Anti-virus Products Mostly Ignore Windows Security Features

I recently highlighted a study which showed that most of the top software applications failed to take advantage of two major lines defense built into Microsoft Windows that can help block attacks from hackers and viruses. As it turns out, a majority of anti-virus and security products made for Windows users also forgo these useful security protections.

As I wrote last month:

Attackers usually craft software exploits so that they write data or programs to very specific, static sections in the operating system’s memory. To counter this, Microsoft introduced with Windows Vista (and Windows 7) a feature called address space layout randomization or ASLR, which constantly moves these memory points to different positions. Another defensive feature called data execution prevention (DEP) — first introduced with Windows XP Service Pack 2 back in 2004 — attempts to make it so that even if an attacker succeeds in guessing the location of the memory point they’re seeking, the code placed there will not execute or run.

These protections are available to any applications built to run on top of the operating system, and they’re designed to make it difficult for attackers to develop reliable exploits for vulnerabilities in Windows applications. As we saw last month, few top apps invoke the protections, but many readers may be surprised to learn that few anti-virus products have adopted these technologies.

I installed the trial versions of a dozen top anti-virus and security suites on a virtual machine running Windows Vista, and then checked each product’s executable files using Microsoft’s excellent process Explorer tool, which provides a mass of information about processes running on your Windows system, including whether or not those processes invoke DEP and/or ASLR.

Among the anti-virus products that used neither ASLR nor DEP were AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010.

Microsoft Security Essentials was the only product that used both ASLR and DEP consistently on Windows Vista (although interestingly it does not invoke DEP on Windows XP). Other anti-virus suites I tested used either ASLR or DEP (or both), but only in some applications that make up the suite. For example, McAfee Internet Security’s “mcagent.exe” program runs both ASLR and DEP, while four other executable processes spawned by the program ran DEP but not ASLR (since these tests were run, McAfee has changed the trial version of MIS available on its site, and the company sent me a screen shot that shows DEP and ASLR on all running processes in that version).

Similarly, I found that the anti-virus suite from Avira ran its main avguard.exe program in ASLR mode but did not use DEP. The rest of the program files that ship with this product run neither ASLR nor DEP. Kaspersky Internet Security had DEP enabled on just one process (the browser plug-in), and did not invoke ASLR with any program components.

To be sure, DEP and ASLR are not panaceas: Security researchers have come up with a number of clever ways to bypass these protection mechanisms. Still, it’s interesting to note the lack of these features in anti-virus products for two reasons: First, even researchers who have developed exploits to work around these protections say the two technologies raise the bar significantly for malicious coders. Second, anti-virus products are not immune to a number of clever ways to bypass these protection mechanisms

I sought comment from all of the anti-virus vendors whose products I examined (except for Microsoft) and received a few responses. Most either downplayed the usefulness of the two technologies in combating today’s threats, or said that they planned to implement the protections in upcoming releases.

Mikko Hypponen from F-Secure said that “adding support for DEP and ASLR in our products is on our roadmap, but has not been implemented yet. This is because we’ve focused our development efforts lately to focus on performance. Once we have this feature ready, it will be available to all of our customers through our update channel.”

Pedro Bustamante, a senior research adviser at Panda Security, said Panda decided not to use either ASLR or DEP in favor of their own technology “to provide protection not only for the single AV processes but also for other types of operations. For example our products include a Shield component which already takes care of the protection as offered by ASLR and DEP, in addition to other types of self-protections such as preventing a process from injecting a thread into a separate process, preventing certain applications from executing dangerous operations on the system (such as Adobe Acrobat dropping an executable in the system and running it), protection of the AV files in the installation directories, etc.”

Bustamante continued: “These Microsoft technologies might be a good solution for certain types of more basic applications, but from our point of view are insufficient for an anti-malware product trying to get a more defense-in-depth approach to securing the whole OS and third party applications.”

Bitdefender said it plans to incorporate DEP and ASLR in its 2011 suite of products.

Symantec’s director of product management, Dan Nadir, said Norton Internet Security 2010 does in fact include support for DEP (although my experiments with Process Explorer showed it was not enabled) and that the company is “evaluating possible support of ASLR in future versions of our products.”

The research team from ESET responded: “Based upon the types of attacks we see against security software, and the likely attack scenarios, ASLR and DEP do not provide any significant defense. [While] enabling ASLR and DEP is quite trivial, the complexity come in assuring the proper test matrix has been implemented. Without proper testing ASLR can be weaponized…We will consider adding the features in the future, but not without extremely rigorous testing.”

Source:-krebsonsecurity.com

Cloud AV Support Forum

At the same time we released Panda Cloud Antivirus Beta3 we also published a new website with two interesting new services; a Collective Intelligence Activity Monitor and user-driven Technical Support Forum.

I really encourage all of you to start using the Support Forums as we have our entire Cloud Antivirus project teams from support, QA and development participating and looking forward to interact with you guys.

Don’t be shy and visit our new support forum, drop us a note or let us know if you’re having any problems. Even if you simply want to say hello or drop suggestions for future versions, we’ll be happy to hear about it.

Source:-blog.cloudantivirus.com

New Panda Cloud Antivirus Version Released

Panda Security has released version 1.3 of its Cloud Antivirus product, which adds several new features and contains many improvements and bug fixes.

The company was intent on making Panda Cloud Antivirus Free even more appealing to users, so the annoying pop-ups advertising the Pro edition were removed from the new version.

The free edition will also get automatic and transparent updates starting with 1.3. This feature was previously available only in the paid variant.

In the past, Could Antivirus Free users who wished to upgrade had to manually uninstall the old version and then install the new one.

Detection wise, the most important new feature of Panda Cloud Antivirus 1.3 is the Web filtering component, which leverages the company's threat intelligence services to block malicious websites.

However, in all fairness, this functionality is actually provided via a browser toolbar, which is bundled with the antivirus and can be unchecked during the installation process.

The toolbar can also be downloaded and installed separately, but leaving the packaging aspect aside, the feature is there and works in Internet Explorer, Firefox, Chrome and Safari.

In addition, with new version the company can push updates for behavioral blocking rules much easier, allowing it to provide protection for new threats and address false positive incidents faster.

The recycle bin and the quarantine features have been unified for easier management and some new detection counters have been added to the statistics window.

The company plans to start pushing the new version automatically to people who are still using Panda Cloud Antivirus 1.1 or 1.2.

However,1.0 users will have to wait a few more weeks for an automatic update solution. In the meantime, anyone can manually upgrade to 1.3.

The only remaining differences between Panda Cloud Antivirus Free and Pro editions is VIP support, behavioral analysis - this is not the same as behavioral blocking, which is available in both - and automatic USB device vaccination.

Source : Softpedia

PC Tools launches new security solutions

PC Tools has expanded release of its 2011 performance and protection portfolio, including PC Tools Spyware Doctor, PC Tools Spyware Doctor with AntiVirus and PC Tools Internet Security, PC Tools Registry Mechanic and PC Tools Performance Toolkit.

According to the company, the 2011 portfolio aims to remove the many challenges consumers face when considering performance or protection options, and developing comprehensive portfolio that delivers simplicity, effectiveness and affordability to customers.

"We have been witnessing tremendous growth in India with the total number of internet users growing to 71 million last year. With this growth emerges a greater need to ensure online safety and to improve PC performance. Our aim with the 2011 portfolio is to accomplish exactly that, with simple, effective and affordable solutions," says Shafi Shanavas, Director, Product Management PC Tools.

"We've listened to our customers and solved their biggest challenges in developing tools that are simple, effective and affordable," said Tom Powledge, Vice President and General Manager , PC Tools. "It's really all about protection and performance minus the fuss and confusion. Simply put, our 2011 products get the job done."

The PC Tools 2011 protection portfolio enhances real-time scans and threat remediation while improving performance behind the scenes without impact to the user or slowing the PC down. The new flexibility options allow consumers to choose an automated experience or to customize advanced settings.

Protection advancements against spyware, viruses, malicious email and social networking threats offer a simplified experience that makes scans and fixes faster and easier. AV-Test.org found that the average scan times improved by up to 90%, while internal testing shows that average launch times have been reduced to less than 1 second

Source : The Times of India

Panda brings anti-virus to the iPhone and iPad

Panda Security has launched an anti-virus product designed to protect popular Apple products including the iPhone and iPad.

The Spanish security firm said in a blog post yesterday that Panda Antivirus for Mac can counter the increasing threats targeted at Apple products.

"As we know, this is something that is becoming more serious, so we have decided to go one step ahead and release our own Antivirus for Mac," said Panda Security technical director Luis Corrons.

"As a heavy iPhone and iPad user, I have a lots of documents on both devices, and it is great to find an easy way to scan them."

Panda Antivirus for Mac includes all the usual elements of an anti-virus suite, including protection against viruses, worms, spyware, adware, phishing and key-loggers, as well as ID theft prevention thanks to its detecting banking Trojans designed to steal personal information.

Panda is following a common trend among major anti-virus vendors in offering popular PC products for the Mac and related hardware.

Corrons argued in a blog post earlier in the year that Apple "still isn't cyber crooks' main objective as it doesn't have enough users, but it is starting to arouse interest ".

"Mac users should raise their voices and ask the company they are paying (Apple) to take security seriously," he added.

Source : www.v3.co.uk

AVG Technologies Introduces Free Antivirus Program For Small Businesses

Thanks to a recent announcement by one of the most popular antivirus software companies, small and medium-sized business owners will soon have a brand new way to protect themselves against harmful online threats.

AVG Technologies announced a plan to make its Internet Security 2011 Business edition available for small business owners around the country without charging them a penny. The technology is designed to handle threats from online predators, putting a premium on securing business data and other information.

"At AVG, we recognize that most small business owners are not IT experts, and need an antivirus and internet security solution for their business that provides maximum protection and is easy to administrate," said J.R. Smith, CEO of AVG Technologies. "That’s why we designed AVG Internet Security 2011 Business Edition and AVG Anti-Virus 2011 Business Edition to be the easiest to use and manage on the market."

Software companies from all over the country have been busy making technology news for small business. Microsoft recently introduced Security Essentials, which provided a free, downloadable program for entrepreneurs with limited resources.

Source : Gabler

Antispyware Soft Removal and Analysis

Antispyware Soft is similar in interface and behavior to Antivirus Soft, Antivirus Live and Antivirus soft scareware. This malicious, rogue security software aggressively displays fraudulent system security alerts about non-existent network infiltration attempts and malware.

The anti spyware soft rogue when installed:

• Installs the Fake Windows Security Center where all the links lead to its payment page.
• Hijacks Internet Explorer and automatically opens a specific set of porn websites every few minutes.
• Blocks execution of most programs.
• Blocks execution of Task Manager, Command Prompt and MS Configuration editor.
• Blocks Windows firewall, Automatic Updates and Internet Options.
• Disables Internet Explorer Phishing Filter.

Scareware like Antispyware Soft are commonly installed when users are redirected to fake online scanner pages or fake ‘video codec required’ pages distributed through out the Web by cyber criminals using blackhat SEO techniques, Spam and Malicious flash advertisements.

Antispyware Soft Removal (How to remove Antispyware Soft)

MalwareBytes's Anti-Malware Free edition (mbam-setup.exe) was able to remove this infection.

1. Boot in to Window Safe Mode with networking
2. Download Malware Bytes's Anti-Malware Free edition (mbam-setup.exe) or from a clean computer download and copy to a removable drive like CD, DVD or USB flash drive.
3. Double-click mbam-setup.exe to start the installation. Proceed with installation following the prompts. Make sure that the following option is checked when you finish the installation: Update Malwarebytes’ Anti-Malware.
4. Once the update is completed, Launch Malwarebytes’ Anti-Malware and select Perform full scan in the Scanner tab. When the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. If prompted restart immediately to complete the removal process.
5. Trun System Restore off and on.
   

If you find the Internet Explorer is still being re-directed to the scareware website, remove the proxy settings as follows:

Open Internet Explorer, Click Tools menu and then click Internet options or open Internet options via control panel. In the Internet Options window, select the Connections tab. In the Connections tab, click on LAN settings.

In the Local Area Network (LAN) Settings window, click Advanced and clear the proxy address 127.0.0.1 and port 5555. Click Yes and OK your way out.

You should now be clean of this rogue.

The full version of Malwarebytes’ Anti-Malware performs brilliantly against scareware such as Antispyware Soft. The real-time component of the paid version includes dynamic blocking of malicious websites, servers and prevents execution of malware. It would caution you before most rogue security software could install itself. Please consider purchasing the Malwarebytes' Anti-Malware Full version for additional protection.

Antispyware Soft Analysis

A rogue security software such as Antispyware Soft belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own. They need to be removed immediately from your system.

The trojan downloader was about 271104 bytes in size. It was detected by 32/41 (78.05%) of antivirus engines available at VirusTotal.

• Trojan.Win32.FakeSpypro
• Trojan/Win32.FraudPack
• W32/FakeAlert.GQ.gen!Eldorado
• Win32:Rootkit-gen
• Win32/XPInternetSecurity.D
• Trojan.Win32.FraudPack.avgj
• Win32/Adware.SpywareProtect2009
• Troj/FakeAV-BGE
• FraudTool.Win32.AVSoft (v)
• SpywareGuard2008
• TROJ_FAKEAV.SMMZ

Typical Antispyware Soft Scare Messages

Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.

Infiltration alert. Virus Attack. Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.

Users should not fall for the false alerts of system infection and buy the scareware to ‘clean’ the system. If you purchased one by entering your credit card number at a rogue software website, it would be prudent to:

• Immediately contact the bank that issued the card and dispute the charges.
• Request them to not allow any further transaction and cancel the card. You may also request them to issue a new card with a different number.

Antispyware Soft Associated Files and Folders

• C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\ylyqcrynp\klbqtgitssd.exe
• C:\WINDOWS\Prefetch\KLBQTGITSSD.EXE-02AED8DA.pf

Some of the file names may be randomly generated. The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Antispyware Soft Associated Registry Values and Keys

• HKEY_CURRENT_USER\Software\avsoft
• HKEY_CURRENT_USER\Software\avsuite
• HKEY_CURRENT_USER\Software\avsuite\knkd=1
• HKEY_CURRENT_USER\Software\avsuite\aazalirt=1
• HKEY_CURRENT_USER\Software\avsuite\skaaanret=1
• HKEY_CURRENT_USER\Software\avsuite\jungertab=1
• HKEY_CURRENT_USER\Software\avsuite\zibaglertz=1
• HKEY_CURRENT_USER\Software\avsuite\iddqdops=1
• HKEY_CURRENT_USER\Software\avsuite\ronitfst=1
• HKEY_CURRENT_USER\Software\avsuite\tobmygers=1
• HKEY_CURRENT_USER\Software\avsuite\jikglond=1
• HKEY_CURRENT_USER\Software\avsuite\tobykke=1
• HKEY_CURRENT_USER\Software\avsuite\klopnidret=1
• HKEY_CURRENT_USER\Software\avsuite\jiklagka=1
• HKEY_CURRENT_USER\Software\avsuite\salrtybek=1
• HKEY_CURRENT_USER\Software\avsuite\seeukluba=1
• HKEY_CURRENT_USER\Software\avsuite\jrjakdsd=1
• HKEY_CURRENT_USER\Software\avsuite\krkdkdkee=1
• HKEY_CURRENT_USER\Software\avsuite\dkewiizkjdks=1
• HKEY_CURRENT_USER\Software\avsuite\dkekkrkska=1
• HKEY_CURRENT_USER\Software\avsuite\rkaskssd=1
• HKEY_CURRENT_USER\Software\avsuite\kuruhccdsdd=1
• HKEY_CURRENT_USER\Software\avsuite\krujmmwlrra=1
• HKEY_CURRENT_USER\Software\avsuite\kkwknrbsggeg=1
• HKEY_CURRENT_USER\Software\avsuite\ktknamwerr=1
• HKEY_CURRENT_USER\Software\avsuite\iqmcnoeqz=1
• HKEY_CURRENT_USER\Software\avsuite\ienotas=1
• HKEY_CURRENT_USER\Software\avsuite\krkmahejdk=1
• HKEY_CURRENT_USER\Software\avsuite\otpeppggq=1
• HKEY_CURRENT_USER\Software\avsuite\krtawefg=1
• HKEY_CURRENT_USER\Software\avsuite\oranerkka=1
• HKEY_CURRENT_USER\Software\avsuite\kitiiwhaas=1
• HKEY_CURRENT_USER\Software\avsuite\otowjdseww=1
• HKEY_CURRENT_USER\Software\avsuite\otnnbektre=1
• HKEY_CURRENT_USER\Software\avsuite\oropbbsee=1
• HKEY_CURRENT_USER\Software\avsuite\irprokwks=1
• HKEY_CURRENT_USER\Software\avsuite\ooorjaas=1
• HKEY_CURRENT_USER\Software\avsuite\id=8.0
• HKEY_CURRENT_USER\Software\avsuite\ready=1

• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures=no
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures=1
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8=0
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\Enabled=0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer=http=127.0.0.1:5555
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation=1
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\njjhiffj=C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\ylyqcrynp\klbqtgitssd.exe

• HKEY_CURRENT_USER\Software\Microsoft\Windows Script
• HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
• HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings\JITDebug=1

The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Antispyware Soft Associated Domains

This scareware was observed accessing the following domains during installation and operation:

• avtiviruspower .com

Note: Visiting the domains mentioned above may harm your computer system.

If you are unable to get rid of this scareware, please visit one of the recommended forums for malware help post about your problem.

Antispyware Soft Scareware — Screenshots

Note:- The Antispyware Soft installation and removal was tested on a default installation of Windows XP SP3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

Source :-www.malwarehelp.org

How to Remove the Win32 Autorun Worm?

Computer systems running Windows without proper virus protection and malicious program activity detection are prone to getting affected with malware from the Internet, mobile hard disks and USB memory sticks.

Such a malicious worm called Win32 has been known to secretly and maliciously integrate itself into program or data files on any target computer system running the Microsoft Windows Operating System without proper security measures in place.

The Win32 virus has been observed to spread by integrating itself into more files each time the host program is run. Also known as Win32 Autorun Worm, it can resemble as a legitimate Windows System32 file and exploit your Windows OS to download bad files from other websites.

The Win32 Autorun Worm has also been known to infect any target computer system through undesirable email attachments, media codecs, pornographic material and various kinds of image downloads. The Win32 Autorun Worm has proved to be a serious security threat in many cases where it has been reported to steal secret assemblage and should be removed as soon as it is detected on any computer system.

Win32 Autorun Worm Aliases:

As with any notoriously dangerous computer virus or piece of malware, the Win32 Autorun Worm goes by various aliases that may reside on your computer including but not limited to:

1. Worm.Win32.Autorun.nox
2. Worm.Win32.Autorun.dlw
3. Worm.Win32.Autorun.m
4. Worm.Win32.Autorun.bli
5. Worm.Win32.Autorun.cpe
6. Worm.Win32.Autorun.Isw
7. Worm.Win32.Autorun.nuu
8. Worm.Win32.Autorun.cea
9. Worm.Win32.Autorun.aye
10. Worm.Win32.Autorun.bnb
11. Worm.Win32.Autorun.cgi
12. Worm.Win32.Autorun.hr

Usual Win32 Autorun Worm Symptoms to look for:

1. Your computer system causes unfamiliar Windows sound errors.
2. Your computer system experiences corrupt or nonexistent registry entries causing crashes and showing the blue screen of death.
3. Your computer desktop screen and screensavers are hijacked by annoying messages.
4. Your computer’s web browser Pop-up blocker becomes inadequate to prevent pop-ups taking you to crazy unwanted websites with more viruses and worms.
5. Your computer’s web browser’s default start page auto re-directs to perverted websites
6. You computer system experiences extreme slowdown as well as significantly noticeable sluggishness in performance

Win32 Autorun Worm Activities:

1. It uses various security holes in the Windows Operating System to download detrimental files wrapped with spyware, adware and malware.
2. It monitors all your system activity as well as monitors your browsing habits thus creating pop-up advertisements that follow these patterns.
3. It bypasses any computer antivirus software installed on you computer system as well appears as legitimate files for Internet access in your firewall.

Win32 Autorun Worm Virus Removal Instructions

After reading the above symptoms and identifying that your computer system has been infected with the notorious Win32 Autorun Worm, let’s attempt to get rid of it with the following simple steps:

1. You will first have to open Windows Task Manager by pressing Ctrl + Shift + Esc keys.
2. Click on “Processes” and then click “Show Processes from All Users”.
3. Right-click “Run.exe” and select “End Process”.
4. Right-click “Svchost.exe” and select “End Process”.
5. Close Windows Task Manager.

Deleting all Win32 Autorun Worm related Windows Registry entries:

1. Let’s first open the Windows Registry Editor by typing the command “regedit” in the “Search Programs and Files” box and then hitting ”Enter.”
2. Delete the following registry entry manually:
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run”
3. Finally close the Windows Registry Editor and you are done here.

Deleting all Win32 Autorun related files from your computer system:

1. So let’s get this pain in the back out of our computer permanently by clicking the Windows Start Menu and then “Search Programs and Files”.
2. Search and delete all of the following files and don’t forget to permanently delete them by hitting shif+delete keys together:
- “SystemDrive\Run.exe”
- “SystemDrive\autorun.inf”
- “Programfiles\Internet Explorer\iesettings.ceb”
- “Programfiles\Internet Explorer\svchost.exe”
3. Finally, restart your computer and you should be done away with the Win32 Autorun Worm forever until you end up surfing the Internet without proper antivirus and worm protection or connected unscanned hardware such as hard disks and USB drives to your computer.

Source: devicemag.com

How to remove Wireshark Antivirus (Virus Removal Tutorial)

The Wireshark Antivirus is a rogue anti-spyware program (we’ll stick to the virus name, although it’s not its textbook definition) that mimics the behavior of legitimate antivirus software. The purpose is to convince you that your computer has a virus/security problem so that you pay money to have these viruses removed. The trick is that Wireshark Antivirus is the actual infection in your computer and that instead of giving your credit card number to these criminals, the only thing you need to do is remove Wireshark Antivirus using the removal guide below.

Wireshark Antivirus gets on your computer when you download an infected image, browsed infected porn sites and such. Once installed, the virus will be programmed to start when your Windows OS loads. Once on your computer, it will perform a fake virus scan and tell you that your computer is infected. Then the Wireshark Antivirus tells you that you have to pay for the full version to remove these infections. Remember that Wireshark Antivirus is actually the virus itself and that you shouldn’t pay that money under any circumstances.

How To Remove Wireshack- Steps

Ok, so now that you have a brief idea of what Wireshark Antivirus is, let’s learn how to remove Wireshark Antivirus completely free, by following our simple removal guide.

Please remember that each step is equally important.

Step 1. Because Wireshark Antivirus might mess with your Internet connection, you might have to download the tools we are going to use on another computer and then transfer them to the desktop of the infected computer using a CD/DVD or an USB stick.

The files we are going to need are:

Malwarebytes Anti-Malware – MBAM will scan your computer for any viruses and remove them

iExplore.exe – A great tool developed by Lawrence Abrams. It will stop the Wireshark Antivirus process (close it for good), so we can remove it.

Step 2. Once you transferred the files, it’s time to close Wireshark Antivirus so that we can remove it. Because Wireshark Antivirus will not go away easily, we are going to use eXplore.exe to kill the process. Run eXplore.exe until Wireshark Antivirus is gone. If it doesn’t work the first time, try running it multiple times simultaneously. It might not work at first, but keep going at it, as the WiresharkAntivirus virus will eventually be closed.

Step 3. Now that we have closed Wireshark Antivirus, we should remove it (and any related files). For this, we will use Malwarebytes’ Anti-Malware. Run the setup from the desktop, and proceed with the standard MBAM install settings (remember to check the “automatically update MBAM” box).

Step 4. When MBAM is up and running, go to “Scanner” and perform a full scan of your computer. Don’t worry, the scan is supposed to take quite a while, but that’s a price you should be willing to pay. When the scan is complete, check all the infections MBAM detected and select “remove selected”. Now wait for MBAM to remove WiresharkAntivirus (as well as other infections it detected) from your computer.

Step 5. Now I would suggest you use CCleaner to remove all temporary files from your computer. This is a trick I use each time I’m trying to remove a virus from an infected computer. Here is a tutorial on how to do that.

Step 6 (OPTIONAL): If you really want to be sure you got the little bugger out for good, I recommend that you use another malware removal tool, called SuperAntiSpyware. You can download the free edition here. Just install it and perform a scan. If it catches anything, remove it.

At this point, you should have removed Wireshark Antivirus and any related files from your computer. Leave a comment if anything went wrong and I’ll get back to you as soon as possible.

Source: free-pc-guides.com

USB Malware Flaw Hits Windows

A new type of malware is targeting Microsoft operating systems via infected USB drives.

The newly discovered Stuxnet malware uses a flaw in Windows to infect PCs using shortcut icons, Microsoft said.

"The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut," Microsoft said in a security warning. "This vulnerability is most likely to be exploited through removable drives."

"Currently, we have seen only limited, targeted attacks on this vulnerability," Microsoft added, but said it expects other malware writers to start using the USB shortcut flaw too.

Security firm Trend Micro agreed. "Despite the numerous potential techniques for proliferation being offered by the web, USB malware continue to be distributed by cybercriminals, which only proves their effectiveness," JM Hipolito wrote on the Trend Micro blog.

The flaw affects Windows OSes from XP to 7, as well as Server 2003 and 2008. Microsoft has issued a pair of workarounds, advising users to disable the icon for shortcuts or the WebClient service, which it sees as the "most likely remote attack vector."

Source: pcpro.co.uk

Tips and tricks Using Antivirus

A computer virus is a frightening specter for computer users, some time ago I had written about what a computer virus. To overcome the problem of computer viruses requires a reliable antivirus, there are many antivirus software that you can use to eradicate a virus that attacks your pc / notebook you. Before Virus Scan you can have look at these tips.

Among the many anti-viruses, there are 10 best antiviruses which can eradicate the virus that attacks your computer. But the use of antivirus also may not arbitrarily, in order to work effectively. There are a few tips you can use to secure your computer safe from computer viruses. Although not able to counteract the virus 100% but it can minimize the entry of virus into your computer. Here are tips and tricks to use antivirus:

• Avoid the use of two or more antivirus simultaneously, except if it is needed.
• Check the Virus Vault (quarantine viruses) regularly and if it is too much of its contents, delete the real virus or a file that is not used anymore. If many files of the same size, the possibility that the virus, so deleted it or leave one alone.
• Always activate the Resident Shield / Guard, because it is always monitoring these files at any time.
• Activate the facility Report, and save his report on the folders that are easy to find.

In addition there are a few tips and tricks to streamline the process of virus scan, virus scan on the computer process can take quite some time, even hours if the files you very much, then, could you do the following things:

• Non-enable (disabled) scans Archive (a compressed file, like zip, rar, cab, etc.), but had plenty of time to scan for viruses. Because if this is enabled scanning process can be very long. Also if there is virus inside zip / archive the original files are not harmful in it not running.
• Avoid setting to simply delete / heal / remove files that are considered as a virus, better choose Quarantine (Move to Quarantine) or rename. Unless already sure that the file was a virus, not a document or program that is infected with a virus.
• If there is an option scan certain files / options (smart extensions) and all files, then better choose smart extensions, scans will be much faster.
• In the Scheduler scans (Scan automatically every time), be sure to set the times when the computer is rarely used or in the off (non enabled / disabled) only and scan in doing it manually. Because sometimes we do not know that the antivirus is doing a scan that can take very long, so the work computer is very slow.
• If the scan is in the process, you should not run other programs, let alone the weight. Also be sure to turn off the screensaver when the computer was left out.

For you who rarely used internet an computer (offline), there are some additional tips and tricks that you need to do, namely:

• Download virus definition (update) once a week, more often is better.
• If any facility or Email Anti Spyware Scanner, or other facilities associated with an Internet connection, just switch off to reduce memory and CPU usage. If the computer is sometimes connected to the Internet, spyware scans can be done manually, every few days or once a week.
• Turn off Auto Update facility, updates done manually, by downloading virus database or when connecting to the Internet only.

If you often connect to the Internet (online), there are a few tips you can use antivirus settings to counteract the virus infecting your computer, including:

• Enable Auto Update, once a day is enough, more is often better.
• If there is an email facility, or anti-spyware scanner, preferably activated, unless use of other anti-spyware programs.

Best free antivirus for netbook

Antivirus software run smoothly, almost transparently, on dual and quad core processors. Intel Atom processors for netbooks are dimensioned for basic browsing experience, even the newest generation of Intel Atom processors (Atom N450 and N470) didn't bring a significant performance boost.

The game will definetly change with dual core Atom (N550, coming up summer 2010). In any case most of the Windows based netbooks sold in 2010 will have a single core Atom processor, for this reason you should be careful in choosing an antivirus software, avoid antivirus that produce a heavy CPU load... you don't want to slow down an already slow system!

There are 7 free antivirus suites:

* Avast Free Antivirus
* AVG Anti-Virus Free Edition
* Avira AntiVir Personal
* Comodo Antivirus Free
* Microsoft Security Essentials
* Panda Cloud Antivirus
* Rising Antivirus 2010

Only Avast, Avira and Panda antivirus are light enough to run on netbooks without significant system slow down while antivirus from Microsoft, Comodo and Rising resulted in a significant slow down of the netbooks.

A major problem with free antivirus software is the "slow" update rate: once a day for the free antivirus vs a couple of hours for most of the commercial antivirus programs.

Source: eeejournal.com

New Exploit Resists Windows Security Software

A just-published attack tactic that bypasses the security protections of most current antivirus software is a "very serious" problem, an executive at one unaffected company said.

Last week, researchers at Matousec.com outlined how attackers could exploit the kernel driver hooks that most security software use to reroute Windows system calls through their software to check for potential malicious code before it's able to execute.

Calling the technique an "argument-switch attack," a Matousec-written paper spelled out in relatively specific terms how an attacker could swap out benign code for malicious code between the moments when the security software issues a green light and the code actually executes.

According to Matousec, nearly three-dozen Windows desktop security titles, including ones from Symantec, McAfee, Trend Micro, BitDefender, Sophos and others, can be exploited using the argument-switch tactic. Matousec said it had tested the technique on Windows XP SP3 and Vista SP1 on 32-bit machines.

Some security vendors agreed with Huger. "It's a serious issue and Matousec's technical findings are correct," said Mikko Hypponen, chief research officer at Finnish firm F-Secure, in an e-mail.

Other antivirus companies downplayed the threat, however. "Based on our initial review of the public documentation, we believe this is a complicated attack with several mitigating factors that make it unlikely to be a viable, real world, widespread attack scenario," a McAfee spokesman said in an e-mail reply to a request for comment. "The attack would require some level of existing access to the target computer, as the attack described by Matousec does not on its own bypass security software or allow malware to run."

Kaspersky Lab had a similar reaction. "[We] have analyzed the published material and concluded that the issue is only linked to certain features of [our] products," Kaspersky said in an e-mailed statement. "Kaspersky Lab products implement not only [kernel] hooks, but a wide range of technologies, including secure sandboxing and other methods of restricting suspicious kernel mode activity."

Huger confirmed that attackers would have to drop malware of some sort on the targeted machine in order to utilize the argument-switch strategy, and that there are "lots of easier ways to game antivirus" than Matousec's technique.

Huger's greatest fear is that others take Matousec's findings, weaponize the argument-switch attack, and add it to one of the numerous underground exploit kits. "If someone packages this into an easy-to-use library, I think it'll be in play pretty quickly, with widespread adoption," said Huger. "Why wouldn't it?"

Several researchers with antivirus companies, including Huger, noted that security software isn't defenseless against attempts to use argument-switch, in large part because attackers would still need to plant malware on a machine, and on-demand scanning would theoretically block any malicious downloads, at least of known threats.

Huger expects that attacks using argument-switch will target 32-bit Windows XP machines, both because that operating system continues to dominate the Windows ecosystem, and because it lacks the PatchGuard kernel protection that Microsoft added to 64-bit versions of XP in 2005, then later to 64-bit editions of Vista and Windows 7 .

Microsoft faced resistance from several antivirus companies, notably Symantec and McAfee, before the release of Windows Vista. They complained that PatchGuard would prevent them from delivering key functions in their Vista-compatible products, including behavior-based virus detection, host-based intrusion prevention and software tamper protection. Microsoft relented and eventually made security application programming interfaces (API) available to allow vendors to do what they needed without accessing the kernel.

Those APIs first appeared in Windows Vista SP1 in 2008.

Matousec claimed that 64-bit versions of Windows boasting PatchGuard could be vulnerable in some instances. "[This] will work against all user mode hooks and it will also work against the kernel mode hooks if they are installed, for example, after disabling PatchGuard," Matousec's paper stated.

Microsoft did not immediately reply to a request for comment on Matousec's claim.

Other problems security vendors face in blocking argument-switch attacks could arise if or when they release updates, argued Huger. "Kernel driver programming is pretty tricky," he said. "Redeployment [of updates] will complicate things. Any vendor nervy enough to put out new kernel drivers will have to do a pretty significant gut check. If something goes wrong, millions of machines could be blue-screened."

Huger pointed to the recent fiasco with a faulty McAfee signature update that crashed thousands of PCs running the company's security software as an example. "Enterprises would be very reticent to update because of the risk," he said.

Source: pcworld.com

Can the clouds really be secure?

Cloud computing has huge potential, especially as the Internet’s infrastructure improves and becomes more affordable. Its main attraction is the economies of scale it can provide us.

These were two of the conclusions Kaspersky, a rising security company, reached during its Executive Roundtable held last month. However, there are still lingering questions: How safe is our data in the clouds? And who can guarantee our mission-critical information placed in the clouds won’t be misappropriated?

These are some of the paramount prerequisites that will become the key to success of cloud computing.

For those wondering what cloud computing is, the US National Institute of Standards and Technology (NIST) has defined it as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources [networks, servers, storage, applications, and services] that can be rapidly provisioned and released with minimal management efforts or service provider interaction”.

In a now-conventional setting, we install an antivirus program on our PC or notebook. It may be AVG, Kaspersky, McAfee, Norton or any reliable program. We then pay to subscribe to updates, which we hope will come fast enough to shield us from the latest malware. However, with our computing activities increasingly moving to servers located in “clouds”, will this configuration still protect us from unwanted viruses?

The answer is, of course, a resounding “No”. Therefore, it is not surprising to see antivirus makers rushing into cloud computing. Some of them are collaborating with Internet Service Providers (ISPs) to offer a safer and more secure universe in the clouds.

Parents with underage children would no doubt be very familiar with this problem. When their children are alone in their bedrooms, they will be tempted to surf all over the Internet, sometimes to sites not recommended for kids. Parents usually know about it, but tend to avoid direct confrontation with their children. With iControl, parents can easily restrict their children from visiting adult sites.

Or, parents worried their children are spending too much time on Facebook can limit the time they can access the site.

Of course, some of these services have been available for a while on intelligent routers. However, the flexibility offered by services such as CBN iControl makes it easier to implement in a household as well as in companies.

In the office, if companies are concerned that complete freedom to access the Internet during work hours is likely to negatively affect employees’ productivity, then IT managers can customize access rights, helping them manage bandwidth usage. IT deparments will be able to restrict the amount of pictures and videos downloaded at work, which are irrelevant to the business.

CBN iControl does not require additional hardware or software, and can be configured according to specific needs. At the moment, only the basic level of the service is available. iControl can help protect us from cyber crimes such as identity theft and credit card hacking.

Sugiharto Darmakusuma, CBN’s chief commercial officer, emphasized that the new service was also part of his company’s CSR program, which focuses on providing a clean pipe to the clouds. In addition to offering a constantly updated antivirus database, iControl has features such as URL filtering, web 2.0 control, data loss prevention, browser control and P2P protection.

CBN iControl exemplifies the type initiatives ISPs are implementing to integrate web security into their services.

The question remains: Is it possible to find a technology that will protect us from malicious threats once and for all?

The answer is unfortunately no, because as Joy Gosh, Zscaler‘s managing director for Asia Pacific said in the launch event, “The threat landscape continues to change.”

However, research continues. As reported by ScienceDaily on May 3, 2010, researchers from the North Carolina State University have come up with HyperSafe, software to safeguard virtualized computing resources in the clouds.

Virtualization is the essence of cloud computing, allowing multiple users to share the use of a pool of computing resources.

So, the future of cloud computing security is not so bleak after all.

Source: thejakartapost.com

New Computer Virus Masquerades as Antivirus

A latest computer virus masquerades as famous antivirus software in Centennial, Colorado (US) and experts opine that it can cause damage to the hardware and hack system's files. The virus seems to be originating from authentic Antivirus Security Programs like Norton and McAfee.

The virus informs the users that their system is suffering from a virus infection and advises them to enter their credit card details to buy an updated version to clean the system. In other words, it is simply a computer virus disguising as authentic software.

Vice President of Centennial-based Accelerated Network Solutions, Greg Cann stated that once the users reveal their credit card details, attackers gain an access to their hard drive and money, as per the news published by thedenverchannel.com on April 14, 2010.

An individual from Centennial, Frank Martin was recently hit by the virus when his wife mistakenly installed the software without knowing that the antivirus solution was bogus.

The security firm suggested that users should be more careful to avoid such attacks. It is very important that computer protection systems should be updated.

Source: Spamfighter.com

Windows XP Operating System Support

Expert technicians at iYogi Technical Services have the resources and experience to solve the most complex issues related to Windows XP support.
To take a quick step backwards, everyone remembers that when Windows XP was launched, there were a lot of people who stressed that there was no need for a new Windows operating system from Microsoft and they were contended using old DOS-based versions, such as Windows 95, 98, and 98SE. No doubt this was for sure, but technically it was not appropriate. Windows XP as compared to the other Windows operating systems provided dramatic advances in power and reliability.
There are some glitches in Windows XP production since it was incompatible with many old programs and peripherals, it had to get new drivers, and the interface needed some relearning.
Keeping all these factors in mind, iYogi Technical Services started its premium Windows XP Support for small business and home users worldwide.
Microsoft Windows XP technical support from iYogi is a comprehensive 24/7 technical support for Microsoft Windows XP. Microsoft Certified technicians at iYogi can fix your Internet browsing problems, resolve conflicts and compatibility issues, make sure your software and drivers are up-to-date, and optimize Microsoft Windows XP operating systems speed and performance.
The iYogi will diagnose and troubleshoot issues with your Windows XP and repair all errors related to it.

In addition to the services tabled above, iYogi has been primarily the user’s first choice with these services coupled up from the ones above:

• Easy and Fast computer support for Microsoft XP Operating System
• 24x7 computer support from Microsoft Certified technicians for low price
• Software and start-up error troubleshooting.
• Resolve software and driver conflicts
• Customize Microsoft Windows XP to boost your computers speed and performance

iYogi supports all versions of Microsoft Windows XP Operating System. Windows XP technical support can be accessed by users remotely by dialing iYogi’s toll free number. Give us a chance to serve you and we promise that you will experience the best Windows XP support ever.

Concept of Online PC Repair

When your PC behaves strangely like applications taking longer to launch, computer is running very slow etc., it indicates that your PC demands repair. For repairing your computer, you can contact any technical service provider. But it would be beneficial for you, if you contact an online service provider.
Online service providers offer a wide range of services at variant rates. iYogi Technical Services is one of them. iYogi offers round- -the-clock PC support and a variety of services at an affordable price. Some of the services offered through online support for PC repair are enlisted below:
• Installation, un-installation, re-installation of software
• Troubleshooting computer hardware and software errors
• Configuring settings of different applications
• PC Optimization
In addition to all the aforementioned services, many services are also offered through remote support. In online support, you just have to contact any remote service provider and they can reach out to you at the comfort of your home or office. Any tech expert from your service provider will remotely access your PC after taking your permission.
After accessing your system, tech experts will diagnose your system with great care in order to find out the root cause behind the occurrence of these technical issues. After diagnosing your system, the tech expert will carry out the necessary steps in order to repair your PC. In this manner, your PC gets repaired without any pain of transportation.
In case, you take your PC to any service centre, it would take roughly around three to four days to get it repaired and you will have to pay every time you go there. But this is not the case with online support; you just have to pay once and you can access unlimited services for the specified time. If you call any technician at your premises, you have to pay an extra amount for the services. So, it would be better to say that online technical support for PC repair is more beneficial as compared to on-site tech support.

How to Remove Trojan without Installation of any Antivirus Software?

Trojan is basically a software program that can perform enviable functions on your computer. In addition to this, it offers the facility to intruders to easily access your system. Trojans can get entry into your system from many methods, such as e-mail attachments, software downloads, etc.
Once any Trojan gets entry into your system, it allows remote access of your system to hacker. After getting access to your system, hacker can perform various tasks like, stealing your confidential information, installation of software, deletion or modification of files, keystroke logging, etc.
You can scan your system with Windows Live OneCare safety scanner in order to get information about malicious programs installed on your system. This scanner consists of various scan types and you can select any scan for your system. Its protection scan will check your system for Trojans viruses and other malicious software.
In addition to this, it will check for the open ports of your computer, which can make your system more vulnerable to online threats. After scanning, it will produce a report, which contains the number of files scanned, the number of infected files found, the type of infection and virus name, the number of common open ports, etc.
Another scan type of Windows Live OneCare safety scanner is clean up scan, which will find out the redundant temporary files of your system. Tune up scan will provide you the information about your hard disk drive. After scanning your system with Windows Live OneCare safety scanner, you can remove Trojans with Microsoft Windows Malicious Software Removal Tool.
This tool can check the systems running Windows 2000, Windows Server 2003, Windows XP, Windows Vista, and Windows 7 for infections and can also remove these infections. When its detection and removal process gets complete, it will display a report, which will contain information about all the malicious software detected and removed.

How to Make your Computer Fit and Healthy?

At times your computer behaves strangely like, taking much time in launching applications, automatically shutting down, hard disk becomes inaccessible, etc. Under such circumstances, it is required that you should go for proper computer repair services.
In past some days, I was in need of taking technical support from a service provider. Then one of my friends suggested me to subscribe to iYogi’s computer repair services. . After accessing their exceptional tech support services, All I got was a fast performing computer running as fast as the first time I bought it.
Features
You will receive a lot of services while accessing online support for computer repair. Some of them are enlisted as:
• Installation, re-installation, and un-installation of software
• Diagnostic & repair of the hardware issues
• Troubleshooting software errors
• Optimizing your PC’s speed and performance
• Resolving driver conflicts
• Resolving Internet browsing problems
After accessing online support for your computer, it will become fit and healthy once again.
Usability
When you will subscribe to remote support for repairing your computer, then you just have to give your permission to access your system to its tech expert. After accessing your system, tech expert will diagnose your technical issues; and will carry out the necessary steps, in order to resolve your technical issues.
Limitation
If you opt for remote support for computer repair, then you do not have to take pain of transportation. But in on-site support, you either have to carry your system to any service centre or you have to call any technician at your premises.
At last, I suggest you to take remote support from iYogi Technical Services, because it offers unlimited support in a fixed price.

Data Recovery Software in Windows 7

Features
There may be manual fault or some unavoidable circumstances related with technical issues, when you lost your important home or business files (such as MS Word, MS PowerPoint, MS Excel, Bkf, Zip), e-mails, photos, music and other rare things.
Although this happens very rarely, but the data once lost can take long time to recover or may be not be recovered at all, so there should be adequate management for data backup to assure that you access important files and folders anytime.
You would be considering me too much obscene, but I have suffered from data lost on my Windows 7 computer recently, that’s why I want to discuss with you about some important data recovery methods for Windows 7 and you must add the data recovery agent.
First I want to tell you about prevention, because it is an old saying that “prevention is better than cure”. As you do Ctrl+S with your word document every time to ensure it is saved regularly, similarly you should make a practice to take data backup of your hard drive memory on an external hard disk or other optical device, which can be used to combat such situations.
Next, when you are trapped under the situation and you don’t left with much of options, then Windows 7 recovery software is a better alternative. Some of the best recovery software available in the market are Stellar Phoenix Windows Data Recovery v4.1, Advance Windows 7 Data Recovery Software and Recover My Files data recovery software.

Usability
Windows 7 data recovery software can effectively restore or recover entire data of your hard disk including deleted files emptied from the Windows Recycle Bin, or lost due to the format or corruption of a hard drive, infection with computer viruses, and unexpected system shutdown or software failure. You can also recover your data, which is located in corrupted partition, such asFAT12, FAT16, FAT32, NTFS & NTFS5 of Windows 7 based hard drive. Windows 7 data recovery software are also compatible enough for recovering data from other types of data storage media such as floppy drives, flash drives, USB digital media, pen drive, zip drive, memory stick, multimedia card, secure digital card & many more.
Limitation
Data recovery is not possible with Windows 7 Recovery tools if it has been physically overwritten by low level disk format. You may face issues while recovering files located on hard disk which is well encrypted.

How to Reinstall Windows XP Without Losing Your Data

Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops, and media centers. It was released in 2001 and has been the most popular operating system all over the world.
If your computer is not working properly then, you might need to repair or format your computer. Repairing a computer will fix the corrupt operating system, and it will not delete your data.
Follow these steps to repair Windows XP computer without any data loss:
Step 1: Firstly, you need to insert the XP CD into CD drive and restart your computer. As computer shuts down, keep pressing DELETE to enter the BIOS setup. In the BIOS setup, set the 'First Boot device' to CD-ROM and exit saving these settings.

Step 2: Now, your Windows XP computer will restart and a message will appear saying 'press any key to boot from CD'. Press space bar or any other key to continue.

Step 3: Next, you have to wait for few minutes as setup will inspect your hardware and Windows on computer. Setup will also load some necessary files to repair the Windows XP computer.

Step 4: Now you have to press F8 to accept the Windows XP license agreement, and then you have to select the drive which you want to repair. There may be more that 1 drives in some cases, then you can select the drive by using UP/DOWN arrow keys to select the drive which you wish to repair.

Step 5: Now, setup will examine the drive which you have selected and will go through 1 to 100% and a new window will appear on screen, hit F3 to continue and setup will reboot the Windows XP computer.

If you follow the above steps, you can repair your computer without any data loss.