Wiz's Computer and Website Security Blog

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. All of the programs listed with a + sign are additions, or updated detections, and are dangerous to your computer, and/or personal security. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

2007-06-27

Keyloggers
+ Ardamax
+ Perfect Keylogger

Malware
+ Smitfraud-C.
+ SpyCrush
+ Vario.AntiVirus
+ Win32.ServU
+ Win32.Banload
+ Win32.Banker

PUPS (Potentially Unwanted Programs)
+ DeepThroatOrgasm
+ Meliksah

Trojan
+ Psyme
+ QQ-Pass
+ Rossvoll.wsa
+ Win32.Agent.ac
+ Win32.Agent.brf
+ Win32.Joiner.d
+ Win32.Mediket.cz
+ Win32.OnLineGames
+ Win32.Viking.Boom
+ Zlob.PPlayer
+ Zlob.VideoActiveXObject

Total: 398275 fingerprints in 71783 rules for 3032 products.

Spybot Search & Destroy is now compatible with Windows Vista, but needs administrator rights to perform it's security functions. A new version, 1.5, will soon be released that will carry the Works With Windows Vista Logo. Stay tuned for more information about version 1.5.

See links to and more information about using Spybot Search and Destroy in my extended comments.

English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates. You can download the latest version of Spybot S&D plus definition and tool updates here for inclusion later on.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

A consequence of acquiring many of the parasites, keyloggers, hijackers and downloaders is that their files and startup settings are usually saved to your System Restore hidden folder, from whence they are automatically restored upon rebooting the computer. To completely remove these threats, and others, you should disable System Restore, then reboot, then clean all threats, then re-start System Restore, setting a new Restore Point, with a clean machine. Many people overlook this and are constantly reinfected after removing threats. There are few, if any security programs that can clean or remove infected files that are backed up in your protected System Restore directory.

To disable System Restore, go to My Computer and right-click on it's icon. From the flyout options select Properties. From the "System Properties" select the "System Restore" tab. There you will find a checkbox labeled "Turn off System Restore." Check it, then click Apply and wait while the System Restore files are deleted (takes some time). After the deletions are finished, click OK to close the Properties box, then reboot.

When you have thoroughly removed all infections follow the same procedure as above, unchecking the box that turned off System Restore.

For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.

Spybot Search and Destroy has a Malware Removal Forum where trained volunteers can help you with spyware removal problems.

Posted by Wiz at 12:07 AM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. All of the programs listed with a + sign are additions, or updated detections, and are dangerous to your computer, and/or personal security. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

2007-06-20

Keylogger
+ Ardamax

Malware
++ DrAntispy

PUPS (Potentially Unwanted Programs)
+ YazzleSudoku

Security
++ Microsoft.Windows.AppFirewallBypass
++ Microsoft.Windows.IEFirewallBypass

Trojan
+ QQ-Pass
+ Virtumonde
+ Win32.Agent.aaw
++ Win32.Agent.arr
+ Win32.OnLineGames
++ Win32.OnLineGames.na
++ Win32.RAdmin.Zenworks
++ Win32.SdBot.aij
++ Win32.SdBot.auv
++ Win32.VBStat
+ Win32.Viking.Boom
++ Win32.Wow.pq
+ Win32.Zhelatin.ah
+ Zlob.ImageActiveXAccess
++ Zlob.PPlayer
+ Zlob.SiteEntry
+ Zlob.VideoActiveXAccess

Worm
++ Win32.Viking.j

Total: 396667 fingerprints in 71397 rules for 3041 products.

Spybot Search & Destroy is now compatible with Windows Vista, but needs administrator rights to perform it's security functions. A new version, 1.5, will soon be released that will carry the Works With Windows Vista Logo. Stay tuned for more information about version 1.5.

See links to and more information about using Spybot Search and Destroy in my extended comments.

English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates. You can download the latest version of Spybot S&D plus definition and tool updates here for inclusion later on.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

A consequence of acquiring many of the parasites, keyloggers, hijackers and downloaders is that their files and startup settings are usually saved to your System Restore hidden folder, from whence they are automatically restored upon rebooting the computer. To completely remove these threats, and others, you should disable System Restore, then reboot, then clean all threats, then re-start System Restore, setting a new Restore Point, with a clean machine. Many people overlook this and are constantly reinfected after removing threats. There are few, if any security programs that can clean or remove infected files that are backed up in your protected System Restore directory.

To disable System Restore, go to My Computer and right-click on it's icon. From the flyout options select Properties. From the "System Properties" select the "System Restore" tab. There you will find a checkbox labeled "Turn off System Restore." Check it, then click Apply and wait while the System Restore files are deleted (takes some time). After the deletions are finished, click OK to close the Properties box, then reboot.

When you have thoroughly removed all infections follow the same procedure as above, unchecking the box that turned off System Restore.

For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.

Spybot Search and Destroy has a Malware Removal Forum where trained volunteers can help you with spyware removal problems.

Posted by Wiz at 10:47 AM | Permalink

back to top ^

I am a member of and Moderator of the computers section of the Steel Guitar Forum, which has been offline since the morning of June 19 (2007). In an email exchange with the owner - b0b Lee - it was revealed that workers on the street outside of the server's location have accidentally cut his T1 line. AT&T will be repairing the line as soon as possible. SGF members may wish to use this time to practice their steel guitars, until the forum is back online.

The Steel Guitar Forum is a multi-section discussion forum for members only, most of whom are either amateur or professional pedal steel guitarists. I have been a member for a number of years since I am also a professional pedal steel player. My section is the computers forum, of which I am the moderator and a strong contributer.

Anybody who plays any type of steel guitar (pedal, non-pedal, or lap steel), or a resophonic guitar is welcome to apply for membership at the SGF.

UPDATE: The SGF is now back online.

Posted by Wiz at 10:19 AM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. All of the programs listed with a + sign are additions, or updated detections, and are dangerous to your computer, and/or personal security. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

2007-06-13

Adware
+ StarWare

Keylogger
+ FreeKeylogger.CN.a
+ Perfect Keylogger

Malware
+ Smitfraud-C.
++ ZenoSearch

Spyware
++ MSN-Spy

Trojan
+ Agobot.Backdoor
+ BackOrifice2k
++ MeetingNote
+ QQ-Pass
++ Rbot.Eetu
++ Rossvoll.wsa
+ Virtumonde
++ Win32.QQRob.eo
++ MeetingNote
+ Win32.Delf.zq
++ Win32.LdPinch.bia
++ Win32.OptixPager.se
++ Win32.QQRob.eo
+ Zlob.DNSChanger
+ Zlob.ImageActiveXAccess
++ Zlob.SiteEntry
+ Zlob.VideoActiveXAccess

Total: 395164 fingerprints in 70892 rules for 3025 products.

Spybot Search & Destroy is now compatible with Windows Vista, but needs administrator rights to perform it's security functions. A new version, 1.5, will soon be released that will carry the Works With Windows Vista Logo. Stay tuned for more information about version 1.5.

See links to and more information about using Spybot Search and Destroy in my extended comments.

English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates. You can download the latest version of Spybot S&D plus definition and tool updates here for inclusion later on.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

A consequence of acquiring many of the parasites, keyloggers, hijackers and downloaders is that their files and startup settings are usually saved to your System Restore hidden folder, from whence they are automatically restored upon rebooting the computer. To completely remove these threats, and others, you should disable System Restore, then reboot, then clean all threats, then re-start System Restore, setting a new Restore Point, with a clean machine. Many people overlook this and are constantly reinfected after removing threats. There are few, if any security programs that can clean or remove infected files that are backed up in your protected System Restore directory.

To disable System Restore, go to My Computer and right-click on it's icon. From the flyout options select Properties. From the "System Properties" select the "System Restore" tab. There you will find a checkbox labeled "Turn off System Restore." Check it, then click Apply and wait while the System Restore files are deleted (takes some time). After the deletions are finished, click OK to close the Properties box, then reboot.

When you have thoroughly removed all infections follow the same procedure as above, unchecking the box that turned off System Restore.

For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.

Spybot Search and Destroy has a Malware Removal Forum where trained volunteers can help you with spyware removal problems.

Posted by Wiz at 1:05 PM | Permalink

back to top ^

DreamHost Status Blog Archive Security Breach

It seems that somebody has managed to hack into the customer database for FTP login passwords, at the DreamHost website hosting company. According to an email sent out to the affected Dreamhost customers, 3500 accounts seem to have been breached by a hacker, or hackers, using as yet unknown attack vectors.

According to the update posted by DreamHost, on June 7, this may be a combination of security breaches, including keyloggers that may have been installed onto the affected users' computers. That means that the same thing could affect users of other web hosting companies. So far the hack appears to be the addition of various iframe codes or links to porn sites, to all files containing the word "index" of the compromised accounts. The file extension does not matter; if you have a file containing the word "index" it will be a target of this hacker. This includes index files in sub-directories, or add-on domains hosted under the same master account. Therefore, all website owners are urged to download their index files and inspect them for unauthorized modifications. If you find any remove them and notify your hosting provider, and scan your own computers for spyware, keyloggers, or backdoor trojans.

In one blog post about this I read that at least one DreamHost customer had all of his "index" files overwritten completely with a page containing an iframe exploit, leading to a website that installs a Trojan Horse program.

There is a statement about this incident, from the DreamHost blog, in my extended comments...

If you are a DreamHost customer, and you have scanned your computer for security breaches and found none, and you were notified that your account was among those compromised, and you are looking for another web host, I use and recommend BlueHost Web Hosting. They offer huge amounts of disk space and data transfer, plus unlimited add-on domains, for those who need to host multiple domains at a low monthly rate. I have all of the details on my BlueHost page. I have been with them for over 6 months and have had very little downtime - well less than I used to experience with my previous web host. My server has not been hacked, altho I see people trying to do so every day or two (by reading my raw access and error logs).

I am available to assist people whose websites and/or computers have been compromised by hackers, spyware, keyloggers, or other security threats. Please visit my home page for more information and links to my webmaster services and contact pages.

From DreamHost
UPDATE: 2007/06/07 6:49PM PDT - We are in the middle a more thorough investigation and some new information has turned up. While we did detect some unauthorized access to our user web control panel, in at least some cases it looks like that may not be to blame for the compromised ftp accounts. In some isolated cases it appears that there may be security problems on end-user computers as well. If you have been affected by this, please do whatever checks on your own computer you can as a precaution. Our investigation is covering all possible attack points and this is one of the possibilities.

Also note that we now have confirmed information that these ftp account hijackings are happening on other web hosts as well and it looks very likely like there’s more to this situation than just the security problem we detected within our own system.

We are now forcing all of the affected users who have not yet changed their passwords to do so before they will be able to upload anything again. This is necessary so we can continue to monitor the situation and see clearly what’s going on.

Posted by Wiz at 12:45 PM | Permalink

back to top ^