Posts Tagged ‘Viruses’

Microsoft Windows most secure OS for 2014 ? – Short OS and Application Security report for 2014

Tuesday, February 24th, 2015

windows-more-secure-OS-for-2014-than-Linux-and-Mac-OSX-and-iOS-operating-systems-short-security-report-2014

It is shocking news for me and probably to many that according to security specialists at National Vulnerability Database, at present moment for year 2014 Windows looks like more secure than both Apple's (iOS and Mac OS X) as well as to Linux.

Windows has been  bullied for its bad OS design and easier to breach Security compared to Linux, there was a constant hype also of Mac OS users claiming the invulnerability of their BSD based OS, but it seems security breach statistics given by  National Vulnerability Database security breach evaluation reports tell us security issues for 2014 Windows OSes while compared to other OS vulnerabilities in different operating systems such as Linux.

statistics-of-Operating-System-security-issues-vulnerabilities-for-2014-windows-most-secure-OS-2014-source-national-vulnerability-database
I will have to disappoint Apple Mac fans but in 2014 Mac OS X was found to be riddled with the greatest number of security problems147 in total, including 64 rated as high severity, and 67 as medium.

iOS's security was also ranked poor with 127 vulnerabilities including 32 high and 72 with a medium rating.

For comparison the latest Windows 8.1 had only 36 vulnerabilities, and its predecessors — Windows 8 and 7 — both had same number.
In Enterprise World (users) Windows Server 2007 and 2008 both have 38 vulnerabilities. Reported vulnerabilities were mainly of middle and high severity.

high-severity-vulnerabilities-graph-of-operating-systems-year-2014

Overall statistics also show there has been a huge increase in the number security vulnerabilities in the NVD security reports database.
In 2013 the number of all logged vulnerabilities were 4,794 while this jumped to 7,038 in y. 2014. The good news is lower percentage of all logged in security issues were rated of critical security importance.
It is mostly third party software not part of OS which contain security issues, 83% of all reported vulnerabilities were laying in 3rd party applications, only 13% percantage were OS specific and 4% hardware related.
Though overall statistics shows Microsoft products more secure than Apple Inc. Products and (Open Source) Linux, though still M$ Internet Explorer is the most insecure web browser, for 2014,  Internet Explorer had  242 vulnerabilities while Google Chrome had 124 security issues and the most secure browser rated for 2014 is (surprising for me) Mozilla Firefox.
It is important to say such statistics are not completely relevant because, for example you can rarely see a Linux desktop user infected with Malware but almost everyone around using Windows OS is malware infected, same goes for Mac OS users, there are plenty of vulnerabilities for Mac but overall security of Mac OS is better as I haven't still met Mac OS users with Viruses and Spyware but I fixed about (30!!) of Microsoft PCs and notebooks infected with various Viruses and badware throughout 2014. Also it should be considered that many securitty bugs are kept secret and actively exploited for a long time by blackhats like it happened recently with Heartbleed and ShellShock vulnerabilities
For those interested, below is a list of top vulnerable applications for 2014

security-issues-vulnerability-report-2012-2013-2014_graph_windows-most-secure-operating-system-for-2014

Clean slow Windows PC / Laptop from Spyware, Malware, Viruses, Worms and Trojans – Anti-Malware Program Arsenal

Monday, January 26th, 2015

clean-slow-Windows-computer-notebook-laptop-from-malware-spyware-viruses-worms-and-trojans

Malware Bytes is a great tool to clean a PC in a quick and efficient way from Malware /  Spyware that wormed while browsing infectious site on the internet.
But sometimes PCs that has to be fixed are so badly infected with Spyware, Malware and Viruses that even after running Malware Bytes on boot time, left Work or Viruses do automatically download from the Internet or have been polymorphically renamed to a newer one that escapes Malware Bytes badware database and heroistics
Such problematic PCs are usually unmaintained user PCs whose Anti-Virus procetion with Nod32 or Kaspersky licensing has long expired leaving the PC without any mean of protection / PCs with removed Firewall / AV Program (due to Virus or Malware Infection) or on Computers which were used actively to download Cracked Programs, Games – by small kids or PCs used for watching heavily Porn (by teenagers).

Here is a List of Top Iseful FreeWare anti-Malware softwares, you can use in combination with MalwareBytes to (Clean) / Fix a Windows PC that is in almost unsolvable state (and obviously needs re-install) but contains too much software either obsolete or hard (time wasting) to configure:

Below anti-malware goodies helps in “Resurrecting” even the worst infected PC, so I believe every Win Admin should know them well and in computer clubs and university Windows computer networks with Internet it is recommended to check computers at least once a year …

1. Remove Bootkits and Trojans with Kaspersky TDSSKiller

Bootkit is a rootkit which loads when Windows system boots.  To search and destroy bootkits – Download the latest official version of Kaspersky TDSSKiller.

remove-bootkits-and-trojans-with-kaspersky-tdsskiller-screenshot-anti-malware

KASPERSKY TDSSKILLER DOWNLOAD LINK Run Kaspersky (after changing parameters  – enable Detect TDLFS file system) and remove any found infections

2. Download and use latest official version of RKill to terminate any malicious processes running in background

rkill-terminate-any-malicious-spyware-malware-processes-running-in-background-rkill-logo

Please note that you will have to rename version of RKILL so that malicious software won’t block this utility from running. (link will automatically download RKILL renamed as iExplore.exe)
Double click on iExplore.exe to start RKill and stop any processes associated with Luhe.Sirefef.A.

rkill-terminate-trojan-spyware-processes-windows-xp-7-screenshot

RKill will now start working in the background, please be patient while the program looks for any malicious process and tries to end them.
When the Rkill utility has completed its task, it will generate a log.

Do not reboot your computer after running RKill as the malware programs will start again.

When the Rkill utility has completed its task, it will generate a log. Do not reboot computer after running RKill as the malware programs will start again.

3. Clean (any remaining) malware from your computer with HitmanPro

clean-remaining-malware-from-computer-with-hitmanpro-scanning-screenshot

HITMANPRO DOWNLOAD LINK is here

My Mirror of HitmanPro 3.7 (32 bit) Windows version is here
My Mirror of HitmanPro 3.7 (64 bit) Windows version is here

Because HitmanPro is unfortunately proprietary software, when you run a scan on the computer “Activate free license” button to begin the free 30 days trial, and remove all the malicious files found on your computer.

4. Remove Windows adware with AdwCleaner

The AdwCleaner utility will scan your computer and web browser for the malicious files, browser extensions and registry keys, that may have been installed on your computer without your knowledge.

adwcleaner-clean-remove-delete-adware-with-AdwCleaner-found-malware-screenshot

Here isAdwCleaner utility ADWCLEANER DOWNLOAD LINK 
My Download AdwCleaner 4.109 is here

Note that before starting AdwCleaner, close all open programs and internet browsers. After finishing scan AdwCleaner requires a reboot (always backup cause you never know what can happen).

5. Remove any malicious registry keys added by malware with RogueKiller

remove-any-malicious-registry-keys-added-by-malware-with-RogueKiller

RogueKiller is a utility that will scan for the unwanted registry keys and any other malicious files on your computer. It is pretty much like the free software Little Registry Cleaner but it is specialised in removing common malware left junk keys.

download the latest official version of RogueKiller from the below links.

ROGUEKILLER x86 DOWNLOAD LINK (For 32-bit machines)
ROGUEKILLER x64 DOWNLOAD LINK (For 64-bit machines)

Download Mirror link of Roguekiller X86 is here
Download Mirror link of Roguekiller X64 is here

Wait for the Prescan to complete.This should take only a few seconds,  then click on the “Scan” button to perform a system scan. After scan complete delete any found hax0r malicious registries

6. Purge any leftover infections on your computer with Emsisoft Anti-Malware

purge-any-left-over-infections-on-your-computer-with-EmsiSoft-anti-malware

Emsisoft scan (potentially) infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other badware.

DOWNLOAD EMSISOFT EMERGENCY KIT HERE  – The link will open in new window tab. Note that EmsiSoftEmergencyKit is huge 168 Mbs!

My mirror of EmsiSoft Emergency kit is here

It is recommended to do the SMART Scan as it is more complete, though if you're in a hurry Quick Scan might also find something ugly. Once Scan completes Quarantine any found infected items.

It is best if all of the 7 Win cleaners are run, e.g.:

(TDSSKiller, RKill, HitmanPro, AdwCleaner, RogueKiller, Little Registry Cleaner  and EmsiSoft) in a consequential order as they're shown in article). Finally a run of Malware Bytes just to make sure nothing has remained is a good idea too.

Hopefully now you should be malware free. If you know other useful Anti-Spyware tools that helped you in case of PC Malware Slowness problems (constant Hard Disk read writes), please drop a comment and I will include them in this list). 
Once badware is removed from your PC or laptop the CPU should no longer show constantly busy with some strange process in taskmgr and notebook should be much more responsive (and if you have power management enabled) it will consume less energy reducing your electricity bills 🙂
 

Any feedback on experience with running above bunch of anti spy programs is also mostly welcome. 

ClamTK Linux Desktop Anti-Virus program – Checking Windows mapped drives with ClamTK

Thursday, June 20th, 2013

Linux desktop graphical program to scan for-viruses ClamTK clamav frontend application

In general Linux has fame for being Virus Free Operating System. During the 13 last years as dedicated GNU / Linux user, I've seen Linux servers with binaries infected with Viruses, however the hosts, were severely messed hosts because noone updated them on time and script kiddy crackers has "hacked" multiple times. In lifetime one of my old testing computers got infected with Virus because of my mistake of running "suspicious" pre-compiled "cracker" software binaries with no MD5 verification and "questionable" websites…
I share this story because, I want to beat-up the Myth that Linux cannot have Viruses. It CAN but not very likely to happen 🙂

As a Desktop user over the last 10 years, even though I installed plenty of packages from third party sources and never happened to infect my computer with Virus – or at least if I infected I never knew it. A lot of popular MS-Windows Anti-Virus programs, has already ports for Linux. Just to mention few non-free Linux AV software providing install binaries;

  • Avast

  • BitDefender

  • AVG

  • Dr. Web

Though risk of Viruses on Linux is so tiny, it is useful to have ANTI-Virus Software to check files received from Skype, E-mails and onse downloaded with Browser. I always prefer so until now I used Clamav Antivirus to keep an eye periodically on my Desktop Linux host and servers running mail servers (those who run Mail Servers know how useful is Clamav in stopping tons of E-mail attached Malware Viruses and Trojans).

I use mostly Debian Linux, so on every new server or Desktop one of first things I did was to install it, i.e.:

# apt-get --yes install clamav
...

Before I knew Clamav AV for Windows has GUI, anyways till recently I didn't know if there is some kind of free software AV Graphical frontend for Linux. I just found out about ClamTK

Linux Free Antivirus ClamTk clamav Virus Scanner graphical frontend

ClamTK is available in most Linux distributions from default package repositories

On Debian and Ubuntu to install it run common:

debian:~# apt-get --yes clamtk
...

On Fedora and CentOS Linux to install:

[root@fedora ~]# yum -y install clamtk
...

Its best to run it as root superuser (or via sudo) to make ClamTK able read all files or mounts on system:

hipo@debian:~$ sudo clamtk

ClamTK is very simple to use and there are only few configuration options;
clamtk desktop linux free antivirus startup preferences

clamtk scan for viruses linux gui proxy

linux Anti-Virus Desktop graphics  easy to use AntiVirus ClamTK preferences screenshot

ClamTK is very useful when used with mounted Samba Shared (Mapped) Windows drives to scan for Viruses and malware, i.e, after mounting share using cmd like:

# smbmount //192.168.2.28/projects /mnt/projects -o user=USERNAME

Fixing enter not working in Skype 6 – Skype cannot send message bug on Windows XP

Sunday, March 10th, 2013

Skype how to fix enter not sending messages in Skype6 downgrade to Skype5 windows XP
Yesterday, I had to fix another Windows XP computer infested with Spyware and Viruses. Thanksfully I cleaned it up as usual using standard combination of Malware Bytes + Little Registry Cleaner and Avira. The PC haven't been updated recently and running still Windows XP SP2, thus to make Avira running I had to install SP3 as Avira nowdays depends on Win SP3. After clean up it worked much better, though it is not 100% sure if some kind of malicious software is still not on PC.
After all seemed fine on this Russian Windows XP, there was one thing still problematic – Skype. For some weird reason whenever user from Skype contact list is messaged, it was impossible to send the message with Enter key. I tried checking if all seems fine in Keyboard Settings and Regional Settings in Windows Control Center, cause XP version was with Russian Language Pack and I suspected the Language Pack might mess up something in how Keyboard keys are mapped but all seemed fine there. One important note to make here is PC is running on old hardware and had an old standard PS/2 Keyboard detected as PS/2 – 101 – 102 keys standard keyboard. I tried re-installing the keyboard driver, trying to auto-detect however driver detected for this keyboard seemed to be latest issued for PS/2 Keyboards from Microsoft so after update Skype can't send message bug was still present and respectively the only way to communicate with people from contact list was to Call the person and speak. I researched online on the problem and found a multitude of users complaining to face the same Skype messaging – Enter key not working, unfortunately noone online seemed to have found a solution. I've seen some suggestions to use Skype settings to re-map Enter key but on this Skype 6.2.0.106 the option to remap how Enter key reacts wasn't present. Thus I decided to try to downgrade Skype 6 to Skype 5 here is a mirror of Skype 5 -and try if this helps. After Uninstalling Skype 6 and installing Skype 5 – enter key started working again so mission accomplished 🙂 If you happen to have the annoying Enter key not working in skype bug just downgrade to any below version to 6 and all will be fine. Drop me a comment if you experience the same bug with Win and Skype version.
Finally, be sure not to upgrade further Skype to avoid problems. Last but not least, there is even some advantages in older skype releases, the interface is simpler – making work with skype easier.

Is it possible mail server to work on alternative port to 25?

Thursday, February 28th, 2013

If you're running a small home based Linux or BSD server with Qmail, Exim or Postfix and it happens your ISP has filtered incoming connections to TCP/IP port 25 and you wonder if it is possible to use other alternative port to 25 for example the (Secure SMTP) SMTPS 465 supported by all major SMTP servers, the answer unfortunately is it is not possible.

The only accepted and working mail transmission port works on TCP/IP Port 25, thus the only option to make the mail server working fine is contact your ISP and convince them to remove filtering for port 25 to your custom IP. Many ISPs set a Firewall filter for 25, because nowadays many Windows XP / Vista / 7 PCs get infected with Viruses and Trojans running a tiny SMTP server on the host and trying to send million of SPAM messages via the poor unknowing victim. This congests the network and often even creates ISP network overloads, thus ISPs prefer to filter Port 25 to get rid of such eventual problems.

Once again,  alternative port to 25 for Mail is impossible !

Fix to sfc /scannow (System File Checker) error “The specific code is 0x000006ba [The RPC Server is unavailable.] “

Friday, December 14th, 2012

I had to fix one Windows XP computer today. The computer was in a terrible state (meak to say), the system was hanging during boot,

None of Windows recovery modes worked,  except when running it through:

Windows Safe Mode (With Command Prompt) mode (pressing F8 before Windows boot with Windows flag screen).


I followed some Usual commands to repair broken Windows XP, as the system was hanging during boot there was obviously some issues with corrupt by Viruses and Malware system binary (.exe) files or some .DLL was substituted in (C:WindowsSystem32 and C:WindowsSystem32DllCacache) with a trojanned version by some "bad ware". 

Thus the logical thing to do was to try:

sfc /scannow


from Safe Mode's cmd prompt. Instead of starting its work as usual System File Checker spitted an error:
 

Windows File Protection could not be initiate a scan of protected system files. 
The specific code is 0x000006ba [The RPC Server is unavailable.]

You can guess my amazement as I see this error for a first time in my life. Actually I don't remember if I run System File Checker scan from a Safe Mode With only Command Prompt ever so I'm not sure if this error was caused by some Virus activity which broke up the Win host, or it is due to the fact RCP Services are not loaded in Safe Mode – With Command Prompt Only.

As the message implies RCP Server is not running and sfc depends on it.

The reason for the error is Windows File Protection (WFP) was disabled by some of the Spyware or Viruses which infested the poor Win PC.

As the problem consisted in unworking RPC Services I tried launching RPC manually with command:

> net start rpcss  

This unfortunately did not succeeded (dunno why).

I've later seen another fix pointed on a couple of forums around, which is using Registry to enable SFC.

Re-enabling SFC is done by:

1. Launching regedit

2. Once launched go to the following reg settings (sub-values)

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

Use modify on it and change value to be "0"
3. Restart windows and launch again Safe Mode With (Command Prompt Only)

There execute:

> sfc /purgecache
> sfc /scannow

This solves it however, as you never can be sure if the Install time .DLLs are not already rootkited by the Virus-es and Spywares which "posessed" the computer. It is generally a good idea to Launch the Windows Install CD, recovery console and launch SFC using it, or even try using the Windows CD (Repair) mode. Though this is a temporary work around, this system will need a re-install in very short future, or it will most likely came in the same broken state in a very while – I don't believe such an infested computer can be "cured" except with a clean CD Windows re-install.
If this method didn't work for you but something else worked for you, whether you had to fix a Win PC please drop a comment with the solution.

Little Registry Cleaner (Free Software / Open Source Windows XP Registry Cleaner)

Saturday, December 17th, 2011

Little Registry Cleaner - Free and Open Source Software Windows XP Registry cleaner / Alternative to Registry Booster
Have you ever wondered, if there is a free (open source) software that could fix Windows XP registry irregularities e.g. (obsolete or unwanted items that build up in the registry over time.)?

I did not either until now, however when I had to fix, few Windows XP computers which was not maintained for a long time fixing the Windows registry was necessery to make the sluggerish computers improve their overall stability and performance.

The reasons of the slowness in computers who run for a long time by users who does not have a "computer culture" are obvious.
Windows programs which has incorrectly placed registry records withint the Windows registry database, Programs which on Uninstall / Removal left behind a lot of registry records just to hang around because of impotent (coders), or records created on purpose on program uninstall to intentionally further track the user behavior etc.
Other reasons why Windows registry gots bloated with time, are due to Malware or polymorphic Viruses which load them selves everytime on Windows load using some obscure registry records.

Though I'm not a big proprietary software lover still my job as a system administrator , enforces me to fix some broken Windowses.
I haven't fixed Windows machines for a long time, so my memories on programs that clean up registry are from my young years.

The software, I've used before to fix Windows 2000 / XP Registry was:

1. Registry Booster

From my current perspective of a free software hobbyist / evangelist it was important for me to clean up the Windows PCs with a program that is Free or Open Source Software.
When I'm asked to fix some Windows computer I always do my best to make most of the programs that roll on the PC to be FOSS.

Using FOSS instead of downloading from torrents, some cracked software has multiple benefits.

1. Usually Free Software is more stable and more robust2. FOSS software for Windows usually does not come with Malware / Spyware as many of the cracked proprietary software

3. Free and Open Source Programs are simplistic in interface and way of use

A bit of research if there is a Free (Open Source) Software immediately lead me to a program called Little Registry Cleaner
You can see a screenshot of the program in the beginning of the article, the program is very easy to install and use and uses some .NET framework classes so right before installing it installs .NET library (code).

The use results of Little Registry Cleaner were amazing. Even though it is a free software the program found and fixed more registry problems than its competitor Windows Registry Booster! 😉
 

Cleaning Packard Bell Hera GL laptop running Windows XP from Viruses and Spyware (Viruses / Spyware which can make CD drive and Wireless seem unworking)

Tuesday, December 13th, 2011

Packard Bell Hera GL Fixing Broken RaLink Wireless

Yesterday, one (girl)friend of mine brought me one Packard Bell notebook, which had a 2 years old Windows installed on it.
As one can imagine Windows XP on it is full of Spyware and Viruses. Besides the software problems the notebook had some hardware problems with the CD / DVD which is not reading CD / DVDs at all.

Initially I thought, the CD unable to read problems are caused by the infected Windows, however even restarting the PC with a bootable Hirens BootCD and a Whoppix liveCD and trying to boot from it failed this convinced me its a CD / DVD combo drive hardware failure.

By the way, I’ve just recently found out about Nixory – Is a nice Free Software Open Source AntiSpyware tool for Firefox, IE and Chrome.

Nixory Windows XP Screenshot

I hope it will get a sharp development and soon, when some friend asks me to fix his stupid non free-Windows PC, I would not have to use a trial version of Malware Bytes but directly use only Nixory

Anyways after using Nixory, MalwareBytes and Avira and thoroughfully scanned the system in Safe Mode and found and deleted some 15 Spyware / Viruses and tampered a bit with the Wireless Driver settings all the notebook devices started working fine again.

The wireless had also one really odd problem on this Packard BellHera GL, even though the notebook wireless antenna was capable of detecting all the wireless networks it couldn’t properly connect to any of it but failed to get proper IP addresses.
Partially the unable to grab an IP via wireless router dhcp server got fixed by using the Wireless restart Button (located on the Notebook corpus).
However even after cleaning up the Virus and Spyware the Wireless Networks connectivity problems on this Packard Bell continued, until I changed also few settings in the Control PanelI never thought Viruses / Spyware infected can have some bad impact on Wireless Card and CD drive make them unsusable though they showed like working correctly in Windows Control Panel -> System ??

In the meantime I reinstalled the Wireless Driver for the notebook, the Wireless card on the notebook was showing up itself under the name of Ralink 802.11n Wireless Lan Card in Windows Device Manager

After re-installing the wireless driver I had to also change few settings for the Wireless Network Connection using the menus Properties -> Configure -> Extended; therein everywhere for each Value I make it be Enable and for Power Saving Mode , I’ve choose the Value option of CAM

After a system reboot, everything started working finally fine. One last thing to add is that before I fixed the Ralink wireless to work under Windows, I tried to use a Bootable Linux LiveCD but even there the wireless was failing to connect to the wireless networks (maybe this shit wireless device has some issues with its Linux drivers).

Poderosa a tabbed Terminal Emulator (PuTTY Windows Alternative)

Tuesday, December 6th, 2011

Even though, I rarely use Windows to connect to remote servers using SSH or Telnet protocols in some cases I’m forced to do that (in cases I’m away from my Linux notebook). I’m doing my best to keep away from logging anywhere via SSH using Windows as when using Windows you never know what kind of spyware, malware or Viruses is already on the system, not to mention Microsoft are sniffing a lot if not everything which is typed on the keyboard… Anyways, usually I use Putty as a quick way to access a remote SSH, however pitily PuTTY lacks an embedded functionality for Tabs and each new connection to a server I had to run a new instance of PuTTY. This is okay if you need to access a single server but in some cases where access to multple servers is necessery lacking the tab functionality and starting 10 times putty is really irritating and one forgets what kind of connection is present on which PuTTY instance.

Earlier on, I’ve blogged about the existence of PuTTY Connection Manager PuTTY add-on program which is a PuTTY wrapper which enables PuTTY to be used with Connection Tabs feature, however installing two programs is quite inconvenient, especially if you have to do this every few days (in case if travelling a lot).

Luckily there is another terminal emulator free program for Windows called PodeRoSA which natively supports a tabbed Secure Shell connections.
If you want to get some experience with it check out Poderosa’s website , here is also a screenshot of the program running few ssh encrypted connections in tabs on a Windows host.

Poderosa Windows ssh / telnet tabs terminal emulator screenshot
Another good reason that one might consider using Poderosa instead of PuTTY is the Apache License under which Poderosa is developed. Currently the Apache License is compatible with GPL free software license which makes the program fully free software. The PuTTY license is under BSD and MIT and some other weird custom license not 100% compatible with GPL and hence PuTTY can be considered less free software in terms of freedom.

Hello I’m Mr. GNU. Let me make your business go free!

Tuesday, November 8th, 2011

Mr. GNU in a suit

Did you ever think, the tons of money your business has spend paying for buggy and unreliable non-free software?
Having problems with your Windows Network, being tortured by Viruses, a failure after windows upgrade, unexpected system crashes? Don’t worry MR. GNU will help you to change your business go free ;))