Tuesday, August 3, 2010

Microsoft to release out-of-band patch for Windows shortcut vulnerability

Microsoft is to release an out-of-band patch for the Windows shortcut vulnerability tomorrow morning.

Due to be released at 10pm PDT, 5am tomorrow morning BST, the update will address the vulnerability discussed in Security Advisory 2286198. The update will address the critical LNK vulnerability that applies to all versions of the Windows operating system, from Windows XP SP3 to Windows 7.

Christopher Budd, senior security response communications manager at Microsoft, said: “We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers.

“Additionally, we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out-of-band is the best thing to do to help protect our customers.”

Holly Stewart, a senior program manager with the Microsoft Malware Protection Center (MMPC), said that it and other Microsoft Active Protection Program partners have been keeping a close watch on the use of .LNK files exploiting this vulnerability.

Stewart said: “As with many new attack techniques, copycat attackers can act quickly to integrate new techniques. Although there have been multiple families that have picked up this vector, one in particular caught our attention this week– a family named Sality.

“Sality is a highly virulent strain. It is known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security and then download other malware. It is also a very large family—one of the most prevalent families this year. After the inclusion of the .LNK vector, the numbers of machines seeing attack attempts combining malicious .LNKs and Sality.AT soon surpassed the numbers we saw with Stuxnet. We know that it is only a matter of time before more families pick up the technique.”

The Sality strain has been responsible for around 8,000 computer infections a day. Stewart said that even though they do not represent the number of actual infections, these attack attempts indicate when threats are becoming more widespread.

Wolfgang Kandek, CTO of Qualys, said: “Windows 2000 and XP SP2 users will not be covered and are now in a predicament that will become increasingly urgent. Attacks will continue to become more prevalent and their defensive options are limited.

“Microsoft's workaround in Advisory KB2286198 has a serious impact on the usability of the system as desktop icons are all replaced by standard generic representations and navigation is hampered. The best option for XP SP2 users is to upgrade to SP3 as soon as possible, Windows 2000 users need to migrate to a new OS altogether.

“Primary attack vectors for the LNK vulnerability are USB sticks and shared drives, an attack depends on a specially crafted LNK file and a custom DLL to function. Remote attacks through email or websites are theoretically possible, but require multiple steps and user interaction. Nevertheless disabling SMB and WebDAV protocols in the outbound ruleset of internet facing firewalls is a measure that provides additional protection against the remote attack vector.”

New Hotmail revealed

New Hotmail

ninemsn today reveals the next generation of Hotmail, set to launch in Australia later this year with new innovative features and Microsoft product integrations. The latest Hotmail, including to the press release, will include access to Office web applications. This means that you will be able to view, edit, and share Word, PowerPoint, and Excel documents DIRECTLY within your Hotmail! So if you don’t even have Microsoft Office installed, you have access to this feature as long as you have an internet browser. It’s a great news indeed as not everyone can afford the Microsoft Office suite.

Hotmail integrates Web Office

Office Web Application

Other Hotmail features include smart tools to eliminate inbox clutter and simplify daily tasks such as:

  • Social email highlights: Hotmail identifies and categorises emails from social networks in your inbox, making it easier to sort through your emails.
  • One click filters: Filter your entire inbox to only show messages from specific contacts or companies.
  • Sweep functionality: A virtual broom that allows people to easily remove or file emails from a specific sender in their inbox into folders. Auto-sweep can archive any future emails from that sender so they do not appear as clutter in the inbox.
  • Optional conversation view: Hotmail gives people the option to view messages by threaded conversation to view an entire conversation series in one go.
  • Advanced search and automated search suggestions. Hotmail has added an advanced search pane and made advanced search easy with inbox search auto-complete. People can type a single letter into the search box and Hotmail automatically suggests a number of searches to help people find the email they are looking for.

There is also the Hotmail ActiveView, which enables you to view specific content directly within the email body such as YouTube videos, Flickr photo albums, and LinkedIN notifications.

Hotmail Wave 4

Hotmail ActiveView Pop-up

Alex Parsons, Director of Marketing and MSN Products at ninemsn said: We are really excited about the innovative changes coming to Hotmail and delivering an experience that will help Australians manage their inbox, work on Office Docs via the cloud, watch videos and share photos. With an increasing percentage of personal emails resulting from social networking updates, 50% of people miss important messages in their inbox because of clutter. Helping people manage their inboxes was really important in this release of Hotmail, and we have included a series of features like the Sweep functionality, one click filters and social highlights to address this.

Not to mention that Hotmail lets people send up to 10 GB of attachments in a single message via SkyDrive (200 attachments – each up to 50 MB in size – in a single message). It’s not perfect but at least you can send more attachments by splitting them up in smaller sizes.

Other features coming to Hotmail include:

  • Web messenger: Use instant messenger with contacts directly through Hotmail.
  • Single contact list. Enables people to bring all their online contacts into one address book stored in Hotmail, including contacts from Facebook, LinkedIn and other email providers.
  • Rich mobile browse. With the new Hotmail, the mobile experience is optimised for rich browsers and touch, so that the experience feels seamless on the latest phones. The inbox supports filters, in-line message previews, HTML messages, offline e-mail viewing, conversation threading, the ability to flag messages, the option to turn header details on or off, and more.

Windows Live Hotmail Clean up

The new Hotmail will roll-out in Australia in the coming months. To learn more about today’s preview visit Stay tuned for coverage on the upcoming Windows Live Messenger as well!

Antivir Pro

The Antivir Solution Pro virus is, in its great part, a “standard” rogue (fake) anti-spyware (just like the Security Master AV virus we talked about in one of our previous removal guides) that has only one goal: making you believe that your computer is infected so that you pay for the full program. As Antivir Solution Pro virus is a scam, the only thing you should do is remove the Antivir Solution Pro virus using the removal guide below.

But before we reach the main part of this article, you should be aware that Antivir Solution Pro got on your computer when you visited an infected website and came across some malware or some exploit kits that installed Antivir Solution Pro on your computer. Obviously enough, if you don’t make sure that you computer is protected when surfing the web, there is a big chance that Antivir Solution Pro or a similar rogue will install itself on your computer again in the future.

How to uninstall / remove Antivir Solution Pro (Virus Removal  Guide)

How to uninstall / remove Antivir Solution Pro (Virus Removal Guide)

What does the Antivir Solution Pro virus do ?

Basically, Antivir Solution Pro is a fake anti-spyware program that will always state that your computer is infected so that you buy the software (don’t buy Antivir Solution Pro as it is a scam). In addition, it will block some applications from running and mess up your Internet Explorer settings so that you might not be able to get your computer online.

How to protect your computer against Antivir Solution Pro and other similar viruses / rogues:

Well, first of all, it would be great if you had an updated antivirus suite installed on your computer(suck as Kaspersky Internet Security, Nod 32, or the free Avast Antivirus or MSE).

It is also very important that your Windows operating system has all the security patches installed and that Adobe Flash, Adobe Reader and similar software are also up to the current, updated version. For a more detailed list of the software installed on your computer that needs an update, you can run theSecunia Online Software Inspector.

Try using a more secure web browser such as Mozilla Firefox or Google Chrome.

How to remove the Antivir Solution Pro virus

Ok, so I had to edit the steps a little, because Antivir Solution Pro seems to be very active and we’ll have to close the process before anything else can be done. You will need to download iExplore.exeon another computer (iExplore is a great tool developed by Lawrence Abrams from It will stop the Antivir Solution Pro process, so that we’ll be able to remove it.) and then transfer it on the desktop of the infected computer (use an USB stick or a CD/DVD).

1. Ok, now that we are set to go, we should stop the Antivir Solution Pro process so that we can remove it. To do this, run iExplore until Antivir Solution Pro is gone. Try to run it multiple times simultaneously if you feel like you’re getting nowhere. But don’t worry, iExplore will get the job done eventually.

2. If you only have Internet Explorer installed, you will have to undo the changes this virus did in yourInternet Explorer settings so that you can surf the Internet once again. To do this:

  • Open Internet Explorer and go to Tools->Internet Options.
  • Now click the “Connections” tab, then the LAN Settings button in the bottom half of the window.
  • Now uncheck the “Use a proxy server for your LAN” option.

3. Now that you are able to connect to the Internet, you should download a few files and apps that will help us down the road. Just download the files linked to below on your desktop

Malwarebytes Anti-Malware – We will use MBAM for actually removing this virus from your computer.

SuperAntiSpyware – This will be our secondary option if MBAM does not do the job

4. Many people don’t give this as much importance, but I feel like it’s a needed step. Just to make sure, you should delete all temporary files from your computer (click for a tutorial on that).

5. Now that Antivir Solution Pro is no longer running, we should be able to remove it using MBAM. Just follow these steps:

  • Run the MBAM setup from your desktop.
  • Proceed with the standard install settings
  • Make sure the software update itself once it has been installed
  • When MABM is up and running, go to the Scanner tab and perform a full scan
  • Wait for MBAM to scan your computer for Antivir Solution Pro, as well as for any other malware your computer might be infected with
  • When the scan is complete, remove all detected infections

6. Although you should have removed the Antivir Solution Pro virus from your computer, if this routine doesn’t do the trick, I guess you could try the same steps, only that instead of using MBAM, you use SuperAntiSpyware this time.

Antimalware Doctor Protection Center

What is Antimalware Doctor Protection Center?

Antimalware Doctor Protection Center is nothing but a total scam that will propagate on to computers that are vulnerable to Trojan attack. It can be dropped and installed on computer unknown to users who still uses outdated web browser. Just like its predecessor, Antimalware Doctor, it will alter system registry to make itself run each time Windows is started. A Windows Security Center-like icon will be placed on the task bar that monitors system activities. It represents as a real-time anti-virus, firewall and automatic updates.

While still on the computer, Antimalware Doctor Protection Center will continuously display fake warning messages attempting to convince its victims into purchasing the registered version of it. Off course this is not free, after all it was created as a money-making program for its developers. Immediately remove Antimalware Doctor Protection Center and all of its files and system process with a powerful anti-malware program.

OS AffectedWindows
Detected ByMalwareBytes

What are the Symptoms of Antimalware Doctor Protection Center Infection?


It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antimalware Doctor.exe”

The threat will drop the following malicious files:

  • %APPDATA%\mozilla\firefox\profiles\[PROFILE NAME]\gsl.dll
  • C:\Windows\System32\enemies-names.txt
  • C:\Windows\System32\Antimalware Doctor.exe
  • C:\Documents and Settings\\My Documents\New Folder\setupapp6262205323364.exe
  • C:\Documents and Settings\\My Documents\New Folder\enemies-names.txt
  • C:\Documents and Settings\\My Documents\New Folder\hookdll.dll

How to Remove Antimalware Doctor Protection Center Manually

1. Restart your computer in SafeMode
- Press F8 on keyboard as soon as you turn on the computer
- Select SafeMode to start the computer loading only minimal resources

2. Delete Windows registry entries the malware created. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run
- Type in the field, regedit
- Find registry entries mentioned above and delete if necessary

3. Files related to Antimalware Doctor Protection Center must be deleted:
- Browse and delete malicious files detected above.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.

4. Run Antivirus Program
- You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats.
- Thoroughly scan the computer and clean or delete all detected threats.

Automatic Removal of Antimalware Doctor Protection Center

1. Print this procedure as we need to close all running programs later.
2. Download MalwareBytes’ Antimalware here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware

7. MBAM will run and update itself after installation. Close MBAM after the update.

8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

9. Click on the MBAM icon and start to Perform Full Scanto begin scanning your computer for Antimalware Doctor Protection Center related files.
10. After scanning, a message will appear stating that the scan is completed successfully. ClickOK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit MalwareBytes’ AntiMalware and restart your computer.

14. Antimalware Doctor Protection Center and all its files are now removed from your computer. To protect your computer from this threat and avoid future infections, you may want to obtain a Full Version of MalwareBytes’ AntiMalware.