njustice

Members
 View Profile  See their activity

  • Content Count

    51

  • Joined

  • Last visited

 Content Type 

Posts posted by njustice

  2. Tip: Clean Out The Prefetch

    in PC Tips and Tricks

    Posted

    Windows XP has a feature that monitors files that are used when you boot and also applications that you start. It puts a log of these in the Prefetch folder under C:/Windows. And....so it goes to this folder and "prefetches" those files for faster startups. A nice feature, but that cache folder can fill up rather fast with "junk" files (old stuff you rarely use any more)---it needs to be cleaned out at least once a month--more often if you are a heavy user. One "technique" I used recently was having a shortcut to the Prefetch folder on my desktop (named, of all things, "Clean Prefetch"---original, huh? :rolleyes: ). That would open the folder and I would manually delete all the files.

    Anyway....here's one better---make a shortcut to a simple batch file that will erase all the contents of the Prefetch folder with just one click. Here's how:

    1. In Notepad, type the following (or just cut & paste the text below):

    del C:\Windows\Prefetch\*.* /Q

    2. Click on "Save As", then in the scrolldown menu "Save as type", select "All files".

    Saving the file to the C:/ drive (or folder of your choice), name the file: DeletePrefetch.bat and hit OK.

    3. Now make a shortcut to that file either on the Desktop or in Programs (do NOT use "Copy"...if you do that, you won't be able to rename it without screwing up the file). When you are ready to clean out the Prefetch, just click on the shortcut and it's done. One click shopping.

  4. Please Read - Major Exploit Underway

    in Security Alerts

    Posted

    Posted by Eric Howes on DSLReports.com: (partial quote)

    http://www.dslreports.com/forum/remark,119...04374~mode=flat

    Hi All:

    Some of you may have seen one of today's new stories about a stealth installation exploit that Ben Edelman wrote up and published on his web site:

    »www.benedelman.org/news/111804-1.html

    Included with Ben's write-up is an eye-opening video. 

    I thought you all might like some additional information about the exploit that Ben documented.

    This is a developing story and our information is still incomplete, so the information presented here may need to be revised in the light of new developments.

    It appears that a group of hackers (perhaps even a criminal gang) is hacking web servers all over the Net and installing root kits that dynamically inject code into the pages served from the compromised web servers. The injected code effectively serves as a "front door" to a number of different pages at these domains:

    sp2fucked.biz

    splitinfinity.info

    xpire.info

    Those pages use several security exploits to stealth install a variety of different software packages on users' PCs, all without any warning whatsoever. Several other domains are used in that installation/exploit process, including:

    69.50.168.147

    195.178.160.30

    213.159.117.133

    b00gle.info

    coolsearch.biz

    newiframe.biz

    pizdato.biz

    Fair warning: do NOT visit any of these domains unless your box is well defended and updated, and you are prepared to deal with the unexpected.

    The software installed on users' PCs appears to vary. Sometimes the exploit pages listed above push porn dialers onto victims' PCs; other times a whole host of spyware and adware packages is installed, as in Ben's test. The packages that we've seen installed via this exploit include:

    180solutions

    BlazeFind

    BookedSpace

    BullsEye Networks

    CashBack (Bargain Buddy)

    ClickSpring

    CoolWebSearch

    DyFuca

    Hoost

    IBIS Toolbar

    Internet Optimizer

    ISTbar

    Power Scan

    SideFind

    TIB Browser

    WebRebates (TopMoxie)

    WhenU (VVSN)

    Window AdControl

    WindUpdates

    YourSiteBar

    The screenshot included with this post comes from the video that Ben made, and it gives a sense for the great variety of junk that can be installed.

    exploitinstalled.jpg

    Be sure to watch Ben's video linked on this page:

    http://www.benedelman.org/news/111804-1.html

    This exploit has been showing up in HijackThis logs in various places on the web, including here at Spyware Warrior:

    http://spywarewarrior.com/viewtopic.php?p=41144

    http://forums.spywareinfo.com/index.php?sh...showtopic=34220

    http://forums.tomcoyote.org/index.php?showtopic=21650

    Reports about the exploit:

    http://www.gossamer-threads.com/lists/full...isclosure/27857

    http://seclists.org/lists/fulldisclosure/2...4/Oct/1031.html

    http://sourceforge.net/mailarchive/forum.p...&forum_id=24754

    Comments from Wayne Porter:

    http://www.revenews.com/wayneporter/archiv...00285.html#more

    And as Eric stated here:

    I might add that I stumbled upon this because of a post by Andrew Clover (of doxdesk.com fame) in response to the Aluria/WhenU controversy:

    http://www.aluriasoftware.com/forum/thread351.html

    And last but extremely important - make sure that people know how to protect their computers from these exploits and possibly being used in a malicious attack.

    IE-SPYAD and AGNIS from Eric Howes will protect from the domains and IP addresses shown in Eric's post.

    http://spywarewarrior.com/viewtopic.php?t=7625

    http://spywarewarrior.com/viewtopic.php?t=7626

    Download links here:

    https://netfiles.uiuc.edu/ehowes/www/resource.htm

    A good firewall, (and not just the Windows firewall) is also necessary to prevent unauthorized use of a computer to participate in a denial of service attack.

    Folks, please help spread the word about this! Post this on any and all forums and sites related to security and spyware/malware!

  7. Hijackthis Log By Sluggish

    in Malware Removal

    Posted

    Hello,

    Close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Click "Fix Checked"...

    reboot.....rescan....post new log.

  9. Oni's Hjck This Log

    in Malware Removal

    Posted

    Hello Oni, sorry for the delay.

    Go to add/remove programs and uninstall if found: couponsandoffers, 180 Solutions(if present), WeatherBug, 2findm~1, 16HIDE~1 and SpeedHack(if not recognized).....reboot if prompted.

    Close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items if present:

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

    O3 - Toolbar: GreyMore - {627DA590-A05C-ADAD-277A-A75F6CD7554C} - C:\PROGRA~1\16HIDE~1\acid sect.dll (file missing)

    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

    O4 - HKLM\..\Run: [synchronization Agent] C:\Documents and Settings\canf\Desktop\SpeedHack\Speed hack.exe<---what is this, if you don't know remove it.

    O4 - HKLM\..\Run: [saap] c:\progra~1\2findm~1\partner\saap.exe

    O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O4 - Startup: PowerReg SchedulerV2.exe

    O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

    O9 - Extra button: ÃøÖ·´óÈ« (HKLM)<---no info on this....removing won't hurt.

    O9 - Extra 'Tools' menuitem: ÃøÖ·´óÈ« (HKLM)<---no info on this....removing won't hurt.

    O9 - Extra button: WeatherBug (HKCU)

    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

    Click "Fix Checked"...Reboot to SAFE mode (F8 on bootup)

    How to start the computer in Safe mode

    Show hidden files and folders-->

    Show hidden files & folders

    and delete the following folders/files in red if found.....

    C:\PROGRAM FILES\16HIDE~1<---folder will start with 16HIDE

    C:\Documents and Settings\canf\Desktop\SpeedHack<---see note above

    O4 - HKLM\..\Run: [saap] c:\program files\2findm~1<---folder will start with 2findm

    O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe

    C:\Program Files\couponsandoffers

    reboot.....download the latest version of HijackThis HERE....post new log.

  10. Oni's Hjck This Log

    in Malware Removal

    Posted

    Download Spybot from

    http://www.safer-networking.org/index.php?page=download

    after installing......hit.."Search for Updates".....get them all.......(Download Updates)........then "Check for Problems".......after the scan is complete..allow Spybot to remove everything listed in RED...reboot your computer.

    NOTE: Spybot will flag 5 DSO Exploit's...this is a bug in the program and will be fixed in the next version, you can ignore these.

    -------------------------------------------------------------------------

    Then Download Ad-aware SE from: http://www.majorgeeks.com/download506.html

    Install the program and launch it.

    First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

    Next, we need to configure Ad-aware for a full scan.

    Click on the Gear icon (second from the left) to access the preferences/settings window

    1. In the General window make sure the following are selected:

    * Automatically save log-file

    * Automatically quarantine objects prior to removal

    * Safe Mode (always request confirmation)

    2. Click on the Scanning button on the left and select :

    * Scan Within Archives

    * Scan Active Processes

    * Scan Registry

    * Deep Scan Registry

    * Scan my IE favorites for banned URL’s

    * Scan my Hosts file

    * Under Click here to select drives + folders, choose:

    * All of your hard drives

    Click on the Advanced button on the left and select:

    * Include additional process information

    * Include additional file information

    * Include environment information

    Click the Tweak button and select:

    * Under the Scanning Engine:

    o Unload recognized processes & modules during scan

    o Include additional Ad-aware settings in logfile

    * Under the Cleaning Engine:

    o Let Windows remove files in use at next reboot

    Click on Proceed to save the settings.

    Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

    * Use Custom Scanning Options

    Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

    Save the log file when it asks and then click Finish

    When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

    Reboot your computer.

    -------------------------------------------------------------------------

    Do an online virus scan HERE and HERE.....reboot after each scan, let us know what couldn't be cleaned(include file path).

    -------------------------------------------------------------------------

    Download latest version of 'Hijack This!'. HijackThis 1.98.2

    Post a new log.... :ph34r:

  12. Oni's Hjck This Log

    in Malware Removal

    Posted

    Hello Oni,

    Before downloading the latest version could you please make a permanent folder off the desktop and put HijackThis.exe in that folder.

    How to make a permanent folder:

    Click My Computer, then C:\

    In the menu bar, File->New->Folder.

    That will create a folder named New Folder, which while highlighted you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder.

    Please put your HijackThis.exe there......post a new log.

  15. Giant Anitspyware Program

    in Spyware/Adware Information

    Posted

    I tried it....found five new items(see link for picture below).

    First entry: <---Kaspersky, says it's clean.

    C:\hp\drivers\video\Sis651\AGP\Win2K_XP\LAYOUT.BIN

    Windows Spy

    Type: Key Logger

    Threat Level: Severe

    Second entry:<----hmmmm, false positive?

    Host file redirection of 127.0.0.1 adwords.google.com

    Possible Hosts File Hijack

    Type: Spyware

    Threat Level: High

    Third entry:<----Ok.....I can believe it!

    BidClix.com

    Type: Cookie

    Threat Level: Low

    Fourth entry:<---Geocities is flagged?

    GeoCities

    Type: Cookie

    Threat Level: Low

    Fifth entry:<----Huh....Hotmail?

    Passport.com

    Type: Cookie

    Threat Level: Low

    All in all....I will uninstall it.

    Screenshot

  18. Business Sign

    in Graphic Design

    Posted

    Hello everyone, below is the design for our Pctorium business sign, it's two sided so you can see it from both directions. It will have a flower bed beneath it and a low profile decorative brick border. Of course the phone number shown is ficticious, but if you'd like the number feel free to ask I'd love to talk with you on the phone.

    Any tips or suggestions welcome!

    shingle.jpg