Defeat Internet Browser Exploits With Malwarebytes Anti-Exploit

Cybercriminals design malware to exploit vulnerable systems without user interaction being required – on the one hand, and craft attacks that take advantage of unaware (untrained) computer users, in which user interaction is required – on the other hand.

The second part, of this two part attack approach, can only be defeated if the computer user is aware of current Internet threats. So, knowledge and experience, are critical ingredients in the never ending and escalating battle against cybercriminals.

In order to defeat attacks which rely on exploiting vulnerable systems, the preferred method to do so is – the implementation of a layered security approach. Employing layered security should (I emphasize should), lead to the swift detection of malware, before any damage occurs on the targeted system.

Let’s talk real world:

Given existing technology, no single security application is capable of providing adequate computer system protection. Gaps exist in protection capabilities in even the most sophisticated security applications.

Layering (or stacking) security applications, offers the best chance of remaining infection free, by closing those gaps. Keep in mind however, that even the best layered protection strategy will not make up for the lack of experience, and intuitiveness, of many computer users.

So, stopping the bad guys from gaining a foothold has to be a primary objective of that layered defense strategy that I mentioned earlier. And, part of that strategy includes, raising barriers at the doorway to the system – the Internet browser.

The Modern Malware Review (March 2013), a statistical analysis performed by Palo Alto Networks which focused on malware that – “industry-leading antivirus products” failed to detect – noted a persistent trend.

From the report:

90% of unknown malware delivered via web-browsing

Given that the samples were captured by the firewall, we were able to identify the application that carried the malware. While web-browsing was found to be the leading source of malware both in terms of total malware as well as undetected malware, the application mix was very different between the two groups.

For example, SMTP accounted for 25% of the total malware, but only 2% of the fully undetected malware. Comparatively, web-browsing dominated both
categories, accounting for 68% of total malware, but over 90% of undetected samples. This clearly shows that unknown malware is disproportionally more likely to be delivered from the web as opposed to email.

Another brick in the wall:

Malwarebytes Anti-Exploit (formerly Zero Vulnerability Labs ExploitShield) – a free “install and forget” Internet browser security application (which I installed several days ago) – is designed to protect users from unknown “zero-day” vulnerability exploits aimed at Firefox, Chrome, Internet Explorer, Opera……..

As well, protection is also included for selected browser components – Java, Adobe Reader, Flash, and Shockwave. Added protection is incorporated for Microsoft Office components – Word, Excel, PowerPoint.

Fast facts:

Malwarebytes Anti-Exploit protects users where traditional security measures fail. It consists of an innovative patent-pending application shielding technology that prevents malicious exploits from compromising computers through software vulnerabilities.

Malwarebytes Anti-Exploit is free for home users and non-profit organizations. It includes all protections needed to prevent drive-by download targeted attacks originating from commercial exploit kits and other web-based exploits.

These type of attacks are used as common infection vectors for financial malware, ransomware, rogue antivirus and other types of nastiest not commonly detected by traditional blacklisting antivirus and security products.

Installation is a breeze and, on application launch, a simple and uncomplicated interface is presented.

Clicking on the “Shields” tab will provide you with a list of applications protected by Anti-Exploit – as shown below.

As a reminder that Anti-Exploit is up and running, a new Icon – as shown in the following screen shot, will appear in the system tray.

System requirements: Windows 8, Windows 7, Windows Vista, and Windows XP.

Download at: MajorGeeks

The good news: Each of us, in our own way, has been changed by the world of wonders that the Internet has brought to us. Twenty years on, and I’m still awestruck. I suspect that many of us will be thunderstruck by applications and projects yet to be released.

The bad news: The Internet has more than it’s fair share of criminals, scam and fraud artists, and worse. These lowlifes occupy a world that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software.

When travelling in this often dangerous territory, please be guided by the following: Stop – Think – Click. The bad guys – including the corrupted American government – really are out to get you.

The Modern Malware Review is a 20 page PDF file packed with data which provides a real-world perspective on malware and cybercrime. I recommend that you read it.

Kill Malware And Fix Windows With Free UVK – Ultra Virus Killer

I’d venture to guess, that the majority of computer users take it for granted, that – if they should become infected by malware –  their antimalware application will do all the hard work in detecting and removing the infection. All will be well, once more, with the World – so to speak.  Good luck with that!

Given the complexity of much of today’s malware, its removal can hamper normal Windows operations; leading to an unstable system (or worse). To deal with that, most users will have to seek professional help. Unless, that is, they can turn to a specialty system repair tool like UVK – Ultra Virus Killer (portable version available).

Given the application’s name, it would be easy to assume that the focus here is on scanning for, and removing malware. And, to a point, that’s true – the application can be set to scan with MalwareBytes, SUPERAntiSpyware, and Hitman Pro (these applications will be automatically downloaded and installed, if not already on your system). Additionally, you may choose to run Kaspersky TDSS Killer and ComboFix.

The real strength of the application, in my view, lies in the repair tools which have been designed to repair Windows (if necessary), after the disinfection. On top of that – users may create and run scripts that perform complete system repair and maintenance.

Quick walkthrough:

The following “Welcome” screen is the business end of the application. From here you can –  analyze and clean your machine of malware, spyware and adware, and perform complete system repair and maintenance.

This is a rather full program with a range of capabilities. I have chosen to highlight just a few, for this short review.

Startup Entries and services and Drivers/Tasks:

Delete startup entries, infected services, drivers or scheduled tasks and corresponding files simultaneously.
Select and manage several entries at once.
Verify startup entries files signatures.
Search information about a file over the internet.
Submit one or more entries files MD5 to VirusTotal using the VT API.
Open the registry key where the entry is located with regedit.
Open the entry’s file location.
View the entry’s file properties.
Maximizable window on these sections for a better view.

Run UVK Scripts:

Disinfect your computer by pasting lines from UVK log to delete corresponding registry entries and files.
Use custom commands to download files, execute programs, delete or add registry entries, terminate processes and delete files and folders, run cmd scripts and register system dll’s or run UVK Fixes.
Create system restore points, empty the recycle bin and all users temporary folders.
Create and run scripts that perform complete system repair and maintenance.
Automatically run any of the UVK fixes or scans.

Repair system and UVK Fixes:

Fix your computer with more than fifty exclusive fixes: Fix file extensions, register system dlls, enable and repair Windows update, clear dns and hosts cache, reset user default registry settings, fix installation problems, empty all browsers cache, reset security settings, defragment and optimize the hard drives, install Java, Flash, DirectX, .Net Framework, Fix the WMI and the system restore, delete all restore points, fix the windows shell and the user shell folders and much more.

Automatic anti-malware scans:

Perform automated scans with the most known malware removal programs: MalwareBytes’ AntiMalware, SuperAntiSpyware, Hitman Pro, Kaspersky TDSS Killer and ComboFix.
Automatically delete the threats found in the scans.
Run a configurable automated UVK system repair script after the scans.
Run ComboFix in unattended mode.
Perform all these actions automatically with no user interaction, which can save several hours of work.

Then, on to SUPERAntiSpyware.

In the short time I’ve been running this application – I’ve been impressed. I’ll keep this one around.

I should point out – taking full advantage of all of the features of this application, requires better than average skills.

Checkout the full feature list (much, much more), here – UVK – Ultra Virus Killer

Download at the developer’s site: carifred.com

Developer’s Note:

If your .exe file extension has been corrupted by malware, download the .com version.

You can take a peek at the application in action. Watch – UVK – Ultra Virus Killer – Powerful Virus Removal & System Repair Tool by Britec, on YouTube.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

SSDownloader – A Free One Stop Security Software Downloader

Security Software Downloader (SSDownloader) – now in it’s second edition – is a small open source executable (669KB) – designed specifically as a bulk downloader which focuses on security applications and, security related specialty tools.

A quick walkthrough –

The tab based user interface (Free Antivirus, Security Suites (Trial Versions), Malware Removal, Firewalls, and Other Tools) is uncomplicated, and checkbox simply.

In the first screen grab, referencing “Free Antivirus”, I’ve selected three popular applications for download. Notice the languages which are available, as well as the OS “auto detect” feature.

For this test, I’ve bypassed the Trial Versions opportunity. Still, there’s a good selection of well know applications to choose from.

In this screen capture, I’ve focused on two tools which, I know from experience, can get the job done with a minimum of fuss.

From the “Other tools” menu, I’ve selected three more applications which have served me well in the past.

In testing this neat little tool, I choose a total of 10 applications for download –  and, the task was completed in just over 5 minutes.

As each download is completed, a system notification area popup, tells the tale – as illustrated below.

Note: The default download location is the Desktop. You will however, have an opportunity to select an alternative location.

Fast facts:

Download the most popular free and paid security software with a single click.

OS auto detection.

The latest version of the selected applications will be downloaded.

System requirements: Windows XP, Vista, Win 7 (32 bit and 64 bit). 

Download at: Sourceforge

In my estimation, SSDownloader is a terrific portable tool. For those of us who are geek inclined, SSDownloader (especially given its small footprint), would make a nice addition to a Flash drive toolbox.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Security Precautions For Your New Christmas PC

We are now officially in the “Holiday Season”, (the “Christmas Season”, to we traditionalists), so along with those visions of sugar plum fairies dancing in your head, you just might have visions of a super hot, quad core beast, that you can rip the wrapping off – after Santa has dropped down your chimney.

So if you’ve been good this year, and Santa does drop off that new screaming machine, no doubt you’ll want to put it through its paces right away. But before you test drive this new machine, there are some fundamental precautions you need to take.

Patch your operating system:

Download and install all available patches, and service packs – if applicable, by connecting to Windows Update. Security Gurus will tell you that 50% of unpatched, and unprotected systems, will be infected with malicious code within 12 minutes of being connected to the Internet. Believe it!

Install a Firewall:

Windows 7 comes with a vastly improved Firewall – substantially better than in previous versions of the operating system. Still, many techies consider third party applications more effective.

There are a number of free firewalls that are worth considering. The following are three that do the job particularly well. (Choose only one)

Comodo Firewall Pro:

Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I ran with this application for 18 months during a long term test, and I felt very secure.

PC Tools Firewall Plus:

PC Tools Firewall Plus is my Firewall of choice. It installed easily, set up quickly, and did not caused any conflicts on my test machine despite my sometimes esoteric running requirements. The default settings are well thought out, and provide excellent protection for less experience users.

ZoneAlarm Free Firewall:

ZoneAlarm’s default settings are well thought out, and provide excellent protection for less experience users particularly. Experienced users on the other hand, can tinker to their hearts content, customizing and tweaking the application to meet their specific requirements.

Install anti-virus software:

There is no doubt that an unprotected computer will become infected by viruses and malware within minutes of first being connected to the Internet. There are many free versions of anti-virus software available, and the programs listed below have a well justified reputation. (Choose only one – although Immunet Protect will run successfully as a companion application).

Avira AntiVir Personal:

This anti-virus program offers comprehensive protection with an easy to use interface. In the time that I have been testing Avira I have been impressed with its performance, and I have come to rely on it as my primary anti-virus program on an XP Pro system. I highly recommend this one.

Panda Cloud Antivirus:

I’ve been testing the Beta version of Panda Cloud Antivirus since the end of April 2009, off and on, and I’ve been pleasantly surprised with it’s performance, particularly the light use of system resources. This application is definitely not a resource hog, and I found it outstanding at recognizing and blocking malware threats.

Immunet Free Antivirus:

Immunet Protect is a lightweight cloud based antivirus application, (available in both a free, and a fee version), designed to add a layer of protection while working in partnership with the most popular antimalware solutions. You’ll find Immunet straightforward to install, and easy to run without complication.

Install Anti-spyware and Adware Software:

It’s not only a virus that can put your computer down for the count, but a multitude of nasties freely floating on the Internet. Listed below are a number of free programs that offer very good protection against malware.

Microsoft Security Essentials:

Microsoft Security Essentials, which incorporates antivirus, antispyware and rootkit protection, all under one roof, was released by Microsoft as a free  replacement application for Windows Live OneCare. Microsoft Security Essentials is easy to set up and run, particularly for new users. And, the interface is positively simple offering Quick Scan, Full Scan, or Custom Scan.

Spybot Search and Destroy:

Spybot Search & Destroy can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer. Modules chosen for removal can be sent directly to the included file shredder, ensuring complete elimination from your system.

ThreatFire:

ThreatFire blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. I highly recommend this one!

Additional security protection:

Web of Trust (WOT):

WOT is a free Internet Browser add-on which tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

SpywareBlaster:

SpywareBlaster prevents ActiveX-based spyware, adware, dialers, and browser hijackers from installing on your system by disabling the CLSIDs (a system used by software applications to identify a file or other item), of spyware ActiveX controls. As well, SpywareBlaster can block spyware/tracking cookies and restrict the actions of spyware/adware/tracking sites in Internet Explorer, Firefox, and other browsers.

WinPatrol:

With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

SpyShelter:

SpyShelter is an anti-keylogging, anti-spyware program that protects your data from Keylogging and spy programs: known, unknown, and under-development. It detects and blocks dangerous and malicious programs, to help ensure that your data cannot be stolen by cyber criminals.

Note: Keep in mind however, that even the best layered protection strategy will not make up for lack of experience, and intuitiveness, when surfing the Internet. So, I’ll repeat what I have said here, many times – “knowledge, awareness, and experience are critical ingredients in the escalating battle, against cybercriminals.”

This list is not exhaustive by any means, but it is a good place to start.

A final note: You may find that your new PC is loaded with preinstalled “trial” software. This is the type of thing that drives users buggy, since trying to figure out how to get rid of trialware is not as easy as it should be. But don’t fret.

Take a look at – Free PC Decrapifier – Bloatware Begone! – a free application designed to specifically uninstall these annoyances

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Microsoft Security Essentials –“Here I Come To Save The Day”

Oh, the embarrassment of it all! I haven’t had to deal with a malware issue (other than self infecting in AV product testing), for more than 2 years – until this past week. No big deal, except perhaps, for the way I got infected – that old, old, old, malware attack vector – an infected search engine result.

The manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, continues to be a major threat to system security. And, why not? It bloody well works!

Over the years, I’ve written more than a few articles on search engine malware – the last – Search Engine Malware – The Same Old, Same Old – this past August.

From that article:

Here’s how the cyber crooks do it:

Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code.

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

So there I was, happily bouncing along the Internet highway Googling a phrase I had read on another blog. Choosing the first Google return proved to be a very bad idea indeed, since I immediately stepped into an infected iFrame.

But thankfully, all was not lost – Microsoft Security Essentials (which incorporates antivirus, antispyware and rootkit protection), halted the malware – Trojan:JS/BlacoleRef.K – in its tracks!

So what’s the lesson here?

A couple really – AV settings are very important. In this case, as per the following screen shot – nothing moves into, or out of this machine, without being scanned. Microsoft Security Essentials makes it so simple – no esoteric choices.

The second lesson – a MOST important lesson – absolutely, positively, without fail, come hell or high water, ensure that AV definitions are updated at least daily. Preferably, more often.

You might be surprised to learn, that on the day I stumbled, while MSE recognized the intruder, the vast majority of AVs did not – as per the following VirusTotal report (partially reproduced here).

Since it was preposterous to assume that MSE had in fact eradicated the Trojan (paranoia has its upside don’t you know?    ), I then ran a full scan with Kaspersky Rescue Disk – a free Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

The result? The Kaspersky Rescue Disk scan was clean. MSE had in fact, sent Trojan:JS/BlacoleRef.K to malware hell. Yes!!

I suppose there’s one more lesson that can be dug out of this experience, and that is – those tech journalists who absolutely insist that “pay for” antimalware applications are superior to all free AVs (often, without ever having tested the damn product in real world conditions), should take a step back and reconsider their speculative approach to antimalware application ratings.

Worth repeating: Despite the fact that I’m provided with a free license for all the security applications I test (and then some), I have chosen to run with the following FREE  applications.

Microsoft Security Essentials (free) – an all-in-one antimalware application.

Immunet Protect – a free Cloud based companion antimalware application.

ThreatFire (free) – this application is built around a Host Intrusion Prevention System (HIPS), and behavior based blocking combination.

WinPatrol (free) – another HIPS application with considerable additional functionality. WinPatrol is the elder statesman of this application class and, it just keeps on getting better. A must have application.

PC Tools Firewall Plus (free) – PC Tools Firewall Plus is advanced Firewall technology designed for typical users, not just experts.  The “plus” refers to a HIPS component. Generally, if the ThreatFire HIPS component is triggered on my machine, PC Tools Firewall Plus is triggered as well.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

With Kaspersky’s Free TDSSKiller You’ll Have A Fighting Chance To Kill Rootkits

There’s malware, and then – there’s MALWARE. In other words, all malware is not created equal. For example, Rootkits are not your common everyday piece of malware.

Rootkits are often designed to overwrite the Hard Drive’s MBR (master boot record), the first sector – Sector 0 – where the code to boot the operating system following BIOS loading, resides.

As a consequence, Rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses Rootkit technology to hide, it is going to be difficult to find.

And yes, I’m aware that major AV application developers are fond of pointing out that their products will flag and remove Rootkits. Users are expected to believe those claims – DON”T!

From a previous article (June 2011) –

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector. A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration.

Scanning for Rootkits occasionally, is good practice and by scanning with the right tools, Rootkits can be hunted down and eradicated (maybe) – but  personally, I would never trust that any detection/removal application has successful removed a Rootkit.

If you have detected that your system has become infected by a Rootkit, I recommend that you first wipe the drive –  using a free tool such as Darik’s Boot And Nuke, reformat, and only then – reinstall the operating system.

Rootkit detectors can be difficult to work with and consequently, my good buddy Michael C., following the last post on Rootkit detection – Got A Rootkit Infection? – Find Out With These Four Free Rootkit Detectors – posed the following question: “Just wondering if there is a rootkit detector for us “average users” that doesn’t require a MIT degree.”

And, there is.

Kaspersky Labs has developed the free TDSSKiller utility which is designed to detect and remove common Rootkits. Specifically, Rootkits in the Rootkit.Win32.TDSS family (TDSS, Sinowal, Whistler, Phanta, Trup, Stoned) – in addition to regular Rootkits (now, there’s a misnomer), as well as Bootkits.

Usage instructions:

Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (free 7-Zip, for example).

Run the TDSSKiller.exe file.

The utility can detect the following suspicious objects:

Hidden service – a registry key that is hidden from standard listing.

Blocked service – a registry key that cannot be opened by standard means.

Hidden file – a file on the disk that is hidden from standard listing.

Blocked file – a file on the disk that cannot be opened by standard means.

Forged file – when read by standard means, the original content is returned instead of the actual one.

BackBoot.gen – a suspected MBR infection with an unknown bootkit.

The interface (as shown below) is clean and simple. Click on any of the following graphics to expand.

A scan in progress.

The completed scan shows the system is clean and free of Rootkit infections. You’ll note that the scan finished in 10 seconds.

Following the scan, you will have access to a full report – if you choose.

System requirements: Win 7, Vista, XP (both 32 and 64 bit systems).

Download at: Kaspersky

Since the false positive issue is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you need help in identifying a suspicious file/s, you can send the file/s to VirusTotal.com so that the suspicious file/s can be analyzed.

To read a blow by blow description of just how difficult it can be to identify and remove a Rootkit, you can checkout this Malwarebytes malware removal forum posting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Best Free Security Applications – The Hot Naked Truth!

Without a doubt, the most popular question that comes my way, in one form or another is – which antivirus application(s) would you recommend?

This question is asked so often; I think it’s probably a good idea to answer it in a post every six months, or so.

My response:

Let me answer this by telling you what I run on my principal home machine. But, before I do, let’s talk a bit about Host Intrusion Prevention Systems (HIPS) since, as you’ll see, more and more security applications are including HIPS – or a combination of HIPS, and behavior based blocking components.

There’s not much point in reinventing the wheel, so I’ll go with this description of HIPS/behavior blocking, from About.com:

A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on predefined criteria. Conversely, behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on predefined criteria.

Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry – the entire application is either good (allowed) or it is not. Fortunately, many of these types of products combine both.

Got that? Good.  

Despite the fact that I’m provided with a free license for all the security applications I test, I have chosen to run with the following applications.

Microsoft Security Essentials (free) – an all-in-one antimalware application.

Immunet Protect – a free Cloud based companion antimalware application.

ThreatFire (free) – this application is built around a Host Intrusion Prevention System (HIPS), and behavior based blocking combination. I’m currently testing a new HIPS application – NoVirusThanks EXE Pro – and I’ve been more than impressed to see ThreatFire step in and prevent any system changes by NoVirusThanks – until I approve those changes.

WinPatrol (free) – another HIPS application with considerable additional functionality. WinPatrol is the elder statesman of this application class and, it just keeps on getting better. A must have application.

PC Tools Firewall Plus (free) – PC Tools Firewall Plus is advanced Firewall technology designed for typical users, not just experts.  The “plus” refers to a HIPS component. Generally, if the ThreatFire HIPS component is triggered on my machine, PC Tools Firewall Plus is triggered as well.

When the NoVirusThanks EXE Pro review is posted shortly, you’ll see screen capture evidence of this.

Zemana AntiLogger (paid) – In my view simply the best keylogger defense available.  AntiLogger includes a System Defense module that works similarly to HIPS – to protect the whole system.

As an illustration, the following screen capture shows the System Defense module blocked NoVirusThanks EXE Pro (the application I’m currently testing), until I gave permission.

Each of these applications has been reviewed (some several times), on my site. You can follow the links below to specific review articles.

Microsoft Security Essentials

Immunet Protect

ThreatFire

WinPatrol

PC Tools Firewall Plus

Zemana AntiLogger

Finally, additional Browser protection is a critical ingredient in overall system protection. I recommend that you read the following article here – Updated: An IT Professional’s Must Have Firefox and Chrome Add-ons.

Yes, the title of this article is more than a little off the wall. My blogging buddy TechPaul, made the point not too long ago, that manipulative key words like hot, naked, sex, boobs, nudity …….. well, you get the point – unfairly capture readers attention. I’m testing that theory. 

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Norman Malware Cleaner –Another Free Tool To Remove Tough Malware

Just like the 14 free specialty malware removal tools I wrote on earlier this year, Norman Malware Cleaner has been designed to identify tough malware infections, including specific malware, and then help you eradicate those infections.

Since this particular application is a stand alone executable, it does not require installation (perfect for a Flash Drive). Since scanning with the most recent definition database is a must, you will need to download a new version of the application on a per use basis.

On execution, you will be presented with the following end user agreement. This may be the shortest end user agreement I’ve ever seen.

Despite the fact that this is a powerful application, setting the options is fairly straightforward.

For the first test, I ran a simple Quick scan as illustrated in the following two screen captures.

This scan completed in less than four minutes, and indicated that no infections were present.

I then changed two critical group policies which duplicated common malware attacks – no access to the Task Manager, and restricted access to Windows Explorer (show hidden files).

As you can see in the following screen shot, Norman Malware Cleaner had no difficulty picking up on, and cleaning, these registry changes on a scan rerun.

A scan results log file is saved to the desktop, as illustrated.

Fast facts:

Detect and Remove malware (viruses, Rootkit’s, FakeAV, worms and more)

Utilize advanced Anti-Rootkit technology

Quarantine module

Scanning and cleaning including Norman patented Norman SandBox technology

Supports Quick- Normal- Full- Custom Scan mode

Command line function for better tailor scanning across several machines (businesses)

Daily signature updates available

Systems requirements: Windows 2000, XP, 2003, Vista, 2008 and Win 7.

Download at: Norman

Registration is required.

Note: This application is for use when you are dealing with a machine you know is infected. It is not a replacement for a real-time AV.

As with most tools in this class, advanced computer knowledge is required. Unless you feel confident in your diagnostic skills, you would be better off avoiding this application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Got A Sick PC? Give It Some Free BootMed

I’ve covered a load of  free Live CDs here in the last few years, including – Boot, Recovery, Rescue, Antivirus ……….. To work effectively with such tools though, demands a very high level of user experience with operating systems which, effectively restricts usage to geeks or, the occasional very daring newbie.

I’ve just spent a week, or so, testing BootMed, a Ubuntu Linux driven set of recovery tools which is just a little different than most such tool sets, inasmuch as it’s much more new user centric than most.

On launch, BootMed defaults to Firefox which opens on the developer’s site – “What can BootMed do”.

That’s a bit of a twist on most recovery tools/disks/applications, since the developer has recognized that not all users have the practical background, or the experience, to work with these type of tools unaided.

The tutorials (walk- throughs) on this page )What can BootMed do) – shown below – should make working with the specific applications included on the CD/DVD much easier for less experienced users than it would be otherwise. Kudos to the developer on this one.

Recovery

• Troubleshoot Windows Boot Problems
• Copy files from a computer that will not boot to a pen drive or external hard drive
• Scan for viruses with
  • Stinger
  • ClamWin
• Make a forensic image of a damaged or corrupted hard drive with dd-rescue and recover files from the image
• Recover deleted files with:
  • TestDisk
  • PhotoRec
  • Foremost
• Recover a deleted partition with TestDisk

Misc

• Create a virtual machine from a physical computer
• Wipe (securely erase) a Hard Drive or Pen Drive

More experienced users will simply venture straight to the Desktop to access the available tools.

The following screen capture illustrates the applications available.

Note: Under “Applications”, additional tools are available.

You can see from the following screen capture, that BootMed allows the user to access all attached devices (and their files), from the “Computer” icon.

The following two graphics show the AV’s available. Both AVs will automatically update their definition database – provided the PC is connected to the Internet.

McAfee’s Stinger – a stand-alone utility used to detect and remove specific viruses.

ClamWin Free Antivirus – ClamWin is a free antivirus designed for Windows.

Two file recovery applications are available including PhotoRec, a powerful recovery application.

And TestDisk, which adds additional functionality – including partition recovery.

There are many more applications included in this bag of tools including – GParted partition manager, as well as WINE, which will allow you to run Windows applications from within BootMed.

The CD/DVD burning application Brasero (available under “Applications”), is shown in the following screen shot.

System requirements: Windows XP, Windows Vista, Windows 7

Download 32 bit ISO at: Download.com

Download 64 bit ISO at: Download.com

I particularly like BootMed since it allows a fairly typical user access to complex tools while at the same time, not feeling abandoned in the scary world of operating systems. The developer has recognized this chill factor, and does a fair amount of “hand holding” – I think that’s very cool.

If you’re now a geek, or a high level user, think back to the days when you could have used some “hand holding”. If you were lucky enough to get it, I think you’ll agree that “hand holding” can make a major difference.

If you’re not familiar with booting from a CD, checkout TechPaul’s – How to boot from a CD.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Got A Rootkit Infection? – Find Out With These Four Free Rootkit Detectors

Earlier this week, in my Daily Net News column, I posted the following –

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector. A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration.

That’s truly scary stuff – rootkits are not your common everyday piece of malware. As a reminder to regular readers that rootkits can be hunted down and eradicated, I’m reposting an edited version of an article first published in December of last year.

Rootkits use any number of techniques to hide, including concealing running processes from monitoring programs, and hiding files, and system data, from the operating system.

In other words, the rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be difficult to find.

So, scanning for Rootkits occasionally, is good practice, and if you have the necessary skills to interpret the results of a Rootkit scan, Tizer Rootkit Razor, appears to be a good choice to help you do this. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

Here’s a reasonable test to determine if you have the skills necessary to use this application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using this program would prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

The user interface is dead simply – functional and efficient, as the following screens from my test system indicate. BTW, no Rootkits were found during this test. Or, after scanning with the additional tools listed below.

Fast facts:

Main Screen: This page displays information related to your operating system and memory usage.

Smart Scan: This feature automatically scans all the critical areas in the system and displays hidden objects, making things easier for the user.

NOTE: The user is provided with a feature to fix the hidden object (if any).

Process Scan: This module scans processes currently running on the machine. A process entry will be highlighted in red if it is a hidden rootkit. The user can click on an individual process to display any hidden modules loaded by the process.

NOTE: The user is provided with the option to terminate processes and delete modules.

Registry Scan: This module scan is for hidden registry objects.

Smart Scan: A smart scan will scan the critical areas of the registry.

Custom View: This module provides a virtual registry editor view, hence enables the user to navigate through the registry and check for hidden keys or values. (Hidden keys/values will be highlighted)

Kernel Module Scan: This module scans for loaded drivers in the memory. A module entry will be highlighted in red if it is hidden.

NOTE: The user is provided with a feature to unload and delete a driver module from memory.

Services Scan: This module scans all installed services on the local machine. A particular service entry will be highlighted if it is hidden.

NOTE: The user is provided with start, stop, pause, and resume features. They may also change the startup type of service.

SPI Scan: This module lists all the LSPs installed in the system. This is read only information.

NOTE: The user can check for any unauthorized LSP installed.

SSDT Scan: This module scans for any altered value in the System Service Descriptor Table (SSDT). The process of alteration is termed as “Hooking.”

NOTE: The user can restore the altered value to its original value.

Ports Scan: This module will scan all open TCP and UDP ports. A particular port entry will be highlighted if it is hidden.

NOTE: The user is provided with the option to terminate the connection.

Thread Scan: This module will enumerate all running processes. The user can click on a particular process to view and scan all threads running in context of that process. Any hidden threads will be highlighted in red.

NOTE: The user is provided with the option to terminate a thread.

File/Object Scan: This module will scan for any hidden files in the system. The user selects a location on the computer to scan.

Click here to read about Tizer Rootkit Razor’s features, in comparison with other anti-rootkit applications.

System requirements: Windows XP, Vista, Win 7

Download at: Tizer Secure

Note: registration required.

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I occasionally use each of the rootkit detectors listed below, on my machines.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.