Search Results

Search found 156 results on 7 pages for 'trojan'.

Page 6/7 | < Previous Page | 2 3 4 5 6 7  | Next Page >

• How do I block my ISP from framing websites?

  - by PJB

  I've noticed recently, as of today, that all the websites I visit (except for a specific few sites such as Google) are all put into a frame. I'm not sure what the reason for this is, there are no ads displayed and everything appears normal. The only reason I found out is because the headers weren't loading correctly and none of the page titles showed up properly - I quickly checked the source code and saw that instead of the source of the page I was expecting to see, there was a single line with a frame. I first thought maybe somekind of trojan, but after going through various checks I've determined it's my ISP and/or somekind of Internet Registry (I traced the IP shown in the source code) What can be done to prevent this frame, short of using a VPN? I feel like I am being spied on. PS: I'm located in South Korea.

  Read the article

• Desktop Fun: Dual Monitor Wallpaper Collection Series 2

  - by Asian Angel

  Last month we brought you the first batch of wallpapers geared specifically towards dual monitor setups. Today we present the second offering in our series of dual monitor wallpaper collections. Note: Click on the picture to see the full-size image—these wallpapers vary in size so you may need to crop, stretch, or place them on a colored background in order to best match them to your screen’s resolution. More Dual Monitor Goodness Desktop Fun: Dual Monitor Wallpaper Collection Series 1 Span the same wallpaper across two monitors or use a different wallpaper for each. Dual Monitors: Use a Different Wallpaper on Each Desktop in Windows 7, Vista or XP For more wallpapers be certain to see our great collections in the Desktop Fun section. Latest Features How-To Geek ETC The 20 Best How-To Geek Linux Articles of 2010 The 50 Best How-To Geek Windows Articles of 2010 The 20 Best How-To Geek Explainer Topics for 2010 How to Disable Caps Lock Key in Windows 7 or Vista How to Use the Avira Rescue CD to Clean Your Infected PC The Complete List of iPad Tips, Tricks, and Tutorials Tune Pop Enhances Android Music Notifications Another Busy Night in Gotham City Wallpaper Classic Super Mario Brothers Theme for Chrome and Iron Experimental Firefox Builds Put Tabs on the Title Bar (Available for Download) Android Trojan Found in the Wild Chaos, Panic, and Disorder Wallpaper

  Read the article

• I have a bad install of Windows on another hard drive and it won't let me install a fresh copy. How do I fix it in Ubuntu 12.04?

  - by Dana LaBerge

  Basically, there was a security issue in the drivers for my graphics card. It was a 64-bit card and I installed 32-bit Windows. Apparently, before SP1 was available, which fixed that issue, 6 trojan horses got in. They stopped SP1 from installing. After going through the ringer several times, I finally talked to a person who knew the problem. It was something about how the drivers tried to transfer between the 32-bit OS and the 64-bit card that left me open. Ever since, my computer has been slow and has had weird issues. Like tinypic wouldn't ever load. Also, certain programs wouldn't install. So I eventually talk to the dude that knew the problem and he takes the reigns and does some diagnostics. He tells me that to fix it I have to format the hard drive and do a fresh install. I'm okay with that because I was planning on it anyway, to upgrade to the 64-bit version. The problem is, how do I do that? I have the disk to install the new copy, but when I go to install it, it tells me I can't and to check the log file. However, I don't know where that log file is, and it wiped my install of Windows out. How do I find the file and as a different route to get to the goal, how do I zero out the drive from Ubuntu 12.04? (I installed the 64-bit version just the other day)

  Read the article

• Removing malware of a particular kind

  - by Cyclone

  I need to remove some malware from my computer. It is a trojan, and very annoying. It blocks access to Google and search sites. The trojan, with its name spelled out on each line cause it seems to block sites when i reference it in a url, is a r t (some text to mess it up) e m (more text i s First off, what is it, what does it do? Second, why can't I access google or yahoo or any other search sites at all? Third, can it be removed via McAffee? It says it quarantined it when I scanned I found a suspicious process "c"s"r"s"s".exe and it will not let me terminate it, and this is what Mcaffee says it is. Why on earth isn't Mcaffee getting rid of it? I even blocked internet access for this program. Thanks so much, I get kinda freaked out with things like this... Here is my entire Hosts file: 127.0.0.1 go.mail.ru 127.0.0.1 nova.rambler.ru 127.0.0.1 google.ad 127.0.0.1 www.google.ad 127.0.0.1 google.ae 127.0.0.1 www.google.ae 127.0.0.1 google.am 127.0.0.1 www.google.am 127.0.0.1 google.com.ar 127.0.0.1 www.google.com.ar 127.0.0.1 google.as 127.0.0.1 www.google.as 127.0.0.1 google.at 127.0.0.1 www.google.at 127.0.0.1 google.com.au 127.0.0.1 www.google.com.au 127.0.0.1 google.az 127.0.0.1 www.google.az 127.0.0.1 google.ba 127.0.0.1 www.google.ba 127.0.0.1 google.be 127.0.0.1 www.google.be 127.0.0.1 google.bg 127.0.0.1 www.google.bg 127.0.0.1 google.bs 127.0.0.1 www.google.bs 127.0.0.1 google.com.by 127.0.0.1 www.google.com.by 127.0.0.1 google.ca 127.0.0.1 www.google.ca 127.0.0.1 google.ch 127.0.0.1 www.google.ch 127.0.0.1 google.cn 127.0.0.1 www.google.cn 127.0.0.1 google.cz 127.0.0.1 www.google.cz 127.0.0.1 google.de 127.0.0.1 www.google.de 127.0.0.1 google.dk 127.0.0.1 www.google.dk 127.0.0.1 google.ee 127.0.0.1 www.google.ee 127.0.0.1 google.es 127.0.0.1 www.google.es 127.0.0.1 google.fi 127.0.0.1 www.google.fi 127.0.0.1 google.fr 127.0.0.1 www.google.fr 127.0.0.1 google.gr 127.0.0.1 www.google.gr 127.0.0.1 google.com.hk 127.0.0.1 www.google.com.hk 127.0.0.1 google.hr 127.0.0.1 www.google.hr 127.0.0.1 google.hu 127.0.0.1 www.google.hu 127.0.0.1 google.ie 127.0.0.1 www.google.ie 127.0.0.1 google.co.il 127.0.0.1 www.google.co.il 127.0.0.1 google.co.in 127.0.0.1 www.google.co.in 127.0.0.1 google.is 127.0.0.1 www.google.is 127.0.0.1 google.it 127.0.0.1 www.google.it 127.0.0.1 google.co.jp 127.0.0.1 www.google.co.jp 127.0.0.1 google.kg 127.0.0.1 www.google.kg 127.0.0.1 google.co.kr 127.0.0.1 www.google.co.kr 127.0.0.1 google.li 127.0.0.1 www.google.li 127.0.0.1 google.lt 127.0.0.1 www.google.lt 127.0.0.1 google.lu 127.0.0.1 www.google.lu 127.0.0.1 google.lv 127.0.0.1 www.google.lv 127.0.0.1 google.md 127.0.0.1 www.google.md 127.0.0.1 google.com.mx 127.0.0.1 www.google.com.mx 127.0.0.1 google.nl 127.0.0.1 www.google.nl 127.0.0.1 google.no 127.0.0.1 www.google.no 127.0.0.1 google.co.nz 127.0.0.1 www.google.co.nz 127.0.0.1 google.com.pe 127.0.0.1 www.google.com.pe 127.0.0.1 google.com.ph 127.0.0.1 www.google.com.ph 127.0.0.1 google.pl 127.0.0.1 www.google.pl 127.0.0.1 google.pt 127.0.0.1 www.google.pt 127.0.0.1 google.ro 127.0.0.1 www.google.ro 127.0.0.1 google.ru 127.0.0.1 www.google.ru 127.0.0.1 google.com.ru 127.0.0.1 www.google.com.ru 127.0.0.1 google.com.sa 127.0.0.1 www.google.com.sa 127.0.0.1 google.se 127.0.0.1 www.google.se 127.0.0.1 google.com.sg 127.0.0.1 www.google.com.sg 127.0.0.1 google.si 127.0.0.1 www.google.si 127.0.0.1 google.sk 127.0.0.1 www.google.sk 127.0.0.1 google.co.th 127.0.0.1 www.google.co.th 127.0.0.1 google.com.tj 127.0.0.1 www.google.com.tj 127.0.0.1 google.tm 127.0.0.1 www.google.tm 127.0.0.1 google.com.tr 127.0.0.1 www.google.com.tr 127.0.0.1 google.com.tw 127.0.0.1 www.google.com.tw 127.0.0.1 google.com.ua 127.0.0.1 www.google.com.ua 127.0.0.1 google.co.uk 127.0.0.1 www.google.co.uk 127.0.0.1 google.co.vi 127.0.0.1 www.google.co.vi 127.0.0.1 google.com 127.0.0.1 www.google.com 127.0.0.1 google.us 127.0.0.1 www.google.us 127.0.0.1 google.com.pl 127.0.0.1 www.google.com.pl 127.0.0.1 google.co.hu 127.0.0.1 www.google.co.hu 127.0.0.1 google.ge 127.0.0.1 www.google.ge 127.0.0.1 google.kz 127.0.0.1 www.google.kz 127.0.0.1 google.co.uz 127.0.0.1 www.google.co.uz 127.0.0.1 bing.com 127.0.0.1 www.bing.com 127.0.0.1 search.yahoo.com 127.0.0.1 ca.search.yahoo.com 127.0.0.1 ar.search.yahoo.com 127.0.0.1 cl.search.yahoo.com 127.0.0.1 co.search.yahoo.com 127.0.0.1 mx.search.yahoo.com 127.0.0.1 espanol.search.yahoo.com 127.0.0.1 qc.search.yahoo.com 127.0.0.1 ve.search.yahoo.com 127.0.0.1 pe.search.yahoo.com 127.0.0.1 at.search.yahoo.com 127.0.0.1 ct.search.yahoo.com 127.0.0.1 dk.search.yahoo.com 127.0.0.1 fi.search.yahoo.com 127.0.0.1 fr.search.yahoo.com 127.0.0.1 de.search.yahoo.com 127.0.0.1 it.search.yahoo.com 127.0.0.1 nl.search.yahoo.com 127.0.0.1 no.search.yahoo.com 127.0.0.1 ru.search.yahoo.com 127.0.0.1 es.search.yahoo.com 127.0.0.1 se.search.yahoo.com 127.0.0.1 ch.search.yahoo.com 127.0.0.1 uk.search.yahoo.com 127.0.0.1 asia.search.yahoo.com 127.0.0.1 au.search.yahoo.com 127.0.0.1 one.cn.yahoo.com 127.0.0.1 hk.search.yahoo.com 127.0.0.1 in.search.yahoo.com 127.0.0.1 id.search.yahoo.com 127.0.0.1 search.yahoo.co.jp 127.0.0.1 kr.search.yahoo.com 127.0.0.1 malaysia.search.yahoo.com 127.0.0.1 nz.search.yahoo.com 127.0.0.1 ph.search.yahoo.com 127.0.0.1 sg.search.yahoo.com 127.0.0.1 tw.search.yahoo.com 127.0.0.1 th.search.yahoo.com 127.0.0.1 vn.search.yahoo.com 127.0.0.1 images.google.com 127.0.0.1 images.google.ca 127.0.0.1 images.google.co.uk 127.0.0.1 news.google.com 127.0.0.1 news.google.ca 127.0.0.1 news.google.co.uk 127.0.0.1 video.google.com 127.0.0.1 video.google.ca 127.0.0.1 video.google.co.uk 127.0.0.1 blogsearch.google.com 127.0.0.1 blogsearch.google.ca 127.0.0.1 blogsearch.google.co.uk 127.0.0.1 searchservice.myspace.com 127.0.0.1 ask.com 127.0.0.1 www.ask.com 127.0.0.1 search.aol.com 127.0.0.1 search.netscape.com 127.0.0.1 yandex.ru 127.0.0.1 www.yandex.ru 127.0.0.1 yandex.ua 127.0.0.1 www.yandex.ua 127.0.0.1 search.about.com 127.0.0.1 www.verizon.net 127.0.0.1 verizon.net

  Read the article

• Error openin microsoft.com with google chrome

  - by Ilnur

  Hi! I need help with my browsers. In my OS (windows 7 basic) installed 2 browsers: IE 8 and Google Chrome. When I trying to open pages, which associated with microsoft.com (like ms live and others), my browser crashes. IE 8 crashes too. But Opera (I've installed it later) works fine with that pages. P.S. I tried to search the trojan software and viruses. But my PC is clean.

  Read the article

• Tiny C Compiler and Virus warnings...

  - by NoMoreZealots

  I wanted to try out the TCC and got the Win32 Binary zip file from the website. upon decompressing it I tried to compile the "hello_win.c" source from the example directory. As soon as the compiler tried to write to the disk McAfee Popped up a dialog box and identified a Trojan named "Generic.dx." Has anyone else experience this? Dropping a virus into a compiler would be a sneaky, but brilliant, delivery mechanizism. I just want to know if this is a legit threat.

  Read the article

• Website/App on Dotcloud is down

  - by user1576866

  The website is nhslhs.tk . The last time I edited something was four days ago. I tried to get a calendar on the Django datable, but deleted it all and never actually pushed it to the Dotcloud server. Also, few hours before that I was able to update HTML files, push them, and see the edits on the website. The link should take you to a log-in page (this is available when you google "nhslhs.tk" and click cache view) but it takes you to a search magnified advertisement-esque page. On a few sites, people claimed the error was due to a Trojan horse virus or server being down. Do you know how to fix this? Thanks!

  Read the article

• Friday Fun: Snow Crusher

  - by Asian Angel

  It has probably been a long week whether you have already returned to work or are finishing up the last of your vacation time. If you are in need of some stress relief, then we have we the perfect game for you. This week you get to be totally fiendish and use a monster size snowball to destroy as many cars as possible at the local snow lodge. Snow Crusher The object of the game is simple…create as large of a monster snowball as you can and then send it down over the side of the mountain to destroy the cars at the snow lodge. You can choose from three different sizes of monster snowballs to create. We chose the “Snowflake Size” for our reign of destruction. Once you have chosen a monster snowball size, all that is left to do is select the control method that works best for you. As soon as you select the control method, your monster snowball creation will automatically begin. Keep in mind that the faster your snowball goes the harder it can become to steer if you make sudden movements… At the top you can watch your progress towards the drop-off point and the green boxes highlighted at the bottom indicate how large of an item (such as trees or boulders) your snowball can roll over and add to the total mass. Snowball speed is shown in the lower right corner. Time to roll! As soon as the first green box is lit up you can start adding small trees to your snowball’s mass. You will want to avoid larger items as you go because they will penalize your score, slow you down, and reduce the size of your snowball! Halfway to the drop-off point and our snowball is now able to grab up larger trees. If you have not hit any large items along the way, your snowball will definitely be moving along at a good rate by now. When you reach the end of the mass building area, your snowball will pop out into the open and get ready to drop off over the side of the mountain. Go snowball go! Yes! Thirteen cars crushed and ready for the scrap yard… If the “Snowflake Size” snowball can do this, just think what the “Avalanche Size” can do with three minutes of time to build up mass! Have fun with those monster snowballs! Play Snow Crusher Latest Features How-To Geek ETC The 20 Best How-To Geek Linux Articles of 2010 The 50 Best How-To Geek Windows Articles of 2010 The 20 Best How-To Geek Explainer Topics for 2010 How to Disable Caps Lock Key in Windows 7 or Vista How to Use the Avira Rescue CD to Clean Your Infected PC The Complete List of iPad Tips, Tricks, and Tutorials Classic Super Mario Brothers Theme for Chrome and Iron Experimental Firefox Builds Put Tabs on the Title Bar (Available for Download) Android Trojan Found in the Wild Chaos, Panic, and Disorder Wallpaper Enjoy Christmas Beyond the Holiday with Christmas Eve Crisis Parrotfish Extends the Number of Services Accessible in Twitter Previews

  Read the article

• Addressing threats introduced by the BYOD trend

  - by kyap

  With the growth of the mobile technology segment, enterprises are facing a new type of threats introduced by the BYOD (Bring Your Own Device) trend, where employees use their own devices (laptops, tablets or smartphones) not necessarily secured to access corporate network and information.In the past - actually even right now, enterprises used to provide laptops to their employees for their daily work, with specific operating systems including anti-virus and desktop management tools, in order to make sure that the pools of laptop allocated are spyware or trojan-horse free to access the internal network and sensitive information. But the BYOD reality is breaking this paradigm and open new security breaches for enterprises as most of the username/password based systems, especially the internal web applications, can be accessed by less or none protected device.To address this reality we can adopt 3 approaches:1. Coué's approach: Close your eyes and assume that your employees are mature enough to know what he/she should or should not do.2. Consensus approach: Provide a list of restricted and 'certified' devices to the internal network. 3. Military approach: Access internal systems with certified laptop ONLYIf you choose option 1: Thanks for visiting my blog and I hope you find the others entries more useful :)If you choose option 2: The proliferation of new hardware and software updates every quarter makes this approach very costly and difficult to maintain.If you choose option 3: You need to find a way to allow the access into your sensitive application from the corporate authorized machines only, managed by the IT administrators... but how? The challenge with option 3 is to find out how end-users can restrict access to certain sensitive applications only from authorized machines, or from another angle end-users can not access the sensitive applications if they are not using the authorized machine... So what if we find a way to store the applications credential secretly from the end-users, and then automatically submit them when the end-users access the application? With this model, end-users do not know the username/password to access the applications so even if the end-users use their own devices they will not able to login. Also, there's no need to reconfigure existing applications to adapt to the new authenticate scheme given that we are still leverage the same username/password authenticate model at the application level. To adopt this model, you can leverage Oracle Enterprise Single Sign On. In short, Oracle ESSO is a desktop based solution, capable to store credentials of Web and Native based applications. At the application startup and if it is configured as an esso-enabled application - check out my previous post on how to make Skype essso-enabled, Oracle ESSO takes over automatically the sign-in sequence with the store credential on behalf of the end-users. Combined with Oracle ESSO Provisioning Gateway, the credentials can be 'pushed' in advance from an actual provisioning server, like Oracle Identity Manager or Tivoli Identity Manager, so the end-users can login into sensitive application without even knowing the actual username and password, so they can not login with other machines rather than those secured by Oracle ESSO.Below is a graphical illustration of this approach:With this model, not only you can protect the access to sensitive applications only from authorized machine, you can also implement much stronger Password Policies in terms of Password Complexity as well as Password Reset Frequency but end-users will not need to remember the passwords anymore.If you are interested, do not hesitate to check out the Oracle Enterprise Single Sign-on products from OTN !

  Read the article

• Remote server security: handling compiler tools

  - by Gonzolas

  Hello! I was wondering wether to remove compiler tools (gcc, make, ...) from a remote production server, mainly for security purposes. Background: The server runs a web application on Linux. Consider Apache jailed. Otherwise, only OpenSSHd faces the public network. Of course there is no compiler stuff within the jail, so this is about the actual OS outside of any jails. Here's my personal PRO/CON list (regarding removal) so far: PRO: I had been reading some suggestions to remove compiler tools in order inhibit custom building of trojans etc. from within the host if an attacker attains unpriviliged user permissions. CON: I can't live without Perl/Python and a trojan/whatever could be written in a scripting language like that, anyway, so why bother about removing gcc et al. at all. There is a need to build new Linux kernels as well as some security tools from source directly on the server, because the server runs in 64-bits mode and (to my understanding) I can't (cross-)compile locally/elsewhere due to lack of another 64-bits hardware system. OK, so here are my questions for you: (a) Is my PRO/CON assessment correct? (b) Do you know of other PROs / CONs to removing all compiler tools? Do they weigh in more? (c) Which binaries should I consider dangerous if the given PRO statement holds? Only gcc, or also make, or what else? Should I remove the enitre software packages them come with? (d) Is it OK to just move those binaries to a root-only accessible directory when they are not needed? Or is there a gain in security if I "scp them in" every time? Thank you!

  Read the article

• WEIRD netstat behavior on Windows XP re: www.partypoker.com

  - by tbone

  I really don't know if this is the right place to ask this, but I would really appreciate if someone that is more savvy on Windows XP (Professional) could help me out. For background, I am a 10+ years programmer, so I'm not a total idiot, but I am far from an expert on TCP/IP, etc, and this has me totally confused. When I do a netstat (on Windows XP) I seem to always get a huge amount of www.partypoker.com connections and I can't figure out where they are coming from. A netstat -o shows me that some are coming from PID xxx, which is firefox, but if I kill it, the connections still remain. Some are coming from PID 0, which makes no sense to me. SECOND PROBLEM: One would think you could edit the C:\WINDOWS\system32\drivers\etc\hosts file to block this, but it seems like my machine is ignoring the hosts file! (I have tried with the DNS client service both enabled and disabled, same result). So I just rebooted, killed all my normal programs, and I can't seem to reproduce the problem. If I was a paranoid person, I would think there was some sort of an intelligent trojan running. I am running Windows XP Pro, Kaspersky Antivirus, ccCleaner, and am fully up to date on Windows Update. What gives???? So, I guess my questions are: 1. Is anyone else seeing these wird connections to partypoker.com? 2. Why isn't my hosts filter working? 3. Is there some utility I can run to find out whats happening? I've tried autoruns.exe from sysinternals but don't see anything interesting. Am I the only one with this problem? If there are any additional things you need me to run, let me know.

  Read the article

• What can cause a kernel hang on redhat 4?

  - by Ivan Buttinoni

  I've to solve a nasty problem on a ten machine "cluster": randomly one of these machine hang during an hard computation, sometime still ping sometime not. The problem was described me at the phone, I've still no touch/see these machine, so I can't be more precise. It seem there's no (real) keyboard or monitor linked to them, so I haven't nothing about keyboard led or messages on monitor. Don't worry, what I really need is some suggestion where to search the problem, some suggestions on what can cause a kernel hang on a working machine. I also see this post, but seem same need on a different situation. My ideas since now: - HW problem (ram, cpu, fan etc.) - bad autofs configuration - bad nfs(?) configuration - presence of a trojan/hacker/etc - /dev/"swap" linked to /dev/zero - kernel out of memory(??) - kernel bugged In other words I try to imagine what kind of envent can occour that can crash the kernel insted of the application that generate the event. What hang have YOU experienced before? Write it to me! TIA

  Read the article

• Thomson router reboots unexpectedly with an apparent remote connection attempt

  - by ChrisF

  I've got a weird problem. Every so often my rooter (a Thomson TG585 v8 running version 8.2.7.8 of it's firmware) reboots itself. It seems to be associated with this message in the event log: FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 183.178.144.177 Dst ip: xxx.xxx.xxx.xxx Type: Destination Unreachable Code: Host Unreacheable xxx.xxx.xxx.xxx is my external IP address 183.178.144.177 resolves to 183178144177.ctinets.com We've got a student from Hong Kong staying with us at the moment and the reboots seem coincidental with him starting up his laptop. I say this because a check on ctinets.com shows it to be based in Hong Kong, though our guest's laptop doesn't appear to have any software related to this company installed. I say "apparently" as he is running the Chinese version of Windows and his English doesn't cover technical subjects like this. I know this is an incoming message but I was assuming that it was in response to something on the student's laptop which is why the first thought was malware, but we've got anti virus on all the other machines and have run malwarebytes on his with a negative result so I don't think the problem is due to a virus or (known) trojan. What else can I do to stop this and identify the cause?

  Read the article

• Log and debug/decrypt an windows application's HTTPS traffic

  - by cweiske

  I've got a proprietary windows-only application that uses HTTPS to speak with a (also proprietary, undocumented) web service. To ultimately be able to use the web service's functionality on my linux machines, I want to reverse-engineer the web service API by analyzing the requests sent by the application. Now the question: How can I decrypt and log the HTTPS traffic? I know of several solutions which don't apply in my case: Fiddler is a man-in-the-middle HTTPS proxy which I cannot use since the application doesn't support proxies. Also, I do not (yet) know if it works with self-signed server certificates, which I doubt. Wireshark is able to decrypt SSL streams if you have the server's private certificate, which I don't have. any browser extension since the application is not a browser If I remember correctly, there have been some trojans that capture online banking information by hooking into/replacing the window's crypto API. Since the machine is mine, low level changes are possible. Maybe there is a non-trojan (white-hat) network log application out there which does the same? There is a blackhat presentation with some details available to read. They refer to Microsoft Research Detour for easy API hooking.

  Read the article

• Can I restore one of my user's profiles in Vista?

  - by Rod

  My youngest daughter uses my 4 year old laptop, which has Windows Vista installed. Somehow she got some Trojan (Vista Internet Security). (I'd love to know how that happened, seeing as how she is a standard user, and I have VIPRE as my AV.) Anyway, I ran a deep anti-virus scan using VIPRE, which identified it. I decided to delete everything that it identified. Now she cannot use anything in her profile. If she tries to bring up the browser, it recycles over and over again a dialog box asking which program to use. If I try to run any program at all, it doesn't know what to do. For example, it is totally lost trying to run the command line. If I bring up Windows Explorer and navigate to Windows\System32 and try to run the command line, or anything at all from there, it goes "Huh?" What in heck has happened?? Is it possible to fix this, and if so, how? As an aside, I can log into my account (my account on that machine is an administrator) and it works fine.

  Read the article

• How do I remove a printer connection without the user's intervention?

  - by 1.618

  Here's the situation: We're replacing 11 printers with newer models, and we'll be installing them on our print server and sharing them out. The plan is to share the new printers under different names than the ones they're replacing, and un-share the old ones. So I need to come up with a way to remove the client connections to old printers automatically. Clients are mostly Windows 7 with a few XP. My first idea was to call prnmngr.vbs from the login script to remove each old printer explicitly by name. The problem is that some users don't log out when they're done for the day, so I can't count on their login script running before they next need to print. I could remotely run prnmngr.vbs using SCCM, but if it's not 'impersonating' the user, I don't think it will remove their printers. Any ideas? Could I lookup how to access WMI using c# code and write a "trojan" to remove specific printers without requiring the user to do anything? (I'm only half joking). I'm open to any suggestion! Thanks!

  Read the article

• Month in Geek: December 2010 Edition

  - by Asian Angel

  As 2010 draws to a close, we have gathered together another great batch of article goodness for your reading enjoyment. Here are our ten hottest articles for December. Note: Articles are listed as #10 through #1. The 50 Best How-To Geek Windows Articles of 2010 Even though we cover plenty of other topics, Windows has always been a primary focus around here, and we’ve got one of the largest collections of Windows-related how-to articles anywhere. Here’s the fifty best Windows articles that we wrote in 2010. Read the article Desktop Fun: Happy New Year Wallpaper Collection [Bonus Edition] As this year draws to a close, it is a time to reflect back on what we have done this year and to look forward to the new one. To help commemorate the event we have put together a bonus size edition of Happy New Year wallpapers for your desktops. Read the article LCD? LED? Plasma? The How-To Geek Guide to HDTV Technology With image technology progressing faster than ever, High-Def has become the standard, giving TV buyers more options at cheaper prices. But what’s different in all these confusing TVs, and what should you know before buying one? Read the article HTG Explains: Which Linux File System Should You Choose? File systems are one of the layers beneath your operating system that you don’t think about—unless you’re faced with the plethora of options in Linux. Here’s how to make an educated decision on which file system to use. Read the article Desktop Fun: Merry Christmas Fonts Christmas will soon be here and there are lots of cards, invitations, gift tags, photos, and more to prepare beforehand. To help you get ready we have gathered together a great collection of fun holiday fonts to help turn those ordinary looking holiday items into extraordinary looking ones. Read the article Microsoft Security Essentials 2.0 Kills Viruses Dead. Download It Now. Microsoft’s Security Essentials has been our favorite anti-malware application for a while—it’s free, unobtrusive, and it doesn’t slow your PC down, but now it’s even better with the new 2.0 release, which adds network filtering, heuristic protection, and more. Read the article 20 OS X Keyboard Shortcuts You Might Not Know Mastering the keyboard will not only increase your navigation speed but it can also help with wrist fatigue. Here are some lesser known OS X shortcuts to help you become a keyboard ninja. Read the article 20 Windows Keyboard Shortcuts You Might Not Know Mastering the keyboard will not only increase your navigation speed but it can also help with wrist fatigue. Here are some lesser known Windows shortcuts to help you become a keyboard ninja. Read the article The 50 Best Registry Hacks that Make Windows Better We’re big fans of hacking the Windows Registry around here, and we’ve got one of the biggest collections of registry hacks you’ll find. Don’t believe us? Here’s a list of the top 50 registry hacks that we’ve covered. Read the article The Complete List of iPad Tips, Tricks, and Tutorials The Apple iPad is an amazing tablet, and to help you get the most out of it, we’ve put together a comprehensive list of every tip, trick, and tutorial for you. Read on for more. Read the article Latest Features How-To Geek ETC The 20 Best How-To Geek Linux Articles of 2010 The 50 Best How-To Geek Windows Articles of 2010 The 20 Best How-To Geek Explainer Topics for 2010 How to Disable Caps Lock Key in Windows 7 or Vista How to Use the Avira Rescue CD to Clean Your Infected PC The Complete List of iPad Tips, Tricks, and Tutorials Tune Pop Enhances Android Music Notifications Another Busy Night in Gotham City Wallpaper Classic Super Mario Brothers Theme for Chrome and Iron Experimental Firefox Builds Put Tabs on the Title Bar (Available for Download) Android Trojan Found in the Wild Chaos, Panic, and Disorder Wallpaper

  Read the article

• Weird PHP file on my website

  - by sam

  Today i noticed that there was a strange new file called "noivil.php" on my webspace. The contents of it are very long and I have no idea what it does! <?php $k='eJxtmV1vX7cNh79KUQRwnBaNXvgizTsXTYst2EWxlxZtczO4toukTeLVSQO0w777SP7Ig13sxkeWdHgkig9J8f/oph299atHN/1Qssc4+mj2nNbtTzqW2IMP2faQg71TD/XOhf/2QcsFtEPYnyZJ/WmiegzMYw1/ksmMBh/s3+pyaPyvB8cb61jRv/PjwxbX/bujHxTPgTeHiZz+dJH+6uBcvhzLdzM0tzVWznSZPmO2Y7uoacv05c5RAxNbnZQDbKpwEVNshm9k2jqjYx3bPzpLJrVj+StkMl02lUzKrRNhh2QyW8xwmf41soX2eDeF0sb62GTGs+dMHqkVtrMZLpVNqr/KLjUacpBvll1ovLPwXd7H8h1IO9R3ICVURs4UE9pdqFD1cG5C5JDosGN36WIq9XXIRr82HIp2fExHPudB8SQcgXKeiZZCVWEAulIJug/2jtXyXFdPI1ojjWfNg8P4bPMudXHNsKOPV3zzvp618ntr49x2Sz3tnke7B2x1TyxkEw5wM7a2BUvfCr1tFxkdOxt2JGm8rYTaOnEuNgMmZXqEedrnsUHTfpq27RNsmUqO3aKRWujd7T9E9p5n3h0rANtz0bZbmIzpMDdoJ4gz6sYW6OyrenZNcrywCeML5I1xdk2Q1I2xwLw7YwBbzkm29pA+VrFtoGGWgUZodFhyd9R6iJozz6jPtOE+k+BuuG28p7DmPleaZDfi4tB7Edepl4roXLpRB30YdtCoczfQkhrTdEIGXp6boQcPZuylto2+MKpu9IVFdC69GH0aezf8INLww9adv4bWqmM2BGEnxiD2EBCiNfIrQSFatXTDEDuVOlLjECuQVZ8xFPMzWl5Y0xd1LWfUDUiJ6UYkTE7TzrshCR9tSObWDcocqxM1KnEyRiXsep3G6FjGXorLbmBiU0vScXVDE4a9Tp0bmzh2gxMyDU6N2XvUJMMT7xmfEQe6AaqYLbnNnd6pG6OwKGc0vMowRhEVnNHwPMMYDaMcxehwRjGJYfDDGQ3NDWNUIWnBqIcxCpEe9hCi0v2NXmY++swTHv0MVMboRkPSckfXJHL01PkwSOPUR4TAWMMonz08Cob8keFlGKOh6zFKujOKzXsoxHJGxtfhjIYWjFF8b/aKtAYpIqkxGpY0PCCGTI+IWLGHxA4JqfYRkMZnIizGoFOKMN1heYPSNQ5jFO8RlVAqvRujWIIHx4GuladEpXdjlNHowG9wqcUQxftM1Si1GKIw78G1cI+R6NlwZkNaUjgMUejACM2xCQqHx0mszQgNPzUkfcvwSInZq86sguWoaDm018lq2aLO0oWe0jW9y9DyusMZhYKd0X319Ik5VH3y1DtOm3dYQ8BK3z4C1tiWwaoYozq0CKNoSa5mZbozIpDG99auc99naubBtCPFGkmJ8Qrr3WU6xuvGe1JD6cVGxFRIKsOZrZ2tDncyW6U/s6UHni0Ti9k4lzBbKWk2zUOcDYfw9Im3nSvXlLdCP7MAngZwrHEawNmYWP40fPHJM8LOXghMw3dhVtI7zwR2jnMjhi8Gjd4wvGn0hjObozLOUenhHKd0wzc8zjR6BbPK2U/PZWNS4BuDEWND/KyMbs5CbBrBYb3TAA4gzW7qQwEw+jYsZha/0/gNRqbxu9DII56U6cH0GIvveYxFl9b7lTdN2hnLJ5fwM8OdnJnjjBQ3RBjC2DVn5jQdYRwBl2oMYZxTITylUr0phdl0htGVt4dpDOMoItcNCcYwQYICg2kMp8yyGK3sdHqQxc0gI/isGDu1ZGslqNODLBoF8NRauYELYyhup6e+DdeNkes1brG4lf5+rlPpHmU7XtSzLx3+9Aw4GjuTj7kzsZkF7dynvWwqGzJs8cFd95W5tY7SwFXM32lf5MlwXGZaOk5qFcSppdOhRnW3bEUTGbfh38mwxVXKI23clApUMlBD2eSgxlXJQCU0Zl3AqHoyWaWeTpl6JWXU8+JKPTMbOjElwzScHjmm6Il1P33y/v72/g8fPdz9+HB98/7+wZ0IjcwZaGTsIgN347XMdcijLno2jpFmq8vfzESKPOrG7FkZIE2q6YxTJIMWS5p5ZaAzM6YIurEUanWjdGrROA+BMpMixzaEUpk+UV52yLCFxg1bRc/OD3JxRR52Y5JBi9MwaMPDkTEbVkN+MQ32iEstnLUD8sx4QECm3SSZX5IkVmTIRmglySyNDFncqOW0HUMWl2tDFiYjFbCowi5p1TlIMx6SpiMmLaVoLTyuqmiVYRqzOGFHFkM7e1aWFGjV/b+IpVUFACMWCljpgsmAhU4rzpLjilJAXgDJcIWBGq5QhCfFON0KsrQzfJDRCkszWuOOTAYrVrYr4aadOLGxGpvlVvcQbiWcW96y2WANf8Yt7yFsqMZy2SNspMfsEbajtdOauJelsOEaDpR7FZe4Z27JkRdjMK8L3Cvr5l61EfbLa1Q8eqUIfCLLIyHiQpYNWZQ9zvoQO6CxRwNU0dBTQJZe2CNraIln3kbYCA2HwrOuOuyIYoEeWLOVBTKOzBhvKk6cDVJFT1ZhmNILsxeMUMmp8gbTzOjOlA6AqVRDSRFT3keYSjZVQYI5AwhzUsRGKE7a764hyAjFSozQnJN2zlyVM+a86zDnZYQlax0smcxw1I9CA3F1jQVICTdEccpyHqnkrZslKWIjFDtwQiOAsWZGz5r+nbXyAVaqrrPo5YlxBC7WSmbYIIWmHNKYtaqWwqv0YpTCkj0fxqSKfGyYZlddpNg5xdiqsZ3HtzM08c5aBxunMAi/u8aOd618c9XvPKpCe357RSOzDTZOAzzxmBrltuAUXcWptNK6GKiERilGjNTwh+IlpqjgGajxGWl5A5TANMT3zPEk7q/xnT7PFqV5SRVvxTjNRoEkVcAVwzSIklHBSEY/WxWNZGSyJKMWP7IgISOduhim4VPFS0zYagVSmXU5Fg+ksQTDdKGeOXMJkf1iUgZSmXnBlJn+Ubyki0ZmkEJVAxI6V26UQqEOKXRMmZ8K1cpJzrE0dqF07EKVKQlXPBJPf6FkLpjE898swmacFk7nLpxFeOG0R/FQikotl3sUr/TGoGSdW7zIhHJu1Y/Fi0zxZambvUh6d5EseYqkixHJMqqcsVSMVPwuoFXsF0MVluUJcKwzSEVL6ggjA0ZRedWntVIYMVZRYTZUsfuViYCsWYex0s2IoYp1nSmwrLx4yEqcxFCNCCKOaix5p2cXz4BRz86gJztLe+IRNeR4mQlDVVqXnVFDIv2NAnerxE6D1Shtx711Rys9gbas12qgivmCU1LPfzEp00Zt+YOAGqqxBe3pfdVIZfSUVtRBzRZjW9ozbdSeV27tZTB63lR1VNFDRwYldVA7WhPuVEcqXUddudVIRZnfi8FoZOquXmeKOQEqWmXt6gE1zFAN1TgSnVmvUSM1YphOOSdVLUiNVXznLDSpwYouyquBFqpaF1Wl+vlJC1UNVDE9A6pSqZ1OzXBlGuqoYg2c9qgeUmPJfCreYyrG0s1o/B4Tq+Eq2Sqnf1cjFV+ULHyq1B1eJauqKvnDhBqpit9QskyjlfWqgYo1GahoOKhYrxebwimpZjKgmmUU1bzBq1b5QSvr1YiomFU5nmoVgXRlPqDrPNWVIVvXrDFKI11ZydKzIKyrUkhdq34KqsXvrE2qgcpoZIFPdxmMgRroq8dUHK7nvvgpqazdC8KQWAtfLX9cWy1rPqtV0FtVEF6NqpGud7UkabV0vaulzpcnvqHqVfWk5b/ZdHSNFNDzirR6WvrqdYFfkffGz1U971+rCkqrV9VkjbwRrKJ0jUpM18ja5Bpl6iswjdV43otBzVNe5482q0Bd8/zhbUaB4OmT2/u3F+8/en//683Lj96/fPXuM7v4PhwX34+Xv11cPXrw5ps//f7i6+/bd+Pvr78f++cXfzsOG/rFhr55/vk3X7796e317U/WePn8yz8/x9jtcfHzu7e37159+/ybfzz/6dqmvLvFn599/M1x8WL+q//w5qsPP3z37LcX3331u3d//vlx8evb16/exqRnz46Ld+8fHu4++H9ffGFjNz++enj3/uLqx/uHx7a4h6N96g9vXVygefxw/e5O6J+3dzf3t3c26/JTX6utybfz8Mc1RzQ++eTy33j3+PjGGx9fpajPjmg8foT/L6/+kwP/R7iN1uBxznqcLR/7395f3lxi79++fnl9/ee/PPvr1+0ILfu0esteu/tw/fqxK+DxxdWl9Tx6/Pr6w93F5eXVfwHF9UwV';$r='YmFzZTY0X2RlY29kZQ==';$rr='WjNwMWJtTnZiWEJ5WlhOeg==';$rrr=base64_decode($r);$rrrr=$rrr($rrr($rr));eval($rrrr($rrr($k))); When I run it it just outputs some random stuff I don't understand. My questions: What is this? Where did it come from? Is it a virus/trojan? What does it exactly do? You are better at PHP than me, maybe you can tell what it is Thanks in advance

  Read the article

• Windows explorer locks files

  - by John Prince

  I'm using Office 2010 & Windows 7 Home Premium 64-bit. My problem starts when I attempt to save e-mail messages to my PC that I have received via Outlook (my ISP is Comcast). I'm using the default .msg file extension option when I attempt to save these e-mails. The resultant files are locked and do not show the normal "envelope" icon. Instead, it’s a “blank page” icon with the right upper corner folded in. These files refuse to open either by double clicking on them or right clicking and trying to open them with Outlook. And when I return to Outlook, I discover that Outlook is now hung up and I have to close it via the Task Manager. To make matters worse, I’ve also discovered that every e-mail message that I've saved on my PC over the years has also somehow become locked and their original "envelope" icon has been replaced with the "blank page" icon. I found and installed an application called LockHunter. As a result, when I right click on a saved and locked e-mail message, I’ve given an option to find out what's locking it. Each time I'm told that the culprit is Windows explorer.exe. When I unlock the file the normal envelope icon is sometimes displayed (but not always) but at least the file can then be opened. But the file is still “squirrely” as it can’t be moved or saved to a folder until it’s unlocked again. On this second attempt, LockHunter says it’s now locked by Outlook.exe. By the way, I don't have this issue when I save Word, Excel & PowerPoint files; only with Outlook. I've exhausted every remedy that I can think of including: making sure that the file and folder options are checked to always show icons and not thumbnails; running the Windows 7 & Office 2010 repair options which find nothing amiss; running a complete system scan with Windows Malicious Software Removal Tool with negative results; verifying that Outlook is the default for opening e-mails; updating all of my applications via Secunia Personal Software Inspector; uninstalling every application that I felt was unnecessary; doing a registry cleanup via CC Cleaner; having Windows Security Essentials always on (it did find one Java Trojan recently which was quarantined and then deleted); uninstalling a bunch of non-Microsoft shell extensions; and deactivating all of the Outlook Add-ins and then re-activating each one. None of this solves the problem. I’d welcome any advice on how to resolve this.

  Read the article

• centos 6 ps aux hangs up

  - by Guntis

  I have problem with my server. Server is running centos 6 (CloudLinux Server release 6.2). uname -a = 2.6.32-320.4.1.lve1.1.4.el6.x86_64 That is a kvm guest. On host is debian 6. If i run command ps aux, it stuck on random process (shows some processes only), top command is working fine. htop doesn't work too (black screen). top - 12:11:51 up 34 min, 1 user, load average: 4.26, 6.71, 16.15 Tasks: 201 total, 7 running, 192 sleeping, 0 stopped, 2 zombie Cpu(s): 7.9%us, 2.8%sy, 0.0%ni, 87.5%id, 1.6%wa, 0.0%hi, 0.2%si, 0.0%st Mem: 9862044k total, 2359484k used, 7502560k free, 171720k buffers Swap: 10485720k total, 0k used, 10485720k free, 1336872k cached server has one Intel(R) Xeon(R) CPU E5606 @ 2.13GHz, free -m total used free shared buffers cached Mem: 9630 2336 7293 0 170 1324 -/+ buffers/cache: 841 8789 Swap: 10239 0 10239 php -v PHP 5.3.19 (cli) (built: Nov 28 2012 10:03:07) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies with the ionCube PHP Loader v4.2.2, Copyright (c) 2002-2012, by ionCube Ltd., and with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH mysql Server version: 5.1.63-cll php -i disable_functions => apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_e xec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php _uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_set sid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_de code, xmlrpc_server_create, putenv, show_source,mail => apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, pos ix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exe c, syslog, system, xmlrpc_entity_decode, xmlrpc_server_create, putenv, show_source,mail ... suhosin.executor.disable_eval => Off => Off suhosin.executor.eval.blacklist => include,include_once,require,require_once,curl_init,fpassthru,base64_encode,base64_decode,mail,exec,system,proc_open,leak, syslog,pfsockopen,shell_exec,ini_restore,symlink,stream_socket_server,proc_nice,popen,proc_get_status,dl, pcntl_exec, pcntl_fork, pcntl_signal,pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled,pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept,socket_bind, socket_connect, socket_cr eate, socket_create_listen,socket_create_pair,link,register_shutdown_function,register_tick_function,gzinflate => include,include_once,require,require_once,c url_init,fpassthru,base64_encode,base64_decode,mail,exec,system,proc_open,leak,syslog,pfsockopen,shell_exec,ini_restore,symlink,stream_socket_server,proc_nic e,popen,proc_get_status,dl, pcntl_exec, pcntl_fork, pcntl_signal,pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled,pcntl_wifstopped, pcntl _wstopsig, pcntl_wtermsig, socket_accept,socket_bind, socket_connect, socket_create, socket_create_listen,socket_create_pair,link,register_shutdown_function, register_tick_function,gzinflate Sometimes i cannot kill httpd process. I run kill -9 PID even several times, and nothing happens. php runs via suphp. I learned somewhere that it can be trojan. I ran strace ps aux and it stops on open("/proc/PID/cmdline", O_RDONLY) If i reboot server, problem is gone but after some time it is back again .. :( Thanks.

  Read the article

• Looking for Fiddler2 help. connection to gateway refused? Just got rid of a virus

  - by John Mackey

  I use Fiddler2 for facebook game items, and it's been a great success. I accessed a website to download some dat files I needed. I think it was eshare, ziddu or megaupload, one of those. Anyway, even before the rar file had downloaded, I got this weird green shield in the bottom right hand corner of my computer. It said a Trojan was trying to access my computer, or something to that extent. It prompted me to click the shield to begin anti-virus scanning. It turns out this rogue program is called Antivirus System Pro and is pretty hard to get rid of. After discovering the rogue program, I tried using Fiddler and got the following error: [Fiddler] Connection to Gateway failed.Exception Text: No connection could be made because the target machine actively refused it 127.0.0.1:5555 I ended up purchasing SpyDoctor + Antivirus, which I'm told is designed specifically for getting rid of these types of programs. Anyway, I did a quick-scan last night with spydoctor and malware bytes. Malware picked up 2 files, and Spydoctor found 4. Most were insignificant, but it did find a worm called Worm.Alcra.F, which was labeled high-priority. I don’t know if that’s the Anti-Virus Pro or not, but SpyDoctor said it got rid of all of those successfully. I tried to run Fiddler again before leaving home, but was still getting the "gateway failed" error. Im using the newest version of firefox. When I initially set up the Fiddler 2.2.8.6, I couldn’t get it to run at first, so I found this faq on the internet that said I needed to go through ToolsOptionsSettings and set up an HTTP Proxy to 127.0.0.1 and my Port to 8888. Once I set that up and downloaded this fiddler helper as a firefox add-on, it worked fine. When I turn on fiddler, it automatically takes my proxy setting from no proxy (default) to the 127.0.0.1 with Port 8888 set up. It worked fine until my computer detected this virus. Anyway, hopefully I've given you sufficient information to offer me your best advice here. Like I said, Spydoctor says the bad stuff is gone, so maybe the rogue program made some type of change in my fiddler that I could just reset or uncheck or something like that? Or will I need to completely remove fiddler and those dat files and rar files I downloaded? Any help would be greatly appreciated. Thanks for your time.

  Read the article

• Looking for Fiddler2 help. connection to gateway refused...just got rid of a virus?

  - by john mackey

  I use Fiddler2 for facebook game items, and it's been a great success. I accessed a website to download some dat files I needed. I think it was eshare, ziddu or megaupload, one of those. Anyway, even before the rar file had downloaded, I got this weird green shield in the bottom right hand corner of my computer. It said a Trojan was trying to access my computer, or something to that extent. It prompted me to click the shield to begin anti-virus scanning. It turns out this rogue program is called Antivirus System Pro and is pretty hard to get rid of. After discovering the rogue program, I tried using Fiddler and got the following error: [Fiddler] Connection to Gateway failed. Exception Text: No connection could be made because the target machine actively refused it 127.0.0.1:5555 I ended up purchasing SpyDoctor + Antivirus, which I'm told is designed specifically for getting rid of these types of programs. Anyway, I did a quick-scan last night with spydoctor and malware bytes. Malware picked up 2 files, and Spydoctor found 4. Most were insignificant, but it did find a worm called Worm.Alcra.F, which was labeled high-priority. I don’t know if that’s the Anti-Virus Pro or not, but SpyDoctor said it got rid of all of those successfully. I tried to run Fiddler again before leaving home, but was still getting the "gateway failed" error. Im using the newest version of firefox. When I initially set up the Fiddler 2.2.8.6, I couldn’t get it to run at first, so I found this faq on the internet that said I needed to go through ToolsOptionsSettings and set up an HTTP Proxy to 127.0.0.1 and my Port to 8888. Once I set that up and downloaded this fiddler helper as a firefox add-on, it worked fine. When I turn on fiddler, it automatically takes my proxy setting from no proxy (default) to the 127.0.0.1 with Port 8888 set up. It worked fine until my computer detected this virus. Anyway, hopefully I've given you sufficient information to offer me your best advice here. Like I said, Spydoctor says the bad stuff is gone, so maybe the rogue program made some type of change in my fiddler that I could just reset or uncheck or something like that? Or will I need to completely remove fiddler and those dat files and rar files I downloaded? Any help would be greatly appreciated. Thanks for your time.

  Read the article

• Apache VirtualHost Blockhole (Eats All Requests on All Ports on an IP)

  - by Synetech inc.

  I’m exhausted. I just spent the last two hours chasing a goose that I have been after on-and-off for the past year. Here is the goal, put as succinctly as possible. Step 1: HOSTS File: 127.0.0.5 NastyAdServer.com 127.0.0.5 xssServer.com 127.0.0.5 SQLInjector.com 127.0.0.5 PornAds.com 127.0.0.5 OtherBadSites.com … Step 2: Apache httpd.conf <VirtualHost 127.0.0.5:80> ServerName adkiller DocumentRoot adkiller RewriteEngine On RewriteRule (\.(gif|jpg|png|jpeg)$) /p.png [L] RewriteRule (.*) /ad.htm [L] </VirtualHost> So basically what happens is that the HOSTS file redirects designated domains to the localhost, but to a specific loopback IP address. Apache listens for any requests on this address and serves either a transparent pixel graphic, or else an empty HTML file. Thus, any page or graphic on any of the bad sites is replaced with nothing (in other words an ad/malware/porn/etc. blocker). This works great as is (and has been for me for years now). The problem is that these bad things are no longer limited to just HTTP traffic. For example: <script src="http://NastyAdServer.com:99"> or <iframe src="https://PornAds.com/ad.html"> or a Trojan using ftp://spammaster.com/[email protected];[email protected];[email protected] or an app “phoning home” with private info in a crafted ICMP packet by pinging CardStealer.ru:99 Handling HTTPS is a relatively minor bump. I can create a separate VirtualHost just like the one above, replacing port 80 with 443, and adding in SSL directives. This leaves the other ports to be dealt with. I tried using * for the port, but then I get overlap errors. I tried redirecting all request to the HTTPS server and visa-versa but neither worked; either the SSL requests wouldn’t redirect correctly or else the HTTP requests gave the You’re speaking plain HTTP to an SSL-enabled server port… error. Further, I cannot figure out a way to test if other ports are being successfully redirected (I could try using a browser, but what about FTP, ICMP, etc.?) I realize that I could just use a port-blocker (eg ProtoWall, PeerBlock, etc.), but there’s two issues with that. First, I am blocking domains with this method, not IP addresses, so to use a port-blocker, I would have to get each and every domain’s IP, and update theme frequently. Second, using this method, I can have Apache keep logs of all the ad/malware/spam/etc. requests for future analysis (my current AdKiller logs are already 466MB right now). I appreciate any help in successfully setting up an Apache VirtualHost blackhole. Thanks.

  Read the article

• Computer Networks UNISA - Chap 14 &ndash; Insuring Integrity &amp; Availability

  - by MarkPearl

  After reading this section you should be able to Identify the characteristics of a network that keep data safe from loss or damage Protect an enterprise-wide network from viruses Explain network and system level fault tolerance techniques Discuss issues related to network backup and recovery strategies Describe the components of a useful disaster recovery plan and the options for disaster contingencies What are integrity and availability? Integrity – the soundness of a networks programs, data, services, devices, and connections Availability – How consistently and reliably a file or system can be accessed by authorized personnel A number of phenomena can compromise both integrity and availability including… security breaches natural disasters malicious intruders power flaws human error users etc Although you cannot predict every type of vulnerability, you can take measures to guard against the most damaging events. The following are some guidelines… Allow only network administrators to create or modify NOS and application system users. Monitor the network for unauthorized access or changes Record authorized system changes in a change management system’ Install redundant components Perform regular health checks on the network Check system performance, error logs, and the system log book regularly Keep backups Implement and enforce security and disaster recovery policies These are just some of the basics… Malware Malware refers to any program or piece of code designed to intrude upon or harm a system or its resources. Types of Malware… Boot sector viruses Macro viruses File infector viruses Worms Trojan Horse Network Viruses Bots Malware characteristics Some common characteristics of Malware include… Encryption Stealth Polymorphism Time dependence Malware Protection There are various tools available to protect you from malware called anti-malware software. These monitor your system for indications that a program is performing potential malware operations. A number of techniques are used to detect malware including… Signature Scanning Integrity Checking Monitoring unexpected file changes or virus like behaviours It is important to decide where anti-malware tools will be installed and find a balance between performance and protection. There are several general purpose malware policies that can be implemented to protect your network including… Every compute in an organization should be equipped with malware detection and cleaning software that regularly runs Users should not be allowed to alter or disable the anti-malware software Users should know what to do in case the anti-malware program detects a malware virus Users should be prohibited from installing any unauthorized software on their systems System wide alerts should be issued to network users notifying them if a serious malware virus has been detected. Fault Tolerance Besides guarding against malware, another key factor in maintaining the availability and integrity of data is fault tolerance. Fault tolerance is the ability for a system to continue performing despite an unexpected hardware or software malfunction. Fault tolerance can be realized in varying degrees, the optimal level of fault tolerance for a system depends on how critical its services and files are to productivity. Generally the more fault tolerant the system, the more expensive it is. The following describe some of the areas that need to be considered for fault tolerance. Environment (Temperature and humidity) Power Topology and Connectivity Servers Storage Power Typical power flaws include Surges – a brief increase in voltage due to lightening strikes, solar flares or some idiot at City Power Noise – Fluctuation in voltage levels caused by other devices on the network or electromagnetic interference Brownout – A sag in voltage for just a moment Blackout – A complete power loss The are various alternate power sources to consider including UPS’s and Generators. UPS’s are found in two categories… Standby UPS – provides continuous power when mains goes down (brief period of switching over) Online UPS – is online all the time and the device receives power from the UPS all the time (the UPS is charged continuously) Servers There are various techniques for fault tolerance with servers. Server mirroring is an option where one device or component duplicates the activities of another. It is generally an expensive process. Clustering is a fault tolerance technique that links multiple servers together to appear as a single server. They share processing and storage responsibilities and if one unit in the cluster goes down, another unit can be brought in to replace it. Storage There are various techniques available including the following… RAID Arrays NAS (Storage (Network Attached Storage) SANs (Storage Area Networks) Data Backup A backup is a copy of data or program files created for archiving or safekeeping. Many different options for backups exist with various media including… These vary in cost and speed. Optical Media Tape Backup External Disk Drives Network Backups Backup Strategy After selecting the appropriate tool for performing your servers backup, devise a backup strategy to guide you through performing reliable backups that provide maximum data protection. Questions that should be answered include… What data must be backed up At what time of day or night will the backups occur How will you verify the accuracy of the backups Where and for how long will backup media be stored Who will take responsibility for ensuring that backups occurred How long will you save backups Where will backup and recovery documentation be stored Different backup methods provide varying levels of certainty and corresponding labour cost. There are also different ways to determine which files should be backed up including… Full backup – all data on all servers is copied to storage media Incremental backup – Only data that has changed since the last full or incremental backup is copied to a storage medium Differential backup – Only data that has changed since the last backup is coped to a storage medium Disaster Recovery Disaster recovery is the process of restoring your critical functionality and data after an enterprise wide outage has occurred. A disaster recovery plan is for extreme scenarios (i.e. fire, line fault, etc). A cold site is a place were the computers, devices, and connectivity necessary to rebuild a network exist but they are not appropriately configured. A warm site is a place where the computers, devices, and connectivity necessary to rebuild a network exists with some appropriately configured devices. A hot site is a place where the computers, devices, and connectivity necessary to rebuild a network exists and all are appropriately configured.

  Read the article

• Rkhunter 122 suspect files; do I have a problem?

  - by user276166

  I am new to ubuntu. I am using Xfce Ubuntu 14.04 LTS. I have ran rkhunter a few weeks age and only got a few warnings. The forum said that they were normal. But, this time rkhunter reported 122 warnings. Please advise. casey@Shaman:~$ sudo rkhunter -c [ Rootkit Hunter version 1.4.0 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preloaded libraries [ None found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ Warning ] /usr/sbin/adduser [ Warning ] /usr/sbin/chroot [ Warning ] /usr/sbin/cron [ OK ] /usr/sbin/groupadd [ Warning ] /usr/sbin/groupdel [ Warning ] /usr/sbin/groupmod [ Warning ] /usr/sbin/grpck [ Warning ] /usr/sbin/nologin [ Warning ] /usr/sbin/pwck [ Warning ] /usr/sbin/rsyslogd [ Warning ] /usr/sbin/useradd [ Warning ] /usr/sbin/userdel [ Warning ] /usr/sbin/usermod [ Warning ] /usr/sbin/vipw [ Warning ] /usr/bin/awk [ Warning ] /usr/bin/basename [ Warning ] /usr/bin/chattr [ Warning ] /usr/bin/cut [ Warning ] /usr/bin/diff [ Warning ] /usr/bin/dirname [ Warning ] /usr/bin/dpkg [ Warning ] /usr/bin/dpkg-query [ Warning ] /usr/bin/du [ Warning ] /usr/bin/env [ Warning ] /usr/bin/file [ Warning ] /usr/bin/find [ Warning ] /usr/bin/GET [ Warning ] /usr/bin/groups [ Warning ] /usr/bin/head [ Warning ] /usr/bin/id [ Warning ] /usr/bin/killall [ OK ] /usr/bin/last [ Warning ] /usr/bin/lastlog [ Warning ] /usr/bin/ldd [ Warning ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ Warning ] /usr/bin/lsattr [ Warning ] /usr/bin/lsof [ OK ] /usr/bin/mail [ OK ] /usr/bin/md5sum [ Warning ] /usr/bin/mlocate [ OK ] /usr/bin/newgrp [ Warning ] /usr/bin/passwd [ Warning ] /usr/bin/perl [ Warning ] /usr/bin/pgrep [ Warning ] /usr/bin/pkill [ Warning ] /usr/bin/pstree [ OK ] /usr/bin/rkhunter [ OK ] /usr/bin/rpm [ Warning ] /usr/bin/runcon [ Warning ] /usr/bin/sha1sum [ Warning ] /usr/bin/sha224sum [ Warning ] /usr/bin/sha256sum [ Warning ] /usr/bin/sha384sum [ Warning ] /usr/bin/sha512sum [ Warning ] /usr/bin/size [ Warning ] /usr/bin/sort [ Warning ] /usr/bin/stat [ Warning ] /usr/bin/strace [ Warning ] /usr/bin/strings [ Warning ] /usr/bin/sudo [ Warning ] /usr/bin/tail [ Warning ] /usr/bin/test [ Warning ] /usr/bin/top [ Warning ] /usr/bin/touch [ Warning ] /usr/bin/tr [ Warning ] /usr/bin/uniq [ Warning ] /usr/bin/users [ Warning ] /usr/bin/vmstat [ Warning ] /usr/bin/w [ Warning ] /usr/bin/watch [ Warning ] /usr/bin/wc [ Warning ] /usr/bin/wget [ Warning ] /usr/bin/whatis [ Warning ] /usr/bin/whereis [ Warning ] /usr/bin/which [ OK ] /usr/bin/who [ Warning ] /usr/bin/whoami [ Warning ] /usr/bin/unhide.rb [ Warning ] /usr/bin/mawk [ Warning ] /usr/bin/lwp-request [ Warning ] /usr/bin/heirloom-mailx [ OK ] /usr/bin/w.procps [ Warning ] /sbin/depmod [ Warning ] /sbin/fsck [ Warning ] /sbin/ifconfig [ Warning ] /sbin/ifdown [ Warning ] /sbin/ifup [ Warning ] /sbin/init [ Warning ] /sbin/insmod [ Warning ] /sbin/ip [ Warning ] /sbin/lsmod [ Warning ] /sbin/modinfo [ Warning ] /sbin/modprobe [ Warning ] /sbin/rmmod [ Warning ] /sbin/route [ Warning ] /sbin/runlevel [ Warning ] /sbin/sulogin [ Warning ] /sbin/sysctl [ Warning ] /bin/bash [ Warning ] /bin/cat [ Warning ] /bin/chmod [ Warning ] /bin/chown [ Warning ] /bin/cp [ Warning ] /bin/date [ Warning ] /bin/df [ Warning ] /bin/dmesg [ Warning ] /bin/echo [ Warning ] /bin/ed [ OK ] /bin/egrep [ Warning ] /bin/fgrep [ Warning ] /bin/fuser [ OK ] /bin/grep [ Warning ] /bin/ip [ Warning ] /bin/kill [ Warning ] /bin/less [ OK ] /bin/login [ Warning ] /bin/ls [ Warning ] /bin/lsmod [ Warning ] /bin/mktemp [ Warning ] /bin/more [ Warning ] /bin/mount [ Warning ] /bin/mv [ Warning ] /bin/netstat [ Warning ] /bin/ping [ Warning ] /bin/ps [ Warning ] /bin/pwd [ Warning ] /bin/readlink [ Warning ] /bin/sed [ Warning ] /bin/sh [ Warning ] /bin/su [ Warning ] /bin/touch [ Warning ] /bin/uname [ Warning ] /bin/which [ OK ] /bin/kmod [ Warning ] /bin/dash [ Warning ] [Press <ENTER> to continue] Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] AjaKit Rootkit [ Not found ] Adore Rootkit [ Not found ] aPa Kit [ Not found ] Apache Worm [ Not found ] Ambient (ark) Rootkit [ Not found ] Balaur Rootkit [ Not found ] BeastKit Rootkit [ Not found ] beX2 Rootkit [ Not found ] BOBKit Rootkit [ Not found ] cb Rootkit [ Not found ] CiNIK Worm (Slapper.B variant) [ Not found ] Danny-Boy's Abuse Kit [ Not found ] Devil RootKit [ Not found ] Dica-Kit Rootkit [ Not found ] Dreams Rootkit [ Not found ] Duarawkz Rootkit [ Not found ] Enye LKM [ Not found ] Flea Linux Rootkit [ Not found ] Fu Rootkit [ Not found ] Fuck`it Rootkit [ Not found ] GasKit Rootkit [ Not found ] Heroin LKM [ Not found ] HjC Kit [ Not found ] ignoKit Rootkit [ Not found ] IntoXonia-NG Rootkit [ Not found ] Irix Rootkit [ Not found ] Jynx Rootkit [ Not found ] KBeast Rootkit [ Not found ] Kitko Rootkit [ Not found ] Knark Rootkit [ Not found ] ld-linuxv.so Rootkit [ Not found ] Li0n Worm [ Not found ] Lockit / LJK2 Rootkit [ Not found ] Mood-NT Rootkit [ Not found ] MRK Rootkit [ Not found ] Ni0 Rootkit [ Not found ] Ohhara Rootkit [ Not found ] Optic Kit (Tux) Worm [ Not found ] Oz Rootkit [ Not found ] Phalanx Rootkit [ Not found ] Phalanx2 Rootkit [ Not found ] Phalanx2 Rootkit (extended tests) [ Not found ] Portacelo Rootkit [ Not found ] R3dstorm Toolkit [ Not found ] RH-Sharpe's Rootkit [ Not found ] RSHA's Rootkit [ Not found ] Scalper Worm [ Not found ] Sebek LKM [ Not found ] Shutdown Rootkit [ Not found ] SHV4 Rootkit [ Not found ] SHV5 Rootkit [ Not found ] Sin Rootkit [ Not found ] Slapper Worm [ Not found ] Sneakin Rootkit [ Not found ] 'Spanish' Rootkit [ Not found ] Suckit Rootkit [ Not found ] Superkit Rootkit [ Not found ] TBD (Telnet BackDoor) [ Not found ] TeLeKiT Rootkit [ Not found ] T0rn Rootkit [ Not found ] trNkit Rootkit [ Not found ] Trojanit Kit [ Not found ] Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] Vampire Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Not found ] Xzibit Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] ZK Rootkit [ Not found ] [Press <ENTER> to continue] Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ] Performing Linux specific checks Checking loaded kernel modules [ OK ] Checking kernel module names [ OK ] [Press <ENTER> to continue] Checking the network... Performing checks on the network ports Checking for backdoor ports [ None found ] Checking for hidden ports [ Skipped ] Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for system startup files [ Found ] Checking system startup files for malware [ None found ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ Warning ] Checking for group file changes [ Warning ] Checking root account shell history files [ None found ] Performing system configuration file checks Checking for SSH configuration file [ Not found ] Checking for running syslog daemon [ Found ] Checking for syslog configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ Warning ] Checking for hidden files and directories [ Warning ] [Press <ENTER> to continue] System checks summary ===================== File properties checks... Required commands check failed Files checked: 137 Suspect files: 122 Rootkit checks... Rootkits checked : 291 Possible rootkits: 0 Applications checks... All checks skipped The system checks took: 5 minutes and 11 seconds All results have been written to the log file (/var/log/rkhunter.log)

  Read the article

< Previous Page | 2 3 4 5 6 7  | Next Page >