Virus removal is a necessary evil in today's computer world, and taking each computer to a professional every six months can get pricey. It's easier to use antivirus software on your computer to automatically take care of the problem, or to run several programs yourself every six months for free. Here's a short list of some of the best (and cheapest) options available to regular computer users.
Free Software Worth Trying - There are several free software choices on the web that do a great job of cleaning your computer, the registry, virus files, Trojan horses, anything that causes you headaches. They are Ccleaner (ccleaner.com), Malwarebytes (malwarebytes.org), Avira Anti-vir (free-av.com), and AVG Free (free.avg.com). For regular use, these do an excellent job of keeping your computer clean.
Commercial Anti-Virus Software - Commercial anti-virus software tends to be more full-featured than the free versions, and the automatic updates often make it worth the extra money. One of the best is Norton AntiVirus. Norton has been around for decades, and what started out as system-recovery software soon evolved to antiviral support. Norton's experience is reassuring. Other excellent programs are Kaspersky Antivirus 2010 and AVG Internet Security. Like Norton, Kaspersky and AVG are both well-known names in the antiviral market, and they both do an excellent job of updating as new viruses are released.
A newer product is Spyware Doctor with Antivirus. Reviews for it are excellent (PC Magazine), and its prices (as of 2010) are competitive with the best anti-virus software.
Other Options - Besides taking an infected computer to a professional, another option is to create bootable rescue disks. There are several rescue disks available for download that work well. They include SystemRescue, Dr. Web Antivirus, Kaspersky Antivirus, AVG Rescue CD and BitDefender Rescue CD. All have Linux as their base "kernel." You'll need to download one, burn it to CD, boot from the CD and scan your hard drive for viruses and other nasty files.
Read more: http://goo.gl/Ofk8q
Showing posts with label virus removal. Show all posts
Showing posts with label virus removal. Show all posts
Thursday, September 8, 2011
Tuesday, January 5, 2010
Online Virus Scan - Effectual Virus Recovery
If you are going through a bad time with your computer then most probably your system is under the control of viruses, spyware or other malicious products. Symptoms can be observed as follow:
· System restarts frequently.
· Programs freezes automatically.
· Start up issue.
· Error messages pertaining to missing of .dll file.
· Not able to open any e-mail attachment. You may be getting double extension to an opened file.
Above issues may cause you to frustrate. But, after going through this blog, you would be able to get the issue resolved within a minutes. Thanks! Online virus scanner. Just sit with a cup of tea and relax it works automatically. It’s a convenient tool to remove viruses, spyware, adware in no time.
Online virus scan
BitDefender Online Scanner
It offers a comprehensive treatment to clean the system memory, all files and drives' boot sectors. Moreover, if you already have an anti-virus program installed on your PC it will make a double check without any conflicts. Online Virus Scanner is an effective tool against latest threat whose signatures are not realized. In addition the virus signature is always updated so as to give compact security to your network.
ESET Online Scanner
This is the most user-friendly online virus scanner and virus removal tool which can be utilized to check any kinds of viruses, spyware or malware without objecting to your system performance. This too has a self updating mechanism, hence user can leave the rest of the problems and get the best done in no time.
HouseCall
This Online virus scanner can work irrespective of the compatibility of the web browser. It offers quick scan and on customized basis. Hence, users can take the decision accordingly. It is equipped with smart scan technology which ensures latest protection in lesser time. Even the user can review and compare the scan result.
· System restarts frequently.
· Programs freezes automatically.
· Start up issue.
· Error messages pertaining to missing of .dll file.
· Not able to open any e-mail attachment. You may be getting double extension to an opened file.
Above issues may cause you to frustrate. But, after going through this blog, you would be able to get the issue resolved within a minutes. Thanks! Online virus scanner. Just sit with a cup of tea and relax it works automatically. It’s a convenient tool to remove viruses, spyware, adware in no time.
Online virus scan
BitDefender Online Scanner
It offers a comprehensive treatment to clean the system memory, all files and drives' boot sectors. Moreover, if you already have an anti-virus program installed on your PC it will make a double check without any conflicts. Online Virus Scanner is an effective tool against latest threat whose signatures are not realized. In addition the virus signature is always updated so as to give compact security to your network.
ESET Online Scanner
This is the most user-friendly online virus scanner and virus removal tool which can be utilized to check any kinds of viruses, spyware or malware without objecting to your system performance. This too has a self updating mechanism, hence user can leave the rest of the problems and get the best done in no time.
HouseCall
This Online virus scanner can work irrespective of the compatibility of the web browser. It offers quick scan and on customized basis. Hence, users can take the decision accordingly. It is equipped with smart scan technology which ensures latest protection in lesser time. Even the user can review and compare the scan result.
Thursday, December 24, 2009
Online Virus Scan - iYogi UK
Online virus scan is an effective tool against virus. This tool can be downloaded from the web browser and after execution it will ensure100 percent removal from all kinds of viruses, worms, trojans, and all kinds of malware detected by powerful scan engines. This doesn't ensure permanent protection. For that, you need to take help of independent anti-virus software and install antivirus.
Let's get familiarize with some important online virus scanner.
VirusChief:
VirusChief, Online virus scan is not going to replace any antivirus software installed on your PC. It scans individual files on demand only. It offers superior detection rate, but it may harm other files( In rare cases) too. Just enter the file on the browser you want to scan and it will execute the response in just a minute. Best for the average users.
Virustotal:
VirusTotal, Online virus scan has been awarded by the American edition of PC World Magazine. It analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware without any delay. Its scanning is far superior than any antivirus engines. As it does real-time updates of virus signature hence more effectual to provide quick removal.
Important: If a user is present in a remote location he can generate e-mails and attach the required files to get delivered to online virus scan for diagnosis. However, the attachment should not exceed 20 MB file size.
At the end, the user will get a detailled report, which will show the statistics of the infected part. It will show the success and failure of online virus scan in terms of bar graph.
Let's get familiarize with some important online virus scanner.
VirusChief:
VirusChief, Online virus scan is not going to replace any antivirus software installed on your PC. It scans individual files on demand only. It offers superior detection rate, but it may harm other files( In rare cases) too. Just enter the file on the browser you want to scan and it will execute the response in just a minute. Best for the average users.
Virustotal:
VirusTotal, Online virus scan has been awarded by the American edition of PC World Magazine. It analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware without any delay. Its scanning is far superior than any antivirus engines. As it does real-time updates of virus signature hence more effectual to provide quick removal.
Important: If a user is present in a remote location he can generate e-mails and attach the required files to get delivered to online virus scan for diagnosis. However, the attachment should not exceed 20 MB file size.
At the end, the user will get a detailled report, which will show the statistics of the infected part. It will show the success and failure of online virus scan in terms of bar graph.
Tuesday, December 22, 2009
Virus removal
Viruses are the man made software coding that attacks your system or application softwares. They are hazardous for your computer system and eventually to the stored data. Even they can steal your personal information like password and credit card information. So virus removal is important to maintain privacy of personal information and keep system working in smooth condition.
Virus removal softwares are available in two modes, the first one is the independent or third party software and other is online scanner. Both differ considerably in their function. The former Virus removal software work as a preventive measures, while the other one gives offensive approach.
Virus removal software are of different category. Let's get familiar with tested and certified list.
McAfee Family Protection
If you want to get comprehensive and economical PC security then don't waste your time. Get the 1-Year Subscription for 3PCs @ $39.99(USD). You will get the below commitment:
Ban objectionable Websites --Objectionable websites will get filtered so that you are safeguarded from obscene contents.
Decide correct YouTube Videos for kids--Unique key word filtering technology will allow only selected videos.
Schedule time table for kids online--You can schedule timetable for kids so that they don't make misuse of Internet.
Let your family enjoy instant messaging-- It will monitors and records instant message conversations and restrain you from improper dialogue or conversations with strangers.
Online Virus scan tools are too available which can scan and remove viruses on the spot so that you can enjoy healthy computer. These virus removal tools needs to be executed from suitable web browser.
Avira AntiVir Personal for Windows
Above online Virus removal tool provides an easy-to-use interface and pre-configured scan tasks. Hence it will quickly scan your most important drives and folders. You can perform scanning of individual files and folders with the right-click option in Explorer or on the desktop. Alternatively files can be dragged and dropped into the AntiVir virus removal console for quick scanning.
Avira AntiVir Personal online Virus removal tool can be used in Safe Mode. Hence a very effective if the window is not able to boot in normal mode.
Virus removal softwares are available in two modes, the first one is the independent or third party software and other is online scanner. Both differ considerably in their function. The former Virus removal software work as a preventive measures, while the other one gives offensive approach.
Virus removal software are of different category. Let's get familiar with tested and certified list.
McAfee Family Protection
If you want to get comprehensive and economical PC security then don't waste your time. Get the 1-Year Subscription for 3PCs @ $39.99(USD). You will get the below commitment:
Ban objectionable Websites --Objectionable websites will get filtered so that you are safeguarded from obscene contents.
Decide correct YouTube Videos for kids--Unique key word filtering technology will allow only selected videos.
Schedule time table for kids online--You can schedule timetable for kids so that they don't make misuse of Internet.
Let your family enjoy instant messaging-- It will monitors and records instant message conversations and restrain you from improper dialogue or conversations with strangers.
Online Virus scan tools are too available which can scan and remove viruses on the spot so that you can enjoy healthy computer. These virus removal tools needs to be executed from suitable web browser.
Avira AntiVir Personal for Windows
Above online Virus removal tool provides an easy-to-use interface and pre-configured scan tasks. Hence it will quickly scan your most important drives and folders. You can perform scanning of individual files and folders with the right-click option in Explorer or on the desktop. Alternatively files can be dragged and dropped into the AntiVir virus removal console for quick scanning.
Avira AntiVir Personal online Virus removal tool can be used in Safe Mode. Hence a very effective if the window is not able to boot in normal mode.
Tuesday, September 15, 2009
How to Remove the PC Anti-Spyware 2010 Virus from Your Computer
PC Anti-Spyware 2010 is one of the latest viruses that infect computers around the world. As is the trend of recent viruses and spyware, PC Anti-Spyware 2010 appears as a real virus and spyware removal, but actually is a stealth virus that can steal your How To Remove Spyware PC 2010 antivirus software on your computer of personal information like credit card numbers, social security number and bank account details, etc. This is why we must verify the presence of this virus in your computer immediately. PC Anti-Spyware 2010, the virus is not easily removed and cannot be removed from your computer unless you know the detailed steps required to eliminate it. Like many viruses, while others, PC Anti-Spyware 2010 is able to hide itself and runs in the background while you may not be aware of their presence. To remove PC Anti-Spyware 2010 from your computer, follow the steps listed below and get rid of the threat.
How to remove PC Anti-Spyware 2010 from your computer?
1) The first step in eliminating PC Anti-Spyware 2010 is to avoid working in the background. You have to kill all processes associated with this virus to turn off. You need to open the task manager and see if any process associated with the virus is running in the background. Just press CTRL + ALT + DEL or right click on the taskbar and select Task Manager. For the following processes
PC_Antispyware2010.exe
Uninstall.exe
jugifyryve.exe
If you find any of the running processes, the final task, simply click on them and the press. This activity does not uninstall or remove the virus, but merely prevents the virus from working in the current session. When you restart your machine the virus begins to run again.
2) To remove PC 2010 Anti-Spyware completely from your computer, locate the presence of the registry entries related to this virus. To check the registry entries, simply click Start, Run and type regedit and press Enter. Then do not miss the following registry entries and delete if you find that:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ PC_Antispyware2010
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ "PC Antispyware 2010"
HKEY_LOCAL_MACHINE \ SOFTWARE \ PC_Antispyware2010
HKEY_CURRENT_USER \ Control Panel \ do not load \ "scui.cpl"
HKEY_CURRENT_USER \ Control Panel \ do not load \ "wscui.cpl"
3) Finally it is necessary to delete all files and directories that are associated with PC Anti-Spyware 2010. Open Windows Explorer and go to see if the following directories are
How To Remove Spyware PC 2010 Anti-virus from their current team
C: \ Program Files \ PC_Antispyware2010
C: \ Program Files \ PC_Antispyware2010data
If the above directories are present, simply delete them. It is also necessary to check other files associated with PC Anti-Spyware 2010, which may be present in the user profile folders. Simply locate the file named "PC_Antispyware2010" on your computer and be sure to include the system and hidden folders while you perform your search.
The above steps will remove the Anti-Spyware PC 2010 with his team's success. But we must have some experience with Windows programs and registration. If you are unsure of the steps above, contact a security expert and that will eliminate the 2010 spyware removal PC from your computer. You can download the latest antivirus software online. Just make sure the software is capable of removing PC Anti-Spyware 2010.
How to remove PC Anti-Spyware 2010 from your computer?
1) The first step in eliminating PC Anti-Spyware 2010 is to avoid working in the background. You have to kill all processes associated with this virus to turn off. You need to open the task manager and see if any process associated with the virus is running in the background. Just press CTRL + ALT + DEL or right click on the taskbar and select Task Manager. For the following processes
PC_Antispyware2010.exe
Uninstall.exe
jugifyryve.exe
If you find any of the running processes, the final task, simply click on them and the press. This activity does not uninstall or remove the virus, but merely prevents the virus from working in the current session. When you restart your machine the virus begins to run again.
2) To remove PC 2010 Anti-Spyware completely from your computer, locate the presence of the registry entries related to this virus. To check the registry entries, simply click Start, Run and type regedit and press Enter. Then do not miss the following registry entries and delete if you find that:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ PC_Antispyware2010
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ "PC Antispyware 2010"
HKEY_LOCAL_MACHINE \ SOFTWARE \ PC_Antispyware2010
HKEY_CURRENT_USER \ Control Panel \ do not load \ "scui.cpl"
HKEY_CURRENT_USER \ Control Panel \ do not load \ "wscui.cpl"
3) Finally it is necessary to delete all files and directories that are associated with PC Anti-Spyware 2010. Open Windows Explorer and go to see if the following directories are
How To Remove Spyware PC 2010 Anti-virus from their current team
C: \ Program Files \ PC_Antispyware2010
C: \ Program Files \ PC_Antispyware2010data
If the above directories are present, simply delete them. It is also necessary to check other files associated with PC Anti-Spyware 2010, which may be present in the user profile folders. Simply locate the file named "PC_Antispyware2010" on your computer and be sure to include the system and hidden folders while you perform your search.
The above steps will remove the Anti-Spyware PC 2010 with his team's success. But we must have some experience with Windows programs and registration. If you are unsure of the steps above, contact a security expert and that will eliminate the 2010 spyware removal PC from your computer. You can download the latest antivirus software online. Just make sure the software is capable of removing PC Anti-Spyware 2010.
Wednesday, September 2, 2009
Spyware ad-on targets Firefox fans
The malware poses as an Adobe Flash Player update but in veracity its designed to log a user's browsing history, in particular their Google search queries within Firefox. This information is uploaded to a hacker-controlled server.
EBOE-A also has the capability to inject ads into the user’s Google search results pages, Trend Micro warns, which adds that the malware appears to be spreading via forum posts.
The spyware creates a Firefox add-on called "Adobe Flash Player 0.2", which has nothing to do with either Adobe or Mozilla. More on the threat can be found in a write-up by Trend, which includes screenshots,
Malware targeting Firefox users is rare but not unprecedented. Strains of malware that latch onto Internet Explorer, Microsoft's Swiss-cheese browser, are much more commonplace. Common IE-related malware trickery involves exploiting unpatched security vulns to download malware onto vulnerable machines via drive-by download attacks.
EBOE-A also has the capability to inject ads into the user’s Google search results pages, Trend Micro warns, which adds that the malware appears to be spreading via forum posts.
The spyware creates a Firefox add-on called "Adobe Flash Player 0.2", which has nothing to do with either Adobe or Mozilla. More on the threat can be found in a write-up by Trend, which includes screenshots,
Malware targeting Firefox users is rare but not unprecedented. Strains of malware that latch onto Internet Explorer, Microsoft's Swiss-cheese browser, are much more commonplace. Common IE-related malware trickery involves exploiting unpatched security vulns to download malware onto vulnerable machines via drive-by download attacks.
Thursday, August 13, 2009
Symantec & McAfee Get Slap on Hand
I have heard from many customers how McAfee and Symantec (also known as Norton) both do this autobill thing where they charge you each year automatically for your Anti-virus software subscription. I am not a fan of either of these products for many reasons, and this is absolutely another huge thing they do that I have never agreed with.
They both have these auto billing programs where it is not very clear that you are signing up for a subscription for the virus removal software. They used to send you a message saying go to their website, and renew your subscription. But they started a program where they just started billing the credit card that was on file, and never really told anyone nor did they make it clear they were doing that.
I guess I am not the only one who does not like the practices by these companies. The New York City Attorney has been investigating both companies and surprise, surprise! They both have agreed to pay $350,000 each in penalties and costs for the practices that they have engaged in.
Investigators found that the two companies had "failed to adequately disclose to consumers that subscriptions would automatically be renewed and that consumers would be charged," the office of Andrew Cuomo said in a statement Wednesday announcing the settlement. "Companies cannot play hide the ball when it comes to fees consumers are being charged."
These were deceptive business practices, and should be punished. However, I am sure the $350,000 is a drop in the bucket for these large corporations who get upwards of $79 for a pumped up renewal version of their software. In addition to paying the fine, the companies must be more forthcoming on disclosing their subscription renewal fees.
The two companies will also now refund the customer's charges if requested within 60 days of being billed. There will also be an automated way to opt out of the auto billing, instead of trying to figure out how to not get billed.
I have used both of the products over the years, and at a time, each one was the best. During the early years they were THE best thing out there. Now the companies have become so huge that they have a lot of money and think they need to keep adding things into their "suite" of products. The programs became bloated, and now they are not anywhere near as good as they once were.
Even though this is a little slap on the hand for this large companies, maybe it will help bring them back down to earth and remind them about customer service and who really pays the bills for the company.
See Also
windows firewall security
windows spyware removal
malicious spyware removal
Top five steps to stay secure on Internet
They both have these auto billing programs where it is not very clear that you are signing up for a subscription for the virus removal software. They used to send you a message saying go to their website, and renew your subscription. But they started a program where they just started billing the credit card that was on file, and never really told anyone nor did they make it clear they were doing that.
I guess I am not the only one who does not like the practices by these companies. The New York City Attorney has been investigating both companies and surprise, surprise! They both have agreed to pay $350,000 each in penalties and costs for the practices that they have engaged in.
Investigators found that the two companies had "failed to adequately disclose to consumers that subscriptions would automatically be renewed and that consumers would be charged," the office of Andrew Cuomo said in a statement Wednesday announcing the settlement. "Companies cannot play hide the ball when it comes to fees consumers are being charged."
These were deceptive business practices, and should be punished. However, I am sure the $350,000 is a drop in the bucket for these large corporations who get upwards of $79 for a pumped up renewal version of their software. In addition to paying the fine, the companies must be more forthcoming on disclosing their subscription renewal fees.
The two companies will also now refund the customer's charges if requested within 60 days of being billed. There will also be an automated way to opt out of the auto billing, instead of trying to figure out how to not get billed.
I have used both of the products over the years, and at a time, each one was the best. During the early years they were THE best thing out there. Now the companies have become so huge that they have a lot of money and think they need to keep adding things into their "suite" of products. The programs became bloated, and now they are not anywhere near as good as they once were.
Even though this is a little slap on the hand for this large companies, maybe it will help bring them back down to earth and remind them about customer service and who really pays the bills for the company.
See Also
windows firewall security
windows spyware removal
malicious spyware removal
Top five steps to stay secure on Internet
Tuesday, August 11, 2009
Malware/Virus Time-bomb Could go off SEPTEMBER 1st
There are a lot of theories and suggestions of what it could do. The main thing this virus does is allows many computers to attack or "flood" the internet all at the same time, causing what is called denial of service attacks.
Basically it would be like everyone getting in their car and driving down to main street, and trying to drive. Too many cars, not enough road. This is the same concept. The main difference is, you would know if you were driving downtown, in fact more like someone stole your car to drive down there. Your computer just sits there, and you might not even know it is involved in causing the problem!
Here are a couple of things to make sure you do before April 1st:
Check your virus removal program and make sure it is up to date and working. It should be down in your system tray near your clock. Double click on it, ( all the top programs Trend Micro, Norton, McAfee, F-Secure) show you that everything is working or lets you know if there are problems. Most of them have a FIX it button, just click on that if it shows problems.
Second, run a full scan. Many of the programs run a quick scan. On Trend for example, if you open it up and see the scan button, just to the right is an arrow. Click on the down arrow, and choose FULL SCAN. Run that baby and delete any bad stuff it finds.
Lastly Make sure your Windows Security Updates are up to date! You can click here to check Microsoft Updates
If you do not have the worm, there is nothing to worry about. But it is better safe than sorry when it comes to viruses on computers. The biggest threat is to people who are not protected with Internet Security Software, theirs is not working or it is expired.
Basically it would be like everyone getting in their car and driving down to main street, and trying to drive. Too many cars, not enough road. This is the same concept. The main difference is, you would know if you were driving downtown, in fact more like someone stole your car to drive down there. Your computer just sits there, and you might not even know it is involved in causing the problem!
Here are a couple of things to make sure you do before April 1st:
Check your virus removal program and make sure it is up to date and working. It should be down in your system tray near your clock. Double click on it, ( all the top programs Trend Micro, Norton, McAfee, F-Secure) show you that everything is working or lets you know if there are problems. Most of them have a FIX it button, just click on that if it shows problems.
Second, run a full scan. Many of the programs run a quick scan. On Trend for example, if you open it up and see the scan button, just to the right is an arrow. Click on the down arrow, and choose FULL SCAN. Run that baby and delete any bad stuff it finds.
Lastly Make sure your Windows Security Updates are up to date! You can click here to check Microsoft Updates
If you do not have the worm, there is nothing to worry about. But it is better safe than sorry when it comes to viruses on computers. The biggest threat is to people who are not protected with Internet Security Software, theirs is not working or it is expired.
See Also
Bad Information For Hackers
How Do Spyware Infect A System
Adware - How it Can Protect Your Machine
Tuesday, July 14, 2009
Top 7 Steps to Remove Spyware from your Computer
Introduction.
The word Spyware is very common to all that is called a type of internet or computer virus and is a very dangerous. There are many types of viruses some of them are dangerous for MS Word Files, and Some infect Booting Files, some are harm-full for Registry. But there is a lot of Anti Virus to Scan System for Spy Ware and remove, repair, delete from system. Here are some steps to which help to remove spyware from system.
1.First try to Install spyware removal software
After successful installation try to update Antispyware and then scan whole computer it will automatically detects viruses and try to repair, remove and Quarantine.
2. Install Smith Fraud fix and try to update.
After installing both Anti viruses on the computer please try to update both of them and then try to Restart computer in Safe Mode.
3. Disconnect from the Internet
After performing all of the above steps be carefully disconnect your computer but make sure that try to close all open browsers and any opened applications on your computer. There is a very simple way to disconnect computer from internet is remove Telephone Line, or Ether net Cable and from router.
4. Scan Computer
Whenever you have disconnected your computer from internet, it is easy to remove spyware or adware from system via Add remove programs, but always try to remember after performing any modification or degradation or removal of any software and hardware from system care try to Reboot the computer then it work properly. But it is easy and best way to reboot the system in safe mode and then try to run smith fraud fix and then antispyware and if any virus found it will automatically prompted, allow the scanner to clean, quarantine, or delete as appropriate.
5. Get Clear Access to the Problem
While scanning the system in Safe Mode is good practice, it may not be enough to thwart some malware. If the adware or spyware persists despite the above efforts, you'll need to get access to the drive without allowing the adware or spyware to load. The most effective means to get clean access to the drive is to use a BartPE Bootable CD. Once you've booted to the BartPE CD, you can access the file manager, locate the installed virus removal software and rescan the system. Or, locate the offending files and folders and manually delete them.
6. Undo the Residual Damage
After removing the active infestation, you'll need to make sure the adware or spyware won't simply reintegrate itself when the computer is reconnecting to the Internet.
• Before reconnecting, reset your browser start and home pages. Ensure your HOSTS file hasn't been hijacked.
• Make sure undesirable websites haven't been added to your Trusted Sites Zone.
7. Preventing Adware and Spyware
Make sure that your Web browser security is up to snuff, keep your system fully patched, and free from intruders.
Source:
http://www.articlesbase.com/security-articles/top-7-steps-to-remove-spyware-from-your-computer-967664.html
The word Spyware is very common to all that is called a type of internet or computer virus and is a very dangerous. There are many types of viruses some of them are dangerous for MS Word Files, and Some infect Booting Files, some are harm-full for Registry. But there is a lot of Anti Virus to Scan System for Spy Ware and remove, repair, delete from system. Here are some steps to which help to remove spyware from system.
1.First try to Install spyware removal software
After successful installation try to update Antispyware and then scan whole computer it will automatically detects viruses and try to repair, remove and Quarantine.
2. Install Smith Fraud fix and try to update.
After installing both Anti viruses on the computer please try to update both of them and then try to Restart computer in Safe Mode.
3. Disconnect from the Internet
After performing all of the above steps be carefully disconnect your computer but make sure that try to close all open browsers and any opened applications on your computer. There is a very simple way to disconnect computer from internet is remove Telephone Line, or Ether net Cable and from router.
4. Scan Computer
Whenever you have disconnected your computer from internet, it is easy to remove spyware or adware from system via Add remove programs, but always try to remember after performing any modification or degradation or removal of any software and hardware from system care try to Reboot the computer then it work properly. But it is easy and best way to reboot the system in safe mode and then try to run smith fraud fix and then antispyware and if any virus found it will automatically prompted, allow the scanner to clean, quarantine, or delete as appropriate.
5. Get Clear Access to the Problem
While scanning the system in Safe Mode is good practice, it may not be enough to thwart some malware. If the adware or spyware persists despite the above efforts, you'll need to get access to the drive without allowing the adware or spyware to load. The most effective means to get clean access to the drive is to use a BartPE Bootable CD. Once you've booted to the BartPE CD, you can access the file manager, locate the installed virus removal software and rescan the system. Or, locate the offending files and folders and manually delete them.
6. Undo the Residual Damage
After removing the active infestation, you'll need to make sure the adware or spyware won't simply reintegrate itself when the computer is reconnecting to the Internet.
• Before reconnecting, reset your browser start and home pages. Ensure your HOSTS file hasn't been hijacked.
• Make sure undesirable websites haven't been added to your Trusted Sites Zone.
7. Preventing Adware and Spyware
Make sure that your Web browser security is up to snuff, keep your system fully patched, and free from intruders.
Source:
http://www.articlesbase.com/security-articles/top-7-steps-to-remove-spyware-from-your-computer-967664.html
Friday, April 17, 2009
FBI Is Using Spyware Programs against Extortionists and Hackers
In a separate March 2007 Cinicinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."
But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases.
"While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit," reads a formerly-classified March 7, 2002 memo from the Justice Department's Computer Crime and Intellectual Property Section.
The documents, which are heavily redacted, do not detail the CIPAV's capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL.
After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects.
The documents shed some light on how the FBI sneaks the CIPAV onto a target's machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link. That's what happened in the Washington case, according to a formerly-secret planning document for the 2007 operation. "The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject's private chat room on MySpace.c0m."
In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."
The agent phoned the FBI's Special Technologies Operations Unit for "urgent" help, expressing "the valid concern that the Unsub hackers would be 'spooked.'" But two days later the hacker, or a different one, visited the site again and "the system was able to deliver a CIPAV and the CIPAV returned data."
The software's primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks. That's illustrated in several cases in the documents, including the 2004 hunt for a saboteur who cut off telephone, cable TV and internet service for thousands of Boston residents. The man's name is redacted from the documents, but the description of the case matches that of Danny Kelly, an unemployed Massachusetts engineer.
According to court records, Kelly deliberately cut a total of 18 communications cables belong to Comcast, AT&T, Verizon and others over a three month period. In anonymous extortion letters to Comcast and Verizon, Kelly threatened to increase the sabotage if the companies didn't begin paying him $10,000-a-month in protection money. He instructed the companies to deposit the cash in a new bank account and post the account information to a webpage he could access anonymously.
When the FBI tried to track him down from his visits to the webpage, they found he was routing through a German-based anonymizer. The FBI obtained a warrant to use the CIPAV on February 10, 2005, and was apparently successful. Kelly went on to plead guilty to extortion, and was sentenced to five years probation.
The CIPAV also played a previously-unreported role in an investigation of a prolific computer hacker who made headlines after penetrating thousands of computers at Cisco, various U.S. national laboratories, and NASA's Jet Propulsion Laboratory in 2005. The FBI agent leading the case sought approval to plant a CIPAV through an undercover operative posing as a Defense Department contractor "with a computer network connected to JPL's computer network," according to one document. The FBI linked the intrusions to known 16-year-old hacker in Sweden.
And in 2005, FBI agents on the Innocent Images task force hit a wall when trying to track a sexual predator who'd begun threatening the life of a teenage girl he'd met for sex. The man's IP addresses were "from all over the world" -- a sign of web proxy use. The bureau sought and won court approval to use the CIPAV on August 9 2005.
Other cases are less weighty. In another 2oo5 case, someone was unwisely using the name of the chief of the FBI's Buffalo, New York office to harass people online. The FBI got a warrant to use the spyware to track down the fake agent.
Related Search
windows spyware removal
top 10 virus removal
Types of Spyware in your computer
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases.
"While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit," reads a formerly-classified March 7, 2002 memo from the Justice Department's Computer Crime and Intellectual Property Section.
The documents, which are heavily redacted, do not detail the CIPAV's capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL.
After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects.
The documents shed some light on how the FBI sneaks the CIPAV onto a target's machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link. That's what happened in the Washington case, according to a formerly-secret planning document for the 2007 operation. "The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject's private chat room on MySpace.c0m."
In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."
The agent phoned the FBI's Special Technologies Operations Unit for "urgent" help, expressing "the valid concern that the Unsub hackers would be 'spooked.'" But two days later the hacker, or a different one, visited the site again and "the system was able to deliver a CIPAV and the CIPAV returned data."
The software's primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks. That's illustrated in several cases in the documents, including the 2004 hunt for a saboteur who cut off telephone, cable TV and internet service for thousands of Boston residents. The man's name is redacted from the documents, but the description of the case matches that of Danny Kelly, an unemployed Massachusetts engineer.
According to court records, Kelly deliberately cut a total of 18 communications cables belong to Comcast, AT&T, Verizon and others over a three month period. In anonymous extortion letters to Comcast and Verizon, Kelly threatened to increase the sabotage if the companies didn't begin paying him $10,000-a-month in protection money. He instructed the companies to deposit the cash in a new bank account and post the account information to a webpage he could access anonymously.
When the FBI tried to track him down from his visits to the webpage, they found he was routing through a German-based anonymizer. The FBI obtained a warrant to use the CIPAV on February 10, 2005, and was apparently successful. Kelly went on to plead guilty to extortion, and was sentenced to five years probation.
The CIPAV also played a previously-unreported role in an investigation of a prolific computer hacker who made headlines after penetrating thousands of computers at Cisco, various U.S. national laboratories, and NASA's Jet Propulsion Laboratory in 2005. The FBI agent leading the case sought approval to plant a CIPAV through an undercover operative posing as a Defense Department contractor "with a computer network connected to JPL's computer network," according to one document. The FBI linked the intrusions to known 16-year-old hacker in Sweden.
And in 2005, FBI agents on the Innocent Images task force hit a wall when trying to track a sexual predator who'd begun threatening the life of a teenage girl he'd met for sex. The man's IP addresses were "from all over the world" -- a sign of web proxy use. The bureau sought and won court approval to use the CIPAV on August 9 2005.
Other cases are less weighty. In another 2oo5 case, someone was unwisely using the name of the chief of the FBI's Buffalo, New York office to harass people online. The FBI got a warrant to use the spyware to track down the fake agent.
Related Search
windows spyware removal
top 10 virus removal
Types of Spyware in your computer
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
Thursday, April 16, 2009
Types of Spyware in your computer
Spyware is any software that collects information from a PC without the user’s knowledge. There are many different types of spyware operating on the Internet but you can generally group them into two categories: Domestic Spyware and Commercial Spyware.
Domestic Spyware is software that is usually purchased and installed by computer owners to watch the Internet behavior on their computer networks. Employers use this software to monitor employee online activities; some family members use domestic spyware to monitor other family members (such as reviewing the content of children’s chat room sessions).
Commercial Spyware (also known as adware) is software that companies use to track your Internet browsing activities. Companies that track your online habits often sell this information to marketers who then hit you with targeted advertising—ads that match your browsing interests and would most likely appeal to you.
Advertisers are delighted when they acquire such valuable marketing information so easily; in the past marketers had to bribe you to learn your preferences through contests, registration surveys and the like. Those methods of gaining your personal information still exist, but in those cases you have the power to read the fine print to learn the fate of your data and so could choose to consent or refuse. Gaining your preferences by stealth using software spies is far easier and offers a much more complete picture for the marketing industry; as a result, spyware is everywhere. For more information on how and when spyware attaches itself to your computer, read
How Did Spyware End Up on My Computer?
At the very least, spyware is a nuisance—slowing down your computer, filling your hard drive with useless gunk and marking you as a target for enterprising advertisers. Beyond intruding on your privacy, spyware can be used as a tool to perpetuate crimes, such as identify fraud. Below is a list detailing different types of spyware and the purposes for each.
Internet URL loggers & screen recorders
URL loggers track websites and pages visited online; screen recorders can take a small grayscale snapshot image of your screen every time it changes and can store or transmit these without notifying you. These methods are common to Domestic spyware.
Keyloggers & password recorders Keyloggers & password recorders
When you bank online with this software on your hard drive someone is looking over your shoulder. Password recorders do just that—track typed passwords. Keylogger software records all of your keystrokes, not just passwords.
Web bugs
Web bugs are also known as advertiser spyware or adware. When you have adware on your computer you receive targeted, popup ads after you perform some action, such as typing something into a search engine. This advertising can even appear on your screen even when you are not online. If you are pummeled with new advertising screens constantly, you most likely have web bug spyware installed on your computer.
Browser hijacking
Browser hijackers place Internet shortcuts on your Favorites Folder without prompting you. This shortcut will lead many accidental viewers to their website so that they may artificially inflate their website\'s traffic stats; this enables them to receive higher advertising revenues at the expense of your time. You may be able to get rid of these false favorites by changing your Internet options, but occasionally the only way to get rid of these annoying shortcuts is to go into your registry and delete them. However, some spyware installs a safety net for itself that resets the spyware on your registry each time you reboot. Your only option to kill this aggressive type of spyware is to reformat your hard drive or to utilize an excellent anti-spyware program.
Modem hijacking
If you use a telephone modem for your Internet connection, an unscrupulous person may be able to install an online dialer on your computer to establish a new Internet connection that uses pricy 900-type long-distance phone numbers—quite a shock when you get your next telephone bill. These dialer spyware programs often piggy-back on spam and porn emails; simply opening the email can inadvertently initiate the dialer installation. The hard-to-track villain banks on the fact that you’ll pay your phone bill in full before you take time to figure out what happened.
PC hijacking
Some borrow your computer system for their own use—spyware users can hijack your connection to send their spam through your ISP. This means that a parasitical spammer can send thousands of spam emails through your computer connection and your ISP address. High-volume, high speed Internet access lines are targeted by users of this spyware. Often victims don’t realize that their good name has been muddied until their ISP cuts them off due to spam complaints.
Trojans & viruses
Like the wooden Trojan horse that the Greeks used to enter Troy, this spyware masquerades as a something harmless yet can compromise your computer—your data may be copied, distributed or destroyed. A virus is similar but has the additional power to replicate itself, causing damage to multiple computers. Both of these vicious pieces of software fall under the definition of spyware because the user is unaware of and would not condone their true purpose.
Related Search
morris worm removal
spyware adware removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
Domestic Spyware is software that is usually purchased and installed by computer owners to watch the Internet behavior on their computer networks. Employers use this software to monitor employee online activities; some family members use domestic spyware to monitor other family members (such as reviewing the content of children’s chat room sessions).
Commercial Spyware (also known as adware) is software that companies use to track your Internet browsing activities. Companies that track your online habits often sell this information to marketers who then hit you with targeted advertising—ads that match your browsing interests and would most likely appeal to you.
Advertisers are delighted when they acquire such valuable marketing information so easily; in the past marketers had to bribe you to learn your preferences through contests, registration surveys and the like. Those methods of gaining your personal information still exist, but in those cases you have the power to read the fine print to learn the fate of your data and so could choose to consent or refuse. Gaining your preferences by stealth using software spies is far easier and offers a much more complete picture for the marketing industry; as a result, spyware is everywhere. For more information on how and when spyware attaches itself to your computer, read
How Did Spyware End Up on My Computer?
At the very least, spyware is a nuisance—slowing down your computer, filling your hard drive with useless gunk and marking you as a target for enterprising advertisers. Beyond intruding on your privacy, spyware can be used as a tool to perpetuate crimes, such as identify fraud. Below is a list detailing different types of spyware and the purposes for each.
Internet URL loggers & screen recorders
URL loggers track websites and pages visited online; screen recorders can take a small grayscale snapshot image of your screen every time it changes and can store or transmit these without notifying you. These methods are common to Domestic spyware.
Keyloggers & password recorders Keyloggers & password recorders
When you bank online with this software on your hard drive someone is looking over your shoulder. Password recorders do just that—track typed passwords. Keylogger software records all of your keystrokes, not just passwords.
Web bugs
Web bugs are also known as advertiser spyware or adware. When you have adware on your computer you receive targeted, popup ads after you perform some action, such as typing something into a search engine. This advertising can even appear on your screen even when you are not online. If you are pummeled with new advertising screens constantly, you most likely have web bug spyware installed on your computer.
Browser hijacking
Browser hijackers place Internet shortcuts on your Favorites Folder without prompting you. This shortcut will lead many accidental viewers to their website so that they may artificially inflate their website\'s traffic stats; this enables them to receive higher advertising revenues at the expense of your time. You may be able to get rid of these false favorites by changing your Internet options, but occasionally the only way to get rid of these annoying shortcuts is to go into your registry and delete them. However, some spyware installs a safety net for itself that resets the spyware on your registry each time you reboot. Your only option to kill this aggressive type of spyware is to reformat your hard drive or to utilize an excellent anti-spyware program.
Modem hijacking
If you use a telephone modem for your Internet connection, an unscrupulous person may be able to install an online dialer on your computer to establish a new Internet connection that uses pricy 900-type long-distance phone numbers—quite a shock when you get your next telephone bill. These dialer spyware programs often piggy-back on spam and porn emails; simply opening the email can inadvertently initiate the dialer installation. The hard-to-track villain banks on the fact that you’ll pay your phone bill in full before you take time to figure out what happened.
PC hijacking
Some borrow your computer system for their own use—spyware users can hijack your connection to send their spam through your ISP. This means that a parasitical spammer can send thousands of spam emails through your computer connection and your ISP address. High-volume, high speed Internet access lines are targeted by users of this spyware. Often victims don’t realize that their good name has been muddied until their ISP cuts them off due to spam complaints.
Trojans & viruses
Like the wooden Trojan horse that the Greeks used to enter Troy, this spyware masquerades as a something harmless yet can compromise your computer—your data may be copied, distributed or destroyed. A virus is similar but has the additional power to replicate itself, causing damage to multiple computers. Both of these vicious pieces of software fall under the definition of spyware because the user is unaware of and would not condone their true purpose.
Related Search
morris worm removal
spyware adware removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
Wednesday, April 15, 2009
What is a virus signature and how it is used
Signatures
A virus signature is any series of bits that can be used to accurately identify the presence of a particular virus in a given file or range of memory.
Once we get a section of a virus, the type of the virus (worm, rootkit, simple infector, etc.) should be determined. Only after that step, a signature can be extracted from the binary code. In many cases (e.g. EXE infectors, COM infectors, polymorphic viruses.) this will be possible and enough to notice the virus in the future. However, in recent viruses which are much more complex (e.g. metamorphic viruses) other techniques are required.
Despite all this, and although many believe that signatures were used only in antivirus software of the 80’s, 90’s, and that they are no longer used, this is totally untrue. The truth is that signatures still play a fundamental role in the various virus detection algorithms used by current antivirus products. Let’s see a typical example 0f a signature. Suppose the following sequence of bits (in hexadecimal) corresponds to a signature for a virus called Doctor Evil:
A6 7C FD 1B 45 82 90 1D 7F 3C 8A OF 96 18 A4 D3 5F FF 0F 1D
One question that you’re probably doing is: How is a signature chosen for a given virus?
The answer is not simple. It depends mainly on the type of virus. For instance, if the virus is a simple EXE file infector, we just need to look for a sequence of bytes (as the one shown above) within the binary code of the virus. We must select a signature which is long enough to generate as fewest false positives as possible. For instance, choosing the following signature:
A4 B7 11 01
is probably not a good idea. This is due to the short length of the signature. Such a short sequence of bits is likely to be present in other executable programs that are actually not infected. That is why the length should be considerably long (more than 50 bytes). The additional problem is what signature to choose, because for an arbitrary virus we could find plenty of potential signatures. Nevertheless, not always the longest is the best… at least not in the case of signatures…!
People at IBM invented an excellent technique based on Markov models. I studied for several hours the contents of their article which is neither something extremely complex to understand, nor something simple. After that, I created a trigram generator and an automatic signature extractor in C#. For a given virus, this tool can automatically extract the signature with less likelihood of false positives. I could extract signatures for thousands 0f viruses within a few hours by using a virtual machine and the tool I developed. I was delighted to see hundreds 0f wicked programs working hard to contaminate my virtual machine. All the infected files were isolated and then analyzed by the tool in order to extract valid signatures. Finally, the tool stored all the signatures in a MySQL database.
I will describe the tool with more detail in a forthcoming article. I strongly recommend you to read the excellent article from IBM to get started.
Generic Emulation
It is relatively easy to detect the presence of a simple infector within an infected file. We only need to analyze certain areas of the file for known signatures. Even so, things get more complicated when the virus changes its form on each infection (polymorphism), or if it encrypts/compresses itself on each infection. The task gets even harder when these mechanisms are combined several times, even recursively. In these cases, the signatures must be carefully extracted from the clean (uncompressed/decrypted, etc.) image of the evil program.
To detect this type of complex viruses, the technique used is known as generic emulation. This technique (among others) was patented by the firm Symantec. Carey Nachenberg is known as the primary inventor and a chief architect in Symantec’s antivirus labs.
The idea is simple and efficient: in order to scan a program, its execution is emulated during a quantity of C instructions. All memory pages altered by instructions involved in the emulation process are analyzed. This has sense, since those instructions could be part 0f a decryption/decompression routine, etc., which is reconstructing the original virus and is precisely there, where we must search for known signatures.
Thus, unlike what many believe, signatures are still being used to detect these complex threats. The special support from emulation gives time for the virus to reconstruct itself in memory.
Optimizations
At this point, you may be wondering how antivirus products scan a file so fast even when they have to search for thousands of signatures. There are several answers and you will find the majority of them on Symantec patents. For instance, Norton Antivirus uses signatures beginning only with a subset of all the possible bytes. This trick allows a super-fast search because knowing the possible prefixes it is possible to cut the search space considerably. The bytes are selected according to their frequency of use in 80×86 machine code. Besides, not all files are actually emulated.
Related Search
antivirus technical support
top 10 virus removal
virus removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
A virus signature is any series of bits that can be used to accurately identify the presence of a particular virus in a given file or range of memory.
Once we get a section of a virus, the type of the virus (worm, rootkit, simple infector, etc.) should be determined. Only after that step, a signature can be extracted from the binary code. In many cases (e.g. EXE infectors, COM infectors, polymorphic viruses.) this will be possible and enough to notice the virus in the future. However, in recent viruses which are much more complex (e.g. metamorphic viruses) other techniques are required.
Despite all this, and although many believe that signatures were used only in antivirus software of the 80’s, 90’s, and that they are no longer used, this is totally untrue. The truth is that signatures still play a fundamental role in the various virus detection algorithms used by current antivirus products. Let’s see a typical example 0f a signature. Suppose the following sequence of bits (in hexadecimal) corresponds to a signature for a virus called Doctor Evil:
A6 7C FD 1B 45 82 90 1D 7F 3C 8A OF 96 18 A4 D3 5F FF 0F 1D
One question that you’re probably doing is: How is a signature chosen for a given virus?
The answer is not simple. It depends mainly on the type of virus. For instance, if the virus is a simple EXE file infector, we just need to look for a sequence of bytes (as the one shown above) within the binary code of the virus. We must select a signature which is long enough to generate as fewest false positives as possible. For instance, choosing the following signature:
A4 B7 11 01
is probably not a good idea. This is due to the short length of the signature. Such a short sequence of bits is likely to be present in other executable programs that are actually not infected. That is why the length should be considerably long (more than 50 bytes). The additional problem is what signature to choose, because for an arbitrary virus we could find plenty of potential signatures. Nevertheless, not always the longest is the best… at least not in the case of signatures…!
People at IBM invented an excellent technique based on Markov models. I studied for several hours the contents of their article which is neither something extremely complex to understand, nor something simple. After that, I created a trigram generator and an automatic signature extractor in C#. For a given virus, this tool can automatically extract the signature with less likelihood of false positives. I could extract signatures for thousands 0f viruses within a few hours by using a virtual machine and the tool I developed. I was delighted to see hundreds 0f wicked programs working hard to contaminate my virtual machine. All the infected files were isolated and then analyzed by the tool in order to extract valid signatures. Finally, the tool stored all the signatures in a MySQL database.
I will describe the tool with more detail in a forthcoming article. I strongly recommend you to read the excellent article from IBM to get started.
Generic Emulation
It is relatively easy to detect the presence of a simple infector within an infected file. We only need to analyze certain areas of the file for known signatures. Even so, things get more complicated when the virus changes its form on each infection (polymorphism), or if it encrypts/compresses itself on each infection. The task gets even harder when these mechanisms are combined several times, even recursively. In these cases, the signatures must be carefully extracted from the clean (uncompressed/decrypted, etc.) image of the evil program.
To detect this type of complex viruses, the technique used is known as generic emulation. This technique (among others) was patented by the firm Symantec. Carey Nachenberg is known as the primary inventor and a chief architect in Symantec’s antivirus labs.
The idea is simple and efficient: in order to scan a program, its execution is emulated during a quantity of C instructions. All memory pages altered by instructions involved in the emulation process are analyzed. This has sense, since those instructions could be part 0f a decryption/decompression routine, etc., which is reconstructing the original virus and is precisely there, where we must search for known signatures.
Thus, unlike what many believe, signatures are still being used to detect these complex threats. The special support from emulation gives time for the virus to reconstruct itself in memory.
Optimizations
At this point, you may be wondering how antivirus products scan a file so fast even when they have to search for thousands of signatures. There are several answers and you will find the majority of them on Symantec patents. For instance, Norton Antivirus uses signatures beginning only with a subset of all the possible bytes. This trick allows a super-fast search because knowing the possible prefixes it is possible to cut the search space considerably. The bytes are selected according to their frequency of use in 80×86 machine code. Besides, not all files are actually emulated.
Related Search
antivirus technical support
top 10 virus removal
virus removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
Tuesday, April 14, 2009
17-year-old Attacked Twitter With Worm
The nettlesome program, known as a worm, targeted Twitter's network with four different attacks starting early Saturday and ending early Monday, according to Twitter co-founder.
The worm was set up to promote a Twitter knockoff, StalkDaily.com. It displayed unwanted messages on infected Twitter accounts, urging people to visit the Web site.
The worm was designed to automatically reproduce itself once its links were clicked on, but it didn't filch any personal information from the more than 6.1 million people with Twitter accounts, Stone wrote in a posting about the incident. Nearly 10,000.00 Twitter messages, known as "tweets," had to be deleted to contain the potential damage.
"We are still reviewing all the details, cleaning up and we remain alert," Stone reassured Twitter's audience.
Michael "Mikeyy" Mooney, a 17-year-old high school student who created StalkDaily, acknowledged unleashing the worm in a Monday interview with The Associated Press. Besides wanting to promote his Web site, Mooney said he wanted to expose Twitter's weaknesses.
"I really didn't think it was going to get that much attention, but then I started to see all these stories about it and thought, 'Oh my God,' " said Mooney, who lives in Brooklyn, N.Y. He first confessed his responsibility for the worm .
Mooney began having second thoughts about what he had done after reading a part of Stone's posting indicating that Twitter might pursue legal action against its tormenter. In a Monday e-mail sent to the AP, Stone said he didn't know whether Twitter will go after Mooney.
"If I get hit with a lawsuit, I am going to have major regrets and a big brick on my back," Moooney said. "I am backing off now. Twitter ignored its vulnerability (to worms) so I am hoping they can just ignore me now."
In the mean time, Mooney is retooling StalkDaily.com to accommodate more users. He has temporarily closed the site after getting swamped by the traffic triggered by his worm.
The trouble with Mooney represents another rite of passage for San Francisco-based Twitter, which has emerged a popular way to communicate on the Web and mobile phones since its debut three years ago.
Twitter's system, which limits messages to 140 characters, is used to broadcast both mundane and tantalizing information by a diverse group of users that include teenagers, celebrities, news agencies, politicians, police departments and companies.
Twitter's broadening reach makes it an inviting target for mischief makers and scam artists. Two of the Internet's biggest online hangouts, Facebook and MySpace, both have had to grapple with similar threats.
The widening usage also occasionally overwhelms the free service, whose 30 employees have been subsisting on about $55 million in venture capital until Stone and fellow co-founder Evan Williams come up with a way to generate revenue.
Although it doesn't break down as frequently as it did in its early days, Twitter periodically remains inaccessible because its computer servers can't handle all the traffic.
Such challenges have spurred speculation that Twitter eventually will be sold to a larger Internet company. Twitter already spurned a $500.00 million buyout offer from Facebook Inc. There also have been unsubstantiated reports that Internet search leader Google Inc. is eyeing a possible bid for Twitter.
Both Williams and Stone have said they intend to build Twitter into a profitable, independent company.
Related Search
virus removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
The worm was set up to promote a Twitter knockoff, StalkDaily.com. It displayed unwanted messages on infected Twitter accounts, urging people to visit the Web site.
The worm was designed to automatically reproduce itself once its links were clicked on, but it didn't filch any personal information from the more than 6.1 million people with Twitter accounts, Stone wrote in a posting about the incident. Nearly 10,000.00 Twitter messages, known as "tweets," had to be deleted to contain the potential damage.
"We are still reviewing all the details, cleaning up and we remain alert," Stone reassured Twitter's audience.
Michael "Mikeyy" Mooney, a 17-year-old high school student who created StalkDaily, acknowledged unleashing the worm in a Monday interview with The Associated Press. Besides wanting to promote his Web site, Mooney said he wanted to expose Twitter's weaknesses.
"I really didn't think it was going to get that much attention, but then I started to see all these stories about it and thought, 'Oh my God,' " said Mooney, who lives in Brooklyn, N.Y. He first confessed his responsibility for the worm .
Mooney began having second thoughts about what he had done after reading a part of Stone's posting indicating that Twitter might pursue legal action against its tormenter. In a Monday e-mail sent to the AP, Stone said he didn't know whether Twitter will go after Mooney.
"If I get hit with a lawsuit, I am going to have major regrets and a big brick on my back," Moooney said. "I am backing off now. Twitter ignored its vulnerability (to worms) so I am hoping they can just ignore me now."
In the mean time, Mooney is retooling StalkDaily.com to accommodate more users. He has temporarily closed the site after getting swamped by the traffic triggered by his worm.
The trouble with Mooney represents another rite of passage for San Francisco-based Twitter, which has emerged a popular way to communicate on the Web and mobile phones since its debut three years ago.
Twitter's system, which limits messages to 140 characters, is used to broadcast both mundane and tantalizing information by a diverse group of users that include teenagers, celebrities, news agencies, politicians, police departments and companies.
Twitter's broadening reach makes it an inviting target for mischief makers and scam artists. Two of the Internet's biggest online hangouts, Facebook and MySpace, both have had to grapple with similar threats.
The widening usage also occasionally overwhelms the free service, whose 30 employees have been subsisting on about $55 million in venture capital until Stone and fellow co-founder Evan Williams come up with a way to generate revenue.
Although it doesn't break down as frequently as it did in its early days, Twitter periodically remains inaccessible because its computer servers can't handle all the traffic.
Such challenges have spurred speculation that Twitter eventually will be sold to a larger Internet company. Twitter already spurned a $500.00 million buyout offer from Facebook Inc. There also have been unsubstantiated reports that Internet search leader Google Inc. is eyeing a possible bid for Twitter.
Both Williams and Stone have said they intend to build Twitter into a profitable, independent company.
Related Search
virus removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
Subscribe to:
Posts (Atom)