Wiz's Computer and Website Security Blog

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated on 07/24/2006. Users of the free version should check for and install the new definitions manually.

Current Definition File:
SE1R116 24.07.2006

In this release the number of families has decreased because several
generic families have been merged together. Adware.Qyule and Hijacker.Qyule have been merged and will be called Hijacker.Qyule.

New Definitions:
========================
Virusblast +5

Updated Definitions:
========================
Adware.DuDu +7
Adware.Freeprod toolbar
begin2search
BlazingTools Perfect Keylogger
Hijacker.Qyule +14
Lop +8
Marketscore(Netsetter)
SystemDoctor
TargetSaver
Win32.Backdoor.Agent +2
WIn32.Backdoor.Agobot +2
Win32.Backdoor.Bifrose +2
Win32.Backdoor.Dumador
Win32.Backdoor.RBot
Win32.Backdoor.SdBot
Win32.Trojan.Agent
Win32.Trojan.Delf
Win32.Trojan.Downloader +6
Win32.Trojan.StartPage
Win32.Trojandownloader.Zlob +5
Win32.TrojanPSW.Sinowal
Win32.TrojanSpy.Goldun +3
Virtumonde +13

The MD5 checksum for the defs.ref file is e46a1582642e8bdb80bc1aacfa7a3d9c

Additional Information
============================================
The current version of Ad-Aware is 1.06. The current free version of Ad-Aware can be downloaded here.

You can use Webupdate to install the new reference file, or download
it manually from:
http://download.lavasoft.de.edgesuite.net/public/defs.zip

To check for updates manually, open Ad-Aware from it's icon or shortcuts. If you haven't checked for updated in more than 14 days you will see a popup notice offering to check for new definitions. Accept this offer and download them. If you don't get that popup notice click on the blue link on the lower right side of the program that says: "Check for updates now." Another box will appear. Click on "Connect" to check for updates. If there are new definitions you will be prompted to download them. If not, you will be informed there are no updates available. Either way, click on "Finish" to close the updater box and return to the main program interface. Click Start to initiate a scan. On the next page choose your desired options, then click on Next to begin scanning for malware.

Note that Ad-Aware automatically classifies most affiliate sales tracking cookies as spyware and may delete cookies containing your login information to websites where you have made purchases, or your affiliate login pages. Use caution when deleting cookies! Uncheck any that you want to keep, or better yet, check them only then right click and choose "Add selected to ignore list." Then check the remaining unwanted cookies and click Next. A popup box will inform you that x number of obhjects will be removed. Click OK to proceed with the deletions.

Posted by Wiz at 3:20 PM | Permalink

back to top ^

I was recently participating in a forum discussion about AVG Free anti virus and one of the members complained that AVG's scheduler would a: only check for updates once a day, and b: not look for updates at all when his computer was in standby mode. I researched a solution that I have tested on my own computer and seems to work fine.

I used Windows Task Scheduler to create a task to wake the computer (if asleep) and run the AVG Updater from the scheduler commandline, then automatically either fetch and install an available update, or instantly exit if no update is available at that moment. You can create multiple daily schedules with Windows Task Scheduler, but only one daily with the AVG Free scheduler. Note, that if you create an hourly schedule you should not select the option to wake the computer to run the task!

The steps to create the schedule and the commandline used are listed below.

* Go to Start > All Programs > Accessories > System Tools > Scheduled Tasks
* Open the Task Scheduler and double-click on Add Scheduled Task
* When the Scheduled Tasks Wizard opens click on Next
* When the second tab opens you will have to use the Browse button to locate the AVG program and it's updater file
* If you installed AVG into the default directory, navigate to Program Files\Grisoft\AVG Free\avginet.exe and double-click on that file to add it to the scheduler. Type a name for this task; e.g. AVG Updater
* Click on Daily to choose that option, then click Next
* Set the time of day you want it to run, Every Day, and the Start Date, then click Next
* Your account name should be in the User Name field. Type and retype your login password to authorize the scheduled task and click on Next
* Check the option to open the Advanced Properties when you click Finish
* Click on the Settings tab
* "Wake the computer to run this task" is optional but not recommended for hourly tasks. But if you choose to enable it, check the box and click Apply. Click OK. Your task is almost ready to run, but needs at least one edit. Unless you edit the commandline as follows it will not download an update unless you click on the prompt box. My edit bypasses that prompt and automatically downloads and installs updates.
* Go back to the Scheduled Tasks window and locate your new task and double click on it to open it's properties box. You should see this command: "C:\Program Files\Grisoft\AVG Free\avginet.exe"
* Add a space to the end of that command (spacebar) then type this exactly: /SCHED=
* The final command should be: "C:\Program Files\Grisoft\AVG Free\avginet.exe" /SCHED=
* If you are prompted for your user name and password type them in and click OK. If you don't use a password just press Enter.
* You can also modify the schedule from the Schedule Properties by clicking on the Schedule Tab and the Advanced button, where you can schedule it to run any number of times at any interval.
* When you are done editing the schedule click on Apply, then OK, to close the task properties.

Using those steps should wake your computer if it is in standby or hibernation, then poll for updates and download any that are available. It works on my Windows XP Professional computer, using AVG Free, version 7.x.

Wiz

Updated information for AVG Free 8.0 users

The command line scheduled task that runs the AVG Free 7.5 Update module on your schedule also works under version 8.0, but the path to the executable and the file name have changed. I have written a new Blog article that describes how to create a scheduled task to run the AVG Free 8.0 Updater, on July 5, 2008. I hope you AVG Free 8.0 users will find it useful!

Posted by Wiz at 9:52 AM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated on July 21, 2006. If you use this program be sure to run manual updates as soon as possible.

2006-07-21
Dialer
++ Citofarera
Hijacker
+ CoolWWWSearch.Yexe
+ CoolWWWSearch.Feat2Installer
+ CoolWWWSearch.Service
+ CoolWWWSearch.Feat2DLL
Malware
+ Smitfraud-C.
+ Mailbot
+ Sallity.Badcro
+ ISearchTech.ISTsvc
+ ISearchTech.SideFind
+ Vcodec.eMedia (2)
+ Adware-Patrol
+ Adware Remover
+ Doctor-Adware-Pro
+ ETD-Security-Scanner
+ Pestbot
+ SpyDestroy-Pro
+ Spyware-Soft-Stop
+ ScanSpyware
+ Trojan-Guarder
PUPS
+ Registry Cleaner
Security
+ Windows Security Center.Firewalldisabled
+ Microsoft.WindowsSecurityCenter_disabled
Spyware
+ 180Solutions.SearchAssistant
Trojan
+ Zlob.XPasswordManager
+ Vcodec.5StarVideos
+ Zlob.Downloader (2)
+ Spabot
+ Win32.Lager.aq
+ ParallelTasking
+ Win32.Small.v
+ CoolWWWSearch.SearchToolbar
+ Zlob.DVBX11_Bat
+ fakeWGA

Total: 343621 fingerprints in 46443 rules for 2131 products.

Update History

Home - The home of Spybot-S&D!
Spybot Search and Destroy Download page - Program and definition updates.

Posted by Wiz at 8:29 AM | Permalink

back to top ^

Anti-Spyware program Ad-Aware has had it's definitions file updated. Users of the free version should run manual updates as soon as possible. Users of the paid version will receive automatic updates unless you have turned them off.

Date: Mon Jul 17, 2006 8:29 am (PDT)

New Definitions:
========================
Adware.BocaiToolbar +4
Adware.CashDeluxe +6
Adware.Cygo +2
Adware.DigitalNames +9
Adware.DiyBar +3
Adware.EShopee +2
Adware.EyeWeb
Adware.Eztracks
Adware.FCHelp +2
Adware.FindSpy
Adware.FunWeb +2
Adware.Iebar +2
Adware.IEHlpr
Adware.Infocrawler
Adware.Interkey
Adware.MasterBar
Adware.NewWeb +2
Adware.Pop +4
Adware.PremiumSearch +2
Adware.RaxSearch
Adware.SideStep
Adware.SinaBar
Adware.SnuffBar
Adware.Suggestor +3
BirdSpy
BPS SpywareRemover +4
FakeAlert +8
Win32.Trojan.Bacteria +2

Updated Definitions:
========================
Adware.DesktopMedia +3
Adware.DollarRevenue +13
Adware.Henbang
Adware.LinkMaker +2
Adware.Look2Me
Adware.Maxifiles +2
Adware.MMSAssist +2
Adware.Yazzle +6
Adware.ZenoSearch
AdwareSheriff +7
BargainBuddy +20
Dialer +30
ErrorSafe
IROffer +2
Lop
Malware.Azesearch
MalwareWipe +2
Navihelper.BHO
PurityScan +13
SoftomateToolbar +2
SpyFalcon +2
SpywareNo +4
SpywareQuake +4
SurfSideKick +3
SystemDoctor +2
Ultimate Defender +2
Win32.Backdoor.Agent
Win32.Backdoor.RBot
Win32.Dialer.E-nrgyPlus
Win32.Harnig.Trojan +2
win32.Trojan.Dnschanger
Win32.Trojan.Mirc +6
Win32.Trojan.PWS +72
Win32.Trojan.StartPage +2
Win32.TrojanClicker +8
Win32.TrojanDownloader.ConHook +3
Win32.TrojanDownloader.Swizzor.br
Win32.TrojanDownloader.Wintrim
Win32.Trojandownloader.Zlob +22
WinAD
WinAntiVirusPro +7
Virtumonde +21
ZToolbar

The MD5 checksum for the defs.ref file is b4ae2f7422a5edf32eb1a4b4ce226b2b

Additional Information
============================================
You can use Webupdate to install the new reference file, or download
it manually from:
http://download.lavasoft.de.edgesuite.net/public/defs.zip

Posted by Wiz at 9:21 AM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated on July 14, 2006. If you use this program be sure to run manual updates as soon as possible.

2006-07-14
Hijacker
+ SystemDoctor2006
+ Win32.Tactslay
+ CoolWWWSearch.Feat2Installer
+ CoolWWWSearch.Service
+ CoolWWWSearch.Feat2DLL

Keylogger
+ EyeSpyNow

Malware
+ Spy Sheriff
+ Smitfraud-C.
+ Smitfraud-C.Toolbar888
+ PlayPartyPocker
+ AdsAlert
+ ADS-Remover
+ SpywareBOT
+ AdwareAlert
+ ADWareBazooka
+ AgentSpyware
+ YourSoft-AntiVT
+ YourSoft-AntiVS
+ Easy-Spyware-Killer
+ Goodbye-Spy
+ AdwareX Eliminator
+ Anti-Virus-Pro
+ KillSpy
+ PC-Health-Plan
+ Vcodec.eMedia
+ Look2Me
+ Zlob.MN
+ SurfSideKick

PUPS
+ Network Monitor
+ AdWare Pro
+ AdwarePunisher
+ AdwareSheriff

Spyware
+ VX2.ABetterInternet
+ WhenU.SaveNow
+ GAIN.Gator

Trojan
+ Downloader.Tsupdate.L
+ YazzleSnowball_Wars
+ Zlob.Downloader
+ BPS

Spyware Remover
+ Spabot
+ BraveSentry
+ Trojan-PSW.Win32.WOW.j
+ Trojan-PSW.Win32.WOW.p
+ Win32.Small.bwx
+ AdMedia
+ AdwareFinder
++ Zlob.Command Service
+ Zlob.XPasswordManager

Total: 340292 fingerprints in 45407 rules for 2109 products.

Hijacker
+ CoolWWWSearch.Compstuic
+ CoolWWWSearch.Feat2Installer
+ CoolWWWSearch.Service
+ CoolWWWSearch.Feat2DLL

Keylogger
+ SnapFiles-SoftForYouLogger

Malware
+ Vcodec.eMedia (2)
+ Command Service (3)
+ AdStatus Service
+ Web-Nexus
+ Smitfraud-C. (3)
+ Win32.Rbot.gen + Zeno (2)

PUPS
+ Bearshare

Spyware
+ Banker-AJD
+ Axfibula
+ PurityScan

Trojan
+ TeamTaylor.Screensaver (2)
+ Zlob.Downloader
+ Small.cxl
+ BPS

Spyware Remover
+ KillAndCleanScanner (2)
+ ConHook (2)
+ Slogger
+ Tibs.vq
+ Cimuz

Total: 336547 fingerprints in 44407 rules for 2075 products.

Update History

Home - The home of Spybot-S&D!
Spybot Search and Destroy Download page - Program and definition updates.

Posted by Wiz at 11:11 AM | Permalink

back to top ^

If you have inadvertently installed Microsoft Windows Genuine Advantage (WGA) Notifications and are getting popup notices concerning the validity of your operating system, these instructions will help you to remove this optional (at this moment) Windows component.

SUMMARY
This article applies to the version of Microsoft Windows Genuine Advantage (WGA) Notifications that is distributed during the pilot program. For example, this version is included in the pre-release version that accompanies the Microsoft Software License Terms. To safely and easily uninstall the pilot version, you must install the general release version of WGA Notifications. If you do not install this version, you can follow the steps in this article to disable or uninstall the pilot version.

Important These instructions have not been tested on the general release version of the WGA Notifications. Therefore, these instructions are not supported. Microsoft will offer the general release version of WGA Notifications to users who uninstall the pilot version at a later date. These users will obtain the general release version through the Microsoft Automatic Update service. WGA Notifications is part of the Windows Genuine Advantage program.

When you use a non-genuine version of Windows, you receive a message when you log on that states that the copy of Windows appears to be non-genuine. Then, you are directed to the WGA Web site to learn more. If you do not want to obtain a genuine copy of Windows, you receive periodic messages that notify you that the copy of Windows appears to be non-genuine.

Note If you are running a genuine copy of Windows and want to use WGA Notifications, you may receive messages to update Windows XP.

Regardless of genuine status, users are not denied access to critical updates. However, users who have not validated their computers as genuine are not able to install other updates such as those for Microsoft Internet Explorer 7.0 and Microsoft Windows Defender.

MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Disable WGA Notifications
1. Log on to the computer by using an account that has administrative permissions.
2. Make sure that the WGA Notifications version that exists on the computer is a pilot version. The version format for the pilot version is 1.5.0532.x. In this case, you can uninstall versions 527-532 only. For example, you can uninstall versions that range from 1.5.0527.0 to 1.5.0532.2. To find the WGA Notifications version, follow these steps:
a. Click Start, and then click Control Panel.
b. Double-click Add or Remove Programs, locate and then click Windows XP - Software, then click Windows Genuine Advantage Notifications, and then click Click here for support information.
c. In the Support Info dialog box, verify the version number, and then click Close.
3. Rename the following files by changing the extension to .old:
• Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old
• Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old
4. Restart the computer.

Manually uninstall WGA Notifications
1. Log on to the computer by using an account that has administrative permissions.
2. Make sure that the WGA Notifications version that exists on the computer is a pilot version. The version format for the pilot version is 1.5.0532.x. In this case, you can uninstall versions 527-532 only. For example, you can uninstall versions that range from 1.5.0527.0 to 1.5.0532.2. To find the WGA Notifications version, follow these steps:
a. Click Start, and then click Control Panel.
b. Double-click Add or uninstall Programs, locate and then click Windows Genuine Advantage Notifications, and then click Click here for support information.
c. In the Support Info dialog box, verify the version number, and then click Close.
3. Rename the following files by changing the extension to .old:
• Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old
• Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old
4. Restart the computer.
5. Unregister LegitCheckControl.dll by using Regsvr32. To do this, follow these steps:
a. Click Start, click Run, type cmd, and then click OK.
b. At the command prompt, type the following, and then press ENTER:
Regsvr32 %Windir%\system32\LegitCheckControl.dll /u
6. Restart the computer.
7. Click Start, click Run, type cmd, and then click OK.
8. At the command prompt, delete the following files by typing the Del command. Press ENTER after you type each command.
• Del %Windir%\system32\wgalogon.old
• Del %Windir%\system32\WgaTray.old
• Del %Windir%\system32\LegitCheckControl.dll
9. At the command prompt, type regedit.
10. Locate and then right-click the following registry subkeys. Click Delete after you locate each subkey.
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\Notify\WgaLogon
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\WgaNotify

APPLIES TO
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional
• Microsoft Windows XP Media Center Edition 2002
• Microsoft Windows XP Professional for Itanium-based systems
• Microsoft Windows XP Tablet PC Edition

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/) Description of the Microsoft Windows registry

This information appeared on the Microsoft Knowledgebase, as
article KB 921914, and was revised on June 30, 2006. Use the link to check for further updates to these instructions before performing the uninstall outlined above.

Posted by Wiz at 10:37 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated on July 7, 2006. If you use this program be sure to run manual updates as soon as possible.

2006-07-07

Hijacker
+ CoolWWWSearch.Compstuic
+ CoolWWWSearch.Feat2Installer
+ CoolWWWSearch.Service
+ CoolWWWSearch.Feat2DLL

Keylogger
+ SnapFiles-SoftForYouLogger

Malware
+ Vcodec.eMedia (2)
+ Command Service (3)
+ AdStatus Service
+ Web-Nexus
+ Smitfraud-C. (3)
+ Win32.Rbot.gen + Zeno (2)

PUPS
+ Bearshare

Spyware
+ Banker-AJD
+ Axfibula
+ PurityScan

Trojan
+ TeamTaylor.Screensaver (2)
+ Zlob.Downloader
+ Small.cxl
+ BPS

Spyware Remover
+ KillAndCleanScanner (2)
+ ConHook (2)
+ Slogger
+ Tibs.vq
+ Cimuz

Total: 336547 fingerprints in 44407 rules for 2075 products.

Update History

Home - The home of Spybot-S&D!
Spybot Search and Destroy Download page - Program and definition updates.

Rogue/Suspect Anti-Spyware Products

Adware Finder and SpyHeal are the recent additions in Eric L. Howes,
Rogue/Suspect Anti-Spyware Products & Web Sites.

Adware Finder - adwarefinder.com, engagemarketing.com - uses flawed,
inadequate detection scheme & detections database [A: 7-8-06 / U: 7-8-06]

SpyHeal - spyheal.com - uses inadequate scan/detection scheme; same
app as SpywareQuake; associated w/ SpyAxe, SpyFalcon, SpywareStrike
[A: 7-8-06 / U: 7-8-06]

Total applications listed: 295

Most recent de-listings: CyberDefender (7-8-06)

http://www.spywarewarrior.com/rogue_anti-spyware.htm

New Definitions:
========================
Adware.Metastop Toolbar
Adware.Qyule
Adware.WSearch +5
Backdoor.ColdFusion +9
Ultimate Defender +2
Win32.Trojan.Pakes
WinAntiVirusPro +4

Updated Definitions:
========================
AdRotator
Adware.DesktopMedia +6
Adware.Henbang
Adware.HuaCiSou +2
Adware.LinkMaker +4
Adware.Maxifiles
Adware.MMSAssist
Adware.Yazzle
CnsMin
EzSearchbar
Golden Eye
Malware.SpyGuard
MalwareWipe
OurXin
PurityScan
SpywareQuake
WebHancer
Win32.Trojan.Spambot +3
Win32.TrojanClicker
Win32.TrojanDownloader.ConHook +3
Win32.TrojanDownloader.Small
Win32.Trojandownloader.Zlob +4
Win32.TrojanSpy.Goldun
Yok Toolbar

The MD5 checksum for the defs.ref file is a585554b0fda97aed502a5299ee950a8

Additional Information
============================================
You can use Webupdate to install the new reference file, or download
it manually from:
http://download.lavasoft.de.edgesuite.net/public/defs.zip

Posted by Wiz at 5:47 PM | Permalink

back to top ^

Microsoft Security Bulletin Advanced Notification

On 11 July 2006 Microsoft is planning to release:

Security Updates

. Four Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer and the Enterprise Scan Tool. Some of these updates will
require a restart.

. Three Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will not release any NON-SECURITY High-Priority
Updates for Windows on Windows Update (WU) and Software Update
Services (SUS).

. Microsoft will release one NON-SECURITY High-Priority Updates
on Microsoft Update (MU) and Windows Server Update Services (WSUS).

End of support for Windows 98, 98 Second Edition and Millenium Edition.

There will be no further updates or patches released for the aforementioned operating systems, as support for them ends on the morning of July 11, 2006. Anybody who is still using Windows 9x or ME is at increasing risk from Internet threats that are no longer going to be patched by Microsoft. You are strongly advised to obtain a newer, supported operating system, such as Windows XP.

You can obtain a legal, license-able copy of current Windows operating systems from Tiger Direct, at a much lower price than Microsoft charges for just a license. View all versions of Windows Operating Systems available from TigerDirect

Posted by Wiz at 9:56 PM | Permalink

back to top ^

"Spam," in computer-speak, refers to Unsolicited, Commercial Email (UCE) or "Junkmail." Spam is used to hawk everything from counterfeit brand name watches and prescription drugs, to mortgages and loans. Nobody I know wants to receive junk mail, whether in their postal mailbox or computer inbox. Yet, most people who venture online with an email account will be spammed, some to the point where spam email represents 80% of their weekly incoming email. These folks are in serious need of a real solution to help reduce the level of spam that reaches their inboxes. I am going to describe a solution to your email spam problem in this post.

Before I continue with my solution I have to tell you that it is software based screening program that does not work with browser-based email systems (AOL, Yahoo, Webmail, or other proprietary email systems). You must be receiving your email via a separate stand-alone POP3 email "client," like Outlook, Outlook Express, Euroda, Thunderbird, or a similar email program. If you are using one of these stand-alone email clients the rest of this discussion applies to you. If not, you are at the mercy of your ISP or email service provider to filter out spam and viruses.

My solution to dealing with spam is to screen all incoming email and filter out anything that trips one of the filter conditions, or is otherwise identified by it's content as a phishing attempt, 419-type scam, spam or virus. The program that does this is named MailWasher Pro and I've been using it for several years, and recommend it to all of my friends and clients.

MailWasher Pro intercepts incoming POP3 email accounts (as many as you have setup in it), reads an adjustable number of lines of text, including the full incoming headers, then compares the results with internal and external blacklists and blocklists, and databases of known spam, and sources of spam, as well as known or suspected viruses. MailWasher Pro also contains a built-in Bayesian Learning Filter that you can train to recognize what you call spam and what you don't. Lastly, one of the most powerful features is the user created filters that can be customized to identify virtually any type of undesirable email and either mark it for manual deletion and blacklisting, or automatically delete it immediately. These user filters use both plain text and Regular Expressions to identify strings of text or code that give away a spam message, or virus, or exploit.

If the message contains content that matches any known conditions it is either flagged to be deleted or is automatically deleted from the email server, according to your choices when you set it up. If you are a member of SpamCop MailWasher Pro can forward spam messages directly to your reporting account. SpamCop will generate an autoreply message that contains a link that you must click on to finish the reporting process, because they require manual reports to be filed at all times. Still, this saves you the trouble of displaying the source code, then copying it and pasting it into a browser report field on SpamCop's reporting page.

I have created an entire web page detailing MailWasher Pro and how it works. I have also included a link on that page to a sample of my custom filters that are responsible for eliminating huge amounts of spam, including "image spam." It should be noted that spammer techniques are not standing still and neither are my efforts to create effective rules to counter new spam tricks.

MailWasher Pro is a commercial program that is free to try for 30 days. If you wish to continue using it you will have to pay to license it. The current registration price is $37.00, which includes Free Upgrades for Life. It also includes your first year subscription to the optional FirstAlert! members' reporting system. You can read all about this on my MailWasher Pro web page.

You can go straight to the MailWasher Pro website and download a 30 day trial, by clicking on this link:
Download Mailwasher Pro here

MailWasher Pro goes between your email server and your email client. I personally use Outlook Express as my email client and have it setup so that it never checks for email. When several emails arrive and MailWasher Pro has finished marking and/or deleting any unwanted messages, I manually check for and receive email in Outlook Express. This keeps spam, scams and viruses out of Outlook Express.

The newest version of MailWasher Pro has a Quick Reply button that launches a new message box from your default email client, with the sender's email filled in and your default account in the From field (you can switch it before sending if you have multiple accounts).

While it is true that MailWasher Pro doesn't work with browser-based email, it can receive Hotmail, if your Hotmail account allows you to use Outlook or Outlook Express. I use it with two Hotmail accounts. There is no limit to the number of POP3 accounts it can check. I currently have it set to check 24 POP3 accounts every 14 minutes, simultaneously.

The reason I picked 14 minutes is because most of my domain email servers have a 15 minute timeout after you check an account for incoming email and try to send an outgoing email or reply. This system is called POP Before SMTP, which translated means you must check for incoming email before you can send outgoing email. Most hosting accounts have a 15 minute timeout after checking for incoming email, so if you want to send a reply after 15 minutes you may have to check for incoming mail again before you can send your reply.

Posted by Wiz at 10:25 PM | Permalink

back to top ^

Source: http://www.pcworld.com/resource/article/0,aid,126307,pg,1,RSS,RSS,00.asp

W32.Cuebot-K spreads via through AIM and disguises itself as Windows
Genuine Advantage on infected PCs.

Security analysts have detected a new piece of malware that appears to run
as a Microsoft program used to detect unlicensed versions of its operating
system.

The malware has been classified as a worm and spreads through AOL's
Instant Messenger program, said Graham Cluley, senior technology
consultant for Sophos PLC, a security vendor.

Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of
malware. The worm has a range of malicious functions. After it's
installed, the worm immediately tries to connect to two Web sites, a sign
it may try to download other bad programs on the machine.

A Nasty Payload

Cuebot-K can disable other software, shut off the Windows firewall,
download new malicious programs, perform basic DDOS (distributed denial of
service) attacks, scan local files and spawn a command prompt, Sophos
said.

Worms that spread through instant messaging programs often appear as
messages or links sent from friends, which trick a user into executing the
program. Cuebot-K propagates by sending itself as a file named "wgavn.exe"
to more people in the user's "Buddy List" but without a message, Cluley
said.

Worm With an Ironic Twist

If installed on a computer, Cuebot-K is registered as a new system device
driver service named "wgavn." When a list of services running on the
computer is summoned, the worm appears as "Windows Genuine Advantage
Validation Notification" Sophos said.

Cuebot-K's registry entry appears as
HKLM\SYSTEM\CurrentControlSet\Services\wgavn\.

The worm's ironic ruse comes as Microsoft's Windows Genuine Advantage
program is being criticized for functioning like spyware. WGA collects
hardware and software data on a user's computer and compares it to a
database of licensed operating systems.

If an improper copy is detected, Microsoft warns the user and cuts off
some free downloads.

Posted by Wiz at 12:56 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated on July 1, 2006. If you use this program be sure to run manual updates as soon as possible.

2006-07-01

Hijacker
+ SearchCentrix
+ CoolWWWSearch.Feat2Installer
+ CoolWWWSearch.Service
+ CoolWWWSearch.Feat2DLL

Malware
+ ABetterInternet
+ Smitfraud-C.
+ Swizzor
+ SpywareDetector
+ Browsezilla
+ Web-Nexus
+ DyFuCa.InternetOptimizer
+ MediaMotor
+ Vcodec.eMedia

Spyware
+ SilentSpy
+ Axfibula
+ 180Solutions.Zango

Trojan
+ Perlink
+ Tibs.ao
+ BraveSentry
+ Small.cxl
+ UpToFind.RelatedSearch
+ Win32.Lager.aq
+ Win32.Small.em
+ Zlob.PornMagPass
+ VirtuMonde (2)
+ Dialer.GlobalAccess
+ YazzleSnowball_Wars
+ SearchNet
+ TeamTaylor.Screensaver

Total: 334484 fingerprints in 43927 rules for 2064 products.

Update History

Home - The home of Spybot-S&D!
Spybot Search and Destroy Download page - Program and definition updates.

Posted by Wiz at 12:49 PM | Permalink

back to top ^

Support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006. Microsoft will end public and technical support by this date. This also includes security updates. Microsoft is providing final notifications to customers to end the extended security update support for these products.

Microsoft is ending support for these products because they are
outdated and these older operating systems can expose customers to security risks. We recommend that customers who are still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft operating system, such as Windows XP, as soon as possible.

Key dates:

* Paid incident support and critical security updates for Windows 98, Windows 98 Second Edition, and Windows Me will end on July 11, 2006. No other security updates will follow after this date.

* Online self-help support will be available at the Microsoft
Support Web site until at least July 11, 2007.

* The Windows 98 and Windows 98 Second Edition Extended Support
end date was moved from January 16, 2004 to June 30, 2006.

* In January 2006, Microsoft announced an adjustment to the
Microsoft Support Lifecycle expiration dates, moving the Extended
Support end date for Windows 98, Windows 98 Second Edition, and
Windows Me to July 11, 2006. Details about the announcement can be
found at http://support.microsoft.com/gp/lifean17/.

* No-charge incident support and extended hotfix support for
Windows Me ended on December 31, 2003, and for Windows 98 and Windows 98 Second Edition ended on June 30, 2003.

Posted by Wiz at 9:42 AM | Permalink

back to top ^