PM Computers

Laptop update - all the stuff you don’t see

I always use more than one virus scanner. I know it takes more time, but if you look at the results below it will be come clear. Originally I tried just to clean the laptop with spybot to get an idea of just how infected it was. When I came across the licensing issue, and the problems with Symantec Live update, I knew it  was time to wipe and start over. I booted with a copy of Trinity Rescue Kit, and used NTFS-3G along with rsync to backup everything on the laptop to a server I have just for backups. I then reformatted the laptop and used clamav on the archive. Below is the output from the clamscan. This is all the junk spybot *didn’t* find.

/data/user/WINDOWS/MEMORY.DMP: Adware.NewDotNet.B FOUND
/data/user/WINDOWS/Giggles-Shapes_SS.scr: Trojan.Downloader.Banload-4568 FOUND
/data/user/WINDOWS/NDNuninstall6_22.exe: Adware.NewDotNet.B-3 FOUND
/data/user/Documents and Settings/Owner/Local Settings/Temp/SAVE-Cm-Sm-Tb.exe: Adware.WhenU-3 FOUND
/data/user/Documents and Settings/Owner/Local Settings/Application Data/IM/Identities/{461B3DBF-2BF9-4A69-B5AE-ABFCAAEA10BD}/Message Store/Inbox.imm: Phishing.Heuristics.Email.SpoofedDomain FOUND
/data/user/Program Files/SuperStar/Beginning Math/start.exe: PUA.Elirt FOUND
/data/user/Program Files/Giggles Computer Funtime For Baby/Giggles-Shapes/Giggles Baby - Shapes.exe: Trojan.Downloader.Banload-4568 FOUND
/data/user/Program Files/Giggles Computer Funtime For Baby/Giggles-Shapes/Check Out Giggles Gear.exe: Trojan.Downloader.Banload-4568 FOUND
/data/user/Program Files/MSN Messenger/riched20.dll: Adware.Searchbar-19 FOUND
/data/user/Program Files/MP3 Player Utilities 3.68/DelDrv.exe: Trojan.Delall FOUND
/data/user/Program Files/Common Files/Symantec Shared/SymcData/idsdefs/20070426.001/sigs.dat: Exploit.JS.CVE-2005-1790.A FOUND

———– SCAN SUMMARY ———–
Known viruses: 274284
Engine version: 0.92.1
Scanned directories: 5364
Scanned files: 66988
Infected files: 12
Data scanned: 25033.76 MB
Time: 5946.744 sec (99 m 6 s)
(END)

Posted in Antivirus, Security, Software, linux | No Comments »

New Favorite Tool

Trinity Rescue Kit is my new favorite tool. It is doing wonders for that laptop I mentioned before. I just thought I’d link to them and give a shout out.

Posted in Antivirus, Hardware, Software, Tips, Uncategorized, linux | No Comments »

Keep It Real - Windows Genuine Advantage

This week on The PM Computers show, we cleaned out a laptop for a local business woman. it was filled with all sorts of malware like funwebproducts, mywaysearch, and minibug. i was lucky it didn’t have anything serious like smitfraud or vundo. After I got all of this cleaned using safe-mode, I started applying updates. This is when the fun began. Live update started complaining because Norton had been violated. I then pointed the system towards Windows update. It turns out the system did not pass The Windows Genuine Advantage test. Microsoft was nice enough however to let me install XP service pack 2. it was at this point I decided this had gone beyond a routine cleaning. I Immediately requested the original OEM restore discs from the customer. (People never give you these unless you ask). Later this week i will be doing a full backup and restore of the system. The laptop has a sticker for XP Home - the system was running XP Professional SP 1. It turns our a friend of the family offered to upgrade/look at the laptop before they brought it to me.

I’m writing this post to remind people to keep it real. You will save your self a lot of headaches and frustration in the long run if you are running a real version of Windows. it allows you to keep up to date, prevents you from becoming a zombie bot, and could even protect against identity theft.

Updating for Linux users is a whole ‘nother story. Upgrading the the latest kernel can sometimes wreak havoc with you hardware setup if you are not careful. I’m going to keep this post Windows only.

Posted in Security, Software, Tips | 1 Comment »

Wordpress Upgrade to 2.5

I’ve just upgraded the site to Wordpress 2.5 I followed the upgrade guide listed here:

http://codex.wordpress.org/Upgrading_WordPress

The only thing that could make the guide better is to mention that you should switch back to the classic theme, until you finish the upgrade and are happy with it.

Posted in Misc, Software | No Comments »

Spring Cleaning

PM Computers is having a special! Anything we can fix over the phone is free.

We are also offering free PC health checks for anyone in the Eastern Massachusetts area. We will come to you and check your PC out and tell you how to make it faster or Improve it.

Posted in Hardware, Software | No Comments »

You’re not going to pay a lot for this Muffler!

PM Computers is now supporting Meineke’s MKey Software. We are in the process of migrating a local Meineke shop from Pipedream to Mkey. We have also been very busy migrating the website and domain for http://www.affordablekb.com. Affordable Ktchens and bathrooms is a local home design firm located in Quincy.

Posted in Software | No Comments »

St. Patricks

I spent my whole day doing an emergency repair of a Windows XP system. This system had been corrupted by worms and trojans. The system had already been farked over by some other tech. It’s billable hours, so when they asked me where my green was, I said “my wallet”. I told the client once he could work again that I was going to come back with an external drive, back up all his data and do a real cleaning.

Posted in Security, Software | No Comments »

Plugs

Did you know that a standard USB Device side plug, can fit into an RJ-45/11 jack? This was the whole problem behind a recent case. We tried to fix this remotely, but with no luck. After checking the clients site, we found that they had plugged the USB cable into one of the phone jacks on their all in one printer. Then we checked their other computer, and found viruses and misconfigured software. We are going to be rebuilding this system sometime in the near future. Remember even if the end user says “everything is plugged in” that may not always be the case.

Posted in Hardware, Misc, Tips | No Comments »

Tips for fighting spam

Todays tip for fighting spam is spelling and language.

If there are a lot of mis-spellings in the email or instant message, it has a good chance of being spam.
If the message is in a language you don’t normally speak, it might also be spam.

These are just two of the many things I have noticed, for some reason I’ve been geting a lot of emails in german, to an older email address. here is an example:

“Meinung von unserem Kunden:
Fantastische Wirkung! Fünf Jahre lang hatte ich es nicht mehr geschafft, meine Err. . ..ektion… während des Verkehrs zu halten und war richtig ängstlich geworden. Ich hatte auch ein Problem mit vorzeitigem Samenerguss. Ausserdem bin ich Zuckerkrank. Vor einiger Zeit habe ich eine 50-mg-Dosis Viia..aa^_^aaagra… genommen und zwei Stunden später mit einer 22-jährigen geschlafen. Kurz vor dem Vorspiel wurde mein Schw. Anz hart und ich konnte es kaum glauben. Ich habe in dieser Nacht dreimal S5^_^EX gehabt und es gab keine Probleme dabei. Kein Schuss ging daneben. Ich bin ein glücklicher Mann. Achmet, 52

Bin restlos begeistert. Bin 50 und schlage mich seit einem guten Jahre damit herum, dass meinem Freund im entscheidenden Moment die Standfestigkeit abhanden kommt. Aber nun ist es wie in allerbesten Zeiten. 10 mg reichen für ein sehr LUSTiges Weekend. Null Nebenwirkungen - abgesehen vom Muskelkater am nächten Tag. Aber der verschwindet ja durch ausreichendes Training ;-))”

I’m not German, I have no use for this email, hell I took French in high school. This crap is nothing more than a waste of bandwidth because some chcuklehead who I sent an email too, probbaly got a virus or let his address book get harvested by some company who passed it on to a third party.

The best method for preventing spam is to be careful who you give your email out to. Always have more than one account. One you use for personal mail, and another you use for signing up for web services. This way if someone sells their registration database, or gets hacked, your personal email won’t be compromised. If you need to give an email address to some one you just met, give them the junk account, and once you are sure you can trust them, give them your private account.

Another method for combating spam, for someone who is not a sysadmin, and is not running their own mail server, is to use a good email program with good spam filters. My current favorite is Mozilla Thunderbird. If you need a webmail account then using Gmail is you best bet. Gmail has one of the best spam filters I have seen. Hotmail, MSN. AOL, and Yahoo have nothing in comparison to Gmail as far as spam filters.

-Phil

Posted in Security, Software, Tips | No Comments »

Zlob.DNSChanger

Last week The smart folks at PM Computers was able to rid someone of the Zlob.DNSChanger trojan.
The solution was found here:

http://forums.spybot.info/showthread.php?t=15015

Normally with spyware infections our philosophy is as follows:

“I say we back up and nuke the entire site from orbit. It’s the only way to be sure.”

In the real world this is not always practical. Using tools such as Spybot, Hijackthis, Cwshredder, and FixWareout, as well as an up to date virus and spyware scanner such as Trend Micro, to rid someone of the infection, until they can do a full cleaning is the next best thing.

When I worked at BestBuy, my managers loved this philosophy, because it made our numbers look great, I just wished they had given me the time to do the actual work I had sold. One of the few reasons I could go back there on a daily basis, I could meet with the general public and educate as many people as possible. I sold a lot of antivirus installs on new computers. 60 day trials are great, but the number of people who forget to renew is staggering. This way I could try and make sure people were secure for at least a year. Another thing I sold a lot of was firewall routers. A lot of people don’t understand these either.

Posted in Hardware, Security, Software | No Comments »