Just kidding! If your computer is slow, chances are that there are tones of programs that are hogging up your limited resources: unnecessary programs that were frequently accessed in the past but no longer in use today. And since this guide is for those who want to make their computer fast for free, buying up more RAM is not really a solution (but of course, I highly recommend this to everyone who has the money!).

So, now I’m going to reveal my way of quicken things up. First thing to say, the solutions produced here are not exhaustive, meaning to say, there may be other ways or solutions that perform better than mine. However, I assure you that mine do really work, based on my real experience. J

I’m just going to list out all tricks in my sleeve so brace yourselves.

All the tech-tricks in my pocket:

1. Update your anti-virus frequently
   1. As cliché as it can be, this is the fundamental move that you should do first. Viruses, Trojans, spywares and other evil beings can be really a pain in the neck when it comes to detecting and eliminating them.
   2. By having the latest protection, you will protect your beloved computer from these culprits who often will hog up your resources without you knowing.
   3. As for me, I use AVG Anti-Virus: Free Edition. So far it works and most importantly it’s free. :P
2. Install Firewall to Safeguard Your Computer from Unwanted Programs on the Web
   1. Firewall supplied by Microsoft is enough as long as you turn it on.
   2. But to be in the safe side, you should try to install other brands of firewall, since they perform better than Microsoft (logically, they specialize in building firewall, as opposed to Microsoft who has multitude of other things to do)
   3. As for me, I have used Sygate Personal Firewall (SPF) in the past and now have reverted to the old Windows Firewall. From my experience SPF is really simple but not as user-friendly to those who are not much of technical person. I have used it countless of times before and it works in blocking things that you don’t know about (it will ask you). There are also other famous brands like ZoneAlarm Personal, but I detest them since it’s too autonomous. Maybe it fits you. Who knows? Give it a try.:P
3. Spybot Search & Destroy (SSD)
   1. This is one of the must-have weapons in your combating inventory. SSD is very famous and its database is always up-to-date to include all the spywares out there (be it small or big).
   2. So, whenever you feel that something is wrong with your system, this is your first step: Scan with the Spybot Search & Destroy (with latest update of course J). Chances are that you’ll bump onto a lot of unknown spyware that have been breathing up on your resources.
   3. Another thing to do in SSD, is the Immunisation process. It works just like how it works on human body. Update regularly and immunize your system frequently.
   4. As for me, whenever I get a new system, I will do install this application first before moving on with other things.

   [caption id="attachment_33" align="aligncenter" width="300" caption="Spybot Search & Destroy"][/caption]

4. Msconfig – Makes your computer to boot up fast
   1. Msconfig is not a software, rather it is a utility provided by Microsoft to those who want to customize their startup programs (programs which are launched automatically when you log on into windows)
   2. Here is how to launch Msconfig: Go to Start > Run > Type “msconfig” > Click OK
   3. Then, a new window will be launched. Click on the Startup tab. In there, you will see a list of programs along with a tick box for each program.
   4. You can browse the list and select programs that you think are unnecessary to be loaded near the startup time.
   5. In fact you can uncheck all the boxes if you want. Why? What happen if you uncheck an important application that must be loaded during the startup? The answer is, that application will be loaded regardless whether you uncheck it or not. So don’t worry.:P

   [caption id="attachment_28" align="aligncenter" width="300" caption="Msconfig windows"][/caption]

5. Install Procexp – Display and describe all the running processes in your computer
   1. Procexp or Process Explorer is just amazing. This application helps you to identify all the running processes in the background. There is a description given for every process that is currently running.
   2. So whenever you want to do spot-check, fire up this application and go through the list of running processes. If you suspect a malicious process is running, google up the name of the process to confirm your suspicion. If it’s true, time to spybotting (using Spybot Search and Destroy (no.3) and kill the process. In fact this is better, since you can save time from having to scan your computer all the time (in other words, you can only choose to scan when there is a problem).

   [caption id="attachment_29" align="aligncenter" width="300" caption="Process Explorer windows"][/caption]

6. Uninstall unused programs
   1. This is pretty much self explanatory.
   2. Why? Some of these unused programs will automatically launch their services/processes when you log on into the computer. And since you have no need of them, we indeed have no need of their background processes too!
   3. So, dig up your Program Files folder and try to find any software that you feel unfamiliar with. Chances are you don’t need that software anymore!
7. Clean your computer with CCleaner
   1. Another great application that I would like to share is CCleaner.
   2. You can do lots with CCleaner:
      1. Cleaning up temporary internet files
         1. When you browse or surf the internet some files will be downloaded into your computer without you knowing it explicitly.
         2. Most of them are not dangerous and are only used to aid your surfing experience.
         3. However, as time passes by, the files will grow in number and soon all of your space will be eaten up.
         4. Hence, it’s advisable for you to at least cleaning up your temporary file folder monthly or once for two months or so on.

         [caption id="attachment_31" align="aligncenter" width="300" caption="CCleaner windows - Cleaning up temporary files"][/caption]

      2. Fixing up any existing issue
         1. This feature will fix up any broken links in your laptop.
         2. For example if you have a broken Shortcut, this feature will eliminate it, hence leaving your system all clean and sorted out.

         [caption id="attachment_30" align="aligncenter" width="300" caption="CCleaner windows - Fixing up issues"][/caption]

8. [OPTIONAL] Get Hijackthis – This is an ultimate double sided weapon
   1. Hijackthis is very powerful that it can backfire to the user. It’s a program much like to Procexp but has very deep results shown up to the users.
   2. So deep that if the user accidentally delete an important application, the whole system can be corrupted.
   3. Usually, I turn to this for the last result. It is very technical and requires you to know every single process shown without any description given.
   4. However, don’t worry since there are experts out there that will help you using Hijackthis. Usually they will ask you to paste the result into the website for diagnosis. From then on, they will advise you on which program/process to delete and which to leave untouched.
   5. A simple google on Hijackthis will yield hundreds of website that offer free diagnose on one’s Hijackthis result.

   [caption id="attachment_32" align="aligncenter" width="300" caption="Hijackthis windows"][/caption]

That is it folks. However, I sincerely believe that prevention is better than cure. It’s cost-effective, fast, better and saves you a lot of time. All the above methods do indeed work for me. So far, nothing worse has happened to my beloved lappy. If you are really worried, I would suggest that you make a restoration point so that if anything bad happens, you can roll back to your previous state. I’m not going to be responsible if your computer blows out or something, but I will try to help you as much as I can! J

HijackThis is a free utility by Trend Micro which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs.

This application has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, or log file, with the results of the scan.

Because of the heuristic methods used by HijackThis, the results of the scan can be confusing/intimidating, to those who are not advanced users. On the other hand, the strength of this program lies in the large community of users who participate in online forums, where experts (voluntarily and for free), will interpret HijackThis scan results for you, and then provide you with the information you need to clean any infection.

The latest version (2.0.2), adds potent tools to the Configuration window including, a process manager and hosts file editor to help you remove dangerous infections, and an ADS Spy tool which scans alternate data streams, that browser hijackers can, and will use, to evade antispyware applications.

Despite the fact that you may only need this small application infrequently, it deserves a place in your anti-malware toolbox.

To get a real feel for how powerful this small application is, checkout the great tutorial on using HijackThis, at BleepingComputer.com.

System requirements: Windows Vista, XP, 2000, Me, 98

Software requirements: Internet Explorer, FireFox

Download at: Download.com

To read a great article on the current state of other free security tools hop on over to Techwalker, and checkout my friend Mark's article on
Online Security Tools Revisited.

This is the reason I have added several new services to the board:

- a new forum called "Is this an infection?": http://www.smokey-services.eu/forum/viewforum.php?f=139
This forum is part of the HijackThis Logs / Malware Removal Forums, here can you post if you think that the problems you are experiencing are due to malware. My HJT Staff help decide what your problems are and, if necessary, will take suitable action to solve your problems.
Of course our HijackThis Log Analyzing and Malware Removal & Cleaning Forum remain unaltered, like in the past you can post here your HJT logs.

- the up to date Internet Storm Center Infocon Status: http://www.smokey-services.eu/forum/viewtopic.php?f=64&t=19805
The 'Infocon' is a service provided by SANS, the largest source for information security training, certification & research in the world. The intent of the 'Infocon' is to reflect changes in malicious traffic and the possibility of disrupted connectivity. In particular important is the concept of "Change". Every host connected to the Internet is subject to some amount of traffic caused by worms and viruses. However, once a worm has been identified and the number of infected machines is no longer increasing, this traffic is not likely to cause any disruptions.
The 'Infocon' is intended to apply to the condition of the Internet infrastructure. SANS do not monitor particular nations or companies.

- up to date Security Alerts, Advisories and access to a Threat Database: http://www.smokey-services.eu/forum/viewtopic.php?f=64&t=19802 All these services are provided by Symantec. These Symantec services are an addition to our existing Alerts and Advisories.

We hope you will appreciate our efforts :)

Get Anti-Malware Toolkit here!

It is a never ending battle to protect yourself from the ever increasing threat of ad-ware, malware, spyware, and viruses. Everyday new variants are unleashed in to the internet making our chances of infection greater than ever. The most protective measures we can take is to arm ourselves with protection software. While some are good for protection purposes, some are well served to help remove problems from our systems.

Anti-Malware Toolkit is a tool to download protective software. While it does not protect or clean, it does download the tools and utilities to do so. AMT downloads the latest versions of Super Antispyware, Malwarebytes Anti-Malware, HijackThis, Spybot, Autoruns, CCleaner, LSP Fix, and several applications to keep us safer (Firefox, Thunderbird).

Atualmente está difícil navegar na Internet sem contrair os famosos Hijacks, controles de ActiveX e componentes que infestam seu navegador de barras, botões, ficam abrindo janelas(na maioria das vezes de produtos ou pornografia) e fazem alterações de dar medo. Muitas vezes você pode adquirir essas pragas instalando programas que aparentemente são inofensivos, mas trazem patrocinadores e malwares.

O HijackThis é capaz de achar entradas de registro, detectar e remover estas ameaças que tanto causam dores de cabeça, o programa é atualizado quase sempre, oferecendo defesa as novas pragas.

Download: HijackThis

How to get rid of Antivirus XP 2008.

QUICK NOTE: It is different than the XP Antivirus 2008 most sites refer to.. please see the pictures:

STEP 1. (OPTIONAL: FOR TECHIES: ALL OTHERS CAN SKIP THIS STEP:
1. Got to the Start menu and click Run
Type Regedit

Browse to
a. Hkey_Local_MAchine/Software/rhc5m5j0ev0p
b. Hkey_Local_MAchine/Software/lphc35dj0e1an
and remove the above 2 entries.

STEP 2. (You can Start here and get the same results)

1. Stop the program from loading on startup. How you ask?

Click > Start,

Go on to >Run and click Run

2. Type msconfig

3. select the Startup tab

Look for the following programs checked to run on start up:

a. Uncheck: lphc35dj0e1an
b. Uncheck: rhc75dj0e1an

Click apply, and then click ok

4. Restart computer

5. Delete the main files(Folders) the program uses. Delete the following file:

a. C:\windows\system32\lphc35dj0e1an.exe (where "C:" is the letter for your harddrive)

Then delete the following folder and all files in it:

b. C:\program files\rhc75dj0e1an

Although this will remove the program from your system you still have a warning message displayed as your wallpaper in Windows--the reason is that the virus removed the ability to change the wallpaper or your desktop settings. We are almost done, hand in there....

To restore ability to change your desktop settings and select a different wallpaper follow the instructions below.

STEP 3.

1. Go to >Start > Run

type: Gpedit.msc

Navigate to User configuration> Administrative Templates> Control Panel> Display

2. Right click on Remove Display in Control Panel
3. Click on Properties and select Disabled

4. Do the same steps to change the following attributes to disabled:

a. Hide Desktop Tab
b. Prevent changing wallpaper
c. Hide Appearance and Themes tab
d. Hide Settings tab
e. Hide Screen Saver tab

You should now be able to use your computer normally and change the wallpaper to something other than the warning message Antivirus XP 2008 set it to.....Hahaha DONE! You did it, you are the mannnn or woman no I got to be politically correct! Mmmmmmmmmmhhhhhhhh...you get the picture.

Once you are done, you can click here to download a scanning tool: Recommended: This tool will scan and clean up your system:
Tools Needed for this fix:
Malwarebytes' Anti-Malware: Click here to download the tool: Do a full system scan:Delete all the entires that appear on the list
The Download windows system defender and as well scan the entire system: Remove all the system entires that appear on the list as well

ClamWin, issued under a GNU General Public License, is a graphical front-end to the ClamAV anti-virus software that runs on Microsoft Windows. Features include: Scheduler - set up scans to run at a defined time. Automatic virus database updates via the Internet, Automatic notifications of new ClamWin releases, Standalone virus scanner, Scanning of programs that are loaded in memory, Context menu integration to Microsoft Windows Explorer - right click on a file to scan it, Microsoft Outlook add-in to scan incoming and outgoing e-mails. ClamWin Antivirus does not include an on-access real-time scanner, that is, it is necessary to manually scan files in order to detect a virus. The Microsoft Outlook add-in, however, will delete a virus-infected attachment automatically, without any intervention from the user.^[14] Without the on-access real-time scanner, it gives a user option to deploy one other proprietary [commercial] antivirus software: McAfee, Grisoft AVG, Norton, Symantec, etc. The newest release is ClamWin 0.91.2 0.93.1, a 6.32MB 21.432 installer without the 10.5MB 14.845MB main and 1.260MB daily virus databases protecting against 287,326 332028 viruses.

Spybot - Search & Destroy^[15] by Safer Networking Ltd. detects and removes spyware of different kinds from your computer. If there are new toolbars in the user’s Internet browser that one did not intentionally install, if the browser crashes, or the browser start page has changed without one’s knowledge, it most probably hosts some spyware. Spybot – S&D comes under the Dedication Public License, and runs on Microsoft Windows 95, 98, ME, NT, 2000 or XP (32 and 64 bit), 2003, Vista. Spybot-S&D can also clean usage tracks. Spybot – S&D offers multiple tools for computer system monitoring, such as Resident Tea Timer, which perpetually monitors the processes called/initiated and immediately detects known malicious processes wanting to start and terminates them; tools to list installed ActiveX, BHOs, Browser Pages, Hosts file, current running processes, programs at Windows startup, registered uninstallers, and network drivers (Winsock LSP). It allows fixing some registry inconsistencies through a bundled system internals tool which searches missing help files and shared DLLs; non-existent application paths; wrong uninstall information and broken desktop links. The current version 15.1.15 15.2, a 7.12MB 9.495MB installer plus a 1.83MB 2.585MB included files, offers protection against 70,036 malware from Trojans to PUPs. The freeware SpyBot – S&D tackles what other stand-alone proprietary registry checkers, such as CCleaner, RegMechanic, PC Tools, etc. cannot do.

SpywareBlaster^[16], published by Javacool Software in 2002, pioneered the effective use of prevention techniques to reduce or greatly eliminate spyware-related problems, as well as problems related to other potentially unwanted software such as dialers, browser hijackers, and adware. The current release of SpywareBlaster, version 3.5.1.0 4.1 is a 2.44MB 2.803MB installer, which also provides unique utilities like the exclusive "System Snapshot", and various useful tools such as Restricted Sites Protection, Internet Explorer and Mozilla/Firefox Protection. Current SpywareBlaster offer protection against 8543 installed ActiveX dialers, cookies, adbots, hijackers, and potential unwanted sites, e.g., CoolWebSearch or XXXToolBar.

Ad-Aware, issued by Lavasoft AB and designed for Windows 98, 98SE, Win ME, Win NT 4, Win 2000, and Win XP Home/Professional running at least P166hz, can comprehensively scan memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, parasites, scumware, selected keyloggers, selected traditional Trojans, dialers, malware, browser hijackers, and tracking components. The SE v. 1.06r1 installer is a 6.41MB file plus the current 1.58MB definitions files, detecting 153,120 signatures.

HijackThis, issued by Soeperman Enterprises Ltd., now presently bundled as TrendMicro’s beta version 2.0.0.0 2.02, a 1.24MB 793KB utility, is the first general browser hijacker detector and remover. It scans the PC and generates a log file of the registry and file settings commonly manipulated by malware and legitimate software.

Notes:
^[14] Phillips, Russel, (2007), Clamwin Manual & Help © 2004 – 2007.

^[15] Safer Networking Ltd. (2007), Spybot – Search & Destroy Help file.

^[16] Javacool Software LLC (2005), SpywareBlaster Help file.

This blog is based on another paper: A Secured Network Using Freeware: A Proposal. Although the latter is applied to a corporate network, the ideas could also be applied to home computers or stand-alone computers.

For more read the article here ]]> http://billmullins.wordpress.com/?p=538 Wed, 25 Jun 2008 17:06:39 +0000 billmullins http://billmullins.it.wordpress.com/2008/06/25/hijack-it-back-get-hijackthis-free/ Your home page has been hijacked and despite the fact you’ve run every anti-malware program in your arsenal, you can’t get it back. Don't give up; there’s hope yet!

HijackThis is a free utility by Trend Micro which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, and other malware or unwanted programs.

This application has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

The program doesn’t target specific programs, but instead it analyses registry and file settings and targets the methods used by hijackers to redirect your browser. After the scan HijackThis creates a report, or log file, with the results of the scan.

Because of the heuristic methods used by HijackThis, the results of the scan can be confusing to those who are not advanced users. However, the strength of this program lies in the large community of users who participate in online forums, where experts will interpret HijackThis scan results for you, and provide you with the information you need to clean any infection.

There is a great tutorial on using HijackThis at BleepingComputer

The latest version (2.0.2), adds powerful tools to the Configuration window including, a process manager and hosts file editor to help you excise virulent infections, and the ADS Spy tool which scans alternate data streams, that browser hijackers can use to evade spyware removers.

Despite the fact that you may only need this small application infrequently, it deserves a place in your anti-malware toolbox.

System requirements: Windows Vista, XP, 2000, Me, 98

Software requirements: Internet Explorer, FireFox

Download at: Download.com

Twelve Essential Freeware Applications:

1. AntiVirus Software: AVG or avast! - With it's realtime protection, automatic updates, avast! is an excellent alternative to commercial antivirus products. A highly configurable application, avast! guards against viruses by scanning downloaded files or email attachments. Similarly, another quality antivirus application is AVG. The latest incarnation of AVG (8.0) is slightly more bloated than the previous version (7.5), which will be dearly missed, however, it's still a good antivirus program. It too has realtime protection and automatic updates, and just like avast!, you basically install it and let it do it's thing. And unlike avast!, you can do scheduled scans - which I think is an important feature. For example, I have AVG scan my entire system starting at 1 AM every Saturday morning. Both AVG and avast! have fully featured editions which cost money, but the free home/personal editions are perfect for the average home user.
2. AntiSpyware Software: Lavasoft's AdAware 2008 Free and SuperAntiSpyware - AdAware can scan and eliminate tracking programs, cookies, keyloggers, spyware, hijackers, and trojans. A good program, it unfortunately does not provide realtime protection. SuperAntiSpyware, despite having a name that sounds like a bogus AntiSpyware program, it actually works.  My first experience with the software was when I used it to remove a varient of the Vundo trojan off a friend's computer.  The only drawback is that updates are manual and there is no realtime protection. Install both and run them manually biweekly.
3. Browser Hijacks: HijackThis along with the Log Analyzer - An application that actually falls under the AntiSpyware category, HijackThis scans your machine for settings that may have been changed by spyware programs. For example, if you have alot of popups or if your google/yahoo searches lead you to shopping websites, your browser may have been hijacked. HijackThis will scan your machine and create a log file. You take the log file to the Log Analyzer page to get an interpretation of the results, giving you an idea of what's good and what's bad. Just like AdAware, you usually don't need this program unless you unwittingly installed some "search assistant" or "shopping assistant" program or some third party wallpaper/screensaver that came with some "extra goodies", that you really weren't aware of.
4. Firewall: Comodo Firewall Pro 2.4 and Zone Alarm- If you have a router at home (if you don't you should!!), that will protect you from incoming attacks. The router typically has firewall functionality built in, that will make your internal PC invisible to the outside world. A software firewall, on the other hand, installed on your PC, will protect you against malicious outgoing traffic. It will allow you to control which software programs on your computer has access to the internet. By using a software firewall, you can see which programs are trying to get out to the internet, either to access info (such as program updates, antivirus updates) or send info (such as your personal searching habits). Zone Alarm works well in giving you this type of protection, displaying alerts when applications try to connect out. It is good for the novice user who wants a general software firewall without the need to fine tune. Comodo allows a user to fine tune the firewall, with the ability to specify TCP ports, traffic direction (incoming, outgoing, or both). In other words, it's for the user who wants to get down to the nitty gritty. The new 3.0 version seems a little bloated. It crashed my machine several times, causing BSODs. So I would stick to the 2.4 version, which is still available, unless you're adventurous. They are constantly updating the software, so the latest version may be ok, but try at your own risk. If you choose to use Zone Alarm or Comodo, you should disable the Windows Firewall so that they don't create any conflicts. On a side note, Sygate Personal Firewall was fantastic until Symantec bought them out and canned it (R.I.P.).
5. Privacy: CCleaner - If you surf the Internet, whether using Internet Explorer or Firefox, of any other browser, you're bound to have a load of cookies and temporary files. CCleaner will help clean up those unnecessary files in addition to, Windows Temporary Files, URL History, Recycle Bin, Clipboard, Windows Log Files, Recent Documents from the Start Menu, among other temporary files. A good, easy to use cleaner. You can set it to run automatically after the computer boots up, and set it for secure deletion (from 1 to 35 passes). I usually run it after I'm done browsing or going to websites where I need to enter a username and password. The "C" in CCleaner supposedly stands for Crap. NOTE: When you install CCleaner, make sure you uncheck the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option. It otherwise installs the Yahoo toolbar which is not something I recommend.
6. Popup Blockers: Google Toolbar: Windows Internet Explorer has it's own popup blocker which works ok, but the Google toolbar provides an extra layer of protection against popups. Plus you get the Google search bar. A nice toolbar that doesn't seem to weigh down the browser providing extra buttons for gMail and gCalendar (both recommended but non-essential), it also simplifies your search. Just make sure to go into the Settings--> Feature tab and uncheck any unnecessary add-ons (usually all of them).
7. Archiving: 7Zip - A fast archiving program which packs/unpacks files and directories in 7z format as well as the ZIP, GZIP, BZIP2 and TAR formats. It unpacks only in the RAR, CAB, ISO, ARJ, LZH, CHM, MSI, WIM, Z, CPIO, RPM, DEB and NSIS formats. It integrates well with the Windows shell, and works better than the Windows unpacking utility since you don't have to deal with the Windows Extraction Wizard which makes something that should take one step, into four steps.
8. CD/DVD Burner: CDBurnerXP - A CD/DVD Burner program which allows you to burn a data or audio disc, burn an ISO image, copy or erase a disc. Replace your trial version of Nero or Roxio with this free program.
9. Encryption: TrueCrypt - When you need to encrypt your USB flash drive or create an encrypted "container" or partition on your hard drive, TrueCrypt is the way to go. TrueCrypt provides for "on-the-fly", transparent encryption allowing you to securely store your files without much hassle. Essential when you store personal information on your computer, such as your tax files, password lists, etc.
10. PDF Reader: Foxit Reader - A small, fast alternative to Adobe Acrobat Reader (2.55M versus 20M) with no annoying splash window. Required for when you need to download/read user manuals or other documents which only come in PDF format.
11. PDF Writer: PrimoPDF - Great for when you need to print something (like an online shopping receipt) but don't have a printer handy, print to a PDF printer. Basically, acts like a printer, but simply "prints" to a pdf file, which you can save and print later, or save and open using your favorite PDF reader.
12. Image Resizer: Microsoft Image Resizer PowerToy - Nice simple tool to resize pictures that you've taken with your digital camera. You simply right-click on the photo (or selection of photos), and select "Resize Pictures" from the menu. Easier than starting another program (such as Photoshop or Elements) to resize pictures.

That's it!. Of course, if you're not the type to install "free" wallpapers, screensavers, toolbars, shopping assistant applications, then you probably don't need any of the above :)

Hope this list helps. Comments are certainly welcome!

Mike Rothman posted some thoughts on the rapidly evolving Manage Security Services space. He likens it to the process banking went through. It's an interesting read.

Jennifer Jabbusch shares a really good analogy with us regarding Logging, Correlation and IT Search. Very helpful for those times when you are trying to get across an inherently technical topic to a group of non-technical people.

Via Xavier at /dev/random a free and nifty looking tool.

HijackThis™ is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis creates a report, or log file, with the results of the scan.

Security4all points us towards a video that gives us a introduction to XSS using Webgoat. The video is hosted at securitydistro.com.

By way of John M Willis, a pointer to an article on Network World, 20 great Windows open source projects you should get to know.

Richard Bejtlich shares his experience attending a Edward Tufte class on Presenting Data and Information. I have not read Edward's stuff, but it is on my list to check out.

Jeff Lowder has an article up on BlogInfoSec.com about Agility and Risk Compensation. He has some interesting points about perceived risk and the actions that people take in light of their understanding of risk as it pertains to agility in business. He also points to a good article on wikipedia about Risk Compensation Theory. Both are worth a gander.

Well that's it for now.

Have a good day.

Kevin

Technorati Tags: mss, logging, correlation, search, hijackthis, xss, webgoat, open source, powerpoint, presentation, risk compensation

Download HijackThis 2.02 [392 kb] [1 mei 2008]

Pada bagian satu sudah kita bahas mengenai penggunaan ProceXP, sebuah utiliti kecil pengganti Task Manager bawaan Windows. Dibandingkan dengan Task Manager Windows, ProceXP memiliki fitur-fitur tambahan yang memungkinkan kita untuk melihat lebih dalam service-service atau file yang sedang berjalan di sistem komputer kita.

Nah, kali ini pertanyaannya adalah bagaimana jika registri windows sudah di-blok oleh virus sehingga kita tidak dapat mengakses registri lagi, dan dengan demikian file atau service bawaan virus tidak dapat dihentikan ?

Tentu saja tugas pertama kita adalah membuka proteksi registri dulu, sehingga kita dapat dengan mudah meng-aksesnya.

Copy teks dibawah ini lalu buka di notepad dan simpan dengan nama bebas dengan ekstension .inf (misalkan unhook.inf), maka file  teks tadi akan berubah menjadi file inf (Installation File) :

[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

Seperti biasa masuk Windows dalam modus Safe Mode dulu.

Setelah itu klik kanan file tersebut lalu klik Install.  Action ini akan menyebabkan entri registri yang sudah dibuat di file .inf diatas akan dimasukkan ke registri sistem. Tidak ada window apapun yang muncul pada proses instalasi unhook.inf ini. Restart komputer dan masuk kembali dalam safe mode

Kembali ke ProceXP dan lanjutkan mencari service atau file yang dicurigai sebagai virus.

HIJACKTHIS

Ada satu lagi utiliti yang bernama HijackThis . Utiliti ini mirip seperti MSCONFIG di Windows, yaitu bertugas menampilkan entri-entri startup secara lebih mendalam. Bahkan entri tersembunyi pada startup dapat ditampilkan juga.

Klik tombol Do a System Scan Only untuk memulai penelusuran entri startup. Setelah itu akan muncul hasil penelusuran seperti contoh dibawah :

Proses selanjutnya adalah ceklist entri yang anda curigai sebagai entri virus. Proses ini harus dilakukan dengan sangat hati-hati, karena salah-salah anda malah menghapus entri yang "tidak bersalah".

Setelah itu anda tinggal klik Fix Checked untuk menghapus entri yang nakal tersebut.

KESIMPULAN

Jadi kesimpulannya adalah untuk melumpuhkan virus anda perlu mengikuti urutan seperti dibawah :

1. Boot dalam safe mode

2. Matikan entri startup yang anda curigai menggunakan MSCONFIG atau Hijackthis

3. Restart dan masuk kembali dalam safe mode

4. Matikan entri virus yang masih ada di sistem menggunakan ProceXP

5. Full Scan sistem anda dengan anti virus. Saya menyarankan menggunakan Ansav karena sifatnya yang portable.

6. Perbaiki registri (jika perlu) dengan utiliti perbaikan registri. Coba cari di SnapFiles/Freeware

Ditunggu komentar anda.....