Similar Questions

• Earth attack false positive for in-house guests

  Hi all...

  I have two hosts on networks of "inside". One is a jabber server and the other a client attempts to connect to this server.

  IP address of the jabber server is 192.168.100.19, and the customer has a DHCP address assigned 192.168.150.19. Other customers on the 150.X have no trouble getting on the jabber server.

  When I try to connect to the server, I see an xlate open in the live journal, but I also have the following message: "Deny IP due to the land of attack in .

  Obviously confused firewall about the source IP address and port applications. If I manually assign a different IP address to the client, it can connect. I guess I could remove the xlate table to address this problem, but it happened to someone else, and can anyone suggest what could cause this?

  A bug in version 8.2 (3) perhaps?

  Thank you!

  Dan

  We should jump into conclusions about bugs yet.

  The firewall is to translate the client to the ip address of servers 192.168.100.19?

  The response from the server is marked as GROUND attack?

  You must first determine which package is marked as ground attack and if it is normal. For example, if the client has been translated to the ip address of servers, then the answer could in fact be reported as GROUND attack, because the LAN checks before the NAT device.

  I hope it helps.

  PK

• How to restore icons missing office & folders shortcut of the program after the attack of virus XP false

  I've unchecked files and folders hidden in properties and still can't in my programs in the start menu.  Programs show 'empty' and I'm missing several icons from the desktop shortcut.  Problems have arisen from fake Windows xp Repair Virus attached.  A ran the Microsoft Essentials and other programs of withdrawal that now indicate no infections found.  I read there are ways to solve these problems using "cmd" and "regedit", but I need instructions step by step.

  Have you tried the fix bleepingcomputer.com unhide.exe?

  Unhide.exe- direct download link (download dialog box appears in your browser window)

  Also, to resolve office issues and programs see this post http://forums.cnet.com/7726-6132_102-5136072.html?tag=posts;msg5136072 on the following thread:

  Spyware, viruses, & security forum: lack of files (hidden?) after you remove the virus from windows recovery
  http://forums.CNET.com/7723-6132_102-525986.HTML?tag=rb_content;contentMain

  I hope that you have not run any file temp cleaner to eliminate the infection.

  I hope this helps.

• May have a false update going on here

  I went to this site from a Google search
  http://Zatz.com/outlookpower/article/recovering-lost-email-in-Outlook-today/
  A box of pop came, I close it and it redirected me to this page
  http://momtoypicks.com/update.html
  who says
  Firefox needs to update immediately!

  Your version of Firefox (18.0) is vulnerable and needs to be updated.

  Attack pages are trying to install programs that steal private information, use your computer for other attacks, or damage your system.

  Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

  And has normal warn box upward. but note the web address
  http://momtoypicks.com/update.html

  Hello, yes it's a phishing tactic that tries to trick you into installing malicious software, in order to not download or run this kind of stuff! updates are managed automatically by firefox, so you don't have to download anything.

  You can also run a full scan of your system with software security already in place and the various tools like the free version of malwarebytes, adwcleaner & kaspersky security scan to make sure there isn't already a kind of active malware on your system that triggers these false alerts.

  Fix Firefox problems caused by malicious software

  You can also help by pressing F10 & will help > report false web while you are on this questionable page - this might get the page in the list of malicious sites that crash in firefox (the list is maintained by google) or when these pages use the firefox logos or trademarks to encourage users to download malicious software you could also send it to https://www.mozilla.org/en-US/legal/fraud-report/.

• Article update: Harden your Mac from malicious software attacks

  Sorry if this is posted in the wrong place.

  Article

  Harden your Mac from malicious software attacks

  Harden your Mac from malicious software attacks

  Seems to be outdated. ( Changed the: July 12, 2013 19:28 46816 views )

  It is the Firefox Mozilla Knowledge Base article

  • Fix Firefox problems caused by malicious software
  • Link firefox:mac https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware#

  Note

  • This is the official site of support of Firefox that is bound to the User Interface of Firefox browsers.
  • This Mozilla document can not be an article on it, but still had 10s of thousands of views.

  Is someone able to update this document or suggest other resources or document to include in the document of Mozilla?

  Personally, I don't use a Mac.  One point which can be exceeded in the Apple support document some of the references to the clams.

  Is ClamXav graphic version is no longer free?  (https://www.clamxav.com/changetocommercialsoftware)

  There is also now a product available from how Malwrebyes 2015 is considered within the Apple community.
  (Yes I realize that as Linux and Android, you will have less malware and adware issues than the MS OS)

  • Anti-Malware for Mac https://www.malwarebytes.org/antimalware/mac/

  It's free and (probably) equivalent Windows software is well regarded in the Mozilla community.

  Thanks in advance,

  John

  Mac users often ask if they should install "anti-virus" (AV) or software "anti-malware". The answer is 'no', but it can give the false impression that there is no threat of what is loosely called 'virus '. There is a threat.

  1. it is a comment on what you should - and should not-do to protect you from malicious software ("malware") that runs on the Internet and gets onto a computer as an unintended consequence of the user's actions.

  It does not apply to the software, such as keyloggers, which can be installed deliberately by an intruder who has convenient access to the computer, or who has been able to take control of it remotely. This threat is in a different category, and there is no easy way to defend against it. AV software is not intended to and does not, to defend against these attacks.

  The comment is long because the issue is complex. The essential points are in articles 5 and 11.

  OS X implements now three levels of integrated protection specifically against malware, not to mention the protections of runtime such as quarantine the file, execute disable, sandbox, protecting the integrity of system, System Library randomization and randomized address space layout , which can also prevent other kinds of exploits.

  2. all versions of Mac OS X 10.6.7 were able to detect the malware Mac known in downloaded files and block non-secure web plugins. This feature is transparent to the user. Apple calls internally it "XProtect."

  The malware used by XProtect recognition database is automatically updated. However, you should not count on it, because the attackers are still at least a day before the defenders.

  The following restrictions apply to XProtect:

  ☞ circumvented by some third-party network software, such as the BitTorrent clients and Java applets.

  ☞ It applies only to software downloaded on the network. Software installed from a CD or other media is not verified.

  As new versions of Mac OS X are available, it is not clear whether Apple will continue indefinitely maintain the older versions such as 10.6 XProtect database. Versions of obsolete systems security may eventually be affected. Updates to security for the code of obsolete systems will be stop being released at any given time, and which can leave them open to other types of attack in addition to malware.

  3. starting with the OS X 10.7.5, there was a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and installation packages downloaded from the network will be run only if they are digitally signed by a developer to a certificate issued by Apple. Certified software in this way has not been checked for safety by Apple, unless it comes to the App Store, but you can be reasonably sure that it has not been changed by someone other than the developer. His identity is known to Apple, so it could be held legally responsible if it distributes malicious software. Which may not mean much if the developer lives in a country with a weak legal system (see below).

  Access controller does not depend on a database of known malware. He has, however, the same limitations as XProtect and in addition the following:

  ☞ It can easily be turned off or overridden by the user.

  ☞ A malware attacker could find a way around it, or could take control of a certificate of signing of code under false pretenses or could simply ignore the consequences of the distribution of malware Tryggvason.

  ☞ Developer App store could find a way around the Apple control, or the control may fail due to human error.

  Apple took too long to revoke some known attackers codesigning certificates, thus diluting the value of the keeper and the program developer ID. These variances do not involve the App Store products, however.

  For the reasons given, App Store, and, to a lesser extent - other applications recognized by signed Gatekeeper, are safer than others, but they cannot be considered to be absolutely sure. "Sand" applications could make to access to private data, such as your contacts, or for access to the network. Think that before granting access. Security sandbox is based on user input. Never click through any application for leave without thinking.

  4. by starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background. He checks and removes, malware that corresponds to a database of recognition held by Apple. To ensure that MRT will be executed when the database is updated, the App Store tab in system preferences and check the box marked

  Install the system data files and security updates

  If it is not already done.

  As XProtect, MRT is effective against known threats, but not against strangers. It alerts you if it detects malware, but otherwise, it has no user interface.

  5. the built-in Mac OS x security features reduce the risk of malware attack, but they are not and will never be complete protection. Malware is a problem of human behavior, not a behavior machine, and none only of technological solution will solve. Software protect you from trust only will make you more vulnerable.

  The best defense is always going to be your own intelligence. Except perhaps feats of Java, all the known malware, circulating on the Internet wearing reached a completely setting installation to update to OS X 10.6 or later takes the form of so-called "Trojans", which may have no effect if the victim is deceived in their execution. The threat thus amounts to a battle of wits between you and cybercriminals. If you are better informed, they think you are, you win. In effect, it means that you always stay in the shelter of practical computing. How do you know when you leave the safe harbor? Here are a few signs warning of danger.

  Software from a reliable source

  ☞ Software with a brand, such as Adobe Flash Player, does not come directly from the Web site. Don't be fooled an alert of any website for updating Flash, or your browser, or other software. A real alert that Flash is outdated and blocked is shown on this support page. In this case, follow the instructions on the support page. Furthermore, assume that the alert is false and that someone is trying to rip you off to install malicious software. If you see these alerts on more than one Web site, ask for instructions.

  ☞ Software any is distributed via BitTorrent or Usenet, or on a Web site that distributes pirated music and movies.

  ☞ Rogue sites Web such as CNET Download MacUpdate, Soft32, Softonic and SourceForge distribute free applications that have been packaged in a superfluous "install".

  ☞ The software is advertised through spam or intrusive web ads. Any announcement, on any site, which includes a direct link to a download should be ignored.

  Software that is clearly illegal or doing something illegal

  Commercial software ☞ high-end such as Photoshop is "cracked" or "free."

  ☞ An application helps you violates copyright law, for example to circumvent the copy protection on a commercial software, or streamed media recording to be reused without permission. All the 'YouTube downloaders' are in this category, but not all are necessarily malicious.

  Conditional or unsolicited offer from strangers

  ☞ A phone calling or a web page you indicates that you have a "virus" and offers to remove. (Some reputable sites warned visitors who have been infected with the malware "DNSChanger" legitimately. The exception to this rule applies.)

  ☞ A web site offers a free content like music or video, but for use, you must install a "codec", 'plug-in', 'player' 'Downloader', 'extractor', or 'certificate' which comes from the same site, or a stranger.

  ☞ You win a prize in a competition that you are never entered.

  ☞ someone on a forum like this is eager to help you, but only if you download an application of your choice.

  ☞ a 'FREE WI - FI!' network presents itself in a public place like an airport, but is not provided by management.

  ☞ Online everything that you expect to pay is 'free '.

  Unexpected events

  ☞ a file is downloaded automatically when you visit a web page, without any further action on your part. delete any file without opening it.

  ☞ You open what you think, it is a document and you receive an alert that it is "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you must always remove any download that is not what you expected it to be.

  ☞ An application does something you don't expect, such as permission to access your contacts, your location or the Internet without obvious reason.

  ☞ Software is attached to the email you na not ask, even if it is (or seems to come) by a person of trust.

  I do not leave the safe harbour that once will necessarily lead to disasters, but make a habit of it will weaken your defenses against malicious software attacks. None of the above scenarios must, at the very least, make you uncomfortable.

  The emergence of data "ransomware" for Mac was part of the defense against the attacks of backup all data. Since an infected machine could destroy its own backups, at least a backup unit must always be in offline mode. For example, you could turn your backup drives, keeping one with you or another site. This strategy also protects against a physical threat such as a fire or theft.

  6. Java on the Web (not to be confused with JavaScript, to which it is not related, despite the similarity of names) is a weak point in the security of any system. Java is, among other things, a platform to run complex applications in a web page. That was always a bad idea, and Java developers have proved unable to apply it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been a type virus Windows affecting OS X. simply load a page with Java malicious content could be harmful.

  Fortunately, client-side Java on the Web is outdated and largely disappeared. Only a few outdated sites still use it. Try to accelerate the process of extinction by avoiding these sites, if you have a choice. Forget to play games or other uses not Java essentials.

  Java is not included in OS X 10.7 and later versions. Discrete Java installers are distributed by Apple and Oracle (the developer of Java). Do not use one unless you need it. Most of the people don't. If Java is installed, turn it off- not the JavaScript in your browser.

  Whatever the version, experience has shown that Java on the Web is not reliable. If you must use a Java applet for a job on a specific site, Enable Java only for the site in Safari. Never activate Java for a public Web site that carries the third-party advertising. Use only on websites that are well known, protected by login and secure without ads. In Safari 6 or later, you will see a padlock icon in the address bar when you visit a secure site.

  7. another perennial weak point is Adobe Flash Player. Like Java, Flash is declining well deserved, but content Flash is still much more widespread than the contents of Java on the Web. If you choose to install the Flash plugin, you can reduce your exposure to Flash by checking the box marked

  Stop the plug-ins to save energy

  in the Advanced tab of the preferences of Safari window, if not already done. Consider also installing an extension Safari as "ClickToFlash" or "ClickToPlugin." They will prevent the Flash content automatically load and are initially not Flash video is substituted for Flash on YouTube and perhaps a few other sites. I tested the extensions and found them safe, but you should always do your own research before you decide whether to trust any third party software.

  8. remain within the sphere of security, and you will be as safe from malware you can be practically. The rest of this comment is what you must do to protect you.

  Although it may seem counterintuitive, you should never install any AV or products 'Internet security' for Mac if you have a choice, because they are all worse than useless. If you are required by a (wrong) institutional policy to install some kind of AV, choose one of the free apps in the Mac App Store, nothing else.

  Why you should not use products AV?

  ☞ To recognize malware, software depends on a database of known threats, which is always at least one day to day. This technique is a proven failure, as a major supplier of AV software has admitted. Most of the attacks are "zero-day" - that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry comes to realize that the traditional AV software is worthless.

  ☞ design is based generally on the nonexistent threat that malware can be injected at any time, anywhere in the file system. Malware is downloaded from the network; He is not of the blue leaves. To meet this threat does not exist, a commercial AV software changes or low level functions of the operating system, which is a waste of resources and a frequent cause of instability, bugs, poor performance, and duplicates.

  ☞ changing the operating system, the software can also create weaknessesthat could be exploited by malicious attackers.

  ☞ especially, a false sense of security is dangerous. This fact relates to all AV software it will never be any changes elsewhere.

  Using the software AV defines you for double exploitation: by hackers, malicious software, that the software does not protect you and the actual AV industry. The latter will often try to hang with a product free of appeal , so it can charge you for "improvements" later.

  9. a free AV product from the Mac App Store is safe as long as you don't let it delete or move files. Ignore all the warnings that it can give you on "heuristic" or "phishing." These warnings, if they are not simply false positives, see the text of e-mail messages or updates cached web pages, not malware. Also ignore any attempt to upsell you to a paid version of the product.

  An AV application is not necessary and may not be invoked for protection against malware for OS X. It is useful, or even not at all, only to detect malware Windows and even for this use it is not really effective, because the new Windows malware makes its appearance much faster than OS X malware.

  Windows malware cannot hurt you directly (unless, of course, you use Windows). Just do not pass to someone else. A malicious link in the e-mail is usually easy to recognize by the name alone. A concrete example:

       London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe

  You don't need software to tell you it's a horse Trojan for Windows. Software may be able to tell what trojan is, but who cares? In practice, there is no reason to use a recognition software, unless an organizational strategy requires. Malware Windows is so widespread that you must assume that it is in each attachment until proof to the contrary.

  A free AV product on the App Store can serve a purpose if it fulfills a misinformed network administrator that requires to have some sort of application AV. An App Store product will not change the operating system; in fact, it does nothing, unless you run it.

  If you are just curious to know if a file is recognized as malware by the AV engines, you can download it from the "VirusTotal" site, where it will be tested against most of them. A negative result is evidence of what whether, for the reasons given above. I do not recommend doing this with a file that may contain private information.

  10. There seems to be a common belief that the firewall Application acts as a barrier to infection, or prevents operation of malware. He does not. It blocks incoming connections to some network services you are using, such as file sharing. It is disabled by default, and you should leave it like that if you're behind a router on a private home or office network. Activate only when you are on an untrusted network, for example a public Wi - Fi hotspot, where you do not want to provide services. Disable services that you don't use in the sharing preferences window. All are disabled by default.

  11. as a Mac user, you don't have to live in fear that your computer may be infected whenever you install the software, read emails, or visit a web page. But nor can you assume that you will always be free from exploitation, no matter what you do. Internet browsing, it's like walking the streets of a big city. It can be as safe or as dangerous that you choose to do so. The greatest harm done by software AV is precisely its selling point: it makes people feel safe. They can then feel sufficiently safe to take risks, which the software does not protect them. Nothing can reduce the need for safe computing practices.

• Why am I in DoS attacked by Apple?

  I have a Netgear router with enabled DoS protection and in the newspapers that I read:

  [DoS Attack: Ascend Kill] from source: 17.253.54.253, port 123, Wednesday, January 06, 2016 15:50:17[DoS Attack: Ascend Kill] from source: 17.253.54.251, port 123, Wednesday, January 06, 2016 15:50:17[DoS Attack: Ascend Kill] from source: 17.253.52.125, port 123, Wednesday, January 06, 2016 15:50:17[DoS Attack: TCP/UDP Echo] from source: 17.253.4.253, port 123, Wednesday, January 06, 2016 15:49:01

  Do a WhoIs on the IP addresses, I get:

  IP Location United States United States New York City Apple Inc.ASN United States AS6185 APPLE-AUSTIN - Apple Inc. (registered Dec 21, 1995)Resolve Host nlams2-ntp-001.aaplimg.com

  Now the question is:

  Why Apple is trying to back me?

  TCP and UDP ports used by Apple software - Support Apple products

  123 UDP port is used for the time protocol network.  Your router is probably just falsely reported as a DoS attack.

  https://en.Wikipedia.org/wiki/Network_Time_Protocol

• KB2572073, KB2633880 and KB 2518864 repeatedly to 'false' download, then prompt to download again - second post may 22, 2012 on this number

  May 22, 2012

  3:53 EST

  I have on several occasions a prompt (yellow icon) download KB2572073, KB2633880 and KB2518864.

  Each refers to a malicious effort to attack my system by far.

  Earlier today, I posted a question here on this issue without stipulate 3 updates, but mentioned that I had experienced this problem.

  My previous message which is submitted to you earlier today is copied from my MS Word document and pasted below for guidance:

  ***

  May 22, 2012

  Tuesday

  Normal time around 12:53

  IT IS A SHORT TERM PROBLEM, WITHOUT WHO SIMPLY CAN'T PROCEED TO WORK ON MY COMPUTER, BECAUSE IT'S GUESTS CONSTANTS UPDATE AND INSTALL UPDATES I'VE INSTALLED SEVERAL TIMES, BUT KEEP ONLY RECORDS NOT INSTALLED OR DON'T REALLY INSTALL.  I DON'T KNOW WHY THIS IS PAST, BUT THE YELLOW WARNING ICON APPEARING TO ME TO INSTALL WHAT I HAD ALREADY PREVIOUSLY INSTALLED.  PLEASE READ ON AND GET BACK TO ME AS SOON AS POSSIBLE ON THIS ISSUE, BECAUSE WITHOUT HELP IMMEDIATELY, I WILL BE OFF TO WORK ON MY COMPUTER.

  I have Windows XP Professional on a Dell Dimension 8300 computer.

  I have an automatic update.

  This morning, the little yellow icon indicates there have been updates installed, so I clicked it and 3 updates to be installed, because it was the message I got, either never registered as installed, because I keep up several times the same icon on my screen and several times to install the same 3 updates.

  I tried several options.

  1. I tried the manual installation of my Microsoft Security Essential antivirus, which only caused the yellow icon to appear and signal install me 3 updates again.

  2. I then signed off the computer and found that on closing time, I received the message to turn off the computer through conventional where it would install case updates, so I went through this process, leaving the computer install 3 updates and then automatically shut down.  After that, I waited a minute, then turn on the computer, and once more, the yellow icon appeared and told me that there are updates.  When I went to install, that is, once again, the same 3 new updates, which I thought had been installed;

  3. I then went to my option on my "menu" of options, clicked on "Install Microsoft" which went to "Update priority", and yet again, the same 3 updates appeared as needing to be installed.  I hit the button on the screen to 'install', waited, and the message of the screen reported that they were installed.  But at the same time, the yellow icon appeared on my screen, I clicked it, and once more, the same 3 updates come "Setup."

  4. then, as I said, they you install, or they are registered not just installation.

  5. I should mention one other piece of information.  Whenever I tried to use the Automatic Updates feature (which is what I use conventionally to install updates), at the end of the process, the dialog box that appears initially the number of updates and classically, which indicates that you have to restart your computer for updates day is taken into account had not the message you have to restart your computer for the updates to take effect.  Off-chance that someone forgot to put the message in the dialog box, I restarted my computer and again, has received the message to go with the "turning point" in the order of the updates to install.

  6 now, as I type this, the yellow icon again appeared on the lower right of my screen, and it seems that it will continue to prompting me to 'install' these 3 updates forever, which is a problem.  I'm assuming that updates are necessary, because I'm on the internet a lot, and updates are updates to security.  I'm very faithful about the installation of the updates that I am asked to install, and I guess that there is therefore something wrong that prevents the actual facility to register as installed or who is repeatedly prompting me to install.

  AGAIN, THIS IS A QUESTION THAT, WITHOUT IMMEDIATE ATTENTION, WILL DISABLE ME TO CONTINUE WORKING ON MY COMPUTER.  I HAVE REQUIRE IT IMMEDIATE ATTENTION.

  Thank you very much.

  YOURS TRULY,

  ALLAN

  ***

  Since I posted this message for you earlier today, May 22, 2012, I got the yellow icon on my system after validation of it for you.  I signed and found on sign the guest to sign and install install 3 updates with closing time.  I'm out.  I have the House later, turned on my system came and again, found the yellow icon.

  This time, I decided that this may have had something to do with the fact that the last time that I reinstalled my Microsoft Security Essentials software, instead of on the web, as I usually do, I did through Facebook.  I figured I would remove Microsoft Security Essentials the conventional way (Add / Remove Programs), and then reinstall it from the www.microsoft.com site, specifically the part of the security.

  But when I tried, I got a warning message that Internet Explorer has proposed will not far enough, because the Internet Explorer has encountered a problem with what I was trying to download-install of Internet Explorer.  At the present time, I have so no software antivirus or firewall on my computer home.

  I then went to the scanner the www.microsoft.com site which downloaded without problem and ran twice, a quick scan which turned up nothing.

  This is a real problem for me, because at the present time, I can't work on my computer and it is connected to the internet and I am prevented to do any work, because I can not install 3 updates you tried to install on my system, probably to avoid malicious attacks on my system by far.

  I posted on signature in this site twice my Hotmail address and asked to be informed when there are comments.  This is an issue that requires comments immediately, because I am currently prevented from performing any work on my computer.

  Please help me as soon as humanly possible.  I'm rather desperate, because I can not work until I resolve this safety issue.

  Thank you.

  -Allan Greene

  Choose one or two-online http://answers.microsoft.com/en-us/Search/Search?SearchTerm=KB2572073+KB2633880+KB2518864&CurrentScope.ForumName=Windows&CurrentScope.Filter=windows_xp-windows_update&askingquestion=false

  Tip: See the RESPONSE message in this thread-online http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/security-updates-kb2633880-kb2633870-are-not-being/49ed2fe1-6782-4498-814a-ccfa6ec1dfc9

• Removed Artemis and false virus alerts, now no rundll32.exe

  I use Windows XP Home edition. For the past 2 days, I was receiving false alerts "XP Security Services" that my computer has been attacked. I used Stinger from McAfee and removed the fake alert virus and the virus of Artemis. However, now I have no rundll32.exe. I can't access MS Office, paint, and it does not recognize my CD/DVD drive. I don't have a Windows XP disk, the PC was already installed with it when I bought it. Any help would be appreciated.

  I use Windows XP Home edition. For the past 2 days, I was receiving false alerts "XP Security Services" that my computer has been attacked. I used Stinger from McAfee and removed the fake alert virus and the virus of Artemis. However, now I have no rundll32.exe. I can't access MS Office, paint, and it does not recognize my CD/DVD drive. I don't have a Windows XP disk, the PC was already installed with it when I bought it. Any help would be appreciated.

  Follow the instructions below.

  Click on the link below. Download the rundll32 file (uploaded by me if it's safer). Save the file to your desktop. Right-click on the file and choose copy. Now click on start > run > paste the following command. c:\Windows\System32 > Ok. When the folder opens, you see a message that these files are hidden. In the left pane, click on the link to view the contents of this folder, as shown in the image on the second link below. Once the content is visible, right-click in the free space in the system32 folder and choose Paste. If you are prompted to replace an existing file, click Yes. Close all windows.

  Click on start > run > type cmd > Ok. On the command line, right click and paste the following code exefile = assoc.exe > press ENTER. Close command prompt. Now try to open any executable file (a game or any application). Be advised, the file download will expire after 3 days. This is the result of the use of the free version of filemail.com.

  http://www.Filemail.com/DL.aspx?ID=EFJLQHHZPHSBIET

  http://img861.imageshack.us/i/hiddenFiles.jpg/

  Once you have completed the above steps, download, update and perform a quick scan with Malwarebytes. Remove any detected object. When you have completed this system clear all restore points and create a new one.

  Malwarebytes.org

  How to use Malwarebytes

• Possible false positive with hamid 3353 problem

  Here is a packet captured by the ID that triggered hamid 3353 - SMB request overflow

  evAlert: eventId gravity = 1075708170032493259 = high

  Author:

  hostId: cisco-ID - v4.1

  appName: sensorApp

  appInstanceId: 1134

  time: 2005-07-18 14:53:30 2005/07/18 14:53:30 UTC

  interfaceGroup: 0

  VLAN: 0

  signature: hamid = 3353 sigName = SMB request overflow subSigId = 0 = S180 Malformed SMB Request version

  context:

  fromVictim:

  000000 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00...

  000010 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00...

  000020 01 00 00 00 00 00 00 00 00 00 00 68 FF 53 4 D 42... h.SMB

  000030 25 00 00 00 00 98 07 00 00 00 00 00 00 00 00 C8%...

  000040 00 00 00 00 00 50 78 07 01 90 81 0 TO 00 00 30 0C... Px........ 0

  000050 00 00 00 00 00 38 00 00 00 30 00 38 00 00 00 00... 8... 0.8...

  000060 00 31 00 2 05 00 02 03 10 00 00 00 30 00 00 00.1... 0...

  000070 0 A 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00...

  000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...

  000090 00 00 00 00 00 00 00 68 FF 53 4 D 42 25 00 00 00... h.SMB%...

  0000A 0 00 98 07 C8 00 00 00 00 00 00 00 00 00 00 00 00...

  0000B 0 00 50 78 07 01 90 C1 0a 00 00 30 00 00 00 00 .px 0c... 0....

  C 0000 0 00 00 00 00 38 30 00 38 00 00 00 00 00 31 00 2. 8... 0.8... 1,

  0000D 0 05 00 02 03 10 00 00 00 30 00 00 00 0 B 00 00 00... 0.......

  0000E0 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...

  0000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...

  fromAttacker:

  000000 00 00 00 00 00 54 00 2 00 54 00 02 00 26 00 0F... T.. T...&..

  000010 70 3D 00 00 5 00 50 00 49 00 50 00 45 00 5 00 p =.... P.I.P.E.------.

  000020 00 00 00 00 05 00 00 03 10 00 00 00 2 00 00 00......

  000030 0 A 00 00 00 14 00 00 00 00 00 01 00 00 00 00 00...

  000040 BB E2 20 19 4 C 0D 4 B 17 DF 44 00 52 40 B9 B7 9TH... L.K.... D-R @.

  000050 00 00 00 80 FF 53 4 42 25 00 00 00 00 18 07 C8... % SMB...

  000060 00 00 00 00 00 00 00 00 00 00 00 00 00 50 78 07... PX.

  000070 01 90 C1 0C 10 00 00 2 00 00 00 54 05 00 00 00...... T....

  000080 00 00 00 00 00 00 00 00 00 54 00 2 00 54 00 02... T... T...

  000090 00 26 00 0F 70 00 00 5 00 50 00 49 00 50 00 3D. &... p =... \.P.I.P.

  0000A0 45 00 5 00 00 00 00 00 05 00 00 03 10 00 00 00 E. \...

  0000B0 2 00 00 00 0 B 00 00 00 14 00 00 00 00 00 01 00,...

  C 0000 0 00 00 00 00 15 FD E7 DD E4 8A 40 7 39... E9 7 D ED} ... @..| 9

  C3 0 30 15 BC D 0000 00 00 00 80 FF 53 4 25 42 00 00 00 0...SMB%...

  0000E0 00 18 07 C8 00 00 00 00 00 00 00 00 00 00 00 00...

  0000F0 00 F0 50 06 01 90 00 10 00 00 2 00 00 00 80 0D. P.........,....

  participants:

  Attackers:

  attacking: proxy = false

  addr: location = IN 10.24.238.193

  Port: 1071

  victim:

  addr: location = IN 10.24.4.42

  Port: 139

  alertDetails: Traffic Source: int0;

  As you can see, looks like a pretty normal SMB packet. This sensor is on an internal network, so Windows file and printer sharing is the norm.

  I think there is a false positive problem that was introduced with the signature s tuning via the S180 update. As a result, I have two questions:

  (1) am I right, or is the signature works as it should?

  (2) does anyone else have this problem?

  All your comments will be greatly appreciated,

  Alex Arndt

  We have identified the problem; an updated version of this signature will be in an update of the upcoming signature.

• Prevent or stop the attack without signature or signature disabled

  Hi IPS Expert,.

  Our IPS is always set as based signature and anomaly detection is not enabled.

  Is there a guideline that you can recommend to stop/prevent the attack without signature or signature is disabled.

  I understand that if the signature is not enabled, it will also create event or alert.

  This means that we will not have any idea when to stop.

  Kind regards

  Jhun

  Jhun-

  There are several reasons for which a signature can be disabled by default, but usually they are not active for a good reason.

  Signatures have a natural life span, they are created, tuned to detect variants of the vulnerability / initial attack. Later in their lives, once that vulnerability has been mostly fixed or patched, they can be disabled. Once they become rather old to have little use for all they retired.

  Other reasons a signature can be disabled, but that signature translates into a high rate of false positives. If you have someone perform analysis on the events that generates your IPS, you will waste their time and their talent with no productive events. It is the most common reason that a signature is disabled in an active sensor.

  The last reason, maybe you want a signature (or a family of signatures) disabled, it is that they do not violate security policy you. If your organization allows peer-to-peer file sharing they that you wouldn't need signatures to stop this activity.

  -Bob

• Due to false positives

  Hello

  We have ID 4210 box with version 3.1 and using virtual machines to monitor and manage the area ID. We use the perl script for sending email notification whenever the event is triggered. The problem is that we receive a lot of false positives for signatures like 4001, 4003, 5366 etc how can you eliminate false positives detection.

  Thanks and greetings

  Salim

  Hello

  You could use response to threats of Cisco - who will get a stream directly from the Cisco IDS 3.X and 4.X sensors and could help is to reduce false positives.

  In a word WHAT CTR will occur a series of controls against the targets of the attack as it is the right operating system system, and in the case of windows systems, it will check the levels of Patch etc. It uses digital fingerprints NMAP and agents currently I think it's free and requires a box of windows 2000 with fast processor to work.

  The issue you'll have with this is that it increases only events using SNMP - so you should have to rely on your business to generate emails.

  It should significantly reduce your events.

  If you use CSPM, you can also set configuration notifications occur on the 1st occurrence of an event, the nth occurrence and a timer reset to reduce the number of recurring events.

  In the version IDS 4.X, you can perform a range of tuning including fireone, summary events etc. to futher reduce the generated events.

• Help, making the attack on character

  Hello, Im trying to make my character attack, the attack animation is located in the clip of character on frame 4. But I don't understand how to do it? I want him to attack once, if you press SPACE.

  I tried this:

  	{if (Key.isDown (Key.Space))}
  	this.gotoAndStop (4);

  Here is my code on my MovieClip of characters

  onClipEvent (load) {}

  gravity = 10;

  Scale = _xscale;

  6 = walkSpeed;

  maxjump = 0.2;

  }

  onClipEvent (enterFrame) {}

  If (air == true) {}

  FLF += gravity;

  State = 3;

  }

  If (Key.isDown (Key.LEFT) & &! _root.leftbound.hitTest (_x, FLF, true)) {}

  _x-= walkSpeed;

  _xscale = - scale;

  }

  If (Key.isDown (Key.RIGHT) & &! _root.rightbound.hitTest (_x, FLF, true)) {}

  _x += walkSpeed;

  _xscale = scale;

  }

  If (_root.ground.hitTest (_x, FLF, true)) {}

  Air = false;

  } else {}

  Air = true;

  }

  If (Key.isDown (Key.UP) & & jump == true) {}

  FLF = jumpSpeed;

  }

  If (air == false) {}

  jumping = true;

  jumpcount = 0;

  jumpSpeed = 22;

  }

  If (Key.isDown (Key.UP)) {}

  jumpcount += 1;

  }

  If (jumpcount > maxjump & & jumpSpeed >-2) {}

  jumpSpeed-= 2;

  }

  If (air == false & &!) Key.isDown (Key.LEFT) & &! Key.isDown (65) & & < 4 or air _currentframe == false & &! Key.isDown (Key.RIGHT) & &! Key.isDown (65) & & _currentframe < 4) {}

  State = 1;

  }

  If (Key.isDown (Key.LEFT) & & air == false & &!) Key.isDown (65) & & _currentframe < 4 or Key.isDown (Key.RIGHT) & & air == false & &! Key.isDown (65) & & _currentframe < 4) {}

  State = 2;

  }

  If (!.) {Key.isDown (65))}

  gotoAndStop (state);

  }

  _root.statetxt = State;

  }

  onClipEvent (keyUp) {}

  If (Key.getCode () == 83) {}

  jumping = false;

  }

  }

  The code you showed for the SPACE key should work.  If you try only instead of all the code you show that you should see gotoAndStop (4).  If it does not, then it is possible some other code you have is forced to do something else.  If the problem is that she goes to 4, but that he never leaves, then you need to add in another condition.

• How I with what appears to be a false security Mac WARNING?

  When I load Safari I have what appears to be a security warning false telling me to connect to iskbusinesstechnology.com.433 and call 1-888-442-8745 for immediate assistance.  Is this a scam or what?

  Of course, it's a scam.

  Try simply clear your cache first:

  1. Safari menu
  2. Clear history...
  3. 'all history' > clear history
  4. Close the page or tab with the warning
  5. Load a new page and see the problem disappears

  If the problem persists, you will need to look at your home page settings, your search engine settings and extensions that you have installed.

• Find the percentage of double pairs false in five two sets of columns

  The situation is that I have four sets of two related columns, and these four sets are repeated during 17 sheets. They are all checkboxes (essentially and or or), and I've already configured to do a little when one of them is checked.

  What I want to understand, is if it is possible to indicate the percentage of a pair of two time column to be false. I want to compare, over time (represented by worksheets), how each pair of column.

  Here is a screenshot. Currently, I am tagging manually false lines double red, but I would like to than my 18 leaf, which collects information about the rest, to quickly view how each column pair done.

  

  You can count double false according to the following formula:

  = COUNTIFS (A, B, FALSE, FALSE)

  

  Showing maybe some of you could move it from whats on a sheet, view table names, and what is on page 18.

  This will allow us to provide a solution specific to your situation

• Impossible to delete some false files

  I have a folder full of about 80 files with this file name

  . OUunh!␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀␀. AcVG6n

  where the difference between them is the extension.

  They all have zero byte is just an empty file name.  My backup software (Carbon Copy clone and SuperDuper!) ill have to treat these files and often will not accomplish their scheduled backups.

  I tried different ways to remove force - empty the trash, even the "rm" CLI does not.  I can't change their names, I can't delete the "." which denotes invisibility, in short, except moving them from here to there, they cannot be renamed or deleted.

  I'd appreciate really any notice about it.  The terminal commands are not new for me.  See screen attached for a detailed look at some of these puppies.

  Thank you!

  -Tod

  

  Because these are all invisible files, you may need to turn off invisibility in order to remove:

  Select the Finder to display files and folders invisible

  Open the Terminal application in your Utilities folder.  At the prompt enter or paste the following command line, and then press RETURN.

  write QLEnableXRayFolders AppleShowAllFiles TRUE

  Killall Finder

  To disable the display invisible files and folders enter or paste the following command line and press RETURN.

  write QLEnableXRayFolders AppleShowAllFiles FALSE

  Killall Finder

  You can also use one of the many third-party utilities such as TinkerTool or ShowHideInvisibleFiles - VersionTracker or MacUpdate.