Users Asks: Signs of a backdoor Trojan ?

March 28, 2012 — bluecollarpc

Hello all…. I go by the handle of ‘antibotnet’ at Yahoo Answers > Security. Here is a helpful question and answer I thought to share…

QUESTION:
Signs of a backdoor Trojan?
If i had a backdoor intruder on my machine what would i notice to make me suspicious?
http://answers.yahoo.com/question/index?qid=20120328132628AA1JHMk

MY ANSWER:

In older days going back at least five years ago and more, malware was practically always obvious as to “something seems to be running in the background”. This is because computers were much smaller and specifically with RAM Memory which is kind of a cache of memory used by like all the start up programs you see the little icons for down in the lower right system tray and running programs. RAM Memory was very small at the release of Windows XP (2001) which it was common as from the factory at 256K RAM. This led to the famous coined phrase “512M RAM Upgrade” which was simply adding another 256M RAM memory stick inside the computer, a snap in.

Today it is common to see 1Gig RAM as small and inefficient and probably on now legacy left over com puters for sale. Most new ones are beginning at 2Gig RAM which is 8 times the size as the above XP example at 256M RAM. 3Gig of RAM is quite common place now in new PCs and 4Gig RAM but with expandable to a whopping 8 Gigs !! !

That being said – and adding the upgraded processors that are now dual and quad processors with much higher speeds as standard equipment and being on broadband leaving dial up in the dust as a 56K connection compared to 1M and up to 4G broadband/dsl connectivity speeds – all that being said, it is not that easy at all to ‘SUSPECT SOMETHING RUNNING IN THE BACKGROUND because the PC navigation has bogged down time to time when you are not running stuff.

((NOTE: What of malware bogs down the system ? Spyware that is broadcasting out – copied files, screen snapshots, keylogger data, etc. Mass-mailing worm. Downloader Trojan or Rootkit that are installing more malware. Full blown Botnet Infection that may contain all of the above plus has added some P2P (peer to peer) software and is using the machine to not only download and upload piracy software and files – but also is continually spewing illegal crimewares as viruses and worms and spywares etc.)))

Like you are not mega multi-tasking with like 4 programs open and running. You might have one thing open you are doing and in older days when you additionally where navigating around the system like opening another program or additionally starting up a new email – suddenly the whole system almost would go to a crawl – bogged down navigation, terribly.

THAT was a sure sign there was malware running in the background and generally as spyware or a worm such as a spam worm emailing everyone in an address book of email addresses on the computer.

Backdoor threats as Trojan Downloaders are actually more newer in malware somewhat well after the middle of this past decade. As comparison, these were virtually unheard of going back 7 years and further. Again, because of the larger computer sizes and upgrades – it is much, much more difficult to simply sense a malware as these running in stealth, not naked to the visible eye.

The best thing to do is simply install and use quality antimalware that has both antivirus and antispyware and Real Time Protection processes. Adding a personal software firewall aids that too. Perform Full Scans at least once a week !

What would make you suspicious ? IDTheft, new malware installed and not knowing how – are two suspicious symptoms of backdoor threats. This is what they do.

SEE:

Glossary of Malware
http://www.westcoastlabs.org/
Backdoor – A Backdoor is a secret or undocumented way of gaining access to a program, online service, computer or an entire computer network. Most Backdoors are designed to exploit a vulnerability in a system and open it to future access by an attacker. A Backdoor is a potential security risk in that it allows an attacker to gain unauthorized access to a computer and the files stored thereon.
Source(s):

Threats FAQs
Threats Frequently Asked Questions
http://bluecollarpc.us/Threats_FAQs.html

How to Remove a Backdoor Trojan Computer Virus
http://www.ehow.com/how_5164888_remove-backdoor-trojan-computer-virus.html

Backdoor Santas
http://www.bleepingcomputer.com/tutorials/tutorial41.html

Backdoor.Trojan | Symantec
http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99

Trojan Downloader Featured Articles
http://www.ehow.com/trojan-downloader/

Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , . Leave a Comment »

User Question: Should I disable updates then update programs when necessary?

March 28, 2012 — bluecollarpc

Hey all…. I go by the handle of “antibotnet @ yahoo.com” at Yahoo Answers > Security. Here is a new question I am blogging as answer contents are pretty standard ven as a “form answer” for these type standard questions you meet over and over again, all slightly different:

 

Should I disable updates then update programs when necessary?
“I’m a rookie network administrator. I sysprep my machines twice a year on a schedule. I’m thinking this time I should lock down the usual but also disable all updates from all software and Windows 7. When an update comes along that is worthy I can then update the machines individual. Last time I used GPO it uninstall all the programs instead of installing them. Very odd. I’ve heard it is “unsafe’ to not always update your OS but I’m thinking almost everything were using is web-based. What do you all think?
Note: I will always let AVG update. “
FULL:
http://answers.yahoo.com/question/index;_ylt=AnyXcm_aRycJOo1WdNm9.Ksw5XNG;_ylv=3?qid=20120328130039AAzYR2o

This is very specific to your network usage in security and allowances. Anywhere from a Home Network all the way up to Home/Small Business (and anything in between) is indicated and you were not specific. Generally, I don’t know anyone that would give away this type consultation for free, as generally IT Security et al freelancing can start with a preliminary environment evaluation at price, (which is what I do) adding hourly flat fee starting at $150.00 and then a contract price for specific services rendered — which is apparently what you are seeming to ask for free – a Preliminary Environment Evaluation, or onsite impression of existing set up.

TIP: Basically as far as computer security, the general recommendations are all things up to date all the time. Security Updates are not eye candy. They are for specific necessary defense which left undone can cause a liability for you personally according to whatever the network usage is. SEE the infamous JiffyLube case whereby they were held responsible. That should put you in the right frame of mind and away from bad disingenuous advice.

TIP: Windows Updates have historically not been found at fault at all when applied when some programs/softwares may have been “broken”. This has been historically the software creator(s) fault – NOT Microsoft Windows Updates. That is one example of less than acceptable IT people that ignorantly always chronically blame Microsoft for all the “woes” that are, in reality, virtually always self made or lax third party softwares faults.

TIP: Security wise – ALL softwares are to be up to date ALL the time with vendor updates. Secunia PSI is excellent. Installed softwares are a “SOFT TARGET” for cyber criminal crimewares now to gain entry into the system or network.

Have Hardware Firewalls been activated additionally – and as well in modems ?

NOTICE: Security Updates via Windows Updates are ONLY sent out each Second Tuesday of the month (if any, usually are) which has been dubbed “Patch Tuesday”. If there is an Emergency Patch such as for a new “zero day threat” – these are issued as soon as ready – immediately – as an “OUT OF CYCLE PATCH” as an emergency patch.

IMPORTANT: It is difficult to determine your “twice yearly” updating mentioned as you did not give specifics. Try and be very particular and clear about items with detail. If you meant Windows Updates – well as you can see, and as you mentioned, you are definitely a “rookie network administrator ” as you say and the PCs in network are most likely in severe need of upgrading immediately.
If you meant OS (operating system) Upgrades twice yearly – that does not make sense as these Upgrades have been the releases of XP, Vista, Windows 7 and then 8 – as example and years apart, not occurring ” twice yearly”.

ADVICE: Considering cyber events as corporate “Blended Threats” , CEO type Phishing targeting, bots, I would re-evaluate your “security solution” mentioned as bi-yearly patching and AVG Business. There are a good handful of products well above in quality and documented defense such as Trend Micro for one. You can be polite to a mutt – but will it defend you as completely as a well trained thorough bred ? Or run away squealing and yelping ?

Source(s):
http://en.wikipedia.org/wiki/Group_Policy
http://support.microsoft.com/kb/302577

 

 

Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , . Leave a Comment »

How To Use HiJackThis to find Malware infection Part One

March 16, 2012 — bluecollarpc

How To Use HiJackThis to find Malware infection Part One

HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17

RUNNING A HJT LOG ANALYSIS PART ONE

There is always this need to review this magic utility – how to use it responsibly and SAFELY.

( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )

If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.

HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.

IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH

If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.

This may delete the executable file and possibly a “run” registry key, etc.

It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.
 
In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.

That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.

Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.

PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File

Webmaster:
Malware Removal / Amateur Forensics
Membership/Join List:
Free Malware Removal Help / A Community Website Since 2005
Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Leave a Comment »

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

February 23, 2012 — bluecollarpc

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

BELOW IS MOST OF WHAT THE AVIRA TOOL IS DOING WITH A CLICK ….

Tool available for those affected by the DNS-Changer
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199

The Truth About the March 8 Internet Doomsday
http://www.pcworld.com/article/250296/the_truth_about_the_march_8_internet_doomsday.html#tk.nl_spx_t_cbintro

US-CERT Current Activity – DNSChanger Malware
http://www.us-cert.gov/current/index.html
http://www.us-cert.gov/current/index.html#operation_ghost_click_malware

Hi all….. one area that is common with this area of malware changes is malware getting into the PC and changing “Hosts Files” for a redirect usually to more malicious websites for nefarious reasons. There are more key words for search such as “IP Spoofing” and “DNS Cache Poisoning” ….

http://www.webopedia.com/TERM/I/IP_spoofing.html
http://en.wikipedia.org/wiki/DNS_cache_poisoning

This is off the cuff but from years of experience with the “badware” as it is sometimes called for a universal term covering all and all they do. I am throwing an educated guess at the payload involved and may even involve some variants or residuals on individual basis per handfuls here and there of hundreds to thousands of personal computers. A Botherder or Botmaster is a Command and Control console type arrangement the culprit (s ) runs and attempts clandestine contact to infected computers that can go into the millions – but to partially set some aside to test out how their malware payload is holding up against detection. They may have purposely infected the handfuls with variants of the payload in an attempt to resurrect the whole episode all over again. They (cyber criminals) have become very, very sophisticated anymore. Any phrase like “doomsday” today can actually be no exaggeration anymore.

The measures taken here by the FBI et al are unprecedented and on the scale of “State Sanctioned”. It has been obviously a measure not only to attempt correction and for protection of all infected computers and their users private data – but to keep internet commerce itself alive, as the loss of millions would obviously have a large effect.

I admittedly only perform some amateur forensics and would need probably days upon days upon days to do a write up for full manual removal and correction of an affected system. I most likely could find the actual payload, as there are handfuls of company online search engines for just that. But, if one has a little savvy and wants to attempt further manual removal of the malware to avoid cost at a PC Repair Shop – here are some tips. Mind you, in this case a Shop will obviously advise to reinstall Windows after completely wiping (erasing) the disk first – a common automatic procedure with a Windows CD/DVD or if you have made an Emergency CD Repair CD/DVD. (I would advise do NOT hit “Repair” but go ahead and back up all files first you wish to save and the completely reinstall Windows and THEN also scan the backed up files for malware before reinstalling to the PC now in Factory Fresh condition. )

REVIEW THIS FOR HOSTS FILES….
Blocking Unwanted Parasites with a Hosts File
http://winhelp2002.mvps.org/hosts.htm
(In other words in this area you are looking for how to Restore your Hosts
Files before infection that changed them.)

How can I reset the Hosts file back to the default?
http://support.microsoft.com/kb/972034
MICROSOFT FIX IT TOOL ***** HOSTS FILES

ALSO….
How to reset Internet Protocol (TCP/IP)
http://support.microsoft.com/kb/299357

A Point of Entry and Attack is the firewall that may even have been circumvented.
Tunneling to circumvent firewall policy
http://en.wikipedia.org/wiki/Tunneling_protocol#Tunneling_to_circumvent_firewall_policy
You may want to uninstall it and clean up left over files and registry
entries (Registry Cleaner) … Here is about the best and indeed they have finally released a free home version ….
PowerTools Lite 2011 [Genuine Freeware]
- The Freeware Registry and System Cleaner
http://www.macecraft.com/powertoolslite2011/
(Which is of course by the famous jv16 PowerTools – by far the top recommended for a decade, about. )

YUCK… one more area to review….

TCP reset attack
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/TCP_reset_attack

Bottom line….Above was posted for review, and hastily, if there are still problems and if need be to mention in the event of a necessary trip to the PC Repair Shop. Attempt recommended Avira Tool in these emails as advised. Check out the US CERT links if needed or as double check after Avira clean up – there is a link for detection at the FBI sight for anyone fearing infection I believe. (Avira has consistently had one of the best detection/blocking/removal ratings for years – visit VirusTotal).

AS I SUSPECTED THERE ARE MANY VARIANTS …… LIST (omg There are 23 variants presently ! ! ! – (Absolutely a Shop will advise to reinstall Windows without batting an eye)

*COMPUTER ASSOCIATES*
SOURCE / ONLINE SEARCH ENGINE AND TYPE IN “DNSChanger” as malware payload
look up…
CA Spyware Information Center (Search Engine)
http://www3.ca.com/securityadvisor/pest/
CA Spyware Information Center search engine (ComputerAssociates, makers of
PestPatrol and many security wares)
(*Malware search engine look up is top right)

SEARCH RESULTS: (hot links at results link for each below)
http://www.ca.com/us/search/default.aspx?q=dnschanger&sk=findthreat&backUrl=http%3A%2F%2Fwww.ca.com%2Fus%2Fspyware.aspx
1 DNSChanger B – CA Technologies Quick View
Description: DNSChanger B
Size: 36 KBDate: 01/09/20072 DNSChanger P – CA Technologies Quick View

Description: DNSChanger P
Size: 36 KBDate: 02/22/20123 DNSChanger P – CA Quick View

Description: DNSChanger P
Size: 50 KBDate: 11/20/20094 DNSChanger G – CA Technologies Quick View

Description: DNSChanger G
Size: 37 KBDate: 02/19/20125 DNSChanger C – CA Technologies Quick View

Description: DNSChanger C
Size: 36 KBDate: 04/19/20076 DNSChanger S – CA Technologies Quick View

Description: DNSChanger S
Size: 36 KBDate: 02/22/20127 DNSChanger U – CA Technologies Quick View

Description: DNSChanger U
Size: 36 KBDate: 01/29/20108 DNSChanger T – CA Technologies Quick View

Description: DNSChanger T
Size: 36 KBDate: 01/29/20109 DNSChanger M – CA Technologies Quick View

Description: DNSChanger M
Size: 36 KBDate: 02/21/201210 DNSChanger L – CA Technologies Quick View

Description: DNSChanger L
Size: 36 KBDate: 07/17/200911 DNSChanger – CA Technologies Quick View

Description: DNSChanger
Size: 36 KBDate: 06/14/200612 DNSChanger r – CA Technologies Quick View

Description: DNSChanger r
Size: 36 KBDate: 02/21/201213 DNSChanger I – CA Technologies Quick View

Description: DNSChanger I
Size: 36 KBDate: 02/20/201214 DNSChanger azf – CA Technologies Quick View

Description: DNSChanger azf
Size: 36 KBDate: 02/20/201215 DNSChanger H – CA Technologies Quick View

Description: DNSChanger H
Size: 36 KBDate: 02/19/201216 DNSChanger E – CA Technologies Quick View

Description: DNSChanger E
Size: 37 KBDate: 11/26/200717 DNSChanger D – CA Technologies Quick View

Description: DNSChanger D
Size: 37 KBDate: 02/19/201218 DNSChanger k – CA Technologies Quick View

Description: DNSChanger k
Size: 36 KBDate: 08/04/200819 DNSChanger A – CA Technologies Quick View

Description: DNSChanger A
Size: 36 KBDate: 07/29/200820 DNSChanger ayy – CA Technologies Quick View

Description: DNSChanger ayy
Size: 36 KBDate: 02/05/201221 DNSChanger arn – CA Technologies Quick View

Description: DNSChanger arn
Size: 36 KBDate: 03/11/200822 DNSChanger aum – CA Technologies Quick View

Description: DNSChanger aum
Size: 36 KBDate: 03/11/200823 DNSChanger F – CA Technologies Quick View

Description: DNSChanger F
Size: 37 KBDate: 02/19/2012
——–>

BASIC PAYLOAD…..
DNSChanger
Date Published:
Wednesday, June 14, 2006
Alias
W32/Backdoor.KGE [F-Prot Antivirus]
Overall Risk : HIGH
Category
Trojan: Any program with a hidden intent. Trojans are one of the leading
causes of breaking into machines. If you pull down a program from a chat
room, new group, or even from unsolicited e-mail, then the program is likely
trojaned with some subversive purpose. The word Trojan can be used as a
verb: To trojan a program is to add subversive functionality to an existing
program. For example, a trojaned login program might be programmed to accept
a certain password for any user’s account that the hacker can use to log
back into the system at any time. Rootkits often contain a suite of such
trojaned programs.
Date of Origin
date of origin: Variants from September, 2009 to September, 2009
Operation
DNSChanger: at least DNSChangerKB
Files:
[tn]dnschanger.exe
2701526
hgqhp.exe
kdrgh.exe
virtue_7884154
kdrgh.exe
hgqhp.exe
[tn]dnschanger.exe

WEBMASTER / http://www.bluecollarpc.us/

PS – a quality real time protection antimalware installed no doubt would have blocked this infection and variants to date. Cyber Crime Units have about the rest of all information needed no doubt by now with professional forensics performed.

 

Posted in ANNOUNCE, BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , . 1 Comment »

Information: “Will Your Browser Go Dark on March 8?” (DNSChanger attack left overs)

January 27, 2012 — bluecollarpc

Will Your Browser Go Dark on March 8? (DNSChanger attack left overs)
PC Magazine
This cyber criminal ring had infected about 4 million machines with malware worldwide, about half a million of them in the United States. FBI caught ‘em. End of story, right? Well, not entirely. First, it’s important to understand what DNSChanger did….
http://securitywatch.pcmag.com/malware/293327-will-your-browser-go-dark-on-march-8 
“Yes, the FBI also offered a page to help with this problem. ….”
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

“Mustaca’s blog post explains how to determine whether your system is affected…..”
Avira DNS-Repair-Tool released
http://techblog.avira.com/2012/01/23/avira-dns-repair-tool-released/en/


NOTES you can also try a quick instant check for botnet infection here….

Online Tool Developed to Check for Botnet Activity   [wrkx w/ Netbooks]
BotnetChecker.Com
Go To: http://botnetchecker.com/
PRWeb via Yahoo! News Wed, 12 Dec 2007 5:00 AM PST
http://news.yahoo.com/s/prweb/20071212/bs_prweb/prweb575432_1
It is estimated that 1 in 4 computers on the internet today are part of a botnet. After observing bot activity from thousands of compromised computers, local administrator develops easy way to check for botnet activity.

Trend Micro RUBotted (free) 4-5* (Detect only) [wrkx w/ Netbooks]
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted
Malicious software called Bots can secretly take control of computers and make them participate in networks called “Botnets.” These networks can harness massive computing power and Internet bandwidth to relay spam, attack web servers, infect more computers, and perform other illicit activities.
Security experts believe that millions of computers have already joined Botnets without the knowledge of their owners. By using remotely-controlled computers, the criminals in charge of the Botnets try to remain anonymous and elude authorities seeking to prosecute them. RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

ADVANCED:

Bothunter – Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Bothunter
BotHunter is a free utility for Windows XP and Unix, which aims at detecting botnet activity within a network. It does so by analyzing network traffic and …
http://www.bothunter.net/ 

PLEASE SEE MY REPLIES FOR FURTHER INFORMATION AND REMOVALS….

Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , , , , . 1 Comment »

Recommended Settings and use of CCleaner – Temporary Internet Files Clean Up Browsers, Applications

January 14, 2012 — bluecollarpc

Recommended Settings and use of CCleaner – Temporary Internet Files Clean Up Browsers, Applications

TO CLEARN TEMPORARY INTERNET FILES IN ALL BROWSERS GET CCLEANER….

CCleaner – Wikipedia, the free encyclopedia (very popular, safe,
freeware/donate)
CCleaner supports the cleaning of temporary and unneeded files from
certain …
http://en.wikipedia.org/wiki/CCleaner
CCleaner http://www.ccleaner.com/

ADD FOR FIREFOX….

BetterPrivacy :: Add-ons for Firefox
https://addons.mozilla.org/en-US/firefox/addon/6623
Customize Firefox, Thunderbird, and other Mozilla products with
thousands of … Better Privacy serves to protect against not deletable
long term cookies,….http://addons.mozilla.org
….deletes flash cookies that none others generally delete. Cookies
should only be given session cookies permissions as a privacy and
security issue (cookies have been broken into by malwares) and only if
necessary.

CCLEANER SETTINGS / RECOMMENDED CLICKS
( CCleaner is for newbies and is indeed a Power User software utility
for the advanced user as well ! )

****THERE ARE TWO SETTINGS COLUMNS – REVIEW *****

**** WINDOWS TAB / TOP

WINDOWS….
# Check all for Internet Explorer (ALL ! )

WINDOWS EXPLORER
# Recent Documents, Search Autocomplete, Other MRUs
(Do NOT click Network Passwords as no doubt this will keep deleting any
Router type passwords in the system and you will have to keep typing in
the Network Security Key (router password) each use.

SYSTEM
# Empty Recycle Bin (IF you are sure you do not need to recover mistaken
deletions here. Be sure or do NOT check and simply open Recycle Bin and
delete manually)
# Clipboard
# TEMPORARY FILES IS SPECIAL….. CCleaner only deletes these after they
show as 2 DAYS OLD or older. IT IS BEST TO NOT CHECK THIS UNTIL THERE
HAS BEEN AT LEAST A COUPLE AND MORE DAYS AFTER EACH SOFTWARE
INSTALLATION OR MAJOR CHANGES TO THE SYSTEM SUCH AS WINDOWS UPDATES.
Instead you can click this and then DO NOT CLICK RUNCLEANER BUT RATHER
CLICK “ANALYZE” which will not delete anything but scan and present what
is available for deletion. If you see anything under around 100M size of
files you are okay. UNLESS you have the Windows Updates icon in the
bottom tray that says you have Updates to install – THEN anything over
100M size files total present may indicate malware present and has been
running for awhile creating these.
PLEASE READ THIS ENTIRE BLOG TO KNOW WHAT AND HOW TO USE THIS….

Temporary Internet Files – Windows Temp Files, Safe To Delete ?
January 14, 2010 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2010/01/14/temporary-internet-files-windows-temp-files-safe-to-delete/
ADVANCED
# DO NOT CHECK ANYTHING IN ADVANCED OR YOU MAY CAUSE SERIOUS DAMAGE TO
THE SYSTEM.

****APPLICATIONS TAB TOP

FIREFOX/MOZILLA
# CHECK ALL EXCEPT “Compact Databases”

APPLICATIONS
# CHECK ALL (According to what you have installed – example: Adobe
Reader history)

INTERNET
# CHECK ALL (histories)

MULTIMEDIA
# CHECK ALL (histories)

WINDOWS
# OPTIONAL – You can check these or not if you wish to review using
these and do not want the histories (logs) deleted.

CCLEANER – SOME MORE POWER USE CLICKS 

{TIP: When using ANALYZE make sure you have clicked Run Cleaner and THEN add the items you wish to check without deleting with ANALYZE. Otherwise you will be looking at all the junk files you would normally delete anyway and will muddy the results of an Analyze scan as then you will just see the particular files you wanted to investigate WITHOUT all the other junk files added in the Analyze results.}
WINDOWS TAB TOP
—————–
SECTIONS:

WINDOWS EXPLORER
# RUN IN START MENU MAY NESS WITH START UP ORDER APPARENTLY AND WOULD BE BEST LEFT UNCHECKED

SYSTEM 
# Memory Dumps, Chkdsk File Fragments
…. both of these should be left UNCHECKED as they will invariably only come into play at the rare Computer Crash event. This will inevitably create some special helpful information files of the event (annonymous) that will help Microsoft (or others involved – softwares, browsers, causes – annonymous) that may send out invisibly at the next computer start up.
(There are settings in the Control Panel to turn these off or on – reports – RECOMMENDED to leave ON to be a help to all computer users for causes of these undesirable events that they may create patch/fix/updates to prevent the occasion from occurring again for all) .
(After the computer seems to be working again okay – you may want to check these and then click ANALYZE to see if there are any items here available per scan to delete safely. They would be really small no doubt in size not really affecting overall performance memory wise.)

# Windows Log Files …..are safe to delete, DO NOT click this as a regular clean up each time. These Logs are created automtically by Windows and can contain some information recent events that may be EXTREMELY HELPFUL to discover problems that can be easily fixed. Time to time the computer has been working fine would THEN be a time to ADD THIS to the Run Cl;eaner clean up. It will save nominal disk space as these are never really that big and in text only. The first clean up of these may be a large clean up as to 1M to 10M even at first run and if the computer is a couple years old. (They do pile up needlessly. ) TRY the CCLeaner Analyze first to see files size as example. OTHERWISE LEAVE UNCHECKED ! ! !

# DNS Cache, Font Cache ….. LEAVE UNCHECKED and do not use unless directed to by an at least Advanced User or Tech professional.

# Shortcuts…. DO NOT use this and simply delete those manually as many normal icons you use will suddenly disappear be using this to delete them. For power users building their own custom systems , this may be a desirable action to use this deletion feature.

ADVANCED
# NEVER USE ANY OF THESE UNLESS YOU ARE AN ADVANCED USER OR TECH PROFESSIONAL ! ! ! YOU HAVE BEEN WARNED ! ! !

AS MENTIONED CCLEANER IS NOT JUST FOR NOVICES AND VETERAN WINDOWS USERS – IT IS ALSO A PREMIUM SOFTWARE FOR ADVANCED AND TECH PROFESSIONALS USAGE (free tech help at forums, groups , lists etc. )

gerald philly pa usa

SENDER:
Webmaster/malware removal help
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , , . Leave a Comment »

How To Delete Java Temporary Files – Avoid Java Malware Exploits

January 14, 2012 — bluecollarpc

As well in security it is also recommended to go to Start > Control Panel > Java and open the Java panel and click “Do Not Store Temporary Files On This Computer”  ….

….Malware as well has used Java to infect computers (AND FIREFOX ! ) and can hide in these temporary files in the system. This will not affect navigation at all. These are like Temporary Internet Files and are stored for re-visit to a website to load it just a tad faster as the Temporary Internet Files are used for and stored for those reasons. These are junk/trash files completely safe to delete. (In other words when going to a website – any images and pictures and some text items are stored on the computer as well as the cookies files. When re-visiting that same website – these are uploaded from the computer rather than re-downloading then over the internet each time which makes the loading of the website page a tad faster. In real world – it is like nano seconds of no real noticeable speed to the naked eye. )

Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Leave a Comment »

How Do I Know The Disk Has Been Fully Wiped (Privacy/Security Disk Wiper Software)

December 20, 2011 — bluecollarpc

How Do I Know The Disk Has Been Fully Wiped (Privacy/Security Disk Wiper Software)

Good orientation here …… we are talking….
 
Data remanence
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Data_remanence
 
This all depends on what and why you want to do this. If simply passing the PC on to a family member or friend and want all your data wiped off – you can use any disk wiper. It is assumed they are not going to go snooping in  some manner with a file recovery software in other words. Simply erase the disk is the procedure without security being a concern.
 
If you are going to donate the PC or recycle it – then you should absolutely only use a military grade disk wiper (eraser). This guarantees your data is NOT recoverable. I don’t know your sources to the contrary, but that is apparently indisputable. No data period – using military grade wiping software. That’s why it is called military grade. The best available to the public is a military grade software disk wiper. [ 35-pass Gutmann uber-paranoid erasure ]
 
The paranoia stops here……
(Has this been circumvented ? Not to knowledge)….
 
“UltraSentry was designed to delete file and folder data to United States Department of Defense standards, which is why we call it a military-grade cleaning application. What does this mean? Well, many electronic files and data are highly-sensitive or private, and when deleted, the data itself still remains on the disk, making it recoverable or accessible by anyone. UltraSentry eliminates that risk by overwriting the file data repeatedly, completely  destroying all traces of the sensitive file data, making it completely unrecoverable. The standards to which the data is overwritten are compliant with Department of Defense standards, and are the same standards the U.S. military  and government use when deleting top-secret or proprietary electronic information.”  <http://www.ultraedit.com/products/ultrasentry.html>
 
Mac PCs have this type utility built in I have read.

If you are seeking other, than I think it goes into the area of manually doing things. This is an interesting subject and I am kicking it around on some sites for information.
Of course the oldest security joke about how to never get an infection is to not plug in the computer. Along the same lines, paranoia has to enter the picture somewhere here – such as any type disk wiper can be thought to be performing a “hex dump” of the erased material to be recoverable either for the OS owner (Windows) or the Law or the actual software writer to capture any data involved as of interest for whatever reason. Paranoia can lead to manually performing the task and perhaps with a hex editor. Simply using ” 00 ” overwrite seems less than thorough enough as I have seen it recommended to use three different passes with two different sets the 00 first and last.
 
 
IF YOU ARE TALKING DISPOSAL….. PHYSICALLY DESTROY THE COMPUTER DISK…. HEALTH RISK ! …..
 
Learn how to effectively delete all of the data on your hard drive – and permanently
IN FULL
http://www.digitaltrends.com/how-to/how-to-completely-erase-your-hard-drive/ 
 
“….. Get Physical
Another brutally effective way to destroy data on your hard drive is to properly destroy the internal parts of the drive itself. There are several ways to do this, each of which requires physical methods of destruction that can be  dangerous and may expose particles or chemicals hazardous to your health. If you are not able to maintain a safe environment, do not attempt these methods. Find a qualified company to assist.
 
Your data is stored on the spinning platters inside the drive. It is these platters that need targeting. Popular and effective methods for destroying the platters are: 1) industrial shredding, whereby the entire hard drive is fed into a powerful automobile-sized shredder that makes mincemeat of the drive; 2) drilling through the platters a few times with a titanium drill bit (easily found at Home Depot).
 
Of course, if the CIA, FSB and Mossad are all after your data, you may want to
a) selectively nuke folders and files,
b) write zeros at least seven times,
c) physically disable the drive and
d) get a safer, calmer life.
 
Summary
 
Protect your Social Security number and credit card e-bills from getting into the hands of 8-Ball Ernie down at the rehab center. Do not ruin the innocence of those kids at the community center by accidentally exposing them to the  contents of your intentionally mislabeled though ineffectively deleted “Personal Budgets” folder. Make your donation of an old computer truly a win-win, good-karma situation for everyone involved. Free tools exist to perform even  the most thorough cleaning of a hard drive. Use them. ….”
 
MORE
http://en.wikipedia.org/wiki/Anti-computer_forensics
http://en.wikipedia.org/wiki/Data_remanence

Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , , , , , , , , , , , , , , , . Leave a Comment »
« Older posts
Follow

Get every new post delivered to your Inbox.