Users Asks: Signs of a backdoor Trojan ?

Hello all…. I go by the handle of ‘antibotnet’ at Yahoo Answers > Security. Here is a helpful question and answer I thought to share…

QUESTION:
Signs of a backdoor Trojan?
If i had a backdoor intruder on my machine what would i notice to make me suspicious?
http://answers.yahoo.com/question/index?qid=20120328132628AA1JHMk

MY ANSWER:

In older days going back at least five years ago and more, malware was practically always obvious as to “something seems to be running in the background”. This is because computers were much smaller and specifically with RAM Memory which is kind of a cache of memory used by like all the start up programs you see the little icons for down in the lower right system tray and running programs. RAM Memory was very small at the release of Windows XP (2001) which it was common as from the factory at 256K RAM. This led to the famous coined phrase “512M RAM Upgrade” which was simply adding another 256M RAM memory stick inside the computer, a snap in.

Today it is common to see 1Gig RAM as small and inefficient and probably on now legacy left over com puters for sale. Most new ones are beginning at 2Gig RAM which is 8 times the size as the above XP example at 256M RAM. 3Gig of RAM is quite common place now in new PCs and 4Gig RAM but with expandable to a whopping 8 Gigs !! !

That being said – and adding the upgraded processors that are now dual and quad processors with much higher speeds as standard equipment and being on broadband leaving dial up in the dust as a 56K connection compared to 1M and up to 4G broadband/dsl connectivity speeds – all that being said, it is not that easy at all to ‘SUSPECT SOMETHING RUNNING IN THE BACKGROUND because the PC navigation has bogged down time to time when you are not running stuff.

((NOTE: What of malware bogs down the system ? Spyware that is broadcasting out – copied files, screen snapshots, keylogger data, etc. Mass-mailing worm. Downloader Trojan or Rootkit that are installing more malware. Full blown Botnet Infection that may contain all of the above plus has added some P2P (peer to peer) software and is using the machine to not only download and upload piracy software and files – but also is continually spewing illegal crimewares as viruses and worms and spywares etc.)))

Like you are not mega multi-tasking with like 4 programs open and running. You might have one thing open you are doing and in older days when you additionally where navigating around the system like opening another program or additionally starting up a new email – suddenly the whole system almost would go to a crawl – bogged down navigation, terribly.

THAT was a sure sign there was malware running in the background and generally as spyware or a worm such as a spam worm emailing everyone in an address book of email addresses on the computer.

Backdoor threats as Trojan Downloaders are actually more newer in malware somewhat well after the middle of this past decade. As comparison, these were virtually unheard of going back 7 years and further. Again, because of the larger computer sizes and upgrades – it is much, much more difficult to simply sense a malware as these running in stealth, not naked to the visible eye.

The best thing to do is simply install and use quality antimalware that has both antivirus and antispyware and Real Time Protection processes. Adding a personal software firewall aids that too. Perform Full Scans at least once a week !

What would make you suspicious ? IDTheft, new malware installed and not knowing how – are two suspicious symptoms of backdoor threats. This is what they do.

SEE:

Glossary of Malware
http://www.westcoastlabs.org/
Backdoor – A Backdoor is a secret or undocumented way of gaining access to a program, online service, computer or an entire computer network. Most Backdoors are designed to exploit a vulnerability in a system and open it to future access by an attacker. A Backdoor is a potential security risk in that it allows an attacker to gain unauthorized access to a computer and the files stored thereon.
Source(s):

Threats FAQs
Threats Frequently Asked Questions
http://bluecollarpc.us/Threats_FAQs.html

How to Remove a Backdoor Trojan Computer Virus
http://www.ehow.com/how_5164888_remove-backdoor-trojan-computer-virus.html

Backdoor Santas
http://www.bleepingcomputer.com/tutorials/tutorial41.html

Backdoor.Trojan | Symantec
http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99

Trojan Downloader Featured Articles
http://www.ehow.com/trojan-downloader/

How To Use HiJackThis to find Malware infection Part One

How To Use HiJackThis to find Malware infection Part One

HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17

RUNNING A HJT LOG ANALYSIS PART ONE

There is always this need to review this magic utility – how to use it responsibly and SAFELY.

( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )

If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.

HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.

IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH

If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.

This may delete the executable file and possibly a “run” registry key, etc.

It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.
 
In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.

That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.

Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.

PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File

Webmaster:

BlueCollarPC.US

Malware Removal / Amateur Forensics

HOME http://bluecollarpc.us/

Alternate https://sites.google.com/site/pcsecurityhelper/

HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/

Membership/Join List:

Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com

Free Malware Removal Help / A Community Website Since 2005

What is Active X ? Active X Revisited

What is Active X – Revisited

One of the greatest misconceptions about Active X is that many novice computer operators (newbies) think it is malware. That’s a shame because it is and was a wonderful invention for the Windows Operating System and is registered and copyrighted and trademarked with a history – that whole nine yards….

HISTORY OF “OWNERSHIP”: http://en.wikipedia.org/wiki/ActiveX
SEE (Information)
http://www.active-x.com/articles/whatis.htm
http://support.microsoft.com/kb/912945

What it does is acts like a strong man in the operation, navigation, and on websites to deliver content – and when. There is like frames as well and much else in websites as example, and all in the blink of an eye unless on dial up which you can see loading and displaying many times. When you Go To some website and it is loading in the browser to display – as it is displaying all parts of the webpage instantly almost – there are various parts of like sidebar items, if you will, and that is kind of what is delivered by an Active X employed as to streamline the load and display of a webpage – like text first, graphics next, and extras later. All in the blink of an eye. Active X, unlike a Java Script like a familiar drop down menu that may be on a webpage, will deliver some sidebar type content on the page and structured to do so. Generally this is on commercial paid-for website design pages. Generally you will never see any Active X employed on a Personal Website.

Now, where the rumours and fears and alarms go – these are based on real events and that is malware trojans and malware toolbars that virtually all MISUSE an Active X or even reverse engineered (pirated, decompiled, unlawful re-coded/programmed), customised.

I like to brag a little being in Windows Computer Security and webmaster of the BlueCollarPC originally at .net now at .US and since 2005 because there are so many deviants from profession sloughing the public for big bucks and especially like Forums hosing for a buck at donate forums and may include links to Forum Administrator and Forum Moderator owned PC Repair Shops that have no clue to Active X that there are actually FIVE DIFFERENT Active X applications – and worse – virtually all in IT Security don’t even know that.

You wonder why data breaches of all our citizen’s private records are happening in the millions upon millions ? That’s why. Too many persons in Computer
Security are full of it. I have been to many Donate Forums in malware removal in their “boot camps” (Train to be one of their official privileged designated forum helpers) and would not dare put my hand, name, or internet reputation to theirs as finding out what they employ as “malware removal help” to Users computers. So, again, I am not talking through my hat making stuff up. I would guesstimate at least 85 percent of all malware help available on the web can not pass “Compliance” in IT Security though many say they do and are “Microsoft MVPs” ! BUYER BEWARE ! This is only ONE thing they have no clue to. Why important ? Because of the vast hundreds of thousands of spyware packages that misuse Active X in many ways including the even transparent displayed ‘Downloaded Program Files’ (C\Windows/Downloaded Program Files) Active X items. I know my XP and Vista machines like the back of my hand ! Do they ? Obviously not !

You can take this to the bank and who told you…..

There are actually FIVE, count them five, Active X items ….

1) Active X
2) Active X Object
3) Active X Helper Object
4) Active X Control 
5) Active X Control Object

Inevitably, they enter a registry key in the Windows Registry HERE :
HKEY_CLASSES_ROOT

Now in Internet Explorer settings, you can set the browser to ask Permission for each time any Active X item on a webpage is detected – clicking OK allows the Active X item to control and deliver the designated content. This is a good way to become familiar and actually see how many normal websites you visit employ Active X in their website designs. Probably just over half or more do – commercial sites like News, Media, shopping sites, etc.

The free Mozilla Firefox was the rave by UNINFORMED people who claimed it was safer than Internet Explorer and was based on the notion that Firefox does not allow any Active X to run on any site visited. The ensuing cross-infections and Java exploits as password stealing viruses through Firefox for one put a stop to their wildfire spreading of dis-information of computing security. They costed enough people a pretty penney no doubt in ID Theft type activites by cyber crime. Internet Explorer is still the safest browser in the world and has been far ahead in security technologies as anti-phisher, Protected Mode, various secure site additions and so on (list extensive).

Promoting TRUE Computing Security knowledge and practices has always been the history of our BlueCollarPC websites – the original .Net and alternate .Org and finally currently to www.BlueCollarPC.US for the new decade. (The other two were left expire – I no longer own them since about 2009) . I do intimate I have been offered three different prestigious Posistions since 2005, but alas am a 100 percent disabled individual donating what time I can when able to and had to unfortunately decline as health does not permit.

 

New virus infects Linux and Windows platforms (cross-platform infections)

New virus infects Linux and Windows platforms (cross-platform infections)…..

  

Winux Virus
New virus infects Linux and Windows platforms: security technology studies microsoft windows versions linux viruses malicious payload william stearns….
http://antivirus.about.com/library/weekly/aa032801a.htm

  

Winux: Two in One Virus 
 The first Windows, Linux cross-platform virus discovered 
http://antivirus.about.com/library/weekly/aa032801a.htm
“Virus researchers have discovered a new breed of virus that infects both Windows and Linux files on Intel-based Pentium PC’s. Considered a proof-of-concept virus, it has not been found in-the-wild. As such, it is not posing a threat to users, but could signal the beginning of a new precedent in virus writing – the cross-platform threat. Within less than a day of discovery, the new virus has already been assigned a number of different names, including Linux.PEElf.2132, W32.Winux, Linux.Winux, W32/Lindose, and W32.PEElf.2132.  …..

 

HISTORY…..

 

Cross-platform Virus Infects Linux And Windows
http://www.networkcomputing.com/data-protection/cross-platform-virus-infects-linux-and-windows.php
April 7, 2006
A Russian security company announced Friday that it had found a cross-over virus that can infect PCs running either the open-source Linux or Microsoft Windows operating systems. Dubbed “Linux.Bi.a” and “Win32.Bi.a,” the split-personality malware doesn’t do any damage. Instead, said Moscow-based Kaspersky Labs in an online briefing, it’s a proof-of-concept to prove that a cross-platform virus is possible.

 

Java Based Cross Platform Malware Trojan (Mac/Linux/Windows)
http://www.darknet.org.uk/2011/01/java-based-cross-platform-malware-trojan-maclinuxwindows/
20 January 2011
It’s pretty rare to read about malware on the Linux or Mac OSX platforms and even more rare to read about cross-platform malware which targets both AND Windows by using Java. A neat piece of coding indeed, it targets vulnerabilities in all 3 operating systems – the sad thing? The malware itself is vulnerable to a basic directory traversal exploit, which means rival gangs can actually commandeer the infected targets.
They went to lengths to keep it secure and unseen (encrypted communications etc) – but didn’t program the malware itself securely…

 

Computerworld -
http://www.computerworld.com/s/article/110330/Kaspersky_warns_of_cross_platform_virus_proof_of_concept
Kaspersky Labs is reporting a new proof-of-concept virus capable of infecting both Windows and Linux systems.
The cross-platform virus is relatively simple and appears to have a low impact, according to Kaspersky. Even so, it could be a sign that virus writers are beginning to research ways of writing new code capable of infecting multiple platforms, said Shane Coursen, senior technical consultant at Kaspersky.

 

RELATED:
Torvalds Patches Linux Kernel, Fixes Broken Virus -
http://www.pcworld.com/article/125461/torvalds_patches_linux_kernel_fixes_broken_virus.html
PCWorld 
After discovering that the virus didn’t work on recent versions of Linux, …
” We may see another virus using the same method of cross-platform infection. … ”

 

Linux malware From Wikipedia, the free encyclopedia 
http://en.wikipedia.org/wiki/Linux_malware
A new area of concern identified in 2007 is that of cross-platform … was discovered that contained a script that used the infected Linux PC in denial-of- service attacks. … There are a number of anti-virus applications available for Linux, …. Windows Viruses”.

 

FROM OUR BLOG ON THIS……

 

My Linux choice – Ubuntu (dual boot systems, security myth already)
August 15, 2010 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2010/08/15/my-linux-choice-ubuntu-dual-boot-systems-security-myth-already/
“….Of course as webmaster of the BlueCollarPC since 2005, I am obviously very, very, very security oriented and share this as a Community Help site – free (Windows OS). We can review original ‘horn locking’ from mid-decade (2000 – 2010) in the several arguments that Firefox browser, Linux OS (operating system) , Apple/Mac were safer than Windows between the two operating system users and conclude that in this new decade Windows users may begin to flock to Linux as a “back up system” to Windows being inoperative due to malwares. This is along the lines that much malware on Windows used the Active X maliciously (like trojans or malware toolbars, etc.) in Internet Explorer browser and the Mozilla Firefox browser operated without it. So the arguements began and the hype and so on that “Firefox is safer than Internet Explorer” and many, many Windows users have installed Firefox as a back up browser to use in the event malware affecting the Internet Explorer in some lock out denial of service manner occurred. In the early days this was working to achieve logging onto the internet when you could not on IE (Microsoft Internet Explorer, part of Windows OS). But cybercrime has evolved greatly in a very, very, very short time and with today’s botnet activities and infections – they can simply block many browsers from navigating to security sites for removal help and software and utilities. There was also a cross-infection that was achieved between the two browsers – Firefox and IE.

 

So, although this may be true in the Linux add on as a back up system right in the same computer (dual boot) with Windows – along those same lines as the ‘back up browser’ – cyber crime no doubt has and is working on some “cross platform” type infection ability – cross operating system malware – to rule this out, meaning as fast as we get there with this idea – they have already seen us coming. Suddenly just a couple years ago, all the Linux and Apple/Mac malwares were discovered and do not forget the other argument – Linux and Apple/Mac were safer simply because 90 percent of the world was on Windows and are the target of the cyber criminal underground meaning Windows users are “where the money is”. This is relating to the malicious ID Theft activity by cyber criminals and other various spyware scenarios and nefarioius use.
In this new decade (2010 – 2020) – I obviously predict this occurrence of the cross operating system infection for dual boot observing this – user security options as adding another OS creating a dual boot system computer. It will be exploding with all the ways in a dual boot system using Linux and Windows of how you can use Linux to actually hack back into the infected Windows sytem to get rid of malware infection. This is already possible in various ways. Not long and it is going to be the same with just Windows as with dual boot systems – in worst infections there will be no way in to remove it. …..”

 

ESET NOD32 has won the most awards for Windows protection…
(about 25 percent more than second and third place worldwide – Symantec, Sophos)
ESET NOD32 Currently 59 VB100 awards !
http://www.eset.com/
http://en.wikipedia.org/wiki/ESET_NOD32
This brings the ESET Antivirus VB100 award total to 59 – still
the highest of any antivirus vendor!
December 2009 – ESET antivirus scoops 59th VB100 Award
http://www.betterantivirus.com/nod32-and-virus-news/archives/1456-December-2009-ESET-antivirus-scoops-59th-VB100-Award.html

 

….So you figure if you absolutely need/want protection – they are a superb company….
ESET NOD32 Antivirus 4 for Linux Desktop Beta Program
Whether you use your Linux desktop to surf the Web or work on shared office documents, it is vulnerable to direct attacks by malware or may be targeted as a carrier for cross-platform viruses and other threats designed to target Windows and Macs. Network shares, email and removable media like USB keys are easy ways for multiplatform malware to spread under the radar.
Runs on the following distributions: Debian, Fedora, Mandriva, RedHat, SuSE, Ubuntu, and other RPM and DEB package manager based installations.
kernel >= 2.6
GNU C Library 2.3 or newer
GTK+ 2.6 or newer
LSB 3.1 compatibility recommended

 

THE MORE LINUX IS USED, THE MORE THE NEED AND REALIZATION OF COMBO PACKAGES FROM SECURITY PRODUCTS NO DOUBT !

 

Research Item:
Executable and Linkable Format
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Executable_and_Linkable_Format

 

 

I personally have been hedgy about dual boot (Linux and Windows on same computer) and have mine (Ubuntu Linux) on my Windows Vista machine of the which Vista is noteably the safest Windows operating system EVER conceived that does not allow viruses to “write to the computer disk” and any virus can only achieve residing temporarily in the tempfiles which would need stupidity or being duped to click and execute the infection. As well with UAC (User Account Control) on as recommended that does this protection -there is NO rootkit that can possibly run on Vista EVER found. ….

 

Vista’s Despised UAC Nails Rootkits, Tests Find – Business Center …
http://www.pcworld.com/businesscenter/article/146256/vistas_despised_uac_nails_rootkits_tests_find.html
May 25, 2008 … Most users find it annoying, but Vista’s Account Control
feature proves most effective in security tests…..
QUOTED….

“….Love or hate its nagging prompts, Vista’s Account Control feature (UAC) has a security feature that marks it out from any other type of Windows security programme — it can spot rootkits before they install.

This is one finding buried in a report published in two German computer magazines some months ago after testing by the respected AV-Test.org, which set out to find out how well antivirus programs fared against known rootkits.

The answer was not particularly well at all, either for Windows XP, or Vista-oriented products. Of 30 rootkits thrown at XP anti-malware scanners, none of the seven AV suites found all 30, a similar story to the six web-based scanners assessed. Only four of the 14 specialized anti-rootkit tools managed a perfect score.

Best Protection

The best of the all-purpose suites was Avira AntiVir Premium Security Suite, which found 29 active rootkits, with Norton finding as few as 18. The anti-rootkit tools fared better, with AVG Anti-Rootkit Free, GMER, Rootkit Unhooker LE, and Trend Micro Rootkit Buster achieving perfect scores. The scores for removal were patchy, however, with all failing to remove any of the rootkits they had found.

The results for Vista products were harder to assess because only six rootkits could run on the OS, but the testers had to turn off UAC to get even this far. Vista’s UAC itself spotted everything thrown in front of it.

Only three of the 17 AV tools for Vista managed to both detect and successfully remove them, F-Secure Anti-Virus 2008, Panda Security Antivirus 2008, and Norton Antivirus 2008.

Once on a PC, rootkits can bury themselves quietly, but they have to get to that point first. As long as users interpret prompts from the UAC system attentively, or those messages haven’t in some way been spoofed, rootkits struggle to jump to the PC without drawing attention to themselves.

That UAC can tell a user when a rootkit is trying to install itself is not in itself surprising, as Vista is supposedly engineered from the ground up to intercept all applications requests of any significance.

Asked too many times “What is best free antivirus” – without knowing….

Asked too many times “What is best free antivirus” – without knowing….

What you have failed to understand is that a ‘stand alone’ reactive free scanner has NO real time protection. They do NOT protect the computer from infection. At best, they can only be used as ‘on demand’ scanning after infections have ocurred and all the damages they can do including many viruses and worms that are specifically designed to damage computers and networks. It is too late then – much too late then – to fix damages and specifically to Windows itself.

Other malwares (botnets) and much of spyware installations like to keep your pc running so they can use it to clandestinely send out mass spams and even crimeware sending piracy softwares, media files, music files, etc.

Todays cyber criminal underground goes after the “free line” big time and their crimewares are so sophisticated today that theyare able to COMPLETELY disable ALL free antivirus and antispyware software programs installed – the free stand alone scanners (free home versions).

EXAMPLE (just one of a zillion)

Security software disabler Trojan

http://www.webopedia.com/TERM/S/security_software_disabler_Trojan.html

Free home versions without Real Time Protection (heuristics) can NOT stop these type threats that can install ‘drive by installations’ at any malicious or infected website on the world wide web – just by visiting them unknowing of the infection – or from malicious emails carrying these infections or files already infected, or downloads of infected softwares. Real Time Protection immediately blocks and quarantines all threats before they can do any damages or installations – the free products DO NOT. There are a couple of exceptions – as have been offered to the community graciously….

GET (first, add other free scanners after)

[best free]

Microsoft Essentials http://www.microsoft.com/security_essentials

Windows OneCare Antivirus is now Free from Microsoft and very highly rated, West Coast Labs Certified and has won the VB100 Award ! Now called Microsoft Essentials….. (highly recommended ! Includes antispyware ! Full shields)

About Microsoft Security Essentials (5* Stars!) (FULL) [wrkx w/ Netbooks]

http://www.microsoft.com/security_essentials/

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

ThreatFire AntiVirus 4-5* (Full)

ThreatFire AntiVirus – Behavioral Virus and Spyware Protection

http://www.threatfire.com/

ThreatFire features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, …

DO NOT install two or more products with Real Time Protection or they may damage the computer or cancel each other out via corruption, but in the least will terrbly bog down the system navigation (navigating the computer by opening files, work multi tasking, playing media etc)

OTHERS / VERY FAIR

Spyware Terminator [working-freeware] (Antispyware and antivirus. Real time protection added ! ) 4* (Full) [wrkx w/ Netbooks, tad heavy]

http://www.spywareterminator.com/

Millions of users worldwide rely on Spyware Terminator, winner of many awards and high ratings from industry experts and users. Its free comprehensive protection is comparable to competitors’ paid versions!

Spyware Terminator includes: http://www.spywareterminator.com/

* Fast spyware scanning

* 100% real-time protection

* HIPS protection

* Antivirus protection

* Multilanguage Support

http://www.spywareterminator.com/

View List of All Features »

http://www.spywareterminator.com/features/antispyware-features.aspx

Note free Comodo has problems you can see in any security news area on the Net. It is frowned upon in some security forums by advanced users….

Make SURE you have a firewall installed to block direct hackers from taking over the pc…

PC Tools Firewall Plus – Free Edition 5* [wrkx w/Netbooks]

http://www.pctools.com/firewall/

Easy-to-use, free software firewall for PC users to protect your computer from intruders and malicious network traffic.

(PC Tools is maker of famous Spyware Doctor)

Online Armor Personal Firewall Free [new/advanced users] [wrkx w/Netbook] 5+*

http://www.tallemu.com/  (best)

Online Armor Free provides both a firewall and a whitelist approach to program security for Windows NT, 2000 and XP. It does not show pop-ups for many known good programs, and it scans all your installed programs when it first runs so that you can quickly tell it what to do with apps it doesn’t know about.

Operating Systems: Windows XP, Windows 2000, Windows Vista

ZoneAlarm Free Firewall 4-5* (popular)

Protect your PC with #1 Free Firewall

http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

Source(s):

http://bluecollarpc.us/malwareremovers.php

Desktop/Laptop Cloud Computing – new “super antivirus” for the New Decade

Desktop/Laptop Cloud Computing – new “super antivirus” for the New Decade

The newer cloud computing antimalware softwares have arrived which may replace all known traditional antivirus, and generally combined with antispyware (as a suite or combo package) , as we know it – towards the middle or even end of the decade. They are here and are being used. Originally I viewed Cloud Computing as just a complete re-write of IT Security with a new guy on the block stealing business and aimed at simplification for “computer and security dummies” – whether average desktop users or actual business owners with a network of machines. It was appearing that all features for all settings in antivirus and antispyware were being hid from the user – apparently assuming a too vast amount of them were messing up navigation by using extreme hard settings not anticipating the extra time – or not using enough secure settings as circumventing their security available just for convenience beyond annoyance.

For veteran users, it presents the problem of “hands on” with the products. Features become unaccessible that are traditional. It is becoming hard to find a quality product without this newer overhaul. It becomes harder to simply give a defense product blind faith to protect the computer system and files without mistakes. They always declare “as is” and “no one is perfect”. But the upside is that they are the newer “super antimalware” with a decade of experience in the top companies. They add protection that did not exist years ago, or may have been found by adding layers of protection with add ons – but now in the one package by trusted proven companies.

Naturally this invited the dreaded “learning curve” in all areas…. cloud computing – what is it and how will it effect me ? I found the easiest way to understand this is by looking at one of the products. Take a look at a quality product of the well known and rated Trend Micro …..

Trend Micro Titanium Internet Security 2011

Trend Micro Titanium Internet Security revolutionises Internet Security. Proven Cloud-based technology automatically stops Viruses & Spyware before they …

http://emea.trendmicro.com/emea/products/personal/titanium-internet-security/

This will really help in an orientation with the new trend toward cloud computing defense products by many major companies in the security software industry (antivirus, antispyware). Read and browse over the newer features and how they are integrated into protection. This should help in new decisions down the road or right now as an upgrade. You should easily understand they are indeed the new super antimalware products now available. Note that Webroot acquired Prevx as their move towards cloud computing for the average user.

Hope this helps !

Differences – sharware, freeware, donate Security products

Differences – sharware, freeware, donate Security products

We are at such a late date in malware today – but a new decade in the Security horizon. In the years I have been a Helper in the community I have found generally the greatest threat is actually someone not aware of the dangers. Of course I finally got rid of my almost humiliating “newbie” tag days and then the computer jargon of it all comes into play – learnong how to even pose an intelligent question. Like learning finally there are viruses and worms – but these are not adware and spyware which are different and antivirus products do not get rid of them and is why they created antispyware products. And then the “Orson Wells” of it all – is it all “snake oil” (worthless products) or the industry itself infects and “milk money” (mafia protection fee) is collected through anti this and anti that.

Unfortunately all malware is exactly as described in any publication you will find – meaning the horror of computer damage or the horror of cyber criime as far as IDTheft and the like areas there as corporate extortion and so on. What to do ?

Just becoming aware of threats has won the ballgame, believe me.  In discovering the dangers of malware – virus and worm can destroy, adware and spyware can spy copy and broadcast data, trojans and rootkits can control – in the simple act of becoming aware of threats to computers and personal data today has put you on the road to Computing Safety. This is because the next logical step one takes is to find out how to get protected if possible. This next step is to today’s security solution products – security softwares antivirus, antispyware, and a personal firewall for each computer.

Now, you soon find out about “Real Time Protection” which is as heuristics or intrusion protection or any tag name for these universal technologies protecting everything 24/7. Everywhere you browse, all email attachments and emails themselves (embedded threat as a jpeg photo virus) , downloading and opening softwares and files and documents etc – all is monitored for infection ready to execute to either mess up your computer or financial life.

If you just caught up with that – you have found out the free home versions traditionally have no Real Time Protection activated which is after purchase, though there have been a couple high quality products offered free to the Community such as former award winning (West Coast Labs Certification, VB100 award) Microsoft Windows One Care antivirus which is now free to the community from them and renamed “Microsoft Essentials”. Of course there has been popular and very effective Windows Defender which began as Microsoft Antispyware and is not part of Windows in Vista and after (can use or not). Windows Defender is one of two antispyware programs in all the world I know of that indeed has Real Time Protection as pay products do. The other of course is popular Spyware Terminator with enterprise Clam antivirus which apparently removed offenses from the old Crawler toolbar listed as malware and now is clear of the red flagging in the industry. Sometimes they call that a “rebranded” toolbar. Many times crimeware is changed a little, repackaged, and reused to infect to get past detection which has been laughable to the security industry.

So bottom line and closing message is the point of this post – the difference in realizing you were not protected if you used a free or donate home version product that does not have Real Time Protecion activated traditionally in shareware (purchased) products. The free home versions offered by many top companies are called stand alone scanners and are “reactive” protection – scanning for and removing after infections. The real time products are called the proactive security solution.

(originally at our aol answer blog)

New Amatuer Forensics Build in Progress – “Nimrod Botnet”

New Amatuer Forensics Build in Progress – “Nimrod Botnet”

This is the preliminary notes of the build with an important Estimate.

[NOTE WE CLOSED BLUECOLLARPC.NET OCT 2009 / DEAD LINKS] ———————————

Amatuer Forensics Build – Nimrod Botnet

History: Is Grisoft AVG Free Reverse Engineered by Botnets? By bluecollarpc http://bluecollarpc.wordpress.com/2009/04/15/is-grisoft-avg-free-reverse-enginee\ red-by-botnets/

(((Forensics Build – Nimrod Botnet))) Date: July 30 2009

——- THIS IS A SCRATCH BUILD – ADDING DAILY ——

AMATUER PC SECURITY FORENSICS

Title: “Nimrod Botnet” (Nimrod was a hunter)

Infection Date:

a-squared Anti-Malware – Version 4.0 Last update: 4/13/2009 9:45:09 AM

Entry Threat: Win32.Outbreak!IK

(Adding report on trojan found in Windows Error Reporting)

ESTIMATE: Virtualization Comprimise

——— NOTES

NON SAMPLE…. US labs virtualise 1m Linux kernels (anti-botnet research) ZDNet UK Wed, 29 Jul 2009 08:37 AM PDT Sandia National Labs have simultaneously run more than a million Linux kernels on a single cluster, an accomplishment that could prove useful for anti-botnet research…. http://news.zdnet.co.uk/software/0,1000000121,39698952,00.htm

 TARGET: Windows Server 2008 http://en.wikipedia.org/wiki/Windows_Server_2008  

Windows Server 2008 is the most recent release of Microsoft Windows’ server line of operating systems. Released to manufacturing on February 4, 2008 and officially released on February 27, 2008, it is the successor to Windows Server 2003, released nearly five years earlier. A second release, named Windows Server 2008 R2, was released to manufacturing on July 22, 2009.

Like Windows Vista and Windows 7, Windows Server 2008 is built on Windows NT 6.x. Self-healing NTFS In previous Windows versions, if the operating system detected corruption in the file system of an NTFS volume, it marked the volume “dirty”; to correct errors on the volume, it had to be taken offline.

With self-healing NTFS, an NTFS worker thread is spawned in the background which performs a localized fix-up of damaged data structures, with only the corrupted files/folders remaining unavailable without locking out the entire volume and needing the server to be taken down. The operating system now features S.M.A.R.T. detection techniques to help determine when a hard disk may fail. This feature was first presented within Windows Vista.[10]

Best guess….. with Disk Defragger and Disk Check inoperative (begins and moment later progress vanishes – reboot unable to run), and with System Restore corupted – this seemed the target is to hide a dirty disk.

Apparently trial runs on personal Vista PCs (Ho Prem) through the “reverse engineering” of the anitvirus product broken into. Why would they do that…. to install counterfiet components of Unix-Like for example to even run dual server communication undetected.

In other words Windows Server 2008 and Self-healing NTFS are “cracked” and thus the Windows Server 2008 R2 was released to manufacturing on July 22, 2009.

Recommendation – upgrade.

ADDITIONAL SOURCES:

Additional sources… news.admin.net-abuse.sightings http://groups.google.com/group/news.admin.net-abuse.sightings/msg/c26324447d0f23ef  

Webmaster BlueCollarPC.Org http://www.BlueCollarPC.Org

and now I know my Vista like the back of my hand.

AmatuerForensics-Mobile: USB stick MP3 Player (apparent cross infection)

AmatuerForensics-Mobile: USB stick MP3 Player (apparent cross infection – PC /Mobile PC)……

NOTE this threat installation had tell tale signs of perhaps even the first
Windows Mobile mobile botnet. It was successfully blocked from establishing connection and detected before ever causing any damages and safely removed.

Mobile Threat: FlashMates_(v1[1].0.4)_Setup.exe / which is identified as
Email-Worm.Win32.Apbost!IK [Ikarus antivirus = IK]

PDA Mobile Cafe’s Blog
Mobile PC and everything wireless – cell, pda, laptop
——————————————————————————–

USB stick MP3 Player labled Nextar (apparent cross infection – PC / Mobile PC) July 24, 2009 by pdamobilecafe
http://pdamobilecafe.wordpress.com/2009/07/24/usb-stick-mp3-player-labled-nextar-apparent-cross-infection-pc-mobile-pc/ 
A USB stick MP3 Player labled Nextar (apparent cross infection – PC / Mobile PC)

Funny thing happened when plugging in (to desktop pc) a USB stick MP3 Player labled Nextar (cross infection) from a friend. Read on.

Possibly a black market relabled fake and there are apparent even criminal
“clone” or “phisher” or “pharmer” sites around emusic.com. Suddenly, an apparent “cross infection” ocuured in the Pocket PC Windows Mobile – a mass emailing worm ! Isn’t that fun (sarcasm).

eMusic – Wikipedia, the free encyclopedia eMusic is an online music store that operates by subscription. It is headquartered in New York City and owned by Dimensional Associates, LLC. … http://en.wikipedia.org/wiki/EMusic

Press Releases – Mi5 Networks Secure Web Gateway Feb 2, 2009 … Detailed reports enable eMusic to quickly identify infected machines on the network, understand the specific types of malware involved and …
http://www.mi5networks.com/news/press/2009_0202-eMusic.com-Selects-Mi5-Networks-in-Favor-of-Solo-Web-Security-Products.htm 

Apparent Open Source Project: eMusic/J 0.25
http://mac.softpedia.com/get/Multimedia/eMusic-J.shtml

Uh Oh…….

Name: Adware.Win32.eMusic Toolbar
http://www.emsisoft.com/en/malware/?Adware.Win32.eMusic+Toolbar

FORENSICS:

FILES Detected…. (apparently instantly – inserting USB MP3 Player)

DESKTOP: (windows xp home)

#emusic.oem

#emusiclogo.gif

#Trys to connect to “malicious host” emusic.com / apparent back door threat ? Blocked. USB Stick removed. Still attempts to connect after PC restarted or using media player(s). Seems a registry hook possible ? Scanned, not found. Looking manually.

SYMPTOMOLGY:

Stick in and out (on desktop). The continuing attempt to re-connect to
“emusic.com” indicates either a registry hook of some sort or worst is a rootkit as not visual in the registry. See the Sony Rootkit nightmare.

#SCANNED – FOUND: MOBILE PC (Windows CE 3.0 / Pocket PC 2002)

Installs apparent mass emailing worm as possible part of “cross infection”:

#FlashMates_(v1[1].0.4)_Setup.exe / which is identified as
Email-Worm.Win32.Apbost!IK [Ikarus antivirus = IK]

SEE Analyzing the Crossover Virus: The First PC to Windows Handheld
Cross-infector http://www.informit.com/articles/article.asp?p=458169&rl=1

NOTES: Adding more if found

The Exercise ? Watch out you didn’t get the real product

—-

SCAN RESULTS:

SCAN RESULTS….

a-squared Anti-Malware v. 4.5.0.19
(C) 2003-2009 Emsi Software GmbH –

www.emsisoft.com

ID Object
0 C:\Program Files\Uniblue\System Tweaker\System Tweaker.exe
Backdoor.Win32.Wootbot!IK
1 C:\Documents and
Settings\cbgerry\MyDocuments\POCKETPC-DOXX\FlashMates_(v1[1].0.4)_Setup.exe
Email-Worm.Win32.Apbost!IK

NOTES: The “Email-Worm.Win32.Apbost!IK” is the worm and file name is
“FlashMates_(v1[1].0.4)_Setup.exe”.
(location “POCKETPC-DOXX” caught in dummy folder. It takes two to play games. IK is symbol for Ikarus antivirus)

—-
NOTES: ……
New start up after quarantine and emusic connect attempt blocked again
(antimalware program). A registry hook (originally suspected as cause) generally is involved with one entity (unless multiple), here media players, that is easily detected and deleted. This did show files in two media players (with premium features) and now has jumped to Windows Media Player – which symptomology is as a self replicating worm does, but apparently here – as indeed a rootkit does – is as like a matrix that continually can give various commands (more powerful than a trojan and can continually install more software) and is best best guess of the symptoms experienced. The activity shows the “matrix” (several) commands severally or mutiple times after deletions which is almost as the self replicating worm does when deleted and is reinstalled elsewhere but finally gets deleted by antivirus. This indicates the rootkit activity as quite posible and the infection.

[THESE ARE ALL CLOSED OCT 2009]…..

Visit: PDA Mobile Cafe Homepage
http://www.pdamobilecafe.bluecollarpc.net/index.html
Mobile Portal: http://mysite.verizon.net/gerald_309/id16.html
Forums: http://pdamobilecafe.freeforums.org/

Posted in PDAMobileCafe Blog Alerts, PDAMobileCafe Blog Announcements,
PDAMobileCafe BlogPosts

—-

PDA Antivirus solutions available – shop!
By pdamobilecafe
Security Software: PDA Antivirus solutions available….. shop !

Try a trialware of the products where available. The Mobile Computer is now NO different then the Desktop – all the same threats are now out here. Symbian gets slammed.

PDA ANTI-VIRUS SOLUTIONS :

Security Software: PDA Antivirus solutions available….. shop !

Try a trialware of the products where available. The Mobile Computer is now NO different then the Desktop – all the same threats are now out here. Symbian gets slammed.

PDA ANTI-VIRUS SOLUTIONS :

Air Scanner.com AntiVirus (Free/Private Use, and Company/Corporate License)
http://www.airscanner.com (Also sells PDA Firewall ! )
Online Updates through Active Sync ! From the company that wrote the
best-selling technical book Maximum Wireless Security comes a professional strength virus scanner for the Pocket PC.

BullGuard Mobile for PPC
http://www.bullguard.com/mobile/
Protect yourself against malware when online with your PPC.

ExoVirusStop 1.0.4
http://www.exosyphen.com/
http://downloads-zdnet.com.com/ExoVirusStop/3000-11138_2-10358960.html
http://www.download.com/ExoVirusStop/3000-11138_4-10358960.html
Protect your Symbian series 60 phone against viruses and Trojans, with this
antivirus product. ExoVirusStop brings some new and innovative features, which make this software unique. The file size is small, so it won’t use up your phone’s storage space. Very fast scanning engine takes a few seconds to check your phone for viruses. Virus dictionary allows you to read useful information and details on the viruses that exist for the Symbian OS. Known viruses and their variants: Caribe, Skulls, Mosquitos, Gavno.

F-Secure.com (Pocket PC, Pocket PC 2002, Windows Mobile and PocketPC 2003)
http://www.f-secure.com/wireless/
F-Secure is the forerunner in creating security applications that are optimized for wireless devices and offer reliable and automatic on-device protection. F-Secure Anti-Virus ensures complete protection for your handheld devices. F-Secure also offers security solutions for mobile operators and service providers. Microsoft ActiveSync 3.5 or later to install. The virus definitions of F-Secure Anti-Virus for Pocket PC can also be updated over a wireless connection, such as GSM/GPRS phone, WLAN or Bluetooth connectivity.

ESET Mobile Antivirus for Smartphones
http://www.eset.com/products/
(Eset makes the famed NOD32 Antivirus for PCs)
Mobile devices like Smartphones and PocketPCs are exploding in numbers. Malware that targets them is bound to follow. Detecting and disabling these emerging threats requires sophistication beyond signature-based antivirus. ESET’s heuristics engine is the best protection for individuals and businesses that depend on mobile communication. Fast and thorough scanning keeps your files free of malware and our SMS spam filter keeps your text message folder uncluttered.

Kaspersky Security for PDAs (Palm, PocketPC)
http://www.kaspersky.com/homeuser?chapter=4157432
Today, most of us own not only PCs and laptops, but handhelds as well. They
provide convenient, portable data storage. But this convenience may come at a price. The down side is that handhelds are just as subject to virus infections and data theft as PCs and laptops. They also offer viruses entry to home and business networks alike.

SMobileSystems (FB-4 Virus Guard)
Formerly, FB-4 Virus Guard http://www.fb-4.com
SMobileSystems
http://secure.smobilesystems.com/main/home/index.php
About SMobile Systems….
SMobile is the world leader in providing comprehensive software
security solutions for all major mobile device platforms, including
BlackBerry,Windows Mobile, Symbian, Palm, iPhone and Android.

Avira AntiVir Mobile
Professional virus and malware defense for Pocket PCs and smartphones
http://www.avira.com/en/products/avira_antivir_mobile_3.html
Operating systems: Windows Mobile 2003 for Pocket PC, Windows Mobile
2003 Second Edition, Windows Mobile 5 and Windows Mobile 6.1 (Classic
and Professional Edition) Processors: ARM or Intel x86
MORE:
Nokia 3230, 6260, 6600, 6620, 6630, 6670, 6680, 6681, 6682, 7610, N70 and N72 Panasonic X700 and X800 Samsung SGH-Z600, SGH-D720 and SGH-D730 Nokia Communicator 9300 and 9500

PC-cillin Virus Protection (Full Services- All Downloads ARM,etc.)
http://download.com.com/3000-2239-9649107.html
WebClip: ” Protect your computer and PDA from viruses at home or on the go with PC-Cillin 2003. PC-Cillin combines advanced virus detection and cleaning with an integrated firewall to safeguard your system from hackers and malicious code threats in e-mail and instant messaging and while surfing the Internet. New features such as Wi-Fi protection help secure your computer when connecting to a wireless LAN network, and Outbreak Alert gives you early warning about new viruses.”

PC-cillin Virus/ Wireless2.0 – PalmOS 3.1-up [32k]
Freeware version. Scans all files and identifies any infected. Log report
http://download.com.com/3000-2363-10179689.html?tag=lst-0-1

PC-cillin Virus/ Wireless2.0[MIPS]Windows3.0 [612k]
Freeware version. Scans all files and identifies any infected. Log report (1k,
each scan, deleteable) includes Virus list.
http://download.com.com/3000-2178-10179705.html?tag=lst-0-3

PC-cillin Virus/ Wireless2.0[SH3] Windows3.0[561k]
Freeware version. Scans all files and identifies any infected. Log report (1k,
each scan, deleteable) includes Virus list.
http://download.com.com/3000-2178-10179701.html?tag=lst-0-4

PC-cillinVirus/ Wireless2.0[ARM] Windows3.0 [535k] (PocketPC)
Freeware version. Scans all files and identifies any infected. Log report (1k,
each scan, deleteable) includes Virus list.
http://download.com.com/3000-2178-10179699.html?tag=lst-0-2

Symantec AntiVirusT for Handhelds – Norton
http://www.symantec.com/
Annual subscription anti-virus protection with live Updates for PDA /Palm and PocketPC, others, versions. Works through Sync (HotSync , ActiveSync, etc.). Protects Device and also over wireless internet like WiFi 802.11. Check out Live Updates downloads wirelessly as well. Protects Beam Infrared!

Anti-virus for Symbian Series 60 – now free (ExoVirusStop.com) !!!
Current IT news from heise online – London,UK
Exosyphen Studios has made it’s ExoVirusStop anti-virus software for Symbian Series 60 mobiles
running variants of S60 1st and 2nd Edition free to download. …
http://www.heise-online.co.uk/security/Anti-virus-for-Symbian-Series-60-now-free/news/112439
Anti-virus for Symbian Series 60 – now free
Exosyphen Studios has made it’s ExoVirusStop anti-virus software for Symbian Series 60 mobiles running variants of S60 1st and 2nd Edition free to download –
http://www.exovirusstop.com/
The older S60 1st and 2nd Edition phones include those up to the Nokia N70 and N90. According to the companies blog “there are no strings attached and no catches.”… FULL STORY

http://www.heise-online.co.uk/security/Anti-virus-for-Symbian-Series-60-now-free

————————————

[THESE ARE ALL CLOSED OCT 2009]…..

PDA Mobile Cafe Members Area:
http://www.pdamobilecafe.bluecollarpc.net/members1.html
PDA Mobile Cafe AvantGo Channel (view online):
http://mysite.verizon.net/gerald_309/id16.html
Wireless Help Links:
PDA Mobile Café
http://www.pdamobilecafe.bluecollarpc.net/pdawireless.html
Vista: http://www.bluecollarpc.net/myvistapc.html
BlueCollarPC.Net: http://www.bluecollarpc.net/allwireless1.html
Philly-WiFi Philadelphia Wireless Club:
http://tech.groups.yahoo.com/group/Philly-WiFi/
Yahoo! Groups Links

Tags: airborne, mobile antimalware, mobile antivirus, mobile malware, mobile security