CoolWebSearch

This is a very nasty and insidious spyware/malware program. Spyware experts are now saying that the makers are borrowing code from other malicious programs to install rootkit like features on infected machines.

More recent versions of CWS spyware now have features similar to rootkits which allow the program writers to hide their files on Windows operating systems.

These new variants can hide their settings in the registry and also hide rootkit files in alternate data streams.

The software is usually installed on a machine by visits to malicious websites or emails using various ploys to get users to download and install the script.

Once installed, CoolWebSearch will hijack browsers and redirect users to some of the several bookmarks it imports. When you attempt to change your homepage back again it constantly overwrites it, it slows down general performance and causes Windows to freeze, crash or reboot, and can also make you victin to a Denial of Service (DOS) attack.

Getting rid of it is now much easier. TrendMicro have a free CoolWebSearch removal program

Use this utility to get rid of CoolWebSearch and it’s related programs.

Also download Spybot S&D and use its TeaTimer protection, which runs in the background and alerts you to any attempted registry changes.

If you are running Windows, also use Advanced Windows Care. Both of these programs will add a large number of changes to your Registry. This is nothing to be concerned about as the changes are necessary to stop any nasties from attching themselves to your pc and making changes you really don’t want.

Keep your anti-spyware up to date and if you click on any links that prompt you to download, read the EULA first.

Check for rootkits on your machine.

As with all programs, regular updates is essential to offer you greater protection.

AVG Anti-Rootkit Free

Grisoft has developed quite a following with its free (for personal, non-commercial use) security applications, and for good reason.

Now there’s an anti-rootkit utility in AVG’s free software stable, too, and for users seeking a minimum of interaction, AVG Anti-Rootkit Free may very well be the Right Tool for the Job.

Grisoft makes its free AVG Anti-Rootkit application available for download. Users download the avgarkt.exe setup file, which features simple installation.

You may download a free version of AVG Anti-Rootkit here.

In keeping with the goal to make AVG Anti-Rootkit a very simple tool, the file features a simple .exe install file that triggers a setup wizard.

Users can select between a normal interface (which Grisoft recommends and sets as the default) or a low graphics interface (which is optimized for visually impaired users who rely on screen-reading programs).

Users must accept the AVG Anti-Rootkit Free license agreement before they can use the program to check their Windows system for stealth rootkit programs.

Next, users must specify the location of the AVG Anti-Rootkit Free installation files.

As with most software programs, users must specify the name of the Start Menu Folder. This is the name the AVG Anti-Rootkit application receives on the user’s Start menu.

Once users have specified all setup information, the free anti-rootkit utility installs itself.

Due to the way most anti-rootkit applications operate, it’s necessary to reboot Windows to enable proper operation. AVG’s free anti-rootkit application is no different. AVG’s setup utility gives users the option of rebooting immediately automatically or manually rebooting later.

AVG purposefully keeps its anti-rootkit interface simple. There are very few options for users to choose, thereby helping simplify the already confusing and complex world of rootkits.

AVG includes concise educational information aimed at helping regular (non-IT professionals) better understand the threat stealth rootkit programs present.

The Learn More tab lists information on what rootkits are and how users can protect their PCs from the stealth threats. There’s also a link to Grisoft’s site where additional computer security information is made available.

Users can check for AVG Anti-Rootkit Free updates using the third tab (About & Update). Clicking the About & Update tab also reveals the current version users have installed.

An interesting note, Grisoft informs users on this third tab why the AVG Anti-Rootkit uses random window titles. The reason is that AVG’s programmers wanted intentionally to change the name of the window the free anti-rootkit application uses to help thwart detection efforts rootkit hackers might program into their malware.

If users click the Check For New Version button found on the third About & Update tab, they are directed to Grisoft’s Web site. Here users will see whether the version they are using is current or whether updates must be downloaded.

The Search For Rootkits tab is the meat of the program and the reason users will download it in the first place.

Clicking the Search For Rootkits button triggers a search of stealth rootkit programs. The free AVG application tracks its progress in the progress bar at the menu’s bottom.

By default, the Search For Rootkits button only searches critical Windows directories on the root drive.

When no rootkits are found, AVG presents a congratulations window.

When rootkits are found, AVG displays those that are found (with information on the rootkit path and type). Users can then highlight the rootkit items in question and click the Remove Selected Items button to eliminate the offending files from their Windows systems.

With the In-Depth Search, however, AVG Anti-Rootkit searches for stealth rootkit files on all the hard drives and partitions within a system.

Just as with the simple rootkit search, the AVG Anti-Rootkit Free application tracks its progress as it works. Should users wish, they can terminate the search using the provided Stop button.

These are all the options a user can select when working with AVG’s free anti-rootkit program. By purposefully keeping the application easy to use, AVG engineers have created a free malware detection utility that’s the Right Tool for regular (personal) users seeking to check their systems for unwanted stealth software.

Download your copy here

Securing Firefox

How to avoid hacker attacks on Mozilla’s Firefox browser

Constant security problems with Microsoft’s Internet Explorer browser helped pave the way for Mozilla Firefox to emerge as an alternative browser for surfers.

However, Firefox users should be aware that hackers can exploit software flaws and design features to launch attacks.

The following configuration changes can disable various features and set up the browser to run in a secure state, limiting the damage from malware attacks.

To get started, select Tools, then Options.

In the General tab, you can manually set your home page and check to ensure Firefox is your default browser.

In the Privacy tab, select the Cookies sub-category. Here you can disable cookies or change your preferences for how the browser handles them. It is recommended that you enable cookies for the original site only. Also, by enabling the option ‘unless I have removed cookies set by the site’, a website can be “blacklisted” from setting cookies when its cookies are removed manually.
It is recommended that you do not use the Firefox feature to store passwords. If you decide to use the feature, be sure to use the measures available to protect the password data on your computer. Under Firefox’s Privacy category, the Passwords subcategory contains various options to manage stored passwords, and a Master Password feature to encrypt the data on your system. Use this option only if you decide to let Firefox manage your passwords.
Alternatively use Clipperz or RoboForm.

From the Content category, you can configure Firefox to block pop-ups and warn when websites try to install extensions or themes.

You should also Disable Java unless required by the site you wish to visit. You should determine if this site is trustworthy and whether you want to enable Java to view the site’s content.
Click on “Advanced” to disable specific JavaScript features.
It is recommended that you disable all of the options displayed in this dialog.

Firefox’s Downloads tab offers the option to change actions taken when files are downloading. Any time a file type is configured to open automatically with an associated application, this can make the browser more dangerous to use.

Vulnerabilities in these associated applications can be exploited more easily when they are configured to open automatically. Click the View & Edit Actions button to view the current download settings and modify them if necessary.

The Download Actions dialog shows the file types and the actions the browser will perform when it encounters a given file type. For any file type listed, click on either Remove Action or Change Action.

If you click on Change Action, select Save them on my computer to save files of that type to the computer. This helps prevent automated exploitation of vulnerabilities that may exist in these applications. Also scan them with an Anti-Virus program before executing them.

Firefox includes a feature to Clear Private Data to give users the option to remove potentially sensitive information from the web browser. Click on Tools, then Save Private data to find the settings (Ctrl+Shift+Del)

This is where you can configure Firefox to remove potentially sensitive data from the browser.
Place checkmark in the following boxes:
Browsing History
Saved Form Information
Cookies
Cache
Authenticated Sessions
Ask me before clearing private data.

Using Spybot S&D - Tutorial included

Spybot - Search and Destroy is an adware and Spyware detection and removal tool.
It includes removal of certain advertising components,which may gather statistics as well as detecting various keylogging and other spy utilities.

It securely removes PC and Internet usage tracks, including your browser history, temporary pages, cookies (giving you the option to keep selected cookies) and more.The program interface is easy to use and multi-lingual.

SpyBot-S&D allows you to exclude selected cookies, programs or extensions from being reported, allowing you to prevent false positive messages for items that you dont want to be alerted of every time.

It can even scan your download directory for files that have been downloaded, but not yet installed, allowing you to detect unwanted programs before you even install them.

SpyBot produces a detailed and easy to understand report before it deletes any files and allows you to deselect any item that you do not want to be processed.

It also incorporates a recovery feature allows you to restore your settings if you need to which can be very useful.

The site is multi-lingual and I recommend that you look at:
http://www.safer-networking.org/en/tutorial/index.html

Spybot S&D can be downloaded from:
http://www.safer-networking.org/en/mirrors/index.html
Simply select your language and download from one of thesites provided.


Media Player Tutorial:
http://www.a1-ebooks.co.uk/tutorials/Spybot.wmv