December 10, 2009

Steps to detect Malwares and Spywares-10 Tools for Detection


Cybercriminals are putting forth every effort to make malware difficult to detect. Successfully, I might add. Ever optimistic, I thought I would have a go at providing information on how to make their job a little tougher.


Knowing exactly what is running on a computer is paramount to learning what shouldn't be. Creating a reference baseline is the best way I've found to accomplish this. Let's look at three applications that do just that.

Microsoft Process Explorer (formerly Sysinternals)


Process Explorer
provides an excellent way to determine what processes are running on a computer. It also describes the function of each process. More important, you can use Process Explorer to create a baseline of the running processes used by the computer when it's operating correctly. If for some reason the computer starts behaving poorly, run Process Explorer again and compare the scans. Any differences will be good places to start looking for malware.

Trend Micro's HiJackThis


HiJackThis
is Process Explorer on steroids, making the application somewhat daunting to those of us not completely familiar with operating systems. Still, running HiJackThis before having malware problems creates a great reference baseline, making it easy to spot changes. If it's too late to run a baseline scan, do not fear. Several Web sites offer online applications that will automatically analyze the log file from HiJackThis, pointing out possible conflicts. Two that I use are HiJackThis.de Security and NetworkTechs.com. If you would rather have trained experts help, I would recommend WindowSecurity.com's HiJackThis forum.

Kaspersky's GetSystemInfo


Kaspersky has an application similar to HiJackThis called GetSystemInfo. I like the fact that Kaspersky has an online parser. Just upload the log file and the parser will point out any disparities. GetSystemInfo, like the other scanners, is a good way to keep track of what's on the computer, and if need be, it can help find any malware that happens to sneak in. Be careful: As I alluded to earlier, removing processes suggested by the scanners is not for the faint of heart. It requires in-depth knowledge of operating systems or being able to compare before and after scans.

Anti-malware includes any program that combats malware, whether it’s real-time protection or detection and removal of existing malware. Vulnerability scanners proactively detect vulnerabilities so that malware can't gain a foothold. I'd rather update applications than chase malware any day.

Microsoft Baseline Security Analyzer


Microsoft Baseline Security Analyzer (MBSA) is a vulnerability scanner that detects insecure configuration settings and checks all installed Microsoft products for missing security updates. I recommend using MBSA when upper management needs convincing. Making a case for needing a vulnerability scanner is sometimes easier if the product is from the OEM.

Secunia inspection scanners


Secunia's scanners
are similar to MBSA when it comes to Microsoft products. But unlike MBSA, Secunia products also scan hundreds of third-party applications, which gives Secunia a distinct advantage. All the Secunia scanners, online and client-side, have an intuitive way of determining what is wrong and how to rectify it. They usually offer a link to the application's Web page, where the update can be downloaded.

Antivirus programs

Lately, antivirus software is getting little respect. Like everyone, I get frustrated when my antivirus program misses malcode that other scanners mange to find. Still, I would not run a computer without antivirus. It's too risky. I subscribe to the layered approach when it comes to security.Choosing the correct antivirus application is personal. Comments come fast and furious when someone asks TechRepublic members which one is the best. A majority feel that any of the free versions are fine for nonbusiness use. I use Avira or Comodo on Windows machines.

10+Best Free Genuine Antivirus Softwares for Home

Anti-malware enforcers


The next class of anti-malware is capable of both detecting and removing malware. I'm sure you are wondering why not just use these from the start. I wish it was that simple. Scanners use signature files and heuristics to detect malware. Malware developers know all about each and can morph their code, which then nullifies signature files and confuses heuristics. That's why malware scanners aren't the cure-all answer. Maybe someday. More caution: I want to emphasize that you need to be careful when picking malware scanners. The bad guys like to disguise malware (antivirus 2009) as a malware scanner, claiming it will solve all your problems. All four of the scanners I have chosen are recommended by experts.

Microsoft's Malicious Software Removal Tool


Malicious Software Removal Tool
(MSRT) is a good general malware removal tool, simply because Microsoft should know whether the scanned code is theirs or not. Three things I like about MSRT are: • The scan and removal process is automated. • Windows Update keeps the signature file database current automatically. • It has the advantage of being an OEM product, thus it's less intrusive and more likely to be accepted by management.

SUPERAntiSpyware

SUPERAntiSpyware is another general purpose scanner that does a good job of detecting and removing most malware. I have used it on several occasions and found it to be more than adequate. A number of TechRepublic members have mentioned to me that SUPERAntiSpyware was the only scanner they found capable of completely removing antivirus 2009 (malware).

Malwarebyte's Anti-Malware


Malwarebytes Anti-Malware (MBAM) malware scanner was the most successful of the four I tested. I was first introduced to it by world-renowned malware expert Dr. Jose Nazario of Arbor Networks. For a detailed explanation of how MBAM works, refer to my post Malware scanners: MBAM is best of breed. Still, MBAM does not catch everything. As I pointed out in the MBAM article, it misses some of the more sophisticated malware, especially rootkits. When that happens, I turn to the next malware scanner.

GMER



In Rootkits: Is removing them even possible?, I explained why it's hard to find rootkit malware. Fortunately, GMER is one of the best when it comes to detecting and removing rootkits -- enough so that it's recommended by Dr. Nazario.

How to rename Series of Files- Free Bulk Rename Utility

Bulk Rename Utility is a free file renaming software for Windows. Bulk Rename Utility allows you to easily rename files and entire folders based upon extremely flexible criteria.

Add date/time stamps, replace numbers, insert text, convert case, add auto-numbers, process folders and sub-folders....plus a whole lot more!

Rename multiple files quickly, according to many flexible criteria.

Rename files in many ways: add, replace, insert text into file names. Convert case, add numbers. Remove or change file extensions.

Check the detailed preview before renaming.

Rename photos using EXIF meta data (i.e. "Date Picture Taken", "Resolution" and other information embedded in all JPG photo files) Rename your holiday pictures from a meaningless dsc1790.jpg to NewYork1.jpg in a flash.

Rename MP3 files using ID3 tags (a.k.a. MP3 ID3 tag renaming).

Change files' creation and modification time stamps.


It's free. Easy to Install. Download and start renaming your files now!

Download Now

Tricks to Rename Series of File Very Quickly

When you download photos from your digital camera, they often have unrecognizable names. You can rename several similar files at once with the following procedure. This also works for renaming other types of files.

1.Open the My Pictures folder. (Click Start, and then click My Pictures.) Or open another folder containing files that you want to rename.

2.Select the files you want to rename. If the files you want are not adjacent in the file list, press and hold CTRL, and then click each item to select it.

3.On the File menu, click Rename.

4.Type the new name, and then press ENTER.


All of the files in the series will be named in sequence using the new name you type. For example, if you type Birthday, the first will be named Birthday and subsequent files in the series will be named Birthday (1), Birthday (2), and so on.

To specify the starting number for the series, type the starting number in parentheses after the new file name. The files in the series will be numbered in sequence starting with the number you type. For example, if you type Birthday (10), the other files will be named Birthday (11), Birthday (12), and so on.

How To Password Protect Internet Explorer Very Quickly



Internet Explorer is the most widely used internet browser even today when Mozilla Firefox, Google Chrome and Opera are catching up fast. I usually use all the browsers for my work. There was a task assigned to me that I had to find a way topassword protect Internet Explorer such that when we want to browse the internet, it asks for a password before continuing. I have found a way and want to share it here.

Basically Internet Explorer 8 has got many enhancements and one enhancement is its Content Advisor. It has been improved a lot. To enable password protection in Internet Explorer, follow the steps below:

  1. Open Internet Explorer.
  2. Go to Tools –> Internet Options –> Content
  3. Under Content Advisor, click Enable.
  4. Create a new admin password and a hint. Hint can be a message to the user who is opening a site in Internet Explorer.
  5. Adjust the ratings slider to None so that no website can be opened without a password.
  6. In General Tab make sure you have checked “Supervisor can type a password to allow users to view restricted content.

ou get three options:
  1. Always allow the site to be viewed without the password.
  2. Always allow that specific webpage to be viewed without the password.
  3. Allow the site to open one time only.

You can select any option of your choice. Enjoy the “trouble free security” of Internet Explorer

How to Remotely Control Your Phone from Computer in one step

Today I will show you a really cool application for your mobile phone. It is Remote Professional from mobileways.de.

With Remote Professional you can remotely control your smart mobile phone from your computer desktop using the mouse and keyboard!
Not even can be remotely controlled but you can record video or take screenshots and save them to your computer.

It is a really nice sensation to see the phone desktop on your computer and browse the mobile internet from PC keyboard, or write and send SMS or make calls
It is very easy to install and use, just install the PC application (.exe) on your computer and then transfer (.sis) or (.sisx) file on your device and install it from there. You can install using your device’s PC Suite application as well.
Now that you have install the pc and mobile application, run the application on your computer first and configure the serial ports from File > Setup > Bluetoth & Serial Ports
Here is a demo video from youtube.

Remote Professional runs on any S60 3rd Edition, S60 5th Edition, Series 60 v1/v2 or UIQ 3 phone and is compatible with Windows 2000, XP and Vista!



Remote Professional can be downloaded from here:
Remote Professional (2.2 MiB, 88 hits)

Enjoy !!!

Popular tools to access Linux Partitions from Windows



If you dual boot with Windows and Linux, and have data spread across different partitions on Linux and Windows, you should be really in for some issues.

It happens so sometimes you need to access your files on Linux partitions from Windows, and you realize it isn’t possible easily. Not really, with these tools in hand – it’s very easy for you to access files on yourLinux partitions from Windows:

DiskInternals Linux ReaderDownload

DiskInternals Linux Reader has a Windows Explorer like interface, and can provide access to Ext2 and Ext3 Linux partitions from Windows. You can extract files easily from those linux partitions to your Windows partitions. You can’t use this tool to write on those partitions, though.


Ext2 Installable File System for WindowsDownload


A bit better than the above tool, this utility can give you both read and write access to Ext2 and Ext3 Filesystems from Windows. Plus, once you have this installed, Windows can use it yourLinux partition as a paging file as well. a

Another similar tool is this one.

rfsd: ReiserDriverDownload

ReiserDriver allows access to ReiserFS partitions from Windows. The partitions appear like other filesystems, and can be accessed by any windows application. This is yet in kinda like pre-release stage, and installation should prove tedious for newbies.

Any other tools that I missed out? Tell everyone in the comments.



How to Avoid the XP Product Activation After a Reinstall


Have you ever had to
reinstall Windows XP? If so, have you ever had to reactivate it? I recall hearing one of the guys at work talking about the problems he’d had during a reinstall. He had to jump through hoops in order to convince Microsoft to allow him to reactivate.

If you plan to reinstall WinXP on a machine that already has XP on it, you can back up the current activation keys and restore them after you reinstall. You won’t have to contactMicrosoft for a reactivation.

Before you Reinstall:

1. Make sure that you back up all of your personal files, data, programs, license keys and product keys.

2. Gather copies of the service packs and security software that you’ll need.

3. Go to the following folder: C:\Windows\System32

4. Find the files named wpa.dbl and wpa.bak, and copy them to a floppy disk or CD.

During and After You Reinstall:

I’ll recommend that you take your PC offline (no internet connection) during installation. This allows you to install the service packs and security software before you reconnect to the internet. An unprotected PC can get infected in less than a minute online.At the end of the installation, if you get a prompt to activate Windows, follow the steps below:

1. Just say no. Microsoft will allow you a grace period to activate.
2. Reboot the PC.
3. Hit the F8 key during boot to get the advanced boot screen.
3. Choose “Safe Mode”.
4. Once in Safe Mode, open up that same folder at C:\Windows\System32.
5. Locate the two wpa files wpa.dbl and wpa.bak. If you don’t find the bak file, don’t worry.
6. Rename the files to something else, like maybe wpadbl.xxx and wpa.xxx.
7. Now copy the two files, Wpa.dbl and Wpa.bak, from the floppy or CD, into the system32 folder.
8. Reboot as you would normally.

Now you don’t have to contact Microsoft and you haven’t broken any rules, as far as I know. You’re good to go.

Do You Have XP Activation Problems?

If you have problems with your activation, I found this forum thread that may help.

You can also find out more about XP activation at this Microsoft page.