Link exchange requests gone wrong

By Giedrius Majauskas on January 1, 2011

Link exchange between sites of same niche is valid and accepted way of site promotion with some search engine benefits. However, the requests for such link exchange go wrong sometimes. On New Years Eve I got such a request that I would like to share.

Now what is wrong with this letter? I would say EVERYTHING.
Firstly, it is obvious, that the sender is using automated or half-automated messages. It is obviously a template letter. I strongly doubt they have seen my site as they haven’t shared anything about it. There is no motivation to add a link.
Next, even without looking at the sites, I can spot a lie – our site niches are not related. This means that there are not only no use for me, but one would likely to get a penalty for linking to unrelated sites.
Third, a small detail. The names of sender does not match the ones in message header. This is one more proof of automated scheme.
Fourth: if you are sending non-automated message, do not add a line “if you do not want being contacted again”… Thats smells like automated message.
Thus, it is clear that these 2 sites, hxxp://globadstrategies.com and hxxp://workfromhome.business.edu.pe are promoted by trying to get any link, not only related one.
How to do it right way? Do some research, people. Talk with the people behind related, however non-competing websites.

Posted in | Tagged | 1 Response

What is Bitnami stack and why should you be interested in it?

By Giedrius Majauskas on December 4, 2010

Bitnami stack is a package of software that is required to run specific web application separately. Typically, web applications require server programs preinstalled and running : web server ( apache usually), database server and various components. Bitnami “Stack” is free pre-assembled packages, that can be installed and launched on your own PC, home server, virtual box or cloud server. Yes, there are Bitnami stacks for Amazon AWS and GoGrid too.

Why Bitnami is useful? I see three main reasons: solving dependancies for launching simple applications, speeding up installation process and keeping system secure from the possible bugs in application. Lets tackle all of them.

Firstly, launching some web applications might be a nightmare. This is especially true if the application has specific requirements for software versions and modules. One might need to install particular version of Ruby, rails or php. one would need to install proper apache modules, etc. Bitnami makes it simple – just one install for everything required.

Next, is the speed of the installation and security of this approach. To install and make everything work one would spend more than couple minutes that Bitnami installation takes.  And the best of it – it can be run at user space by non-administrative user, which would limit damage if something really wrong would happen. You will not have to install additional modules to your webserver, or install something into existing software to make stack work. You will not have to doublecheck if other applications are running properly after the installation.

I use Bitnami to get all Ruby dependancies for redmine installation of mine. While I do not need a custom webserver and separate mysql process, Ruby installation had paid off. If you do not want run separate apache process listening to specific port, you have to remove the apache ctrl files in Bitnami installation and change the configuration for virtual you reserved for the application. Just copy the information from application config file available in application folder (apps\redmine\conf in my case) into the virtual configuration and restart your main apache. The same way I turned off svn and might turn off separate mysql process as well.

More info about bitnami is available here.

Posted in | Tagged , | Leave a response

FanBox com scam

By Giedrius Majauskas on November 25, 2010

Fanbox.com is a spam service that pretends to be a “social network”. It is a scam, because it generally does 2 things:
a) provides paid SMS solution while being listed in couple of sites as phishing one (hphosts, for example)
b) Spams people in contact list with deceitful emails to grow its business.
I’ll focus on second part this time: spamming. Actually, my mother got scammed into joining this “service” and all her gmail contacts got invites from the scammers. First, she got email that looket like this:

Hi,

I set up a profile where I can post photos, connect and share.

Do me a favor and confirm our relationship here
.

Thanks,

Notice how personal it look? But it is not personal – both my mother and the person sent this email are not english speakers. Still, she got convinced that it was the senders intention to invite. When clicking on the link, account is created.
Another email example :

xxx xxx wants you see this tiny youtube video. Launch

The link opens a page with a big button and checkbox that you agree with the rules. When pressing confirm you are sent to a page where you see no video, but can send something back to the person… What you do not know, your account is already created: The links have your emails encoded and you do not need to provide password ( although you are asked to enter it later). This is deceptive from FANBOX.
The worst is that from these points onward people are pushed to provide fanbox with gmail account details to import and spam contacts. They understand what they have done only after their contacts start getting multiple spam messages like the ones above to join (and help spreading) this spam site.

The company behind this runs SMS.ac. They are known about their spam tactics before.
I would recommend staying away from FanBox and never providing mail account details to any 3rd party service you do not know. It is best to use separate password for gmail account as well. If you have registered an account, or know someone who was careless enough, please warn them to delete the account. It can be done by going to account settings menu (skip every step) and choose delete account. You will have to enter a reason for that.

Posted in | Tagged , , | 13 Responses

Ultra Defragger – a fake disk defragmenter

By Giedrius Majauskas on November 14, 2010

A new fake system maintenance utility is infecting more and more PCs this weekend: Ultra Defragger. This malware is clone of HDD Defragmenter/System Defragmenter/etc and has little differences except in the name. It shows same outrageous claims about hardware malfunctions and offers software-based “cure” for 80 USD. Everything it shows is a lie.ultra-defragger
For example it detects stuff like this :

  • “Drive C initializing error” – You would not be able to load OS on such corrupt Hard drive
  • GPU Ram temperature to high – it would require either stopping graphically intensive operations or installing a hardware cooler, not some sort of software
  • “Hard drive doesn’t respond to system commands” And how do that software gona fix this?

    • To make a point, Ultra Defragger tries to simulate system malfunction. It will stop programs and files from execution couple times before you will be able to lauch them. Good thing this is not permanent and you can execute almost any program despite Ultra Defraggers scare tactics.
    However, if you think everything Ultra Defragger does are harmless, you are wrong. Its makers are out for money, and they infected your PC. They might have opened way for other parasites that might be loaded on command, or Ultra Defragger might get more nasty with time. Thus you should remove Ultra defragger as soon as possible.
    The best way to remove ultra defragger is cleaning up TEMP folders in safe mode. That is where it resides. Read my full manual removal guide on 2-viruses.com and do not forget to scan with good malware removal programs afterwards to make sure you got every piece of this malware out.
    It is very likely that you would not had got Ultra defraggers infection if you got Spyware Doctor, full version of Malwarebytes or full Internet Security Suite from one of major antivirus vendors.

Posted in | Leave a response

Do not stop removing malware halfway

By Giedrius Majauskas on October 28, 2010

The popularity of rogue anti-virus programs, such as Security Tool, or the fake Microsoft Security Essentials clones like Think Point, speaks to the fact that many people are completely oblivious as to how these parasites are to be dealt with. I will therefore try to dispel some misconceptions about these parasites.

First of all, many people believe that it is more than enough to use one security program to get rid of rogue anti-spywares. Basically, they believe that “out of sight” is equal to “out of the system”, which is not true. In many cases a particular anti-spyware may seem to have removed a rogue anti-spyware, but it might leave traces – files, registry entries and so on, but most importantly rootkits and trojans. For those who don’t know what a rootkit is, in layman’s terms, it’s a process that hides from other processes on an system. This process can do a lot of bad things, even allow hacker to have privileged remote access to the system, or download other programs on command. So, basically, if your fail to remove rootkits after an infection, your system might still be part of a botnet, and it might get reinfected.

Multiple security tools generally solve the problem: there are ones that are better against malware, and then there are those, which work better against rootkits – do your research and choose accordingly. The most prevailing rootkit family today is TDSS. These are often the culprit behind browser redirection on systems that have no other infection signs.  At the moment good choice of tools would be TDSS Killer together with couple anti-malware tools like Spyware Doctor or Malwarebytes. I have good results with Hitman Pro as well.

This, however, is not the whole story. Another important thing you have to make sure of is that you update your software. Not just windows, but also your other software, especially your browser and browser plug-ins – these may be exploited to infect your system. Keep your system up-to-date and protected, so you will not need to spend long hours repairing it from infections.

Posted in | Tagged | Leave a response

ThinkPoint – a change in Fake microsoft Security essentials strategy

By Giedrius Majauskas on October 25, 2010

Faked MSE popups have confused lots of people since their launch on August. Most of people have heard about Microsoft Security Essentials, and they did not expect that it could be a sign of malware infection. It was clever step to give users a choice of five rogues. However, for some reason this changed.thinkpoint_gui

Meet ThinkPoint – a new fake Antivirus that is spread by the same set of trojans originally focusing on Antispy Safeguard. Now you do not have to download one of five rogues. You get ThinkPoint silently installed by default.
First thing you see is a fake Microsoft Security Essentials window that starts scanning your PC. It will state, that your PC is infected with Trojan, for example Trojan.Horse.Win32.PAV.64.a. It will ask for reboot to finish removal procedure. After a reboot you get a completely new fake AV window instead of MSE.

Thinkpoint will claim that it restored some infections, but restoring infected “browsers” requires a heuristical, paid module. It will not allow you to uninstall the “antivirus”, as your settings do not allow “unprotected” startup, and it will block execution of majority of legitimate programs claiming that you are infected.

It will also show various warnings about hackers attacking PC. These messages can be discarded, however it will not allow you launching them. In fact, it might even change permissions to stop execution of legitimate programs when virus is inactive.

The best way to stop thinkpoint and remove this scam is to stop its processes by pressing ctrl+shift+esc and stopping process hotfix.exe. Afterwards, launch explorer.exe as a new process and download a good malware remover like Malwarebytes or Spyware doctor. Check our Thinkpoint removal guide for full file names and removal instructions.

You should never Pay for rogue antivirus programs like ThinkPoint. You give away your credit card details to scammers that way.

Posted in | Tagged | Leave a response

Reimage: is it worth it?

By Giedrius Majauskas on October 25, 2010

Reimage is a automated registry and PC repair tool. It is similar to Registry cleaners, though it claims that it works differently, by performing deeper analysis of  PC health and having a configuration and file repository, which allows reversing of damage done to PC (aka deleted files/drivers/etc).

The controversy with reimage is that it is relatively costly. Also, It had some unfavourable reviews (by Steven Burns, whom I highly respect, on WOT forums). However, more than half a year have passed, and they have claimed that Reimage was heavily improved. Also, they have contacted me as the owner of 2-viruses.com for promoting it. So, I have decided to test it on one of our testbeds.

First of all, the install procedure is really 2-fold: you download small installer, it downloads remaining program. Such installers are easier to distribute for the owner, but have important drawback for fixing heavily-corrupted PC: you can not install program without internet easily. And fixing internet connection is one of the most important tasks for such tools.

The interface looks nice, and I have not noticed excessive scaring like Steven  described in former version. However, lots of things are for show only: The nice bars for showing your hardware properties compared to average, etc. All the information was displayed minutes before the bars in text format already. Also, the results are not accurate. For example, the 3-5 years old 2.5Ghz celeron has “average” computer speed.

The PC used for testing ReImage was freshly reinstalled. On particular PC, it found one problem only : that Microsoft Installer crashed sometimes. All other scans came out clean. I can accept as having no false positives. Funnily enough, the PC used for testing was infected, but its Virus scan came out clean as well (it had Security Tool infection, for testing purposes). So its virus scan is not the best.

In the end, it suggests to fix that particular problem.

After clicking that button, you are required to enter your email and forwarded to a webpage where you are asked to pay 50 E for fixing microsoft installer problems, where fix is far for guaranteed (it depends on programs which caused the installer to crash). That is a bit too much for my taste :)

Overall, I can not recommend Reimage for now, even if it might be good and useful couple years in the future.

Posted in | Tagged | Leave a response

What is Google Redirect Virus?

By Giedrius Majauskas on October 19, 2010

Google redirect virus is a group of trojans and rootkits that redirect user searches to undesired websites. Such behavior can be noticed during rogue antivirus attacks as well, when search is hijacked and no legitimate malware remover companies are displayed or accessed in results. Thus Google redirects are quite dangerous. These redirects might affect other websites (or search engines) as well.

There are several flavors of google redirect virus. The first one is simple proxy server, set up in each of affected browsers. All internet connections are passed through rootkit or trojan process and each link might be redirected to other website. A good antivirus or anti-malware tool should get rid of this type of infection, though in case of rootkit one needs TDSS killer by kaspersky lab or similar tool. There are other families of rootkits that have effect like that too. Quite typically, after removing malware processes internet stops working completely and one has to remove proxy server manually.

In some cases it is just an malicious browser add-on. If only one program is affected an no proxy is set up in that program, browser addons are the culprit. A good malware remover takes care of this problem as well and completely. Malwarebytes, superantispyware and Spyware Doctor are programs to choose from.

Some of the redirects might affect DNS server. This is done either in HOSTS file, or in TCP/IP settings of your internet connections. In ultimate cases it might affect your router as well. Some of these things are harder to detect, and can be repaired manually or by specific programs only.

We have written a nice guide about removing Google Redirect viruses on 2-viruses.com in the past and most things apply. If spyware Doctor or other remover does not help, try running combofix or going through that guide.
is a group of trojans and rootkits that redirect user searches to undesired websites. Such behavior can be noticed during rogue antivirus attacks as well, when search is hijacked and no legitimate malware remover companies are displayed or accessed in results. Thus Google redirects are quite dangerous. These redirects might affect other websites (or search engines) as well.

There are several flavors of google redirect virus. The first one is simple proxy server, set up in each of affected browsers. All internet connections are passed through rootkit or trojan process and each link might be redirected to other website. A good antivirus or anti-malware tool should get rid of this type of infection, though in case of rootkit one needs TDSS killer. There are other families of rootkits that have effect like that too. Quite typically, after removing malware processes internet stops working completely and one has to remove proxy server manually.

In some cases it is just an malicious browser add-on. If only one program is affected an no proxy is set up in that program, browser addons are the culprit. A good malware remover takes care of this problem as well and completely. Malwarebytes, superantispyware and Spyware Doctor are programs to choose from.

Some of the redirects might affect DNS server. This is done either in HOSTS file, or in TCP/IP settings of your internet connections. In ultimate cases it might affect your router as well. Some of these things are harder to detect, and can be repaired manually or by specific programs only.
We have written a nice guide about removing Google Redirect viruses on 2-viruses.com in the past and most things apply. If spyware Doctor or other remover does not help, try running combofix or going through that guide.

Posted in | Tagged | Leave a response

Skype for Android phones is out

By Giedrius Majauskas on October 5, 2010

Today I got chance to download Skype for Android. Although it was available for Verizon users in USA, most of us could not enjoy it. We had to resort to Fring or Nimbuzz. Although both of these are good chat programs, they worked not so well with Skype.
The interface of program is really nice, though termination of program could be made simpler. I use skype as chat program mostly, so I am not so fond about its calling feature integration with phone dialer, though it might be useful for me later on. I appreciate the profile synchronization options, as you can synchronize important contacts only.
What surprised me is the way skype synchronizes chats between my PC and the Android device. I see what I send on both of devices which is very useful for me. I might want to check the logs or check the links that were sent to me.
I liked the new chat interface too, which reminds of some SMS messaging apps. Here a screenshot, sorry for the quality:

Overall, I am planning on disabling Skype chat on my Nimbuzz program, as I see no more reason to use third party applications for that. You can download and try it yourself, just search for skype in the Android market.

Posted in | Tagged , | Leave a response

Hypocritical rogue bloggers in TechJaws

By Giedrius Majauskas on October 1, 2010

I read security blogs daily. For 2 months, I read TechJaws too, which is quite well written, but quite inexperienced in what they are doing.

Some of the “best posts” are ones that bash “Rogue” bloggers and sites with poor WOT reputation. I am on the bad side of this argument, as my rogue removal site 2-viruses.com has not too good reputation. This is how they attracted my attention in the first place.

However, the last post kind of crossed the line : Auto Blogs are Unethical and Downright Wrong . Here Frank claims that auto blogs are unethical, as they do not attribute the owner. And I completely agree that this is unethical, though simplifying everything to direct money gain is a bit too easy.

However, the problem with this statement is that he is not attributing the ownership himself. And that is easily proven by checking some things in the last removal descriptions provided on techjaws.com for Antivirus IS. Here a screenshot:

An interesting part on this screenshot is the way infected files are used. There are 2 lines referencing XP file locations, and one line referencing Windows 7 file locations in completely different format. Note, that there is an user User referenced, and the way random file names are used.

When I asked Frank on comments on the autoblog topic, I got this response, that he tested it on Virtual Machine. Well, that is possible, if he has VMs running 2 different operating systems AND uses inconsistent file naming out of hurry.

However, a simple google search clears all the doubts:

Note, in which company techjaws site is : All other sites are rated RED. At least one of them is referenced in other posts bashing sites with RED WOT rating. And all of other sites posted removal instructions for Antivirus IS couple days earlier than TechJAWs. are they mind readers?

To clear last doubts, here is screenshot from spywarevoid (I am not affiliated with that site, though I know people that work there and  that it does not belong to Frank).

Can it be that 4 different sites test Rogue on 2 machines in exactly same configuration and have same inconsistency displaying results, even if the sites are not owned by the same people?

Now I would not bash anyone for copying part of other people work. Even the attribution can be hard due to fact that you might miss the original poster, and do not want to credit someone that is clearly a rogue blogger. I am guilty of similar things in the past, though I am trying to do it better now. But I will never bash other people. And I will always attribute original author if reminded.

What I do not like is hypocrisy: bashing others and doing same thing. It is especially bad, as TechJaws displays advertisements (google ads and others), thus it tries to gain some money out of blogging.

Posted in | Tagged , | 1 Response

« PreviousNext »