Computer Tips -Tech Info

Tag: time

  • Network Security guide for the home or small business network – Part 18 – What about Dialup Users?

    So, most everything so far has been targetted to high speed internet users or business networks. That means if I use dialup I’m safe. Wrong. For starters, in many ways dialup internet is LESS of a risk than high speed broadband for two main reasons. First, high speed/broadband connections are typically on ALL the time. Which raises your exposure. Like the security through obscurity concept though… just because dialup is only online a limited amount of time, that shouldn’t be the only reliance on protecting your system.

    (more…)

  • Lotus Notes WMF vulnerability

    This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What makes this one noteworthy is that it is vulnerable EVEN WITH THE regsvr32 WORKAROUND. The only other solution that’s been reported thus far is DEP (Data Execution Protection) with supported DEP hardware.

    (more…)

  • Cleaning up after WMF Exploit – summary

    Can I say enough times that after a bad trojan infestation you should format and reinstall? I’ve cleaned up the infested image that I “sacrificed” to the WMF exploit and as I’ve said you’re pestware install will likely be somewhat different. An exploit is just the road, the spyware and viruses are the cars. Once the road is built, just about any car can use it…. Hopefully the series has been helpful on working through some of the problems with a system cleaning.

    (more…)

  • Cleaning up after WMF exploit – is it clean?

    So, I’ve got most of the baddies cleaned out and I’m not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in particular) that could be legitimate windows file names. Am I running the good one, or the trojan? That is exactly why a clean install is usually the best treatment for a badly infested system. Ultimately to trust this cleaned system a bit better I would need to. Watch it for signs of peculiar network ports open or peculiar processes…..

    (more…)

  • Removing items from MSCONFIG after WMF exploit

    OK, so, I’m busy killing off running processes and fire up MSConfig to try to keep them from coming back on the next boot. To launch msconfig go to start, run… type in msconfig and click ok. The startup tab is where we’re looking for programs running at startup (makes sense…) This is a bit easier and more straightforward than visiting the run entry in the registry. It does combine a few locations into one place.

    (more…)

  • Task manager has been disabled by your administrator

    The first problem I ran into in cleaning up after my infested Windows XP image was this error message. One of the first things I do in cleaning an infested system is try to kill off running process that look suspect (or at least identify them.) On using ctrl-alt-delete I got the message “Task manager has been disabled by your administrator” To be honest I haven’t seen that one before and it sent me Googling…

    (more…)

  • Microsoft Security advisory on WMF exploit

    I’ve read the security advisory and unfortunately Microsoft doesn’t give any real workarounds. (There have been several announced from other sources.) Unfortunately, Microsoft: 1)urges caution in opening email and links from untrusted sources, and 2) wants you to call them if you’ve been affected by this. (1-866-PCSAFETY) and 3) make sure you have all updates (which currently don’t protect against this vulnerability) and a list of other things that don’t mitigate against this threat. Disappointing.

    Correction — I just noticed, they do mention the “unregister” workaround, I missed it when I looked at the document I missed that you have to click on “workarounds” after viewing the “suggested actions” section. After all that time working on the virtual machine I’m probably not as sharp as I could be.

  • WMF zero-day exploit first hand experience

    Well, I’ve just spent the better part of 6 hours (maybe a bit more) “sacrificing” a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one site from the sunbeltblog list to infect the virtual machine with and can attest to it being quite nasty. I was able to get the virtual machine *mostly* clean. I still haven’t gone back over it to try and make sure, but I’ll be posting some details from the “fun” tomorrow.

    (more…)

  • Building RPM’s – building from tarballs

    Again – I’m NOT an expert on the subject, but have had some success with building rpm’s from either src.rpms (covered last time) and building from tarballs… This entry will talk about the simplest kind of rpm build from tarballs. This is a situation where the developer’s in their great foresight have actually got a spec file in the tarball (and it’s kept current).

    (more…)