Wednesday, September 15, 2010

Blog coming alive again- Secondary Education is finished

If you noticed that my blog has died for the past 6-7 months, its because I was in my final year of secondary education education. Now, thats all the past. This blog is revived (for another 3 months)!

Saturday, September 11, 2010

Diversity? Can it be an improved security measure?

Diversity is a commonly given advice to investors. "Don't put all your eggs in the same basket." "Diversity is key to a investor's profile." "Diversity lowers the risk of investing."

But, can this principle be also applied to computer security? Antivirus software or suites are never perfect.

I know that there are extremely loyal (some people "fanboys") people that always stick to the same antivirus solution as they believe it works. I also hear a lot of stories where somebody has used an antivirus solution (Antivirus A) and changed to a different antivirus solution (Antivirus B) and discovered that they had a trojan. From that point on, the individual swore to themselves never to change from antivirus B ever again.

What I believe that the mere act of changing antiviruses was the important thing. By changing antivirus, the individual was able to detect malicious software present on your computer.

My recommendations
So my recommendation is for the individuals to

If you are using a free antivirus solution, are about to your antivirus/internet security subscription is about to expire, consider another free antivirus solution or a free antivirus trial (which is a good way to decide whether an antivirus solution is for you).
Recommended antiviruses/internet suites off the top of my head:
  • AVG (there is a free for personal use version)
  • Avast! (there is a free and a commercial version)
  • Norton (Symantec) (apparently the programs don't lag your computer much these days)
  • Microsoft Security Essentials (tried it, pretty simple interface, not sure about effectiveness)
  • Eset (really fast antivirus! I've used the 2005 version before)
  • Trend Micro (by the way, it was my first antivirus I ever used! Brilliant program back in the day... maybe it still is)

Thursday, September 9, 2010

LOL is that you in this picture? Koobface virus removal instructions for windows XP/ME

This is the message my friend got on his facebook. Its a facebook virus. I removed it for my friend and just wanted post some details for those interested. (BTW, I know the instructions are not formatted very well).

There is a virus that commonly affects facebook users called the "Koobface". It spams links and tries to trick people in downloading their "flash player update" called ''flash_player.exe". This is the mechanism that is used to infect individuals.

Removing the virus for Windows XP (print off instructions before proceeding)
Windows XP
  1. Disable system restore- This step is essential in enabling an antivirus to fully scan your computer.
From Microsoft Help Website, to do this:
  1. Click Start, right-click My Computer, and then click Properties.
  2. In the System Properties dialog box, click the System Restore tab.
  3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
  4. Click OK.
  5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
    You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

    Do you want to turn off System Restore?
    After a few moments, the System Properties dialog box closes.
 2. Restart in safe mode.
From Microsoft Help Website, to do this:
1.You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.
2.Click Start and then click Shut Down.
3.In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.
4.As your computer restarts but before Windows launches, press F8. 
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.
5.Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

2. Remove start up entries.
1. Click start --> run.
2. Type in "regedit" without quotes
3. Browse through the left hand pane:


4. Delete the entry:

sysftray = "%Windows%\fbtre6.exe"

5. Close the regedit.

3. Remove the following files by using the windows search function. Press windows key +F. Input the following into the search input box.
  1. %Windows%\fmark2.dat
  2. %System Root%\5465465465463.BAT
 When these files have been located, click Shift+ delete to permanently delete.

5. Restart computer.
6. Run an antivirus of your choice. If no antivirus has been installed on the computer, use a free online virus scan. My recommendations:
  1. Panda Online Scan
  2. Trend Micro HouseCall
  3. Kapersky
  4. Symantec

Random Info That May Be Useful
McAfee As for the motivations behind this Koobface variant, analysis shows that during infection a proxy server is installed to %ProgramFiles%\tinyproxy\tinyproxy.exe and a service named Security Accounts Manager (SamSs) is created to load the server at startup.   This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and for the purpose of hijacking search results.  Search terms are directed to  This enables ad hijacking and click fraud.