Looks like this might have been a improper adult content or maybe a Malware attack:
If people are wonder what NSFW means:
Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]
It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install Free Anti-virus and Free Firewalls to help prevent from getting Viruses or Malware.
In my previous post, about StalkDaily I thought they were the innocent party in all this:
Now he talks about how he did this and claims responsibility for the Twitter calamity. According to him he did this out of boredom, and needed a way to make money. I am wondering if Twitter will do some legal actions against him for the time it took to fix the problem and fact that it caused so much widespread panic for people to not trust Twitter makes me think that Twitter would have a real good case against a 17 year old who was trying to gain the system.
Then the people who have lost followers or have had problems with their twitter are going to be mad to, They were the innocent party and did not know about the Cross Site Scripting Vulnerability, although it doesn’t appear to have gotten any passwords or sensitive data.
Although It does prove a p0int that the no script addon in Firefox is looking to be more and more needed as people search through the web.
According to Techcrunch, this seems to of happened today where this worm has brought down twitter. I have been using the Twitter Client Tweetdeck and have not had any problems like they have had with this site. I wouldn’t visit the site in question because you would most likely get the worm. It seems to be a very good hack it sends out spam on your twitter account like this:
*Update a Few hours*
It looks like Twitter had a Cross Site Scripting going on, and it wasn’t really Stalkdaily who did it rather someone injected code into twitter to grab peoples browser Cache. See this post for more information.
According to watch I am seeing Stalkdaily is now safe to surf to as long as you don’t click on links on twitter just yet. I have found that if you make sure you aren’t logged into twitter in your browser you are much better at preventing this type of attacks. You can see the screenshot of stalkdaily website and it looks like they are an innocent party.
Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.(was reported to Microsoft on February 20, 2009.)
Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker. (was reported to Microsoft on March 4, 2009.)
As you can tell, this seems to be two different Variants starting to emerge. Now let’s go a little bit more deeper shall we. According to US-CERT(United States – Computer Emergency Readiness Team) , They claim that this is Widespread infection and have posted about it on there website TA09-088A.
My one questions is Why is the US getting ready for this Conlicker worm, are they worried that what happened to the Parliament will happen to some branch of the White House. This seems to be an even more hype building over this worm. Everyone will tell you the same thing, they are not sure what will happen on April 1, 2009. I think it will be a normal day and all because with all news about the Conficker worm, the person who wrote this won’t want the light shined on them before they get there foot hold in systems. So you will most likely not notice anything special on April Fools day due the awareness of the worm.
But don’t forget to update your Anti-virus software and also might be time to add a good free firewall to help protect yourself from this worm.
Q: I heard something really bad is going to happen on the Internet on April 1st! Will it? A: No, not really.
Q: Seriously, the Conficker worm is going to do something bad on April 1st, right? A: The Conficker aka Downadup worm is going to change it’s operation a bit, but that’s unlikely to cause anything visible on April 1st.
I am like everyone else, I really don’t know what will happen it is always going t to be media exposure when it comes to Worms, Viruses, or Trojans. Virus Writers whoever “THEY” are, will always want to update there infected systems to keep the virus(Also worms, and Trojans) on peoples systems. This is the way of security firms will always have to predict them, keep up with them, or just follow them. This will never change because as virus writers want to find even more ways to infect systems that is the necessity of Anti-virus Software.
I don’t know what will happen on April 1, you most likely will be fine if not you won’t know it until you try to update your system or update your anti-virus software. One way you can find out if your infected is by trying to serf to security vendors like F-secure, Norton, and Kasperky. If you Can’t get to those sites then you most likely have a Virus or Worm, and it could be this worm!!
Make the worm harder to detect — This is a common practice they want to be able to hide the worm for as long a possible. So they will always tweak it to make it that much hard to detect and remove.
Make the Worm easier to infect systems – This is another common practice, because without having systems there is no need for a Command and Control server. The worm could do things such as Denial of Service, Or send out spam, or steal sensitive information. This is the nature of why people make viruses, Trojans, or Worms.
Easily update the virus software — as with any software the virus writers will come up with easier ways of updating the software, because the security will do whatever they can to prevent the update. This is also the nature of why there will always be updating of the code. They will put in more ways to keep the virus, worm or Trojan from being blocked. Like the Conflicker has some Peer to Peer functionality, so if one company blocks the update another way it could get the update is Peer to Peer. So you can’t block it very easily.
So what will happen April 1? Who knows it could be a normal day, or it could be the biggest April Fools joke ever. That is why I put that in my last blog post. With so much Media Frenzy the security firms don’t know what the Worm will do when it updates, all they can do is wait. So let’s take a deep breath and relax, there’s nothing we can do just yet!!
Cluely’s blog talks about this and I thought I would talk about it a little myself!!
This is the newest version of the Conflicker/Downadup variant of the little worm. There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.
Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.
Now let’s talk about this a little, this worm won’t do anything else but ask for updates on April 1, and we don’t know when the virus writers will implement the update it could be a month down the line. You could Backup your software and use the free program Autopatcher to help make sure your system is completely up to date with windows security. You can’t forward the to that date to find out what will it call home to. We don’t know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009. So you should install Anti-virus and Firewalls where you think it is needed.
I am sure though this will be an really big April Fools Joke from the Virus Programmers, they will be laughing at the hysteria of people trying to find out all the important information on April 1, and yet it might not start to happen until much later!! You are the first line of defense from getting a virus or any malware. So let’s keep our heads on straight and not go over board! Only time will tell, and I am sure what happens on Apr 1, 2009 will be a new day.
The updates offered in this article correctly disable the Autorun features. These features were not correctly disabled if you followed previously published guidance. The updates that are offered in this article have been distributed to the following systems through the Windows Update and Automatic update distribution channels:
* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2
This will help with the Conflicker Worm, also known the new variant Conflicker B++. Microsoft released this patch to better help the Administrators deal with the problem at hand. That the Conflicker worm exploits the autorun feature in most system. The Administrators need to disable the Autorun feature the right way, or it will not prevent infections.
Microsoft releases the necessary registry keys to edit and how want updates are needed to make this work. This will make it much harder for any program to exploit the Autorun feature in Windows.
This information is provided to help the Admins prevent from getting infected and should not be done by anyone who isn’t comfortable with editing the registry. If you’re not sure how to do it, please take it to someone who can do it. You could potentially make the system unstable messing with registry.
Having read the Graham Cluley’s Blog about “Court halted by fast-spreading virus“. I wanted to talk about this one because of the need to let people know about this little Virus and what you see when you are infected.
This virus modifies the Windows Host file so it redirects the host to a loopback address. It also uses the I-frame Injection into HTM, PHP or ASP file extensions. W32/Scribble-a, also known as Virus.Win32.Virut.ce, PE_VIRUX.A, or Virus:Win32/Virut.BM allows a users to control the machine through IRC.
Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).
Sopho’s Has a removal tool for this to help disinfect a system that is infected. I also want to remind people about the need for backups and the need for Anti-virus Software, including a free firewall, will not protect you 100% of the time but will help you identify and possibliy remove a virus, Trojan, and worm from you system. Just like the seriousness of the Conflicker Worm, this too should be taken seriously due to how it is easily spreading. And with Valentines Day just a few days and some Other Holidays that will be coming up, you can bet this virus will start infecting even more systems. You should also backup your data weekly if not monthly. I’d suggest doing a backup on a Early Sunday Morning before 4am so the system won’t be used. I’ll update you if there is anything else about this virus on my blog later. Just wanted to let people know to be watching for this little virus on and offline!!
Offline updater 5.0 has been released a couple months ago and I just realized it now. This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft. The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).
I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections. This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install. You can take a DVD and update on the fly within Mins. DVD being Cheap or buying them in bulk helps saves time and money for the company. Less time spent downloading the updates and more time actually getting work done. As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm. This would help install the updates that it prevented you from doing in the first place. I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again. You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.
Q: How can I create the offline update CD images automate, for example via a “scheduled job”?
A: Create a new batch file in the “cmd”, eg “DownloadUpdatesAndCreateISOImage.cmd”. Add the desired calls of
“DownloadUpdates.cmd” and “CreateISOImage.cmd” with the necessary parameters in this new file. The file might for
example have the following contents:
@ echo off
call WXP download updates eng
call CreateISOImage WXP eng
Then set a “time-controlled contract” for the new script “DownloadUpdatesAndCreateISOImage.cmd” to your desired
time. For example, after each Microsoft Patchday create new images, select every second Wednesday of the month.
[Via The FAQ's Documentation (Translated Via Google)]
As you can see you can have it do a script and be ready for you in the morning. You then just take it out of the drive and install where you need to install the day after the updates are issued. On another Note if you have clients who use Windows office Xp, 2000, 2003, 2007 then this will also help:
This is nice if you have clients who use the Microsoft Office Suites also. Some Malware will often try to infect people’s systems through a office script or some other vector. So this will also prevent infections or hackers from getting onto the system by updating this also. You can have this added to each and every DVD ISO you make to include these as you update the patches also.
So I sit here reading about the Obama Worm from PcWorld. Asking myself what type of worm this is? Here’s what I do know, it isn’t a malicious intent but it does look like it is something someone thought of this to test out their skills and to make people laugh. This however isn’t a well made worm, it seems to slow down systems after awhile and prevents loading up of programs. The Odds of you getting this worm is like Dieing in an Airplane or Very slim according to some researchers.
It seems to be spreading through USB and therefore should prevent this by disabling Autorun features in your machine, also you should limit the use of external storage devices whenever possible to help prevent infection. Although currently it seems that the worm isn’t detected by any anti-virus software t right now. There is a screen capture of the Obama Worm in case anyone wanted to see what it looks like.
The Back story is this started at school, and It looks to be only visible on Monday’s. So if you find yourself seeing the face of Obama on the right hand corner of your screen. That is the only way to find out if you have the Obama Worm. If you want to find out,if you have the worm, the easiest and quickest way is to change the time on your Windows systems to the following Monday and reboot. IF after you reboot, and you see the head then you will know you are infected or at least that is my theory on discovering it, haven’t had a system with the Obama Worm yet but expect it to be really simple to find out.
Right now, Most of the Anti-virus companies are trying to figure out how to detect it and remove it so it will of course be a little while. The best advice I can give you is to make sure you systems are fully patched to help protect the systems from Malware infestations.
After reading about this from PcWorld, I’ve went to check this site out. I went to his twitter accoun(Kelly Poe) to find out the site he put up and I am quite impressed. Here are few things that I am concerned about starting with the website.
I love the idea and all but I am quite concerned with the privacy of my email account. I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.
Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account. You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!
Now my main concern is Windows 7 right now and Security. You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet. It uses the the Ms 08-067 Exploit and currently Windows 7 does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.
Some vendors are yet to develop for Windows 7 beta due to it being a beta. Some others like Security Vendors are offering protection for Windows 7 Beta. This is mainly the Anti-virus software group, I would like to see more people embrace windows 7 as much as the security groups. Although this is the first step it would need to be more open response from Manufacturers and dealers alike they would need to get it to work making sure their drivers and such will work good with Windows 7. This is where it takes time, that is why I am glad it is a beta, it allows vendors and Companies a like a chance to test out their software and Hardware and even their drivers before the release.
Before I support this, I would like to see more happen to Windows 7 in some areas. For instance I’d like to see more compatability and more drivers and software that works for Windows 7. I’d also like to see Microsoft to take Windows 7 Beta Serious and Keep the Security up on it and not let it lapse. I’d want Microsoft to send out patches for Vulnerabilities just like Vista and keep people’s system updated so you don’t have to update them manually. I just hope Microsoft takes Apple’s example to heart and release Windows 7 without having to have several versions of the same Operating System.
I received this email from a friend and wanted to talk about this:
VERY IMPORTANT , PLEASE READ THIS
Anyone-using Internet mail such as Yahoo, Hotmail,
AOL and so on.
This information arrived this morning,
Direct from both Microsoft and Norton
Please send it to everybody you know who has
access to the Internet.
You may receive an apparently harmless e-mail titled ‘Mail Server Report’
If you open either file, a message will appear on your screen saying:
‘It is too late now, your life is no longer beautiful.’
Subsequently you will LOSE EVERYTHING IN YOUR PC,
And the person who sent it to you will gain access to your
name, e-mail and password.
This is a new virus which started to circulate on Saturday afternoon.
AOLhas already confirmed the severity, and the anti virus software’s are not capable of destroying it.
The virus has been created by a hacker who calls himself
‘life owner’.
PLEASE SEND A COPY OF THIS E-MAIL
TO ALL YOUR FRIENDS, And ask them to
PASS IT ON IMMEDIATELY!
After doing my little research, I’ve come to the conclusion that this is nothing more than a warning that someone went over board on. I’ve check this on Snopes and it says that:
This latter version is difficult to classify as either “true” or “false”: The virus it references (i.e., the Mail Server Report worm) was a real one, but it’s neither new nor currently rampant (as claimed in the warning text), nor does it manifest itself in the fashion described (since the “symptoms” provided in the warning are merely a reworking of the text of an earlier virus hoax). All in all, that message doesn’t really merit the dire warning to “SEND A COPY OF THIS TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!”
I decided to send a reply to my friend who email me this “Warning” and tell him this:
Although, This is a real worm. It however is over hyped and under no circumstances will it delete your files. I’ll quote from F-secure:
Warezov.W is a mass-mailing worm that sends itself as e-mail attachments to addresses found on the infected computer.
Typically, a mass-mailer arrives on a computer with an infected e-mail message. In some cases, the infected attachment can start automatically. In other cases, the system is infected when the user opens the attachment. When a typical mass-mailer is activated, it installs itself to the system and creates a startup key for itself in the Windows registry. It then stays active in the system’s memory. While active, the mass-mailer searches for specific files (HTML files for example) on all available hard disks for e-mail addresses. Finally, it connects to an available mail server and sends itself to all the addresses it has found.
Aside from this, Warezov.W also downloads another worm variant from a specified website on the Internet.
According to all my sources is if you are worried about this worm, then I highly recommend a good Anti-virus and Software firewall. This worm is easily detected by all the free anti-virus software out there. I like AVG because it scans all incoming emails before you even touch the email. Please don’t forward that to anyone else it seems to be an old email warning that isn’t really a warning anymore. It seems to be a scare email where there is no real chance of your data going bye bye. Just thought you’d like to know!!
So I tell you this, if you have any question of the likely hood of any emails you happen to come buy, you best best it to google it or ask your friend before you open the email up. It is best also to scan all email attachments before even considering opening them.
Panda Labs talks about this new technique where it tries to install W32/Waledac.C.worm under the thought of someone special. It sends out email to people hoping to click links such as:
hxxp://goodnewsreview.com
hxxp://worldnewseye.com
hxxp://www.spacemynews.com
hxxp://www.worldnewsdot.com
hxxp://www.worldtracknews.com
hxxp://www.wapcitynews.com
hxxp://linkworldnews.com
hxxp://goodnewsdigital.com
hxxp://waleprojekt.com
hxxp://expowale.com
hxxp://topwale.com
hxxp://waleonline.com
hxxp://goodnewsdigital.com
hxxp://wapcitynews.com
hxxp://bestgoodnews.com
hxxp://spacemynews.com
hxxp://linkworldnews.com
Once your at the site, clicking on the hearts you would then download an file that is the worm!! SO here are some things to remember.
If you don’t know the person, then it’s probably spam. If you know the person you need to ask them before you run the program. You also need to scan any downloads before you run them. Go to my Malware Page and get a free Anti-virus and Firewall. For the likely possibility this worm seems to search the computer and harvest email addresses, you should also warn the person who email you the link to let them know that they are infected.
Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac‘s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.
In Any case It is time to update the software and maybe think about installing anti-virus software also. Although the Mpeg-2 Playback Component vulnerability is for WindowsVista, XP SP2 and SP3. You can see where a hacker would use that for a windows system very easily. So you must be careful what you click on and remember that your no longer safe. You know how they will want to test out the waters for OSX just because they could so this year I predict Apple will start having even more Malware and Viruses than ever before.
I read an article today from Techworld. I wanted to Discuss this in detail. I also found some links that suggest that Techworld is right.
Andrew Storms, director of security operations at nCircle Network Security, speculated that the latest bugs were found by researchers using information disclosed in SMB fixes Microsoft released in October and November.[va Techworld]
According to my investigation, and I have been looking. I found a few SMB Vulnerabilities. One of them is CVE-2008-4835 and CVE-2008-4834. These two are capable of Remote Code Execution, and are Consider very High on the Impact list and all.
So Did people find these exploits or vulnerabilities from the last MS 08-067 patch? I would have to conclude it is a real possibility.
Although Microsoft did patch those holes this month. I grow to wonder just how much these hackers keeping the IT professionals on there toes. I hope people updated their system to prevent another worm because you don’t want the worm like Downadup Do you? I am sure there will be a worm or a virus that will exploit this in time, and I think sooner or later someone will use this just like the other one.
Due to companies not updating the MS 08-067 patch, it is the primary way for this worm to get onto a system.
Graham Cluely’s Blog ask a question and got quite a few answers from the users. The results of the poll are 53% believe the hackers are to blame, and 30% think the System Administrators are to blame, and 17% think Microsoft is to blame for this worm.
I have a mix feelings over who is to be blamed for this worm. I think the person who wrote this, did it for a specific reason. We can’t expect any software we use to be 100% safe, even Macintosh are not 100% safe. Microsoft isn’t to be blamed because they tried to patch this as quickly as they could. I know that companies have a hard time keeping up with Microsoft updates, and they really can’t be blamed. I think Hackers are always going to make a virus just because they can. That’s in there nature and we will never be really rid of the virus or worm writers. They are in it for the Money, to boast, to take control of, or steal sensitive information. Windows being the Alpha Dog, people are always going to test the waters because of that.
So who do you think is to be blamed? I’d like to hear your thoughts on this.
Who do you think is to blame for the Downadup Worm?
If you think someone else is to be blamed just make a comment.
Please bear in mind that this poll is not scientific and is provided for information purposes only. The comments expressed on this page are those of a subsection of poll participants, and not necessarily those of Tech-linkblog. Tech-linkblog makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.
F-secure has noticed it went up from 3,521,230 infections worldwide. This Worm has doubled in over a day. So I have done some twitter searching to see if anyone has recently tweeted about this and I find this one comment:
WTF? suddenly my antivirus is popping with warnings about a W32.Downadup.B … but I havent received any attachs or installed anything!
I’d thought I show you how important it is for you to get ready for a very hard fight ahead of yourselves. You see this hasn’t even begun with this worm.
Here’s are some of the tweets:
2 customers, have this conflicker.worm problem and we are trying every possible solution but nothing turned out to be solved
This worm doesn’t need to be downloaded because it will use exploits that are currently unpatched in the systems . This worm seems to be spreading by USB sticks and you should really turn that off. If you think you’ve gotten this virus, please check out my Malware Resources and also some of the other post about this worm:
It has been talked about the last few days where there is a worm hitting the computers who haven’t done the Microsoft Update MS08-067 which was release out of cycle and still have some systems has not been patched. It has also been reported that it is spreading around the internet really quickly. According to Computer World:
The worm, which was first reported by Panda and other security companies on Dec. 31, 2008, exploits a vulnerability in the Windows Server service that’s part of all currently supported versions of Microsoft‘s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.
It seems Microsoft has scolded people who haven’t patched for the October emergency update. Accusing users of playing “Russian Roulette“ and scolding them for not promptly updating their system to remove the vulnerability.
Symantec Blogged about this security of this program and how it was a variant of Downadup.b. It also talks about how they are seeing an even more increase on this worm that was supposed to be patched by people who use Windows 2000 Server.
F-secure did a post about Downadup/Conflicker and how they took an Preemptive domain block list for this worm. They have also seen an increase in this worm and they are trying to prevent this worm from gaining ground. Talking about this being a network worm, in more ways then one. Some have even seen it being sent through USB drives. If you have a system you want to protect you should stop autorun.
Here are some links to better help you get this worm off your system:
In order to remove this worm, you must do a complete system scan with any of the free virus scanning programs. You’ll need to update your virus database before you do the scan. You may even want to try the free virus scanners tha are online to get rid of this worm. These should help you get rid of this worm, but you must remember to install the update or you will get the worm again. The MS08-067 Patch should be installed as soon as possible you can find the patch here.
In this post I want to talk about virus removal tools that I like to use when I need to remove a virus. Some thing to consider when using these tools are:
Each of these have to be dealt with differently because each requires something different. Like rootkits if you have one installed and know that it is a rootkit you only options are to download some rootkit removers like:
Sopho’s Anti-rootkit remover – This is good for those more known viruses and can remove several types of rootkits. This isn’t the only one I use, but it is a part of group that does the rootkit removing for me.
Microsoft Rootkit Revealer – This is good for proving there is a rootkit. I’ve not seen it not detect a rootkit. Most of the time when I find a rootkit from the other rootkit revealers this one actually dos better with information.
Panda Anti-Rootkit Remover — This one is another one I use when the other ones can’t remove it. Each one does remove certain rootkit differently and works better than the other.
Aries Rootkit Remover from Lavasoft — This is good for those really tough rootkits but have some great benefits for removing some of the really tough rootkits.
These are the ones that work well with me when it comes to removing the rootkits. I’ve not had one of these to remove a rootkit but that depends on how you deal with the virus in the first place. Now for Anti-spyware and Anti-Virus software here are some of the tools that I suggest:
MSCONFIG — Sometimes it is hidden but if you check through the MSCONFIG for any files that might not need to load. Also check the services tab and see if there is any services that may not be needed.
AVG Anti-Virus Free Edition 7.5.503 — This is another free one that can remove viruses really easily. Download this and you don’t have to worry to much.
Avast Home Edition — AVG does better than this one but people seem to like this so I have to add this for people who like this better than the others.
Clamwin Free Anti-virus — This is a good one because this is open sourced and easily can help detect so many viruses. This is good for those people who like open sourced.
These are just the ones that I like to recommend that does pretty good on removing the viruses but there are others that I recommend on my Malware Resources that people have recommend to me but I haven’t tried them out yet. Some of the Spyware and Adware removal and here are some of my favorites:
SuperAntispyware — Easily remove pests such as WinFixer, SpyAxe, SpyFalcon, and thousands more! Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System.
Malwarebytes — can provide the needed assistance to remove the infection and restore the machine back to optimum performance.
Ad-Aware — This is a very good tool to get rid of some of the most annoying little viruses that try to fool you that you have a virus.
These are just a few that I like to use when it comes to fighting those virus programs and the people behind the virus programs. If you consider how hard it is sometimes to recognize a virus, you can see the problem with some of the programs they can sometimes say a file is a virus and delete it and the next thing you know it won’t boot into Windows. This is what needs to be considered whenever you see a warning on your system so you must be careful when you remove files. You should always have backups that is what I always recommend because the likely hood of something terrible happening to your data. You should come up with a way to back up your system every week like a sunday back or even a Monday while your at work backup.
It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:
Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.
The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.
Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.
I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.
This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.
This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe
It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.
It also attempts to conduct DoS attacks on the following sites:
This seems to be a very big virus and can be removed with the use of Kapersky Virus removal tool for free for this type of virus. In order to prevent this virus in the future the user has to remember about not getting opening unknown documents or emails and not running any unkown program from an unknown file sharing. Also remember you need to have an anti-virus and also a firewall to protect yourself in the future.
Netsky.Q is a worm that spreads through e-mail. It is distributed as a 28,008 byte Win32 executable, compressed with PEtite, which drops a 23,040 byte DLL file. It also distributes itself inside ZIP archives.
I saw this on on the net and through we should talk about and let people know how you could get that the worm off your computer. It seems to be a self-replicating worm, it will continue to send out fake messages to people with the subject lines Like:
Delivery Error
Delivery Failure
Delivery
Mail Delivery failure
Mail Delivery System
Mail System
Delivery
Delivered Message
Error
Status
Failure
Failed
Unknown Exception
Delivery Failed
Deliver Mail
Server Error
Delivery Bot
And with each message there is the reciepts email address at the end. This worm seems to be spreading like wildfire today. It is because people have not install
Now how do you get rid of it. It seems that most of Anti-Virus software would get it done. All you would need to do is scan for this virus with the latest updated virus databases and will go away. According E-Trust Anti-Virus they say they can remove it. This is a really old virus, according to my sources this was first seen in 2004. In order to prevent this in the future I’d suggest installing a free anti-virus and using it. This is one smart little worm according to CA IT.
If you have quite a few Desktops in your Office and want to update all of them to the newest patch all in one swoop, I’d suggest downloading Clone of Autopatcher and making an ISO image so you can go around to each computer and install the patches quickly and easily. Prevent yourself from getting that virus and some others in the future. This is a friendly tip for all those hard working IT workers.
| Posted by Paul Sylvester 
Categories: 2009, Account, Spam, Twitter | 
Tags: Google, Linux, Microsoft, nsfw, Other, SECURITY, Spam, spyware, tinyurl, Twitter, Virus, Vista, Win, WIndows, Windows Vista, worm, XP | 
No Comments »
Recent Comments