windowsnerd.com » antivirus/spyware

Kudos to Kirllos your facebook account is probably pwnd

Nerd — Sun, 25 Apr 2010 04:22:48 +0000

I forgot to publish this from Mexico after my birthday when it hit the press. One guy in Russia named Kirllos owns 1 in 300 facebook accounts and has them for sale. A close source today tells me he has a lead on a guy who is selling more accounts than that, and cheaper than Kirllos. My only point being, if there are 2 known people who have a 1 in 300 shot at already owning your password, I hope you change it as often as I do. There are a lot more than 2 Eastern European hackers in the world.

The combination of facebook owning your data, and you being excluded from that ownership/permissions editing should be something to ponder.

Untangle firewall common ports to unblock

Nerd — Wed, 16 Dec 2009 14:20:06 +0000

If you are setting up an Untangle firewall and want to use it at your house or business but might not know common ports to allow, here is a list. I have things a bit tighter at work but at the house I like to have instant messengers etc working.

Skype TCP ports 13861, 34954, 42045

Apple remote admin stuff – tcp 5354

typical email – tcp 25, 143, 465, 587, 993, 995 (use these at your own risk. Some you need for gmail etc, but if you open 25 outbound you may be spamming if a machine is owned)

web – tcp 80, 443

openvpn – tcp 1194

ssh – tcp 22

ftp -tcp 21

Instant messengers - tcp 1863, 5050, 5190, 5222, 5223

Remote desktop – do some port forwarding so it comes in on like 10020 and goes in to 3389. Dont open 3389 to the outside.

How do you find more?

Open a command prompt

type in netstat -no and hit enter

you will see a list of the open source and destination addresses. Compare this list to the auto refresh block list in your untangle firewall. Look for the PID. Compare that to a task manager PID and see what process is using it. Make sure you know what you are allowing when it is blocked.

Time to get antivirus for your Mac

Nerd — Sat, 25 Jul 2009 21:17:12 +0000

Yup, people ask me if they need it, I’m saying get it now. Time to provide the antivirus vendors with a little cash to develop your AV just before you need it more. Which is later this week to next year.

Hahhahaaha, I mean, oh sucks for VA

Nerd — Tue, 05 May 2009 13:48:01 +0000

Well Virginia went and lost their prescription drug data. 8.2million people worth of records are being held ransom by some idiot who I’m guessing is young, American and maybe drunk.

Here is the link to wikileaks who broke the story.

Maybe this will be the new tax needed to make companies/govt agencies provide resources to protect data.

Ad blocking

Nerd — Wed, 29 Apr 2009 00:42:49 +0000

Firefox ad blocker – Adblock plus - easy install. Works well.

Google Chrome ad blocker -Adsweep.org – follow the instructions, it will only take a minute or two to copy and paste what you need.

IE – download and run IE8, turn on the “in private” browsing thinger.

For all 3 – download and install the hosts file from MVPS.org. This maintains a list of bad guys and prevents your computer from having any traffic going there. Make a calendar appointment to update this every few months or so.

Antivirus boot cds

Nerd — Mon, 27 Apr 2009 17:41:36 +0000

Antivirus boot cds are the easiest way to clean a virus. Download an .iso, burn it to a cd with a tool like iso recorder which is free thanks to Alex Feinman, the brilliant author. The magic of an antivirus boot cd comes from booting off a device other than your hard drive. If a virus is on your hard drive, it has the ability to hide itself when the hard drive boots. When you boot into a cd, it doesn’t care, doesn’t load or look at any of the code the virus has injected. It just boots to itself then lets you look at the hard drive as it really is, then clean it up.

So burn one of the discs below, put it in your optical drive. Do a cold reboot, start it up, if it doesn’t start booting to the cd you need to figure out how to tell your computer to boot to cd. A lot of times f8, f10 or f12 will bring up a boot menu and let you choose what device boots first. Sometimes you will have to get in to your bios and find the boot order, usually that is delete or f2. This will take some experimenting or googleing based on your on computer model. Can’t help everyone in a sentence here.

Here is a list of places to get antivirus boot cds:

AVIRA – Avira boot cd- seems good on sata, super lightweight. Look for the flag on the lower left corner to choose english if you speak that. Good detection rate. configure options to rename infected files BEFORE you run it.

BITDEFENDER- bitdefender rescue cd – not that great at new sata controllers, but a really good knoppix linux OS to run out of. This one is pretty, autoruns, is easy to use. There is a rootkit scanner called ChkRootKit, you should run that after your AV scan completes. You can also configure your network using this one, and get the latest updates off the web using the shortcut “update signatures” on the desktop.

KASPERSKY- Kaspersky bood cd – this is my favorite because of it’s success rate. This one usually is all I need to clean boot sector, rootkits, whatever. Then go back with something else to fix other problems. Sysinternals ERD commander, hiren, ubcd etc.

UBCD- (mcafee, fprot)- Download the iso from securitywonks, don’t trust a torrent. Read up either on the securitywonks or UBCD4win webpage for the latest in how their tools work for you. Multiple av scanners. good stuff. Should have everything you need to fix a computer. Password reset, system restore, disk error checking etc.

Sweet virus scanning page

Nerd — Fri, 21 Mar 2008 14:55:30 +0000

Ever want to confirm some virus problems on a file? This is the coolest site for doing so: http://www.virustotal.com/ Yesterday it scanned through 32 virus scanners on a single file I uploaded. It is very fun to see that half of the virus detection engines didn’t detect the trojan in the norton 2007 keygen file I uploaded. And the rest didn’t really agree on what it was.