Malware, Malware and more Malware.

For the past week I have been removing a lot of Malware from a lot of computers running Windows XP, Windows Vista, Windows 7 and Windows 8. Some are harder to remove than the others. In general I’d like to avoid the Scorched-Earth scenario whenever possible, as it is the last resort.

Malware Script

There are a lot of ways to remove Malware, there is not a single solution.

Whenever removing Malware from Windows computers I tend to boot to Safe mode with a Command prompt and remove any Malware reference from “Run” key in the registry and Start from Programs Menu.

Some tools/programs that I use:

I then use Microsoft’s Malicious Software Removal Tool and Safety Scanner to for the second run of Malware removal.

There are a lot of other tools/programs that I use to remove the Malware whenever necessary.

 

Scam Alert: Fake OpenOffice.org download.

I was going through the server log parsing out spammy referrer links and one of the sites triggered a pop-up:

First off, the official OpenOffice.org site is in its name: OpenOffice.org.

This galleries.secure-softwaremanager.com must be spreading malwares. It actually checks the Operating System. Since I was using Camino Browser on Mac OS X, it returned an error message:

I am adding this url to the site blacklist.

By the way, if you are looking into downloading OpenOffice.org, you might want to check LibreOffice. It is a project forked from OpenOffice.org development.

Whois information on secure-softwaremanager.com:

http://www.networksolutions.com

Visit AboutUs.org for more information about SECURE-SOFTWAREMANAGER.COM
<a href=”http://www.aboutus.org/SECURE-SOFTWAREMANAGER.COM”>AboutUs: SECURE-SOFTWAREMANAGER.COM </a>

Registrant:
Pinball Corp
3600 1 36th place Se.
Bellevue, WA 98006
US

Domain Name: SECURE-SOFTWAREMANAGER.COM

————————————————————————
Promote your business to millions of viewers for only $1 a month
Learn how you can get an Enhanced Business Listing here for your domain name.
Learn more at http://www.NetworkSolutions.com/
————————————————————————

Administrative Contact, Technical Contact:
Pinball Corp        neteng@pinballcorp.com
3600 1 36th place Se.
Bellevue, WA 98006
US
425-279-1200

Record expires on 08-Dec-2011.
Record created on 08-Dec-2010.
Database last updated on 26-Feb-2011 00:44:52 EST.

Domain servers in listed order:

NS1.PINBALLCORP.COM
NS2.PINBALLCORP.COM

What is this pinballcorp.com?

Visit Safenames at www.safenames.net
+1 703 574 5313 in the US/Canada
+44 1908 200022 in Europe

Domain Name: PINBALLCORP.COM

[REGISTRANT]
Organisation Name: Pinball Corp
Contact Name:      William Freeman
Address Line 1:    3600 136th Place SE
Address Line 2:
City / Town:       Bellevue
State / Province:
Zip / Postcode:    WA 98006
Country:           US
Telephone:         +1.0114252791177
Fax:
Email:             wfreeman@pinballcorp.com

[ADMIN]
Organisation Name: Safenames Ltd
Contact Name:      International Domain Administrator
Address Line 1:    PO Box 5085
Address Line 2:
City / Town:       Milton Keynes MLO
State / Province:  Bucks
Zip / Postcode:    MK6 3ZE
Country:           UK
Telephone:         +44.1908200022
Fax:               +44.1908325192
Email:             hostmaster@safenames.net

[TECHNICAL]
Organisation Name: International Domain Tech
Contact Name:      International Domain Tech
Address Line 1:    PO Box 5085
Address Line 2:
City / Town:       Milton Keynes MLO
State / Province:  Bucks
Zip / Postcode:    MK6 3ZE
Country:           UK
Telephone:         +44.1908200022
Fax:               +44.1908325192
Email:             tec@safenames.net

The Data in the Safenames Registrar WHOIS database is provided by Safenames for
information purposes only, and to assist persons in obtaining information about
or related to a domain name registration record.  Safenames does not guarantee
its accuracy.  Additionally, the data may not reflect updates to billing
contact information.

As suspected, pinballcorp.com looks fishy.