MalwareTeks Blog

Before proceeding with these removal instructions you will want to download all tools and print the instructions.

Download to your desktop FixIEDef

If you are connected via a router, download the User’s Guide for your router if you don’t have one on-hand.

Now disconnect your computer from the router and power off your router.  Next on the underside of the router should be a little red reset button that is slightly recessed.  Press and hold the reset button for a least 10 seconds.  This is going to reset the router to factory defaults.

Run FixIEDef (Instructions for use can be found at the FixIEDef Webpage)

Now let’s reset the DNS Settings for your computer:

1. Click Windows menu go to Start > Run (if you’re using Vista the search box).
2. Type “cmd”. (This will open the command console).
3. Type the following commands, exactly as shown, pressing the enter key after each command:
ipconfig /release
ipconfig /renew
exit

The command console will exit after the last command is entered.

Now reboot your computer.

Reconnect the router to the computer, turn it on and configure your router. This is where you need the User’s Guide for your router.

If for some reason this does not work, start a thread in the Malware Removal Forum, you must be a registered member of the site to post in the forums.

Calls on Senate for civil penalties

by Wendy Davis, Tuesday, Apr 1, 2008 8:00 AM ET

ADWARE PURVEYOR ZANGO IS PRESSING forward with its case that spyware removal vendor Kaspersky Lab wrongly interfered with Zango’s relationships with Web users.

In papers filed with a federal appeals court, Bellevue, Wash.-based Zango argued that Kaspersky, which removes software that serves pop-up ads, should itself be considered “badware.” “Kaspersky disabled Zango without the customer’s consent and without the customer’s ability to override Kaspersky’s invasive actions,” Zango argued to the Ninth Circuit in a brief filed late last week. “Kaspersky inflicted this interference by behaving like the very ‘badware’ from which it purported to protect consumers.”

[Full Story]

Thanks to Suzi at Spyware Warrior.

By Dan Goodin in San Francisco
26 Mar 2008 00:56

Washington state cracks down

The alleged supplier of some of the net’s most hated malware titles has been sued by Washington state’s attorney general.

Ron Cooke, the owner of Scottsdale, Arizona-based Messenger Solutions, stands accused of violating Washington’s Computer Spyware Act and Consumer Protection Act for marketing programs that went under names including WinAntiVirus Pro 2007, System Doctor, WinAntiSpyware and Messenger Blocker.

According to a complaint filed Tuesday in Washington state court, the company caused some people surfing the net to receive a torrent of pop-ups that advertised porn links and other sketchy sites. The messages were sent through Windows Messenger Service, a feature in Windows that allows network administrators to send notices to users. (The service has been turned off by default since Microsoft pushed out Service Pack 2 for Windows XP, but evidently plenty of people still have it turned on for one reason or another.) [Read Entire Article at the Register]

Is Snopes pushing Adware? Urban legend or fact? by ZDNet’s George Ou

Claim: The popular urban legend debunking site Snopes is pushing Adware on to its readers.

Status: True (No longer true since their shaming from Alex Eckelberry and this blog on 1/28/2008).

Origins: Blogger Adrian W Kingsley-Hughes pointed out this post from Alex Eckelberry of Sunbelt reporting how Snopes is pushing Zango Adware. Apparently it’s 1 of 2 popups that Snopes runs and the other popup is some sort of “registry cleaner” according to Eckelberry. I [More...]

Once again found on Digg Are you Spyware Savy. OK you got me curious. So, I check out the blog post at Bauer-Power: Information is Power!

So, quickly scanning the page this passage just jumps right out at me:

2. What are browser cookies?

Ans: These are created by unethical persons to track your browsing preferences for their own use, to spam your pc with advertisements and marketing ploys, to steal personal information like bank account details, credit card numbers and so on, and to cause harm to your computer and business by stealing data/files.

Now, this guy clearly didn’t write this article himself, since Windows Defender Beta 2 is referenced later in the article.

Back to the subject of this article the HTTP Cookie, or Browser Cookie, or just simply Cookie That is one piece of Super Spyware to do all that. As, I stated in an earlier article, It’s a Cookie, Just Delete It!

Cookies are simple pieces of data unable to perform any operation by themselves. They are neither spyware nor viruses. Cookies are not program code. They cannot erase or read information from the user’s computer. However, cookies allow for detecting the Web pages viewed by a user on a given site or set of sites. This information can be collected in a profile of the user. Such profiles are often anonymous, they do not contain personal information.

Here are a few Myths about Cookies:

• Myth: Cookies are like worms and viruses in that they can erase data from the user’s hard disks;
• Myth: Cookies are a form of spyware in that they can read personal information stored on the user’s computer;
• Myth: Cookies generate popups;
• Myth: Cookies are used for spamming;
• Myth: Cookies are only used for advertising.

What exactly is a cookie? HTTP cookies, sometimes known as web cookies, tracking cookies, or just cookies, are small text files sent by a server to a web browser and back unchanged. Cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences and shopping cart contents.

There are some privacy concerns around the use of cookies. They can be used for tracking browsing behavior. As a result, they have been subject to legislation in various countries such as the United States and in the European Union. Cookies have also been criticised because the identification of users they provide is not always accurate and they could potentially be used for network attacks.

Cookies are also subject to a number of misconceptions, mostly based on the erroneous notion that they are computer programs. In fact, cookies are simple pieces of data unable to perform any operation by themselves. They are neither spyware nor viruses, despite the detection of certain cookies by many anti-spyware products.

To delete cookies:

Internet Explorer Users
1. On the Tools menu, click Internet Options.
2. On the General tab, click Settings, and then click View files.
3. Select the cookie you want to delete, and then, on the File menu, click Delete.

To delete all of the cookies on your computer, click Delete Cookies on the General tab.

Firefox Users
On the Tools menu, Options, clicking the Privacy button, and under Cookies click the Clear button.

Opera Users
Can manage, disable, and enable cookies by clicking the File menu, Preferences, and selecting Privacy.

Note
Some Web sites store your member name and password or other personally identifiable information about you in a cookie; therefore, if you delete a cookie, you may need to re-enter this information the next time you visit the site.

IDG News Service 10/24/07
Robert McMillan, IDG News Service, San Francisco Bureau

Notorious adware maker DirectRevenue LLC has closed shop.

The company, which was recently doing business as Best Offers, gave no reason for its sudden closure, which was announced on its Web site.

[Read the full Article at  ITworld]

One of the biggest threats to you and your identity is spyware that can easily be added onto your computer without your knowledge. A key logger is a type of spyware that can be added to your computer and without knowing what to look for, you could never know it was there. A key logger records your keystrokes, all numbers, letters and symbols, and transmits them or saves them for the hacker.

If you make an online purchase from a website, your account information and your credit card number could be recorded by a key logger. Even though you are at a reputable website, you could still be having your identity stolen. You’ve provided the hacker with everything they need to rack charges up on your credit card and you are left unsuspecting. Your computer could be infected with spyware and/or a key logger right now and you probably don’t even know it.

Some spyware is pretty harmless but some of it leaves you and your information completely exposed and ripe for the picking. Some programs can collect all of your activity on the Internet, including messaging conversations, strokes on your keyboard, travel plans, information about you and your family, even photos and files.

To stop yourself from being a victim of identity theft due to spyware and key logger programs, there are a few things you can do.

First of all, ensure that you have ant-spyware installed on your computer and that you keep it updated regularly. Anti-spyware software can detect spyware on your computer and delete it. You should run an anti-spyware on your computer at least every other day, if not once a day. It’s not fool proof because hackers and spammers are always updating their programs to avoid detection - keeping your anti-spyware up to date, and even having more than one can be very beneficial and help keep you bug free.

Install an anti-virus on your computer as well as anti-spyware, and keep your anti-virus updated and on constantly. You should run an anti-virus on your computer at least every other day, if not once a day.

Practice safe sites - be wary when you are on the Internet and only download programs from web sites that you trust. Never allow anything to be installed on your computer via the Internet without first finding out what exactly it is. Keep your working programs, such as your Internet Browser up to date with the newest versions as well.

There are many ways to have your identity stolen online and spyware and key loggers are just a drop in the bucket. You have to be vigilant with your information that you provide on the Internet, even on trusted websites. Taking care of your computer and the software that is installed on it will help to increase your protection, but nothing is for certain. You must keep an accurate track of your finances and notice immediately if anything looks suspicious. Keep a watchful eye on your credit card and bank statements and if anything seems out of place, report it immediately. You should also check your credit report at least once a year from each of the credit bureaus to ensure that all the information recorded on there is correct. Identity theft is serious and it can completely financially destroy you, so be aware, vigilant and wary.

About the Author
Faithe Thomas is concerned about identity theft and online fraud. She designed a website to help victims and pre-victims: http://www.identity-fraud.info

Mammary stick malfunction

By Dan Goodin in San Francisco
Published Friday 5th October 2007 22:39 GMT

Ohio state legislator Matthew Barrett was supposed to give a group of high school seniors a civics presentation using PowerPoint slides he had prepared on how a bill becomes a law. What they got was an anatomy lesson when the computer he was using displayed the image of a topless woman.

The busty photo appeared shortly after Barrett inserted a memory stick into a school computer. He said there were several snickers from the 20 or so students in the senior government class at Norwalk High School.

[Full Article at The Register]

What are the chances that someone looking for WinRAR will type the following into the bowser address bar: http://www.winrar.com (link deactivated)? Probably millions have done this at one time, the official site is http://www.rarlab.com/.

Anyone going to http://www.winrar.com will be redirected to a French site, when they try to click on the “Free Software Downloads” button. There are 11 copies of WinRAR on this site and all 11 are infected with TROJ_STARTPA.QC.

SOURCE: TrendLabs Malware Blog: A WinRAR-lose situation.