[MikesWhatsNews] MWN #761 HackFix
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mbikes@xxxxxxxxx, mikeswhatsnews@xxxxxxxxxxxxx, mikeswhatsnews@xxxxxxxxxxxxx
- Date: Thu, 16 Dec 2004 16:38:01 -0800
MikesWhatsNews 17, 12, 2004
in today's issue #761
Seasons Greetings
2 W32Zafi-D Christmas Virus Makes the Rounds
3 Microsoft Security Bulletin MS04-040
4 Process Explorer 8.6
5 DesktopX 2.4 Preview
6 YahooPOPs!
7 Ajour
8 CCC National Christmas Tree Association
9 Changing Mouse Pointers
10 Anim8or
11 Run Box Shorcut
12 HijackThis 1.9.9
HackFix Updates
____________________________________________________________
NOTE: Any time you see the " ++ ", it means there is more
of the article, or story, on the linked site. Mike
____________________________________________________________
There is a complete archive of past MikesWhatsNews newsletters
available to members on the Yahoo page, it is searchable by word
or issue #. Here is the address direct to the messages;
http://groups.yahoo.com/group/MikesWhatsNews/messages
and; http://www.freelists.org/archives/mikeswhatsnews/
The HTML version is available here http://www.http://www.mwn.ca/
____________________________________________________________
Please rate this Ezine at the Cumuli Ezine Finder
http://www.cumuli.com/ezines/ra20853.rate
<a href="http://www.cumuli.com/ezines/ra20853.rate";>
AOL Users</a>
___________________________________________________________
Seasons Greetings to Everyone
http://www3.telus.net/mikebike/Xmas.htm
Thank you all for subscribing to Mikes Whats News
We wish you good health and a prosperous new year
This will be the last issue this year we will be back in January 2005
___________________________________________________________
2
W32Zafi-D Christmas Virus Makes the Rounds
http://www3.telus.net/mikebike/W32_Zafi-D.htm
W32/Zafi-D is a mass mailing worm and peer-to-peer worm.
W32/Zafi-D copies itself to the Windows system folder with the filename
Norton Update.exe. W32/Zafi-D creates a number of files in the Windows
system folder with filenames consisting of 8 random characters and a DLL
extension. Some of these are exact or zipped copies of the worm, detected as
W32/Zafi-D, while others are log files created by the worm.
W32/Zafi-D harvests email addresses from the Windows Address Book and from
files found on the hard drive.
W32/Zafi-D copies itself to folders with names containing share, upload, or
music as ICQ 2005a new!.exe or winamp 5.7 new!.exe.
W32/Zafi-D displays an fake error message box with the caption "CRC: 04F6Bh"
and the text "Error in packed file!".
http://secunia.com/virus_information/13872/
To prevent Zafi.D from reaching epidemic levels, Panda Software has released
its free PQREMOVE utility, which detects and eliminates Zafi.D from all the
computers it may have infected.
This tool can be downloaded from:
http://www.pandasoftware.com/download/utilities.
____________________________________________________________
3
Microsoft Security Bulletin MS04-040 Summary
http://go.microsoft.com/?LinkID=1611519
Internet Explorer 6 SP1 on Windows 2000 SP3, Windows 2000 SP4, or Windows XP
SP1
Internet Explorer 6 SP1 on Windows NT Server 4.0 SP6a; Windows NT Server
4.0, Terminal Service Edition SP6; Windows 98; Windows 98 SE; or Windows Me
Internet Explorer 6 for Windows XP 64-Bit Edition SP1
++
____________________________________________________________
4
Process Explorer 8.6
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
Process Explorer shows you information about which handles and DLLs
processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window
always shows a list of the
currently active processes, including the names of their owning accounts,
whereas the information
displayed in the bottom window depends on the mode that Process Explorer is
in: if it is in handle mode
you?ll see the handles that the process selected in the top window has
opened; if Process Explorer is in
DLL mode you?ll see the DLLs and memory-mapped files that the process has
loaded. Process Explorer also has
a powerful search capability that will quickly show you which processes have
particular handles opened or
DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down
DLL-version problems or
handle leaks, and provide insight into the way Windows and applications
work.
Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000,
Windows XP, Server 2003, and
64-bit versions of Windows for x64 processors.
What's new in Version 8.60:
# Multi-row tabs on process properties dialog
# Image signing verification on process image properties dialog
# Mini-CPU usage graph on toolbar
# Command-line option for specifying Process Explorer priority
# Manual refresh (F5) forces recheck of job and .NET process status
# Single-clicking on tray icon minimizes and restores main window
++
____________________________________________________________
5
DesktopX 2.4 Preview
http://www.desktopx.net
This month we'll be releasing DesktopX 2.4. Yea yea, we just
released 2.3 last month, but we've gotten some great feedback and wanted to
toss in those goodies before the holidays!
Here are some of the major changes for 2.4:
- Added Hue shift control for Widgets.
- Added "Widget preferences" panel in widget mode.
Here you can tweak:
- Z-Order
- Opacity
- Shadows
- Run on start-up
- Access widgets via system tray or taskbar (or hidden).
We've really tried to make DesktopX even easier to use with this version.
With
the widgets now being tweakable on their own and the overall interface
simplified, we hope you'll give DesktopX a fresh look.
You can download free version of DesktopX at http://www.desktopx.net or get
it
as part of Object Desktop at http://www.objectdesktop.com
____________________________________________________________
6
YahooPOPs! free
http://yahoopops.sourceforge.net/
Windows version: v 0.6
YPOPs!, for short, is an application that provides POP3 access to Yahoo!
Mail.
It is available on the Windows, Linux, Solaris and Mac platforms.
Yahoo! Mail disabled free access to its POP3 service on 24th April, 2002.
This application emulates a POP3 server and enables popular email clients
like Outlook, Netscape, Eudora, Mozilla, etc., to download email from Yahoo!
accounts. We do not go against the license agreements of Yahoo! Mail. This
application is completely legitimate and well within the realms of legal
software.
This application is more like a gateway. It provides a POP3 server interface
at one end to talk to email clients and an HTTP client (browser) interface
at the other which allows it to talk to Yahoo!
Note: If you find that YahooPops 0.6 does not delete downloaded msgs from
the server and you are downloading the same msgs again, the solution is
here:
http://daniel.bryg.net/yahoopops.php
Thanks to; Sean at http://groups.yahoo.com/group/mycomputerheadaches/
____________________________________________________________
7
Ajour free
http://www.micro-sys.dk/products/ajour/
Windows 95/98/ME/NT/2000/XP/2003
Micro-Sys Ajour is an easy-to-use personal information manager (PIM).
Use it as a combined calendar, diary, organizer, and reminder.
Keep track of dates, appointments, annual events like birthdays, todo items,
and notes. You can also dial phone numbers stored in your data just by
double-clicking them. Ajour supports 8 languages in the user interface:
Danish, Dutch, English, German, French, Portuguese, Russian, and Spanish.
++
____________________________________________________________
8
'Christy's Computer Corner'
thanks to Christy;
http://www.1stpick.org
National Christmas Tree Association
http://www.realchristmastrees.org/
"The trees that grace our homes each year at Christmas are not
newcomers to planet Earth. Most have been our neighbors for
centuries, predating even the very first Christmas. So, where did
these trees come from? How did we find them? Where do they grow?
How do we grow more? And do we use them for
things other than Christmas trees? ... The answers to these
questions and more can be found in the National Christmas Tree
Association's presentation of Christmas Tree History and
Characteristics." - from the website
The site offers an excellent presentation on the various types of
trees used at Christmas, complete with photos and botanical
information. There are tips for tree selection and a guide for
tree care, safety and recycling.
The FAQ answers a number of queries from how to find a
"Charlie Brown" Christmas tree, to which variety has the best
scent.
~~~~~~~~
9
Changing Mouse Pointers
It's really not hard at all. Plus it's a fun way to make
waiting for things to load more bearable.
In Win XP, you'll first go to the Start menu, then the Control
Panel. (In Win98, go to the Control Panel and select Mouse)
Click on Appearance and Themes under "Pick a Category".
Next, click on Mouse Pointers. (This option is under "See Also").
Now you'll be in the Mouse Properties window. Click on the tab
called Pointers. At the top you'll see options under Scheme;
click on the drop-down arrow to look at the different ones
available. Once you click on a Scheme, you can see a preview of
what the pointer will look like by clicking under Customize.
After you decide on a Scheme, click OK and Voila! You've
customized your mouse pointer!
Was this forwarded to you ?
Get your own subscription here:
<1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe>
____________________________________________________________
10
Anim8or
http://www.anim8or.com/main/
Anim8or is a 3D modeling and character animation program that I have
written over the past couple of years, not as a commercial endeavor, but
because I love 3D graphics, animation, and programming. While it is far
from a complete professional level application like 3DStudio MAX or
Lightwave, I believe that it has enough capability to be of use to others.
Version v0.9 is now in beta. Anim8or has come a long way since the first
release called v0.1. There are still may areas that need improvement,
primarily the renderer, but it's getting close to what I had originally
imagined as the magic v1.0. I don't plan on stopping there, but it'll be a
nice milestone along the way.
++
____________________________________________________________
11
Mike's Friday Tip ~ Run Box Shorcut
one of the Window key shortcuts I use a lot is the Windows key + letter R
This will bring up the Run Box into which you can enter an web page
Click Ok and it will open the page in IE
Or enter the directory you wish to go to " C:\ " will bring up the root
directory of your C drive
The Run Box is also the place to enter some of the command utilities which
can only be run from the Run Box.
____________________________________________________________
12
HijackThis
Merijn reports that a new version of HJT is finally available. Here is their
report:
HijackThis 1.99 has gone final and is available for download!
Updates:
Added O23 method: NT Services, which lists all (non-disabled, non-Microsoft)
services, like Msconfig.
Added 'Action taken' info to 'More info on this item' dialog.
Integrated ADS Spy into HijackThis, 'Misc Tools' section.
Added Spybot-like intro frame for first-time users with access to common
tasks.
Added /autolog commandline parameter to automatically scan, save a logfile
and open it.
Fixed bug when item with IP in a Trusted Zone entry (O15) wasn't fixed.
Added 'Trusted IP ranges' to O15 method.
Updated Ignorelist, Backups list and Process manager to allow multiple
selected items.
Fixed bug where a hosts file with inproper linebreaks would hang HijackThis.
Download sites:
Merijn.org
http://www.merijn.org/files/hijackthis.zip
CastleCops
http://computercops.biz/zx/Merijn/hijackthis.zip
SpywareInfo
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Subratam
http://downloads.subratam.org/hijackthis.zip
NOTE:
Systems infected with the 'Ms4Hd' rootkit parasite will experience crashes
in HijackThis 1.99.x since this parasite deliberately crashes programs that
try to detect it. For such cases, a copy of HijackThis 1.98.2 will always be
available here:
http://www.merijn.org/files/hijackthis1982.zip
http://computercops.biz/zx/Merijn/hijackthis1982.zip
_________________
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Have a spyware-free day!
Thanks to; Sean at mycomputerheadaches
_____________________________________________________________
HackFix updates, thanks to Christy;
staff@xxxxxxxxxxx
Http://www.hackfix.org
This weeks Virus Pattern Updates (12/16/2004)
All Software listed Alphabetically by Company name as some
companies manufacture more then one product.
Aladdin Knowledge Systems
Esafe Desktop/Gateway/Enterprise
Last Updated Dec 16/2004
To update your software
Visit: http://www.esafe.com/esafe/downloads/virusig.asp
Or
From the Esafe folder in your Start Menu select Download Updates
~~~~~
AlWil Software
Avast Antivirus
Last Updated Dec 14/2004
To update your software:
Visit: http://www.avast.com/
Or
Right click on the AVAST icon in the system tray, Select iAVS Update,
AVAST will check for updates and download the appropriate files as needed.
~~~~~
Authentium Software Systems
Command antivirus
Last Updated Dec 15/2004
To update your software
Visit http://www.authentium.com/support/downloads/index.cfm
~~~~~
Center for Antivirus Technologies (CAT)
Quickheal
Last Updated Dec 15/2004
To update your software
Visit: http://207.230.103.11/public/updates/updates.asp
Or
Open Quickheal select Utility from the top toolbar and liveupdate.
Follow the onscreen prompts.
Alternately you can select Liveupdate directly from the
QuickHeal program menu on the startmenu.
~~~~~
Frisk Software Systems
Fprot
Last Updated Dec 15/2004
To update your software
Visit: http://www.f-prot.com/download/home_user/
~~~~~
Computer Associates
E-Trust
Last updated Dec 16/2004
To update your software
http://www3.ca.com/support/vicdownload/
Or
From the Respective folder in your Start Menu select Autodownload
For Vet Anti virus
http://www.vet.com.au/html/software/update.html
Be sure to have your Customer ID and your registered email address
handy for verification.
**Note**
We knew this time would come eventually, that Computer Associates would
not continue to support/update the older program
https://www2.my-etrust.com/services/ipe_support??
~~~~~~
GeCad Software
Rav (Reliable AntiVirus)
Last Updated: Dec 16/2004
To update your software:
Visit: http://www.ravantivirus.com/pages/dldupdate.php?type=Daily
Or
Open Rav and select Rav Update from the toolbar
~~~~~
Grisoft Inc.
AVG
Announcing the End of Support for AVG Anti-Virus 6.0 (December 31, 2004)
Read more here:
http://www.grisoft.com/us/us_avg6_termination.php
(New update details will be available next week)
Last updated Dec 15/2004
To update your software
Visit: http://www.grisoft.com/us/us_index.php
Or
Open AVG and click Virus Database to check for updates
Or
Open AVG control centre and click Update Manager/update now
**Note: To help speed up AVG updates you can set your program to use
an alternate download site.
Open AVG control centre->update manager->download from server. The
drop downbox should have listed www.grisoft.com (default) and
www.grisoft.cz. (be sure to select "apply" when done to save the changes)
The default site is most often used so can at times become temporarily
unavailable. By using the secondary site (www.grisoft.cz) helps to ease
the server and makes your update go quicker as most don't use it!
~~~~~
H+Bedv
AntiVir
Last updated Dec 16/2004
To update your software
Visit: http://www.free-av.com/antivirus/allinonen.html
Or
Open AntiVir, from the top toolbar select Tools->
start internet update and follow the on screen prompts.
Vexira
Last updated Dec 16/2004
To update your software
Visit: http://www.centralcommand.com/updates.html
Or
Open Vexira, from the top toolbar select Tools->
start internet update and follow the on screen prompts.
Vexira Antivirus is marketed by Central Command however it is
the same program as Antivir with only a different name.
~~~~~
Kaspersky
Kaspersky Anti-Virus (formerly AVP)
Last updated Dec 10/2004
To update your software
Visit: http://www.kaspersky.com/updates.asp
Or
Open AVP from the top toolbar click Tools-> Update virus definition
Or
From the Kaspersky folder in your Start Menu select AVP updater
*Note* Avp now has available a cumulative update and a
daily update with the daily being any important items they
feel shouldn't wait till the next cumulative update. Our
dates here are based on the most recent Major update.
**Note: Improved update accessiblity. To ease the update web traffic
Kaspersky labs has additional servers for autoupdating. The program
defaults to use one server but can be altered to check a variety of
servers. Select Kaspersky updater, select update via the internet to
open the drop down box(es) select "location" Check the box labeled
"Use alternate locations from the list" select next and next to update.
This option should stay selected after the first time. This helps
Kaspersky lighten the load for updates and helps you obtain updates
easier.
~~~~~
Network Associates
Mcafee
Last updated Dec 15/2004
To update your software
For Mcafee Visit
http://www.networkassociates.com/us/downloads/updates/superdat.asp
(for Virus and Engine updates)
Drsolomn (Product no longer available for new users however
updates still available for current users): Go to the following
Internet site: http://download.mcafee.com/updates/4x.asp
IMPORTANT: When you get to this site you may notice that it refers
to VirusScan. This update is not only for VirusScan. It also works
with Dr.Solomon's.
Or
Open your respective software virus scan scheduler, double click
Auto update, click Run Now to do a manual live update, or click
Schedule to set up a timed live update.
~~~~~
Norman Data Defence
Norman Virus Control
Last updated Dec 16/2004
To update your software
Visit:
http://www.norman.com/downloads.shtml#definition_files_updates
Be sure to have your Valid Username and password handy for verification.
Or
From the Norman folder in your Start Menu select Internet Update
**Note Norman Virus Control web updates are only for version prior to
5.0. Norman 5.0 can only be updated via the update in the program itself.
Thunderbyte Anti Virus
Current Version: This product is no longer being supported.
http://www.norman.com/tbav.shtml
~~~~~
Softwin
BitDefender (Previously known as AVX - AntiVirus eXpert as of Nov 06/01)
Last Updated Dec 10/2004
To update your software
Visit:
http://www.bitdefender.com/bd/site/downloads.php?menu_id=19&s_id=3
Or
Open BitDefender select Protection Options->live upgrade
Or
From the BitDefender folder in your Start Menu select Bitdefender Live
Press Release on the software change
http://www.bitdefender.com/press/ref1.php
~~~~~
Sophos
Sophos Anti Virus
Last IDE available Dec 16/2004
To obtain the latest IDE files
Visit: http://www.sophos.com/downloads/ide/
**Note: Sophos does not update as other products do. They update
the Engine/software once a month (or so) to include all the previous
IDE files. New IDE files are available with new virus threats and must
be downloaded individually until the next software update is available.
Our update dates reflect the most recent available IDE file.
~~~~~
Symantec
Nortons AntiVirus
Last updated Dec 16/2004
To update your software
Visit:
http://www.symantec.com/avcenter/defs.download.html select
your language -> product from the list
Or
Open Nortons software and click the "live update" button
Or
From the Nortons folder in your Start Menu select LiveUpdate -
Norton Antivirus
~~~~~
Trend Micro
PcCillin
Last updated Dec 15/2004
To update your software
Visit: http://www.antivirus.com/download/pattern.asp
Be sure to have your Registration number handy for verification
Or
Open PcCillin click Update then click Update Now (or Update later
to Schedule a timed update)
~~~~~~~~~
If there is an Anti Virus program that is Not listed here that
you would like to see added to the weekly updates list Please
feel free to let us know.
Remember Your anti virus software is only as good as the user...
If you don't keep it updated it won't provide you with maximum
protection.
This weekly Update will be sent every Thursday on or after
6pm (eastern) to keep you up to date on virus pattern updates
available. Virus patterns are checked for most recent update
date as of 6pm Thursdays.
~~~~
~ Hackfix Project Staff
staff@xxxxxxxxxxx
Http://www.hackfix.org
3017 St Clair Ave #176
Burlington, Ontario
L7R 3L7
____________________________________________________________
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
Antivirus software is a good choice to scan your system for possible viruses,
however no virus scanner is 100% effective as manufactures cannot keep up with
the rapid change of viruses that happens daily.
Be sure to update yours regularly.
http://www.hackfix.org/software/antivirus.html
______________________________________________________________________
Please feel free, to offer constructive criticism, as that will help me keep it
interesting.
I also welcome any submissions about new products, web pages, or articles of
interest.
All submissions posted in MWN will be given proper credit.
"MikesWhatsNews" believes in giving credit where credit is due but at times
deadlines and information that is very important to readers we accidentally
misspost an item.
If you believe something to be miscredited, or you know the author of one of
the articles which we have posted as 'unknown', please do let us know so we can
correct the information where applicable.
Many times in a article you may see a click here for more information, or to go
to a link, these often will not work, as the original information, was taken
from a page with HTML links. This is when you will want to go to the webpage
indicated in the article, ++ ,for 'the rest of the story'
***MfM*** indicates that I am adding my own information to a particular
article.
`~*~*~*~*~*~`
Mike ~It's a good day if I learned something new.
You can read a sample of my newsletter on my web page http://www.mwn.ca
My virus pages ~ http://virusinfo.hackfix.org
mytech@xxxxxxxxxxx
~*~*~*~*~
Was this forwarded to you? Want to subscribe? Send an email
to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe.
For a complete list of email commands for our list send an email
to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without
the quotes.
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
To contact the list moderators send an email to
mikeswhatsnews-moderators@xxxxxxxxxxxxx
~*~*~*~*~
Other related posts:
- » [MikesWhatsNews] MWN #761 HackFix