Thursday, August 12, 2004

Adware List - Programs You Need To Remove

I get a lot of email about adware and spyware programs, mostly what are they and how to remove them.

To remove adware and spyware, I recommend No Adware because it's the most effective adware remover on the market.

Here is a list of common adware programs:

2020 Search
7 FaSSt
Access Plugin
Actual Names
ACX Install
Ad Break
Ad Roar
Adult Links
Apropos Media
Aornum
A Spam
Auto Search
Auto Startup
Bargain Buddy
BDE
Bonzi Buddy
Booked Space
Browser Aid
Browser Toolbar
Bulla
Clear Search
Click The Button
Client Man
Cns Min
Comet Cursor
Comload
Common Name
Cool Web Search
Cracked Earth
Custom Toolbar
Cytron
Daily Toolbar
Daily Winner
Dialer Offline
Dialer ActiveX
Dial XS
Download Plus
Download Receiver
Download Ware
E2 Give
e Start
eXact Search
ez Cyber Search
ez Searching
Favorite Man
Flash Track
Free Scratch And Win
Gratis ware
GAM sys
Gator
Global Netcom
Hot Bar
Httper
Hunt Bar
IE Access
IE Driver
IE Monit
IE Plugin
IE Tray
I Get Net
I Lookup
Inet Speak
Internet Optimizer
Internet Washer
IP Insight
IS Tbar
Keen Value
Link Replacer
lop
Magic Control
Market Score
Master Dialer
Matrix Dialer
Media Update
Meridian
More Results
Money Tree
My Page Finder
My Search
Nav Excel
n Case
Net Pal
Network Essentials
New Dot Net
Newton Knows
Now Box
Onflow
Online Dialer
Perfect Nav
Per Media
Power Strip
Pugi
Rapid Blaster
Related Links
Roimoi
Save Now
SC Bar
Search And Browse
Searchex
Search Sprint
Search Squire
Search WWW
Shop At Home Select
Shop Nav
Side search
Smart Browser
Spy Blast
Star Dialer
Strip Player
Sub Search
Surfairy
Super Bar
SVA Player
Tiny Bar
Toolbar CC
Top Text
TOPicks
Transponder
TV Media
Wazam
web Hancer
Whazit
Wink
Winshow
Winupie
Wonderland
Wurld Media
X Dialer
X Diver
X Loader
Xupiter
Zero PopUp
Zipclix
Zyncos

Again, I highly recommend No Adware for getting rid of these pests because it's the best adware removal program on the market.

Click here for a free trial of No Adware

Ciao!

McAfee Warns On New Bagle.aq Virus

What is it?

W32/Bagle.aq@MM is a Medium Risk mass-mailing worm that tries to open a hacker backdoor on your PC.

Launched by code hidden inside a ZIP attachment, the virus spreads by emailing itself to stolen contacts and via popular file-sharing programs such as KaZaa, Bearshare and Limewire. It also tries to terminate anti-virus and other security software operation.

Up-to-date McAfee VirusScan users with DAT 4384 are protected from this threat.

Note: To fortify anti-virus defense against viruses that carry backdoor payloads, we recommend installing McAfee Personal Firewall Plus.


What should I look for?

FROM: Varies (spoofed)
SUBJECT: Blank
BODY: Examples: new price, The password is, Password:
ATTACHMENT: Examples: price.zip, price2.zip, price_new.zip

How do I know if I've been infected?

Communication Port 80 (TCP) open. Outgoing messages with noted body content and ZIP attachments.


Why am I receiving so many alerts?

It's our policy to notify McAfee customers or those who have opted-in to receive alerts of new viruses or serious variants (e.g., W32/Bagle.af@MM), which often come in waves.


How do I find out more?

View details about W32/Bagle.aq@MM here.

Tuesday, August 10, 2004

New Virus Bagle.AM causing widespread damage.

- A new virus, Bagle.AM, menaces the Internet -

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

MADRID, August 10 2004 - In the last hours, a new virus has appeared:Bagle.AM, also known as Bagle.AQ and Bagle.AC. Belonging to the Baglefamily, which appeared in January this year, this new variant has begun to spread and to infect several hundred thousand users.

Due the high number of incidences, PandaSoftware has declared Orange Alert level for this new threat. Panda Software's customers which already has the new TruPrevent Technologies has been protected in a preventive way, as they were capable of detect and block this new virus without knowing it beforehand (more information about the new TruPrevent Technologies is available at www.pandasoftware.com/truprevent).

Luis Corrons, PandaLabs Director, says: "Bagle.AM is following a large family of worms which begun 7 months ago. It is using the social engineering also, as it tries to cheat users sending a file with a content referring to prices or passwords.

It combines different infection methods. The number of incidences can grow up in the following hours, and this situation is more dangerous as there are a large number of users in different countries with free time to enjoy the Internet".

Bagle.AM spreads via e-mail and sends a ZIP files of 6 Kbytes in size which includes a hidden EXE file and an HTML file with the same name. If a user executes the HTML file, it will launch the EXE file. This EXE file copy itself in the system and create the following registry keys:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run win_upd2.exe =%systemdir%\WINdirect.exe

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run win_upd2.exe = %systemdir%\WINdirect.exe

On the other hand, Bagle.AM creates and executes a 11,776 bytes in size DLL library in %systemdir%\_dll.exe which will stops all the processes with the following names:

FIREWALL.EXE
ATUPDATER.EXE
winxp.exe sys_xp.exe sysxp.exe
LUALL.EXE
DRWEBUPW.EXE
AUTODOWN.EXE
NUPGRADE.EXE
OUTPOST.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
ESCANH95.EXE A
VXQUAR.EXE
ESCANHNT.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVXQUAR.EXE
AVWUPD32.EXE
AVPUPD.EXE
CFIAUDIT.EXE
UPDATE.EXE
NUPGRADE.EXE
MCUPDATE.EXE

In addition, it will try to download a fake JPG file from several URLs. Actually it is another EXE file which includes the rest of the Bagle.AM worm, that, once executed will spread via e-mail.

To prevent incidents involving Bagle.AM, Panda Software advises users tot ake precautions and update their antivirus software.

Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

Panda Software's customers has available the upgrades to install the newTruPrevent Technologies besides their current antivirus and protect themselves in a preventive way against this or other malicious code.

On the other hand, for users with other antivirus protection different from Panda, Panda TruPrevent Personal is compatible and complementary with them. It provides a second line of defense and a preventive protection meanwhile the antivirus is updated, decreasing the risk of being infected.

More information about the new TruPrevent Technologies is available at www.pandasoftware.com/truprevent.

For further information about Bagle.AM and other computer threats, visit Panda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/

In addition, users can scan their computers online for free with the ActiveScan solution, available on the company's web page at: http://www.pandasoftware.com


Monday, August 09, 2004

New Viruses Reported: MyDoom .O & My Doom .P

- Weekly report on viruses and intruders -

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, August 6 2004 - This week's report on viruses and intruders looks at three worms -Mydoom.P, Mydoom.O and Amus.A-, and two Trojans called Downloader.OG and Brador.A.

Mydoom.P spreads via email in a message that simulates an error messages. Every five seconds the worm checks to see if in the memory there are any active processes with the text strings av, AV, can, cc, ecur, erve, iru,java, KV, mc, Mc, nti, nv, ort, scn, SkyNet, sss, sym, Sym, uba and xp.exe.

If so, Mydoom.P will terminate the process. Sometimes, the first time the worm is executed it opens Notepad.

Mydoom.P tries to use the two methods below in order to collect email addresses:- Searching in all files with any of the following extensions: ADB, ASP,CFG, DBX, DHTM, EML, HTM, HTML, JS, JSE, JSP, MMF, MSG, ODS, PHP, PL, SHT, SHTM, SHTML, TBB, TXT, WAB and XML.- Making HTTP requests to the email.people.yahoo.com website, to use the people search feature in Yahoo mail.

Mydoom.O spreads via an email with variable characteristics. It installs a file that opens and listens on backdoor in TCP port 1034. This can give access to the compromised computer, though which confidential data can bes tolen or users' can be prevented from using the computer properly.

The third worm we're looking at today is Amus.A, which uses its own SMTP engine to spread via email. It creates several copies of itself and a registry entry in the computer to ensure it is run every time Windows startsup. Sometimes, Amus.A can create a small white square in the top left-handcorner of the desktop.

The first Trojan in today's report is Brador.A, which affects PDAs (PersonalDigital Assistant) running the Windows CE operating system. Its actions include opening a port that allows outside connections, and copying itself-as Svchost.exe- to the Start directory. When Brador.A affects a system it sends its creator a message saying that the device is available.

We finish of today's edition with Downloader.OG, a Trojan which periodically installs the adware Adware/Wupd, downoading it from a series of predetermined websites. Downloader.OG also creates on the victim's computer-in the Windows system directory- the BRIDGEX.DLL, file which is really acopy of itself.

For further information about these and other computer threats, visit PandaSoftware's Encyclopedia: http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Backdoor: a backdoor can be used to allow an attacker to take control of a computer without the user's knowledge.

- Download: This is the process of obtaining files from the Internet (fromWeb pages or FTP sites set up specifically for that purpose).

More technical definitions at:http://www.pandasoftware.com/virus_info/glossary/default.aspx