Showing posts with label Virus Problems. Show all posts
Showing posts with label Virus Problems. Show all posts

Remove regsvr.exe Virus

The regsvr.exe is most common virus for people who deal with transferring files across PC's using their Pen drives or USB drives. These are the main sources from where this virus travels. Most of the anti virus softwares should detect this virus and delete it but if your system gets infected for some reason get ready to clean it manually.
regsvr.exe virus first creates entries in the startup folders so that it will execute at every startup. It also creates entries in scheduled tasks so as to execute at a specific time and date. And finally it creates autorun.inf files in the root of all the drives, which prevent you from opening these drives.
Here are the steps to get this resvr.exe virus out of your computer.
--- If the virus disables your task manager and registry then you should consider the tips given here to get them back.
--- After that you need to get rid of the autorun.inf file. This file will be hidden so follow these tips here to delete these files.
--- Now type msconfig in start menu --> Run and press enter and uncheck the option that says regsvr. Press ok and dont restart yet.
--- Now go to ControlPanel --> Scheduled tasks and delete the entry At1 which is created by the virus.
--- Now go to registry editor by typing regedit in run dialog box and then to find menu in regedit and search for regsvr.exe and delete all entries except one that say "Explorer.exe regsvr.exe". You need to edit this entry to only remove the regsvr.exe part and leave the other part as it is.
--- Now search your entire system for regsvr.exe and delete any entries you find. Make sure you search within Hidden files & system files also.
--- Reboot your system for the changes to take effect and the virus is gone without any traces.
No comments:

10 security threats to watch out for in 2009

We’re well into the new year now, and we’re beginning to see trends emerging on the security front. Some of the threats we'll see this year will be similar to those in years past (after all, many of the basic con games now being perpetuated online were around long before the advent of computers and the Internet). However, attackers are becoming more sophisticated in their methods to circumvent the increased levels of security built into operating systems and applications. Here are 10 security threats that are likely to become more prominent in 2009
--------------------------------------------------------------------------------------------------
1. Social networking as an avenue of attack
Social networking has experienced a boom in popularity over the last few years. It's now finding its way from the home into the workplace and up the generational ladder from the young folks into the mainstream. It’s a great way to stay in touch in a mobile society, and it can be a good tool for making business contacts and disseminating information to groups. However, popular social networking sites have been the target of attacks and scammers. Many people let their hair down when posting on these sites and share much more personal data (and even company data) than they should.
Think you’ll solve the problem just by blocking social networking sites on your company network? Not so fast. As Steve Riley pointed out in his recent talk on attack progressions at the 2009 MVP Summit, today’s young professionals are growing up with social networking, and they expect to have it available to them at work just as older employees expect to be able to use their office telephones for reasonable, limited personal calls. In addition, you lose the business benefits of social networking if you shut it down completely. After all, companies didn’t shut down e-mail because it could present a security threat. A better approach is to educate your workers about social networking practices and develop policies governing social media use.
2. More attacks on the integrity of the data
Another point Steve made in his presentation is that “First they came for bandwidth; now they want to make a difference.” In the past, many attackers were looking for a free ride on your Internet connection (for example, by connecting to your wireless network and using it to access the Web, send e-mail, etc.). Then the nature of attacks progressed. Instead of the network being the target, it was the data. The next step was stealing data, but step after that is even more insidious: the malicious modification of data (making a difference).
This can result in catastrophic consequences: personal, financial, or even physical. If a hacker changed the information in a message to your spouse, it could harm your marriage. If the change were to a message to your boss, you might lose your job. Changing information on a reputable Web site regarding a company’s financial state could cause its stock prices to drop. A change to electronic medication orders on a hospital network could result in a patient’s death.
3. Attacks on mobile devices
Laptop computers have presented a known security risk for many years. Today, we are more mobile than ever, carrying important data around with us not just when we go on business trips but every day, everywhere we go, on smart phones that are really just small handheld computers. These devices have important business and personal e-mail, text messages, documents, contact information and personal information stored on them. Many of them have 8 or 16 GB of internal storage and you can add another 32 GB on a micro SD card. That’s much more storage space than the typical desktop computer had in the 1990s.
People lose their phones all the time, but many of these devices aren’t configured to require a password to start the system, the data on them isn’t encrypted, and very few protective measures have been taken. They are security disasters waiting to happen. Businesses should develop policies regarding the storage of company information on smartphones and require encryption of data on internal storage and on flash cards, strong passwords, use of phones that can be remotely wiped when lost, etc. Of course, you don’t have to lose the phone to have its data stolen. Attention should also be paid to the potential for attacks using Bluetooth and Wi-fi.
4. Virtualization
Virtualized environments are becoming commonplace in the business world. Server consolidation is a popular use of virtualization technologies. Desktop virtualization, application virtualization, presentation virtualization -- all of these provide ways to save money, save space, and increase convenience for users and IT administrators alike. If it’s properly deployed, virtualization can even increase security -- but that’s a big “if.” Virtualization makes security more complicated because it introduces another layer that must be secured. In essence, you now have to worry about two attack surfaces: the virtual machine and the physical machine on which it runs. And when you have multiple VMs running on a hypervisor, a compromise of the hypervisor could compromise all of those machines.
Another virtualization-related threat was demonstrated by the infamous Blue Pill VM rootkit. Hyperjacking is a form of attack by which the attacker installs a rogue hypervisor to take complete control of a server, and VM jumping/Guest hopping exploits hypervisor vulnerabilities to gain access to one host from another.
The easy portability of virtual images also presents a security issue. With modern virtualization technology, VMs can be easily cloned and installed to a different physical machine. The ability to go back to “snapshots” of past images can inadvertently wreak havoc with patch management.
5. Cloud computing
If virtualization was last year’s buzzword, this year it’s all about “the Cloud.” The uncertain economy and tight budgets have companies looking for ways to lower operating costs, and outsourcing e-mail, data storage, application delivery, and more to cloud providers can present some attractive potential savings. Microsoft, IBM, Google, Amazon, and other major companies are investing millions in cloud services.
Cloud advocates envision a day when we’ll all use inexpensive terminals to access our resources that are located someplace “out there.” But when your data is “out there,” how can you be sure that it’s protected from everyone else “out there?” In fact, the biggest obstacle to moving to the cloud, for many companies and individuals, is the security question. IDC recently surveyed 244 IT executives and CIOs about their attitudes toward cloud services, and 74.6% said security is the biggest challenge for the cloud computing model.
Google, a prominent player in the cloud space, is the subject of a recent complaint to the Federal Trade Commission (FTC) by the Electronic Privacy Information Center (EPIC), which seeks a suspension of Google’s cloud computing services until verifiable safeguards are established.
6. More targeted attacks on non-Windows operating systems
Although Windows still has 91% of the desktop OS market, there has been a big push in some quarters to deploy Linux or Macintosh as a supposedly more secure alternative. But are they really? One reason the non-Windows operating systems have enjoyed fewer attacks is the simple fact that the Windows installed base presents a much bigger target for attackers. Just as terrorists prefer to attack large gatherings of people where they can do the most damage, so do hackers prefer to write malware that will spread to the greatest number of computers -- and that means Windows.
However, as other systems get more publicity and become more popular, they also become more attractive to the bad guys. Malware has been becoming less Windows-centric for the last few years; the 2007 Open Office worm, for example, infected Linux and Mac OS X systems as well as Windows. And Charlie Miller, a security researcher who won a recent hacking contest by breaking into a fully patched MacBook in a few seconds, said, “Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.”
Whatever the reality, the perception is that non-Windows operating systems are becoming more popular as Apple steps up its advertising campaign and vendors offer more netbooks preinstalled with Linux. As they become more high profile, look for hackers to spend more time and energy creating attacks that target non-Windows systems.
7. Third-party applications
Microsoft has put tremendous effort into securing the Windows operating system and its popular productivity applications, such as Microsoft Office. Linux and Mac receive regular security updates. As operating systems become more and more secure, attackers will focus less on OS exploits and more on application exploits. The major Web browsers are routinely updated to patch security vulnerabilities.
But the vendors of many third-party applications are less security-aware. This is especially true of freeware applications written by independent developers. These programs, which may not have been written with security in mind to begin with and which do not automatically check for and download security updates, present an opportunity that we can expect attackers to take advantage of.
8. Side effects of green computing
Green computing is all the rage today, and saving energy is certainly a good thing -- but as with beneficial medications, there can be unexpected and unwanted side effects. Recycling computer components, for instance, can expose sensitive data to strangers if you don’t ensure that hard drives have really been wiped cleaning. (Hint: Deleting files or even formatting disks doesn’t guarantee that the data is gone.) On the other hand, such green initiatives as powering down systems that aren’t in use can actually enhance security, since a computer that’s turned off isn’t exposed to the network and isn’t accessible 24/7.
9. IP convergence
Convergence is the name of the game today, and we are seeing a melding of different technologies on the IP network. With our phones, cable TV boxes, Blu-ray players, game consoles, and even our washing machines connected to the network, we’re able to do things we never even imagined a decade ago. But all of those devices on an Internet-connected network present myriad "ways in" for an attacker that didn’t exist when only our computers used IP.
We can only hope that the manufacturers of all these devices put security at the forefront; otherwise, we may see a rash of new malware targeting vulnerabilities in our entertainment devices and household appliances.
10. Overconfidence
Perhaps the greatest threat to the security of our networks, whether at work or at home, is overconfidence in our security solutions. Many home users believe that as long as they have a firewall and antivirus installed, they don’t have to worry about security. Businesses tend to put too much faith in the latest and greatest security solutions. For example, there is an assumption that biometric authentication is infallible and undefeatable -- but it can be compromised in various ways, and when it is, the legitimate user it was meant to protect becomes the victim. If the system shows that your fingerprint was used to log on, you may be presumed guilty, and an investigation might not even be deemed necessary.
Another type of overconfidence is common among home users and in the business environment, especially with small companies. That’s the idea that “We don’t have anything worth hacking into so we don’t need to worry about security.” In today’s interconnected world, neglecting security doesn’t just put you at risk; it also puts others at risk. Your systems could be used as zombies to attack a whole different network.
End users on a business network often think of security as somebody else’s problem and operate on the assumption that the IT department is taking care of them, so they don’t have to do anything about security.
Overconfidence of any type is a dangerous security threat -- but it’s one that you can most easily do something about because it doesn’t require expensive technology or sophisticated technical skills -- just a change in attitude. We all have a responsibility to keep our own systems as secure as possible.
No comments:

New virus infects ATM , steals money from banks

Moscow: Automatic Teller Machines (ATM) may not be a safe way of transaction anymore as a new software virus has been found out which infects ATMs to steal money from bank accounts of their users. Doctor Web and 'Kaspersky Lab, two major anti-virus software producers have discovered such virus in the networks of several bank ATMs, which is able to collect information from bank cards. This is a malicious program intended to infect and survive in ATMs. It is possible that new software will appear, aimed at illegitimately using banking information and removing funds," an official of the Kaspersky Lab was quoted as saying by RIA Novosti news agency. According to the official, the virus is a Trojan which is able to infect the popular American Diebold brand of ATMs, used in Russia and Ukraine. Judging by the programming code used, there is a high probability that the programmer comes from one of the former Soviet republics. The computer security experts say the number of infected ATMs is minimal but individual bank cardholders will not be able to detect whether an ATM is infected or not. However, banks can run security software to find out if their machines are at risk.
No comments:

The Conficker Worm

Worried about the Conficker worm striking on April 1st? A few simple steps can protect you. Target: All users of Windows XP and Windows Vista. If you’re worried about the Conficker worm striking on April 1st, don’t be. On April 1st the Conficker worm will simply start taking more steps to protect itself. After that date, machines infected with the “C” variant of the worm may not be able to get security updates or patches from Microsoft and from many other vendors. The creators of the worm will also start using a communications system that is more difficult for security researchers to interrupt. The Conficker worm, sometimes called Downadup or Kido has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January.

What does the Conficker worm do?

We don’t know the purpose of the Conficker worm. Today the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites. The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?

The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Who is at risk?

Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.

Advice to Stay Safe from the Downadup Worm:

  1. Run a good security suite (we are partial to Norton Internet Security and Norton 360).
  2. Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
  3. Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
  4. Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
  5. Be smart with your passwords. This includes
  1. Change your passwords periodically
  2. Use complex passwords – no simple names or words, use special characters and numbers
  3. Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.
  1. Use a passwords management system such as Identity Safe track your passwords and to fill out forms automatically.
FAQ Q: Am I safe if I don’t go to questionable web sites? A: No. The Conficker worm seeks out computers on the same network. You can be in a coffee shop, an airport or in the office and the worm will quietly try to attach to your computer and run itself. Q: How do I know if I am infected? A: The best way to know if you are infected is to run a good antivirus product. One symptom that may indicate you are infected is finding that your computer is blocked from accessing the web sites of most security companies. Q: Can’t I just run free antivirus software? A: Yes, but free products often aren’t thorough or comprehensive. Worse, the internet is overflowing with fake free security scanners that actually infect your computer. Fake scanners such as “Antivirus 2008” are difficult to identify and have plagued hundreds of thousands of users around the world.
No comments:

Caught A Virus?

If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst. Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness. You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing. It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon. For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes." Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected. Is Your PC "Owned?" I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed? Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include: * An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses. * A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file. I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax. Sniffing Out an Infection: There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability. To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK. If you're interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is. Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine. Finally, you can do more detective work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird. If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves. What to Do Next Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection. * If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program. * If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software. * If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia. A Microgram of Prevention Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50. Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool). Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time. Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2." Here are a few more pointers for a virus-free life: * Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it. * If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet. * Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.
No comments:
Subscribe to: Posts (Atom)