sábado, 15 de marzo de 2008

Warning with MSN chat

Product : Trojan Virus
Part Involved : Security Issue.
Summary: A new virus threat has been hidden between MSN chat.
Scenario : Chat has changed our daily lives and imagine if that security is broken.
Company : Owner.
Reference Date : March 2007.

We are exposed to the most strange broadcast virus, it slides quickly between MSN chat conversation in every moment; the impact is very dangerous, because it hides itself behind the MSN chat conversation, then you appearently answer and following the main issue of your MSN chat conversation, when suddenly you receive an invitation to download some file (containing some pictures) adding a text like as "check my pictures taken on some place" and then you are ready to fire the cold chain.

I have seen when you are warn to receive the download file (appearently from your contact or friend) the contact disappear from the contact list (the virus disconnect him or her) while at the same time is inviting you to confirm to download the miracle file. Up to here, you are not consciosnous that you have lost the connection with your contact and you are close to open an unknown file. Imagine That !

In the extreme case when you download that file an execute it then you will notice that you lost the mouse control while the MSN chat window starts to flash and the another application flashs too. Then I recomend this :

1.- Unplug your LAN connection, then you will focus the control of mouse and every thing into desktop.

2.- Reset your computer and boot on safe mode and execute your AntiVirus system as first step

3.- Reset your computer and boot on normal mode and execute too your AntiVirus system as your next step.

The virus is identified as back door trojan and it saves a file named myspace-layout(1).jpg into the cookies and temporal carpets of Internet explorer.

Although I have checked that virus can send message into spanish and english, like as next pictures :

martes, 4 de marzo de 2008

Export LAN configuration

Product : Parameters used into LAN.
Part Involved : LAN configuration..
Summary: It is an interesting short procedure to export into a file all the parameters related with LAN configuration of your Pc.
Scenario : Adding diversity to use the file exported.
Company : National Institute of Cancer of Peru (INEN).
Reference Date : March 2008.

I suggest to some people to use next procedure to backup their LAN configuration, if your day to day is necessary changing LAN configuration then fixs you. Then from the command prompt windows (DOS) then type :

netsh dump>C:\IpConfiguration.txt

Here begin an example of that file ******
#Configuraci¢n de interfaz
pushd interface
reset all
# Fin de la configuraci¢n de interfaz
#Configuraci¢n de interfaz
pushd interface ipv6
# Fin de la configuraci¢n de interfaz
# ------------------------------------
# Configuraci¢n de ISATAP
# ----------------------------------
pushd interface ipv6 isatap
# Fin de configuraci¢n de ISATAP
# ----------------------------------
# Configuraci¢n de 6to4
# ----------------------------------
pushd interface ipv6 6to4
# Final de la configuraci¢n de 6to4
# Configuraci¢n del puerto de proxy
pushd interface portproxy
# Fin de configuraci¢n del puerto de proxy
# ---------------------------------------------
# Configuraci¢n de la interfaz IP
# ---------------------------------------------
pushd interface ip
# Configuraci¢n de la interfaz IP para "Conexi¢n de rea local"
set address name="Conexi¢n de rea local" source=static addr= mask=
set dns name="Conexi¢n de rea local" source=static addr=none register=PRIMARY
set wins name="Conexi¢n de rea local" source=static addr=none
# Fin de la configuraci¢n de la interfaz IP
# =========================================
# Configuraci¢n RAS
# =========================================
pushd ras
set authmode mode = standard
delete authtype type = PAP
delete authtype type = SPAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAP
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set user name = Administrador dialin = policy cbpolicy = none
set user name = Asistente de ayuda dialin = policy cbpolicy = none
set user name = Invitado dialin = policy cbpolicy = none
set user name = SUPPORT_388945a0 dialin = policy cbpolicy = none
set user name = VUSR_FILESERVER dialin = policy cbpolicy = none
set tracing component = * state = disabled
# Final de la configuraci¢n RAS .
# -----------------------------------------
# Configuraci¢n de acceso remoto de AppleTalk
# -----------------------------------------
pushd ras appletalk
set negotiation mode = allowset access mode = all
# Fin de la configuraci¢n de acceso remoto de AppleTalk.
# -----------------------------------------
# Configuraci¢n IP RAS
# -----------------------------------------
pushd ras ip
delete pool
set negotiation mode = allow
set access mode = all
set addrreq mode = deny
set broadcastnameresolution mode = disabled
set addrassign method = auto
# Fin de la configuraci¢n IP RAS.
# -----------------------------------------
#Configuraci¢n IPX RAS
# -----------------------------------------
pushd ras ipx
set negotiation mode = allow
set access mode = all
set nodereq mode = allow
set netassign method = autosame
# Fin de la configuraci¢n IPX RAS.
# -----------------------------------------
# Configuraci¢n NBF RAS
# -----------------------------------------
pushd ras netbeui
set negotiation mode = allow
set access mode = all
# Fin de la configuraci¢n NBF RAS.
# -----------------------------------------
# Configuraci¢n RAS AAAA
# -----------------------------------------
pushd ras aaaa
set authentication provider = windows
set accounting provider = windows
delete authserver name = *delete acctserver name = *
# Fin de configuraci¢n RAS AAAA.
# Configuraci¢n de enrutamiento
pushd routing
## ## ANTES de ejecutar esta secuencia de comandos ## #
# Para restaurar la configuraci¢n del enrutador IPX #
# DESINSTALE IPX desde la carpeta Conexiones de red y #
# vuelva a instalarlo. ##
## Esto eliminar la anterior configuraci¢n del #
# enrutador IPX y la restaurar a sus valores #
# predeterminados ##
# Configuraci¢n IPX
pushd routing ipx
# Configuraci¢n de la interfaz IPX
# Configuraci¢n del filtro de tr fico IPX
# Configuraci¢n de la ruta est tica IPX
# Configuraci¢n del servicio est tico IPX
# Fin de la configuraci¢n IPX
# Configuraci¢n RIP IPX

pushd routing ipx rip
# Fin de la configuraci¢n IPX RIP
# Configuraci¢n SAP IPX
pushd routing ipx sap
# Fin de la configuraci¢n IPX SAP
# Configuraci¢n NETBIOS IPX
pushd routing ipx netbios
# Fin de la configuraci¢n IPX NB
N§ de configuraci¢n IP
pushd routing ip
set loglevel error
add preferenceforprotocol proto=LOCAL preflevel=1
add preferenceforprotocol proto=STATIC preflevel=3
add preferenceforprotocol proto=NONDOD preflevel=5
add preferenceforprotocol proto=AUTOSTATIC preflevel=7
add preferenceforprotocol proto=NetMgmt preflevel=10
add preferenceforprotocol proto=OSPF preflevel=110
add preferenceforprotocol proto=RIP preflevel=120
add interface name="Conexi¢n de rea local" state=enable
set filter name="Conexi¢n de rea local" fragcheck=disable
add interface name="{657F0909-4AD3-489F-9D92-31F8F9100540}" state=enable
set filter name="{657F0909-4AD3-489F-9D92-31F8F9100540}" fragcheck=disable
add interface name="{E5329AA6-02CF-4A1E-AE97-26DCA879A372}" state=enable
set filter name="{E5329AA6-02CF-4A1E-AE97-26DCA879A372}" fragcheck=disable
add interface name="Bucle invertido" state=enable
set filter name="Bucle invertido" fragcheck=disable
add interface name="Interno" state=enable
set filter name="Interno" fragcheck=disable
# Fin de la configuraci¢n IP
# ----------------------------------
# Configuraci¢n proxy DNS
# ----------------------------------
pushd routing ip dnsproxy
# Fin de configuraci¢n proxy DNS

# ----------------------------------
# Configuraci¢n IGMP
# ----------------------------------
pushd routing ip igmp
# Fin de configuraci¢n IGMP

# ----------------------------------
# Configuraci¢n NAT
# ----------------------------------
pushd routing ip nat

# ----------------------------------
# Configuraci¢n OSPF
# ----------------------------------
pushd routing ip ospf
# Fin de configuraci¢n OSPF

# -----------------------------------
# Config. del Agente de retrans. DHCP
# -----------------------------------
pushd routing ip relay
# Fin de la configuraci¢n Agente de retransmisi¢n DHCP

# ----------------------------------
# Configuraci¢n RIP
# ----------------------------------
pushd routing ip rip
# Fin de configuraci¢n RIP

# -------------------------------------------------------------------------
# Configuraci¢n de descubrimiento de enrutadores
# -------------------------------------------------------------------------
pushd routing ip routerdiscovery
add interface name="Conexi¢n de rea local" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="{657F0909-4AD3-489F-9D92-31F8F9100540}" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="{E5329AA6-02CF-4A1E-AE97-26DCA879A372}" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Bucle invertido" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Interno" disc=disable minint=7 maxint=10 life=30 level=0
# ----------------------------------
# Configuraci¢n de asignador DHCP
# ----------------------------------
pushd routing ip autodhcp
popd# Fin de configuraci¢n de asignador DHCP
# ------------------------------------
# Configuraci¢n de puente (no compatible)
# ------------------------------------
# ------------------------------------
# Final de la configuraci¢n del puente
# ------------------------------------
Here is the end of the example file ******

Following the purpose of my example, I have changed the ip address parameter painted in the above script (mark as blue font), then after saved that, and finally in order to update that configuration, run next command :

netsh exec C:\IpConfiguration.txt

Remember, this procedure is available too into "YouTube Videos hosted by German Medina -at the right side of this page-), like as the next video :