Monthly Archives: May 2009

Hosts file fixed

May 25, 2009

Well I just realized why I was getting connections to www.007guard.com whenever I opened a web browser.  It actually is quite simple really, that is why it was overlooked.

The hosts file is a file that maps out ip-addresses to hosts names in a computer.  When a computer starts up, it loads the hosts file into memory first before it queries any DNS servers.    So what had happened was that Spybot Search and Destroy and added the following entries into my hosts file in Windows 7:

# Start of entries inserted by Spybot – Search & Destroy
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com

As you can see the first entry was “127.0.0.1     www.oo7guard.com”.  This means that whenever a program tries to connect to www.007guard.com, they will be redirected to 127.0.0.1 which we all know to be “localhost” or your own comptuer.  This will effectively block any connections to www.007guard.com.

Anyway, the problem turned out to be a missing entry in the hosts file:

127.0.0.1  localhost

Apparently what was happening is that whenever a connection to localhost was established, Windows first consulted with my hosts file which told it that 127.0.0.1  mapped to www.007guard.com.  This resulted in the following netstat -f output:

netstat -f

The connections are actually legitimate and are nothing to worry about.  To fix this issue, just add the following into you hosts file on the first line.

127.0.0.1  localhost

After adding that into your host file, netstat -f should look like this:

007guard fix

And that’s all too it!  I am so glad that I finally fixed this annoying problem that was been plaguing me for a couple weeks.  Looks like some patience and good research on google paid off! If you are interested in learning more about using the host file to block malware, I would go to http://www.mvps.org/winhelp2002/hosts.htm they have good information on the host file and a pre-made list of sites to block for you.  Remember these techniques will work in every OS (windows, linux, mac) since they all use a host file!

References:
http://forum.avast.com/index.php?PHPSESSID=93034020fb53cd58398b96893f9df3bb&topic=40574.msg340233#msg340233

http://forum.avast.com/index.php?topic=41225.0

http://www.mvps.org/winhelp2002/hosts.htm

  • Share/Bookmark
By General Mills | Posted in IT Security, Linux, Mac, Windows | Tagged , , , , , , , , , | Comments (3)

More users adopt Windows 7

May 18, 2009
37% of lifehacker viewers use Windows 7 the most

37% of lifehacker viewers use Windows 7 as there main os!

According to a poll at lifehacker there seems to be a increasing number of people using Windows 7 at the moment.  The poll asked “What version of Windows do you use the most?”  36% answered the obvious choice Windows XP, 25% said that they used Windows Vista the most which was surprising considering Vista’s bad rep.  Windows 7 came out at 37%, just a little more than XP!

As you can see Windows 7 is gaining popularity within the lifehacker community, which in my opinion is a good sign of how much better 7 is compared to Vista and XP.  Adoption rates within interent communities seem to be on the rise, while many businesses will continue to use Windows XP and server 2003 until economic conditions improve.

References:

http://lifehacker.com/5256089/which-windows-os-are-you-running

  • Share/Bookmark
By General Mills | Posted in Windows | Tagged , | Comments (0)

Hidden Items on the Send To Menu

May 16, 2009
Hiddem Sent To Items

Hidden Sent To Items

If you haven’t tried out the Release Canidate for Windows 7, you sure are missing out on a lot of cool stuff.  Just the other day I read about this feature that really dosen’t get a lot of attention.

Apparently if you hold shift while right-clicking a file, and go to “Send To”, you should see some hidden menu options that were not previously there.  The new items should be Music, Downloads, Picture, Favorites, etc.. you get the idea from the picture on the left here.

Anyway, I thought this was a cool feature in Windows 7 that really gets underplayed and deserves to be mentioned.  Knowing this hidden feature has come in handy a lot this week alone since I tend to send files from my desktop to my pictures and document files.

References:
http://lifehacker.com/5254211/

  • Share/Bookmark
By General Mills | Posted in Windows | Tagged , , , | Comments (0)

007guard.com Malware/Spyware

May 11, 2009
007guard.com is Spyware!

007guard.com is Spyware!

Well it appears that the 007guard.com spyware somehow got onto my Windows 7 RC system.  I have no clue how it got on at this point since I am really careful about downloading and browsing the web in general.  I never use Internet Explorer (or exploder he he ), I use firefox 3.0 with the no-script add on and adblock plus as well.  I also checked a virtual machine of windows 7 just to make sure that my media wasn’t compromised or tampered with, and sure enough it didn’t have any connections to 007guard.com in the netstat output.

Here is a sample output of what I see when I run the netstat -f command in the terminal:

As you can see there are a ton of connections going to 007guard.com on various ports.  The local address is 127.0.0.1 which is localhost for those who didn’t know.

netstat -f

One way to block 007guard.com from connecting to it’s “Mothership” or master is to edit the hosts file in windows to localhost.  That way when the malware tries to open a connection to its remote location on the web, it will be redirected to 127.0.0.1 which will go no where and stay locally on the machine. You can do the same thing in linux and other operating systems as well.

The Windows hosts file is located in “C:\Windows\System32\drivers\etc\hosts” (use notepad to edit it)

So at this point it’s still in my machine somewhere, and spybot, adaware, avg, avast and pretty much all the scanners cant get rid of it.  I may have to wipe and reload my machine just to make sure it’s gone for good this time, which is really annoying since it takes a ton of time to re-install Windows plus get everything back to the way it was before this crap happened.

Here are some references for more information on 007guard.com spyware/malware:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/b2e7ce83-4445-40d2-8b9e-19ea412eef4d

http://www.sevenforums.com/system-security/3262-007guard-how-remove.html

  • Share/Bookmark
By General Mills | Posted in IT Security, Windows | Tagged , , , | Comments (0)

Just got my MCSA!!!!

May 10, 2009
MCSA

I got my MCSA!!

This last week really has been an amazing one for me since I just passed the 70-291 Microsoft exam.  The 70-291 focuses on the network infrastruture in Windows Server 2003 like DNS, DHCP, security, routing and switching, remote access, ect… I started studying for it in January 09 and just finished it this last week.  Overall it was a tough exam and really did take a lot of critical thinking and troubleshooting skills to be able to awnser the questions correctly.  Even though it was hard and took a while to study for it, It was well worth it!! I can’t describe the incredible high that I got immediately after passing the exam and knowing that I had completed one of my long term goals in life.  If I hadn’t set a goal to complete my MCSA, I probably would have never got it nor taken the time to really study and learn the material.  If you have not gotten into the habit of goal setting I suggest you do and make a habit of making goals and completing them.  It really does help you accomplish things in life, and gives you direction of where to go and what to do to get to that point in life.

Anyway, I am soooo stoked that I’ve finally got my MCSA for server 2003!!!  My next goal will probably to upgrade my MCSA to server 2008 or, go for the CCNA since we do a lot of network design and management at my workplace.

If you would like to know more about the MCSA or Microsoft Certifications, I’ll post some links below:
http://www.microsoft.com/learning/mcp/default.mspx
http://www.microsoft.com/learning/mcp/mcsa/default.mspx

  • Share/Bookmark
By General Mills | Posted in Windows | Tagged , , , | Comments (0)