Digital Protection Malware virus

Digital Protection Malware virus

There is a new major malware virus going around right now. This one is “Digital Protection” and infects computers after the user gets one of those pop-ups that says “You have a virus!”

The odd thing about this one is that it’s also taking over the Windows Updater program, so it can’t be used to download new security patches and fixes from Microsoft.

It’s also loading itself multiple times into the Windows registry. Below are step by step instructions on how to remove it. http://www.geekstogo.com/forum/Removal-instructions-Digital-Protection-t274218.html

This is a nasty removal process so if you’re not familiar with editing the Windows registry, I highly suggest you take this somewhere professional.

How To: Create and Import vcf VCards

How To: Create and Import vcf VCards

VCards are simply virtual business cards used to exchange contact information. They are easily recognizable with the .vcf file extension. Vcards have rapidly become a universally excepted way of transferring contact information between devices. They can be sent to most phones such as Blackberries and iPhones, or to all the popular Email programs and multiple contact collection programs.

The first step in creating a VCard is actually the hardest. Below is an example of my own VCard:

BEGIN:VCARD
VERSION:2.1
FN:Rick Hamell
N:Hamell;Rick;;;
TEL;PREF;CELL:971.555.5555
EMAIL;INTERNET:rick@hamell.net
URL:http://RickHamell.com
URL:http://www.1nova.com/blog
URL:http://www.1nova.com/photoblog
UID:efc38667f3b9ab04495f9c54d2587950
REV:2008-10-27T20:47:59Z
END:VCARD

As can be seen it shows all the important contact info that would be found in any contact program. In addition to Email addresses it includes my phone number and URL to my website.

Many programs such as Apple’s Address Book, or Microsoft Outlook will allow exporting a contact to a VCard file. They can also be edited with a text file as long as the conventions in structure are observed. The easiest method is to use an online generator. I prefer Wacomenance.co.uk but the one at Vicintl.com is more streamlined and compatible. Keep in mind that while MOST programs should read all the fields in a VCARD, some will drop fields such as second and third email addresses.

After creating a card the next step is to import it in to the preferred Contact Program.

Microsoft Outlook:

  • Click on File menu, then choose Import And Export.
  • Click to select the Import a vCard file (*.vcf) check box, and then click Next.
  • Select the vCard file, and then click Open.

Microsoft Entourage:

  • Open Entourage
  • Click on Address Button
  • Drag .VCF file to upper right hand window of Entourage

Apple Address Book:

  • Simply Double Click on the .VCF Card

Mozilla Thunderbird:

  • Attach VCard in Email to self
  • Click on VCard
  • Click OK in “New Card for” Dialog Box

Keep in mind that VCards only really work well with one contact at a time. This is not the way to export or import a fully populated address book. Also, it’s best to be careful where the file goes as it could be used for malicious purposes. Only send the file out to people known to you.

How To: Clean “Your internet access is going to get suspended” Virus

How To: Clean “Your internet access is going to get suspended” Virus

I was recently sent a copy of the “Your internet access is going to get suspended” virus. Which is really annoying since my Bit Torrent and P2P use is limited to Magnatune and downloading ISOs of Linux/BSD systems.

So, seeing a lack of responses from the big companies on how to remove it, I sacrificed my one Windows machine to it in an attempt to figure out how to fix it. This is a down and dirty fix, but it worked.

Installing the Virus is easy, download the ZIP file, open it, then run the .EXE file inside.

The Virus installed a new winlogin.exe file. Unluckily this can’t just be removed. After pulling the network cable to keep the machine from reinfecting itself, boot into safe mode. At the command prompt, delete the Winlogin.exe file, along with krnlcab.sys, cabpck.dll, and k86.bin from the System folder.

At this point follow these directions to extract a new winlogin.exe from the original install CD. Remove tmp/msi_setup/* then reboot the computer and double check that the three files above are still gone, and the winlogin.exe has the new date.

Plugin the network cable and immediately do a software update. I found that SP3 had to be reinstalled, but it worked fine.

This is down and dirty, only worked on XP, and is potentially system breaking. If you are not confident in the directions above, wait for the Anti-Virus vendors to create an official fix.

How To: Speed up Web Surfing

How To: Speed up Web Surfing

We would all like to surf the Internet a little faster. Unluckily Web Browsers, Network speed, and computer speed all conspire to make surfing the web as slow as possible.

Luckily each browser has a couple of tweaks that can be used to make things go faster.

Firefox
Firefox actually has the most options to affect network speeds. So many in fact that not only does Mozilla have a page about it, there are several blogs about it. These are very easy to access, simply type: about:config in your address bar.

Change the following settings:

  • network.http.pipelining, change the value from 4 to 8.
  • network.dns.disableIPv6, change value to true
  • network.http.proxy.pipelining, change to true
  • If those feel like to much trouble, there is a Firefox plugin that helps: chromedit

    Internet Explorer

    This first tip is Vista specific and is untested by me. I’ve heard that it works extremely well though but just like all these other settings your mileage may vary. http://www.wisebread.com/quick-vista-hack-to-get-you-browsing-at-high-speed-again

    The second tip is a bit more general. Using regedit we change the default number of connections from two to a larger number. Keep in mind that this will not always be reliable as some larger sites will limit the number of connections on their side.

  • Go to Start -> Run
  • Type “regedit”
  • Go to the value: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings
  • On right side check for these two values: MaxConnectionsPerServer MaxConnectionsPer1_0Server
  • If they’re not present: right-click on the white region of Regedit’s right-hand column, click New, and then click DWORD Value.
  • Type: MaxConnectionsPerServer and hit enter
  • Right Click again and add the value: MaxConnectionsPer1_0Server
  • On each value, MaxConnectionsPerServer and MaxConnectionsPer1_0Server, click on decimal and change the number from 2 (or 0) to something like 6 or 8
  • Close Regedit, start Internet Explorer and enjoy
  • Safari
    Speeding up Safari is a bit different then the other browsers. You are actually SLOWING the browser down. Safari has a setting that changes the delay on the browser from one second to a slower integer. In Terminal (with Safari closed) type: defaults write com.apple.Safari WebKitInitialTimedLayoutDelay 0.25

    The last number is time in seconds and can be anything between 0 and 1. So 0.34 or .81 are acceptable along with the more rounded 0.5 and 0.75.

    Another good hint is to clear the cache, favorites icons, addons, and removing the preference file. Macrumors put together a great page showing how to do that.

    Keep in mind that most of these will not drastically speed up your Internet, it’ll be a small but usually noticeable speed increase. Keeping your computer in top shape and virus free will also go a long ways towards helping speed up the your web surfing.

    How To: Reset Admin/Root Password

    How To: Reset Admin/Root Password

    Anyone who has been in the IT business for any length of time knows literally hundreds of passwords. As we get older though it becomes harder and harder to remember each password and continue with safe security practices. Many companies have gone to centralized password systems. But such software is not always compatible with every OS there is. In such cases as the four year old FreeBSD server sitting in the corner that serves one application. So, here is a large list on ways to reset the root password or administrative user on many operating systems. Keep in mind that these instructions all assume you have physical access to the server in question.

    FreeBSD (all versions)

    1. Turn Server off. Hitting the Power Button should start a shutdown cycle.
    2. Hit ESC when the OS starts booting
    3. Choose option 4 to boot into Single User Mode
    4. When asked for a shell, hit enter to default to /bin/sh
    5. Once the machine is booted and you see the hash, type
      1. mount -u /
      2. mount -a
    6. Type passwd to reset the password
    7. Enter new password and confirm it. “pam_chauthok(): error in service module” means that the filesystem is not mounted. Follow step 5 again.
    8. Type reboot or hit the power button again to reboot the machine normally.

    Linux (Lilo Loader)

    1. Reboot machine
    2. Hit Esc to get to boot prompt if it doesn’t to it automatically
    3. type: linux single
    4. type: passwd
    5. Enter in and confirm new password
    6. type: sync
    7. type: reboot

    Linux (GRUB loader)

    1. Reboot machine
    2. Hit Esc to get to boot prompt if it doesn’t to it automatically
    3. Select the Kernal. Hopefully there is only one or two and the names are descriptive. But any one SHOULD work.
    4. type: e
    5. Select the line that starts with “Kernal”
    6. type: e (again)
    7. Add the letter s (in lower case) to the very end of the line
    8. Hit Enter
    9. type the letter b to start booting
    10. Mount the drives type:
      1. mount -t proc proc /proc
      2. mount -o remount,rw /
    11. type: passwd
    12. Enter in new password and confirm it
    13. type: sync
    14. type: reboot

    OS X (All Versions) OS X has two ways to reset the Administrator Password.

    Option 1:

    1. Find the computer’s original boot disc. These are system specific. If it’s not available, any OS X retail boot disk will work. The wrong disc will give an error message.
    2. Boot off the disc. Accomplish by holding down the c key during power up.
    3. At the Menu go to: Utilities
    4. Choose “Reset Password”
    5. Enter in new password and confirm
    6. Click on Installer
    7. Choose Quit

    Option 2:

    1. Hold Down Apple+S while booting computer
    2. Type: sh /etc/rc
    3. Type: passwd root (if that doesn’t work try admin or administrator instead of root)
    4. Enter in new password and confirm
    5. Type: reboot

    Solaris (On Sun Hardware)

    You must have the Solaris CDRom to do this. If you do not have physical media, get it here. Note that this download is for Ver10, so may not work on older versions.

    1. Reboot Machine
    2. Hit Stop +A to get to the OK prompt
    3. Type: boot cdrom -s
    4. Once booted off the CDRom, type: mount /dev/disk/c0t0d0s0 /a (those are Zeros)
    5. Type: vi /a/etc/shadow
    6. Use the h,j,k,l keys to move around in vi (or go here for more commands)
    7. On the second line, which says root:<bunch of random letters/numbers> type: dd
    8. Type: :wq! to save and quit out of vi
    9. Type: umount /a
    10. Type: boot ok -s (to boot into single user mode)
    11. Type: passwd
    12. Enter in new password and confirm it
    13. Type: reboot

    Note that many Solaris systems may have mirrored volumes, a volume manager or other method of copying the full filesystem. If this is the case these instructions will need to be followed for both volumes, otherwise corruption can easily occur.

    Solaris (i386/Intel Hardware)

    Again you should have the CDRomto boot off of.

    1. Reboot Computer
    2. Enter Bios and Change Boot Order to CDRom first if needed
    3. Boot Computer
    4. On Boot Menu choose Single User mode, which is Option 6 on Solaris 10
    5. Choose Yes when asked to mount the root filesystem
      1. If you choose “No” it can still be mounted with the same command, /dev/disk/c0t0d0s0 /a (those are Zeros)
    6. Type: vi /a/etc/shadow
    7. Use the h,j,k,l keys to move around in vi (or go here for more commands)
    8. On the second line, which says root:<bunch of random letters/numbers> type: dd (to delete whole line)
    9. Type: :wq! to save and quit out of vi
    10. Typ: cd /
    11. Type: umount /a
    12. Type: init s
    13. At password prompt hit enter key
    14. Type: passwd root
    15. Enter in new password and confirm it
    16. Type: reboot

    General Windows

    Amazingly Windows Server does not have an easy way to recover the password. Microsoft would call this security, but do provide a package of recovery software that does the job. But it costs $199. Tech Trax has an article on reseting the password on XP system via the XP install disc. Or you can download an emergency boot cd from here, here, or buy a password cracker from here. Be extremely careful with downloading Windows password crackers from the Internet. Yes they may work, but it’s more likely they are actually a Virus or a Trojan and could cause more problems then you have already.

    *edit* Hiren’s BootCD has several utilities that will allow the reseting of Windows passwords.

    Windows 7
    This does not reset the password, but allows you to make a new Administrative user who can then change the password in the control panel for the other user.

    1. Boot off your Windows 7 DVD
    2. Choose “Repair your computer”
    3. Go to the recovery environment
    4. Open command prompt
    5. Type “cd windowssystem32”
    6. Type “Rename Utilman.exe Utilman.exe.bak”
    7. Type Copy cmd.exe Utilman.exe
    8. Reboot Computer
    9. At Login Screen, hold down the Windows and “U” keys
    10. Type net user /add NewAccount mypassword (use your own name for NewAccount)
    11. Type net localgroup administrators NewAccount /add (replace NewAccount with the name used above
    12. Login with new user
    13. Go to Start -> Control Panel -> User Accounts and Family Safety
    14. Click on User Accounts
    15. At the bottom of “Make changes to your user account area” click “Manage another account”
    16. Choose old user
    17. Click “Change Password”
    18. Enter the new password
    19. Logout of the current account
    20. Login to the old account with the new password

    Windows 8
    User the Microsoft Diagnostic and Recovery Tools (download here) to reset the password.