Archives: March 2009, September 2010, October 2010, September 2014
My Blogs Next Page


devidhuang Trojan detection and removal (Erazer Lite) - Subscribe
1.Summary

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
2.Aliases

* Backdoor.Eraser.Web

3.Characteristics

Erazer Lite is a Remote Access Trojan consisting of a server component, client component and a server editor component.

The characteristics of this Trojan with regards to the file names, port number used, etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.

A.Server Component:

When the server component is executed, the Trojan drops itself to:

* %system%\msiecfg.exe

The following registry entry is created, so it can run at system startup:

*
Hkey_Current_User\Software\EZ "0"
Data: C:\Windows\System32\msiecfg.exe
*
Hkey_Current_User\Software\Microsoft\
Windows\CurrentVersion\Run "iexplorer"
Data: C:\Windows\System32\msiecfg.exe

Once running, the server component connects to a pre-defined IP address on a pre-defined port, waiting for commands from the attacker



Note: %System% is a variable location and refers to the windows system directory.

B.Client Component:

The client component runs on the attacker computer, and connects to the server component on the victim machine remotely.

The following are a list of some of the functions that are available to the attacker:



* Process Manager (List, kill running processes)
* File Manager (List, upload, download, delete)
* Registry Manager (Browse Registry, add, edit, delete keys)
* Windows Manager (Browse, close, maximize/minimize, rename)
* Get system information
* Extract passwords from machine
* Key logger
* Read/Modify contents of the clipboard
* Screen capture
* Pranks played on the victim (Hiding desktop icons, start button, taskbar, opening and closing CD-Rom)
* Desktop logoff, reboot or shutdown
* FTP-server, Telnet-Server
* Format drives



C.Miscellaneous Information:

* This Trojan is written in Delphi
* The author intended name for the Trojan is srazer Lite

4. Detects Trojan

The communication between client and server of Trojan is usually with TCP, UDP and ICMP protocol. Sax2 from Ax3soft is based on the analysis of protocol and can accurate tracking network connecting conversation and reorganize the TCP / IP data of the communication. When it detect that your network in the risk of Trojans, it will immediately suspended or interference with communications of Trojan to protect your network from attack. Why not have a try? Sax2 will immediately upgrade it’s Security Strategy Knowledge Base after finished installation. Below will introduce how to use Sax2 to detect whether your system has infected of the Trojan - Erazer Lite.

First of all, launch and run Sax2, switch to "EVENTS" pages. If there is Erazer Lite communication in your network, Sax2 will immediately report and interrupt Trojan communications. See the picture:

0 Comments
Mood: asleep

devidhuang How can i make a password for a router DIR300 of dlink Mar 22nd, 2009 2:45:49 am - Subscribe
i wanted to make a password for my router dlink DIR300, i want it to be secured but i really dont know how to make one..and when im configuring the internet options, the internet connection is losing, i really dont get it so please help me do it, tell me the right answer *step by step* so that i can follow..many thanks to you.

solution:
The step by step instructions are already in your hand. It is called the instruction manual that came with the unit. It is impractical if not impossible and definately imprudent for anyone to reprint the manual for any device in this forum.

When you say password, it is unclear. Do you mean the log in user name password to access the router or the wireless preshare key? You need to be a lot more clear in your request. One is set in the admin section; the other is set in wireless security section.

You talk about dropping Internet connection. You do not indicated if this is on a wired or wireless pc lined to the router. You need to do some work on your own to isolate the issue. Replacing the wireless link with a wired link for troubleshooting purposes will tell whether the problem is a wireless link issue or not.

Clearly if the problem is seen with a wired link, you need to establish a solid public side (WAN) configuration.

Once you have a clear and stable wired link, the you need to address the wireless link. I recommend you document in writing what you do. The general steps (what is to be done but not how, how is in the manual):

1. Obtain the MAC address of the wireless ports of all pcs you wish to permit LAN wireless access
2. Change your SSID from the factory default and record the new one.
3. Define encryption to use (WPA better than WEP; WPA2 better than WPA but requires WPA2 abaility on the pcs as well as router)
4. Define a preshare key and record it; make it a mix of upper and lower case letters and numbers.
5. Invoke MAC address filtering - and load the MAC addresses of all the wireless ports of pcs you wish to permit access in the MAC validation table
6. Save the router configuration before exiting router.
7. Go to first pc you wish to enable wireless link and set up its configuration for your ssid; match encryption and preshare key from documentation and all should work; repeat on each additional pc

Always use a wired pc to router link when you configure the router.
0 Comments
Mood: sneezy

devidhuang How to secure a wireless connection on Windows Vista Mar 22nd, 2009 2:46:53 am - Subscribe
Could someone please tell me how to secure my wireless connection on Windows Vista?

solution:
You should have provided more info.Ohh wait you mean how to make your wireless more secure? Firstly, put a password to access your wireless network. How? Check your gateway under your connection details. Type in the gateway at address bar. Then look for wireless option there. And set the password to access your wireless. either 64-bit wep or 128-bit wep. I would choose 64 bit as 10 numbers/letters are easier to remember than 20?
0 Comments
Mood: athletic

devidhuang How do I use my blackberry storm as a "wireless card" for my mac book pro Mar 22nd, 2009 2:47:35 am - Subscribe
I have the mac book pro, the one that came out with leopard (the all silver one) and I was wandering how I could use my bb storm, while on the road, as the network.

solution:
Wireless, you can't. But I do know you can use it wired some way. I'm not too sure how, but if you call Verizon they will tell you how.

Just tell Verizon that you want to use it as a modem.
0 Comments
Mood: greedy

devidhuang How do I set up a wireless connection Mar 22nd, 2009 2:48:17 am - Subscribe
I just bought a new laptop and I dont know how to set up the wireless connection. Help.

solution:
Your able to pick up signals within range. The only question i have is do you have your own specific router? name could be Belkin, linksys, netgear, d-link etc.

If you don't your probably picking up your neighbors signal and it wont allow you access because its secured.

If you are sure you have a router and its secured and you have forgotten the actual network key. your going to need to hard wire directly into it, log into the router and retrieve the wireless network key. If you are unsure of how to do don't hesitate to write me a message on how to do so. I am going to need to know the brand name of the router you have, each has its own ip address.

If you don't have a router your going to need to buy one. The cost for a decent router that would suite your needs is around 60 and above. Make sure the router has wireless capabilities before buying it.
0 Comments
Mood: hungover