NAS Technology

Malware and Virus Removal for 2012

Nick Shertzer — Sun, 22 Apr 2012 13:42:44 +0000

This is an updated round up of security tools used for Windows PC cleanup and virus removal. The original post can be found here: http://www.nickshertzer.com/wordpress/?p=247

Realtime Protection

The first step to malware and virus removal is to never get infected in the first place. Start by installing a realtime AV scanner. (Important Note: only install ONE realtime A/V scanner. Computer performance can be severely affected by running multiple file system scanners at once)

AVG is the current PC World editors pick for A/V as best in class (PC Mag.com Best Free Antivirus 2012) .

AVG Free:

http://download.cnet.com/AVG-Anti-Virus-Free-Edition-2012/3000-2239_4-10320142.html?part=dl-avg_free_us&subj=dl&tag=button

The free AntiVirus software from Microsoft called Security Essentials is also a good choice. In addition, I typically also configure Spybot Search and Destroy to use it’s “Tea Timer” and IE Protection.

Microsoft Security Essentials:

http://www.microsoft.com/en-us/security_essentials/default.aspx

Spybot Search and Destroy:

http://www.safer-networking.org/en/index.html

I often times have people ask how to keep from getting infected with crap ware . Many times the problem rides in on an unattended installer masquerading on a banner ad. Hackers tend to target the largest base and infecting banner ad companies such as ad.doubleclick.net must return the biggest results. I recommend running the latest version of Firefox with the AdBlock extension or Google Chrome with AdBlock Plus extension.

Firefox AdBlock Plus Extension:

https://addons.mozilla.org/en-us/firefox/addon/adblock-plus/

Google Chrome AdBlock Extension:

https://chrome.google.com/webstore/detail/gighmmpiobklfepjocnamgkkbiglidom

Post Infection Removal

Step one is to run RKILL. This small app is designed to stop currently running known malware processes. This is nessecarry as some of the nastier viruses will disable several Windows components such as running EXE files. RKill comes in a variety of formats for this reason (EXE, COM, SCR)

RKill:

http://www.bleepingcomputer.com/download/anti-virus/rkill

A new addition to my PC cleaning arsenal is a free tool called Comodo Cleaning Essentials.

Powerful antivirus scanner capable ofremoving malware, rootkits, hidden files and malicious registry keys hidden deep within a system

http://www.comodo.com/business-security/network-protection/cleaning_essentials.php

The next tried and true scanner to run is Malwarebytes Anti-malware. It is important to note that this app does not include a real time scanner. This means it will remove an infection from your PC, but there is no mechanism inherent with the app to keep the malware from installing on your machine in the first place.

Malwarebytes:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

“manually copy the database from a working computer - database file is stored in the following locations.
* Windows XP and 2000:
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\rules.ref
* Windows Vista and Windows 7:
C:\ProgramData\Malwarebytes\Malwarebytes’ Anti-Malware\rules.ref”

Microsoft Malicious Software Removal Tool:

http://www.microsoft.com/DOWNLOADS/en/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

SuperAntiSpyware Portable Scanner:

http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE

Microsoft Safety Scanner:

http://www.microsoft.com/security/scanner/en-sg/default.aspx

TDSSKiller (rootkit remover):

http://www.bleepingcomputer.com/download/anti-virus/tdsskiller

AOL Postmaster Delivery to the following recipients has been delayed

Nick Shertzer — Fri, 20 Apr 2012 13:09:08 +0000

Hopefully these links will continue to work, unlike previous email link:

The Whitelist Request form can be found at:

http://postmaster-us.info.aol.com/whitelist

http://postmaster.aol.com/cgi-bin/fbl.pl

Reporting-MTA: dns;YOURDOMAIN.com Final-Recipient: rfc822;ANYONE@aol.com Action: delayed Status: 4.4.7

Will-Retry-Until: Thu, 19 Apr 2012 15:13:46 -0400

FYI

Subject: Delivery Status Notification (Delay)

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

AOL Postmaster Support Request #86138 Update General

Hello,

I am contacting you regarding the ticket you opened with AOL concerning an email delivery issue for the IP(s) EARTHLINK.STATIC.IP.

The block on the IP(s) EARTHLINK.STATIC.IP. has been removed. Please allow 24-48 business hours for this removal to take effect. In order to help manage your spam complaints and ensure best deliverability, please consider the following steps:

1) If you do not already have a feedback loop, I recommend visiting the AOL Postmaster website and applying for one.

http://postmaster.aol.com/cgi-bin/fbl.pl

When an AOL member clicks “This Is Spam” on an email sent from one of your IP’s, this is considered a complaint. Once you have set up a feedback loop, every complaint will sent from SCOMP@aol.net to the email address specified when the application was submitted. It will contain the complete email and header information, and it will be in ARF (Abuse Reporting Format).

For more detailed information about AOL’s feedback loop system, please see http://postmaster.aol.com/Postmaster.FeedbackLoop.html

The above URL will also provide additional information about ARF and some tips on processing it.

2) Ensure you are following AOL’s Best Practices: http://postmaster.aol.com/Postmaster.Guidelines.html

3) Understand IP reputation and how it works at AOL:

http://postmaster.aol.com/Postmaster.Reputation.html

Thank You,

Rahul

AOL Postmaster.

Stop SOPA

Nick Shertzer — Wed, 18 Jan 2012 14:37:42 +0000

https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8173

https://www.google.com/landing/takeaction/

“SOPA and PIPA wouldn’t stop piracy

To make matters worse, SOPA and PIPA won’t even work. The censorship regulations written into these bills won’t shut down pirate sites. These sites will just change their addresses and continue their criminal activities, while law-abiding companies will suffer high penalties for breaches they can’t possibly control.”

Keep the Internet in technocratic hands.

Samsung Galaxy Note CM9 Alpha

Nick Shertzer — Mon, 09 Jan 2012 14:36:39 +0000

A quick ScreenCast showing of CM 9 Alpha on the Galaxy Note [XDA Thread]

Ice Cream Sandwich runs GREAT, even with the pre-beta build that does not have ICS graphic blobs. I changed the DPI to 160 to activate the tablet interface. Too bad I can’t hang up that phone call

Notice how smooth GTA3 runs (any stuttering is due to the screencast software and not the build).

SBS 2003 W3SVC1 log file grew to 50GB!

Nick Shertzer — Mon, 12 Dec 2011 04:35:51 +0000

W3SVC1 log file located in C:\inetpub\logs\logfiles grew to 50GB on a client SBS 2003 server.

Safe to delete manually. Controlled by Start>Run>%SystemRoot%\system32\inetsrv\iis.msc

Web Sites > Right click Default Web Site > Properties > Enable Logging

Scheduled task to keep it on but stop the log file from growing unrestricted found here on Microsoft Technet:

Start>Run>CMD

at 12:00 /EVERY:Su Forfiles.exe -p C:\WINDOWS\system32\LogFiles\W3SVC1 -m *.log -d -30 -c \”Cmd.exe /C del @path\”

Best I’ve found so far.

The process is a little different with SBS 2008 and IIS7:

Disabling WSUS Logging (or any website on Windows Server 2008)