-
F-Secure: Commwarrior claims first big victim
Date: 08/31/05 (Security) Keywords: security, virus
A Scandinavian company is struck by a nasty variant of the mobile-phone virus, the security specialist says.
-
Symantec probes report of antivirus product flaw
Date: 09/02/05 (Security) Keywords: software, security, virus, antivirus
Security software vendor is investigating a report of a weakness in the way its corporate antivirus software stores login credentials.
-
Windows Firewall flaw may hide open ports
Date: 09/02/05 (Security) Keywords: security
Flaw in security application may prevent users from seeing all the open network ports on a Windows XP or Windows Server 2003 computer.
-
Problem
Date: 09/02/05 (Computer Help) Keywords: cms, software, html, java, security, virus, antivirus, web, microsoft, google, ebay
I'm having this wierd problem so I scanned with Hijack This! Here's the log. Which of these shouldn't be there. Please help me!
Logfile of HijackThis v1.99.1
Scan saved at 3:31:07 PM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\owner\My Documents\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [oxmx] C:\WINDOWS\oxmx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAccess/ie/bridge-c8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_s ite.cab?1124631707093
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E154E3CC-0C3A-4101-91D8-6B4876F0FD64} (PrintScreen Class) - http://www.mydisplayimage.com/create/Flash2Image.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeSource: http://www.livejournal.com/community/computer_help/479940.html
-
Bug hunters, software firms in uneasy alliance
Date: 09/06/05 (Security) Keywords: software, security
Security researchers and companies that write commercial software seek common ground over how to report flaws.
-
eEye: Flaw found in IE, Outlook installation
Date: 09/06/05 (Security) Keywords: security
Vulnerability could allow an attacker to take remote control of a user's system, security specialist says.
-
Five things you need to know about Web services threats
Date: 09/06/05 (Security) Keywords: security
Scott Morrison: There's no magic bullet. But a mix of serious introspection, off-the-shelf tools, and ongoing vigilance can yield a solid security framework.
-
Web based Immigration Checks for Companies
Date: 09/08/05 (Java Web) Keywords: database, security, web
A web based pilot program is currently underway to rapidly determine the eligibility of a worker to work legally in US. Under the "Basic Pilot Program," employers enter a person's name, birth date and other data on a website. The information is then run through databases maintained by the Social Security Administration and U.S. Citizenship and [...]
Source: http://blog.taragana.com/index.php/archive/web-based-immigration-checks-for-companies/
-
Microsoft to release fixes for Windows flaws
Date: 09/09/05 (Security) Keywords: security
On upcoming "Patch Tuesday," expect to see one security alert for serious flaws in the operating system.
-
New Firefox Vulnerability )c:=
Date: 09/09/05 (Mozilla) Keywords: security, web
It seems that a new critical security vulnerability has been found in Firefox, unfortunately the day after 1.5 Beta 1 was released. It seems to affect all current versions (including 1.5 Beta 1), and can be used for arbitrary code execution and/or to compromise a user's system. The vulnerability has to do with a malformed URL, so the way to mitigate the problem is to not follow links to or from untrusted website. It sounds like disabling IDN support may mitigate it too, but I have no confirmation on that. Hopefully this will be patched quickly...I'll edit this post and/or post again once I hear of a patch becoming available.
Note that there are currently no known exploits for this vulnerability, so just exercise caution when following links.
For more information, see today's diary at the Internet Storm Center, or the Secunia advisory.
X-posted to!['[info]']('http://stat.livejournal.com/img/community.gif')
firefoxusers.Source: http://www.livejournal.com/community/mozilla/316744.html
-
Debug Privilege in XP Home?
Date: 09/09/05 (IT Professionals) Keywords: security, spyware
Hello! I'm trying to fix a spyware on my friend's computer, and I stuck into this problem: there are some processes I cannot terminate (though I'm logged on as an administrator). It says "Access denied" or something like this. I tried several ways: usual Task Manager, the ProcessExplorer, command-line ntsd tool, and some others. I see problem is not with these tools, but with my privileges.
This very useful page, where I read about ntsd ( http://sastools.com/b2/post/79394226 ), says: Note that this only works if your user group has debug privileges, check Control Panel->Administrative Tools->Local Security Policy->Local Policies->User Rights Assignment->"Debug Programs". I've run across some nasty spyware that turns off the debug privilege for Administrators and runs itself as a system process.
It is very good, but XP Home doesn't have the Local Security Policy snap-in. So, how can I check/enable that debug privilege for myself? Maybe there is some third-party policies editor?
If such thing as "debug privilege" exists in XPHome, and if the spyware could disable it, there must be some way to enable it back.
I'm pretty sure all those policies live somewhere in HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts . But there are some obscure binary values, surely unintended for manual editing. There must be a tool to deal with them, I think.
Or am I searching in a completely wrong direction?
Probably will be X-posted.Source: http://www.livejournal.com/community/itprofessionals/21533.html
-
Microsoft pulls 'critical' Windows update
Date: 09/10/05 (Security) Keywords: software, security
A quality issue has moved the software maker to pull the security update that it planned to release on Patch Tuesday.
-
New Firefox, Mozilla releases to fix bugs
Date: 09/15/05 (Security) Keywords: security
Mozilla Foundation plans to release new versions soon to deal with a recently disclosed serious security flaw and other problems.
-
Mozilla Firefox 1.0.7 and Mozilla 1.7.12 Release Candidates
Date: 09/15/05 (Mozilla) Keywords: html, security, web
For your information, The Mozilla Quality weblog has announced the availability of Mozilla Firefox 1.0.7 and Mozilla 1.7.12 release candidates. These builds feature several security fixes, including a solution for the IDN link buffer overflow vulnerability. There are also some stability improvements, which should lead to fewer crashes, and fixes for regressions introduced by previous security updates. Testers are asked to check that extensions and themes install correctly, ensure that there are no problems logging into webmail and banking sites and verify that file downloads work correctly.
For more information, kindly click the following link: http://www.mozillazine.org/talkback.html?article=7348
Regards,
Omar.-Source: http://www.livejournal.com/community/mozilla/320245.html
-
IE flaw puts Windows XP SP2 at risk
Date: 09/16/05 (Security) Keywords: security, microsoft
Flaw in Microsoft's Internet Explorer could launch a remote attack on systems running Windows XP with Service Pack 2, says security firm.
-
Plan lets users be the judge of flaws
Date: 09/17/05 (Security) Keywords: security
Common Vulnerability Scoring System would let companies take their own systems into account in assessing the risk from a security bug.
-
Improved Firefox 1.0.7 and Mozilla 1.7.12 Release Candidates
Date: 09/18/05 (Mozilla) Keywords: html, xml, security, web
"The Mozilla Quality weblog has details of a new round of Mozilla Firefox 1.0.7 and Mozilla 1.7.12 release candidates. These latest test builds include a fix for bug 308484, which changes the behaviour of XMLHttpRequest to improve compatibility with extensions. The weblog post has information about the areas to test."
"Mozilla Firefox 1.0.7 and Mozilla 1.7.12 are security updates designed to fix the IDN link buffer overflow vulnerability and several other security flaws. They will also include stability improvements and some fixes for regressions introduced by previous security updates. The final 1.0.7 and 1.7.12 releases are expected in a few days."
Read more: http://www.mozillazine.org/talkback.html?article=7370
Regards,
Omar.-Source: http://www.livejournal.com/community/mozilla/320800.html
-
Symantec: Mozilla browsers more vulnerable than IE
Date: 09/19/05 (Security) Keywords: browser, security, microsoft
But security firm also finds that Microsoft's IE is the only browser widely exploited by hackers today.
-
Serial typo-squatters target security firms
Date: 09/19/05 (Security) Keywords: security
When surfing a leading security firm's site, check that url because a company appears to have set traps through typo-laden domain names.
-
Fix in for Firefox bugs
Date: 09/21/05 (Security) Keywords: browser, security
Security update to open-source browser patches several flaws. A similar revamp for Mozilla is on its way.
Source: http://news.zdnet.com/Fix+in+for+Firefox+bugs/2100-1009_22-5875797.html?part=rss&tag=feed&subj=zdnn
| Previous page | || | Next page |