December 10, 2009
Cybercriminals are putting forth every effort to make malware difficult to detect. Successfully, I might add. Ever optimistic, I thought I would have a go at providing information on how to make their job a little tougher.
Knowing exactly what is running on a computer is paramount to learning what shouldn't be. Creating a reference baseline is the best way I've found to accomplish this. Let's look at three applications that do just that.
Microsoft Process Explorer (formerly Sysinternals)
Process Explorer provides an excellent way to determine what processes are running on a computer. It also describes the function of each process. More important, you can use Process Explorer to create a baseline of the running processes used by the computer when it's operating correctly. If for some reason the computer starts behaving poorly, run Process Explorer again and compare the scans. Any differences will be good places to start looking for malware.
Trend Micro's HiJackThis
HiJackThis is Process Explorer on steroids, making the application somewhat daunting to those of us not completely familiar with operating systems. Still, running HiJackThis before having malware problems creates a great reference baseline, making it easy to spot changes. If it's too late to run a baseline scan, do not fear. Several Web sites offer online applications that will automatically analyze the log file from HiJackThis, pointing out possible conflicts. Two that I use are HiJackThis.de Security and NetworkTechs.com. If you would rather have trained experts help, I would recommend WindowSecurity.com's HiJackThis forum.
Kaspersky has an application similar to HiJackThis called GetSystemInfo. I like the fact that Kaspersky has an online parser. Just upload the log file and the parser will point out any disparities. GetSystemInfo, like the other scanners, is a good way to keep track of what's on the computer, and if need be, it can help find any malware that happens to sneak in. Be careful: As I alluded to earlier, removing processes suggested by the scanners is not for the faint of heart. It requires in-depth knowledge of operating systems or being able to compare before and after scans.
Anti-malware includes any program that combats malware, whether it’s real-time protection or detection and removal of existing malware. Vulnerability scanners proactively detect vulnerabilities so that malware can't gain a foothold. I'd rather update applications than chase malware any day.
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) is a vulnerability scanner that detects insecure configuration settings and checks all installed Microsoft products for missing security updates. I recommend using MBSA when upper management needs convincing. Making a case for needing a vulnerability scanner is sometimes easier if the product is from the OEM.
Secunia inspection scanners
Secunia's scanners are similar to MBSA when it comes to Microsoft products. But unlike MBSA, Secunia products also scan hundreds of third-party applications, which gives Secunia a distinct advantage. All the Secunia scanners, online and client-side, have an intuitive way of determining what is wrong and how to rectify it. They usually offer a link to the application's Web page, where the update can be downloaded.
Lately, antivirus software is getting little respect. Like everyone, I get frustrated when my antivirus program misses malcode that other scanners mange to find. Still, I would not run a computer without antivirus. It's too risky. I subscribe to the layered approach when it comes to security.Choosing the correct antivirus application is personal. Comments come fast and furious when someone asks TechRepublic members which one is the best. A majority feel that any of the free versions are fine for nonbusiness use. I use Avira or Comodo on Windows machines.
The next class of anti-malware is capable of both detecting and removing malware. I'm sure you are wondering why not just use these from the start. I wish it was that simple. Scanners use signature files and heuristics to detect malware. Malware developers know all about each and can morph their code, which then nullifies signature files and confuses heuristics. That's why malware scanners aren't the cure-all answer. Maybe someday. More caution: I want to emphasize that you need to be careful when picking malware scanners. The bad guys like to disguise malware (antivirus 2009) as a malware scanner, claiming it will solve all your problems. All four of the scanners I have chosen are recommended by experts.
Microsoft's Malicious Software Removal Tool
Malicious Software Removal Tool (MSRT) is a good general malware removal tool, simply because Microsoft should know whether the scanned code is theirs or not. Three things I like about MSRT are: • The scan and removal process is automated. • Windows Update keeps the signature file database current automatically. • It has the advantage of being an OEM product, thus it's less intrusive and more likely to be accepted by management.
SUPERAntiSpyware is another general purpose scanner that does a good job of detecting and removing most malware. I have used it on several occasions and found it to be more than adequate. A number of TechRepublic members have mentioned to me that SUPERAntiSpyware was the only scanner they found capable of completely removing antivirus 2009 (malware).
Malwarebytes Anti-Malware (MBAM) malware scanner was the most successful of the four I tested. I was first introduced to it by world-renowned malware expert Dr. Jose Nazario of Arbor Networks. For a detailed explanation of how MBAM works, refer to my post Malware scanners: MBAM is best of breed. Still, MBAM does not catch everything. As I pointed out in the MBAM article, it misses some of the more sophisticated malware, especially rootkits. When that happens, I turn to the next malware scanner.
In Rootkits: Is removing them even possible?, I explained why it's hard to find rootkit malware. Fortunately, GMER is one of the best when it comes to detecting and removing rootkits -- enough so that it's recommended by Dr. Nazario.
Bulk Rename Utility is a free file renaming software for Windows. Bulk Rename Utility allows you to easily rename files and entire folders based upon extremely flexible criteria.
Add date/time stamps, replace numbers, insert text, convert case, add auto-numbers, process folders and sub-folders....plus a whole lot more!
Rename multiple files quickly, according to many flexible criteria.
Rename files in many ways: add, replace, insert text into file names. Convert case, add numbers. Remove or change file extensions.
Check the detailed preview before renaming.
Rename photos using EXIF meta data (i.e. "Date Picture Taken", "Resolution" and other information embedded in all JPG photo files) Rename your holiday pictures from a meaningless dsc1790.jpg to NewYork1.jpg in a flash.
Rename MP3 files using ID3 tags (a.k.a. MP3 ID3 tag renaming).
Change files' creation and modification time stamps.
It's free. Easy to Install. Download and start renaming your files now!
2.Select the files you want to rename. If the files you want are not adjacent in the file list, press and hold CTRL, and then click each item to select it.
3.On the File menu, click Rename.
4.Type the new name, and then press ENTER.
To specify the starting number for the series, type the starting number in parentheses after the new file name. The files in the series will be numbered in sequence starting with the number you type. For example, if you type Birthday (10), the other files will be named Birthday (11), Birthday (12), and so on.
Internet Explorer is the most widely used internet browser even today when Mozilla Firefox, Google Chrome and Opera are catching up fast. I usually use all the browsers for my work. There was a task assigned to me that I had to find a way topassword protect Internet Explorer such that when we want to browse the internet, it asks for a password before continuing. I have found a way and want to share it here.
Basically Internet Explorer 8 has got many enhancements and one enhancement is its Content Advisor. It has been improved a lot. To enable password protection in Internet Explorer, follow the steps below:
- Open Internet Explorer.
- Go to Tools –> Internet Options –> Content
- Under Content Advisor, click Enable.
- Create a new admin password and a hint. Hint can be a message to the user who is opening a site in Internet Explorer.
- Adjust the ratings slider to None so that no website can be opened without a password.
- In General Tab make sure you have checked “Supervisor can type a password to allow users to view restricted content.
- Always allow the site to be viewed without the password.
- Always allow that specific webpage to be viewed without the password.
- Allow the site to open one time only.
With Remote Professional you can remotely control your smart mobile phone from your computer desktop using the mouse and keyboard!
Not even can be remotely controlled but you can record video or take screenshots and save them to your computer.
It is a really nice sensation to see the phone desktop on your computer and browse the mobile internet from PC keyboard, or write and send SMS or make calls
It is very easy to install and use, just install the PC application (.exe) on your computer and then transfer (.sis) or (.sisx) file on your device and install it from there. You can install using your device’s PC Suite application as well.
Now that you have install the pc and mobile application, run the application on your computer first and configure the serial ports from File > Setup > Bluetoth & Serial Ports
Here is a demo video from youtube.
Remote Professional runs on any S60 3rd Edition, S60 5th Edition, Series 60 v1/v2 or UIQ 3 phone and is compatible with Windows 2000, XP and Vista!
Remote Professional can be downloaded from here:
Remote Professional (2.2 MiB, 88 hits)
If you dual boot with Windows and Linux, and have data spread across different partitions on Linux and Windows, you should be really in for some issues.
It happens so sometimes you need to access your files on Linux partitions from Windows, and you realize it isn’t possible easily. Not really, with these tools in hand – it’s very easy for you to access files on yourLinux partitions from Windows:
DiskInternals Linux Reader – Download
DiskInternals Linux Reader has a Windows Explorer like interface, and can provide access to Ext2 and Ext3 Linux partitions from Windows. You can extract files easily from those linux partitions to your Windows partitions. You can’t use this tool to write on those partitions, though.
Ext2 Installable File System for Windows – Download
A bit better than the above tool, this utility can give you both read and write access to Ext2 and Ext3 Filesystems from Windows. Plus, once you have this installed, Windows can use it yourLinux partition as a paging file as well. a
Another similar tool is this one.
rfsd: ReiserDriver – Download
ReiserDriver allows access to ReiserFS partitions from Windows. The partitions appear like other filesystems, and can be accessed by any windows application. This is yet in kinda like pre-release stage, and installation should prove tedious for newbies.
Any other tools that I missed out? Tell everyone in the comments.
Have you ever had to reinstall Windows XP? If so, have you ever had to reactivate it? I recall hearing one of the guys at work talking about the problems he’d had during a reinstall. He had to jump through hoops in order to convince Microsoft to allow him to reactivate.
If you plan to reinstall WinXP on a machine that already has XP on it, you can back up the current activation keys and restore them after you reinstall. You won’t have to contactMicrosoft for a reactivation.
Before you Reinstall:
1. Make sure that you back up all of your personal files, data, programs, license keys and product keys.
2. Gather copies of the service packs and security software that you’ll need.
3. Go to the following folder: C:\Windows\System32
4. Find the files named wpa.dbl and wpa.bak, and copy them to a floppy disk or CD.
During and After You Reinstall:
I’ll recommend that you take your PC offline (no internet connection) during installation. This allows you to install the service packs and security software before you reconnect to the internet. An unprotected PC can get infected in less than a minute online.At the end of the installation, if you get a prompt to activate Windows, follow the steps below:
1. Just say no. Microsoft will allow you a grace period to activate.
2. Reboot the PC.
3. Hit the F8 key during boot to get the advanced boot screen.
3. Choose “Safe Mode”.
4. Once in Safe Mode, open up that same folder at C:\Windows\System32.
5. Locate the two wpa files wpa.dbl and wpa.bak. If you don’t find the bak file, don’t worry.
6. Rename the files to something else, like maybe wpadbl.xxx and wpa.xxx.
7. Now copy the two files, Wpa.dbl and Wpa.bak, from the floppy or CD, into the system32 folder.
8. Reboot as you would normally.
Now you don’t have to contact Microsoft and you haven’t broken any rules, as far as I know. You’re good to go.
Do You Have XP Activation Problems?If you have problems with your activation, I found this forum thread that may help.
You can also find out more about XP activation at this Microsoft page.