As usual, they rename a few things but still leave the original name all over the app as you can see below.

With the rename came a brand new infector:

C:\Windows\System32\gwquvw.dll

We have updated our removal guide here:

How To Remove Antivermins Or Antiverminser (removal Instructions)

Tags: No Tags

Analysis from some of the Bleeping Computer HJT Team has also shown that SpyMarshal has come bundled with a rootkit as shown in the Gmer image below.

Please be patient while we create a self-help guide for the removal of SpyMarshal.  For now, though, if you are infected with this malware please post a HijackThis log in our forums.  Instructions on how to do so can be found here:

Preparation Guide For Use Before Posting A Hijackthis Log

Tags: rootkit spymarshal

The three current infectors for AntiVermins are:

C:\Windows\System32\hjpprpu.dll
C:\Windows\System32\cvnzie.dll
C:\Windows\System32\kuhmk.dll

Currently the custom removal tools may not be targetting these variants, so you may want to follow the manual removal steps of our AntiVermins removal guide:

How To Remove Antivermins (removal Instructions)

Tags: No Tags

One of the BC moderators, TG1911, recently referred me to a new FireFox extension and Internet Explorer plugin that he wanted to add into our popular Freeware Replacements for Common Commercial Applications thread. This program, called KeyScrambler Personal, is an anti-keylogger application that can be used to encrypt data that you input into a browser.  It works by encrypting your keystrokes at the keyboard driver level and then decrypting them when they reach your browser.  As keyloggers attempt to read from the keyboard driver, they will now only be able to see the encrypted keystrokes.

The program comes in two versions, a Personal and a Pro version. The Personal version is free and will encrypt all logon input when logging into a site. The Pro version, on the other hand, costs $24.99 but will encrypt all input that you enter while using a site.

While using the Personal version when I visited a site that contained a logon form the browser would show a small popup that stated that my input was being protected by Key Scramber as shown in the image below.

As I input data into the login form, that same popup will show the encrypted data that the keylogger will see. 

In order to properly test this, I needed to install a keylogger and see if it worked.  I fired up Vmware and then installed KeyScrambler.  I then used the below test method using three different commercial keyloggers - Actual Spy, PC ACME Professional, and Keyboard Spectator Pro (KGB Spy) 3.30.  For this review I will go over my experiences when using Actual Spy.

First, I fired up FireFox, disabled Keyscrambler, and went to Hotmail to sign in with a fake account.  As you can see from the image below, Actual Spy did record the correct text I entered.  So now I know the keylogger is capturing my keystrokes and I can continue with my experiment.

I now went into the FireFox KeyScrambler extension properties and enabled it so it would protect my login data.  When visiting Hotmail again and entering the same fake login information, Actual Spy once again recorded the key strokes.  This time, though, the keystrokes were encrypted!

I now performed the same procedure using Internet Explorer where it worked just as well.  This entire procedure was tested again using the other two keyloggers.  They all produced the same results; KeyScrambler is encrypting the keystrokes before it gets to them.

For those who are looking for a free way to protect their login information from a keylogger, this seems like the perfect tool to use.  It’s easy to use, requires no work on your side other than the install, and works nicely.  I know I am now using it.

Tags: keyscrambler, firefox, internet explorer, keylogger, security

This is so new in fact, that though the BrainCodec has its own domain and its own braincodec.107.exe, they forgot to change the web site itself.  As you can see the web site is still showing the layout and image for Gold Codec.

What happened to Gold Codec then?  They reverted it back to a parked domain at our favorite malware registrar, and hoster, ESTDomains.

Information on Brain Codec is:

braincodec(dot).com
85.255.117.198

Domain Name: BRAINCODEC.COM

Registrant:
na
Alex Plawsky (alex@braincodec.com)
ul. Chłodna 51
Warszawa
null,00867
PL
Tel. +48.22528102

I can’t wait for toecodec to be released.

Tags: No Tags

Tags: No Tags

lready, Allard and those like him are having an impact. They’re showing that strategies to move the company beyond Windows can emerge and be accepted by top brass as nonthreatening. A key moment came six years ago, when Allard insisted that the new Xbox video game console be developed without using Windows. In one meeting, Gates berated him for suggesting that the operating system wasn’t up to snuff. But Allard argued that it wasn’t specialized enough to handle video gaming. Gates eventually relented, in a decision that is widely seen today as a key to the console’s success.

The article is definitely an interesting read whether your into technology or business.

Tags: No Tags

The categories that can be enforced in parental control are:

• Web Filters - This category allow you to specify what sites a user can or cannot go to, whether they can download files, or if they are allowed to go to a site that matches a particular content.
• Time Limits - In this category you can specify the specific hours that a user can use a computer. If they attempt to logon during this time, they will be denied, and if they are currently logged on, will be logged off.
• Games - Here you can specify the game rating system that will be used, the highest rating of a game they can play, and choose specific games that they can or cannot play.
• Program Use - Specify the programs a user is allowed to run and is not allowed to run.

It is important to note that parental controls can only be assigned to Standard User accounts and not an administrator. You can see a video where we set the parental controls on a user and this video where we show these restrictions in place.

Tags: No Tags

The Microsoft Zune has received what could be the most critical and scathing review since its release.  In Andy Ihnatko’s review titled Avoid the loony Zune, Andy relates his horrible experiences during his week of playing with it.  The problems reported range from a horrible setup to lack of compatibility with Windows Media Player.

I personally do not own, or have tried, a Zune but if the reports from this article are true  then it does not sound like the iPod killer that Microsoft hopes it will be.  Some of the problems Andy ran into include:

• Horrible setup
• Lack of compatibility with Windows Media Player.  To me that doesn’t event make sense as it is Window’s flagship media program.
• Only the Zune software can sync with the Zune
• No support for podcasts.
• Having to purchase Zune points ($5 blocks) instead of just using real money to purchase a song for $0.99.

For more information please read the original article while I leave you with one of Andy’s comments:

“Avoid,” is my general message. The Zune is a square wheel, a product that’s so absurd and so obviously immune to success that it evokes something akin to a sense of pity.

Tags: No Tags

The following tables describe the syntax to use with Windows Desktop Search, as well as the properties that can be queried for each category of file displayed in the Desktop Search results window.

You can restrict your query to specific locations, specific file types or properties within those types, or specific “file kinds.” File kinds refer to the categories displayed at the top of the Windows Desktop Search results window.

Tags: No Tags