Having problem with Your Internet browser

If Your computer acts strange while on  Internet (Your browser often crashes with general protection fault error, computer blocks, files disappeared from HDD, CDD opens and closes without reason...), You can be victim of  Back Orifice-a. That is a package that consists of two  programs and enables other people to use Your computer over Internet without Your permission. First program is BO server and it has to be installed on your computer. You get it as most of viruses by downloading of some program from unreliable Internet sites, or you can get it over e-mail-a as attachment. When starting this program, Back Orifice server is automatically installed on Your computer and leaves open door to all hackers on the world to do what they wish with your computer.

If you want to check how many hackers tries to enter to Your computer you can download NOBO (74.240 bytes) . That is software that protects You from  Back Orifice and gives you an information about person that attacked Your computer. You just have to send e-mail to his Internet provider to stop other attacks.

wpe1.jpg (800 bytes)            Home Page


E-mail virus Bubbleboy !!!

Bubbleboy is new sort of virus that spreads over e-mail, and uses security bug of MS Outlook 98/2000 that shows HTML documents. This worm can infect computer in e-mail  preview. It makes file UPDATE.HTA in folder C:\windows\Start Menu\Programs\Startup and on first start it will start outlook in hidden window and send infected e-mail to everyone in your Address Book. Virus does not work if your Windows is not installed in folder  C:\Windows.

Patch for security bag you can find starting from Q240308 in Microsoft knowledge database. You can solve problem if remove association to *.HTA files too.

wpe1.jpg (800 bytes)            Home Page


Disabling of Cancel button when logging to Windows

If you don't want to allow logging to Windows by pressing Cancel button on password screen, find key HLM\Network\Logon and add DWORD value MustBeValidated. If you input value 1 and restart Windows, Cancel button will be inactive.

wpe1.jpg (800 bytes)            Home Page


PC Anywhere - change values of standard ports to be invisible on Internet

 

In case that you use PC Anywhere on Internet and you do not assign TCP/IP address, it automatically scans network trying to find some of available hosts. In case you change values of standard ports, your computer will not be reported as host to computer that scan network. Make backup of  registry, and find key:

 

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System]

"TCPIPDataPort"=dword:000015ff

"TCPIPStatusPort"=dword:00001600

 

and change values for ports. For new values of ports you can use 5641 (TCP) i 5642 (UDP) - hexadecimal 1609 and 160A.

 

wpe1.jpg (800 bytes)            Home Page


W32.Swen.A@mm - brand new and dangerous (22.09.2003.)

W32.Swen.A@mm is a "worm" that uses known bug in Microsoft Outlook and Outlook Express-u that allows it to start in preview mode. It can come as an attachment of any message (for example as security patch for Microsoft Internet Explorer ). When installed, "worm" tries to stop antiviral and firewall software installed on computer.

For details try Symantec web site.

This "worm" can spread on Microsoft Internet Explorer 5.01 and 5.5. You can fond security patch here.

If you already have this worm on your computer download security patch, and cleaning software that you can find on Symantec web site.

Disconnect from Web and start cleaning software and then install security patch.

Recommendation: download new virus definitions file for your antiviral software.

wpe1.jpg (800 bytes)            Home Page


W32.Blaster.Worm - protection & removal

 

If computer starts to report serious error that will cause it to shut down in 30 seconds and start counting down there is a big chance that it caught W32.Blaster.Worm.

 

Because of security bug in Microsoft RPC protocol this worm is dangerous for computer systems with Windows NT 4.0, Windows 2000, Windows XP and Windows 2003 operating systems installed.

To protect Your computer, install appropriate security pack. Before installation you have to install Service Pack.

If you already detected this worm on computer download security pack, and some of cleaning software that you can find on Symantec site, or here.
(first read manual for Windows XP & ME!!)

Disconnect, run cleaning software and then install security pack.

 

wpe1.jpg (800 bytes)            Home Page


MyDoom virus
Virus MyDoom
(also known as W32/Mydoom@MM, W32.Novarg.A@mm and WORM_MIMAIL.R) spreads over Internet through e-mail attachments. "Worm" comes as attachment with some of following extensions .bat, .cmd, .exe, .pif, .scr or .zip. It is dangerous because it leaves open port u between 3127 to 3198, that potential hackers can use very well.

Also it sends himself to all e-mail addresses that can find on computer.  MyDoom is programmed to start DDoS (denial of service) attack on web location of SCO company from all infected computers between 1. and 12. February. This company offers 250.000 US$ reward for information that will lead to arrest of virus author. You can find free tool for virus removal that made company Computer Associates. Here is a link: http://www3.ca.com/solutions/collateral.asp?CT=27081&CID=54593 (333 KB).

 

Recommendation: download new virus definitions file for your antiviral software. Virus definitions from 26.01.2004.can protect you.

 

wpe1.jpg (800 bytes)            Home Page