sábado, 15 de marzo de 2008

Warning with MSN chat

Product : Trojan Virus
Part Involved : Security Issue.
Summary: A new virus threat has been hidden between MSN chat.
Scenario : Chat has changed our daily lives and imagine if that security is broken.
Company : Owner.
Reference Date : March 2007.

We are exposed to the most strange broadcast virus, it slides quickly between MSN chat conversation in every moment; the impact is very dangerous, because it hides itself behind the MSN chat conversation, then you appearently answer and following the main issue of your MSN chat conversation, when suddenly you receive an invitation to download some file (containing some pictures) adding a text like as "check my pictures taken on some place" and then you are ready to fire the cold chain.

I have seen when you are warn to receive the download file (appearently from your contact or friend) the contact disappear from the contact list (the virus disconnect him or her) while at the same time is inviting you to confirm to download the miracle file. Up to here, you are not consciosnous that you have lost the connection with your contact and you are close to open an unknown file. Imagine That !

In the extreme case when you download that file an execute it then you will notice that you lost the mouse control while the MSN chat window starts to flash and the another application flashs too. Then I recomend this :

1.- Unplug your LAN connection, then you will focus the control of mouse and every thing into desktop.

2.- Reset your computer and boot on safe mode and execute your AntiVirus system as first step

3.- Reset your computer and boot on normal mode and execute too your AntiVirus system as your next step.

The virus is identified as back door trojan and it saves a file named myspace-layout(1).jpg into the cookies and temporal carpets of Internet explorer.

Although I have checked that virus can send message into spanish and english, like as next pictures :


Publicado por en No hay comentarios:

martes, 4 de marzo de 2008

Export LAN configuration

Product : Parameters used into LAN.
Part Involved : LAN configuration..
Summary: It is an interesting short procedure to export into a file all the parameters related with LAN configuration of your Pc.
Scenario : Adding diversity to use the file exported.
Company : National Institute of Cancer of Peru (INEN).
Reference Date : March 2008.

I suggest to some people to use next procedure to backup their LAN configuration, if your day to day is necessary changing LAN configuration then fixs you. Then from the command prompt windows (DOS) then type :

netsh dump>C:\IpConfiguration.txt

Here begin an example of that file ******
#========================
#Configuraci¢n de interfaz
#========================
pushd interface
reset all
popd
# Fin de la configuraci¢n de interfaz
#==========================
#Configuraci¢n de interfaz
#==========================
pushd interface ipv6
uninstall
popd
# Fin de la configuraci¢n de interfaz
# ------------------------------------
# Configuraci¢n de ISATAP
# ----------------------------------
pushd interface ipv6 isatap
popd
# Fin de configuraci¢n de ISATAP
# ----------------------------------
# Configuraci¢n de 6to4
# ----------------------------------
pushd interface ipv6 6to4
reset
popd
# Final de la configuraci¢n de 6to4
#==================================
# Configuraci¢n del puerto de proxy
#==================================
pushd interface portproxy
reset
popd
# Fin de configuraci¢n del puerto de proxy
# ---------------------------------------------
# Configuraci¢n de la interfaz IP
# ---------------------------------------------
pushd interface ip
# Configuraci¢n de la interfaz IP para "Conexi¢n de rea local"
set address name="Conexi¢n de rea local" source=static addr=192.168.31.11 mask=255.255.224.0
set dns name="Conexi¢n de rea local" source=static addr=none register=PRIMARY
set wins name="Conexi¢n de rea local" source=static addr=none
popd
# Fin de la configuraci¢n de la interfaz IP
# =========================================
# Configuraci¢n RAS
# =========================================
pushd ras
set authmode mode = standard
delete authtype type = PAP
delete authtype type = SPAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAP
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set user name = Administrador dialin = policy cbpolicy = none
set user name = Asistente de ayuda dialin = policy cbpolicy = none
set user name = Invitado dialin = policy cbpolicy = none
set user name = SUPPORT_388945a0 dialin = policy cbpolicy = none
set user name = VUSR_FILESERVER dialin = policy cbpolicy = none
set tracing component = * state = disabled
popd
# Final de la configuraci¢n RAS .
# -----------------------------------------
# Configuraci¢n de acceso remoto de AppleTalk
# -----------------------------------------
pushd ras appletalk
set negotiation mode = allowset access mode = all
popd
# Fin de la configuraci¢n de acceso remoto de AppleTalk.
# -----------------------------------------
# Configuraci¢n IP RAS
# -----------------------------------------
pushd ras ip
delete pool
set negotiation mode = allow
set access mode = all
set addrreq mode = deny
set broadcastnameresolution mode = disabled
set addrassign method = auto
popd
# Fin de la configuraci¢n IP RAS.
# -----------------------------------------
#Configuraci¢n IPX RAS
# -----------------------------------------
pushd ras ipx
set negotiation mode = allow
set access mode = all
set nodereq mode = allow
set netassign method = autosame
popd
# Fin de la configuraci¢n IPX RAS.
# -----------------------------------------
# Configuraci¢n NBF RAS
# -----------------------------------------
pushd ras netbeui
set negotiation mode = allow
set access mode = all
popd
# Fin de la configuraci¢n NBF RAS.
# -----------------------------------------
# Configuraci¢n RAS AAAA
# -----------------------------------------
pushd ras aaaa
set authentication provider = windows
set accounting provider = windows
delete authserver name = *delete acctserver name = *
popd
# Fin de configuraci¢n RAS AAAA.
# Configuraci¢n de enrutamiento
pushd routing
reset
popd
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
## ## ANTES de ejecutar esta secuencia de comandos ## #
# Para restaurar la configuraci¢n del enrutador IPX #
# DESINSTALE IPX desde la carpeta Conexiones de red y #
# vuelva a instalarlo. ##
## Esto eliminar la anterior configuraci¢n del #
# enrutador IPX y la restaurar a sus valores #
# predeterminados ##
##!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#
#----------------------------------------------------------
# Configuraci¢n IPX
#----------------------------------------------------------
pushd routing ipx
#----------------------------------------------------------
# Configuraci¢n de la interfaz IPX
#----------------------------------------------------------
#----------------------------------------------------------
# Configuraci¢n del filtro de tr fico IPX
#----------------------------------------------------------
#----------------------------------------------------------
# Configuraci¢n de la ruta est tica IPX
#----------------------------------------------------------
#----------------------------------------------------------
# Configuraci¢n del servicio est tico IPX
#----------------------------------------------------------
popd
# Fin de la configuraci¢n IPX
#----------------------------------------------------------
# Configuraci¢n RIP IPX
#----------------------------------------------------------
pushd routing ipx rip
popd
# Fin de la configuraci¢n IPX RIP
#----------------------------------------------------------
# Configuraci¢n SAP IPX
#----------------------------------------------------------
pushd routing ipx sap
popd
# Fin de la configuraci¢n IPX SAP
#----------------------------------------------------------
# Configuraci¢n NETBIOS IPX
#----------------------------------------------------------
pushd routing ipx netbios
popd
# Fin de la configuraci¢n IPX NB
N§ de configuraci¢n IP
pushd routing ip
reset
set loglevel error
add preferenceforprotocol proto=LOCAL preflevel=1
add preferenceforprotocol proto=STATIC preflevel=3
add preferenceforprotocol proto=NONDOD preflevel=5
add preferenceforprotocol proto=AUTOSTATIC preflevel=7
add preferenceforprotocol proto=NetMgmt preflevel=10
add preferenceforprotocol proto=OSPF preflevel=110
add preferenceforprotocol proto=RIP preflevel=120
add interface name="Conexi¢n de rea local" state=enable
set filter name="Conexi¢n de rea local" fragcheck=disable
add interface name="{657F0909-4AD3-489F-9D92-31F8F9100540}" state=enable
set filter name="{657F0909-4AD3-489F-9D92-31F8F9100540}" fragcheck=disable
add interface name="{E5329AA6-02CF-4A1E-AE97-26DCA879A372}" state=enable
set filter name="{E5329AA6-02CF-4A1E-AE97-26DCA879A372}" fragcheck=disable
add interface name="Bucle invertido" state=enable
set filter name="Bucle invertido" fragcheck=disable
add interface name="Interno" state=enable
set filter name="Interno" fragcheck=disable
popd
# Fin de la configuraci¢n IP
# ----------------------------------
# Configuraci¢n proxy DNS
# ----------------------------------
pushd routing ip dnsproxy
uninstall
popd
# Fin de configuraci¢n proxy DNS

# ----------------------------------
# Configuraci¢n IGMP
# ----------------------------------
pushd routing ip igmp
uninstall
popd
# Fin de configuraci¢n IGMP

# ----------------------------------
# Configuraci¢n NAT
# ----------------------------------
pushd routing ip nat
uninstall
popd

# ----------------------------------
# Configuraci¢n OSPF
# ----------------------------------
pushd routing ip ospf
uninstall
popd
# Fin de configuraci¢n OSPF

# -----------------------------------
# Config. del Agente de retrans. DHCP
# -----------------------------------
pushd routing ip relay
uninstall
popd
# Fin de la configuraci¢n Agente de retransmisi¢n DHCP

# ----------------------------------
# Configuraci¢n RIP
# ----------------------------------
pushd routing ip rip
uninstall
popd
# Fin de configuraci¢n RIP

# -------------------------------------------------------------------------
# Configuraci¢n de descubrimiento de enrutadores
# -------------------------------------------------------------------------
pushd routing ip routerdiscovery
uninstall
add interface name="Conexi¢n de rea local" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="{657F0909-4AD3-489F-9D92-31F8F9100540}" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="{E5329AA6-02CF-4A1E-AE97-26DCA879A372}" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Bucle invertido" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Interno" disc=disable minint=7 maxint=10 life=30 level=0
popd
# ----------------------------------
# Configuraci¢n de asignador DHCP
# ----------------------------------
pushd routing ip autodhcp
uninstall
popd# Fin de configuraci¢n de asignador DHCP
# ------------------------------------
# Configuraci¢n de puente (no compatible)
# ------------------------------------
# ------------------------------------
# Final de la configuraci¢n del puente
# ------------------------------------
Here is the end of the example file ******

Following the purpose of my example, I have changed the ip address parameter painted in the above script (mark as blue font), then after saved that, and finally in order to update that configuration, run next command :

netsh exec C:\IpConfiguration.txt

Remember, this procedure is available too into "YouTube Videos hosted by German Medina -at the right side of this page-), like as the next video :

Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)