Trademark Goons = Scum

I had to make a new category for this little rant. If you are an avid reader of my blog or even an erstwhile one chances are you have been to castlecops for assistance or advice. Well castlecops is being sued by a scumbag trademark troll who assertion is that he owns all rights to the use of the word CASTLE.

http://www.castlecops.com/a6615-Leo_Stoller_targets_CASTLECOPS_Trademark.html

Well I want to make it known that I hereby trademark the work "the" anyone who uses the word "the" will need to pay me. Oh and I am not done yet I think I am going to go through the rest of the dictionary and find other common words to trademark. Seriously though this is just stupid, I understand protecting yourself if you have a legitimate trademark violation issue. But to trademark a common word and pounce on companies then bully them into settling well that is just plain wrong.

Read their response here

http://www.castlecops.com/a6616-CastleCops_responds_to_Leo_Stoller.html

Good job I am glad to see ya'll taking this guy head on. Paul and Robin if you put a link to a defense fund on your website I will be more than happy to donate. You guys have done so much to help so many people and I for one think this is just another indication of how Trademark and Patent laws here in the USA are reqularly abused.

On a side note I my nickname Psyne is also the name of a band in England, and a clothing line in Arizona. This has been my nick since the early 90's and also the name of my website site since 2000. I don't mind sharing the name with ya'll and I don't think there is any chance of brand confusion but if you don't like then please contact me and we can work something out without needing to involve the lawyers.

Sorry about the long delay in posting

I have one more test left and then I will have completed my MCSE/Security specialty. I know it has been a while since I have posted but I will be posting once I have finished this last test. So hopefully two weeks. Thank you all for your patience, and emails and I look forward to picking up where I left off.

Spyware Quake Removal

To remove Spywarequake:

Using my SSQKit kill the following processes

dfrgsrv.exe
searchnet.exe
nvctrl.exe
spywarequake.exe

Download and merge the killsq.reg file with your registry

Next using the SSQKit search for and unregister the following dll*

stickrep.dll

In the find section type the name of the dll and then right click on it once found and choose unregister

Finally using the ssqkit find and delete the following files and folders

Delete the following files:

C:\Windows\System\, C:\Windows\System32\ or C:\Winnt\System32\dfrgsrv.exe
C:\Windows\System\, C:\Windows\System32\ or C:\Winnt\System32\mssearchnet.exe
C:\Windows\System\, C:\Windows\System32\ or C:\Winnt\System32\nvctrl.exe
C:\Program Files\SpywareQuake\spywarequake.exe
C:\Windows\System\, C:\Windows\System32\ or C:\Winnt\System32\stickrep.dll
C:\Program Files\SpywareQuake\sq.ini
C:\Windows\System\, C:\Windows\System32\ or C:\Winnt\System32\hp[randomletters and numbers].tmp
C:\Windows\System\1024, C:\Windows\System32\1024 or C:\Winnt\System32\1024\ld[randomletters and numbers].tmp

Delete the following folders:

C:\Program Files\SpywareQuake
C:\Windows\System\1024
C:\Windows\System32\1024
C:\Winnt\System32\1024
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpywareQuake

After you are all done restart your computer and once satisfied delete the backup files from c:\killit

Free USB drive from Microsoft

You can get a free USB drive from Microsoft for answering a few simple questions.

Click here

And then click on this picture

The answers are

How many ways are there to obtain a full Microsoft® Windows® Desktop license?

2

Volume License Agreements cover Windows® Desktop operating system upgrades only.

True

OEM operating system licenses are non-transferable.

True

The most cost-effective way to acquire an initial, full underlying Windows Desktop license is preinstalled.

True

After answering the questions you will see a confirmation screen

And in 6 – 8 weeks you should get your thumb drive.

Incredifind Removal

In cruising the spyware removal foums I have noticed more and more people having problems removing incredifind. Interesting fact incredifind was one of the first pieces of spyware I worked to remove and I found it then and still a decpetive and malicious piece of software that employs every trick possible to keep itself from being removed. So if you are having problems with read on for instructions how to remove it.

To remove SpyFalcon:

Download and run hijackthis, in hijackthis check off the boxes next to the following and click remove

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

Using my SSQKit kill the following processes

delupdat.exe
sui.exe
wupdater.exe

Next copy the following and paste in notepad and save as killap.reg

**after you have saved the killap.reg file double click the file to add the changes to the registry

REGEDIT 4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"
"Use Custom Search URL"= dword:00000000
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updater
[-HKEY_LOCAL_MACHINE\Software\IncrediFind]
[-HKEY_LOCAL_MACHINE\Software\updater]
[-HKEY_CLASSES_ROOT\BHO.IncrediFindBHO]
[-HKEY_CLASSES_ROOT\BHO.IncrediFindBHO.1]
[- HKEY_CLASSES_ROOT\CLSID\{5D60FF48-95BE-4956-B4C6-6BB168A70310}
[- HKEY_CLASSES_ROOT\Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}
[- HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}
[ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\]
"{5D60FF48-95BE-4956-B4C6-6BB168A70310}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
"{5D60FF48-95BE-4956-B4C6-6BB168A70310}"=-

Next using the SSQKit search for and unregister the following dll*
incfindbho.dll

In the find section type the name of the dll and then right click on it once found and choose unregister

Finally using the ssqkit find and delete the following files and folders

delupdat.exe
sui.exe
wupdater.exe
incfindbho.dll

C:\Program Files\IncrediFind
C:\Program Files\Common Files\updater

After you are all done restart your computer and once satisfied delete the backup files from c:\killit

Mac OSX Virus er Trojan or is it just Malware

I am sure I will be assaulted with plethora of emails pointing out that this does not execute any vulnerability to infect OSX machines. Truth is that the initial infection occurs through user interaction but the virus then propagates through the machine using the searchlight feature, and then sends a copy of itself via the aim and iChat buddy list. I feel confident that this is merely the first of such viruses to come for OSX I hope it isn't but it merely reinforces the fact that security through obscurity is not a valid defense. Users who believe they are protected because of their Operating System be they Apple, Linux or fully patched Windows systems still must use common sense when executing files from people they don't know and trust.

Mac Rumors: The First Mac OS X Virus? (A New OS X Trojan)

Wow this is too creepy for words

I wonder when this is going to become standard operating procedure? If so I hope I am out of the information technology field by then.

Company requires RFID injection

SpyFalcon Removal

While reading Sunbelt Software I saw a post for a new rouge anti spyware application called SpyFalcon, going to my favorite spyware assistance boards I saw a blitz of help requests regarding spy falcon. A cursory look at SpyFalcon it seems to be yet the latest fake anti-spyware application in a recent blitz of rouge anti-spyware programs that infect computers mask themselves as beneficial and then resist removal. Once installed on a users system SpyFalcon adds an icon to the system tray, the icon says the computer is "is infected with dangerous spyware parasites and asks the user to download and install a removal program". If the user says ok then spy falcon runs tell the user there is numerous issues with their system and then offers to remove the problem if they will pay for the full version of SpyFalcon.

To remove SpyFalcon:

Download and run hijackthis, in hijackthis check off the boxes next to the following and click remove

O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h

Using my SSQKit kill the following processes

spyfalcon.exe

Next copy the following and paste in notepad and save as killap.reg

**after you have saved the killap.reg file double click the file to add the changes to the registry

REGEDIT 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
"SpyFalcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\]
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}]

Next using the SSQKit search for and unregister the following dll*
dxmpp.dll

In the find section type the name of the dll and then right click on it once found and choose unregister

Finally using the ssqkit find and delete the following files and folders

C:\Program Files\SpyFalcon
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpyFalcon

From the system folder (C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32) delete the following file

dxmpp.dll

After you are all done restart your computer and once satisfied delete the backup files from c:\killit

If you are running an older version of Java Update ASAP

Seven vulnerabilities have been reported in Sun Java JRE (Java Runtime
Environment), which potentially can be exploited by malicious people to
compromise a user's system.



The vulnerabilities are caused due to various unspecified errors in the
"reflection" APIs. This may be exploited by a malicious, untrusted
applet to read and write local files or execute local applications.



The following releases are affected by one or more of the seven vulnerabilities on Windows, Solaris, and Linux platforms:

* JDK and JRE 5.0 Update 5 and prior

* SDK and JRE 1.4.2_09 and prior

* SDK and JRE 1.3.1_16 and prior

Solution:
Update to the fixed versions.



JDK and JRE 5.0:

Update to JDK and JRE 5.0 Update 6 or later.

http://java.sun.com/j2se/1.5.0/download.jsp



SDK and JRE 1.4.x:

Update to SDK and JRE 1.4.2_10 or later.

http://java.sun.com/j2se/1.4.2/download.html



SDK and JRE 1.3.x:

Update to SDK and JRE 1.3.1_17 or later.

http://java.sun.com/j2se/1.3/download.html


Secunia - Advisories - Sun Java JRE "reflection" APIs Sandbox Security Bypass Vulnerabilities

Blog posting slowing as life catches up

Regular readers of Talesfromthetechside will notice that my posting frequency is slowing. This is for three factors:

1. I am studying for my MCSE and CISSP exams in March
2. I am going to school full time and doing less technical and more interpretive work that requires me to write longer more detailed papers
3. Work has put some interesting projects on my plate that have been captivating my attention even in my off time.

This doesn't mean that Talesfromthetechside is going to dry up and nothing will be posted at all. Rather that it has moved down my priorty list. Though if you email me I will be happy to reply and help you fix your computer problems or write an article on a computer security, malware, virus etc... topic of your choice.