Having recently got bitten by a malware bstrd which pretended to be a Windows update from MS, I've got paranoid. (It took me 3 days to get rid of the pest..) Is this a genuine MS update site (it LOOKS good..)? DON'T click/use it unless you really know the answer - just in case: http://www.microsoft.com/security/malwareremove/default.mspx Any replies as to whether I should install or not would be greatly appreciated.. Cheers, Diolma

I'd do some checking on whatever names you see there. Do a Google on malwareremove, or default.mspx. There's a web site out there that explains suffixes to file names, but unfortunately at work. Anyone who can hijack Microsoft's site would be doing pretty hefty stuff..I can sympathize, my missus' machine has (oh..let me see), Cool Web search, Ad Destroyer, Virtual Bouncer (you have to pay them to uninstall it), and some neat feature that won't let Hijack This! even run.
I've gotten to the point that I don't trust 'yes/no' popup boxes in VB (they're just buttons, and you could easily 'reverse' the actions taken, etc). Good luck.

It's a legitimate MS tool. It's included as an optional component of the latest patch bundle.

I hate to sound like a broken record, but STOP using IE! Get either Netscape Mozilla Firefox or Opera They may have a few bugs every so often, but those get fixed ASAP - unlike IE. Also, make sure you DON'T do ANY e-commerce on your wife's computer; CoolWebSearch has been found to be a MASSIVE keylogger/identity-theft tool. Consider any information typed on that computer to be public domain now.

I could browse to the page from the microsoft.com root, it's legit. Don't try searching on default.mspx, you'll get ooodles of results, .mspx is a legit extension on sites that run on ASP.NET.

IE may be better than most! At the recent Security Conference all the various Browsers were put through their paces on identical machines (as far as Firewall, AV, etc...) IE performed as good or better than all others. The only bad part about IE is it is the center of the Hackers Bulleye, being a MS product. I mean, who wants to brag that they found a breach in Opera? Hackers work numbers. They want the biggest impact from their efforts. Firefox with all the various plugins that are out there performed the worse, but the difference between the best and worse was really minor. The recommendation came down (for IT managers)to have everyone use the same browser, keep it updated and make sure the rest of your security devices are also properly set up, updated, and working. The biggest culprits to issues are third party add-ons that take over certain settings, such as Site Search Engines. Also, most failures in security came from the user allowing sites to install programs, or the user installing a program to view a site. Software is not the problem, it is the stupid users! P2P is one of the biggest offenders and the Free Real Player has ended up on many IT Dept's Banned Software lists due to its nature and the default settings. (NOTE: If all users using MS IE and OSs turned on Auto Updates and allowed those updates to be installed, about 99% of the current known issues would be dealt with. The problem is too many computers are out there that do not have the latest updates installed. The recommendation from the conference to MS was make the Updates smaller, so users with slow connections would be willing to update the machines.)

I think the main problems lies within the MS validation scheme. There are many, many users out there that use a pirated copy of XP, and they can't update. While I can't blame MS for fighting software piracy, their current scheme of only allowing updates to valid XP installations (no pirated serials or circumvented activation) leaves a lot of users with outdated and vulnerable systems, and those are targeted by the crackers and scriptkiddies. This also generates an awful lot of unwanted Web traffic. I've never had any trouble using IE. I've got legal XP installations, a fast DSL connection, and automatic updates. And of course, I'm rather careful when installing programs and opening links. Of course, a good virus scanner and a decent firewall are essential these days.

I'd like to take these People who send virus's, Worms, Trojans and such in the back alley, and show them how much I appreciate them waisting a lot of mine and a lot of others the time and expence fixing what they think is cute! When we get these people to pay a heavy price, one that will cost them all the time and expence that they cost so many people, is what is needed. Like the old fashion dunking stool. For about a week 24 hours a day 7 days a week, and under the water for about 1 minute at a time. Then they can find out what some people think is funny in punishment.

"Software is not the problem, it is the stupid users!" It's actually the usual IT Dept's attitude that they are a step above God and that they don't have to explain to users why certain things are not to be done. Since 99.99% of all settings done by IT Dept's are for the convenience of the IT Dept instead of providing the users with a usuable workspace , very few users take the decrees as issued by the Lords of IT as anything but a pain in the proverbial.

I don't know about anyone else, but I'd say that my computer experience is mature (nearly 20 years), Mozilla/Firefox is far better than IE (despite praises from IT people - are they really people?). Only rarely do I ever get popups (as compared to IE popup heaven), it has "tabbed browsing" (poor sucky IE), and handles just about everything that IE does (yes, there are areas where it won't work, but I can tolerate IE when absolutely necessary - about once every couple months at best). Plus, I get it on Windows and MacOS (where I can use the same bookmarks and settings). Not that I think IE totally sucks, just that, as has been pointed out, it's M$, it's under a constant barrage of attack. And it sorely (as in two years ago) needs tabbed browsing. I don't know what tweaks were performed (and, o'boy, wouldn't it be just amazing if these oh-so-special IT guys didn't), but Mozilla/Firefox are highly configurable. Yo, IT guys, SysAdmins kick your A$$!! (or, your base belong to us). ;)

I use SlimBrowser which adds tabbed browsing and all the other goodies one could want to the IE engine. I would agree that IE is no better or worse in a secure environment. With regularly updated AV. firewall and anti-spyware (I use the free MS AntiSpyware) you're about as safe as you're going to get. FireFox is beginning to turn up vurlnebilities more often (12 in July) as it becomes more popular and hackers begin to pound on it. Now browser alone is going to make you safe. You can switch to a platform with a miniscule market share perhaps. Ideally, get VMWare or some other virtual machine environment and do all your browsing in a VM that you can restore in seconds if it gets trashed and your "real" system remains secure.

I think the main problems lies within the MS validation scheme. There are many, many users out there that use a pirated copy of XP, and they can't update. Not True.... Anyone can get Security Updates, they just can not get other Updates.

I admit that IT dept fail in evaluating Users and in Training/Explaining the pros and cons of specific aspects of Computer Use, but most of this is the end users fault. The biggest issue for the IT is not the mass users in the cubicals, but the management that has the portables and think that their position alone indicates that they have some sort of superiority. I have seen more managers blame their assistants or secretaries for problems with machines, when all the assistant did was upload the file he/she had on the laptop! Most large companies now have a mandatory training class for security issues and most now are adopting refresher courses for all employees on a annual basis (and sometimes dept. wide after one person has an issue related to security.) I agree some have a chip on their shoulders, but I also think that evolves due to bad relations between dept. management and the IT. A few companies have realigned IT within Security (when there is a security dept.) and that has seemed to give those companies IT Dept. more clout when it comes to recommendations at all levels of employment. (Calling IT when your laptop messes up and having a uniformed Security Officer show up puts a good message on the main cause for problems with the system!)

Hackers work numbers. They want the biggest impact from their efforts. Which is why breaking away from the rest of the bleating flock may do some good. ;-) bonni

Attached Link: http://pachome1.pacific.net.sg/~kennethkwok/lynx/#why

I'm very familiar with Lynx. Most of my websites actually work perfectly well in that browser, believe it or not. The first website I ever designed was done for and with Lynx (I didn't have the required SL/IP connection to use a graphical browser, which in those days was pretty much Mosaic or nuttin ;-). Lynx is very, very good for checking a site for usability, FWIW. bonni

I have my computer set to automatically check for and download updates, and the last one installed within the last day or two had something about a "malware" remover. I didn't pay much attention and just installed it when I was advised there were updates to install.

MS is sending regular (monthly, I think) 'malware' removing routines. From what I've read, they just do their thing and go away - these are not permanent installs. I agree that a well setup system (AV, Firewall, etc.) are much more important than the browser, but in general MS's previous record has been rather horrid with respect to computer security: * Messenger - unless you are in a localized business environment, this service should not only never be running, it should be shot as a traitor. The stupid vulnerabilities that it introduces with its automatic installation and startup give MS the "two-thumbs in your eye" award for stupidity beyond the call of the duty. :) * Outlook - (which I still use, sorrily) has improved, but still allows possibilities for triggering scripts and malicious HTML pages. The only circumvention is to never open attachments, never open unrecognized/unsolicited emails, and turn off HTML email support. * MS Office - in conjunction with Outlook, you have vulnerability city populated by a bunch of software that opens 'back orifaces' :=) to all sorts of issues unless you update (manually) on a regular basis. Basically, the internet to hackers is the same situation as software is to crackers. The mantra for software is this: The only crack-safe software is software that is never run. The analogy for the internet is: The only computer safe from hackers and other malicious attacks is never connected to the internet.

"Most of my websites actually work perfectly well in that browser, believe it or not." Cool. One of these days I'm gonna try it just to check it out. I've only gotten hijacked a couple of times and the really bad one was an apparently resistant form of Cool Web Search. I was going to strat hacking the registry when I found a demo of Giant AntiSpyware that cleaned it right up. A few months later, MS bought them and released it as MS Antispyware. I'm not sure if the malware remover covers anything it doesn't

all forms of CWS are highly resistant. It took 5 months to get it off my system, and I finally went to Mozilla..no problems since. Thanks for the tips and such..my wife refuses to give up on IE..;)
I've been in IT for 18 years, and my clients have run from dim blub (it's just statistics, there are clueless people in every field..you should see me flounder in Accounting..;), to one who rewrote command.com to give himself more room in memory (the dark days of DOS 5, where command of autoexec and config.sys was an art, more than anything else..;) They're just people, and if you treat them right, they'll treat you right..

A few thoughts:

Many IT departments are bound by the bureacratic rules of the corporation. I worked for a large company back in 2003. I was the first person in our group to get Windows 2000 (mainly because I had the oldest computer, so I was first in line to get a new one). And at the time, the company was still debating the merits of upgrading from NT to Windows 2000- almost 3 years after the OS was released! The big issue is how the latest OS (and the latest patches) will affect the development teams, the customer service users, and everyone else.
So, how can users expect to keep up with the latest patches if the IT department can't install the latest software?

But, for the home user:

1. Set your Windows Update to "download and install automatically" or at least "notify me of updates". You absolutely can not be using an unpatched version of Windows. (And why there are still "critical" security holes in Windows XP, released how-many-years-ago, is another issue.)

2. Absolutely do NOT use Internet Explorer. While it may have rated the highest for security, it is still the largest target for hackers. You may be taken to a site (or be served a "hacking" banner ad) before you get the chance to install this week's updates. Would you rather use IE and risk having to re-install Windows or just switch to Firefox?

As a side note: the only real way to remove adware and spyware is to reinstall Windows. I know that sounds drastic, but some spyware will actually remove or block the installation of programs like AdAware and Spybot. Some spyware will lurk in the registry or hide under a different name: a friend of mine had spyware in the Startup folder with the name of "Intel power tool".

And, please, NEVER, EVER click on a link that says "Update your PayPal information by clicking here: http://216.34.45.67/paypal/update.php"
The real PayPal will send to a link that looks like: "https://www.paypal.com/..."

And never ever click on a link that claims to be from PayPal, but the return address is "sample@escape.ru"... I seriously doubt that the real PayPal sends its email through a Russian server!

But, DO forward these types of e-mails to PayPal so they can (hopefully) track down the people responsible for these e-mails.

--John

Message edited on: 08/13/2005 12:15

Image software such as Norton Ghost can be a real lifesaver. And use multiple partitions! After a fresh install of a (new) system, with only the OS, the drivers and my main productivity tools (Office, Textpad, Winzip, codecs) I make an image. Other apps are installed on another partition, data on a third partition. If a system becomes corrupt, I just have to restore the image, apply the latest updates, and possibly reinstall some applications. All data are safe. Radical enough to eliminate the corruption, and much, much faster than trying to find and fix the cause. It's happened to me only once (a CWS variant). Restoring the image and reinstalling the apps took less than an hour. Then I had to scan the data for the CWS infection - that was the most time-consuming operation in the whole process.

Good grief. So many responses! Thx all. Actually, I mainly use Mozilla. Occasionally (about twice a year) I have to resort to Internet Exploder. I also have a H/W firewall, McAfee AV and AdAware. (And Spybot sowhere on the system but I rarely use it.., maybe I should). And HiJack this.. Lately I have taken to opening up Task Manager immediately after booting up and scanning the running tasks. So far I have gotten rid of: mmod, AdMunch, RealSched (and Realplayer), qtask (and QuickTime) and mdm. The one I'm currently having problems with is regsvc.exe. I don't want it to run (this is a single user PC; I don't need to update the registry from a remote PC!), but I'm not sure how to go about it. I suspect I could run the uninstall (which appears to be a genuine MS NT update), but not sure if I'd upset anything else if I do... Cheers, Diolma

You can disable the service from Administrative Tools->Services. Nothing seems to depend on regsvc, so it should work. And if you encounter problems, you can simply enable the service again.

Thx Steven - I'll try that (tomorrow - I'm about to go to bed..) Cheers, Diolma

Definitely a good place to look is Services. There are several good websites (no links come to mind, Google works) that detail common services, what they do, and whether or not you can change them from Automatic to Manual or Disabled. Do this with extreme caution as some services are required. QT task can be disabled from the Registry. Real#?$!er never ever gets installed on my machine. Pro constantly ran background services which would interrupt whatever I was doing to show me that it had special news to advertise. And they increased their monthly service fee but were extremely reluctant to cancel my account. I moved the charges to a credit card that soon became defunct. :) A free and non-invasive alternative is Real Alternative.

Attached Link: http://arstechnica.com/news.ars/post/20050805-5175.html

Even if you do not have IE, you still could have CWS. It may or may not function fully, but it could be lurking on your system with its Keylogger working. I believe that only those that used Mozilla based Browsers with a specific plug-in are vulnerable to getting it. Remember, it Hijacks IE, but installs itself in Windows Registry. I will see if I can get this clarified Monday.

What would be the circumstances for getting CWS installed on one's system? Do you have to install some plugin or just go to their website? I use FireFox with NAV running and a hardware firewall. Plus, I've never used/been to CWS. Don't think that will ever happen. :) Thanks!

From what I recall (and it has been a bit since I saw this) CWS makers had compromised a few sites using PHP or something similar that require a Plug In in mozilla. The result was it installed itself in the OS, but was not apparent, because it could not Hijack the Browser. What did occur was all the Keystroke logging that was installed. If the user had IE installed, but unused, it was sending the information. Most likely you are okay. Even on those sites it compramised I believe the user had to do something proactive to install CWS. I think you might find information if you Google CWS or COOLWEBSEARCH and Key Logging. Also, there are specific files in your System32 Folder that you would have if you have CWS. I use IE and I have a firewall and I have not gotten this hijack program on any of my 6 machines. I did pick up a discard from a customer that bought a new machine because there old one was so slow. It had tons of stuff on it, including CWS. (NOTE: Most places that installed CWS were adult sites. If you do not go to those, you most likely will not get it. SECOND NOTE: It is easy to get to one, just by mistyping or randomly clicking links to older sites that may be gone. (I have had the older link thing happen myself.)

Yeah, I finally tried the link you had, and it's malware, or possibly so. There is no 'security' directory, but the is a malware remover (somewhat useless), but at least I can run Hijack This!. Ad-awares' down to 'only' 70 bad things (including Cool Web Search), every time I do it.
I'm suspecting that what's happened is that the malware folks are 'organized'..if you're infected by one and miss it, the others are loaded as well, every time.
When I finally got CWS 'removed', it had gotten to the point that it created a randomly-named dll in System 32, which was loaded before you even get to the logon screen. No doubt it's still there, but my web habits must make for some pretty dull reading. My wife REFUSES to give up IE, because of Outlook (door #2 for hackers)..but that's a problem on 'my end'. The hackers may have gotten a leg up with Mozilla, it won't run...at all.
What I'm going to do is backup her data files only (nothing from Microsoft Word, Excel, or Access..@#$ing macros), format the partition, and start over.
It's a shame, she wants AOL, Realplayer, Napster (the legal one), Music Match, AIM, Limewire (daughter), and thinks these are 'good' programs..but, once again, that's on 'my' end..;) hey good luck.. but don't go to the first-mentioned site.

There is a way to get rid of it. It involves changing a few lines in Registery to the default that will stop the dll issue. Then you can remove (run CWShredder). Google CWShredder and you should find the instructions.

Unless you're running Office 95, blocking macros in Office is about as easy as it gets. The simple yes/no scheme of Office 97 was a real pain, but Office 2000 and later have a setting to enable only "trusted" (digitally certified) macros. I seem to remember that the default setting of Office 2000 was "low security" - bad move, MS! - but in Office XP the default is "high security, only accepted digitally signed macros".

Am re-saving this thread for when I get my new machine back (had it for a day but there was a motherboard problem with it, couldn't see 2nd hard drive. And no, it hadn't ever been connected to the outside world) AKA a long bookmark:-)) Cheers, Diolma

Best way to be sure it's a legit Microsoft update is to just got to their update site and check. I used to do automatic updates but the last one actually crashed my machine. After paying the high price for XP, I would expect better updates at least. I have Firefox but someone figured how to send a nasty there too. Was just a trojan but it played havoc with some of my files. Now I use the latest AV/AntiSpyware from my own server. So far it has stopped the non-sense. But be aware, some hackers have actually put code in Web pages. One minute you're on a site and the next you've got a virus...ugh. Be careful where you surf. :)