January 2014 - Posts

The Awesomehp.com is a program that is part of the Adware.LinkHijacker family of adware. This program is bundled with various software that you can download for free and when installed will hijack your web browser and search engine so that it is set to Awesomehp.com. This adware is considered a browser hijacker because it changes your web browser's home page and default search provider to Awesomehp.com without your permission. Furthermore, this adware will append the argument http://www.awesomehp.com/?type=hp&ts=<timestamp>&from=air&uid=<hard drive id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Awesomehp.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Awesomehp from your computer and instead you need to use the specialized tools found in this guide to clean your shortcuts so your programs start normally.

http://www.bleepingcomputer.com/virus-removal/remove-awesomehp.com-browser-hijacker

2014-01-29

Adware
++ Ad.Feven + Firseria + W3i.IQ5.fraud + Win32.AddLyrics + Win32.InCore
PUPS
+ iCrossRider
Trojans
+ Kazy.dll + PSW.Fareit + Win32.Muollo + Win32.ZBot
Total: 2598030 fingerprints in 808195 rules for 7234 products.

http://www.safer-networking.org/about/updates/

Posted Wed, Jan 29 2014 8:15 by Don
Filed under:

Windows Ultimate Booster is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays fake scan results, fake security warnings, and does not allow you to run programs on your computer. Windows Ultimate Booster is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

When Windows Ultimate Booster is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-ultimate-booster

Posted Tue, Jan 28 2014 5:11 by Don
Filed under:

The LiveSupport program is a small program that displays contact information for a remote support company and suggests that you download a variety of security programs to protect your computer. This program is commonly bundled with free programs that you can download off of the Internet. These free programs bundle adware programs like LiveSupport in order to generate revenue even though the program you wanted is free. Once installed, Live Support will automatically start when you login to Windows and display an icon of a remote-support person's head on the title bar of the active Window. When you click on this head icon, you will be shown a screen that offers a remote support number, which is currently 1-855-544-6024, as well as a tab that pretends to perform a system check and recommends two of four programs. The programs it promotes are Driver Pro, Optimizer Pro, Driver Updater, and System Performance Optimizer.

http://www.bleepingcomputer.com/virus-removal/remove-livesupport

Posted Tue, Jan 28 2014 5:09 by Don
Filed under:

Windows Efficiency Kit is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Efficiency Kit is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Efficiency Kit is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-efficiency-kit

Posted Sat, Jan 25 2014 4:13 by Don
Filed under:

0 Internet Explorer
25 Restricted Sites
0 Firefox

16759 items in database

http://www.brightfort.com/downloads.html

Posted Fri, Jan 24 2014 17:26 by Don
Filed under:

2014-01-22

Adware
++ Ad.BestLyrics + Firseria + Win32.AddLyrics
PUPS
+ myPCBackup
Trojans
+ Cridex.kb ++ Win32.Autoit.bbw ++ Win32.Fynlosk + Win32.Muollo + Win32.ZBot
Total: 2597852 fingerprints in 808017 rules for 7233 products.

http://www.safer-networking.org/about/updates/

Posted Wed, Jan 22 2014 7:32 by Don
Filed under:

Windows Prime Accelerator is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Prime Accelerator is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Prime Accelerator is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-prime-accelerator

Posted Wed, Jan 22 2014 5:48 by Don
Filed under:

Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.

This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures.

For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials.

Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape.

Microsoft recommends best practices to protect your PC such as:

  • Using modern software that has advanced security technologies and is supported with regular security updates,
  • Regularly applying security updates for all software installed,
  • Running up-to-date anti-virus software.

Our goal is to provide great antimalware solutions for our consumer and business customers. We will continue to work with our customers and partners in doing so, and help our customers complete their migrations as Windows XP end of life approaches.

MMPC

http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx

Posted Thu, Jan 16 2014 4:59 by Don
Filed under:

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.
 
 * MS12-050
 * MS12-066


Bulletin Information:

* MS12-050 - Important

  - https://technet.microsoft.com/security/bulletin/ms12-050
  - Reason for Revision: V2.2 (January 15, 2014): Bulletin
    revised to announce a detection change in update 2596911.
    This is a detection change only. Customers who have already
    successfully updated their systems do not need to take any
    action.
  - Originally posted: July 10, 2012  
  - Updated: January 15, 2014 
  - Bulletin Severity Rating: Important
  - Version: 2.2

* MS12-066 - Important

  - https://technet.microsoft.com/security/bulletin/ms12-066
  - Reason for Revision: V1.4 (January 15, 2014): Bulletin
    revised to announce a detection change in update 2687356
    (a.k.a. 2687442). This is a detection change only. Customers
    who have already successfully updated their systems do not need
    to take any action. Note that update 2687356 is offered through
    Microsoft Update as update 2687442.
  - Originally posted: October 9, 2012  
  - Updated: January 15, 2014 
  - Bulletin Severity Rating: Important
  - Version: 1.4

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2916652)
  - Title: Improperly Issued Digital Certificates Could Allow
    Spoofing
  - https://technet.microsoft.com/security/advisory/2916652
  - Revision Note: V2.1 (January 15, 2015): Advisory revised to
    announce a detection change in update 2917500. This is a
    detection change only. Customers who have already successfully
    updated their systems do not need to take any action.

2014-01-15

Adware
++ Ad.SavingsApp + Firseria + Win32.AddLyrics + Install.DomaIQ + Win32.InCore
Malware
++ Win32.Androm.blaq
PUPS
++ BubbleDock + iCrossRider
Trojans
++ Win32.Neurevt + Win32.ZBot
Total: 2597691 fingerprints in 807856 rules for 7230 products.

http://www.safer-networking.org/about/updates/

Posted Wed, Jan 15 2014 11:58 by Don
Filed under:

Windows Prime Shield is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Prime Shield is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Prime Shield is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-prime-shield

Posted Tue, Jan 14 2014 15:57 by Don
Filed under:

Event ID:     1032572876
Language(s):     English.
Product(s):     computer security and information security.
Audience(s):     IT Decision Maker and IT Manager.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

and

TBD

Register for event
Starts: Wednesday, January 15, 2014 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Posted Tue, Jan 14 2014 13:03 by Don
Filed under:

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms14-jan

Important (4)

Microsoft Security Bulletin MS14-001
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
»technet.microsoft.com/en-us/secu···ms14-001

Microsoft Security Bulletin MS14-002
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
»technet.microsoft.com/en-us/secu···ms14-002

Microsoft Security Bulletin MS14-003
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
»technet.microsoft.com/en-us/secu···ms14-003

Microsoft Security Bulletin MS14-004
Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
»technet.microsoft.com/en-us/secu···ms14-004

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Windows Prime Booster is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered a rogue anti-spyware program because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Prime Booster is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Prime Booster is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-prime-booster

Windows Virtual Protector is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Virtual Protector is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Virtual Protector is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-virtual-protector

Posted Fri, Jan 10 2014 16:04 by Don
Filed under:

0 Internet Explorer
96 Restricted Sites
0 Firefox

16734 items in database

 

Posted Thu, Jan 9 2014 16:48 by Don
Filed under:

This is an advance notification of 4 Important security bulletins that Microsoft is intending to release on January 14, 2014.

http://technet.microsoft.com/en-us/security/bulletin/ms14-jan

2014-01-08

Adware
++ Ad.VidSaver ++ BetterSurf + Firseria
PUPS
+ iCrossRider + IWantThis
Trojans
++ Win32.Agent.nir + Win32.OnLineGames.gen + Win32.ZBot
Total: 2597142 fingerprints in 807207 rules for 7220 products.

http://www.safer-networking.org/about/updates/

Posted Wed, Jan 8 2014 9:39 by Don
Filed under:
More Posts Next page »