Category: site

Antivirus Professional 2008 uses Scare tactics

Paul

[ad#ad2-right-1]

We came across a rogue today called Antivirus Professional 2008 that uses GeoIP Lookup as part of its scare tactics. This site uses Flash and script to create the effect of an online scan, that then attempts to push an installer at the visitor. The NoScript extension for Mozilla Firefox is an excellent way to mitigate against this kind of garbage.

[Via F-secure]

It seems that there is a site out there, that seems to be trying to scare you into downloading there software. If you have any questions about this site please feel free to check out what I’ve found out:

Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: ANTIVIRUS-ONLINE-SCANNER.COM
Registrant:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Creation Date: 07-Jun-2008
Expiration Date: 07-Jun-2009
Domain servers in listed order:
ns2.antivirus-online-scanner.com
ns1.antivirus-online-scanner.com
Administrative Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Technical Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Billing Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732


[ad#ad2-right]Now as you can see this site is located in Russia, and if that’s the case it is probably some virus itself to take control of your system to do what they want with it. So you best advice is if you think you have a virus then check out my recommendations these are all free to download and try. Unlike this site, they are legitimate and actually do what they promise.  If you want to email them you can but It don’t think it will help.

*UPDATE on that Website*

According to F-secure that site is now Suspended.  Great job guys.  We are now fighting these people even better than I’d thought.

Avg detected Trojan Horse Generic 12.htc?

Paul2 Replies

Just got a warning from AVG about, trojan horse generic 12.HTC, haven’t heard of it, anyone out there hear if this one? apparently it infects explore.exe, and after months of explore.exe crashing I’d say it’s a legit virus.

[Via Answer Bag]

Some tricks and tips to remove this little virus is quite simple. It is embedded in your system so how do you remove this threat? Easy follow these steps and you will have a better chance of getting rid of the virus:

  1. Find out all you can on the virus — Finding out the extent of where the virus lays is really a good idea.  Just because you found one place doesn’t mean it isn’t also hiding some other place.  Some good ways to figure out where it might be is to download Hijackthis and Then onces you download it and install.  Run it, and when you get the LOG file you will want to go to HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2, and see what it says.

  2. See if you can remove the Hidden Virus — After you find out what the extent of virus may lay.  You will need to download these programs.  Run whichever ones you like to see if you can locate and delete the virus.  You may also consider using one of the several onine services to see what they might suggest or see if they can find this virus.

  3. Check your services and reboot sequence — After you think you’ve gotten rid of the virus, reboot and do a rescan.  Usually the Virus will respawn after you reboot, some of them have a command in the reboot sequence.   You may want to check your reboot sequence, by check with MSCONFIG.  Sometimes it is hidden but if you check through the MSCONFIG for any files that might not need to load.  Also check the services tab and see if there is any services that may not be needed.  The best bet is to google search each service or program that is in there and see if that might fix the problem.

  4. Might be time to re-install Windows — Although this is the hard for people, this can sometimes fix the most challenging virus.  You need not have to loose your important data.  The only thing to remember when you back up is when restore you data after you re-install windows.  Just remember one thing, if it is  an .EXE, .COM, .BAT, and .MSI extensions than that might risk you getting the virus all over again.  Although remember that you will need the other tools I talked about on #2 to keep from getting the virus again.

These are some tricks I use to get rid of a virus and now I’ve shared them with you and now it is up to you do the work.  If you have any tips or tricks to get rid of a virus leave a comment.

Reports are coming in that WPA is no longer secure!

Paul

[ad#ad2-left-1]

According to a media reports, Erik Tews and Martin Beck claim that they have found a way to unlock the Temporal Key Integrity Protocol (TKIP) key, used by WPA, to read data sent from a wireless router to laptop computers. According to the researchers, the key can be cracked in 12-15 minutes.

[via Sophos]

According to Sophos, they are claim that people can now watch what you are doing on a Wireless router to a laptop. Although this isn’t to be unexpected this is a very serious out come. It is now easier to watch what people are doing online. So does that mean people can see everything you do? Not necessary. According to some people this is harder than it seems, most of the websites you visit are not encrypted, but websites that use the “https” protocol are more safer to use online. You should be safe if you are buying things online as long as you are sure it is secure. Some other steps to take to help make it harder to unencrypte your wireless single is to use Roboform promotion codes you will get for 10% or 20% off the purchase price!!

[ad#ad2-right]Some other steps to consider are:


If you have a wireless router and want to be secure with any transactions online you might think about hooking up to the internet via the CAT5 cable.  This is one way to prevent anyone from seeing what you are doing online and protects your privacy.  Although this too can be overcome in certain circumstances they are much harder to do and implement so you are safer this way than with most others.

Mattel introduces the new Welfare Barbie.

Paul

[ad#ad2-left]Mattel will be introducing the new welfare barbie doll,or laying off 1,000 jobs. According to Bloomberg and I’ll quote:

Mattel Inc., the world’s largest toymaker, said it would cut about 1,000 jobs, or 3 percent of its global workforce, as it faces higher manufacturing costs amid the worst financial crisis since the Great Depression.

[via Bloomberg]

If you’re like me and you want to cringe every time you hear another place is laying off people. I say we are still in a downward spiral. Everyone is saying that even Jason Calacanis, in his recent email he sent to all his fellow readers, he talked about the Rich not buying anything they didn’t need. He said that is good, I however wonder how far the hole goes before we hit rock bottom.

[ad#ad2-right]According to some analysts, they are talking about this lasting another year or more. On another note, according to Kotaku and I’ll quote on this one to:

We have received a letter purportedly sent by THQ CEO Brian Farrell to explain to his employees the reasoning behind the company closing five studios and laying off staff from two others. The closed studios are Helixe, Sandblast Games, Locomotive, Mass Media and Paradigm.


[via Kataku]

Now I’ve talked enough about Layoffs in the past and I won’t talk to much but I do hope this changes in the new future. If you want to find the other ones that I talked about just search my site, they are all there with out any problems.

[Thanks to Kyle Rees for the suggestion on the heading]

Fake WordPress update 2.6.4 steals data!

Paul6 Replies

[ad#ad2-left]

The hacked version of the file pluggable appears to be stealing the content of cookies on larger installations of WordPress. Sophos are now detecting this file as Troj/WPHack-A.

[Via Sopho’s]

Apparently this little update is a rogue update.  According to Sopho’s and Craig Murphy’s blog, it is said to steal your data and send it to another site.  This hacked version of WordPress is coming from wordpresz.org so if you happen to stumble onto this fake update, just delete it and go on with your blogging.   Craig talked about how when he logged it this fake update popped up.  So sometimes it is safer to do some digging before you apply an update especially to your Operating system.  Thanks to Sopho’s for telling people about this fake and dangerous problem.