Friday, August 20, 2004

More on the MyDoom.R and MyDoom.S Viruses

- Weekly report on viruses and intruders -

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, August 20 2004 - This week's report on viruses and intruders looks at two worms from the same family -Mydoom.S and Mydoom.R-, and a closely linked backdoor Trojan: Surila.B.

The S and R variants of MyDoom have the following characteristics, among others, in common:

- They spread via email in a message with the subject "photos" and include an attachment called "PHOTOS_ARC.EXE". When the user runs this file, they download and run a backdoor Trojan detected by Panda Software as, Surila.B.

- They open and listen on various ports, in order to allow an attacker toaccess and interfere with the computer (compromising the confidentiality of users' data or impeding normal use of the computer).

- They prevent users from accessing the web pages of certain antiviruscompanies.

- They create the mutex: 43jfds93872, to make sure that there is no morethan one copy of the worm running at the same time.

- They search files with the following extensions: ADB, ASP, DBX, HTM, PHP,PL, SHT, TBB, TXT or WAB-, looking for email addresses containing certaintext strings, if they find them, the Mydoom variants use their own SMTP engine to send copies of themselves to these addresses.

The differences between Mydoom.S and Mydoom.R include the size of the file they are hidden in, and the size of the file RASOR38A.DLL (which they create on the infected computer).

Today's report ends with Surila.B. As mentioned above, this is a backdoor Trojan downloaded and run by Mydoom.S and Mydoom.R.

Surila.B affects computers with Windows 2003/XP/2000/NT, allowing attackers to access and interfere with them, for example sending spam with a false sender address.

To do this, it has a list of false names and surnames which it combines with one of the following mail domains: aol.com, gmx.net,hotmail.com, mail.com, msn.com, t-online.de, yahoo.co.uk and yahoo.com.

For further information about these and other computer threats, visit PandaSoftware's Encyclopedia: http://www.pandasoftware.com/virus_info/encyclopedia/



Thursday, August 19, 2004

Adware Downloads - Adware Removal Tips - Download Adware Software


Adware Downloads Tips

The key to adware removal is using a high-quality adware downloads with updated definition files.

Adware removal is difficult if you're using free adware downloads that don't cover all the latest threats.

At present, there are more than 67,000 adware removal definitions in the top programs. Most of the free adware downloads have search files with roughly 30,000 definitions.

If you're serious about removing ad-ware and spyware, then you want the best adware removal program, not using freeware adware downloads.

The best of the adware downloads is No Adware.

Important features in adware downloads include:

  • Automatic update of pest control definition files

  • Scheduled scans for adware removal

  • Scan on the fly - search files or downloads for hidden pests

  • Free adware downloads - Try it out for free


  • No Adware has these features and more.

    Click here for Adware Downloads.

    Use the free trial option to see how effective No Adware is at removing every type of adware pest.

    No Adware really is the best of the adware downloads for ad-ware or spyware removal. Try it for free and see for yourself right now.

    Click here for Free Adware Downloads.

    Here's a quick recap of the No Adware downloads features:

  • Largest definition file - Keeps you safe

  • Automatic updates - Keeps you current

  • Auto scan option - Set and forget - No worries

  • Custom scan option - Search entire drive or just a folder

  • Automatic backups - Allows full system restore if needed

  • Extensive customer support - Help is always available


  • You know you need an adware downloads solution.

    You can try No Adware for free. Go ahead and try it.

    Decide for yourself if it's what you need.

    Click here for the best Adware Downloads.

    Tuesday, August 17, 2004

    McAfee Reports MyDoom.S Virus

    What is it?

    The latest in a string of Mydoom variants, W32/Mydoom.s@MM is a Medium Risk mass-mailing worm that can give hackers remote access to your PC.

    The worm arrives inside an attachment and downloads a backdoor component from two websites: 1) richcolour.com, 2) zenandjuice.com.

    W32/Mydoom.s@MM spreads to other PCs by sending itself to stolen email addresses.

    Up-to-date McAfee VirusScan users with DAT 4386 are protected from this threat.

    Note: To fortify anti-virus defense against viruses that carry backdoor payloads, we recommend installing McAfee Personal Firewall Plus.

    What should I look for?

    FROM: Spoofed
    SUBJECT: photos
    BODY: LOL!;))))
    ATTACHMENT: photos_arc.exe

    How do I know if I've been infected?

    When the attachment is run, the virus copies itself to the Windows (%WinDir%) directory as rasor38a.dll and to the System (%SysDir%) directory as winpsd.exe.

    How do I find out more?

    View details about W32/Mydoom.s@MM here.

    MyDoom.R Virus Outbreak Shows PC Security Still Weak

    All Windows XP users should have Service Pack 2 installed as this closes the security hole that all versions of the MyDoom virus exploit. Use the Windows Update link to check your current patch needs.


    - Panda Software warn of the new R variant of Mydoom-

    Virus Alerts, by Panda Software (http://www.pandasoftware.com)

    MADRID, August 16, 2004 - Panda Software has detected the appearance of the R variant of the well-known Mydoom worm. This new version has started to spread and infect numerous users.

    The large number of incidents reported involving Mydoom.R has prompted Panda Software to declare an Amber Alert.

    Panda Software clients who already have the new TruPrevent Technologies installed have enjoyed preventive protection from this new virus, as they can detect and block it without needing to be able to identify it first (more information about the new TruPrevent Technologies atwww.pandasoftware.com/truprevent

    Mydoom.R http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=50987 spreads via email in a message with the following characteristics:

    Sender: Mydoom.R spoofs the address that appears as the sender of themessage that carries out the infection. The names that can appear as the sender of the message are: adam, alex, alice, andrew, anna, bill, bob,brenda, brent, brian, claudia, dan, dave, david, debby, fred, george, helen,jack, james, jane, jerry, jim, jimmy, joe, john, jose, julie, kevin, leo,linda, maria, mary, matt, michael, mike, peter, ray, robert, sam, sandra,serg, smith, stan, steve, ted and tom.

    The subject is 'photos' and the message body is 'LOL!;))))'. The attachment is called 'PHOTOS_ARC.EXE', is 27 KB in size and written in version 6 ofVisual C.

    When the user runs the infected file, the computer will be infected. Mydoom.R also looks for email addresses in files with certain extensions and sends a copy of itself to all the addresses it collects, therefore it could spread even more rapidly over the next few hours.

    Luis Corrons, head of PandaLabs explains, "Mydoom.R, a new variant of the worm that emerged in January this year, is yet another attempt by virus authors to cause damage to users' computers by tricking them with social engineering techniques. Mydoom.R sends a file that supposedly contains photos in order to trick the user into opening the file and infect as many computers as possible."

    In order to avoid falling victim to Mydoom.R, Panda Software advises users to take precautions and keep their antivirus software updated. The company has already made the updates to its products available to its clients to ensure their solutions can detect and eliminate this new malicious code.

    Upgrades are now available to Panda Software clients who want to add the newTruPrevent Technologies to their current antivirus solution and getpreventive protection against this new threat or other malicious code.

    For users with other developers' antivirus protection, Panda TruPrevent Personal is the ideal solution, as it is compatible with and complements thesep rograms, providing a second line of defense and proactive protection while the antivirus is updated, decreasing the risk of infection.

    More information about TruPrevent Technologies www.pandasoftware.com/truprevent

    More information about Mydoom.R and other IT threats is available at: http://www.pandasoftware.com/virus_info/encyclopedia/

    Users can also scan and disinfect their computers using Panda ActiveScan, the free, online scanner available at http://www.pandasoftware.com/

    Monday, August 16, 2004

    Spyware Removal Tips - How to Remove Spyware

    Remove spyware tips

    Having to remove spyware is extremely annoying as many of these spy-ware pests are hard to remove.

    Pests that make it difficult to remove spyware fall into the malware category. These type of pests can take control of the search function of your browser, returning false results and taking you to sites you had no intention of visiting.

    Worse, before you remove spyware, it tracks your surfing habits and reports that information back to third parties without your permission.

    This type of spyware also goes to great lengths to prevent any attempt to remove spyware. For example, Cool Web Search spyware contains 17 separate components. Leave any single component on your PC and Cool Web Search automatically re-installs itself!

    According to PC Magazine, the top-rated product to remove spyware is Spyware Nuker.

    Click here to: Remove Spyware with Spyware Nuker.


    Important features for programs that remove spyware:

  • Automatic update of pest control definition files
  • Scheduled scans to remove spyware pests
  • Scan on the fly - search files or downloads for hidden pests
  • Free trial download - Try it out for free


  • You can try Spyware Nuker for free.

    Click here for your free trial: Remove Spyware Free.

    Use the free trial option to see how effective Spyware Nuker is at removing spyware pests.

    Spyware Nuker really is the best way to get rid of spyware. Try it for free and see for yourself right now.

    Adware Removal Download and Adware Remover Software Tips

    Adware Removal Tips:


    Adware removal is a necessity for protecting your privacy online and securing your data.

    Adware is small pieces of code installed on your PC, usually without your permission. Adware removal is necessary to avoid:

  • Displaying excessive amounts of pop-up ads.
  • Installing toolbars full of advertising.
  • Modifying your browser settings such as the home page.
  • Hijacking your website searching and browser use.


  • Doing adware removal manually is annoying as many of these ad-ware pests are very hard to remove.

    Pests that make adware removal difficult usually fall into the malware category. These type of pests often take control of the search function of your browser - returning false results and taking you to sites you had no intention of visiting.

    Even worse, without adware removal this type of adware will track your surfing habits and report that back to hidden third parties.

    This type of adware can make adware removal difficult as it goes to great lengths to prevent you from successfully removing it. For example, Cool Web Search spyware contains 17 separate components. Leave any single component on your PC and Cool Web Search automatically re-installs itself!

    The best product for easy adware removal is No Adware.

    Important features in tools for adware removal include:

  • Automatic update of pest control definition files

  • Scheduled scans for automatic adware removal

  • Scan on the fly - search files or downloads for hidden pests

  • Free trial download - Try it out for free


  • No Adware does all those things and you can try it for free.

    Click here for Adware Removal.



    Use the free trial option to see how effective No Adware is at adware removal.

    No Adware really is the best tool for adware removal. Try it for free and see for yourself right now.

    Click here for Free Adware Removal.

    New Virus Variants - Bagle.AM and Leritand Trojan

    - Weekly report on viruses and intrusions -

    Virus Alerts, by Panda Software (http://www.pandasoftware.com)

    Madrid, August 13, 2004 - Today's report will focus the AM variant of Bagle and the Trojans: Leritand.A, Leritand.B and Leritand.C, and Toquimos.A.

    Bagle.AM appeared at the beginning of this week and rapidly infected a large number of computers. It spreads via email in a message without a subject that includes an attachment with a variable name and a ZIP extension.

    This file contains two items:

    - Illwill.A, an HTML file containing an exploit used by Bagle.AM to infect the computer without the user realizing.

    - An EXE file, which is run when the user opens the Illwill.A file.

    When it has infected a computer, Bagle.AM tries to download a false JPG file from different websites and if it manages to download the file, it starts spreading. What's more, Bagle.AM spreads through P2P (peer-to-peer) filesharing programs.

    Bagle.AM opens a TCP port in affected computers and listens in, allowing a hacker to access the computer. This worm also ends the processes belonging to different programs, including antivirus update programs, preventing them from offering protection against new viruses.

    Similarly, if the computer is infected by a variant of Netsky, Bagle.AM prevents it from running whenWindows starts up.

    Leritand.A, Leritand.B and Leritand.C are Trojans that change the prefix ofweb addresses starting with www, redirecting them to a website that opens the web page originally requested by the user.

    What's more, these maliciouscode disable the URL handlers of the its, ms-its and mhtml protocols, preventing some help systems from working.

    Leritand.A, Leritand.B andLeritand.C change the default home page and search page in Internet Explorer and add links to the Favorites folder.

    We are going to finish today's report with Toquimos.A, a Trojan that only affects Nokia series 60 cell phones. It cannot spread on its own, as it must be installed and run by the user.

    Its most common means of propagation isP2P file sharing networks. When it is run, Toquimos.A checks if the phone has a pirated version of agame installed.

    If it has, it sends an SMS to a special rate phone numberwithout the user's permission. This SMS is sent whenever the game is run.

    For further information about these and other computer threats, visit Panda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/

    Additional information

    - Exploit: This can be a technique or a program that takes advantage of avulnerability or security hole in a certain communication protocol,operating system, or other IT utility or application.

    - P2P (Peer to peer): A program or network connection- used to offer services via the Internet (usually file sharing), which viruses and other types of threats can use to spread. Some examples of this type of program are KaZaA, Emule, eDonkey, etc.

    More definitions of virus and antivirus terminology at: http://www.pandasoftware.com/virus_info/glossary/default.aspx