Stop viruses

Will Kaspersky Lab be acquired by Microsoft Corp.?

2008-03-31T20:44:00.000-07:00

he normally very well-informed anti-malware branch insider Bill Guttman told me past week he had (not confirmed) information that Microsoft Corp. would be interested in acquirement of the Russian security software vendor Kaspersky Lab.

It is no secret that Microsoft H.Q. isn’t happy with the negative resonance of the Windows user on products like e.g. Windows OneCare and Windows Defender, and that Microsoft CEO Steve Ballmer is determined to go new directions with the Windows Vista successor Windows 7.

Like Vista, security is a main issue in Windows 7 development and it is the intention of Microsoft to revamp the Security Center in Windows 7 thorough. Part of the plans is to rebuild it on modular base with the components antivirus, HIPS, antispyware and firewall. It seem to be the intention too that development of the new Windows 7 Security Center will be performed by Kaspersky Lab for reason of it’s know-how and excellent security products.

Amount that will be paid for the (possible) Kaspersky Lab acquirement is not known but seem to be considerable. Not known too is what will happen with the antivirus products running with a Kaspersky engine if Microsoft succeed with it’s efforts to acquire Kaspersky Lab.

Of course i have tried to become confirmation about what Bill Guttman told me, but (as expected) both involved companies reacted with the usual: “no comment”.

The Pedophile's Secret Code

2007-12-04T10:14:00.001-08:00

Every subculture speaks its own dialect, and pedophiles are no exception. Hence the FBI's January 2007 "intelligence bulletin" on "symbols and logos used by pedophiles to identify sexual preferences." The document (see Pages 2-4), was prepared and distributed to FBI divisions and field offices earlier this year by the Cyber Division's Innocent Images National Initiative. These are the G-men and -women who work on cases involving child exploitation and sexual abuse.

Did you know that "boylovers" make their presence known with a "small blue spiral-shaped triangle surrounded by a larger triangle"? The larger triangle signifies an adult male; the smaller triangle, a boy. If the boylover wishes to emphasize the smallness of the boys he covets, then he uses the "little boy lover" logo, which is more rounded and thinner than the boylover logo, apparently to "resemble a scribbling by a young child." Males or females whose taste runs to young girls identify themselves with a logo showing one heart inside a larger heart, while "non-preferential gender child abusers" indicate their enthusiasms with a butterfly logo made up of two large hearts and two smaller hearts. These logos are sometimes incorporated into jewelry or even stamped onto coins. (See Pages 2 and 3.)

Included with the intelligence bulletin is a customer-satisfaction survey aimed at measuring how helpful the report was-not to pedophiles but to law enforcement professionals (see below). Recipients (Page 5) are asked to "[p]lease take a moment to complete this survey and help evaluate the quality and value of FBI products." Was the report "delivered within established deadlines"? Did it identify "new information associated with pending matters"? Respondents are asked to indicate their opinion by circling a number (1 = Strongly Disagree; 5 = Strongly Agree). The inapplicability of Total Quality Management to this particular topic is underlined when respondents are asked whether the report "is reliable (i.e., sources well documented and reputable)." Well-documented, yes. But reputable? As a general rule, you can't find information of this nature in a reputable source. The report's footnotes to online sources (see Page 6) bear this out.

How to boot in Safe Mode ?

2007-09-02T12:11:00.000-07:00

To use a Safe Boot option, follow these steps:

1. Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
2. Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
3. When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the operating system installation that you want to start, and then press ENTER.

Please visit this page if you need some additional info: http://support.microsoft.com/kb/315222

If it doesn't work (there could be some system issues or virus actions), please execute the following script in the AVZ utility:

Code:


begin
ExecuteRepair(10);
RebootWindows(true);
end.

It will automatically restart your system. Please try booting in the safe mode one more time.

Virus scan freeware. The rules.

2007-09-01T14:01:00.001-07:00

To ask for help you should open a new thread.

Logs should be attached to the message (and not posted separately in the thread).

Do not send Logs orqueries directly to a helper, a moderator or an administrator as a private message or an e-mail. Use a separate thread every time.

Please see Appendix 1 to find out how to turn off System restore.

Please follow the directions in Appendix 3 to create an attachment.

Please check the FAQ section on our website for answers to the most commonly asked questions.

To expedite the processing of yourquery please follow the regulations.

Scan your PC:

1. If you have an antivirus installed, please, update its databases and scan your PC.

2. Before the analysis please download the DrWeb - CureIT! utility (about 5 mb) and perform the system scan in Safe Mode.After that you should reboot the computer normaly ( Normal Mode).
* Note: If you use DrWeb antivirus, please skip this step)

3. Download the AVZ Antiviral Toolkit. Even if you have once downloaded AVZ, you should still download it again, because the new diagnostics options for the malware programs are being regularly updated. (About 2 mb)
* The utility offers a wide range of options for a system scan besides the malicious software neutralization: please read the help file of the Toolkit.

4. Extract it from the archive to its own folder.
* Start AVZ and update its databases ("File" => "On-line automatic update "). Close AVZ.

5. Download the last version of HijackThis.
* Even if you have once downloaded HijackThis, download it again to make sure you have the latest version. (About 200kb)

6. Extract HijackThis from the archive to its own folder.

7. Turn off System restore (Windows Me/XP).
*Follow the instructions in Appendix 1.

Prior to taking the following steps (8, 10, 12), please close all of your anti-virus programs, games, text editors and all other applications, except your Internet browser!!!

8. Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box. Click on the "Execute selected scripts".
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.

9. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

10. Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Investigation" check box. Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

11. Start HijackThis. If the program malfunctions or stops working right after the start, download the renamed file of HijackThis here and use it in the following instructions.

12. Click on the "Do a system scan and save a logfile ".

13. Save the logfile. The logfile will be saved in the program folder as hijackthis.log by default.

14. Create a new thread in the "Help Me" section only. The header should contain a brief description of the problem and the body should provide the details. Attach the logfiles created at steps 8 (AVZ - virusinfo_syscure.zip), 10 (AVZ - virusinfo_syscheck.zip) and 13 (HJT - hijackthis.log) to the message. There should be 3 logs in general. We will do our best to help you.

Attention!!

Please do not create threads named "Help!!!", "SOS", etc.
Also please do not attach any other logs, except HijackThis and AVZ logs,
unless specifically asked.

Please note that developers, helpers, and forum administration are not responsible for any possible damage caused by use of any of the tools enumerated above. See EULAs for details.

Appendix 1. How to turn off System restore.

1. "System restore" (Windows Me/XP)
Windows protects the system restore folders from all external programs. When viruses get into PC, Windows can also keep them in the system restore folders. Antiviruses and utilities cannot delete viruses from these folders. It is necessary to turn off System restore for healing. After healing it is necessary to turn it back on.

Windows Me:
1.Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3.On the Troubleshooting tab, click to select the Disable System Restore check box.4.Click OK twice, and then click Yes when you are prompted to restart the computer.
5. To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

Windows XP:
1.Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore: You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer. Do you want to turn off System Restore? After a few moments, the System Properties dialog box closes.

2. Correct cleaning of the system restore folders.

It is not recommended to turn off System restore at once if you keep any valuable information on the PC.
You should be absolutely sure that the system restore folders are infected. If there are clean copies, they should be used for restorating clean files.

Appendix 2. Searching files on disk with AVZ.

1. Click "File" - "Add to quarantine by list ".
2. Enter the list of files which were asked to send in the top window.
3. Press "Start" and wait until "File addition process - complete" notification appears at the bottom of the window.
4. Close current window "Add to quarantine by list ".
5. Choose from the menu "File"-> "Quarantine folder viewer ".
6. Mark files in the list which should be sent.
7. Click "Archive" and specify a place on the disk where the archive should be kept.
8. Upload the archive using the upload link (Upload quarantined files) at the top of your thread (the "thread link" field will be filled automatically), or use this link: http://virusinfo.info/upload_virus_eng.php , where you need to fill the "thread link" field manually. (It should look like httр: // virusinfo.info/showthread.php?t=ХХХХ).

Appendix 3. How to send us requested files.

1. Start AVZ, choose from the menu "File"-> "Quarantine folder viewer ".
2. Mark files in the list which should be sent.
3. Click "Archive" and specify a place on the disk where the archive should be kept.

4. Upload the archive using the upload link (Upload quarantined files) at the top of your thread (the "thread link" field will be filled automatically), or use this link: http://virusinfo.info/upload_virus_eng.php , where you need to fill the "thread link" field manually. (It should look like httр: // virusinfo.info/showthread.php?t=ХХХХ).

http://virusinfo.info/showthread.php?t=9184

Kaspersky Anti-Virus 7.0 wins top awards from PC Pro

2007-07-22T10:53:00.000-07:00

Kaspersky Anti-Virus 7.0 has won two top awards - "Labs Winner" and "A List" from PC Pro, one of the oldest and most influential British IT magazines, with a six-star rating against all three criteria: performance; ease of use; and value for money.

PC Pro tested the effectiveness of 13 leading antivirus products available in the UK market. The experts also analyzed how easy the product is to use, and whether it represents value for money. It should be noted that Kaspersky Anti-Virus 7.0 was represented by a beta version, while all the other products tested were final versions.

According to the authors of the review, Kaspersky Anti-Virus demonstrated unrivaled effectiveness of antivirus protection: it "managed to find and remove an incredible 98% of the malware." "While many packages check for new virus signatures on a daily basis, Kaspersky runs to an hourly schedule, improving your PC's chances of being immunized before an infection reaches it," states the article.

The review also notes that the software is efficient, being one of the lowest users of total system RAM of all the products tested: "It's refreshing to find an antivirus package that's so respectful of resources… the impact upon system resources is negligible."

It cites the product's breadth of features as a major benefit of the software: "No other package combines such a range of useful functions." Importantly, even an inexperienced user will be able to control all these features. "With peerless detection capabilities, this well-conceived package is a joy to use," say the reviewers.

The review closes by saying: "In short, Kaspersky towers over the competition… for £2 a month, you won't find a more deserving winner."

For more information on the testing conducted by PC Pro experts, please visit the magazine's official website at www.pcpro.co.uk.

Technorati : kaspersky
Del.icio.us : kaspersky
Ice Rocket : kaspersky
Flickr : kaspersky
Zooomr : kaspersky
Buzznet : kaspersky
Riya : kaspersky
43 Things : kaspersky

FBI remotely installs spyware to trace bomb threat

2007-07-22T00:06:00.000-07:00

The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash.

Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect's computer, other information found on the PC and, notably, an ongoing log of the user's outbound connections.

Screen snapshot of 'timberlinebombinfo' MySpace account The suspect, former Timberline High School student Josh Glazebrook, was sentenced this week to 90 days in juvenile detention after pleading guilty to making bomb threats and other charges.

While there's been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn't said much about it since. The two other cases in which federal investigators were known to have used spyware--the Scarfo and Forrester cases--involved agents actually sneaking into offices to implant key loggers.

An 18-page affidavit filed in federal court by FBI Agent Norm Sanders last month and obtained by CNET News.com claims details about the governmental spyware are confidential. The FBI calls its spyware a Computer and Internet Protocol Address Verifier, or CIPAV.

"The exact nature of these commands, processes, capabilities, and their configuration is classified as a law enforcement sensitive investigative technique, the disclosure of which would likely jeopardize other ongoing investigations and/or future use of the technique," Sanders wrote. A reference to the operating system's registry indicates that CIPAV can target, as you might expect given its market share, Microsoft Windows. Other data sent back to the FBI include the operating system type and serial number, the logged-in user name, and the Web URL that the computer was "previously connected to."

News.com has posted Sanders' affidavit and a summary of the CIPAV results that the FBI submitted to U.S. Magistrate Judge James Donohue.

There have been hints in the past that the FBI has employed this technique. In 2004, an article in the Minneapolis Star Tribune reported that the bureau had used an "Internet Protocol Address Verifier" that was sent to a suspect via e-mail.

But bloggers at the time dismissed it--in hindsight, perhaps erroneously--as the FBI merely using an embedded image in an HTML-formatted e-mail message, also known as a Web bug.

Finding out who's behind a MySpace account
An interesting twist in the current case is that the county sheriff's office learned about the MySpace profile--timberlinebombinfo--when the creator tried to persuade other students to link to it and at least one of their parents called the police. The sheriff's office reported that 33 students received a request to post the link to "timberlinebombinfo" on their own MySpace pages.

In addition, the bomb hoaxster was sending a series of taunting messages from Google Gmail accounts (including dougbrigs@gmail.com) the week of June 4. A representative excerpt: "There are 4 bombs planted throughout Timberline High School. One in the math hall, library hall, and one portable. The bombs will go off in 5 minute intervals at 9:15 am."

The FBI replied by obtaining account logs from Google and MySpace. Both pointed to the Internet Protocol address of 80.76.80.103, which turned out to be a compromised computer in Italy.

That's when the FBI decided to roll out the heavy artillery: CIPAV. "I have concluded that using a CIPAV on the target MySpace 'Timberlinebombinfo' account may assist the FBI to determine the identities of the individual(s) using the activating computer," Sanders' affidavit says.

CIPAV was going to be installed "through an electronic messaging program from an account controlled by the FBI," which probably means e-mail. (Either e-mail or instant messaging could be used to deliver an infected file with CIPAV hidden in it, but the wording of that portion of the affidavit makes e-mail more likely.)

After CIPAV is installed, the FBI said, it will immediately report back to the government the computer's Internet Protocol address, Ethernet MAC address, "other variables, and certain registry-type information." And then, for the next 60 days, it will record Internet Protocol addresses visited but not the contents of the communications.

Putting the legal issues aside for the moment, one key question remains a mystery: Assuming the FBI delivered the CIPAV spyware via e-mail, how did the the program bypass antispyware defenses and install itself as malicious software? (There's no mention of antivirus defenses in the court documents, true, but the bomb-hoaxster also performed a denial of service attack against the school district computers -- which, coupled with compromising the server in Italy, points to some modicum of technical knowledge.)

One possibility is that the FBI has persuaded security software makers to overlook CIPAV and not alert their users to its presence.

Another is that the FBI has found (or paid someone to uncover) unknown vulnerabilities in Windows or Windows-based security software that would permit CIPAV to be installed. From the FBI's perspective, this would be the most desirable: for one thing, it would also obviate the need to strong-arm dozens of different security vendors, some with headquarters in other countries, into whitelisting CIPAV. Earlier this week, News.com surveyed 13 security vendors and all said it was their general policy to detect police spyware. Some, however, indicated they would obey a court order to ignore policeware, and neither McAfee nor Microsoft would say whether they had received such a court order. The verbatim results of our survey are here.

Technorati : FBI, Spyware, adware
Del.icio.us : FBI, Spyware, adware
Ice Rocket : FBI, Spyware, adware
Flickr : FBI, Spyware, adware
Zooomr : FBI, Spyware, adware
Buzznet : FBI, Spyware, adware
Riya : FBI, Spyware, adware
43 Things : FBI, Spyware, adware

Lenders illicitly accessing student database

2007-04-19T23:13:00.000-07:00

A database containing the personal and financial details of nearly 60 million students had repeatedly been accessed by some lending companies in ways the violated federal privacy laws, the Washington Post reported on Sunday.

According to the article, the database contains everything needed to steal a person's identity, including students' names, Social Security numbers, addresses, phone numbers, birth dates and phone numbers as well as information on loan balances. Some lending companies have apparently given unauthorized users, such as marketing companies, access to the information in the database on a regular basis, according to the Post's article.

"We are just in shock that student data could be compromised like this," Nancy Hoover, director of financial aid at Denison University, told the Washington Post.

The revelation comes as some lending companies and schools are under fire for improper relationships. At least three financial aid directors at various schools have resigned positions or been put on administrative leave after ties with student-lending firm Student Loan Xpress were uncovered. The possible improper access of a database on 60 million students puts the breach in the same category as the repeated breaches of retail giant TJX that led to the leak of at least 46.5 million credit-card numbers and the attack on CardSystems Solutions that resulted in the possible compromise of some 40 million credit-card numbers.

Officials at the U.S. Department of Education are mulling a possible shut down of the database system while access policies and security are tightened, according to the Post.

securityfocus.com

Only 244 copies of Genuine Windows Vista sold in China

2007-04-19T04:02:00.000-07:00

Microsoft spent millions of dollars advertising its next generation OS 'Windows Vista' in China, in fact the IT juggernaut threw up the biggest Vista Ad on the 421 meter high Jin Mao tower in Shanghai China.

However after 2 weeks (Jan 19 to Feb 2) from launch Microsoft managed to sell a mere 244 copies of Windows Vista. Software piracy is rampant in the middle kingdom and a pirated version of Vista sells for a mere $1 on the streets. The following numbers are quote by Windows Vista chief distributor in Bejing.

newlaunches.com

New worm targets Skype users

2007-04-18T11:40:00.000-07:00

A new instant-messaging pest that spreads using the chat feature in Skype has surfaced, security firm F-Secure warned Monday.

The worm, dubbed Pykse.A, is similar to threats that affect instant-messaging applications. A targeted Skype user will receive a chat message with text and a Web link that looks like it goes to a JPEG file on a Web site, F-Secure said on its Web site.

Clicking the link will redirect the user to a malicious file. The file, after executing, will send a malicious link to all online contacts in a Skype user's list and will show a picture of a scantily clad woman, F-Secure said. In addition, it sets the user's Skype status message to "Do Not Disturb," the security firm said.

Pykse also visits a number of Web sites that don't host any malicious code and a site that appears to count infected machines, F-Secure said. The Finnish security company doesn't list any particular malicious payload for Pykse other than it spreading and visiting Web sites. The IM worm affects Skype users running Windows.

Such threats for Skype aren't new. Last month, miscreants adapted the Warezov Trojan horse to target Skype users. This threat also arrived with a Web link sent in a Skype chat message. Clicking on the link would result in a PC being at the beck and call of the attacker and the Trojan horse sending messages to the victim's Skype contacts.

In February, attackers also targeted Skype users with another Trojan horse that had propagation capabilities.

Skype has acknowledged in the past that its instant-messaging feature could be used for nefarious purposes just like any other IM service. Kurt Sauer, Skype's chief security officer, repeated that acknowledgment on Monday in a statement sent by the company's public relations agency.

"Harmful viruses and Trojan horses may damage a user's computer and collect private data, regardless of whether a person is using Skype, e-mail or other IM clients," Sauer said in the statement. "Skype strongly recommends that users take extra caution in general when asked to open attachments or links from unknown people, or suspicious-looking attachments even from people you know."

Skype also recommends using antivirus software to check the files received from other people.

zdnet.com

The spam-stripping Google removed accounts upright users

2007-04-16T08:10:00.000-07:00

Google recently conducted during trimming, which was under siege ordinary users. The search giant hosted a massive removal of accounts that were used for spamming, but a "punitive sword" hit and mailboxes good customers.
At the time, the company worked to restore mailboxes, but it seems that some of reduced accounts lost function attaching files to the letter. Some even less fortunate - all the important information stored on Gmail simply unavailable. The ban is implemented on data access profile hence the ban access to all applications that require authentication, blogs, documents and even service contextual advertising AdSense. According to some reports, technical problems lasted for about a week. Based on this precedent, some users will find that store information in the network is not reliable as it might seem at first glance. Simply no one could have predicted that such a situation may arise for Google, because information giant has always been outward stability of all its services

Kaspersky Open Space Security: a new concept of corporate security from Kaspersky Lab

2007-04-14T01:34:00.000-07:00

Kaspersky Lab, a leading developer of secure content management solutions, announces the commercial release of three components in its new-generation corporate product line: Kaspersky Anti-Virus 6.0 for Windows Workstation, Kaspersky Anti-Virus 6.0 for Windows Server and Kaspersky Administration Kit 6.0. The three products are based on Kaspersky Lab’s new approach to corporate network protection: Kaspersky Open Space Security.

Kaspersky Open Space Security:

Today’s secure work environment is no longer limited to the office building. As employees are becoming more mobile, there is an emerging need for security that can be mobile as well. The Kaspersky Open Space Security concept includes not only protection of the company network perimeter but of all nodes on the network, regardless of location, type of device, or platform.

Kaspersky Open Space Security includes a policy for PCs that incorporates special rules for the antivirus when they are outside of the office. This ensures solid protection of PCs even when outside of the home network.

Kaspersky Open Space Security also supports Cisco® NAC (Network Admission Control) technology, which provides additional protection for the corporate local network and makes it possible to identify the status of antivirus protection on connected computers. Access to the local network is permitted or denied depending on whether computers comply with specific security criteria. Kaspersky Open Space Security combines signature-based protection with cutting-edge proactive technologies that can identify and alert the user of unknown malicious programs, and prevent or roll back possible malicious changes.

Version 6.0

Kaspersky Anti-Virus 6.0 provides reliable protection for workstations and file servers based on a plethora of technologies that protect from all types of today’s malicious programs and IT threats, including rootkits, spyware and adware. Administrators will appreciate the flexible configuration tools built into the solution. The product also includes a proactive defense module that provides protection from unknown threats. The product, which is based on the Kaspersky Open Space Security approach, ensures industry-leading response times in the event of new outbreaks and hourly antivirus database updates.

The new generation of Kaspersky Lab products features, for the first time, a suite of technologies that accelerate antivirus scanning, as well as the unique feature that balances the system load during antivirus scans. The iSwift technology that was introduced in previous versions of Kaspersky Anti-Virus can now be used at the network level. It eliminates the need to scan files received from a workstation or server on which Kaspersky Anti-Virus 6.0 is running. As a result, objects no longer need to be repeatedly scanned on different computers on the network. This significantly reduces scanning time and file transfer delays.

kaspersky.com

Kaspersky laboratory discovers the first virus for iPod

2007-04-10T10:14:00.000-07:00

Kaspersky laboratory, a prominent developer of the safe content management solutions, has the first virus discovered, which is sketched, in order to stick on iPod mobile central players. The virus, which was called Podloso, is a proof of the concept program, which does not raise a material threat.
The virus is a document, to be discharged can and run on one iPod. It should be stressed that, thus the virus to work, Linux on iPod be attached must. If the virus is attached on iPod by the user, the virus attaches itself then to the booklet, which contains program demo versions.
Podloso cannot be discharged without user relationship automatically. As soon as discharged, the virus makes a blueprint the non removable disk of the device and sticks on all enforceable .elf format documents. Each possible attempt to discharge these documents arranges the virus to indicate an announcement on the screen which says that „you are stuck on with Oslo the first iPodLinux virus “.
Podloso is a typical proof of the concept virus, which is manufactured, in order to show that it is possible to stick on a specific platform. It does not have a bad-willing pay load and is not capable of spreading independently: a user must store the virus to iPod, so that the device is stuck on.

DropMyRights, or make Internet Explorer safer

2007-04-06T22:53:00.000-07:00

As you know, Internet Explorer (rather, the vulnerability it) is a major source of contamination of the computer Trojans and Spyware. Previously, I described a difficult way to start IE human limited user. But recently opened a much simpler way. So is a program from Microsoft-DropMyRights. However, to take advantage of it, only those who have a Windows XP.
Now, close to the case. First you download the software Microsoft. A direct link to download. After downloading set it somewhere not much depth. For example C:\DropMyRights\ . After installation, you can remove all of the files except DropMyRights.exe. Now go to the label through which normally run IE, click on it, right-click and choose Properties. "Set Target (Object)" will be written something like "C:\Program Files\Internet Explorer\iexplore.exe" . So in front of this need to provide a path to DropMyRights. In my case amended reference will be : C:\DropMyRights\DropMyRights.exe "C:\Program Files\Internet Explorer\iexplore.exe". After that, in the Run ("Window") below to make the Minimized that you do not appear terminal window, and click OK. If all of a sudden after this manipulation will change the icon label-at the same point in its properties click on the "Change icon (the change)", and switch it back on the IE icon. That's it. Now that anything harmful to your computer using IE hole will be nearly impossible.
I warn! No update Windows, and all software and Active-X of IE, launched in a way not. To install updates Active-X components, ejavascript:void(0)
Publishtc. need to run IE "clean" label, which label non-DropMyRights.
The work outlines the following : If IE running from the admin, it just takes it all right too, leaving only those people who have limited user. That it is not possible to write in the registry, in the system directory, etc. In general acts as RunAS only comfort : You do not need to submit the password and user choice. As a result, if a vulnerability in IE will be launched trojan, it will not be able to be registered in the register or copy itself in the system directory. That , in most cases, will not be able to do anything.

Microsoft withdraws Windows XP

2007-04-01T06:29:00.000-07:00

Microsoft issued a press release today, which shows that the corporation decided to withdraw support for Windows XP all modifications-Home, Professional, Media Center Edition, and so on.
The reason for such a responsible and sensitive decision, said Microsoft, is that as early as 2001, it was revealed serious problem in the security source kernel operating system, Windows XP, which, as was evidenced by the internal investigation has been present since the time of Windows 3.1.
Issuance of Windows XP (SP2), which should have been corrected including that error in the security, led to a positive result : already at the beginning of January this year on the internet rumours rumours that the hacker team ExRsSS allegedly sent to Microsoft using the exploit hole, to provide complete remote access to a computer running Windows XP SP2. Probably these rumours are true ...
Microsoft strongly recommends that all users of Windows XP to buy and install a new operating system Windows Vista, which, as is known, was used by the source code is Windows XP and Windows Server 2003, which is above hole

Run Linux, lose warranty

2007-03-30T21:45:00.000-07:00

Laura Breeden bought a new Compaq Presario C304NR notebook in January. She bought it because she wanted to get rid of Windows and all the malware that surrounds it and move to Linux, and her old laptop lacked the memory and power to run Ubuntu Edgy. The salespeople assured her that the C304NR was "Linux ready." But they didn't tell her that running Linux would void her warranty. HP has since clarified their warranty policy.

Click here!
Until recently, she's been happy with it, and with Ubuntu Edgy. But a couple of weeks ago she began having keyboard problems. The keyboard is misbehaving when she begins to type quickly: keys are sticking and the space bar does not always respond when pressed.

When she called Compaq -- the unit comes with a one-year warranty on the hardware -- they asked what operating system she was running. When she told them Linux, they said, "Sorry, we do not honor our hardware warranty when you run Linux." In order to get warranty service, she was told, she would have to remove Linux and reinstall the original OS.

Laura is not a software engineer, but she failed to see how her choice of operating system could damage the keyboard. Furthermore, there isn't a word about the subject on the Compaq C304NR Web page -- nothing to alert consumers to the fact that if they chose a reliable, secure operating system like Linux instead of Windows, they would lose their rights to service under warranty.

She bought the notebook from Best Buy, and they did their best to sell her a maintenance contract ($200 for three years). But since the notebook only cost $549, she thought that was a lot of money to add to the purchase price, and she also thought that she could depend on the Compaq warranty.

I've been tracking this story for a couple of weeks with a PR rep from Hewlett-Packard Customer Service, who has been trying to "do the right thing" by Laura. There has been some discussion of swapping her unit with an HP notebook which is available with Linux preinstalled, but after a couple of weeks of back and forth, nothing has changed.

The PR rep told me, after wading through all the terms and conditions attached to the notebook's warranty, that "it is impossible to anticipate every single issue that a customer can face, so the terms and conditions of warranties can't list every possible scenario. Usually if a customer installs a different OS, it has a big impact on the PC and will void the warranty. However, since the OS couldn't have been responsible for keys sticking on a notebook keyboard, I think this is an exception to the rule." She also asserts that Compaq's "warranty terms and conditions are in line with the rest of the industry."

I have a feeling that she is correct about that. Gateway and Dell have both declined to respond to queries about their own warranty coverage in a similar scenario. Tier one manufacturers like Dell and HP are locked up in double-blind secrecy about their marketing deals with Microsoft, like the ones that keep them from offering preinstalled Linux like their customers are demanding, or even from offering machines without an OS installed at all.

Laura's problem will probably come to a satisfactory end: the return of the merchandise for a full refund, or a swap for a unit that is offered with Linux in the first place. But the bigger problem is that Microsoft's tentacles are still obvious in choking a free marketplace, and the tier one manufacturers are still submissive to and complicit in Microsoft's enterprise.

enterprise.linux.com

What Is The Price Of Your Computer's Security?

2007-03-30T13:45:00.000-07:00

An Associated Press (AP) report recently stated that security products still sell despite the widespread availability of free software. Falling under the category of security would be anti virus software, anti spyware software, email spam blockers, firewalls and the like. The article points out that many internet service providers give out some form of free versions of these computer security products but still, security vendors are moving forward with the release of their latest line of products.

Consumer behavior can sometimes be an extremely complicated puzzle to analyze. But clearly, this news article actually reflects a seriousness among consumers in protecting their personal computers. A few years ago, the concept of computer security was not even in most consumers' radar screen which could have probably contributed to the proliferation of viruses, worms, trojans and other forms of malicious software.

Free computer security products actually have been available to the consumer for a number of years. It all starts when the consumer buys a computer system. The computer system vendor usually bundles a CD-ROM that contains the usual necessities such as browsers, pdf readers, system monitor tools and an OEM version of an anti virus program. OEM version (as against retail version) stands for Original Equipment Manufacturer, and these products can be described in simple terms as bare bones programs. OEM products are sold by the manufacturer (for example, the anti virus company) to the computer system vendor at greatly reduced cost and that is why the vendor can afford to pass it on to the consumer for free. But to reduce the cost may necessarily mean reducing functionality, meaning less features or no operating manual, etc.

Perhaps learning from bad experiences in the past with computer viruses, it is evident from the AP report that consumers simply do not want to place their computers, which may contain sensitive personal information, at risk. That is indeed a good sign because it simply cannot be emphasized enough that the threats to computer security are a reality. If you own one of those fancy firewall programs that provide real-time reports on the IP addresses of computers sniffing at your computer, you will surely agree that every other minute some rogue on the internet is trying to poke into your computer.

Almost all of these anti virus vendors now provide an entire suite of computer security programs. This means that aside from the anti virus program itself, you also get a firewall, email spam blocker or filter, and anti spyware all integrated into it. All these programs have a built-in scheduler that will download updates without regular user intervention, a feature that the free software may not have. This reflects an attitude among consumers that they do not mind spending a few dollars more for the convenience. After all, a computer is supposed to enhance productivity and spending time tinkering on each security software certainly takes away from it.

For those still deciding on which vendor to purchase from, the decision could not be any simpler. All the security vendors offer free downloads of trial versions of their products. The trial versions usually offer you an entire month to use their products before some of the key functions are disabled. Some vendors are also given bragging rights by reputable consumer groups through the form of awards of excellence in their industry.

Similar to test driving an automobile before buying, go ahead and test drive a security product before deciding on the one that is right for you. In today's wired world, you certainly should put your foot down on those nosey enough to pry into the privacy of your personal computer.

Understanding computer viruses

2007-03-29T13:41:00.000-07:00

Practically each one with a computer intended to speak about the viruses of computer, but not each one knows exactly what are they or the viruses can affect their computer. A virus is small, individual-folding up the program which invades your system by an attachment, a remote loading, or a Web site of E-mail.
People create viruses for various reasons, extending from the soft rascals to the malevolent destruction. Consequently, the effects of a virus can change to obstruct moderately with estropier absolutely. Does the virus of Wazzu, for example, stick to the documents of Microsoft Word and inserts the word of nonsense “? wazzu? ” in the document and rearranges the random cords of the words.
A virus such as this one is certainly annoying, but not necessarily catastrophic. Some viruses can be, however, to threaten much more serious to destroy data or to even erase your whole hard order. Such a virus drew aside by E-mail, Worm.ExploreZip, order of catches of the system of E-mail of the infected computer and answers automatically all the entering messages of mail. It also sends the destructive E-mail attachments which can erase certain types of files. The viruses can be harmful, but it is also important to include/understand the part which you play by propagating them.
The viruses generally do not invade a computer without action of user. In other words, you placed the loose virus on your own computer by opening infected programs or files. If you take some care, such as not opening attachments of email of the unknown sources and software running of antivirus, you can reduce the risk to the minimum to infect your own computer.
Types of virus While familiarizing itself with the types of viruses which exist, you will be able to better prevent them.
The viruses of program stick to the achievable files such as files of .exe. Each time you carry out the program, the virus reproduces and of the fasteners to other programs. The division of the programs with other computers, by the disc or on a network, draws aside these types of virus. You are also in danger to this type of virus when you download applications of the Internet.
Macro viruses are contained in the macro orders for programs such as the Microsoft Word and the Excel. Perhaps the most widespread type of virus, they stick to the files (in opposition to the programs) and are certain the viruses hardest to detect. You can learn more about the special dangers posed by these viruses in the way in which are the macro viruses different from others?
The viruses of sector of initialization infect the particular files on your hard order which carry out when you initialize your computer. When you initialize starting from the infected disc, the virus of sector of initialization sticks to the files of initialization on your hard order.
The horses of Trojan are not viruses by definition because they are not folded up. They, however, have the same potential to damage your order lasts if they go not detected. They arrive typically in email with a vague subjected line or a promise of entertainment. When to leave loosely, the Trojan Horse - just like its homonym in Greek mythology - presents a group of nondesired attackers which can limit the dégats on your hard order.

Guide To Computer Security

2007-03-28T04:54:00.000-07:00

Since you're reading this article, you're already connected to the Internet. You've probably already thought about security on your computer or network. Every day seems to bring new threats and it can seem pretty daunting, but the key thing is to have a common sense approach and to take a few basic precautions.

There are lots of great tools available to help and you don't have to break the bank to get them. Here are some areas to take a look at:

BACKUPS

Securing your information starts here. You'll need some or all of the security tools listed below, but even then you can't guarantee 100% that you won't have a problem. Hardware failures do occur so backup your data. One easy way to keep your important files is to burn them onto CD or DVD.

ANTIVIRUS SOFTWARE

An absolute must have. Alright, you already knew that, but I can't stress too strongly the importance of having good, up-to-date antivirus software. With new threats and Viruses arriving every day it's important to maintain update subscriptions and download virus definition updates as soon as they become available.

There's a lot of good antivirus software available, both free and for low cost. I'd recommend going for paid software...you just never know when you're going to need to call a helpdesk and that's generally the difference between the free stuff and the stuff you pay for. Norton, McAfee, AVG and others all sell antivirus software that's affordable on a low budget.

FIREWALL

A firewall is always recommended to help protect against unauthorized access to your PC. For a small number of PCs a software firewall is usually best and is the easiest to work with if you're not an IT expert. However, don't discount hardware firewalls, especially if you have a network with a lot of devices on it.

Whatever you do, don't rely on the Network Address Translation or packet filter built in to your ADSL or Cable router. It almost certainly won't be enough.

If you're buying a particular company's Antivirus software it's worth considering buying their integrated AV and firewall package if they have one (if they don't then maybe you should try someone else). It may well save you money and be easier to configure and maintain.

ANTI-SPYWARE SOFTWARE

If you spend a lot of time browsing the Web (and let's face it, who doesn't?), then spyware is going to find its way onto your machine. A lot of it isn't particularly nasty, but the really bad stuff can send important information like passwords, bank details or credit card numbers to people you really don't want to have access to that stuff. At the very least it can slow down your PC and since you didn't ask for it in the first place then you should get rid of it.

Some tell-tail signs that you have a Spyware infection are:

- You're getting pop-up ads all the time

- Your default homepage or other settings in your browser suddenly change (especially if you can't change them back)

- Your computer is slow (there could be other reasons for this, but it's worth checking for spyware)

There's some good free software available from Lavasoft called AdAware. Microsoft also have their own free tool for Windows users called Windows Defender. Among the paid-for Anti-Spyware software Webroot's

Spy Sweeper regularly picks up awards from computer magazines.

PASSWORDS

More and more people are accessing secure sites for shopping, banking, etc. Provided you take sensible precautions it's a great way to shop.

If you've been doing any online shopping you'll be used to dealing with secure sites. Whatever methods these sites use to secure their servers or encrypt your traffic, if they're accessed by passwords then you share some of the responsibility for the security on your transactions. Here are a few tips on how to keep unauthorised users from accessing your accounts:

- Be inventive with your passwords. Don't use easy to guess stuff that a lot of people know about you or can find out. Use a mixture of uppercase and lowercase characters, numbers and special characters (again be inventive. Just using a 1 instead of the letter i is no use if it still spells out an easy to guess word).

- Use different passwords for different accounts. If you always use the same one and it's compromised then someone will have access to everything.

- Don't write passwords down on paper or post-it notes. That's a hacker's favourite way to find passwords if they have physical access to your office.

- Don't get Web browsers to remember your passwords on shared machines or in office areas. If you log into a machine that other users have access to then never use Windows or Web browser mechanisms that remember your account details.

Having different passwords to lots of different accounts does make it more difficult to remember them and it's important that this doesn't lead you into bad habits. So what do you do?

You could look at getting some password management software. Naturally, Norton has a password manager, but other good options include "Web Replay" from Deskperience or "PC Password Manager XP" from CPLab.

WHERE TO NOW?

You don't have to go out and buy every piece of security software right away. Prioritise one or two to start with (I'd suggest Antivirus and Firewall software). Also download trial versions so you can be sure you're happy with them before you part with your hard earned cash.

Be careful on the Internet, but don't let it spoil your day.

Tomorrow will be a new draft GPL 3

2007-03-27T13:32:00.000-07:00

On Wednesday launched a new cycle of disputes over the future of the open-source license, General Public License, which will last 90 days.
The third proposed to discuss the draft version of GPL 3 will buy 7 am PDT. The GPL version 2 regulates the rights and limitations of many open-source projects and free-software, including such well-known as the Linux kernel, Java, and the MySQL database.
According to Brett Smith, engineer license matched the Free Software Foundation, 60 days after the third discussion draft is expected "late" project, and then have 30 days will GPL 3.
"Before we publish the final version of the license, we want to hear the views of as many members of the community of free software," says Smith, issued a statement Monday in the mail. "We manage the production process of the projects in such a way as to guarantee that every interested party the opportunity to be heard."
Initially, a new version of the license scheduled for March, and now he moved almost three months. One of the reasons for the delay was the announcement of the patent agreement between Microsoft and Novell, which Microsoft pledged not to sue with customers Novell Linux for violating patents. The project would not interfere production software GPL under such conditions, but FSF founder Richard Stollman believes that the organization must find a way to prevent it.
"A second discussion draft GPL 3 resigned eight months ago, in July 2006. We never planned such a large span of time between public issues license. But we considered it important before continuing process to discuss a number of issues, including the recent patent agreement between Novell and Microsoft, "says Smith.
The main question was whether the GPL 2 and 3 GPL compatible, commented member of the legal profession and other participants in the GPL 3, a lawyer DLA Piper Mark Radcliff. If compatibility ON issued one license, can be used in projects controlled by the other. Otherwise, there will be a mass of problems and the chances of a split into two areas controlled by differing versions of the licence.
Linux founder Linus produced strongly to the draft GPL 3, in his current form and ideological principles FSF. He did not like the item to digital rights management, which requires a code or content can be used in any equipment.
Hewlett-Packard also expressed concern about an item on the patents. On the other hand, Sun Microsystems's GPL 3, and plans to use the license to Java and OpenSolaris.

securitylab.ru

RIAA make ten-year-old girl to testify against mother

2007-03-27T13:22:00.000-07:00

American Association of Recording label demanded that the ten-year-old daughter living Oregon Tani Andersen, RIAA accused of illegally downloading music via the Internet, gave evidence in court. At that the girl took part in the trial insisted members of the RIAA labels Atlantic, Priority, Capitol, UMG and BMG.
In a statement to the involvement of the child to the case, the plaintiffs argued that the testimony of Kylie Andersen in court presentavleut them interesting, as it may own eyes saw her mother was fajloobmenom. At the same time, at the time of the persecution studios Tani Andersen, her daughter was only seven years old.
Recall that the RIAA argues that Tania Anderson has fajloobmenna network Kazaa to download music, as it caused extensive damage. I want to stress to the court for a criminal case.
The Andersen said that fajloobmenom itself, and even the RIAA to check its computer, which refused Association. Subsequently, the RIAA Rock and tried to get a court permission to inspect PC accused, but it was too late. Now, on the advice of the judges, the computer will Andersen independent expert, and will be followed by a hearing in the case. In addition, the Andersen lawyer Lori Leibek filed against the RIAA counter-claim on the basis of Oregon legislation RICO; Under it, the suit accused Leibek Association in the invasion of privacy, racketeering and fraud.

securitylab.ru

Symantec pumps up Windows Mobile protection

2007-03-27T12:57:00.000-07:00

Symantec is preparing to launch a mobile-security suite for Windows Mobile devices that it says will offer the same level of security for handhelds as is standard for PCs.

Symantec Mobile Security Suite 5.0, due in May, is set to include antivirus, data encryption and firewall protection, as well as an enterprise management console for IT administrators, the security company said in a statement Monday. It will add to the functionality of the company's current Mobile AntiVirus product.

The software suite will also offer an add-on to let users connect to corporate networks through IPSec VPN tunnels, and network access control so IT administrators can make sure that only the right devices are connecting to the corporate network.

Administrators will be able to use the suite to enable or disable Bluetooth, Wi-Fi and device syncing, and to verify whether the device's security applications have been tampered with.

The issue of mobile security has proved controversial in the past, with accusations that mobile threats are overhyped.

A consumer version of the enterprise Mobile Security Suite, called Norton Mobile Security, is also planned for a May release. It will include many of the enterprise version's elements, with the exception of its VPN capabilities, Symantec said.

zdnet.com

Programming "BUG"

2007-03-26T07:34:00.000-07:00

A little humor to relax.
Want to restore the existing bug? It's very easy. I, as an experienced programmer who tell you this for one minute. Open standard notepad, write it 'bug' - without spaces or quotes, small letters, but did not succeed. Store received masterpiece under the name bug.exe. Your first bug ready, you can run! Must have console with randomly moving the cursor. Pressing any key nature of the cursor changing. They say the spread and impact printer :) I have to XP works may yet anyone running.
P.S. I do not own all of this man, the original anekdot.ru proposes to recruit 'bugoga'. But this first time, and, secondly, did not adequately describe the changes in the subsoil Windows processes, as does my version :)
P.P.S. Sometimes, in order to bug it would be necessary to run two copies. Have fun!

Symantec explains world that Windows is most safe OS

2007-03-25T21:48:00.000-07:00

Symantec was forced, in order to permit that its long-term hostile Microsoft dispatches at present the safest operating system out there. Symantecs says 11. Internet security threat report that, if he comes too to most used operating systems Microsoft better entire than its competitors does - if it any has. According to Internet messages Symantec found that Windows few and the shortest average mark development the time of the five operating systems had number marks, which she supervised in the last six months of 2006. During this time more than 39 vulnerability in the operating system was found and to Wühlmaus lasted an average from 21 days, in order to regulate it. While this still more as if is, last year knocked it still the points away from the competition. The following best implementing was red hat Linux, which took to the address total quantity of 208 vulnerability to an average from 58 days. Symantec underlined that vulnerability was not as strict in the red hat as those, which were found in volume commodity. It precipitates that the selfannounced was good hyper+safe Mac OSX below Windows despite its sanctimonious Werbekampagnen, which said differently. There were 43 vulnerability in Mac OS X and in 66 a daily return on shiftingnesses. Only one was prioritär and Apple took on average 37 days to repair to it. HP-UX von Hewlett-Packard and Solaris of the sun were both largest security danger. HP-UX had 98 vulnerability to the half second of 06 and took 101 days, in order to regulate it. Sun, took on average 122 days embarrassment 63 to vulnerability.

theinquirer.net

Skype malware does the circulation

2007-03-25T21:24:00.000-07:00

WEBSENSE SECURITY LABS cross driver against viruses and e-annoyances, has sussed out dodgy a new piece of the code, which spreads over the Skype net. The code sends Skype users to announcement a measured value "examination up this", plus dodgy a URL with one hypertext left attached. Surprise surprise, if a user enough become stupid, too go in clickin' them inventively the file_01.exe mentioned are readdressed. This does not seem, a main threat too to be clued up user, however, as rattert is requested, in order to let the document run. Include other document name gdi32.exe, ndis.exe and sk.exe also. If you the document naturally to run leaves does it annoying things. If it is opened, that sends the same announcement to Trojan to all contacts on friend list of a user, not for mentioning trying to attach to a Yahoo mail server in order to send smtp an announcement. The programmers seem however with a work operator go leaving, the Web scythe are informed the aggressor computed, if a machine were successfully stuck on. To a screen SHOT and more information about the Warezov/Stration based trojans, precede on here.

theinquirer.net

Virus scan freeware. Part One.

2007-03-25T02:09:00.000-07:00

Check suspicious file

Integrated verification 27th antivirus Avast, AVG, Avira, BitDefender, Cat-QuickHeal, ClamAV, Command AV, DrWeb, eSafe, eTrust-Iris, eTrust-Vet, Ewido, Fortinet, F-Prot, Ikarus, Kaspersky, McAfee, NOD32v2, Microsoft, Norman, Panda, Prevx1, Sophos, Sunbelt, Sybari, The Hacker, VBA32
Integrated verification 15th antivirus AntiVir, Arcabit, Avast, AVG, BitDefender, ClamAV, Novell, F-Prot Antivirus, Fortinet, Kaspersky Anti-Virus, NOD32, Norman Virus Control, UNA, VirusBuster, VBA32
Integrated checking shoppers antivirus AVZ, VBA32
Check Anti Kaspersky
Check DrWeb or install the browser plug-in for verification
Check Avast
Check Ikarus
Check ClamAV
Check VBA32
Check UNA
Check Fortinet
Check Stocona Antivirus
Check RAV Antivirus

Check your computer for viruses

Online
Check Safety Microsoft Live (beta)
Check Antivirus Kaspersky
Check VirusChaser (DrWeb engine)
Check Panda Antivirus
Check BitDefender
Check TrendMicro HouseCall
Check Symantec Norton AntiVirus
Check McAfee (only detection)
Check Mks_vir
Check eTrust
F-Secure
Check ArcaVir
Check Ahnlab MyV3
Check Anti-Freedom
Check V3ProDeluxe
Check Command On Demand (F-Prot engine)
Check PC Pitstop
Check StopSign AntiVirus
Check Rising Antivirus
Check HAURI (only detection)
Check Microsoft Malicious Software Removal Tool

Offline (download free or trial version and check system)

Check Antivirus Kaspersky 15 days
Check virus CureIT! 4.33free
Check VBA32console beta
Check McAfee VirusScan 15 days
Check BitDefender v8 free
Check NOD32 30 days
Check NOD32 Anti-Virus Scanner (Express verification) free
Check F-Prot Antivirus trial
Check professional AntiVirusKit (+ BitDefender Kaspersky) trial
Check AntiVir Personal free
Check AntiVir Command line scanner free
Check Stocona Antivirus v3
Check ClamWin free
Check Anti-Stop! Free Edition 4.10 free
Check avast! 4 Home Edition free, fill in the form for registration
Check Sophos Anti-Virus, fill in the form
Check CyberScrub 15 days, requires e-mail
Check Protector Plus 30 days, requires the name and e-mail
Check AVG AntiVirus 30 days
Check AVG Free edition free
Check Antidote free
Check BullGuard 14 days
Check Solo AntiVirus 30 days
Check Agnitum Tauscan (on the horses) 30 days
Check Trojan remover (on the horses) 30 days
Check PC DoorGuard (on the horses) 30 days
Check Digital Scanner Patrol 30 days
Check TrojanFindInfo and send logs to KasperskyLab

Check your computer for Rootkit

Check AVZ free
Check AVG Anti-Rootkit beta
Check IceSword free
Check BitDefender RootkitUncover beta
Check GMER free
Check Helios beta requires. NET Framework 2.0
Check HiddenFinder trial
Check DarkSpy beta
Check F-Secure BlackLight trial
Check RootkitRevealer (only detection) free
Check Sophos Anti-Rootkit beta
Check VICE free
Check System Virginity Verifier
Check Process Hunter free
Check Process Master free
Check RKDetector (console) free
Check Rootkit Unhooker free
Check Seemfree
Check UnHackMe trial
Check antikit (console only detection) free
Check Klister (console, Windows 2000) free
Check Flister (console only detection) free
Check RootKit Hook Analyzer (only detection) free

Original post in Russian - Virusinfo.info