Smokey's Security Weblog

veritas odium parit

How to defend yourself against Microsoft’s never-ending push efforts regarding Windows 10

At the moment Microsoft is pushing Windows 10 to the point where it’s getting really annoying, Microsoft’s never-ending efforts to shove down Windows 10 our throats is ridiculous, annoying and is witnessing a very bad and blameworthy attitude, arrogance and a complete lack of decency too. On regularly basis Microsoft invents new dirty tactics to archive their final goal: all Windows 7 and Windows 8 users should “upgrade” their system with Windows 10, the sooner the better.

Defending yourself against Microsoft’s sneaky efforts isn’t easy, but there’s hope: the free program GWX Control Panel will protect you against the annoying Microsoft Windows 10 upgrade attacks.

GWX Control Panel can be used to do the following on Windows 7 and Windows 8 (literal info from developers website):

– The Disable ‘Get Windows 10’ App feature removes Microsoft’s “Get Windows 10” nagware app from your notification area.
– The Prevent Automatic Windows 10 Upgrades feature checks for system settings that leave you vulnerable to unwanted Windows 10 upgrades and gives you the ability to fix them.
– The Prevent Automatic Windows 10 Upgrades feature also restores your Windows Update control panel to its normal behavior if it gets hijacked by Windows 10 advertisements or installers.
– The Delete Windows 10 Download Folders feature locates and deletes hidden Windows 10 installer files that Microsoft secretly downloads to your computer.
– The Delete Windows 10 Programs feature easily deletes hard-to-remove program files that are known to prepare your computer for Windows 10 upgrades.
– The program alerts you if your Windows Update settings change from one of the safer “download only” or “check only” options to “automatically install” behind your back and gives you the chance to fix it with the Change Windows Update Settings feature.
– The optional Save Diagnostic Info feature (in the right-click pop-up menu of the title bar) generates enhanced diagnostic reports that give you detailed information on any settings GWX Control Panel finds that leave you open to unwanted Windows 10 behavior.
– The optional “Monitor Mode” feature runs quietly in the background watching for unexpected system changes, and alerts you as soon as any new Windows 10 settings or files are detected.

Screenshot GWX Control Panel:

gwx-control-panel

When you enable GWX Control Panel’s optional Monitor Mode, a new icon will appear in your notification area that will alert you if GWX Control Panel detects any unexpected files or settings that leave you vulnerable to Windows 10. Once enabled, GWX Control Panel will start and quietly monitor your computer whenever you log in to Windows.

I have tested the program with a Windows 7 system, it works flawlessly. I recommend the program without any hesitation to all Windows 7 and Windows 8 users!

More info about the program, a how-to and download also on developers Ultimate Outsider GWX Control Panel blog.

Advertisements

January 8, 2016 Posted by | Uncategorized | , , , , , , , , | Leave a comment

[NEWS] Malwarebytes Acquires Junkware Removal Tool (JRT)

Exciting news, the Junkware Removal Tool (JRT) acquisition by Malwarebytes will make the outstanding malware removal tool Malwarebytes Anti-Malware MBAM (detects and removes e.g. worms, trojans, rootkits, rogues, spyware, and more)  stronger and better.

MBAM Press Announcement:

SAN JOSE, CA – June 22, 2015 – Malwarebytes, the company founded to protect people and businesses from sophisticated malware attacks, today announced the acquisition of Junkware Removal Tool, a security program that searches for and removes potentially unwanted programs (PUPs) such as adware, spyware, and toolbars. The acquisition will integrate its definitions and tactics into the Malwarebytes product line.

Junkware Removal Tool owner and developer, Filipos Mouliatis, will also be joining Malwarebytes Labs out of Houston, Texas. “Malwarebytes is a highly respected anti-malware and anti-exploit company that I’ve known of for years, so I was excited to hear about the possibility of working together,” said Mouliatis. “I look forward to helping further develop software that will destroy potentially unwanted programs such as adware and spyware.”

“Let’s face it, PUPs are a growing problem, and the Junkware Removal Tool is a fantastic addition to strengthen our ability to address them,” said Malwarebytes founder and CEO Marcin Kleczynski. “We’re proud to be integrating this technology. Not only that, Filipos’ creativity and ingenuity are great additions to the Malwarebytes team. With this move and others to come, we’re doubling down on expanding our PUP protections, and our customers will see the benefits very soon.”

Junkware Removal Tool is a popular download on sites such as CNET, MajorGeeks, and BleepingComputer.com. The security utility consistently ranks in the top 10 downloaded Windows apps on all three sites, and has had more than 4 million downloads on BleepingComputer.com alone.

“At BleepingComputer.com, we’ve found that adware and PUPs have increasingly become one of the largest sources of problems for our visitors,” said Lawrence Abrams, owner of BleepingComputer.com. “With Malwarebytes and Junkware Removal Tool being two of the most popular downloads, it’s going to be exciting to see how these two programs will join forces to further protect our visitors against adware and PUPs.”

Malwarebytes has already taken an aggressive stance on targeting and removing PUPs, adware, spyware, and grayware. Acquiring Junkware Removal Tool reinforces its commitment to fighting not only harmful and deceptive PUPs, but also annoying and misleading ones.

The integration of Junkware Removal Tool within Malwarebytes Anti-Malware will take place over the next few months. The stand-alone JRT program will remain intact for those who wish to use it.

Announcement source: Malwarebytes Press Center

Malwarebytes Anti-Malware (MBAM) homepage: here

June 22, 2015 Posted by | Uncategorized | , , , , , , , , , , , | Leave a comment

[How-to] Vulnerability test Superfish, Komodia, PrivDog & similar

Probably you have heard about the Lenovo debacle, many of their laptop series are preloaded adware/spyware Superfish (you can also call Superfish a dirty piece of malware) that will intercept all your secure connections and this will allow criminals to do it too. Superfish uses an “SSL hijacker” (Komodia Redirector with SSL Digestor) and an untrustworthy Komodia root certificate. Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing. In this way an attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.

Many other softwares do similar because Komodia sold its malicious kit to other companies as well, some of these companies/vendors are e.g. Atom Security, Inc, Infoweise, KeepMyFamilySecure, Kurupira, Lavasoft, Qustodio and Websecure Ltd. There will be others as well.

Superfish removal can be done via Windows standard add/remove programs utility, find Superfish Inc VisualDiscovery, tick it, and click uninstall. Uninstalling Superfish and other Komodia-type programs does not remove the root certificates, so you need to do this: type certmgr.msc into the Windows search box, right click on the programs name, and select “run as administrator” from the pop-up menu. Subsequent click the action menu item and select “find certificates”. Type Superfish etc into the search box and click the “find now” button. If you find an unwanted certificate, right-click and select delete.

Fwiw never download from unsafe places such as CNet’s Download.com or from Google search ads, downloading software from such places can be really dangerous, in many cases the downloaded software can and will be contaminated with adware, spyware and/or malware.

There’s a simple way to check your machine on the existence of Superfish, Komodia, PrivDog & Co, we advise you to visit the filippo vulnerability test page and perform the vulnerability test: https://filippo.io/Badfish/ Important: do the test with all browsers installed.

Instructions for identifying and removing a root certificate from Windows here: http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates

Finally we know that many AV (antivirus) products will find and remove the Superfish, Komodia, PrivDog and similar crap, despite we still strongly advise to perform the filippo vulnerability test and to check your machine also on the existence of untrustworthy certificates.

March 1, 2015 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

New major version of avast! Mobile Security / Anti-Theft released, v2 in development stage

As you probably will remember, December 2011 I posted a review concerning avast! Mobile Security (AMS) for Android phones, my verdict was (and still is): an excellent Security Suite, also very reliable and provided with a top-notch Anti-Theft module. For reason of the outstanding good test results AMS gained the Smokey’s 2011/2012 Choice Award, this Award will only be granted to the best among the best.

This week avast! company informed me that a new major version of the suite was released, v2, and this new version is in beta stage. They told me also that current stable v1 of the suite wasn’t updated since April 2012 for reason of development v2.

Like I told v2 is still beta but the new features sound very promising and will make the product even better, in this way protecting the user in a more solid way and providing him with additional useful features, time to provide you with a fast survey of v2 beta.

According to avast! company new features are:

* avast! Anti-Theft web portal integrated into the avast! Account
* Network Meter
* avast! widget
* Optimized UI for tablets
* Real-time protection (on-exec scanning) of apps
* Custom rules and log in the firewall
* The shield control UI to fine-tune on-access security setup
* avast! SiteCorrect for the Web Shield
* Scanning of incoming messages
* SMS/Call filter wildcards
* Greyscale notification icon

Adding all these new features to avast!’s already superb security suite will make it (again) the best security suite for android phones there is, and will put it again on top of all available suites. V2 beta avast! Mobile Security and avast! Anti-Theft are downloadable on avast! Forum, keep in mind that (like with all beta’s) use will be on your own risk. If you have the intention to download and install the beta please read the beta support thread before installing, in this way knowing what problems you can expect and current development stage of the beta.

To me it’s not clear v2 final will remain free, at the moment pricing info isn’t available.

System Requirements v2 beta avast! Mobile Security

Operating Systems Supported:

– Android 2.1.x
– Android 2.2.x
– Android 2.3.x
– Android 3.x
– Android 4.0.x
– Experimental support for Android 4.1.x

Links

– Review v1 avast! Mobile Security for Android phones: https://smokeys.wordpress.com/2011/12/24/review-avast-mobile-security-for-android-phones/
– About the Smokey’s Choice Awards: https://smokeys.wordpress.com/2011/12/30/about-the-smokeys-choice-awards/
– Downloadlinks v2 beta avast! Mobile Security and avast! Anti-Theft / v2 beta Support Forum: http://forum.avast.com/index.php?topic=101642

August 11, 2012 Posted by | Anti-Spyware, Anti-Virus, Downloads, Malware, Phishing, Toolbarware, Uncategorized | , , , , , , , , , | 1 Comment

Smokey’s Security & Anti-Malware Software Updates Survey Forum Entirely Revamped

I’m pleased to announce that the Security & Anti-Malware Software Updates Survey Forum on Smokey’s Security Forums is entirely revamped. As you know, a safe surfing experience will only be possible when all (security)software on your box will be up-to-date, the Smokey’s Security & Anti-Malware Software Updates Survey Forum provides you with the possibility to stay current and to avoid outdated software.

The forum is rebuild from the scratch, all Security/Anti-Malware software is sorted now into alphabetical order and up-to-date. Additional features are sorting software by Category/Tag and to stay current by way of subscribing to the Security & Anti-Malware Update Topics.

The revamped Software Updates Survey Forum is entirely designed by Smokey’s new Team Leader of that forum: Creer. He invested lots of time in the design, I’m grateful for all his hard design work and continuous efforts to keep the forum up-to-date.

Like before, in case you need (of course free!) malware removal help please don’t hesitate to visit our Malware Analysis & Removal Help and Support Forum, fully trained/graduated/qualified malware removal staff will be pleased to clean your box/removing malware.

February 12, 2012 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Last letter to Donna Buenaventura

Dearest Donna,

that’s no way to say goodbye, you incredibly shocked your husband, your family and me too. You leaved us so sudden, we had not the opportunity to say goodbye, we all are feeling deep sadness and desperation.

Dearest Donna,

many people are telling you are now in a much better place, but I don’t think you are. Your place is here on earth so we can still touch and reach you. You passed away and only leave memories, we are not able to accept.

Dearest Donna,

I remember so well the first time I met you, and the time that followed. You were caring for me in an unforgettable way, like you did with so many people. It was you showing me what a real, sincere friendship means, you was always there when I needed you. I owe you so much and will never be able anymore to make it up.

Dearest Donna,

you were such a wise and warmhearted woman, spending almost all of your available time to help others, it will be very tough to accept you are not here anymore to show us the right directions.

Dearest Donna,

I don’t say farewell because I know that some day I will meet you again, it’s my only consolation.

 

Rest in peace sweetie.

 

With Love,

Dave

February 11, 2012 Posted by | Uncategorized | , , , , , | Leave a comment

Kaspersky Lab statement about alleged events related to the Kaspersky family

Kaspersky Lab statement

22 April 2011

Kaspersky Lab respectfully asks members of the media to refrain from speculating and distributing unconfirmed information about alleged events related to the Kaspersky family. Eugene Kaspersky continues his day-to-day work at the company, and has stated that the unconfirmed information being spread at the moment is harmful for the company.

This statement is clear and at the same time very reasonable, hence I will not allow comments on this statement. I fully support the requests made in the statement and ask the community to respect what is asked by Kaspersky Lab.

Smokey

April 24, 2011 Posted by | Uncategorized | | Leave a comment

Get Protected: Facebook Privacy Settings Scanner & Fix Tool

Found for you an excellent tool via an article on NetworkWorld, to check and fix your Facebook privacy settings, the tool work really well.

This one-stop privacy fix-up tool for your Facebook profile, ReclaimPrivacy, tells you what you need to know. Using it is simple: Just surf over to ReclaimPrivacy.org and look for the link that says “Scan for Privacy.” Add that link as a bookmark in your browser, either by dragging it onto a bookmark toolbar or by right-clicking it and selecting the “Bookmark” option.

Now head over to Facebook. Sign into your account, then open the bookmarked link.

This will cause ReclaimPrivacy’s Facebook privacy scanner to open right at the top of your current Facebook window. Within a few seconds, ReclaimPrivacy will scan through six areas of potential privacy concern and let you know how your account stacks up.

ReclaimPrivacy analyzes everything from your personal information controls to your “instant personalization” settings. It even checks account settings that affect what your friends could inadvertently share about you without your knowledge.

For each area, ReclaimPrivacy will give you a green (“good”), yellow (“caution”), or red (“insecure”) ranking. If you hit yellow or red, it’ll provide you with specific steps to fix the problem so you don’t have to waste time searching for the right setting.

Happy and Secured Facebooking!  🙂

May 18, 2010 Posted by | Advisories, Downloads, Recommended External Security Related Links, Uncategorized, Vulnerabilities | , , , , , , , | Leave a comment

Microsoft pulls faulty patch MS10-025, plans re-release

Read for you on CNet – InSecurity Complex:

April 23, 2010 12:35 PM PDT

A critical vulnerability affecting Microsoft Windows 2000 Server will remain unfixed until Microsoft re-releases a patch for it, the company said on Friday.

A patch for the hole, which could allow an attacker to take control of a system running Windows Media Services, was released during Patch Tuesday last week. However, Microsoft pulled the patch this week because it failed to work.

“We pulled the update because it was determined that it did not address the underlying vulnerability,” Microsoft said in a statement. “We cannot give a specific day yet, but we are planning to re-release the update next week. That is our first priority right now. After that, we will be able to investigate the issue further.”

Jerry Bryant, group manager of response communications for the Microsoft Security Response Center, notified customers in a blog post on Wednesday that the security update for MS10-025 was being withdrawn.

April 23, 2010 Posted by | Uncategorized | , , , , , , , | Leave a comment

Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

Smokey’s Security Forums have changed the posting policy regarding the Malware Removal Help and Log Analysis Forums.
In the past it was only allowed to registered board members to post in mentioned forums, from now on posting in these forums is possible to guests too.

A few things for guests to remember

The only forums that you are allowed to post in are:

OTL (formerly OTListIt2) Log Analysis – Malware Removal & System Cleaning (English language)
Hilfe bei Problemen mit Viren, Trojanern, Würmern, Spyware, Adware, Ransomware, Popups und sonstigen Schädlingen (German – Deutsch language)
Not getting helped? Please post here!

Some additional info for guests

– Remember to give yourself a name atm you make a post, it’s better than calling you ‘Guest’.
– You will have to pass a ‘captcha’ validation for each post you make.
– You will be asked for an email address for each post you make.
– You will not receive a notification of replies, so you will have to check manually for any replies to your post.
– Normal board rules regarding behavior are still valid.
– If a ‘Helper’ feels you have broken forum rules, they can refuse to continue with help.

Wish you all a safe computing experience!  🙂

March 14, 2010 Posted by | Malware, Recommended External Security Related Links, Uncategorized | , , , , , | 2 Comments

KB 2008373: Upgrading Vista to Windows 7 fails with error 0xc0000359 and reference to iastor.sys

Symptoms

When trying to upgrade from Vista to Windows 7, upgrade process fails with error message and rolls back to Vista.

\$windows.~bt\windows\system32\drivers\iastor.sys

Status: 0xc0000359
Windows failed to load because a critical system driver is missing or corrupt

Cause

During upgrade process the incorrect version of the iastor is referenced resulting in the above error.

Resolution

To resolve this issue perform the following steps:

1. Access Driver Repository Folder under C:\Windows\System32\DriverStore\FileRepository and move any folders that contain the file: iastor.inf to a temporary location.

Note: To move the files from the FileRepostiry you may require additional permissions which can be accomplished by taking ownership of the the folder:

– Right-click on the folder and choose Properties,
– Click Security tab.
– Click Advanced button.
– Click Owner tab.
– Click Edit button.
– Select your account.

2. Search for references to iastor within the oem inf files in the c:\windows\inf folder.

Example Command: findstr /i /c:”iastor” %windir%/inf/oem*.inf

3. Make a note of the oem##.inf files reported where ## is a numeral. Move the oem##.inf and corresponding oem##.pnf from c:\windows\inf folder to a temporary folder.

4. Delete $~bt, $~LS and $~Upgrade folders from c:\ drive if they exist

5. Download and install the latest version of the iastor.sys driver from Intel website on the Vista machine: http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17882&lang=eng

6. Start the Windows 7 upgrade process. It should complete successfully now.

Author/source: Microsoft Support

November 26, 2009 Posted by | Uncategorized | , , , , , , , , | Leave a comment

What is it with MSN Space?

I am Starbuck, substitute site owner at ‘Smokeys’ and will sometimes blog here.

For a few days i’ve been unable to get into my Msn Space. so i emailed them to see if the ‘Spaces’ were down.
this is the reply i had from them:

Hello Peter,

Thank you for writing to Windows Live Spaces Customer Support.

My name is Joy and I acknowledge that you are unable to access your Space, starbuck50. I know how inconvenient this may have been for you and I am here to assist you.

We have found your Space, starbuck50, to be in violation of the Windows Live Spaces Code of Conduct as it has inappropriate content. As this violation is serious in nature, we were forced to close down your Space.

Please note that there is no Adult rating for Windows Live Spaces. Posting of profane messages, pornographic, sexually suggestive or provocative images is not allowed in our service, even if your Space is set to Private or Messenger.

Also, if your Space is disabled, you will not be able to access your Windows Live SkyDrive and Windows Live Profile accounts.

We encourage you to review the Windows Live Spaces Code of Conduct by visiting this link:

http://help.live.com/help.aspx?mkt=en-us&project=tou&querytype=keyword&query=coc

Windows Live Spaces has comprehensive online help available to you. For more information, click the “Help” button at the top of any Spaces page.

Thank you for using Windows Live Spaces.

Sincerely,

Mary Joy
Support Specialist
Windows Live Support Team

My Msn Space is all about helping people and providing help on ‘Pc Security’ matters.
If there’s anything ‘Pornographic’ on my Space, i’d love to see it!!!
Why are these replies from MSN always sent using ‘Canned speeches’…. i wanted a reply from a human.

The reply i received didn’t actually explain what the problem was.
If MS and MSN want to convey a good working relationship with people, then start by answering questions and problems using normal speech and explain things to members.
I still don’t know what the problem is!

The ridiculous reply didn’t even say how to correct things!
How can i even think about correcting things if i can’t even get into my Msn Space? … or even see what they are talking about.

Starbuck

November 14, 2009 Posted by | Recommended External Security Related Links, Uncategorized | , , , , , , , | 13 Comments

Front USB ports not recognized: How-To-Fix

Some time ago I posted how to fix Windows Vista / USB device detection problems. Because till today this how-to is one of the best readed posts on my blog it is clear that numerous people suffer from problems with USB devices.

Some investigation learned me that a huge amount of people also have problems with the front USB ports. In this particular case it regard a recognition problem. On internet I found a possible solution:

1- Remove the side panel (with the computer off)
2- Follow the cables from the back of the front I/O ports where your front USB is located (maybe on the memory card reader)
3- Follow those cables to where they connect to a header (a set of pins) on the motherboard
4- Disconnect the cables from the motherboard but leave them connected to the front
5- Turn on the computer and wait till Windows fully boots
6- After the full boot turn off the computer
7- Reboot one more time Windows in the same manner
8- Turn off the PC, plug the cables back to the motherboard, replace the side panel
9- Turn on the PC

Enjoy yourself 🙂

September 13, 2009 Posted by | Advisories, Uncategorized | , , , , | Leave a comment

Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 RTM Released

Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 – Five Language Standalone DVD ISO Released.

This is a DVD ISO image that contains Service Pack 2 for Windows Server 2008 SP2 for x86, x64, IA-64 and Windows Vista for x86, x64. This image is only applicable to computers that have one or more of the following languages: English, German, French, Japanese, or Spanish.

File Name: 6002.18005.090410-1830_iso_update_sp_wave0-RTMSP2.0_DVD.iso
Version: 948465
Knowledge Base (KB) Articles: KB948465
Date Published: 5/25/2009
Language: English, German, French, Japanese, Spanish.
Download Size: 1376.8 MB
Microsoft download page: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9f073285-b6ef-4297-85ce-f4463d06d6cb

Supported Operating Systems:

Windows Server 2008; Windows Server 2008 for Itanium-based Systems; Windows Vista; Windows Vista Business 64-bit edition; Windows Vista Enterprise 64-bit edition; Windows Vista Home Basic 64-bit edition; Windows Vista Home Premium 64-bit edition; Windows Vista Ultimate 64-bit edition.

Non-DVD versions:

32-bit: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3
64-bit: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=656c9d4a-55ec-4972-a0d7-b1a6fedf51a7

Programs that are known to experience a loss of functionality after you install Service Pack 2 for Windows Vista or for Windows Server 2008: http://support.microsoft.com/kb/969707

Warning: ESET NOD32 Anti-Virus v4.x programs can cause severe problems (e.g. BSODs) after Service Pack 2 install. More info on the official ESET Support Forum: http://www.wilderssecurity.com/showthread.php?t=241025

May 26, 2009 Posted by | Uncategorized | , , , , , , , , , , , , , , , | Leave a comment

Watch your steps: Leaked copies of Windows 7 RC contain Trojan…..

By ComputerWorld – Gregg Keizer 05 May

Pirated copies of Windows 7 Release Candidate (RC) on file-sharing sites contain malware, according to users who have downloaded the upgrade. Some of the pirated builds include a Trojan horse, numerous users said in message forums and in comments on BitTorrent sites such as Mininova.org.

“Just a warning for anyone downloading the new RC builds of windows 7. Quiet [sic] a lot of the downloads have a trojan inbedded [sic] in the setup EXE,” said someone identified as Frank Fontaine on a Neowin.net discussion thread. “The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe.”

Source:  ComputerWorld

Get the official Windows 7 RC download:

The 32- and 64-bit versions of Windows 7 RC are available in five languages: English, German, Japanese, French, and Spanish. Just choose the version that fits the system you’ll be using, pick your language, and click go to register for and download the RC.

Downloading the Windows 7 RC could take a few hours. The exact time will depend on your internet provider, bandwidth, and traffic. The good news is that once you start the download, you won’t have to answer any more questions – you can walk away while it finishes. If it gets interrupted, it’ll restart where it left off. (txs NICK_ADSL_UK!)

Official downloadlink Windows 7 RC: Microsoft

May 6, 2009 Posted by | Uncategorized | , , , , , , , , , , | Leave a comment