Category Archives: Uncategorized

Batch Scripts Make life easier (Windows Only) Sorry.

I made some batch scripts to make peoples life easier (Windows Only) Sorry. You can find them at http://www.mediafire.com/?sharekey=394d82f74bf9688936df4e8dca141969e04e75f6e8ebb871.

Restart Browser(s): This can be used to restart a browser if it crashes or frezes and can’t close (IE, Firefox Works Have Not Fully Tested Rest).

scan HDD: This is used to Maintain any Hard Drive attached to a PC also used to recover sectors. (chkdsk /R)

Start Windows services: This is used to start some services such as Command Prompt also Task Manager…etc. Also some tools for command prompt such as ipconfig and more.

Anyone know how to program in batch script??

Hi, This is more of a question then an blog post. I have a tool I am making to download security tools from the web and I am not much of a programmer. I used the idea from SDFix security tool kit how they update their tools and failed it said file destination not found please help. Go to http://www.youngcoders.com/general-web-programming/31812-batch-scripting-download-problem.html

Any articals to places to learn to program would be great I would like to learn to program in assembly and C also I would like to learn to program bash scripts for UNIX baced systems and batch scripts for windows. All help is great!!!!!!!!!:)

Test Your Computers Security!

Many people want to know if their security can be compromised so they wait to see if their method of security works. People need tools to test it not just wait to see if you get a virus and your virus scanner will detect it. Remember, rootkits are getting more and more clever they latch on to the OS in many different parts (Kernel, system folders, etc…)  and many virus scanners will not detect them. You have to use tools such as “Gmer” Found on http://www.gmer.net or other tools. One day I found an article where it shows links to sites that will test certain aspects of security. I can’t find the link to the page so sorry to the creator of the article .

WARNING I TAKE NO PART WITH ANY SITE HERE BELOW  AND THE SITES ARE FOR TESTING ONLY!!!

Test Your Computers Security!

I thought I’d put together a few ways of testing your systems security setup. These are not virus or malware scanners but various ways of testing your current security software.

Virus Test

The Eicar Virus is a harmless virus that contains a string of characters that will be recognised by all Anti-Virus or Anti-Malware vendors. By downloading it your a/v should detect it and attempt to quarantine it. It can be downloaded in various formats (.txt, .zip) and is available here:

Eicar.org

The file will test that your antivirus is functioning properly.

Trojan simulator is similar but installs a process and a registry autostart entry that your av package should detect:

Trojan Simulator

Firewall Testing

Inbound

A firewall should be able to block incoming attacks from trojans or hackers. To test this ability it is good to see which ports are hidden on your computer or “stealthed”.

A good website to test your stealthed ports is GRC Shields Up! Follow the link below then click on shields up and follow the simple instructions.

GRC Shields UP!

For a firewall to be effective it needs to stop malware from contacting the internet. Malware may connect to upload stolen info, download more malicious software or serve you adverts.

Outbound

To test whether your firewall will allow leaks in different ways you can use the software from Comodo on this page:

Firewall leak testing tools from Comodo

This software when run will try and communicate with the internet in various sneaky ways to try and bypass your firewall. A good firewall should stop these methods. Don’t let your A/V block the file, as it may be detected as a potentially unwanted program but isn’t a virus.

Popups, as well as being really annoying can serve you malware. To test your Browsers Popup stopping ability then try these links:

Popup Stopper Test

Online Popup Blocker Tests

Online Phishing Sites Testing

PhishTank has a list of recently submitted phishes (website forgeries designed to scam in some way).  The confidently brave or secure can check out these by surfing to these links…  But be wary of clicking on these sites as they can often serve viruses. If a phish is detected then your security software’s phishing protection should warn you. Firefox and Internet Explorer in built phishing filters should also provide protection or warnings.

Phishtank.com

Conficker Test

To test whether you have the conficker worm, this website will load an image from some of the websites that the conficker worm attempts to block. The site explains itself better than I can but essentially if you are missing the images you could be infected.

Conficker Eye Chart

Browser Security Testing

Browsers have various security issues and to test your browser then surf here:

Browser Security Test

You may only have vulnerabilities if you are not running the latest version of your browser.

Test Your Email Spam Filter

This website will send you a number of emails designed to test your email software’s spam filtering abilities in a variety of ways:

www.nospamtoday.com

Your Host-File Can be your Best Friend if in Use!!!

Your Host-File Can be your Best Friend if in Use!!!

Many tools can be used to update your host-file such as “Spybot Search & Destroy” with its “Immunize” feature. This tool in “Spybot Search & Destroy” will add rouge sites any will put them in your host file so you will not be able to go to them. Many tools try to keep them up-to-date but spybot is not a filter system but it helps. I made a list of some tools to update your Host-file and where to get them.

Most links came from the link below!!!

Host-File

http://www.hosts-file.net/

The HOSTS File installer for Windows

Primary

http://support.it-mate.co.uk/downloads/hpHosts-Setup-Win32.exe

or

http://www.montanamenagerie.org/hostsfile/hpHosts-Setup-Win32.exe

or

http://hosts-file.malwareteks.com/hpHosts-Setup-Win32.exe

or

http://temerc.com/hphosts/hpHosts-Setup-Win32.exe

or

http://avant.it-mate.co.uk/dl/Tools/hpHosts/hpHosts-Setup-Win32.exe

or

http://downloads.securitycadets.com/hpHosts-Setup-Win32.exe

or

http://www.calendarofupdates.com/updates/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=24

The HOSTS File for Windows/Linux.

Primary

http://support.it-mate.co.uk/downloads/hphosts.zip

or

http://www.montanamenagerie.org/hostsfile/hosts.zip

or

http://hosts-file.malwareteks.com/hosts.zip

or

http://temerc.com/hphosts/hosts.zip

or

http://avant.it-mate.co.uk/dl/Tools/hpHosts/hosts.zip

or

http://downloads.securitycadets.com/hpHosts.zip

or

http://www.calendarofupdates.com/updates/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=20

The HOSTS File for Windows/Linux (please only use this if you experience problems with the above 2 packages).

Primary

http://support.it-mate.co.uk/downloads/hosts.txt

or

http://www.montanamenagerie.org/hostsfile/hosts.txt

or

http://hosts-file.malwareteks.com/hosts.txt

or

http://temerc.com/hphosts/hosts.txt

or

http://avant.it-mate.co.uk/dl/Tools/hpHosts/hosts.txt

or

http://www.calendarofupdates.com/updates/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=22

The HOSTS File for Windows/Linux, optimized by HostsMan 4 for those that need or want, to keep the DNS Client enabled and running.

Primary

http://support.it-mate.co.uk/downloads/hosts-optimized.zip

or

http://www.montanamenagerie.org/hostsfile/hosts-optimized.zip

or

http://hosts-file.malwareteks.com/hosts-optimized.zip

or

http://temerc.com/hphosts/hosts-optimized.zip

or

http://avant.it-mate.co.uk/dl/Tools/hpHosts/hosts-optimized.zip

or

http://www.calendarofupdates.com/updates/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=23

The HOSTS File for the MAC OS

Primary

http://support.it-mate.co.uk/downloads/mac_hosts.zip

or

http://www.montanamenagerie.org/hostsfile/mac_hosts.zip

or

http://hosts-file.malwareteks.com/mac_hosts.zip

or

http://temerc.com/hphosts/mac_hosts.zip

or

http://avant.it-mate.co.uk/dl/Tools/hpHosts/mac_hosts.zip

or

http://www.calendarofupdates.com/updates/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=26

ad_servers

This file contains ad/tracking servers in the hpHosts database. This should ONLY be downloaded by those wanting to block ad/tracking servers and nothing else, and requires manual merging.

http://www.hosts-file.net/ad_servers.asp

hphosts-partial

This file contains a list of site’s that have been added AFTER the last full release of hpHosts. This should ONLY be downloaded by those currently using hpHosts, and requires manual merging.

http://www.hosts-file.net/hphosts-partial.asp

Removed

This file contains a list of hostnames removed from hpHosts since 04/02/2009 for whatever reason (usually because they failed the resolution process).

http://www.hosts-file.net/download/removed.txt

Yahoo_Servers

Optional addition containing the Yahoo servers for those that wish to block them.

http://www.hosts-file.net/download/yahoo_servers.zip

Tools

WinDef_Hosts

Restore Windows default HOSTS file

http://www.hosts-file.net/download/WinDef_Hosts.zip

EnDisDNS

Batch files to enable/disable Windows DNS Client

http://www.hosts-file.net/download/EnDisDNS.zip

appendhosts

Append to Hosts VBS Script v1.7 for appending your entries to the HOSTS File.

This script is UNSUPPORTED.

http://www.hosts-file.net/download/appendhosts.zip

hostsdiag

hpGuru’s HOSTS Diagnostic Utility.
http://www.hosts-file.net/download/hostsdiag.zip

hbypass

Hosts Bypass is a Proxomitron filter which allows users to visit sites blocked by their hosts file without the need to remove them after each and every hosts update.

http://www.hosts-file.net/download/hbypass.zip

HostsMan

A small and useful utility for managing the HOSTS file, with automatic updates and a built in server to enhance HOSTS file usage.

HostsMan support forums can be found here

http://forum.abelhadigital.com/index.php?showforum=2

Download via website

http://www.abelhadigital.com/

HostXpert

A small and useful utility for managing the HOSTS file, with automatic updates.

Funkytoad also provide a server (crippled or paid versions) to be used in conjunction with HostsXpert, called Homer.

Download via website

http://www.funkytoad.com/

SecureMecca

These are small tweaks for Homer, by securemecca.com, that improve the usage and experience of Homer.

Download via website (phttpd)

http://www.securemecca.com/phttpd.html

I will try to make security easier!!!

I want everyone to have security easier on their lives so I am adding a few more tools in one post so watch out for it and let everyone know. Also tell me in the comments if you want a tool added to I have the wrong term in any of my posts. P.S. This will be separate from my post called “The Guide to Locking Down a PC” because it has many tools already and two I had my local source of the file had been corrupted and tryed many recovery options so its gone, sorry about the boarder problem remember I used Microsoft Office Word at the time not Open Office. Joke :)

P.S.S Fallow me on twitter @tysonmax or go to http://twitter.com/tysonmax for random links, storys, security news, and stuff in my life.

Browser Privacy and Security!!!

People are always caring about their privacy and security but I see people taking convince over security all the time. If more workout it then forget about it right…WRONG!!! If you go to http://startpanic.com They are starting a potition to “gathering petition signatures with the request to patch the privacy vulnerabilities of web different web browsers. This petition will be sent to the four major development companies – Mozilla Corp., Apple inc., Microsoft Corp. and Opera Software ASA. Join us for a safe and secure Internet!”.

The big thing I agree with on the site is for vendors of products that everyone uses should talk to the owners of the product and say like on the site. “WE ASK YOU TO RELEASE AN UPDATE OR PATCH FOR YOUR BROWSER THAT WILL REMOVE THE OPPORTUNITY TO OBTAIN THE INFORMATION ABOUT RECENTLY VISITED WEBSITES.” Also to add to stop security holes in the products of other kinds also. That is why I enjoy security!! :)

Friend Site!

Hi, Everyone  my friend has a tech site that everyone should check out. It is security and also general tech and might be some more that I will not say. Check it out at http://www.techtalk2009.tk/

Conficker.C code base has changed!

I do want you to know that it is April 4, 2009 and the only thing that changed that is that the worm Conficker.C code base has changed. Also the servers that the worm connects to are open and not sending data yet so now it will be a waiting game now of what will it do next! This was said on “Security Now” a show hosted by Steve Gibson at grc.com. This worm is a very crafty viris that is out there now. If you want more info about this virus or how to remove it go to my post at

Conficker Worm PANIC on April 1, 2009.

Remember any computer that is comprimized by a virus, spyware, worm, or any type of mallisious code/program. If you remove it you can never say it is safe again because it was comprimized and remember if you were a hacker would you put a backdoor?

Conficker Worm PANIC on April 1, 2009.

We hear all this talk about the worm called Conficker, also known as ZLOB, Downup, Downadup and Kido in the news latly. The worm is occuping approximately six percent of computers scanned by Panda Security are currently infected by the worm. In the news people are scared and it is like the blaster worm all over again. Well people found out their is a date ingrained in the worm that it is set to receve a set of instructions from the new programmer of the virus. This worm is exploiting the auto run feature in windows (all of it, Network shares, Pen drives, CD Drives, etc…). Also It has a warnning on Microsofts site at http://support.microsoft.com/kb/962007 about the worm. Also I found a link that talks about it at http://www.tinyurl.com/Confickerinfo and also on wikipedia at http://en.wikipedia.org/wiki/Conficker This worm finds a port that is open on your pc and gets in and or it uses vanribilities in programs to gain access. To advoid it is to turn auto run COMPLETLY OFF and keep programs upto date like Adobe readder, Windows etc… Windows has a security patch that semi fixes auto run but not really. It is only available in Vista and Server 2008. But I seen one for XP But I forget what it is called something like auto run patch, or something like that. Well I hope you scann your PC’s on April 1 2009, I know I will on my windows baced PC’s and friends/Family PC’s. Keep upto date and scan with everything you got. I give everyone the best of luck and keep safe online and off. Talk to you all next time!

More info and tools to try to remove it from Microsoft go to: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EUB

Or try this removal method

To Remove it try this (found at http://www.xp-vista.com/spyware-removal/zlob-removal-instructions )

NOT RECOMMENDED TO USE:  SpyHunter* Spyware Detection Utility. Like They say on the site use my method in my post called

The Guide to Locking Down a PC

Stop Zlob Processes:
(Learn how to stop a process)
nvctrl.exe
msmsgs.exe

Unregister Zlob DLL Files:
(Learn how to do this)
oyopu.dll
yronl.dll
isadd.dll
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Remove Zlob Registry Values:
(Learn how to delete a registry value)
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{634be415-da12-496b-b89e-329b73c4807f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{8329660f-e248-4872-98cc-fb9c4fec7ba8}
SOFTWARE\MICROSOFT\Windows \CURRENTVersion \POLICIES\EXPLORER\RUN\C:\Windows \System32\issrch.exe
SOFTWARE\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{2016a466-91a2-43c6-97d8-2fd380f065ef}

Find and Delete these Zlob Files:
(Learn how to do this)
Trojan.Zlob.D
nvctrl.exe
msmsgs.exe
Trojan.Zlob
hp[X].tmp
msvol.tlb
ncompat.tlb
RSA
Protect
vnp7s.net
zxserv0.com
dumpserv.com
oyopu.dll
yronl.dll
isadd.dll
pmsnrr.exe
pmmnt.exe
isamntr.exe
avD.exe
codecaddon1169[1].exe
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Im back!

Ok, first of all sorry about not posting for a wile but I am trying to build a sweet NAS and also changing all my PC’s in my network to Linux. (because it is better then Windows in many aspects). I don’t want any postings like “What is linux?”, because I will put some postings in a wile also I don’t want people saying “are you leaving windows to forget about the windows people that still need your help?” I will still help people not just in direct e-mail but in the comments also or on twitter but mostly on the blog. You can follow me on twitter @tysonmax or at http://twitter.com/tysonmax. My Email is tyson50@hotmail.com (NO SPAM PLEASE!!!). So anyways I will talk more on my blog if more people link to it! Also I will talk more often I hope because I had many things going on. I will keep this blog upto date on viruses and security news as much as possible and many tips as I can please recomend me to frends and family, tech savy and not. Talk to you all soon!