 Latest Malware Removal Guides
|
|
|
 Welcome!
Are you new to Bleeping Computer?
Bleeping Computer is a community devoted to providing free original content, consisting of computer help and tutorials, in such a way that the beginning computer user can understand. Getting started using our community is extremely easy! Just follow these easy steps below to start receiving the computer help you need:
Step 1: Create an account by clicking here. It's completely free with no hidden strings attached.
Step 2: If you are having a computer problem and need some computer help, ask us in our Discussion Boards. Once you register an account, you can quickly post a question by clicking on the New Topic button in the appropriate category and receive the computer help you need.
Step 3: If it is an easy to read and understand How-To or tutorial on a topic that you need help with, you can visit our Tutorial Section. Once you are there, just browse through the various tutorials till you find one that suits your needs.
Step 4: If your computer is running slow and you can not figure out why then you should visit our Startup Programs Database. You can use this database to help you lookup the programs that are running on your computer and find out if they should be allowed to.
Step 5: Are you infected with malware and can't get rid of the infections? Then stop by our Malware Removal Guides section for a listing of some of the most common infections found today. If your computer is acting weird, and you think you may be infected, then maybe the Am I Infected? forum is the right place to determine if you are.
Step 6: Can not find the information, computer help, tutorial or How-To that fits your specific need? Then ask us to provide this information for you by leaving us Feedback with your request.
Once again, welcome and enjoy your stay!
|
|
|
 As many of you may have read, it has been found that launching files from a vulnerable Windows program could allow malicious programs to be loaded automatically without your permission. These malicious programs would have full access to your computer, which includes accessing sensitive data or installing other files onto your computer without your permission.
This vulnerability is caused by how Windows handles DLL files. When programmers create a program they are supposed to specify the specific locations that their applications will load DLL files from. If they do not specify the location, then Windows will search for the desired DLL in numerous locations on a computer. The vulnerability can be exploited because Windows will attempt to load a DLL from the same folder as a file that is being opened by the application.
This vulnerability could then be set off when a user opens a file in a folder, remote file share, USB drive, etc that also contains a malicious DLL that has the same name as a legitimate DLL that the application would normally open. As Windows will attempt to open a DLL from the same folder as the file, Windows will instead load the malicious DLL and not the legitimate one. Once the malicious DLL is loaded, the malware/hacker have access to do what they want on your computer.
Though, this is not the first we have heard about this vulnerability, the latest news has definitely fired off a storm of updates by software vendors to fix their applications. Unfortunately, this problem is not one that can be fixed by Microsoft as it will break far too many programs. Instead software vendors should follow the practices put out by Microsoft that explain how a program should specify the specific locations a program's DLLs should be loaded from. As numerous programs have not been following these policies, they need to update their programs to resolve these security issues.
Therefore, it is important that you make sure your computer has the latest updates for the programs that you use. A great tool for finding vulnerable and out-dated programs is Secunia PSI. A tutorial on how to use this program can be found here:How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector Microsoft has already released Microsoft Security Advisory (2269637), which explains this vulnerability as well as provides methods and a tool that can be used to disable the loading of libraries from remote network or WebDAV shares. There is also an unofficial list of vulnerable applications here.
I suggest everyone use Secunia PSI and read the Microsoft advisory in order to properly protect your computer.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Aug 30 2010, 02:45 PM - 3 comments
|
Read: 853 times -
View Comments
|
|
|
|
 On Wednesday Facebook unveiled a new service called Facebook Places. This service allows you to share your exact location by "checking in" to that place and letting your friends know that you are there.
In order to use this feature you will need to install the Facebook application for iPhone or browse to touch.facebook.com using a mobile web browser that supports HTML 5 and geolocation. Facebook Places will then use the GPS data from your phone to display locations around you that you can "check into" so that your friends know that you are there. As of right now, Facebook Places will only show your location to your friends unless you specifically give permission to allow everyone to see it. Once you are checked into a location you can then select the People Here Now feature of Facebook places to find other friends who may be in the same location as yourself.
Facebook states that this feature is designed to help you become more social and to find friends who may at the same location as you. On the darker side, services like this also broadcast that you are not at home, which allows people with a criminal intent more access to your information and location. Therefore, make sure you only allow your friends to see your location and not to set it to Everyone.
Location and check-in services are not new by any means. In 2009 two companies debuted location services of their own. These two companies are Foursquare and Gowalla, with Foursquare becoming the dominant location service. This new service offering by Facebook is definitely ruffling, if not plucking, some feathers at these two companies as competing with a 500 million user gorilla is going to be very hard task.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Aug 19 2010, 03:19 PM - 12 comments
|
Read: 2539 times -
View Comments
|
|
|
|
Microsoft has announced that they are going to release an OOB, or out of band, security patch for the Windows shortcut vulnerability. This patch will be released on Monday, August 2, 2010 at or around 10 AM PDT.
Microsoft has stated: "We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. Additionally, we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers." It is important that everyone installs this patch when it is released. I, or someone else, will post here when it becomes available for download.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Jul 31 2010, 10:54 PM - 9 comments
|
Read: 3413 times -
View Comments
|
|
|
|
 A new but incredibly important add-on has been released for Firefox, Google Chrome, and Internet Explorer by the developers from the Boloto Group called Add The Alert. Staggering amounts of children, as much as 800,000, go missing every year. That's right. 800,000! When a child goes missing one of the most critical steps is to make the people in the vicinity of the child aware as soon possible in order increase the chances of finding the missing child. This is where Add The Alert comes into play.
Add The Alert is an add-on that will display alerts in your browser when a child is reported missing. When any missing child is reported, including Amber alerts, and acknowledged by the National Center for Missing and Exploited Children, it generates an Instant Alert on the Add The Alert system. For non-Amber alerts, all Alert buttons within a 100 mile radius of the missing child's area display a small Alert box. For Amber alerts, all Alert buttons within the state designated by Amber receives the Alert box. When the alert is clicked, the user will then be directed to information about the missing child that is posted on the NCMEC site.
As we get more and more of our news and information from a computer, having the alert system reach out directly to our desks is not only a brilliant idea, but an incredibly useful one. Any tool that can help us recover our missing children is a vital one. There is no excuse to not install this add-on. I have installed it and you wouldn't know it is even there, except when a child is reported missing! So there are no negatives and only positives with using this tool. Please install it now and protect our children!
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Jul 29 2010, 10:35 PM - 21 comments
|
Read: 3686 times -
View Comments
|
|
|
|
 VirusBlokAda, a computer security firm based out of Belarus, had found a Trojan that utilized a new method of infecting a computer. This method would infect even a fully patched Windows 7 machine. It turns out that the method this Trojan infects the computer is a vulnerability that affects all Windows version since, and including, Windows XP. This vulnerability utilizes a specially crafted shortcut that when stored on an external drive, and that drive is opened, will automatically launch a malware program that can then infect your computer.
Microsoft has subsquently issued an advisory that discussed the effects of this vulnerability and how to mitigate it. As the steps to mitigate this vulnerability revolved around editing the Windows Registry a Microsoft FixIt was released to automatically do it for you. The problem with the FixIt is that it will remove all the images from your shortcuts, which can reduce the usability of Windows.
Since then, Sophos has released their own tool to fix the Windows Shortcut vulnerability, without the loss of your shortcuts images. This tool, called the Windows Shortcut Exploit Protection Tool, will allow you to view your shortcut's icons, while still protecting you, by installing its own shell handler that is not vulnerable to this infection. It will also issue an alert when a malicious shortcut is encountered that is trying to exploit this vulnerability.
For those who want to protect themselves without losing functionality in the Windows GUI, then the Sophos tool looks like the way to go.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Jul 28 2010, 08:45 PM - 17 comments
|
Read: 3130 times -
View Comments
|
|
|
|
 The Electronic Frontier Foundation has released a new Firefox addon called HTTPS Everywhere that forces Firefox to encrypt your communications via SSL (https://) when communicating with certain sites. This will allow you to transmit data to any of these sites securely and privately.
HTTPS Everwhere was originally created to communicate with Google's new encrypted search option, but was further enhanced to force Firefox to use other sites https:// connection. These sites are:- Google Search
- Wikipedia
- Twitter and Identi.ca
- Facebook
- EFF and Tor
- Ixquick, DuckDuckGo, Scroogle and other small search engines
So for those Firefox users who want a secure and private connection, check out HTTPS Everywhere. Has been working great for me.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Jul 15 2010, 09:57 PM - 19 comments
|
Read: 6028 times -
View Comments
|
|
|
|
 For those of you still running Windows XP Service Pack 2, and I bet there are a lot of you still, it is time to upgrade to Service Pack 3. On July 13, 2010 Microsoft officially stopped supporting Service Pack 2 and will no longer release security updates for it.
Therefore, if you care about security and your privacy it is strongly advised that you ugprade to XP Service Pack 3. If you do not upgrade then your version of Windows will no longer be protected as new vulnerabilities are discovered. This will open you up to malware infections, remote execution, and possibly the loss of private information.
Don't be silly. Stay Secure! Otherwise you may have to wait a couple of days in our Virus Removal forum before we get a chance to help you clean your computer 
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Jul 15 2010, 08:44 PM - 4 comments
|
Read: 3425 times -
View Comments
|
|
|
|
|
Most Recent Posts
|
 Most Recent Tutorials
|
|
|
Have a computer problem and would like to ask us for help? To learn how to ask your question Click Here!
Do you have popups, spyware, or other malware infecting your computer? If so, Start Here!
Are you having trouble using this site? Then you should visit the New User Orientation Center!
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
BleepingComputer.com
Link: