Tuesday, June 29, 2010

PulledPork 0.4.2 - get it while it's hawt!

This release represents a number of significant enhancements and features (all listed below). Probably the most important to note are the changes from a delimeter of | to : when modifying rule state. We also now automatically determine snort version and OS arch. One of the most useful features, IMHO, is the pcre: rule state modification capability.. see the rule modification configs for more details... but let's say that I wanted to disable ALL MSXX rules because I run a strictly *nix environment... simply place something like pcre:MS\d{2}-\d+ into the disablesid.conf and use that file by specifying -i.

As noted below, there are MANY other changes, fixes, and additions so please don't hesitate to ask questions in irc (freenode #pulledpork) or on the mailing list.

get it here -> http://code.google.com/p/pulledpork

v0.4.2

New Features / changes:
  • Capability to modify rules by category (See README.CATEGORIES)
  • Capability to modify rules using regular expressions (pcre:) - See sid modification configs
  • Capability to use regular expressions in specific rule modifications - See sid modification configs
  • Changed the | delimiter for cve,bugtraq etc to :
  • Added README.CATEGORIES
  • Added README.SHAREDOBJECTS
  • Follow flowbit chains
  • Moved README files to doc
  • Automatically determine arch
  • Automatically determine Snort Version
  • Added some verbiage surrounding HUP vs Restart vs When/where/who and how
  • Added support for new snort.org download scheme of http://snort.org/reg-rules...
Bug Fixes:
  • Certain rules specific GID values were not being properly parsed by the modifysid sub.
  • Bug #20 fixed, ranges are no longer off by +1 additional rule being enabled
  • Enhancement request #21, added more descript information to dropsid.conf and to README
  • Fixed flaw that caused certain flowbits to not be set (when GID boundaries were crossed and multiple keys were checked)
  • Enhancement request #22 updated the master config file to contain all of the currently available precompiled SO rules
  • Remove risky system calls, use handles instead
pulledpork-0.4.2.tar.gz latest hashes:
MD5SUM = d11b9d884f940a0df293718a4d4b3913
SHA256 = 3491b8c3c99c621cfd6467da2c43866f33ede1d096538e4a497cdf52b49ad677

Cheers,
JJC
Posted by at No comments:
Labels: , , ,

Sunday, June 27, 2010

Av-look.net free hijacker remover

Av-look.net is the web-site designed to promote malicious software (AV Security Suite). This fake security software may redirect users to Av-look.net in order to scare and force to purchase "full" version of itself. Click here to download and install Spyware Doctor - it will detect and remove Av-look.net hijacker, AV Security Suite rogue and other fraud softwares.

Av-look.net screenshot:



Av-look.net removal tool:

Posted by at No comments:
Labels: , , , , ,

Thursday, June 24, 2010

Profantivir.com hijacker. Free removal

Profantivir.com is the latest fake security web-site designed to scam users and force them to download and purchase AV Security Suite rogue anti-spyware. Profantivir.com may replace browser homepage (it uses trojan horse) and redirect to fake security alerts and warnings in order to scare users. We recommend to use Spyware Doctor with free scan to remove Profantivir.com and related trojans from your computer.

Profantivir.com screenshot:



Profantivir.com removal tool:

Posted by at No comments:
Labels: , , ,

Thursday, June 17, 2010

Antispantispycastle.com hijacker remover

Antispantispycastle.com is the latest browser hijacker from AV Security Suite family. It uses trojan horses to infect your computer, hijack browser homepage and redirect searches to fake security warnings and alerts. We recommend to remove this annoying malware using removal tool with free scan (Spyware Doctor).

Antispantispycastle.com screensot:


Antispantispycastle.com removal tool:

Posted by at No comments:
Labels: , , ,

Wednesday, June 16, 2010

Rather Notorious Scam: AV Security Suite rogue anti-spyware

AV Security Suite has attracted so far, according to the expert’s evaluation and unofficial surveys, at least few thousands of victims. The proportion of cases of infections, i.e. when the adware is dropped by infector like trojan, and cases of luring or rather duping, i.e. when users are lured or rather duped to upload the adware, is considered to be more or less equal.
Remove AV Security Suite adware and any program that would be identified as unsafe according to the free scan results by AV Security Suite removal tool or else you need to take the misleading alerts and scan by the adware, as well as there is essential risk of system deterioration.. To launch the free scan and to get rid of AV Security Suite adware, click here for instant upload of AV Security Suite remover.

AV Security Suite screenshot:


AV Security Suite removal tool:


AV Security Suite manual removal:
Delete AV Security Suite files:
%UserProfile%\Local Settings\Application Data\\
%UserProfile%\Local Settings\Application Data\\.exe
Delete AV Security Suite registry entries:
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:1041"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"

Posted by at No comments:
Labels: , , , , , ,

Tuesday, June 15, 2010

Big and Small Threatremover.net Related Adware

Threatremover.net is important link in adware marketing. Basically, users transfer money to hackers entering the purchase page through the website. If not, they download the adware as trialware from Threatremover.net. If still not, i.e. if the adware has been injected by stealth as a backdoor installation, the adware arranges users’ webs-surfing redirection to Threatremover.net. It is important to remove advertised at Threatremover.net adware described by hackers as trialware of system utility. But yet there is a small or preliminary adware classified as a browser hijacker and named after Threatremover.net. You need to get rid of MalwrCatcher.com hijacker as the hijacker is the program responsible for users’ visits without their agreement to Threatremover.net and/or you need to remove Threatremover.net big adware, should you see any symptoms of the hijacker and/or main adware. Click here to launch the removal of Threatremover.net infections.

Threatremover.net screenshot:


Threatremover.net removal tool:

Posted by at No comments:
Labels: , , ,

Google Redirect Virus finds Tricky Websites for you

Google Redirect Virus is the name applied to several slightly different modifications of virus that affects browsers of infected computer system. It is a cunning program that redirects users to websites preset by hackers when they google any word. It may as well show fake Google page with misleading search results, add shortcuts to porn links at the desktop and block access to legit websites, in particular, those able to provide Google Redirect Virus removal tool.
Click here to start free scan and remove Google Redirect Virus and get rid of Google Redirect Virus related trickery.

Google Redirect Virus removal tool:

Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)