[MikesWhatsNews] MWN #628 HackFix
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mikeswhatsnews@xxxxxxxxxxxxx
- Date: Thu, 09 Jan 2003 16:36:57 -0800
MikesWhatsNews, 10, 01, 2003
in today's issue #628
Computer Virus Year 2003 Started with a Bang
HackFix Updates
2 Ots CD Scratch
3 Advanced IP Scanner
4 InfoMagic v3.2.9
5 Chicken Invaders
6 WindowsReinstall.com
7 NCMEC's Exploited Child Unit
8 CCC Decode RAM Chip Numbers
9 No Logon
10 Living Without Microsoft
11 Use The Keyboard To Shutdown
____________________________________________________________
NOTE: Any time you see the " ++ ", it means there is more
of the article, or story, on the linked site. Mike
____________________________________________________________
There is a complete archive of past MikesWhatsNews newsletters
available to members on the Yahoo page, it is searchable by word
or issue #. Here is the address direct to the messages;
http://groups.yahoo.com/group/MikesWhatsNews/messages
and; http://www.freelists.org/archives/mikeswhatsnews/
____________________________________________________________
Please rate this Ezine at the Cumuli Ezine Finder
http://www.cumuli.com/ezines/ra20853.rate
<a href="http://www.cumuli.com/ezines/ra20853.rate";>
AOL Users</a>
___________________________________________________________
PRESS RELEASE
For release January 9, 2003
Computer Virus Year 2003 Started with a Bang
Four new widespread worms found in two days
F-Secure is alerting computer users as four new internet worms are crawling
across the globe. These new Windows worms were found on 8th and 9th of
January, 2003 and they are known as (in order of appearance) Lirva.A,
ExploreZip.E, Lirva.B and Sobig.
"Several new viruses are found every day, there's nothing special with
that",
says Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "But it is
not normal to find four new viruses which are all successfully spreading in
the wild within two days."
F-Secure Corporation has released a Level 2 Radar alert on all these
viruses,
indicating that system administrators and end users should make sure their
systems are protected. Level 2 is the second highest alert level under
F-Secure Radar alerting system. F-Secure made 27 Level 2 alerts during all
of
year 2002 (and two Level 1 alerts).
"Apart from the two Lirva variants, these viruses are not related to each
other - this does not seem to be a coordinated attack", comments Hypponen.
"It seems we just got a really bad start for this year".
Information of the four viruses follow:
Lirva.A
Lirva (or Arvil) is a mass-mailing worm that uses several methods to spread.
Besides email the worm uses ICQ and IRC chat networks and Kazaa file sharing
network to spread. It also propagates through shared folders and Windows
network drives. Lirva has functionality to disable several antivirus and
security applications if it notices their presence. If the worm is active in
the system it tries to steal passwords and send them to an external email
address.
E-mails sent by Lirva vary a lot, but they often make references to Avril
Lavigne, Canadian rocker who was nominated for five Grammy awards just two
days ago. Apparently the virus was written by a Kazakhstan-based fan of the
artist. When Lirva worm activates, it tries to open the official web site of
Avril Lavigne and starts a graphical screen effect consisting of coloured,
moving circles.
Lirva.B
Functionally Lirva.B is very close to the original Lirva virus. It has been
modified to evade detection of some anti-virus software. Another difference
is that Lirva.B fakes the sender address of infected e-mails, replacing the
address of the infected user with the e-mail address of a random innocent
bystander. The real e-mail address of the infected user can often be found
from the e-mail's "Return-Path" header.
ExploreZip.E
ExploreZip is an internet worm which was first found in June 1999. The
original version (ExploreZip.A) spread all over the globe within days of
initial discovery, becoming first of the really widespread internet worms.
After this, several modified versions of this worm has been found.
On the 8th of January, 2003 - three and half years after the virus was first
seen - ExploreZip.E was found. This version was modified so that it was
undetectable to most anti-virus programs. The worm functionality had stayed
the same. All of the ExploreZip variants spread as an e-mail attachment and
activate by destroying Microsoft Office documents and source code files from
infected computers and from local networks. The worm modifies an infected
computer so that the worm will reply to unread e-mails, sending dummy e-mail
replies with an infected attachment.
Sobig
Sobig is an e-mail and network worm, sending itself around as a PIF e-mail
attachment. The worm has remote control functionality through which the
virus
writer can control infected computers.
Detailed technical descriptions of these worms as well as a screenshot of
the
Lirva virus activation circle routine are available in the F-Secure Virus
Description database at http://www.f-secure.com/v-descs/
F-Secure Anti-Virus can detect and stop all the mentioned viruses.
More information;
Win32.Lirva.A and Win32.ExploreZip.91048 Worms
http://support.ca.com/techbases/ilnt/virusalert2.html
More information about W32/ExploreZi-N can be found at
http://www.sophos.com/virusinfo/analyses/w32explorezin.html
More information about W32/Avril-A can be found at
http://www.sophos.com/virusinfo/analyses/w32avrila.html
What is Worm/ExplorerZip.E
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph
p?p_refno=030108-000016>
___________________________________________________________
HackFix updates, thanks to Christy;
staff@xxxxxxxxxxx
Http://www.hackfix.org
This weeks Virus Pattern Updates (01/09/2003)
We apologize for missing updates over the Holiday Season. Todays updates
somewhat early due to family commitments. All updates verified as of
5:00PM.
All Software listed Alphabetically by Company name as some
companies manufacture more then one product.
Aladdin Knowledge Systems
Esafe Desktop/Gateway/Enterprise
Last Updated Jan 09/2003
To update your software
Visit: http://www.esafe.com/esafe/downloads/virusig.asp
Or
From the Esafe folder in your Start Menu select Download Updates
~~~~~
AlWil Software
Avast Antivirus
Last Updated Jan 09/2003
To update your software:
Visit: http://www.avast.com/latest.htm
Or
Right click on the AVAST icon in the system tray, Select iAVS Update,
AVAST will check for updates and download the appropriate files as needed.
~~~~~
Command Software Systems
Command antivirus/Fprot
Last Updated Jan 09/2003
To update your software
Visit: http://www.complex.is/f-prot/Download.html (F-Prot)
http://www.commandcom.com/downloads/virus_definition_updates.html (Command)
Or
Open Command antivirus click Update Deffiles
~~~~~
Computer Associates
E-Trust
Last updated Jan 09/2003
To update your software
http://support.cai.com/Download/virussig.html
Or
From the Respective folder in your Start Menu select Autodownload
For Vet Anti virus
http://www.vet.com.au/html/software/update.html
Be sure to have your Customer ID and your registered email address
handy for verification.
**Note**
We knew this time would come eventually, that Computer Associates would
not continue to support/update the older program
https://www2.my-etrust.com/services/ipe_support??
~~~~~~
GeCad Software
Rav (Reliable AntiVirus)
Last Updated: Jan 09/2003
To update your software:
Visit: http://www.ravantivirus.com/pages/dldupdate.php?type=Daily
Or
Open Rav and select Rav Update from the toolbar
~~~~~
Grisoft Inc.
AVG
Last updated Jan 09/2003
To update your software
Visit: http://www.grisoft.com/html/us_updt.php
Or
Open AVG and click Virus Database to check for updates
Or
Open AVG control centre and click Update Manager/update now
**Note: To help speed up AVG updates you can set your program to use
an alternate download site.
Open AVG control centre->update manager->download from server. The
drop downbox should have listed www.grisoft.com (default) and
www.grisoft.cz. (be sure to select "apply" when done to save the changes)
The default site is most often used so can at times become temporarily
unavailable. By using the secondary site (www.grisoft.cz) helps to ease
the server and makes your update go quicker as most don't use it!
~~~~~
Kaspersky
Kaspersky Anti-Virus (formerly AVP)
Last updated Jan 03/2003
To update your software
Visit: http://www.kasperskylabs.com/updates.asp
Or
Open AVP from the top toolbar click Tools-> Update virus definition
Or
From the Kaspersky folder in your Start Menu select AVP updater
*Note* Avp now has available a cumulative update and a
daily update with the daily being any important items they
feel shouldn't wait till the next cumulative update. Our
dates here are based on the most recent Major update.
**Note: Improved update accessiblity. To ease the update web traffic
Kaspersky labs has additional servers for autoupdating. The program
defaults to use one server but can be altered to check a variety of
servers. Select Kaspersky updater, select update via the internet to
open the drop down box(es) select "location" Check the box labeled
"Use alternate locations from the list" select next and next to update.
This option should stay selected after the first time. This helps
Kaspersky lighten the load for updates and helps you obtain updates
easier.
~~~~~
Network Associates
Mcafee
Last updated Jan 08/2003
To update your software
For Mcafee Visit
http://www.nai.com/naicommon/download/dats/superdat.asp
(for Virus and Engine updates)
http://www.nai.com/naicommon/download/dats/mcafee_4x.asp
(for Just virus pattern updates)
For Drsolomn (Product no longer available for new users however
updates still available for current users): Go to the following
Internet site: http://download.mcafee.com/updates/4x.asp
IMPORTANT: When you get to this site you may notice that it refers
to VirusScan. This update is not only for VirusScan. It also works
with Dr.Solomon's.
Or
Open your respective software virus scan scheduler, double click
Auto update, click Run Now to do a manual live update, or click
Schedule to set up a timed live update.
~~~~~
Norman Data Defence
Norman Virus Control
Last updated Jan 09/2003
To update your software
Visit: http://www.norman.com/downloads.shtml#definition_files_updates
Be sure to have your Valid Username and password handy for verification.
Or
From the Norman folder in your Start Menu select Internet Update
**Note Norman Virus Control web updates are only for version prior to
5.0. Norman 5.0 can only be updated via the update in the program itself.
Thunderbyte Anti Virus
Current Version: This product is no longer being supported.
http://www.norman.com/tbav.shtml
~~~~~
Softwin
BitDefender (Previously known as AVX - AntiVirus eXpert as of Nov 06/01)
Last Updated Jan 03/2003
To update your software
Visit: http://www.bitdefender.com/html/updates.php
Or
Open BitDefender select Protection Options->live upgrade
Or
From the BitDefender folder in your Start Menu select Bitdefender Live
Press Release on the software change
http://www.bitdefender.com/press/ref1.php
~~~~~
Sophos
Sophos Anti Virus
Last IDE available Jan 09/2003
To obtain the latest IDE files
Visit: http://www.sophos.com/downloads/ide/
**Note: Sophos does not update as other products do. They update
the Engine/software once a month (or so) to include all the previous
IDE files. New IDE files are available with new virus threats and must
be downloaded individually until the next software update is available.
Our update dates reflect the most recent available IDE file.
~~~~~
Symantec
Nortons AntiVirus
Last updated Jan 09/2003
To update your software
Visit: http://www.symantec.com/avcenter/defs.download.html select
your language -> product from the list
Or
Open Nortons software and click the "live update" button
Or
From the Nortons folder in your Start Menu select LiveUpdate -
Norton Antivirus
~~~~~
Trend Micro
PcCillin
Last updated Jan 09/2003
To update your software
Visit: http://www.antivirus.com/download/pattern.asp
Be sure to have your Registration number handy for verification
Or
Open PcCillin click Update then click Update Now (or Update later
to Schedule a timed update)
~~~~~~~~~
If there is an Anti Virus program that is Not listed here that
you would like to see added to the weekly updates list Please
feel free to let us know.
Remember Your anti virus software is only as good as the user...
If you don't keep it updated it won't provide you with maximum
protection.
This weekly Update will be sent every Thursday on or after
6pm (eastern) to keep you up to date on virus pattern updates
available. Virus patterns are checked for most recent update
date as of 6pm Thursdays.
~~~~
~ Hackfix Project Staff
staff@xxxxxxxxxxx
Http://www.hackfix.org
3017 St Clair Ave #176
Burlington, Ontario
L7R 3L7
____________________________________________________________
2
Ots CD Scratch v1
http://www.cdscratch.com/
Win9x/2k/XP ~ Freeware
With this application one can turn a computer into a virtual turntable and
mixing station.
You don't need to have two CD-ROM drives as you can mix using the two
different tracks on the same CD.
You can do many of the same features you see DJs use on regular turntables,
such as scratching, play one song forward and one song backwards, or just
adjust the audio levels and let your CD be automatically mixed between the
virtual turntables.
Ots CD Scratch 1200 is perfect for all you weekend audiophiles and aspiring
DJs.
Taken from WINDOWS TIPS 4 ALL:
wintips4all-subscribe@xxxxxxxxxx
____________________________________________________________
3
Advanced IP Scanner
http://www.radmin.com/products/famatech_nu/default.html
Advanced IP Scanner is a fast, robust and easy-to use LAN scanner for
Windows. It easily lets you have various types of information about local
network computers in a few seconds! . It gives you one-click access to many
useful functions - remote shutdown and wake up, Radmin integration and more!
Powered with multi-thread scan technology, this program can scan hundreds
computers per second, allowing you to scan 'C' or even 'B' class network
even from your modem connection.
++
____________________________________________________________
4
InfoMagic v3.2.9 - free
http://factsfacts.com/IMagic/
Requires Windows 95/98/SE/ME/NT/2000/XP*
A Personal Memory Aid & Organizer for People Who Hate to Organize.
The simplest, most straightforward, freeform way to keep track of the bits
and pieces of facts, data, & information that swirl around your everyday
life.
Quickly locate any fact you've saved. A real Personal Information
Manager/memory aid. Open, structure fits itself to you -- there's no trying
to conform to somebody else's idea of how to save information.
From; My Computer Headaches
http://groups.yahoo.com/group/mycomputerheadaches/.
____________________________________________________________
5
Chicken Invaders ~ game
http://www.simtel.net/pub/pd/61848.shtml
Operating system: Windows 95/98/Me/2000/XP
Sometime in the near future, earth is invaded by chickens from another
galaxy, bent on revenge against the human race for oppressing earth
chickens!
Take the world's fate in your hands (or at least have an omelette) in this
modern rendition of the 80's classic.
One or two players.
____________________________________________________________
6
WindowsReinstall.com
http://www.windowsreinstall.com
This site will show you how to install, upgrade , reinstall , repair ,
troubleshoot and fix Microsoft Windows XP ( Also known as WinXP & whistler )
, Windows 98 ( Also known as Win98 ) , Windows ME ( Also known as WinME &
Windows Millennium) , Windows 95 ( Also known as Win95 ), Windows 2000 (
also known as Win2k & W2K ), Windows NT ( Also known as WinNT), OEM
computers ( Dell, Advent, Time, HP, and Compaq home PC's and Laptops ).
Also tips, tricks, help, hints, how to build a computer plus much much more.
Thanks to; Christy
____________________________________________________________
7
NCMEC's Exploited Child Unit
http://www.missingkids.com/html/ncmec_default_ec_index.html
NCMEC's Exploited Child Unit was created through a mandate by the U.S.
Congress that authorized a cooperative agreement between the U.S. Department
of the Treasury and NCMEC for the establishment of this unit. Prior to its
creation, in cooperation with the U.S. Customs Service, NCMEC operated the
Child Porn Tipline, via its telephone Hotline.
ECU is not an investigative agency, but rather a resource center and
clearinghouse for the community and law enforcement.
++
____________________________________________________________
8
'Christy's Computer Corner'
thanks to Christy;
http://www.1stpick.org
Decode RAM Chip Numbers
http://www.chipmunk.nl/DRAM/ChipManufacturers.htm
At this site you just plug in those RAM chip numbers to find out the memory
specs.
Just the thing for all those mystery boards
Good site ~ Mike
~~~~~~~~
9
No Logon
Do you get an annoying network logon screen every time you boot Windows?
Well, here's a way that *should* get rid of it for you.
Please note that if you have your computer set up for multiple users, this
tip isn't for you.
Additionally, if you are on a network and a password is required to get onto
your network, this little trick probably won't work (if no password is
required, then you *should* be OK, but check with your network administrator
first).
Everyone else should be fine.
If you're still with us, here's how to rid yourself of that annoying logon
screen:
1. Click Start, Settings, Control Panel
2. Next, open the Network Icon.
3. Finally, change the item in the Primary Network Logon drop down box to
"Windows Logon".
It's probably a good idea to write down whatever was in the "Primary
Network Login" box before you change it.
Just in case...
That's it.
You should no longer have a logon screen pop up when you start Windows.
Was this forwarded to you ?
Get your own subscription here:
<1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe>
____________________________________________________________
10
Living Without Microsoft
http://www.livingwithoutmicrosoft.org
This site is for anyone who wishes to explore realistic alternatives to
Microsoft software. Our aim is to provide accurate information about, and
analyses of, non-Microsoft software and to discuss the benefits and problems
you are likely to encounter if you adopt it instead of a Microsoft solution.
We also try to provide news on industry and legal developments which may be
relevant to anyone making decisions about deploying non-Microsoft software.
Please note that this is NOT an 'anti-Bill-Gates' site. Nor is it a 'Linux
Fanatics' site. Nor is it exclusively devoted to Open Source software,
because there are lots of proprietary alternatives to Microsoft software. We
created Living Without Microsoft because the market dominance of Microsoft
leads many non-technical people to assume that there really is no
alternative to using its software. In many cases, there are real
alternatives, and our aim is to help you find them.
++
____________________________________________________________
11
Mike's Friday Tip ~ Use The Keyboard To Shutdown
If you have ever experienced mouse problems and the inability to click on
the buttons this tip may help.
You can use the keyboard to shutdown.
Click on the 'Windows' key, this causes the 'Start' menu to be displayed.
Next press the 'U' key to bring up the 'Windows Shutdown Screen'.
Clicking the 'S' key will shutdown, and 'R' will restart Windows.
____________________________________________________________
If there are strange characters with =94 Freelists has changed them.
=92 is an appostopy - don't
=93 is a left quote "
=94 is a right quote "
=92 is a dash -
____________________________________________________________
Antivirus software is a good choice to scan your system for possible viruses,
however no virus scanner is 100% effective as manufactures cannot keep up with
the rapid change of viruses that happens daily.
Be sure to update yours regularly.
http://www.hackfix.org/software/antivirus.html
______________________________________________________________________
Please feel free, to offer constructive criticism, as that will help me keep it
interesting.
I also welcome any submissions about new products, web pages, or articles of
interest.
All submissions posted in MWN will be given proper credit.
"MikesWhatsNews" believes in giving credit where credit is due but at times
deadlines and information that is very important to readers we accidentally
misspost an item.
If you believe something to be miscredited, or you know the author of one of
the articles which we have posted as 'unknown', please do let us know so we can
correct the information where applicable.
Many times in a article you may see a click here for more information, or to go
to a link, these often will not work, as the original information, was taken
from a page with HTML links. This is when you will want to go to the webpage
indicated in the article, ++ ,for 'the rest of the story'
***MfM*** indicates that I am adding my own information to a particular
article.
`~*~*~*~*~*~`
Mike ~It's a good day if I learned something new.
You can read a sample of my newsletter on my web page http://www.mwn.ca
My virus pages ~ http://virusinfo.hackfix.org
mytech@xxxxxxxxxxx
~*~*~*~*~
Was this forwarded to you? Want to subscribe? Send an email
to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe.
For a complete list of email commands for our list send an email
to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without
the quotes.
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
To contact the list moderators send an email to
mikeswhatsnews-moderators@xxxxxxxxxxxxx
~*~*~*~*~
Other related posts:
- » [MikesWhatsNews] MWN #628 HackFix