Time to own your rules - PulledPork 0.3.4 Released!

After what seems like forever since I have made a post about anything, I am pleased to announce the general availability of the latest version of PulledPork! This new version (v0.3.4) has a significant number of bugfixes for a variety of OS/distributions in addition to the numerous feature enhancements noted below.

I would like to thank all of the individuals that provided beta testing assistance and valuable feedback. I would also like to thank all of the users that have adopted PulledPork and sent in comments / feature requests. PulledPork certainly would not be where it is without your support and contributions!

Now that we are through the mushy stuff, on to the features!

VRT Rulesets! - Support metadata based VRT recommended rulesets - The short of it is that you can now specify a default pre-defined ruleset, yes.. this ruleset was designed by the VRT! The individual pre-defined rulesets that can be specified are fairly straightforward:

• Connectivity - You run a lot of real time applications (VOIP, financial transactions, etc), and don't want to run any rules that could affect the current performance of your sensor. The rules in this category make snort happy, additionally this category focuses on the high profile most likely to affect the largest number of people type of vulnerabilities.

• Balanced - You are normal, you run normal stuff and you want normal security protections. This is the best policy to start from if you are new, old, or just plain average. If you don't have any special requirements for super high speeds or super secure networks, start here.

• Security - You don't care about dropping your bosses email, everything in your environment is tightly regulated and you don't tolerate people stepping outside of your security policy. This policy hates on IM, P2P, vulnerabilities, malware, web apps that cause productivity loss, remote access, and just about anything not related to getting work done. If you run your network with an iron fist, start here!

Changelog - This feature allows you to specify that you want a changelog (any rule that has any change in it from your previous ruleset, i.e. disabled, enabled, modified etc..) maintained for any and all changes, in a specified log file.

Inline Drops - This feature allows you to specify what SIDs you want to be set to drop, for those running an inline setup!

Multiline Rules - Added full support for parsing of multiline rules.

Enhancements - Many minor enhancements made to the debugging output, speed enhancements, code cleanup, error handling etc...

There are quite a few runtime options and configuration options, please be sure to read through the README files thoroughly, also please be sure to use the latest pulledpork.conf that is included in the tarball! That's about it for now, please feel free to participate by asking questions on the mail list at http://groups.google.com/group/pulledpork-users/ or on freenode in #snort or #pulledpork

One final note, all of the release tarballs will now be named as pulledpork-X.X.X.tar.gz to help out with those maintaining packages and ports, thanks!

Download the tarball here pulledpork-0.3.4.tar.gz
MD5SUM = 034f90a2555c5f82e760b0ce68489ad2
SHA256 = 8b775e6476d653733f3d29ea9c962a76feaf148f3204a90fd47c646802448b80

Cheers,
JJC

How to remove Guard Pro malware

Guard Pro or GuardPro is a rogue anti-spyware program, which is being installed through the use of Trojans. The number of tactics it uses is typical for such type of fake malicious programs, with the main aim to scare you to be infected with the virus and to purchase the full version of the program. You have to be aware, that the full version won’t bring any gain to your PC, thus our strong recommendation not to spend money for nothing. Among the fake alerts, which have to be ignored are those about infected files (in reality do not exist on your PC) and other numerous infections, scan results, notification about unauthorized connection to Internet etc. In order to get rid of Guard Pro malware please use Spyware Doctor.

Guard Pro screenshot:

Guard Pro removal tool:

Download Guard Pro Remover

Guard Pro manual removal guide:
Delete Guard Pro files:

VH339.exe
VHOOK.ico
VHMELHOOOK
VHJJOOK.cfg
Guard Pro
cookies.sqlite
mozcrt19.dll
sqlite3.dll
BackUp
Quarantine Items
RootLib
Guard Pro.lnk

Delete Guard Pro registry entries:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\trial_ca8cf.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Guard Pro”

Preliminaries from InSysSecure

Prior to showing its advertisements the adware of InSysSecure may harm the host system; that is why the best way to get rid of InSysSecure scam, not mention the option of never being infected with the adware, is to remove InSysSecure once your computer system is infected.
The above ads by adware of InSysSecure are sets of nag screens and alerts, both fake and misleading, which are shown with increasing frequency of appearance to limit user’s choice to two options:
- to remove InSysSecure
- to buy InSysSecure
Click here to start free system scan and InSysSecure removal using Spyware Doctor.

InSysSecure screenshot:

InSysSecure removal tool:

Download InSysSecure Remover

InSysSecure manual removal guide:
Delete InSysSecure files:

1 InSysSecure.lnk
2 Homepage.lnk
3 Uninstall.lnk
InSysSecure.exe
main_config.xml
uninstall.exe
103215zoj198.dll
10543v5zus929.bin
29495zy1d5.exe
295859pz6ec.bin
2959spzrse1354.cpl

Delete InSysSecure registry entries:

HKEY_CURRENT_USER\Software\InSysSecure
HKEY_LOCAL_MACHINE\SOFTWARE\InSysSecure
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InSysSecure
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "InSysSecure"

APcDefender malware - removal instructions

Prior to downloading any software, it is strongly recommended to get independent opinions on it. In case of APcDefender you may find dozens of reports and reviews of the software, strong majority of which state APcDefender is a scam and explain how to remove APcDefender. Unfortunately, explanations of APcDefender removal are in demand, because many users downloaded the adware trusting its self-ads without any checkup of the software, while other users were infected with the adware by special trojan responsible for backdoor invasion of counterfeits.
APcDefender is a fake antispyware advertised mainly at its websites and by trial version, which users are prompted to upgrade into full version paying relevant activation fee. There are several dozens of parasites often downloaded in association with the adware o f APcDefender or prior to it in order to perform its backdoor downloading. You need to get rid of APcDefender related parasites as they are harmful even without the adware. Click here for the beginning of APcDefender removal; removal of APcDefender scam includes removal of APcDefender adware and any related and independent scamware and viruses.

APcDefender screenshot:

APcDefender removal tool:

Download APcDefender Remover

APcDefender manual removal guide:
Delete APcDefender files:

APcDefender.exe
main_config.xml
uninstall.exe
10040spz5229.exe
10134noz5a-viru93b5.exe
10658not-a-vir9s7z25.ocx
22813virus9fz5.bin
22929zpa5bot57e.exe
22988spambzt58c9.cpl
APcDefender.lnk
1 APcDefender.lnk
2 Homepage.lnk
3 Uninstall.lnk

Delete APcDefender registry entries:

HKEY_CURRENT_USER\Software\APcDefender
HKEY_LOCAL_MACHINE\SOFTWARE\APcDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APcDefender
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "APcDefender"

How to remove PcsProtector - latest malware from Wini family

PcsProtector (Pcs Protector) is the latest rogue anti-spyware from Wini Family. PcsProtector can seriously damage your computer and cause system collapse. It will generate fake spyware detection alerts to scare users and force to pay for the remedy - "full version" of PcsProtector. We recommend to remove this nasty malware using Spyware Doctor.

PcsProtector screenshots:

Download PcsProtector Remover:

PcsProtector Removal Tool

PcsProtector manual removal guide:
Delete PcsProtector files:

main_config.xml
PcsProtector.exe
uninstall.exe
10566viruz2809.dll
10652not-a-virus69z.cpl
1092sp5wzre1923.bin
10501not-a-vizus359.dll
105259orz1d2.dll
1058ztroj95e.cpl
.exe
PcsProtector.lnk
1 PcsProtector.lnk
2 Homepage.lnk
3 Uninstall.lnk

Delete PcsProtector registry entries:

HKEY_CURRENT_USER\Software\PcsProtector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcsProtector
HKEY_LOCAL_MACHINE\SOFTWARE\PcsProtector
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PcsProtector"

Remove GreatDefender (GreatDefender) rogue anti-spyware

There are likely to be at least several other infection but GreatDefender at the PC that shows GreatDefender (Great Defender) windows and alerts, especially in case of GreatDefender unauthorized backdoor downloading&installation, since in such a case a trojan downloader has infected your computer system in advance and then arranged backdoor invasion of the adware. Therefore a complex tool is normally required to remove GreatDefender adware or rather to get rid of GreatDefender scam as a system of same-name adware and related infections.
Other trojans are often downloaded bundled with the adware and then create system disordering and reduce system security preferences exposing the system to virus attacks and arranging backdoor downloading of other adware and spyware. Click here to start removal of GreatDefender scam and get a reliable protection through the proper adjustment of your system and detecting and blocking virus and worm attacks.

GreatDefender screenshot:

GreatDefender removal instructions:

GreatDefender Removal Tool

GreatDefender manual removal guide:
Delete GreatDefender files:

GreatDefender.lnk
1 GreatDefender.lnk
2 Homepage.lnk
3 Uninstall.lnk
GreatDefender.exe
uninstall.exe

Delete GreatDefender registry entries:

HKEY_CURRENT_USER\Software\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Total PC Defender

Security Tool remvoal includes "Security tool warning" popup removal

If you believe you have completed removal of SecurityTool but still can see "Security Tool Warning" popup displayed at your desktop toolbar, you have not actually completed Security Tool removal.

"Security Tool Warning" popup is a part of Security Tool advertisement. Security Tool is a rogue antispyware of the malware family that includes the following counterfeits: WinWebSecurity, SystemSecurity. Security Tool is distributed according to several techniques of both backdoor and informed downloading and installation.
Users also blame "Security Tool Warning" popup as to the most annoying part of Security Tool. They ask how to remove "Security Tool Warning" popup even though it is a part of Security Tool scam and they understand it, because "Security Tool Warning" popup is often followed by system freeze or unexpected reboot ( that is why Security Tool is classified as scareware).
To get rid of "Security Tool Warning" popup, as well as of the rest of Security Tool scam, click here to apply Spyware Doctor - universal antispyware and antivirus, which ability to remove "Security Tool Warning" popup, as well as Security Tool and related infections, has been verified and certified.

"Security Tool Warning" popup screenshot:

"Security Tool Warning" popup removal tool:

Download "Security Tool Warning" popup Remover

"Security Tool Warning" popup manual removal guide:
Delete "Security Tool Warning" popup files:

4946550101.bat
4946550101.cfg
4946550101.exe
Security Tool.lnk

Delete "Security Tool Warning" popup registry entries:

HKEY_CURRENT_USER\Software\Security Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “4946550101″