in Facebook this spam. So if you get a link going to a site you don’t know about to see a video and it says you need a codec or the Adobe update you should turn right around and leave site. You should always type in the url of Your Bank and not go there through links.

From what they are saying it monitors Network traffic and Steals ICQ, POP3, and IMAP passwords. If you find network traffic going to Hong Kong IP, then it is time to check to make sure all your Virus definitions are up to date and you’ve installed an Anti-virus and Firewall. I would encourage users to report it to Phishtank so that any other unsuspecting user or person going to that site will be warned.

Is Google the ultimate news source?

By Paul | Mar 12, 2009

Comments Off

As you know We had a big problem Monday Night and All day Tuesday. If you are a regular reader of this blog, you would of noticed either a 503 or lag. It was due to an article that I released late Monday night about the PIFTS.EXE and the so call conspiracy.

At the time, I was wondering and quite disturbed about what Norton Symantec was doing to the forums. So I blogged about this and wouldn’t you know my site was Held Hostage by Google. I kid you not, I had so many people come to my site in under an hour it wasn’t even funny.

So I sit here, asking a really good question is Google the News? I don’t know exactly when but according to Wikipedia Google was formed in 1998. The Google Motto is Don’t Be Evil, and I guess it makes them look like a news source. When did they get past the news site? I would hazard a guess that it was in late 2004 they started when they when Google gave people the first chance to own the stock on August 19, 2004, when Google became a publicly held company.

I got hit hard by Slashdot, Reddit.com, and Google. In truthfulness, It was more of searches and people coming from Google than anywhere else. I would say Google was the 90% and and Slashdot and Redidit was 8% and the rest was from other websites for this one article. Now don’t get me wrong the 2% of people was my normal amount of people for the day. So you can imagine how many people actually came to my site over this fiasco.

Thinking back to PIFTS.EXE.

By Paul | Mar 10, 2009

Comments Off

Thinking to this very incident looks to something out of the movie “Lemony Snicket’s A Series of Unfortunate Events“. I won’t go into much detail but here is what I want answers to about the PIFTS.EXE. You see after I have read a great article talking in detail about this, I have also come to the conclusion something isn’t right.

The blog owner known as Anshar in the forums on the Symantec points out some key events. He wanted to point out that the users who were posting were not violating the TOS and was posting questions that look to asking about this file. See screen capture of what I took. This one picture doesn’t prove his theory in whole, but does bring up some suspicions. This actually might be them trying to find a ’scapegoat’ so to speak. He also talks about what others are asking? What is PIFTS.EXE? People seem to still have not be answered that question.

Although, in Norton’s defense there seems to be a lot of information that they have to sort through. I’ll admit this information people are asking should be really simple to find in the Symantec Databases somewhere. I will not say they are hiding anything major but I do think something is going on that we are not aware of. Here’s some other thoughts to considers? If Norton needed to find out who was using Windows 7, couldn’t they of asked or even made a simple site redirect to find that information, after all anytime you visit a site you have that information sent to the stats. I could in theory find out how many visitors are visiting from Macs and how many are on older systems. That would be very easy to do with Google Analytics.

Let’s Clear this up — PIFTS.EXE

By Paul | Mar 10, 2009

View Comments

I just wanted to clear up some things about PIFTS.EXE. I read a Most Interesting Article about this over at Bleeping Computers. He talks about how tested this on his system and I’ll quote:

After reading about this file here and here, I asked around on BleepingComputer.com for one of our users to submit a sample of the file to me. Once I received the file, I ran it on a test box while running a file monitor, to see what it accesses, and Wireshark, to see what it does on the network. What I found was that the program appears to be quite innocent, and from the hostname it connects to, we could have guessed as to what it does. It appears that when you update Norton it connects to stats.norton.com and lets the server know someone has installed an update, what the update was, what program it was for, and whether it was successful. Now, I am not saying that Norton should be contacting one of their servers and reporting this type of information without a user’s permission or even knowledge, but there is no conspiracy theory between Norton, Google, Microsoft, African Nations, and little green men.

Conspiracy theories run rampent due to PIFTS.EXE

By Paul | Mar 9, 2009

View Comments

(Looks like some of this was a 4chan gag, check my other post about it)

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it. Here what I do know:

Here’s some information I pulled from my Zone Alarm Logs. Does this make sense to anyone?

2009/03/09 18:26:44 — New Program — PIFTS.exe — Destination IP: 67.134.208.160:80 — outgoing — blocked — Destination: ping.lifecycle.norton.com

2009/03/09 18:47:52 — Program Access — PIFTS.exe — Destination IP: — outgoing — blocked — Destination:

2009/03/09 18:48:28 — Changed Program — Windows Explorer — 207.46.248.249.80 — outgoing — blocked — Destination: sa.windows.com
[Via The Symatec Forums]

This indicates that the program tried to change tactics to go out on the net. I look a look for this and it is SwapDrive. So this must be an update to Swapdrive but I am unsure as to why it pops up that way. The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP. (It looks to my mistake in that little part, “to error is human” Check out this post about it) Although just recently Norton Decides to Delete that thread and people are really worried about why? Is this a cover up of some sort because there is a exploit in the Wild that we don’t know about? These are good questions that need to be answered. Here is what one posted about this just after they deleted the forum thread:

Are you Email domains being blocked by Cricket?

By Paul | Mar 9, 2009

Comments Off

So I got this Tweet from Mai_ling on twitter and she said:

So I did some digging around the net and found it is something that is a common practice for ISP’s to block PORT 25. If you want to find out if Cricket is blocking your mail service you can easily follow these instructions to see if port 25 is actively being blocked. So what are some options in fixing this little problem.

Due to spammers exploiting port 25, ISP have been blocking port 25 for other domains but theirs. You can receive email but not send email. Most ISP’s have a way for you to have an Alternative Port that you can use and you should check with your email domain provider to see if you can send and receive on either a SSL or another Port.

You could set up your email client to receive on port 25 but send out on the SMTP server of Gmail. This would be useful for people who want to send mail out but not have to change there email address. People will still see it coming from whatevername@whatever.com. You can tell Thunderbird to send out on the port and yet use your domain as your email address.

Another possible solution that may work for some is to sign up for Google Apps. The downside of this is It cost 50$ a year but that is 4.20$ a month to be added on to your Cricket Modem charge. This looks promising and has a 30 day trial so, if it works then you will know before you have to pay for anything. This should be dealt with by Cricket, they should have a way for there customers to send and receive email without having to jump through hoops to send email and receive email.

Fake Emails about Windows Support spam!

By Paul | Mar 9, 2009

Comments Off

According to Trend Micro, Some malicious software is being sent to unsuspecting users about Windows SP1 andSP2 having a error that could damage software or even hardware. See Trends blog with the photos of the fake spam.

Although from time to time Microsoft does send out security information to Technet subscribers people have also used this in the past to get people to install Viruses and Malware, like this one that installs TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information

Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident. Unfortunately, malicious individuals can and have sent fake security communications that appear to be from Microsoft.

[Via Microsoft]

So if you get an email from Microsoft you’ll probably want to delete it. Any Microsoft communications will be sent from the Update center. You should never install software that is from an untrusted website. If you are concerned you should check the web and find out what people are saying about the situation and see if it is a scam or true!! Remember only you can prevent a virus or Malware!

How do you like your Cricket USB Modem?

By Paul | Mar 7, 2009

View Comments

Lately I talked about the A600 USB 3G modem and Now I want to hear from the Readers? You see I can’t do my best reviewing these with comments from the readers, that being you.

Click the picture to send me email, just remember to replace “AT” with “@”.

So I want to hear what you think about either the USB UM100 Modem or the A600 USB 3g Modem? Here a re a few things to answer when you write your email.

Something will go to the people who email me? I want to publish some of these comments on my blog for all to read. I want to hear if what I am publishing helps you? I will even give your credit as to who wrote it. If you have a site or something you want to promote by all means add that to your testimonial. Here’s the basic questions that should be talked about: