Questions – Paul's Tech Talk

AVG Detected a False Positive

PaulNovember 11, 20083 Replies

[ad#ad2-left]According to Security and The Net:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

[Via Security and The Net]

[ad#ad2-right]I bring this up because this is a false positive according to AVG. AVG since sent out another update to there Database and you can go and update the database to get rid of this problem. If you need to restore that DLL check out the article Security and The Net, they got some excellent suggestions on fixing the problem.

If you’ve not been affected by this yet, you probably won’t be. It is yet unknown how many people have been affected. I’m blogging about this to tell people about this and to warn people that not all of warnings from AVG are true and that is why you should always ask before you delete or do anything to your system. I always USE google when it comes to these types of questions

Antivirus Professional 2008 uses Scare tactics

PaulNovember 10, 2008

[ad#ad2-right-1]

We came across a rogue today called Antivirus Professional 2008 that uses GeoIP Lookup as part of its scare tactics. This site uses Flash and script to create the effect of an online scan, that then attempts to push an installer at the visitor. The NoScript extension for Mozilla Firefox is an excellent way to mitigate against this kind of garbage.

[Via F-secure]

It seems that there is a site out there, that seems to be trying to scare you into downloading there software. If you have any questions about this site please feel free to check out what I’ve found out:

Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: ANTIVIRUS-ONLINE-SCANNER.COM
Registrant:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Creation Date: 07-Jun-2008
Expiration Date: 07-Jun-2009
Domain servers in listed order:
ns2.antivirus-online-scanner.com
ns1.antivirus-online-scanner.com
Administrative Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Technical Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Billing Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732

[ad#ad2-right]Now as you can see this site is located in Russia, and if that’s the case it is probably some virus itself to take control of your system to do what they want with it. So you best advice is if you think you have a virus then check out my recommendations these are all free to download and try. Unlike this site, they are legitimate and actually do what they promise. If you want to email them you can but It don’t think it will help.

*UPDATE on that Website*

According to F-secure that site is now Suspended. Great job guys. We are now fighting these people even better than I’d thought.

Windows update is getting a revision!

PaulNovember 2, 2008

[ad#ad2-right]According to Computer World, dated Oct 31, 2008 and I’ll quote:

“Over the next couple of months, we’ll be rolling out another infrastructure update to the Windows Update agent (client code),” said an unidentified Microsoft employee on the Windows Update team’s official blog. “This update makes it possible for users to install more than 80 updates at the same time.”

[via Computer World]

Now if your like me and have several computers who need to be updated at a given schedule, you sometimes worry about these updates that come along that might just break your system. I have been using a program call Offline Updater, which does what Autopatcher does really nicely. So why is Microsoft sending out this patch? Two reasons, one they want you to be able to update your operating System without hurting your system integrity.

Now lets talk about the integrity of having to reboot your system. You see, every time you reboot the system, it causes the system hardware some strain. It is something like having starting up a car, sooner or later you will have the starter go out, because of to much start up.

[ad#ad2-left]Second reason for this is, basically the update software needs to be update yet again for any security flaws or features that might be exploitable. I am sure there are some and Microsoft probably knows about that we do not. So that is the second reason, which it is the most obvious reason yet to push out another revision of the Windows update.

What about stopping the update from effecting your system. The only way that I know of is to prevent Windows from checking for updates. Which is simple:

Windows XP Version:

[Category View and Classic View]

<Start> / Control Panel / Security / Click Windows Updates

For Windows Vista:

<Orb> / Control Panel/ Security Center/ Windows Update / click “change Settings”

With both ways, you will be able to control four ways to handle Windows updating and they are:

Automatic – Will download all necessary updates and install them without your permission or knowledge. Note some of the updates will automatically reboot your system. Most commonly they are set to do this every day in the 12am to 4 am period of time. So when you wake up you would see an log in screen.

[ad#ad2-right]

Download updates but let me choice which ones to install and when – This is most commonly used by people who don’t want to bother having to check manually. It will check and download, then it will let you know.

Check for updates but don’t Download them – This is like the previous one but this will only tell you. The rest of the decision is in your hands not the computer. This is good for people who have limited system resources, like Hard drive space. It still reminds you like the previous one but won’t download any updates.

Never check for updates – This is used for people who don’t want to be bothered with updates and have a way to update manually. This is commonly used by businesses who have several systems on and don’t want to risk an update causing trouble or weigh down the companies internet by downloading updates un-necessarily. This option is not to be messed with because it leaves your system with quite a lot of vulnerabilities. You do this one if you have a set schedule to update each and everyone system. (Extremely Dangerous to do)

With what I talked about, I am hoping you find this useful and to share your discoveries with other people who might want to be able to change how Windows updates are handled on other systems. If you have comments or questions, please post them in the comment section and someone will be more than glad to help you out.

Microsoft Releases MS08-062 to the Public a Month Early!

PaulOctober 29, 2008

Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (KB953155)

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

[ad]

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

[via Microsoft Bulletin]

Now from what I understand, if you have a Network attached printer on your system this would make you more vulnerable to someone taking control over your system. So this patch is supposed to fix that. I am recommending to all to update this and fix this update ASAP. I do not know if you don’t have one what that would do so just install this update, because you will undoubtedly still be runing the Internet Printer Protocol even if you don’t have a printer.

Did you Recieve a Check from Shadow Shopper? (Scam)

PaulOctober 28, 20086 Replies

I just got done checking my sources and here what I know and I will quote:

Will ShadowShopper.com ever send a job to me via regular mail?
Never. We will always contact you via email. If you do receive a letter in the mail claiming to be from ShadowShopper (with a realistic looking logo) and asking you to mystery shop by cashing a large check THROW THAT OFFER AWAY. It is a Nigerian check scam ring pretending to be Shadowshopper. The scam is run out of Canada and the UK, and the check will bounce. Remember, ShadowShopper provides you with hundreds of job opportunities, and for your protection, we do it only via email and our website.

[via Common Questions]

It is a Scam to send you money Via the postal mail and that is why you must not believe what you get in the mail. This is in response to someone telling me they got a check with a different name but for the same reason to cash the check and send money to them.

[ad]

If anyone has any information they would like to add about this by all means talk about it in the comments. I want to hear where the check cam from or who sent it. You should also check out my other article about Nationwide Marketing that is also a Scam.