Goolag Scan – New security scan tool developed by Cult of the Dead Cow

Posted on February 28th, 2008 in Google, Security by Gil Kreslavsky

The tool is based on “Google Hacking” technique that Cult of the Dead Cow used, the practice of exposing vulnerabilities via Google,

There is no need to be be a genius to scan for vulnerabilities over the Internet and afterwards exploit them for his own benefit.

Download via http://www.goolag.org/

Related Blogs

Remove Virusheat.com trojan

Posted on February 17th, 2008 in Malicious Software, Spyware, Virus by Gil Kreslavsky

Virus Heat is a Trojan.Win32 . More or less, it does degrade performance of computers and generate annoying pop up witch send you to virusheat.com.

Virus Heat Manual Removal Process:

1. Go to Control Panel >Add or Remove Programs and uninstall Virus Heat

2. Close all programs.

3. Go to >Start>Run >regedit find and delete key

“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

Windows\CurrentVersion\Uninstall\Virus Heat”

4. Restart the computer.

5. Stop Virus Heat process

6. Find and delete the following infected files from your system. Don’t worry if you don’t find these files. Just proceed to next step. Virus Heat 3.9.exe, wuuawkz.dll , iinqyl.dll

7. Go to C:\Program Files\ folder and delete the “Virus Heat” folder (if you can’t delete it, reboot your computer to safe mode then delete the folder.

8. After all steps go to http://siri.geekstogo.com/SmitfraudFix.php and download last version of Smitfraudfix.exe

9. Reboot the computer in safe mode and run the utility.

Vmware ESX infrastructure Sizing

Posted on February 17th, 2008 in ESX Server, VMware by Gil Kreslavsky

Sizing is the most important part before ESX implementation.

I’m using the Hp Vmware solution sizer as first step before VMware infrastructure implementation.

You can run it from here : http://g3w1656g-vip.houston.hp.com/SB/VMware/page_init.asp

This is an automated tool that assists the user with the size and scope of a server environment supporting VMware. The sizing information and algorithms have been developed using testing and performance data on HP Servers running the VMware ESX Server.

W32.BAGLE virus – wintems.exe hldrrr.exe srosa.sys

Posted on February 9th, 2008 in Malicious Software, Spyware, Virus by Gil Kreslavsky

W32.BAGLE virus – wintems.exe hldrrr.exe srosa.sys

I must say that with all my of experience that one was one of the hardest to remove ..
It disables your current antivirus software, prohibit you from accessing system in safe mode , and changes names each time it starts.

So.. Here are the steps

Go to http://www.majorgeeks.com/GMER_d5198.html and download GMER
Run the tool and when it finds wintems.exe process kill him..

  1. Run regedit go to HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache and see all entries regarding “C:\WINDOWS\system32\drivers” .
  2. In Explorer window Go to> tools>folder options>view and select show hidden files
  3. Browse to your C:\WINDOWS\system32\drivers .. find drivers folder and try to delete all files listed in HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
  4. Scan your system with panda online scanner (the only one that actually cleans , not only detects
  5. Install anti virus program, download last updates and do a full scan to your system

Of course there is always an option to reapply service pack or do a reinstall to your system.

The problem is solved !

Thanks to Eran Amir