Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts

Thursday, August 25, 2011

How To Protect USB Drives From Malware

Malware using two main techniques to spread through USB drives.

1. Infect executable files on memory disks so that when you are on another machine, infections move with them.

2. This technique uses "autorun.inf" file for distributing malware.

Another technique is more dangerous than the first. As soon as the USB drive is connected, the file "autorun.inf" to automatically run the Windows operating system that does not require human interaction. The majority of malware using this technique. We can prevent this infection, eliminating the "autorun" feature in Windows.

We can solve this problem in a very simple and free without having to buy memory sticks with switches to read only!

So before you start, have backup data on the USB drive and make sure it is empty.

Here are the steps you can make a secure USB drive for malware

First we create an empty file "autorun.inf" on the USB drive.

Now second, use a hex editor to open the USB device to read and write mode. Make sure nothing is access to the device at the time.

In the third disc, the search string - "autorun" in a non-Unicode format. You'll find it near the beginning of the disc.

This is what we are interested in

41 55 54 52 55 4F 4E 4E 20 49 46 20

Autorun.inf

4th The present value of the byte 0x20 is just the archive bit. We change this 0x40 bits. This enables the device bits, which are never normally found on the disk. In simple terms, what you should do replace '2 'with 4 to 0x20, 0x40 it will make.

Modified block should look like this: -

We can solve this problem, a very simple and free, without having to buy memory cards with a series of switches!

So before you begin, please backup data via USB and make sure it is empty.

These are the steps to make your USB drive safely malware

1. Create a blank file "autorun.inf" on the USB drive.

2. Now use a hex editor to open the USB device to read and write. Make sure nothing is accessing the device at that time.

3. In the disc, look for the string of characters - "Auto Play" for non-Unicode format. You can find it near the beginning of the disc.

This is what we are interested in

41 55 54 4F 52 55 4E 20 49 4E 46 20

AUTRUN4. The fair value of 0x20 bytes only archive bit. Change the 0x40 bit. This bit sets the device, which is not normally found on the disk. Simply put, you have to do is replace the 2 "and 0x20, 4, making it 0x40.

Save this record, ignored all warnings that may appear.

Remove and install the equipment. To see if we need an autorun.inf file is protected or not, try to delete the file autorun.inf. You get the following popup with an error.

6. As you can see, you can open, edit, delete or replace. Even attributes can not be changed.

So now free to use a USB device safely from anywhere computers.

READ MORE - How To Protect USB Drives From Malware

Wednesday, August 17, 2011

Spyware

There are a lot of PC users who know little of "spyware," "malware", "hijackers", "dialers" and much more. This will help you avoid pop-ups, spammers and all the bad guys.

What is spyware?

Spy-ware is Internet jargon for advertising-supported software (Ad-ware). It's a way for shareware authors to make money on a product, other than by selling it to users. There are several large media companies that offer to place banner ads in their products in exchange for a portion of the revenues from the sale of banner. This way, you do not pay for the software and the developers are always paid. If you find the banners annoying, there is usually able to remove them, by paying the regular licensing fee.

Known spyware

There are thousands out there who are new to the list every day. But here are some:

Alexa, Aureate / Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula / Toptext KaZaa, Flash Point / Flash track, Flyswat, Gator, GoHip!, Hotbar, ISTbar, Lions Pride Business / Blazing Logic / Trek Blue, Lop (C2Media), Mattel Cast Brod, Morpheus, NewDotNet, Real Player, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if the program is spyware?

This is a small site that maintains a database of programs, which are known to install spyware.

Check here: http://www.spywareguide.com/product_search.php

To block pop-ups (IE pop-ups).

There are tons of varieties out there, but these are the two best, in my opinion.

Suppliers: Google Toolbar (http://toolbar.google.com/) This program is free

Suppliers: AdMuncher (http://www.admuncher.com) This program is shareware

If you want to remove "spyware" try these.

Suppliers: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is free

Info: Ad-Aware is a spyware removal utility that scans cross your memory, hard drives and registry for known spyware components and lets you remove them. The included backup-manager, you can install a backup, offers and more language support.

Also try: Spybot-S & D (http://www.safer-networking.org/) This program is free

Info: Detects and removes spyware of different (dialers, keyloggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information can be found in distress.

Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is shareware

Info: adware, spyware, trackware and useful Brotherware withdrawal with multi-language. It scans your memory, registry and drives for known spyware and lets you remove them. Lists and allows you to select items to delete.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is shareware

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.

The best scanner out there, and updated continuously.

Try: HijackThis 1.97.7 (~ http://www.spywareinfo.com/ Merijn / downloads.html) This program is freeware

Info: HijackThis is a tool that lists all installed browser add-on, buttons, startup items and allows you to inspect and remove any selected items.

If you want to avoid the "spyware" is installed.

Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is free

Info: SpywareBlaster doesn `t scan and clean the so-called spyware, but prevents it installed first. These results remove the CLSID popular spyware ActiveX controls, and also prevents the installation of one of them through the home page.

Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is free software

Info: SpywareGuard provides a solution for real-time protection against spyware themselves. It works similarly to an anti-virus program, by analyzing the EXE and CAB files on access and alerting you if known spyware is detected.

Suppliers: XP-AntiSpy (http://www.xp-antispy.org/) This program is free

Info: XP-AntiSpy is a small tool to quickly disable some built-in update and authentication features in Windows XP that can increase the problems of security or privacy in some people.

Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml SpySitesFree #) This program is free software

Info: SpySites you can manage your Internet Explorer Restricted sites zone and easily add database entries + 1500 sites that are known to use advertising tracking methods or groped to install a third-party software.

For more information about "spies."

Check out these sites.

http://www.spychecker.com/

http://www.spywareguide.com/

http://www.cexx.org/adware.htm

http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml

http://www.thiefware.com/links/

http://simplythebest.net/info/spyware.html

Useful tools ...

Also try: Windows Messenger Spam prevent 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is free

Info: 'Stop Windows Messenger Spam "stops this service and shut down the ability of spammers to send these messages.

All these programs help to eliminate evil and prevent spammers and spyware from attacking your PC. I recommend getting "Spyblaster" "Spybot S & D", "Spy Sweeper" and "admuncher" to protect your PC. A weekly scan is also recommended.

READ MORE - Spyware

Monday, August 1, 2011

Remove Spyware, Viruses, And Rootkits

Even careful PC users can fall prey to the sticky fingers of evil malware. Loading an innocent looking file from a USB stick, clicking the wrong link in search results, cancelling a suspect alert box – all these actions could mark the beginning of a malware infection.
And let’s not be coy – if your internet activities include downloading torrents or using pirated software, you’re even more likely to fall prey to worms, spyware and trojans.
In some ways, discovering that your computer is virally infected is worse than realising that it’s been compromised mechanically. You could have lost valuable data, your backups could be infected, and the machine may need a wipe and full reinstall of Windows.
But there are things you can try first, and there’s a workflow you can use to clean your PC and recover your files. We’ll take you through it.
Signs of malware
Some malware infections are easy to spot – others less so. There are many infections we might call ‘scareware’ in the wild. These are trojans that malicious websites trick you into downloading by popping up an alert claiming that your PC is already infected with malware. Once on your machine, these annoying infections will replicate themselves in several places, popping up further messages, browser windows and alerts.
Infections like this are easy to identify. Unusual new toolbars, shortcuts on your desktop to software you don’t remember installing and your browser switching its homepage are all classic symptoms. Other, less obvious signs might include increased use of your broadband download allowance, router lights showing activity when there shouldn’t be any, your browser popping up unexpected windows and even unexplained rebooting.
Some malware behaviours are just plain odd, like a mouse pointer that flips orientation. Whatever the signs, the cure is the same: removal of the malicious code.
Stabilise your system
The first thing to do is to attempt to stabilise your system as much as possible. This might prove difficult if your machine is popping up windows and alerts every second, so the first trick to try is to reboot in safe mode.
Restart your computer and press [F8] during startup (press it twice if you’re given a choice of operating system first). Choose ‘Safe mode’ from the Advanced Boot Options screen. This will launch Windows with all startup programs disabled, and limited hardware drivers loaded. You’ll also be without any networking functionality, which is essential for stopping spyware programs phoning home or pulling data from pop-up windows.
Type msconfig in the Start Menu search box and launch the program. Click the ‘Startup’ tab and untick all but the essentials – or simply choose ‘Disable all’. Click ‘Apply’ to confirm, then go to the ‘Boot’ tab. Check ‘Make all boot settings permanent’.
go to the Control Panel and choose ‘Add/Remove Programs’. Remove any non-essential programs, especially toolbars and browser add-ons. In some cases, these actions may be enough to stop malicious code from loading at startup.
Now you need to remove temporary files. Empty all browser caches, and all files in the following folders if present:
C:\Windows\Temp\
C:\Temp\
C:\Documents and Settings\yourusername\Local Settings\Temp\
C:\Documents and Settings\yourusername\My Documents\Downloads\
You can get your browser to wipe temporary internet files too. Go to ‘Tools | Options | Clear browsing data’ in Chrome, or go to ‘Tools | Internet options’ in Internet Explorer, then choose ‘Delete’ under ‘Browsing History’. Tick every box and click ‘OK’.
READ MORE - Remove Spyware, Viruses, And Rootkits