RogueRemover 1.06

Version 1.06 (12/30/06)

Program: [156 applications listed]

1. Added ability to select which items to remove.

2. Added right click to scan results list, improves functionality.

3. Minor update tweaks.

4. Created better scan interface, less flicker.

5. Added resize functionality to main form.

Definitions:
[Added]

2-AntiSpyware, Break Spyware, ContraVirus, CurePcSolutions Anti-Spyware, ErrorKiller, Eusing Free Registry Cleaner,MalwareAlarm, MalwareWiped, MrAntiSpy, PC Health Plan, RegCure, Registry Booster, Registry Cleaner, SpyEraser, SpyMarshal, Spyware Striker Pro, vCatch

[Updated]
AGuardDog Suite (-4)

[Removed]
AlphaWipe

[Notes]
No further comments.

Download:  http://www.malwarebytes.org/rogueremover.php

History:   http://www.malwarebytes.org/rogueremover_history.php

 

FileASSASSIN v1.02

 v1.02 (12/27/06)
- Created installer. Fixed command line bugs.

FileASSASSIN can delete locked malware files on your system. It uses advanced techniques to unload modules, close remote handles, and terminate processes to allow the removal of the file.

Simply download FileASSASSIN from the link below. Unzip to a convenient location such as C:\FileASSASSIN. Navigate to the folder you unzipped the files to and double click on the file named FileASSASSIN.exe. Then select a file by dragging it onto the text area or select it using the (...) button. Next, select a removal method from the list. Finally, click delete and the removal process will commence.

Compatible with Windows 2000, NT, XP

http://www.malwarebytes.org/fileassassin.php

 

ID Vault

 Your Own Personal Digital Safe

Protect yourself from online Identity and hackers

Read more about the write up I did at CoU.

http://www.dozleng.com/updates/index.php?showtopic=12451&hl=

RogueRemover 1.05

Version 1.05 (12/27/06)

Program: [140 applications listed]
1. Improved log writing feature.

Definitions:
[Added]

AlphaWipe, AntiSpy, DoctorCleaner, ErrorDoctor, My Privacy, RegistryFix, Spy Reaper, SpyPry, SpyRemover, SpyShield, SpyVest, SpyViper, Spyware & Adware Removal, Spyware Scrapper, Spyware Sledgehammer, The Spyware Shield, TrustSoft AntiSpyware, WinKeeper, X-Con Spyware Destroyer, ZoneProtect Anti-Spyware

[Updated]
No applications were updated.

[Removed]
No applications were delisted.

[Notes]
No further comments.

Download:  http://www.malwarebytes.org/rogueremover.php

History:   http://www.malwarebytes.org/rogueremover_history.php

 

RogueRemover 1.04

Version 1.04 (12/25/06)

Program: [120 applications listed]
1. Shrunk module handler to smaller size.

Definitions:

[Added]
1 Click Spy Clean, #1 Spyware Killer, 100 Percent Anti-Spyware, ADS Adware Remover, AGuardDog Suite, Anti-Virus&Trojan, BotSquash, Flobo Spyware Clean, Froggie Scan, IC Spyware Scanner

[Updated]
No applications were updated.

[Removed]
No applications were delisted.

[Notes]
Expect a bigger update in a few days.

Download:  http://www.malwarebytes.org/rogueremover.php

History:  http://www.malwarebytes.org/rogueremover_history.php

Microsoft Windows CSRSS Privilege Escalation Vulnerability

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a double-free error in the handling of HardError messages within WINSRV.DLL. This may be exploited to execute arbitrary code under the CSRSS process with SYSTEM privileges by setting the caption or text parameters of the "MessageBox()" function to a string that starts with "\??\".

The vulnerability is reported in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2, and Windows Vista.

Solution:
Grant access to trusted users only.

Original Advisory:
Microsoft: http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx

Full-Disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html

Determina Security Research:
http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html

http://secunia.com/advisories/23448/

http://research.eeye.com/html/alerts/zeroday/20061215.html


 

Update for Windows XP Media Center Edition 2005 (KB926251)

Brief Description
Update to address Windows Media Player 10 automatic update failures after installing Update for Windows XP Media Center Edition 2005 (KB913800).

Overview
Microsoft has released KB926251 Update. This update is intended for systems running Update for Windows XP Media Center Edition 2005 (KB913800).

Install this update to address Windows Media Player 10 automatic update failures after installing Update for Windows XP Media Center Edition 2005 (KB913800).

For more information about this update, read Microsoft Knowledge Base Article 926251

System Requirements

• Supported Operating Systems: Windows XP Media Center Edition
  

• Update for Windows XP Media Center Edition 2005 (KB913800).
  

http://www.microsoft.com/downloads/details.aspx?familyid=9d0b7cff-cf82-445f-b2bc-97adefd001ac&displaylang=en

 

It's Showtime

Advanced Malware Cleaning 
Learn from Mark how to use the Sysinternals tools to identify malware infestations, from standard spyware to kernel-mode rootkits, and clean them off your systems.

Passport is required.

TechNet On-Demand Webcast: Advanced Malware Cleaning

Windows Vista Security Guide

Brief Description
The Windows Vista Security Guide provides recommendations and tools to further harden Windows Vista. Use the GPOAccelerator tool in this Solution Accelerator to efficiently establish the Enterprise Client (EC) environment or the Specialized Security – Limited Functionality (SSLF) environment.

Registration Suggested for this Download

Overview
The Windows Vista Security Guide provides guidance and tools to further protect Windows Vista against real-live threats such as malware and information theft. This solution accelerator recommends the Enterprise Client (EC) configuration for organizations of all types. Only in extreme security situations does the guide recommend the Specialized Security – Limited Functionality (SSLF) configuration, which considerably limits client computer functionality. The Solution Accelerator includes recommendations about how to use new and enhanced security technologies in Windows Vista to better defend the client computers in your organization against malware. The guide also provides recommendations and best practices on how to use encryption and access control technologies in Windows Vista to protect corporate data. Application compatibility testing recommendations are included. This Solution Accelerator includes several files, such as the Windows Vista Security Guide.doc, the detailed Appendix A of the Windows Vista Security Guide.doc, the Windows Vista Security Guide Settings.xls, and the GPOAccelerator tool to help you easily implement the guidance.

12-20-2006 Known issues have been updated in the Release Notes. For more information, download the Windows Vista Security Guide Release Notes.rtf file.

http://www.microsoft.com/downloads/details.aspx?familyid=a3d1bbed-7f35-4e72-bfb5-b84a526c1565&displaylang=en

 

Update for Windows XP (KB924941)

Brief Description
Install this update to resolve timing issues resulting in race conditions when using Bluetooth devices connected via USB.

Overview
Install this update to resolve timing issues resulting in race conditions when using Bluetooth devices connected via USB. This may occur when starting the system while the Bluetooth radio is turned on. After you install this item, you may have to restart your computer.

KB924941

System Requirements

• Supported Operating Systems: Windows XP Service Pack 2
  

http://www.microsoft.com/downloads/details.aspx?familyid=2197d482-8f42-4951-beba-42b180b6c9e6&displaylang=en

Update for Windows XP (KB896256)

Brief Description
Install this update to fix a situation where your Windows-based system that supports processor power management features, and is equipped with multiple processors, may experience decreased performance.

Overview
Install this update to fix a situation where your Windows-based system that supports processor power management features, and is equipped with multiple processors, may experience decreased performance. After you install this item, you may have to restart your computer.

KB896256

System Requirements

• Supported Operating Systems: Windows XP Service Pack 2
  

http://www.microsoft.com/downloads/details.aspx?familyid=c2ab5a48-8240-4934-bbd8-34fb8a0fce3b&displaylang=en

Update for Windows XP (KB924941)

Brief Description Install this update to resolve timing issues resulting in race conditions when using Bluetooth devices connected via USB.

Overview
Install this update to resolve timing issues resulting in race conditions when using Bluetooth devices connected via USB. This may occur when starting the system while the Bluetooth radio is turned on. After you install this item, you may have to restart your computer.

KB924941

System Requirements

• Supported Operating Systems: Windows XP Service Pack 2
  

http://www.microsoft.com/downloads/details.aspx?familyid=2197d482-8f42-4951-beba-42b180b6c9e6&displaylang=en

FileASSASSIN v1.01

Updated:
(12/18/06) - Added /silent switch. Fixed typos.

FileASSASSIN can delete locked malware files on your system. It uses advanced techniques to unload modules, close remote handles, and terminate processes to allow the removal of the file.

Simply download FileASSASSIN from the link below. Unzip to a convenient location such as C:\FileASSASSIN. Navigate to the folder you unzipped the files to and double click on the file named FileASSASSIN.exe. Then select a file by dragging it onto the text area or select it using the (...) button. Next, select a removal method from the list. Finally, click delete and the removal process will commence.

Compatible with [b]Windows 2000, NT, XP[/b]

http://www.malwarebytes.org/fileassassin.php

 

FileASSASSIN 1.00 NEW!

FileASSASSIN can delete locked malware files on your system. It uses advanced techniques to unload modules, close remote handles, and terminate processes to allow the removal of the file.

Simply download FileASSASSIN from the link below. Unzip to a convenient location such as C:\FileASSASSIN. Navigate to the folder you unzipped the files to and double click on the file named FileASSASSIN.exe. Then select a file by dragging it onto the text area or select it using the (...) button. Next, select a removal method from the list. Finally, click delete and the removal process will commence.

Compatible with Windows 2000, NT, XP

http://www.malwarebytes.org/fileassassin.php

 

Worm Alert: Big Yellow

Systems Affected:
Symantec AntiVirus 10.0.x for Windows (all versions)
Symantec AntiVirus 10.1.x for Windows (all versions)
Symantec Client Security 3.0.x for Windows (all versions)
Symantec Client Security 3.1.x for Windows (all versions)

Overview:
The eEye Research honeypot network has recently detected a new worm that is actively exploiting a remote Symantec vulnerability originally discovered by eEye Research on May 24, 2006 and patched by Symantec on June 12, 2006. This vulnerability has been publicly exploited as early as November 30, but this is the first example of a worm leveraging this vulnerability for self-propagation. Generally, patch processes are not in place for non-Microsoft applications such as Symantec AntiVirus/Client Security, so many Symantec users may be at risk for this vulnerability throughout their networks. All enterprises running such software should assess their posture against this worm as soon as possible by validating that they have the latest version of Symantec AntiVirus/Client Security as well as blocking port tcp/2967 at the gateway to minimize attackable surface area.

http://research.eeye.com/html/alerts/AL20061215.html

 

Multiple Vendor Firewall HIPS Process Spoofing Vulnerability

Vulnerable:
Symantec Sygate Personal Firewall 5.6.2808
Look 'n' Stop Look 'n' Stop 2.05p2
InfoProcess AntiHook 3.0 .23
Filseclab Personal Firewall 3.0 .8686
Comodo Personal Firewall 2.3.6 .81
AVG Anti-Virus plus Firewall 7.5.431

Solution:
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.securityfocus.com/bid/21615/info

 

Microsoft Word Unspecified Code Execution Vulnerability

Description:
A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error when processing Word documents. No more information is currently available.
According to Microsoft, this is a different vulnerability than:  http://www.microsoft.com/technet/security/advisory/929433.mspx

Solution:
Do not open untrusted Office documents.

Microsoft Word  Second new vulnerability and exploit
http://www.incidents.org/diary.php?storyid=1925

McAfee information on Word Exploit
http://vil.nai.com/vil/content/v_vul27249.htm

Secunia
http://secunia.com/advisories/23205/

FRSirt
http://www.frsirt.com/english/advisories/2006/4920

 

RogueRemover 1.03

Version 1.03 (12/06/06)

Program: [110 applications listed]

1. Another minor bugfix in update function.

2. Made 'more information' textbox more readable.

Definitions:
[Added]

Adware Agent, AgentSpyware, Anti-Virus&Spyware, ArmorWall, Defenza, Easy Erase Spyware Remover, ErrorNuker, ErrorSafe, GoodByeSpy, GuardBar, iSpyKiller, Kazaap, MalwareWipe, MyBugFreePc, PrivacyCrusader, PurityScan, RegFreeze, SafeAndClean, Scan & Repair Utilities 2007, ScanSpyware, SecureMyPc, Spy Cleaner Platinum, Spy Guardian Pro, SpyFerret, SpyFighter, SpyFighterPro, Spyware Removal Wizard, SpywareAnnihilatorPro, The Spyware Detective, True Sword, TrueWatch, UnSpyPC, VideoAccess, VirusRescue

[Updated]

No definitions were updated.

[Removed]

No applications were delisted.

[Notes]

If you have any suggestions on rogue applications, please contact Malwarebytes.

History: http://www.malwarebytes.org/rogueremover_history.php

Download: http://www.malwarebytes.org/rogueremover.php

 

AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow

Description:
Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system.

The vulnerability is confirmed in America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910. Other versions may also be affected.

Solution:
Updates are automatically available for AOL 9.x users when logging into the AOL service.

Users of AOL versions earlier than 9.0 are urged to upgrade to the latest version of the AOL software.

http://secunia.com/advisories/23043/

 

Microsoft Windows Media Player ASX Playlist Remote Command Execution Vulnerability

Technical Description:
A vulnerability has been identified in Microsoft Windows Media Player, which could be exploited by remote attackers to compromise a vulnerable system or cause a denial of service. This flaw is due to a buffer overflow error in the Windows Media Playback/Authoring library (WMVCORE.DLL) when processing ASX Playlists containing an overly long "REF HREF" tag, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products:

Microsoft Windows Media Player 10

Microsoft Windows Media Player 9

Solution:

Upgrade to Microsoft Windows Media Player 11 :

http://www.microsoft.com/windows/windowsmedia/default.mspx

Or disassociate the ASX file extension :

- Double-click the My Computer icon on the desktop

- Click Tools, Folder Options and then Select the File Types tab

- Scroll to find the ASX file extension and then click Delete

Or ensure that ASX playlists are not automatically opened :

- Double-click the My Computer icon on the desktop

- On the Tools menu, select Folder Options

- On the File Types tab, select the ASX file type

- Click Advanced, and then select Confirm Open After Download

- Click OK twice to return to the My Computer window

The FrSIRT is not aware of any official supplied patch for this issue.

References:
http://www.frsirt.com/english/advisories/2006/4882
http://research.eeye.com/html/alerts/zeroday/20061122.html

 

Secunia Software Inspector

Feature Overview - The Secunia Software Inspector:

* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
http://secunia.com/software_inspector

 

Adobe Download Manager AOM Buffer Overflow Vulnerability

Software:
Adobe Download Manager 1.x
Adobe Download Manager 2.x
Description:
A vulnerability has been reported in Adobe Download Manager, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when handling section names in the "dm.ini" file as created by Adobe Download Manager when processing AOM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted AOM or "dm.ini" file.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.

The vulnerability is reported in version 2.1 and earlier.

Solution:
Update to version 2.2.
http://secunia.com/advisories/23233/
Original Advisory:
Adobe: http://www.adobe.com/support/security/bulletins/apsb06-19.html

 

Intel LAN Driver Unspecified Privilege Escalation Vulnerability

Software:
Intel PRO 10/100 Adapters (Linux) 3.x
Intel PRO 10/100 Adapters (UnixWare/SCO6) 4.x
Intel PRO 10/100 Adapters (Windows) 8.x
Intel PRO/1000 Adapters (Linux) 7.x
Intel PRO/1000 Adapters (UnixWare/SCO6) 9.x
Intel PRO/1000 Adapters (Windows) 8.x
Intel PRO/1000 PCIe Adapters (Windows) 9.x
Intel PRO/10GbE Adapters (Linux) 1.x
Description:
A vulnerability has been reported in Intel LAN drivers, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow by using certain function calls incorrectly.
Successful exploitation allows execution of arbitrary code with kernel-level privileges.
Solution:
Apply patches (see the vendor's advisory for details).
http://secunia.com/advisories/23221/
Original Advisory:
Intel: http://www.intel.com/support/network/sb/CS-023726.htm

Microsoft Security Advisory (929433)

Vulnerability in Microsoft Word Could Allow Remote Code Execution 
Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.

In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.
http://www.microsoft.com/technet/security/advisory/929433.mspx