[MikesWhatsNews] MWN #563
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mikeswhatsnews@xxxxxxxxxxxxx
- Date: Mon, 30 Sep 2002 17:01:23 -0700
MikesWhatsNews, 02, 10, 2002
in today's issue #563
Virus Alert: Subject: W32/Bugbear
WinGuides Tweak Manager Version 2.0 BETA
Clean Up IE's Right-Click Menu
Afterlife Properties
DumpLinks Diversions
Looney Tunes at Wiseacre Gardens
Email Remover? Ver 3.0
MSN 8 Does Home Networking
Tina's FrontPage Tips
CCC Budget
Moving the TaskBar
____________________________________________________________
NOTE: Any time you see the " ++ ", it means there is more
of the article, or story, on the linked site. Mike
____________________________________________________________
There is a complete archive of past MikesWhatsNews newsletters
available to members on the Yahoo page, it is searchable by word or
issue #. Here is the address direct to the messages;
http://groups.yahoo.com/group/MikesWhatsNews/messages
and; http://www.freelists.org/archives/mikeswhatsnews/
____________________________________________________________
Virus Alert: Subject: W32/Bugbear
Aliases; Bugbear, NATOSTA.A, Tanat, W32/Tanat, I-Worm.Tanatos
Threat level 2
(New virus causing large infections. Might be local to a specific region.)
Type
Win32 worm
Size: 50.688 KB
Platform: Microsoft Windows 95/98/NT/2000/XP
Discovered: September 30, 2002
Description:
------------
Worm/Tanatos is an Internet worm packed with UPX that attempts
to spread through e-mail and shared network drives.
If executed, the worm copies itself within Windows 9x systems in the
\windows\%system% directory under the filename "DFAV.EXE"
(the four characters in the filename are random).
The worm copies itself within Windows 2k systems in the
\winnt\system32 directory under the filename
"DFAV.EXE" (the four characters in the filename are random).
Additionally, the files "vkgvuaa.dll" (5.632 bytes with randomly
selected filename) and "xgoxmaa.dll"
(randomly filename and size (logfile)). Also, the file
"WCA.EXE" (50.688 Bytes and filename is random) gets added in the
C:\Windows\Start Menu\Programs\Startup\.
So that it gets run each time a user restart their computer the following
registry key gets added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
bta=DFAV.EXE
The registry name "bta" can be random.
The worm creates C:\Windows\YesYia.dat (2 bytes with randomly filename).
Payload:
Worm/Tanatos tries to terminate a long list of security application
processes (antivirus software, firewall applications). It will also open a
TCP port 36794. By doing so, this potentially allows remote administration
on the infected computer.
Refferences:
Information borrowed from "CENTRALCOMMAND.COM Vexira Antivirus"
Full virus description can be read at:
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph
p?p_refno=020930-000024>
~~~
F-secure
http://www.europe.f-secure.com/v-descs/tanatos.shtml
Tanatos is a mass-mailing worm with keylogging and backdoor capabilties. It
appeared in the wild on 30th of September 2002. The worm's file is a PE EXE
(portable executable), 50688 bytes long and it is compressed with UPX file
compressor.
~~~
Trend
<http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=a&virus=W32%
2FBu
gbear&alt=Bugbear&key=&payload=&type=&day=&month=&year=&wkday
=>
~~~~
McAfee
http://www.mcafee.com/anti-virus/viruses/bugbear/
____________________________________________________________
BETA VERSION OF WINGUIDES TWEAK MANAGER V2.0
--------------------------------------------
Version 2.0 of WinGuides Tweak Manager is now in beta testing and we'd
like your help! It includes many new features that allow you to easily
download and apply tweaks to your system with a click of your mouse!
Take control with hundreds of powerful tweaks and hidden registry
settings that let you enhance and secure almost every aspect of Windows.
http://www.winguides.com/tweak/
____________________________________________________________
Clean Up IE's Right-Click Menu ~ by Neil J. Rubenking
http://www.pcmag.com/article2/0,4149,543495,00.asp
You'll have to dig into the Registry. Launch REGEDIT and navigate to the key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt. Each subkey
of this key represents one menu item.
Many will include an ampersand (&) to define the underlined key associated
with the command.
To get rid of a command, you can delete the corresponding key, but that's
awfully permanent.
Instead, highlight the key you want to delete (for example,
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zoom &In).
Choose Export from the Registry menu and export that branch to a file.
Now delete the key.
Open the exported REG file in Notepad.
Find the string MenuExt near the end of the long third line and change it to
MenuExt-.
Save the file and double-click to launch it. Your no-longer-used menu item's
Registry data will be saved in the Registry under the key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt-.
If you want to bring the key back some day, you can reverse the procedure
described here.
From: http://www.pcmag.com
____________________________________________________________
Afterlife Properties
http://www.afterlifeproperties.com/default.asp
Welcome to Afterlife Properties On this web site you can reserve a special
place in the afterlife for any being. The process is simple. First find a
certificate design that appeals to your tastes, then choose a property
description matching the person or pet the reservation is for. And finally,
provide the information required to personalize the certificate. We will
ship the certificate to any destination in the United States free of charge.
++
____________________________________________________________
DumpLinks Diversions
http://php.iupui.edu/~kcarmony/klingon/dumplinks/diversions.html
Ah...the art of wasting time online. Here's the place where you
can play Tic-Tac-Toe or Chase the Dot to your heart's content
while the work piles up beside you. My favorite diversion is the
virtual Mr. Potato Head, where you can add click-and-drag
character to that classic, faceless spud. Good, old-fashioned
fun.
Thanks to; Christy
____________________________________________________________
Looney Tunes at Wiseacre Gardens
http://www.wiseacre-gardens.com/buttons/toons.html
Looney Tunes images sounds original animated gifs postcards and more
++
____________________________________________________________
Email Remover? Ver 3.0 ~ freeware
http://email-remover.com/
Simply the Best & the Easiest!
Compatible with Microsoft? Windows? 98/Me/NT/2000.
Email Remover can save you the trouble of downloading unwanted email.
It connects to your ISP and retrieves mail header information (sender,
subject, date, etc.), letting you pick mail you don't want to receive and
deleting it from the mail server.
It will optionally run your regular email client when it's done so that you
can transfer and read the mail you do want.
Email Remover is a handy little tool in the never-ending battle against spam
-- and it's free!.
++
____________________________________________________________
MSN 8 Does Home Networking ~ by Jim Wagner
http://www.internetnews.com/wireless/article.php/1470661
MSN (Quote, Company Info, News) is the latest national broadband provider to
jump on the home networking bandwagon, announcing free support and rebate on
a bundled MSN-Microsoft Broadband Networking Wireless base station service,
officials announced Wednesday.
The deal doesn't become official until the release of MSN 8, the latest
version of Microsoft's Internet service, which is expected to roll out
sometime in October or November.
Whether home networkers will really benefit from the deal depends mainly on
whether they buy a Microsoft wireless hub or not, since other hardware
manufacturer hubs aren't supported. Customers will need to continue calling
their equipment maker for support issues.
++
From; internetnews.com
____________________________________________________________
Tina's FrontPage Tips, by Tina Clarke
COUNT TO ONE
When you edit a web page and republish your
web with a FrontPage counter installed, the
count goes back to 1 for that page. This is
because you are over writing the counter file in
the _private folder on the remote site. Right click
the concerned file on the hard drive and choose
'Page Properties' | Workgroup tab. Tick the
box marked 'Exclude this file when publishing
the rest of the web'. Press ok.
AccessFP ~ FrontPage Resource Centre
Site ~ http://www.accessfp.net/
Ezine & Forums ~ http://anyfrontpage.com/ FREE FP E-Books
Journal ~ http://groups.yahoo.com/group/AccessFPJournal
____________________________________________________________
Christies Computer Corner thanks to Christy;
<1stPicksoftware-request@xxxxxxxxxxxxx?Subject=subscribe>
Budget
http://budgetsupport.home.att.net/
Win95/98/ME/NT/2k
Freeware
If you are looking for a program that helps you control your
finances, Budget is for you. This easy-to-use program will do
everything you need to balance your budget. The program is
designed for anyone with several
accounts to manage or just one. Not only does Budget allow you
to keep track of over 150 accounts, you can
also do several other things. Make deposits, write checks,
transfer funds, enter pays and balance your checkbook with one
simple program. Easily switch between accounts as well.
~~~~~~~
Moving The TaskBar
You can move the taskbar to a different spot on the desktop.
Since most applications have a menu at the top of their window
that requires mouse clicks, moving the taskbar to the top of the
desktop saves you from moving the pointer from the top to the
bottom of the desktop.
To move the taskbar:
1. Move your mouse pointer over an empty area of the taskbar (not
over the Quick Launch bar, system tray, or a program button).
2. Click and hold the mouse button.
3. With the mouse button still held down, drag the taskbar to the
top, or one of the sides, of the desktop.
4. When you arrive at one of the edges, an outline of the taskbar
will appear. Release the mouse button. The taskbar appears in its
new place.
5. To move the taskbar back, repeat the procedure but drag the
taskbar back to its original position on the
lower edge of your screen.
Was this forwarded to you ?
Get your own subscription here:
<1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe>
____________________________________________________________
Antivirus software is a good choice to scan your system for possible viruses,
however no virus scanner is 100% effective as manufactures cannot keep up with
the rapid change of viruses that happens daily.
Be sure to update yours regularly.
http://www.hackfix.org/software/antivirus.html
______________________________________________________________________
Please feel free, to offer constructive criticism, as that will help me keep it
interesting.
I also welcome any submissions about new products, web pages, or articles of
interest.
All submissions posted in MWN will be given proper credit.
"MikesWhatsNews" believes in giving credit where credit is due but at times
deadlines and information that is very important to readers we accidentally
misspost an item.
If you believe something to be miscredited, or you know the author of one of
the articles which we have posted as 'unknown', please do let us know so we can
correct the information where applicable.
Many times in a article you may see a click here for more information, or to go
to a link, these often will not work, as the original information, was taken
from a page with HTML links. This is when you will want to go to the webpage
indicated in the article, ++ ,for 'the rest of the story'
***MfM*** indicates that I am adding my own information to a particular
article.
`~*~*~*~*~*~`
Mike ~It's a good day if I learned something new.
You can read a sample of my newsletter on my web page http://www.mwn.ca
My virus pages ~ http://virusinfo.hackfix.org
mytech@xxxxxxxxxxx
~*~*~*~*~
Was this forwarded to you? Want to subscribe? Send an email
to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe.
For a complete list of email commands for our list send an email
to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without
the quotes.
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
To contact the list moderators send an email to
mikeswhatsnews-moderators@xxxxxxxxxxxxx
~*~*~*~*~
Other related posts:
- » [MikesWhatsNews] MWN #563