Technical Tidbits

This is one nasty bugger! WOW!

It starts out with an annoying pop-up message on your taskbar over by the clock. When the balloon error message disappears, you get a red X like the Microsoft Red X inside the security shield. This message however, is missing the security shield that windows uses.

The other thing I want to point out about the error message, is read the wording. Although this looks like a typical windows message, Microsoft can spell and uses proper grammar! Specifically, the message says, “It is recommended to use special antispyware tools to prevent data loss.” BAD GRAMMAR! Not Microsoft.

The message further states that “Windows will now download….” Another dead giveaway that this is not Microsoft. They NEVER ask your permission to do anything! (SMILE)

But seriously, here is the actual message pop-up.

What’s bad about this one is that it does look like a typical windows message. In the case of my sisters PC, Trend blocked the reanimator from downloading its dastardly tools that would plant a nice Trojan onto the machine. But, we needed to get this thing out of her PC!

There were two affected files: winivstr.exe and braviax.exe that was hidden in the Windows folder and the Windows/system32 folder. Braviax.exe was slated to run at startup in MSCONFIG.

This bugger also totally disabled and hid Spybot Search & Destroy! We could not use it even when I found it by unhiding the hidden files and folders.

I booted in safe mode to no available.

I removed the files in safe mode, removed the prefetch files, turned off the msconfig startup of the file, and removed registry files only to have it reappear on normal boot.

It was listed inside the windows .dat files for Internet Explorer and the desktop. The more I tried to eliminate it, the more it returned.

After hours of trying to remove this sucker manually, I gave up and did a Google search to see if anyone else had successfully deleted it.

I’m always squeamish when it comes to freeware, but at this point I was ready to try anything.

And I’ve got to tell you that I found the most awesome removal tool for this thing!

Now, mind you that this website goes totally against everything I teach in my new CyberSleuthing Websites eBook, but it was worth the risk. If I couldn’t get the darn thing out of the computer, I’d have to reformat anyway. So if Trend PC-cillin decided that this tool was also a bad guy, either way I lost nothing. At best, these guys would be legitimate and we’d clean the machine!

Well, it worked! I couldn’t believe how fast and easy it was! And Trend didn’t mind it at all.

The tool? MALWAREBYTES ANTI-MALWARE.

Kudo’s to the folks at Malwarebytes.org!

Once the bugger was removed, guess what became available again? Spybot S&D! And even that played nice with Malwarebytes Anti-Malware program.

I am really, really, really impressed!

written by Admin \\ tags: anti-malware, antimalware, braviax.exe, malwarebytes, reanimator, trojan, univers32.dat, wantvi.e, winivstr.exe

In catching up on my overstuffed Thunderbird e-mail inbox, I found a relatively new newsletter from SearchSecurity. I know some of my students in the advanced PC Security course were interested in this subject, so I thought I’d post this for you.

PODCAST: Countdown: Making NAC work with your existing security tools

This podcast provides listeners with real-world anecdotes and detailed information on how to overcome obstacles presented by conflicts between your various NAC products and other security and networking tools on your network.

DOWNLOAD PODCAST

NAC: Snyder Answers the Hard Questions
(Videocast and Podcast versions available)

The videocast and podcast featured here help answer some of today’s hardest NAC questions and provide information on how to overcome some common obstacles and challenges faced while implementing NAC within your company.

VIDEOCAST: NAC: Answering the hard questions

PODCAST: Countdown: Making NAC work with your existing security tools

Speakers are: Joel Snyder, Ph.D., Senior Partner, Opus One and Mike Chapple, CISA, CISSP, IT security professional, University of Notre Dame

SPONSOR: Sophos Inc.

Enjoy!

written by Admin \\ tags: Joel Snyder, Mike Chapple, NAC, podcast, searchsecurity, Security, sophos, techtarget, videocast

I’m catching up on cleaning up my oversized Thunderbird inbox today and came across this YouTube video. If you haven’t seen it yet, you should! I won’t spoil it for you by saying anything about it. It’s a must see!

 http://www.youtube.com/watch?v=5NoGbLI3ePA

Debbie

written by Admin \\ tags: bill gates, bill gates tribute, david letterman, letterman, Microsoft

There seems to be some big “hissy fit” going on about Apple trying to push the new safari browser through your Apple Update Software. So, I decided to take some time today to check it out myself and ran the Apple Update.

And yes, there it is!

Now, first of all, let’s point out the obvious. See the check box next to Safari? If you uncheck it, Safari won’t install! We all know how to read, don’t we?

Secondly, I’ve read some BS out there about how Apple is trying to sneak this in on you. Are nuts? Where is this sneaking anything?

Some have also compared this to Microsoft’s sneaky attempts to give you junk you don’t want nor need. NO WAY! You cannot even compare the two!

Microsoft has snuck into our PCs and given us stealth updates - which Apple does not do. Additionally, Microsoft’s auto update encourages the EXPRESS installation which is a blanket install of anything they want to shove on you. You cannot compare the Apple Update Software to any of Microsoft’s antics! Get real!

Okay, that being said, I went ahead and installed the Safari browser just for fun. I must say I’m impressed and really thinking about moving from my ever slowing, sluggish Firefox to the new Safari. I really, really, really, love the bookmark organization in there! (But I’ll save that for a later review.)

But for now, let me say to those who are crying “FOUL” over the Apple Updates including Safari, if you can’t read or don’t pay attention to what the heck you’re downloading, then don’t blame Apple!

I have some issues with the elitest attitude of Apple users, so don’t think I’m a die hard Apple/MAC lover. The BS that MAC’s don’t get viruses and that they don’t crash, they have “Forced System Resets” that is touted by their sales staff makes me want to gag. But there is no way you can compare their update OFFERING you Safari as a download option to Microsoft’s SHOVE IT DOWN YOUR THROAT software installations.

If you’re too busy to read the screen when you download something, don’t blame Apple for your lack of attention. And if you have any software update set to “auto install” you need counseling. No one should ever allow a software manufacturer (or anyone for that matter) “cart blanc” to their PC! You have no right to cry “Foul” if you’ve allowed that.

This big “to-do” is just another bunch of cry babies not taking personal responsibility for their actions - or in this case, downloads. Or, is it just a way to call attention to yourself and your website? Hmm, maybe that what’s really behind this? Did I hear someone say, “Free traffic?”

written by Admin \\ tags: apple, apple software updates, apple updates, itunes, quicktime, safari, safari browser

TREND MICRO Website and 20,000 Others Hacked this Week!

As McAfee was reporting on a major hack of over 20,000 websites, Trend Micro was discovering they were one of them. Because most of these sites were legitimate, trusted sites, we advise you run your AV software for a full scan!

http://www.networkworld.com/news/2008/031408-trend-micro-hit-by-massive.html?docid=4046

If you subscribe to our newsletter Alerts, you’re getting one that includes this information along with the MAC OS X and Safari Patch information, the Adobe and Cold Fusion patch information, and the Belkin router firmware update alerts!

written by Admin