BlitzBlank 1.0 – Removes infections that nothing else removes
August 28, 2010 by admin
Filed under Removal Tips,Tools and Videos
When others fail to properly clean up…
Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running.
Files and registry entries are often locked in different ways to prevent them from being deleted. Active Malware processes monitor each other and start each other anew as soon as one of them is destroyed.
The only solution is to delete the pests during the Windows Boot process – before any Malware has started running and has activated its self-protection mechanisms.
BlitzBlank: Deletes on Boot
BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. It deletes files, Registry entries and drivers before Windows and all other programs are loaded.
To do this it uses special low-level technology and different protection mechanisms that make it almost impossible for Malware to hinder BlitzBlank from carrying out the desired actions.
Script Support
You can use the Designer View to create removal jobs per mouse-click or write your own removal scripts in the Script View.
The following Script commands are supported:
- DeleteFile: [ReplaceWithDummy]
- MoveFile: [ReplaceWithDummy]
- DeleteFolder: [ReplaceWithDummy]
- MoveFolder: [ReplaceWithDummy]
- DeleteRegKey: [ReplaceWithDummy] [Backup]
- DeleteRegValue: [ReplaceWithDummy] [Backup]
- DisableDriver: [Backup]
- Execute:
Note: Parameters in [square brackets] are optional parameters and are used without the square bracket.
Every command requires the path to the object(s) to be changed on the following line. For all “Move” commands, the source and target paths are separated by a space. Paths with embedded spaces must be “surrounded” by double-quotation marks.
Download now!
- Download BlitzBlank – guaranteed for free!
System requirements
BlitzBlank runs on Windows XP, Vista, 7 as well as on 2003/2008 Servers in all 32 bit and 64 bit editions.
BlitzBlank does not require software installation and can be started immediately. Administrative rights are required on start.
Caution!
BlitzBlank should be used by professionals or on advise of professionals only! It can destroy your operating system when used wrong. Use it with caution!
License
BlitzBlank is free for any use. We are not responsible for any lost files and data that have been accidently removed. We explicitly point out that the software may damage your operating system seriously when used incorrectly.
Best In Test!
Critical patches for Windows and Flash Player
August 11, 2010 by admin
Filed under Security News
If you’re a user of Windows or Flash (and I would imagine that covers the vast majority of you) then it’s time to roll out the latest critical security patches, as Microsoft and Adobe have released updates to their software.
First up is Microsoft, who have released a bumper bundle of fixes as part of their regular “Patch Tuesday” cycle, issuing 14 bulletins to remedy 34 security holes in Windows, Internet Explorer, Microsoft Office, Silverlight, Microsoft XML Core Services and Server Message Block.
Eight of the bulletins have been Microsoft’s highest severity rating of “critical”, with the rest being labelled “important”.
The good news, as Chet Wisniewski explains, is that we haven’t yet seen any malware spreading by exploiting these vulnerabilities – but that may only be a matter of time.
Separately, Microsoft has also issued an advisory about a zero-day vulnerability, which could allow untrusted code to run on a user’s machine by exploiting a weakness in the Windows Service Isolation feature.
Meanwhile, another platform commonly targeted by malicious hackers has been updated to defend against security vulnerabilities.
Adobe has identified critical vulnerabilities in Adobe Flash Player version 10.1.53.64 and earlier, and urged users to update their installations of Flash and Adobe Air.
If you’re not sure which version of the Adobe Flash Player you have installed, visit the About Flash Player page. Remember that if you use more than one browser on your computer you should check the version number on each.
GFI Backup 2009 Home Edition (build 20100730) now available
August 6, 2010 by admin
Filed under Protection Tools
Changes in this release include:
- NEW: Support for non-Greco Latin Character sets (Unicode) e.g. Chinese, Hebrew & other EMEA region specific languages.
- NEW: Debug log files limited to 10MB by default.
- NEW: “Watchdog” for the agent service that monitors and restarts the service if needed.
- UPDATED: “Close All” button if multiple summary windows are opened.
- FIX: Registry HKEY_LOCAL_MACHINE was not backed up on LAN destination when no compression is used.
- FIX: Emails are now properly restored from AES backups made on CD/DVD.
- FIX: Backups with AES on CD are now compressed properly.
- FIX: Sync tasks are automatically stopped when the first location is missing.
- FIX: When backing up files with filters only the first filter added was being used.
- Various other fixes.
Download Location:
Download GFI Backup 2009 Home Edition from here.
Free Windows Shortcut Exploit Protection Tool From SOPHOS
July 27, 2010 by admin
Filed under Protection Tools
What is the Windows Shortcut Exploit?
The Windows Shortcut Exploit, also known as CPLINK, is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link, known as an .lnk file, to run a malicious DLL file. The dangerous shortcut links can also be embedded on a website or hidden within documents.
The exploit works when you open a device, network share or WebDav point carrying an infection—you don’t need to click on anything for the exploit to work, even if you have AutoPlay and AutoRun disabled.
SophosLabs first saw this exploit at work through the rootkit W32/Stuxnet-B, which targets Siemens SCADA systems to discover the system default password.
While Stuxnet only affected Windows machines with infected USB drives plugged in, the Windows Shortcut Exploit in general can work through file shares and WebDav as well.
Block the Windows Shortcut Exploit
Am I at risk?
At the moment, there is no patch from Microsoft to fix this exploit; however, our free Windows Shortcut Exploit Protection Tool will block this exploit from running on your computer. Sophos customers are already protected from this exploit.
The Windows Shortcut Exploit affects all Microsoft-supported versions of Windows—anything newer than Windows XP SP3—as well as older versions.
Sophos Security Chet-Chat Episode 19:
The Windows Shortcut Exploit/CPLINK – What is it, what are the risks?
13:21 minutes – Download (12.2 MB)
How do I protect against this?
Download our free Windows Shortcut Exploit Protection Tool to block the exploit from running on your computer. If you’re an existing Sophos Endpoint customer, you are already safe from this exploit.
Microsoft’s officially recommends disabling icon rendering; however, this advice could make Windows significantly harder to use.
More malware exploiting Windows shortcut vulnerability
July 26, 2010 by admin
Filed under Security News
It probably won’t come as a surprise to anyone, but more evidence has come to light that cybercriminals are actively exploiting the Windows shortcut vulnerability (also known as CVE-2010-2568).
Like the earlier Stuxnet attack, more examples of specially crafted shortcut (.LNK) files that point to malicious code and trick Windows into executing it without user interaction have been analysed in our labs.
Overnight Sophos saw two malware samples that were being spread by the .LNK vulnerability. Customers of Sophos products were already protected as we detect the .LNK shortcuts generically as Exp/Cplink-A or Troj/Cplink – however, here is more information on the specific malware:
Troj/Chymin-A:
Also known as Chymine, this keylogging Trojan horse is designed to steal information from infected computers.
Troj/Chymin-A may be downloaded by exploited Windows Shortcut (.LNK) files.
W32/Dulkis-A:
W32/Dulkis-A is the more interesting of the two examples of malware we saw related to the exploit overnight, as it drops .LNK shortcut files that exploit the vulnerability to removable drives such as USB sticks. Sophos products detect these .LNK files as Exp/Cplink-A.
W32/Dulkis-A is a Windows worm, written in obfuscated Visual Basic, which copies itself to any attached removable storage device using the files 9.tmp (detected as Mal/TDSSPack-Z), xxx.dll (detected as W32/Dulkis-A) and <randomname>.tmp (detected as Troj/Nebule-Gen).
Security risks for those who stay with Windows XP SP2
July 13, 2010 by admin
Filed under Security News
Tomorrow (Tuesday 13 July 2010) Microsoft will issue its last ever security patches for Windows XP Service Pack 2 (SP2).
The service pack, which was first released in August 2004, will no longer be supported by Microsoft after Tuesday meaning that users will no longer receive any security patches – regardless of how critical any discovered vulnerability may be.
Furthermore, it’s not just Windows XP SP2 that Microsoft won’t be updating – but your installations for Internet Explorer, Windows Media Player, Outlook Express and other Windows XP SP2 components also won’t receive security patches if you’re running that version of the operating system.
You may be wondering – “What’s the problem? After all, Windows XP SP3 was released in 2008, and replaced SP2, right?”
Well, yes. It did. But recently published statistics suggest that an alarming 77% of organisations are running Windows XP SP2 on 10% or more of their PCs.
That’s an awful lot of computers which may not be properly protected when a new vulnerability is discovered – and could potentially be vulnerable to a malware attack.
Microsoft would probably like you to update your computers to Windows 7, but that may be a tall order for many older PCs. If you’re not ready for Windows 7, make sure you apply the free update to Windows XP SP3. Windows XP SP3 will be supported by Microsoft until at least April 2014.
Beware ‘Your log 05.07.2010′ emails – they carry malware
July 8, 2010 by admin
Filed under Security News
Malicious hackers are spamming out emails around the world disguised as a changelog, with the intention of infecting recipient’s Windows computers with the attachment.
A typical email reads as follows, although there can be minor variations in the message body:
Subject: Your log 05.07.2010
Message body:
Dear Customers,
as promised your changelog is attached,
<name>Attached file: Changelog_05_07_2010.zip
The emails, by the way, are always signed off by the first name of the person who is mentioned in the message’s from: field. That field is, of course, forged – it’s not really that person who sent you the email so don’t blame them if you get infected!
Critical patches: Update your Adobe Flash player now
June 11, 2010 by admin
Filed under Security News
Adobe has issued a security bulletin detailing critical vulnerabilities that have been discovered in the current versions of Adobe Flash Player for Windows, Macintosh, Solaris and Linux.
An update issued by Adobe claims to resolve 32 vulnerabilities in Flash Player – which if left unpatched could leave open a door for hackers to infect innocent users’ computers. Some of the security holes are already being exploited by malicious hackers.
Adobe is recommending that users upgrade to Adobe Flash Player 10.1.53.64.
If you’re not sure which version of the Adobe Flash Player you have installed, visit theAbout Flash Player page. Remember that if you use more than one browser on your computer you should check the version number on each.
Adobe further recommends that users of Adobe AIR version 1.5.3.9130 and earlier versions update to Adobe AIR 2.02.12610.
It is becoming more and more common for cybercriminals to exploit vulnerabilities in Adobe’s software – so it would be a very good idea for everyone to update vulnerable computers as soon as possible.
A swarm of Safari security holes: Mac and Windows users told to update
June 9, 2010 by admin
Filed under Security News
Whether you own a Windows or Mac OS X computer, if you’re a user of Apple’s Safari browser, it’s time to update your computer against a swarm of security vulnerabilities.
With the attention of most Apple devotees diverted this week towards the sleek new iPhone 4, some may have missed that the Cupertino-based company has also issued a brand new version of its web browser, Safari.
Most interestingly to us, however, is the news that Safari 5.0 not only includes new functionality, but also plugs at least 48 different security vulnerabilities that (if left unpatched) could be exploited by hackers.
Mac OS X version 10.4 users (which Safari 5 doesn’t support) aren’t left in the lurch either. Apple has issued Safari version 4.1 for those customers, which addresses the same set of security issues.
Adobe products struck by zero-day attacks
June 6, 2010 by admin
Filed under Security News
Adobe’s products are once again in the firing line, as hackers are reportedly exploiting critical unpatched vulnerabilities in the products Adobe Reader, Acrobat and Flash Player.
Adobe has published a security advisory describing the problems which affect users regardless of whether they’re running Windows, Mac OS X, Linux, Solaris or UNIX.
Adobe has labelled the zero-day vulnerabilities as “critical”, the most serious rating it has.
Adobe says that Adobe Reader and Acrobat version 8.x are not vulnerable, and that the Flash Player 10.1 release candidate “does not appear to be vulnerable”.
Although Adobe has published a way to mitigate the problem for Adobe Reader and Acrobat 9.x for Windows, the workaround is clearly not ideal:
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
