Security

Computers / SecurityNo Comments
25
Aug 10

The EICAR Test File

EICAR is the European Expert Group for IT-Security and they maintain the EICAR Anti-Malware Testfile.  It is a small innocuous executable used for testing antivirus software.  It is discussed in several places on the Internet so rather than repeat the information I will present a list of links.

The file comes in several different packages (.zip, .com, and .txt) so you can see if your anti-virus software is working on these files.  Links to all of the files are found on http://www.eicar.org/anti_virus_test_file.htm. To test my software I simply clicked on the link to eicar.com (the executable) and was immediately notified that a virus had been blocked. Exactly the reaction I wanted! Same results with the .txt and .zip files.

Computers / Security / WebNo Comments
23
Aug 10

Word of the Day: jekjxcntwdhsencnj

Not surprisingly, I get a lot of spam comments to this blog. Recently I noticed strings of letters appearing in the text of the comments. For example, “jekjxcntwdhsencnj” is in several comments that contain links to a registry cleaner. One must ask why make an obvious spam comment stand out any more than it already does? I’ll speculate that it gives the spammer a way to track their comments and concentrate on sites that allow comments to be posted without moderation. In fact a quick Google search of “jekjxcntwdhsencnj” found 748 hits and a search of “jekjxcntwdhsencnj registry” found 821 hits. Many of these sites were flagged as questionable by Norton Internet Security.

Several means are available to combat spam comments.

  • Turn the comment feature off on your blogging platform.
  • Moderate comments. In other words, you must check all comments and allow only the real ones into the system.
  • Blacklist the IP address. This option allows you to completely block the IP address of the spammer but is easily bypassed if you cannot specify an address range.
  • Work with your hosting provider to explore other options.
SecurityNo Comments
24
Mar 10

Malware – Process Explorer to the Rescue

These are screen captures from a recent malware infection that I was asked to remove.  The malware advertises that it is XP AntiMalware 2010 but don’t be fooled by it.  This is a crafty piece of malware. 

The first screen capture shows a pop-up and a balloon indicating a possible intrusion from 59.132.100.175 but this was impossible since the ethernet cable to the PC was disconnected.

Another dialog box trying to lure you in.  Notice the larger version of the shield does not look like the real Security Center icon (also shown below).

Follow the steps outlined below to use Process Explorer to stop this malware.  Note that this does not delete the malware but does stop it until you can get it removed.  If I find out how to remove it I will make another post on how to do that.  Process Explorer may be downloaded from Microsoft at the link below.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

  1. DO NOT click on the dialog boxes or balloons that are associated with this malware.
  2. Unplug or otherwise disconnect the infected PC from the Internet.
  3. Start Process Explorer by double clicking it.
  4. Find the process named “ave.exe”.  If you can’t find that process then read the caveat at the end of this post.
  5. Right-click on the process and choose Suspend from the menu. 

Your system may perform slowly but that’s better than the malware working its way deeper into your PC.   Preventing malware is much easier than dealing with it post-infection so be sure to keep your operating system and anti-virus software updated.

Caveat: You may have noticed that I referred to “this malware” instead of the name shown in the dialog boxes.  That’s because the malware may have a list of names that it rotates through.  In fact, it may even alter the name of the executable (ave.exe) to something else.