remove

How To: Disable MacDefender and MacProtector

Posted by Rick on in Apple, Technology How To's, virus 0 Comment

How To: Disable MacDefender and MacProtector

MacDefender and MacProtector are the latest in “anti-virus” protections that are actually malicious themselves. These are targeted towards Macs specifically, but are NOT virus. These are trojans, and can be picked up by visiting malicious sites.

To disable:
As an admin user (most are by default)
Open up Terminal and type: sudo killall MacDefender
Substitute MacProtector if that’s the version affecting your computer.

The password will be your login password.

Then type: sudo -u $username> defaults write com.apple.Safari AutoOpenSafeDownloads -bool false

Replace the word username with your login name; or if you don’t know it, look to the left in terminal.

Hit enter, it should not ask for a password for the second time. This will keep the application from downloading again.

Once that has happened, be sure to visit http://adobe.com/flash and update your Flash software to help block these.

The last step is to use Spotlight to search your computer for the bad app. Once you find it, be sure to throw it into the Trash, then Empty the Trash.

How To: Force Safari to Download PDF Files

Posted by Rick on in Apple, Command Line, Hacking, Technology How To's 1 Comment

How To: Force Safari to Download PDF Files

I hate having my Internet Browser display PDF files when I click on them. I much prefer them to be downloaded. Here are two commands that changes this default behavior.

in terminal (as Admin or Root user) type:
defaults write com.apple.Safari
WebKitOmitPDFSupport -bool YES

Essentially you’re removing PDF Support from Safari so that it doesn’t know what to do with the files. Safari simply downloads the file to the /User/Downloads directory instead.

Keep in mind that updating Safari or Adobe Acrobat may change the PDF handling behavior back to the default. Yes, it is also possible to right click on a PDF and use “Download Linked File,” but this process is more automated.

How To: Clean “Your internet access is going to get suspended” Virus

Posted by Rick on in Microsoft, Technology How To's, virus 0 Comment

How To: Clean “Your internet access is going to get suspended” Virus

I was recently sent a copy of the “Your internet access is going to get suspended” virus. Which is really annoying since my Bit Torrent and P2P use is limited to Magnatune and downloading ISOs of Linux/BSD systems.

So, seeing a lack of responses from the big companies on how to remove it, I sacrificed my one Windows machine to it in an attempt to figure out how to fix it. This is a down and dirty fix, but it worked.

Installing the Virus is easy, download the ZIP file, open it, then run the .EXE file inside.

The Virus installed a new winlogin.exe file. Unluckily this can’t just be removed. After pulling the network cable to keep the machine from reinfecting itself, boot into safe mode. At the command prompt, delete the Winlogin.exe file, along with krnlcab.sys, cabpck.dll, and k86.bin from the System folder.

At this point follow these directions to extract a new winlogin.exe from the original install CD. Remove tmp/msi_setup/* then reboot the computer and double check that the three files above are still gone, and the winlogin.exe has the new date.

Plugin the network cable and immediately do a software update. I found that SP3 had to be reinstalled, but it worked fine.

This is down and dirty, only worked on XP, and is potentially system breaking. If you are not confident in the directions above, wait for the Anti-Virus vendors to create an official fix.