Jan 18

Google Phishing attempt : “must see slideshow ….world is ending”

Security, Web News No Comments »

Hi all,
There has been a mail circulating with the title “must see slideshow ….world is ending” and the mail body goes like this -

As per Nostradamus world will end in 2012 and the start of the end is march 2008, look at the slide show to unreveal the future events. click on the link below and login with your gmail.

http://www.freewebs.com/venkateshshenoi/index.html

regards

    Do not click on the link
    Do not provide your email id or password in the fields mention in the site, if at all you open the site

This is a phishing attempt against your Google account. It looks like the popular Google owned social networking website Orkut and asks for your Google account id and password to log in. Even the mail says “login with your gmail”. Once you enter your email and password, you are redirected to a page which looks like the Orkut-About Us page. And the information you provide (email and password) is sent to this guy’s email address.

Since I whole heartedly disagree with such stupid, hopeless and desperate phishing attempts, I hereby declare this phisher’s email address for public abuse :) :D

The email id of this phisher is kart_willshire@yahoo.com

This can be obtained by viewing the page source code.

Feel free to hurl abuses at him :) Also hoping that a few thousand spam bots will gather his email address from here.

Anyway, I’ve already reported this site to a few anti-phishing directories, and Google. Hopefully, his site will be removed in a couple of days. But until then, please spread this message. Stumble and Digg :)

[tags]phishing, google phishing, google account, hacking, phishing attempt, must see, slideshow, world ending, nostradamus[/tags]

Jan 09

Autoit.BD worm removal – Funny UST Scandal.avi.exe

How Tos, Internet, Security 16 Comments »

Files missing?
My Computer not opening?
Programs not opening?
Installations not occurring?
Task Manager not opening?
System deadly slow?

If your case can be matched with the conditions given above, in all probability, you’ve got the Autoit.BD worm, better known by a file it deposits in your C:\ drive, Funny UST Scandal.avi.exe. Pretty annoying. Almost nothing you can do. Only NOD32 v3 with updates can detect this trouble maker worm. Kaspersky can detect, but cannot remove. AVG, Norton, Avast! – all don’t even detect the virus.

Wait! Don’t format your system yet! Its a pretty simple virus to remove, and won’t take more than 10 minutes. It is recommended that you start up in Safe Mode before you do the following steps to remove the virus -

[scroll down for a file which automates all this]

    1. Download and install TaskKiller (326 KB freeware). We’re doing this because we need to remove a few tasks running, and Windows Task Manager (Alt + Ctrl + Del) gets killed by the virus
    2. Run Task Killer, and a red skull icon will appear on the system tray
    3. Left click it, and click Processes
    4. Select to kill these processes –
      • killer.exe
      • lsass.exe
      • smss.exe
    5. Now open up Command Prompt (Start>Run>command). Type each command and press Enter to run it –
      • cd\
      • attrib -h -s smss.exe
      • attrib -h -s autorun.inf
        [NOTE : Type each command exactly as its given here]
    6. Open My Computer and go to C:\ or whichever partition in which you’ve installed Windows.
    7. Delete the following files –
      • smss.exe
      • autorun.inf
      • Funny UST Scandal.avi.exe
    8. Go to Command Prompt again. Run this command –
      • attrib -h -s smss.exe
    9. Go to C:\Windows or wherever else you’ve installed Windows, and delete the file smss.exe.
    10. Now, go to C:\Documents and Settings\All users\Startmenu\Programs\Startup and delete the file lsass.exe.
    11. Open Registry Editor (Start>Run>regedit)
    12. Delete the key HKEY_LOCAL_MACHINE\Software\
      Microsoft\WindowNT\CurrentVersion\      Winlogon=shell(killer.exe
    13. Delete the key  HKEY_CURRENT_USER\Software\
      Microsoft\windows\Currentversion\Run=runonce(c:\windows\smss.exe)
    14. You’re done!

 

OR, you can just download a remover file : Download Autoit.BD remover

  • After downloading, unzip, and run the exe file.
  • Then, do the steps 11, 12 and 13 as mentioned above.
  • You’re done :)

Thanks to fs6519 for recommending these steps, and making the remover file.

I hope that this post was useful. Cheers :)

[tags]autoit.bd, worm, funny UST scandal, fs6519, removal, worm removal, virus removal, installation stopping, task manager not opening, smss.exe, Funny UST Scandal.avi.exe [/tags]