Welcome to the BlueCollarPC.US – We Thank You for choosing us as your additional Computing Security destination ! …..

(This is a *sticky* post as a welcome message in the center column here that contains our blog posts below! Please visit the various webpages here for orientation and help….. Help Center (Threat Detection/Removal), Threats FAQs, Windows Registry Help, PC Help, Wireless, more…)

Welcome to the BlueCollarPC …… A Community Help Website Since 2005!

BlueCollarPC.US Launched June 14 2010 Personal Website for General Audiences with Computing Safety and Malware Removal Help and Information as main theme which includes memberships available for live help – at our Groups and Forums. Formerly Webmaster of BlueCollarPC.Net from 2005 -2009 (over 6 million Visitors) and back up BlueCollarPC.Org [closed].

For the record… Towards the end of 2009, the BlueCollarPC .Net /.Org(back up) created by me had enjoyed just over 6 Million Vistors/Users! – and are proud to have helped and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find. The move to BlueCollarPC.US reflects the move to complete malware removal help including the newer dreaded botnet infections and many others evolved. Our original domain began as an antispyware help detect/removal site.

Posted in ANNOUNCE, BlueCollarPC WordPress Blog. Comments Off

Review: Comodo Internet Security 7 (Best Free with Real Time Protection)

Review: Comodo Internet Security 7 (Best Free with Real Time Protection)

Comodo Internet Security 7.0.313494.4115
Razvan Mihai Asmanow Serea

16 hours ago 0 Comments submit to reddit

Comodo Internet Security is the free, multi-layered security application that keeps hackers out and personal information in.Built from the ground upwards with your security in mind, Internet Security offers 360° protection by combining powerful Antivirus protection, an enterprise class packet filtering firewall, advanced host intrusion prevention and automatic sandboxing of unknown files.Unlike the stripped down versions of commercial software that other software vendors offer for free, this is the full, completely functional version of the product.

Main features of Comodo Internet Security:
•Antivirus: Tracks down and destroy any existing malware hiding in a PC.
•Anti-Spyware: Detects spyware threats and destroys each infection.
•Anti-Rootkit: Scans, detects & removes rootkits on your computer.
•Bot Protection: Prevents malicious software turning your PC into a zombie.
•Defense+: Protects critical system files and blocks malware before it installs.
•Auto Sandbox Technology™: Runs unknown files in an isolated environment where they can cause no damage.
•Memory Firewall: Cutting-edge protection against sophisticated buffer overflow attacks.
•Anti-Malware Kills malicious processes before they can do harm.

What’s new in this version:

•Viruscope monitors the activities of processes running on your computer and alerts you if they attempt to take suspicious actions. Apart from forming yet another layer of malware detection and prevention, the

GET COMODO HERE…. http://www.comodo.com/home/internet-security/antivirus.php

Botnets: Everything Afraid To Ask Answered

Botnets: Everything Afraid To Ask Answered ….

This is a really good article covering about all the bases:

HTG Explains: What is a Botnet?
Botnets are networks made up of remote-controlled computers, or “bots.” These computers have been infected with malware that allows them to be remotely controlled. Some botnets consist of hundreds of thousands — or even millions — of computers. ….

Windows 8 and 8.1 gives malicious code the boot

Windows 8 and 8.1 gives malicious code the boot….

The following article needs some updating about today’s quality antimalware that has the new protections working with Windows 8 and 8.1….

Windows 8.1 gives malicious code the boot(s) TechRepublic The Windows operating system has a number of security controls, and most users have some sort of anti-malware security suite installed on their …


Threats/infection that launch before system:

Rootkit (definition) http://en.wikipedia.org/wiki/Rootkit

BOOTKITS Bootkits http://en.wikipedia.org/wiki/Bootkit#bootkit
A kernel-mode rootkit variant called a bootkit can infect startup code like the Master Boot Record (MBR), Volume Boot Record (VBR) or boot sector, and in this way, can be used to attack full disk encryption systems. An example is the “Evil Maid Attack”, in which an attacker installs a bootkit on an unattended computer, replacing the legitimate boot loader with one under his control.  Typically the malware loader persists through the transition to protected mode when the kernel has loaded, and is thus able to subvert the kernel. For example, the “Stoned Bootkit” subverts the system by using a compromised boot loader to intercept encryption keys and passwords. More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.

Today’s quality Antimalware products:

Early Launch Anti-Malware http://www.techopedia.com/definition/29079/early-launch-anti-malware-elam-windows-8?utm_source=tod_newsletter&utm_medium=email&utm_content=tod_more&utm_campaign=newsletter
What does it mean? Early Launch Anti-Malware (ELAM) is a Windows 8 security technology that evaluates non-Microsoft Windows boot time device/application drivers for malicious code. It is the first system kernel driver that starts in Windows 8 operating mode, before any third party software or driver. Techopedia Explains As a component of Secure Boot – also introduced in Windows 8 – ELAM is a detection driver used to identify malware, root kits or other malicious code/drivers initiated at system Read more »

(((Note …. newer technology for Windows 8 in antimalware (antivirus plus antispyware). Some additional links….)))

Windows 8 Early Launch Anti-Malware from Third-Party AV Vendors http://news.softpedia.com/news/Windows-8-Early-Launch-Anti-Malware-from-Third-Party-AV-Vendors-226789.shtml

Managing early launch anti-malware (ELAM) detections http://www.symantec.com/business/support/index?page=content&id=HOWTO81107

Windows 8 ELAM: too late, too little! http://www.virusbtn.com/conference/vb2012/abstracts/KulkarniJagdale.xml

How to configure Early Launch Anti-Malware Protection in Windows 8 http://www.bleepingcomputer.com/tutorials/configure-early-launch-antimalware-protection/

How to disable Early Launch Anti-Malware Protection http://www.bleepingcomputer.com/tutorials/disable-early-launch-antimalware-protection/

Understanding Early Launch Anti-Malware (ELAM) technology in Windows 8 http://www.thewindowsclub.com/earlylaunch-antimalware-elam-technology-windows-8

[Hot Fix] B0006 – The Early Launch Anti-Malware of Titanium 2013 does not load properly http://esupport.trendmicro.com/solution/en-US/1095123.aspx

Windows 8: Trusted Boot: Secure Boot – Measured Boot http://blogs.msdn.com/b/olivnie/archive/2013/01/09/windows-8-trusted-boot-secure-boot-measured-boot.aspx

SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

Report: Softwares responsible for 76% of vulnerabilities – install Secunia PSI

Report: Softwares responsible for 76% of vulnerabilities – install Secunia PSI

Third-party programs responsible for 76% of vulnerabilities in popular software Posted on Feb 27, 2014 11:28 am Third-party programs are responsible for 76% of the vulnerabilities discovered in the 50 most popular programs in 2013, say the results of Secunia’s Vulnerability Review 2014, which is based on a samp… Read in browser » http://www.net-security.org/secworld.php?id=16448  

NOTE this was the great efforts and design and reasons for Microsoft creating Windows Vista, as it was shown and proven that Windows was NOT the reason for so much malware as an inadequately safe operating system. It was the third party – or simply all other softwares users installed on their computers that were the causes of malware infections via poor inadequate security coding and mainly always using Administrator Privileges were it was not necessary which gave malware administrator rights to run on the system. UAC – User Account Control was born in Vista which mitigated this. Bill Gates and Microsoft addressed ALL software creators worldwide to design safer hard coded softwares security-wise and not using administrator rights continually where not appropriate or necessary to run.

The security re-designed Windows Vista was on the heels of the Windows XP launch and years – where much of today’s malware was created and invented such as spyware itself, which did not exist before Windows XP. Here we are again with this reliable, credible, and well respected Secunia report. Malware is infecting systems thru weak softwares and NOT because of the Windows Operating System design. 

It is more than highly recommended for all users to install this free software for Home Users from Secunia (which I use too) which is a reliable durable software program that will scan the web for software updates that get issued for all softwares you may have installed. It can be set to automatically update them or manually. It can set to run with each computer start up in the background or to manually start and run a scan periodically as once a week or twice monthly. Now to do this manually can take hours and hours going to the software home website to check if updates are available, which many times are too hard to find at the site or not even posted there. Many softwares today finally added a Check For Updates button, which again can take all the time to continually open and close each software to check for Updates. The Secunia PSI automates these tasks ! HIGHLY RECOMMENDED AND IS FREE TO HOME USERS !

(NOTE this will not install software Upgrades to next versions like on paid-for softwares were it will cost more for an upgrade. It scans for updates to your existing version.)

Secunia Personal Software Inspector (PSI)
(Download at website)
The Secunia PSI explained
The Secunia Personal Software Inspector (PSI) is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can leave your PC open to attacks. Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it safe. The Secunia PSI even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC. Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.  

(From Secunia) :

PSI 3.0 Walkthrough

Tim and Dave
Short animated story about security and why Tim is happier than Dave. http://www.youtube.com/watch?v=h5rZkCnKMCM&feature=youtu.be  

From Wikipedia, the free encyclopedia


SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/ 
Alternate https://sites.google.com/site/pcsecurityhelper/ 
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/ 
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com 
Free Malware Removal Help / A Community Website Since 2005


Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild

US-CERT: Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild

Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild Original release date: February 14, 2014 https://www.us-cert.gov/ncas/current-activity/2014/02/14/Internet-Explorer-10-Use-After-Free-Vulnerability-Being-Actively An unpatched Internet Explorer 10 use-after-free vulnerability is being exploited in the wild. CERT/CC Vulnerability Note VU#732479 has been published with further details about the vulnerability.  US-CERT recommends users protect themselves against this exploit by using Microsoft’s EMET utility, upgrading to Internet Explorer 11, or using an unaffected alternative web browser until a patch is released.


“Use After Free” Flaws: A New Theme for IE Vulnerability … Apr 9, 2013 -
Similar to the flaws in last month’s update, both of these vulnerabilities are what developers call “use after free” vulnerabilities – a type of …

Also in Firefox…..
VUPEN Vulnerability Research Team (VRT) Blog  Advanced Exploitation of Mozilla Firefox Use-after-free Vulnerability (MFSA 2012-22)  Published on 2012-06-25 17:45:24 UTC by Jordan Gruskovnjak
Hi everyone, In this new blog, we will share our technical analysis of a use-after-free vulnerability affecting Mozilla Firefox, and how we managed to achieve a reliable code execution and bypass DEP/ASLR using the same unique and non-trivial-to-exploit flaw. This specific vulnerability (CVE-2012-0469) has been patched by Mozilla as part of the MFSA 2012-22 security advisory.

Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability ……….
Recommendations: Run all software as a nonprivileged user with minimal access rights. To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights………..

Risk: High
Date Discovered: February 14, 2012
Description: Microsoft Internet Explorer is prone to a remote code-execution vulnerability because of a use-after-free error in the ‘Mshtml.dll’ library. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

Finally added Facebook and other media share links to BlueCollarPC

Finally added Facebook and other media share links to BlueCollarPC….

From the beginning, Facebook was kind of frowned on for security/privacy issues. They have come a long way. We did not want our site pulling down information and so have also tested things and the best is up to each Facebook user to control all content via the privacy/security settings.

With PC Security the major issue aside of learning how to efficiently use a Windows PC, it is important to have trusted sites and their content available as widespread as possible considering there are hundreds of millions computers in use. With convenient simple enough plug ins now added at BlueCollarPC.US – this should help that Community effort. Share what is important to you and of course you know needed for others to see.

Webmaster, BlueCollarPC.US

Have a Safe Computing Day!

Linksys router Firmware Fix announced for Moon Worm malware

Linksys router Firmware Fix announced for Moon Worm malware

How to prevent your Linksys router from getting The Moon malware [FAQs]
What should I do to prevent my Linksys router from getting The Moon malware? http://kb.linksys.com/Linksys/ukp.aspx?pid=80&app=vw&vw=1&login=1&json=1&docid=56b6de2449fd497bb8d1354860f50b76_How_to_prevent_getting_The_Moon_malware.xml

Linksys announces firmware fix to neutralize “The Moon” worm
Posted on Feb 18, 2014 01:13 pm As Linksys (i.e. parent company Belkin) announced they were aware of “TheMoon” malware targeting its older routers and that they are working on a firmware fix, more details about the worm in question … Read in browser » http://www.net-security.org/malware_news.php?id=2711

Linksys Is Preparing Firmware Fix to Protect Users Against TheMoon Worm
The SANS Institute’s Internet Storm Center has issued a warning about a worm that targets certain Linksys routers. Dubbed “TheMoon” because it contains images from the movie with the same name, the threat is designed to exploit a vulnerability in the devices in order to spread.  Once it infects a device, the worm gathers information on the targeted router, including hardware and firmware versions. Then, it sends an exploit to a vulnerable CGI script that runs on affected routers. “The request does not require authentication. The worm sends random ‘admin’ credentials but they are not checked by the script. Linksys (Belkin) is aware of this vulnerability,” Johannes Ullrich, the expert who identified the worm, explained. “This second request will launch a simple shell script, that will  …….


Get every new post delivered to your Inbox.

%d bloggers like this: