Welcome to the simplified NoIdea.US home. You may have ended up here from a search link; if so, almost everything important is still on the site. You may have to search for it, though!
Wow, it's been a long time since posted anything here. Sorry 'bout that for anyone who might still be paying attention....
Anyway, I've been playing with some new web scripts for some site design I'm working on. I came across phpns a while back, and it's been used effectively on one of the sites I designed. However, it's missing one feature that would make it so much more useful for me: an upload facility. I started hunting around for a decent, simple file upload script that could be incorporated into phpns, and found Silentium Uploader from HyperSilence.net. After spending a couple of hours playing with it, I now have hacked Silentium into phpns. Like peanut butter and chocolate...they go great together!
Before I switched to the new mail server, I was running CBQ.init to do some limiting of outbound SMTP traffic. You see, I run a mailing list that has multiple large attachments that are resent to 50+ subscribers, and trying to send that out effectively kills my DSL line.
When I set up the new server, I set up CBQ.init 0.7.3 using the same configuration as on the old (Fedora Core 1) machine. Today, I found out that my limiting was not working...seems that there is an error in the CBQ.init script that prevented it from running correctly. The error manifests as follows:
[root@server rc.d]# ./cbq.init compile
find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
The error is actually a mistake in the find command syntax of two lines in the script.
Here is the corrected script (those are line numbers in front).
577 ### Get a list of configured classes
578 CLASSLIST=`find $1 -maxdepth 1 \( -type f -or -type l\ ) -name 'cbq-*' \
579 -not -name '*~' -printf "%f\n"| sort`
580 [ -z "$CLASSLIST" ] &&
581 cbq_failure "no configuration files found in $1!"
582
583 ### Gather all DEVICE fields from $1/cbq-*
584 DEVFIELDS=`find $1 -maxdepth 1 \( -type f -or -type l \) -name 'cbq-*' \
585 -not -name '*~'| xargs sed -n 's/#.*//;
586 s/[[:space:]]//g; /^DEVICE=[^,]*,[^,]*(,[^,]*)?/ \
587 { s/.*=//; p; }'| sort -u`
The change is the location of the -maxdepth 1 argument: it must be immediately after the last path in the statement, and before any other options. The original looked like this:
### Get a list of configured classes
CLASSLIST=`find $1 \( -type f -or -type l \) -name 'cbq-*' \
-not -name '*~' -maxdepth 1 -printf "%f\n"| sort`
[ -z "$CLASSLIST" ] &&
cbq_failure "no configuration files found in $1!"
### Gather all DEVICE fields from $1/cbq-*
DEVFIELDS=`find $1 ( -type f -or -type l ) -name 'cbq-*' \
-not -name '*~' -maxdepth 1| xargs sed -n 's/#.*//; \
s/[[:space:]]//g; /^DEVICE=[^,]*,[^,]*\(,[^,]*\)\?/ \
{ s/.*=//; p; }'| sort -u`
After making this change, the script works as expected! I'm posting this on the off-chance that someone else might be having the same issue I did, and this will help them, too.
Oh, and if anyone is interested, here is my script to limit SMTP outbound traffic on my 3Mbit/768Kbit DSL line. It's called cbq-0256.SMTP-out:
Anyone who has looked here in the last few months (OK, last 8 months...) would think I've abandoned the place. Not quite true...noidea.us is still my primary email domain, and I've thought about a lot of things I'd write about, if the time presented itself. Well, the time still hasn't made itself available (funny,the way that works), but I figured I should at least note that I'm still alive, still working, still researching malware, and learning how to be a dad. I guess running blogs on three different sites can be a bit...well...absurd?
On the plus side, I have managed to finally upgrade my mail server....it's a major hardware shift from a PII-400 to a Sempron 2800+, and 384MB to 1GB of RAM. I can now run all those wonderful spam filters that I just didn't have the resources to handle before. It also went from Fedora Core 1 to Fedora Core 4. The old server was actually just a test box I was using to play with Postfix, Amavisd-new and Dovecot; it got pressed into live service after resetting all the hardware after hurricane Rita a couple of years ago when the Shuttle SV-24 died (of a notorious blown caps issue). I was unable to keep much of the filtering running because of the RAM requirements, and thus was making do with only Postfix's RBL checks and Policyd greylisting service. Now it's all running, and I'm much happier with the systems....
Final note, I'm now also an admin/developer for PluggedOut Blog, the blog script that runs this site. If you're looking for an easily customizable, flexible, feature-rich blog script in PHP, check it out!
Last week, a Houston family filed a lawsuit against the MySpace social networking website. According to this article from The Register: "Myspace didn't act quickly enough to protect users who are minors from adult predators. The plaintiffs say their daughters were solicited and abused by adults using the site."
[rant mode on]
At what point did parents stop being responsible for the care of their children, and children stop being responsible for their own actions? When did MySpace (or Facebook, or Yahoo, or any other website) take over that role in the raising of a child? I've talked with parents, and I'm going to be one in a few months. Parents must take an active role in their child's development, including monitoring what they do on the computer, or who their friends are. This includes knowing the parents of their friends and how those parents raise their own children.
[rant mode off]
In the Houston case, I seem to recall that the mother had blocked internet access on their home computer, or they didn't have a computer. So, the daughter used her cell phone's browser to go to MySpace, or a computer at a friend's house. This goes back to being involved, both with the child and the parents of the child's friends. MySpace cannot be responsible because someone using their free, unmonitored service lied about their age or lured an irresponsible teenager into a compromised situation. Consider MySpace and the other sites as "common carriers": just like the phone company is not responsible for someone using the telephone to plan a robbery, or Cingular would not responsible for someone using a cell phone to trigger a bomb, MySpace and other social networking sites cannot be victimized by someone who is willing to lie to get somewhere.
If MySpace implements the new rules they are discussing, it's simply going to generate hundreds of additional profiles; more people who will lie that they are either over age or under age to meet the people they are targeting. Short of turning into a pay service, and alienating their current major userbase (most of whom probably don't have credit cards or paypal accounts), I don't see any changes that will substantially alter the current situation.
I really hope that the courts decide to throw out this case, with prejudice, and make those filing the lawsuit pay their own legal fees. Along with a stern lecture about parenting. Maybe that will make people think twice in this "I don't like you I'm going to sue" society.
I'm sure this will be an ongoing topic...I'm working on a new mailserver to replace a box that is excruciatingly underpowered. Even though it's only running about a dozen users, it's a Pentium II/400 maxing out 256MB of physical RAM and swapping over 60MB regularly. This wasn't a real problem until I decided to upgrade my spam filtering backend (amavisd-new, SpamAssassin/ClamAV and Maia Mailguard,with a dose of policyd greylisting daemon). The system restarted everything fine, but then came to a screeching halt as amavisd completely swamped the RAM in the system and everything slowed to a crawl. Unfortunately, the RAM in the system is maxed out and I can't add any more.
Well, a couple of weeks ago I ordered a new system to replace this venerable dinosaur. The new box is a BioStar IDEQ N1, Sempron64 2800+, 1GB of PC3200 (400MHz) RAM. I'm recycling a spare 20GB drive, and loading with Fedora Core 4 (I don't like 5 or 6...the MySQL 5 installed breaks some of the web apps that I use).
Now, on to the lesson of the day:
I started setting up the box last week with custom-compiled versions of Postfix, Dovecot IMAP server and several other packages. Now I'm starting to configure things to closely match the existing mail server, including Samba. This makes some administrative tasks a bit easier, like updating some web pages (this basically only hosts SquirrelMail and PostfixAdmin). There's not much web service to do, but Samba makes it easier to move logfiles to the Windows box and copy new files over without having to run FTP or wget all the time.
The problems started after I copied the smb.conf file (Samba config) from the existing server to the new box. I tweaked it, fixed some server-specific settings, and set it off. First, it wouldn't even see itself as an SMB server. found and fixed that. Then, it appeared to be fighting with my WINS server (another Linux box) to be the master browser. Fixed that setting too. Finally was able to resolve itself by name and local IP. Now to get it to see the rest of the network (and the rest of the network to see it, as well). OK...started through the diagnostics document from Samba. Step 1...good. Step 2...good. Step 3...er...step 3....errors. Troubleshooting was going nowhere. 45 minutes later, had a thought...firewall? Iptables was running, since this box faces both the internet and my local lan on different NICs. turned off iptables and gee...it works! Start tweaking around with firewall rules. Seems the syntax has changed slightly between the Fedora Core 1 and Fedora Core 4 versions, so the rules from the old box don't quite work on the new one. Found the system-config-firewall-tui utility, and set up custom rules for the right ports, and restarted both iptables then samba. Gee wiz, it works now! I can see it from the other computers, and it finds the rest of the network too!
Well, that was a good waste of several hours that I'll never get back. I guess the next step is to set up Postfix, policyd, amavisd and the new MailZu web interface for amavis. Oh, and pray that Dovecot 1.0 final will make it out in the next two weeks before I'm ready to bring the new monster live....
This article by Peter Gutmann talks a lot about the DRM risks and limitations in Windows Vista (especially if you have SPDIF or component video), but several items mentioned are important to malware fighters as well, especially regarding future reverse-engineering issues.
Executive Summary:
Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry.
/* Disable Container box for "List all Tabs" Button */
.tabs-alltabs-box {
display: none !important;
}
/* remove new tab button */
.tabs-newbutton { display: none; }
Edit: one more tweak for download dialogs
Edit the file %programfiles%\Mozilla Firefox\components\nsHelperAppDlg.js
Find the line // hide featured choice
edit the line below that: this.mDialog.document.getElementById("normalBox").collapsed = true;
change "true" to "false"
This isn't a rant about my ISP. I have been very satisfied with OpLink in the last year and a half. Unfortunately, we will be moving soon (end of lease, and some problems with our house) and several of the houses we are looking at are in areas not covered by Oplink.
Right now, we live just between Houston and Katy, Texas, in the no-man's-land of Harris County. However, we do get some "benefits" of Houston, since SBC (or "the new AT&T") provides our phone service. Oplink runs over the SBC phone system to provide DSL service.
Unfortunately, SBC doesn't provide phone service into the heart of Katy. That luxury is provided by Consolidated Communications. Which means my only choice for DSL service appears to be Consolidated Communications.
This wouldn't be so bad, except...
To get the same level of service that I have with Oplink, it would cost over $80 more per month. That is, I pay $65 a month right now for 1.5 Mbit/384 kbit plus a block of 6 static IP addresses. I am allowed to run servers (which is where this site, and several others, as well as email, are hosted). I have virtually unlimited bandwidth (which is nice when there are several thousands of people trying to download a malware fix file).
Consolidated requires a business account to host servers, at a cost of $59 a month, plus $20 a month for static IP addresses (I currently use three). And that only guarantees me 1 Mbit/384 kbit rates. So, for $110 a month, I can get less features than I currently have, with less customer service (I've had to deal with Consolidated's attempt at customer service for some clients). I don't even know if they have bandwidth caps; haven't checked on that yet.
So, what about cable modem service?
Well, since the only option for that seems to be RoadRunner (thanks, Time Warner....) I checked into their pricing and features. To get a single static IP address, I again have to have "business class service", and it would cost me at least $129 a month. For a block of 5 addresses, it's nearly $200 a month! Therefore, that becomes a non-option.
I just talked to Earthlink, who offers cable modem service in that area as well. Unfortunately, they don't even have an OPTION for static IP addresses.
So, it looks like I'm stuck. I know, I've got at least a month before this becomes a real issue, and we may find a different property that we like that falls into the SBC service area. Until then, I'll keep searching....
Well, we're back and survived the storm OK...the only casuality here had nothing to do with a hurricane, but the death of a motherboard. The webserver you are currently visiting would not boot after being connected after the storm, and a quick inspection showed that blown capacitors on the mainboard were the culprit. I was lucky that it ran for as long as it had, from the looks of things. So, a new system is in place....
For those interested in the details, it's a Biostar IDEQ 210V, an AMD Sempron 2400+ with 512MB of PC3200 DDR RAM. I recycled the CD and FD and second NIC from the old system, and using the same hard drive recovery took only minutes with the kudzu utility working quite well to reconfigure the hardware. The biggest problem was getting the net cables plugged into the right NICs (I had them backwards at first).
The old system was a Shuttle SV25, with an FV25 motherboard (the one with the bad caps). This is a known and notorious problem...as a friend of mine once said, he hopes that someone has paid dearly for the capacitor problems in the last few years.....
Please read the Story on Keyloggers at SpywareInfo.Com! link is now gone -- but it was a good article!
There are some serious concerns here. If you even THINK you've been jacked by a keylogger, Install a SOFTWARE FIREWALL IMMEDIATELY. Change the passwords on ALL your bank, email and other accounts from a DIFFERENT, KNOWN-CLEAN computer. Oh, and DON'T USE INTERNET EXPLORER.
Well, the server is doing better...I got the box reloaded with a new HD, and managed to get the load off the spare box that wasn't really beefed for real service. The only thing lacking, I think, is the smtp service for the websites hosts here. I don't have it configured yet, but that should be ready tomorrow (Friday) evening.
Well, apparently my main webserver was hacked yesterday (12 jul 2005) and brought to it's knees by someone deleting the /var/log directory. This effectively killed apache and several other programs. Fortunately, I was able to get a spare server running and get the site back online.
I have re-uploaded the nailfix.zip and nailfix.exe files from my original sources in the event that the downloads were compromised, and have temporarily disabled the rest of the downloads on this site until I can replace them with known good copies. *grrr* why can't people find better, more constructive things to do with their time instead of attacking people? (or their servers?)
NOTE: These instructions have been superseded with updated procedures for the nailfix installer and a new version of Ewido. Please post a HijackThis Log in the Malware Removal Assistance forum here or at any of the ASAP Member Sites.
The following are instructions to run the Nail/Aurora popups fix. This can be recognized by the following lines in HijackThis:
Reboot into Safe Mode. To do this with Windows XP, you can follow these steps from Microsoft:
Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.
Select an option when the Windows Advanced Options menu appears, and then press ENTER.
When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Once in Safe Mode, please double-click on nailfix.cmd that you unzipped earlier. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Next, run Ewido again.
Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then run HijackThis, click Scan, and place a checkmark by the following item:
To configure Thunderbird for the domains hosted here:
Start Thunderbird. If you have never set up accounts in thew program before, you will start with the Account Wizard. If not, click on the Tools menu, then Account Settings.
Select Email account, then Next.
Enter your name and email address in the appropriate fields, then click Next.
Select IMAP, and type in the names of the incoming and outgoing mail servers. Click Next.
Enter your full email address as the Incoming User Name and click Next.
Enter a descriptive Account Name or take the default entry, and click Next.
Confirm that all the settings are correct, and click Finish.
Back at the Account Settings window, select Outgoing Server(SMTP) from the left menu, then check Use name and password and enter your full email address in the User Name field.
Select Server Settings (for the account you just created) from the left menu. Check Use secure connection (SSL) and set the Check for new messages settings to your preferences.
Finally, select Composition & Addressing from the left menu. Uncheck Compose message in HTML format, and set the quoting options to your perferences, then click OK to exit the Account Settings screen.
Updated 27 Feb 2005: Grrr...I got the two Shuttle boxes (SV24 and SV25), only to discover that both have blown motherboards and power supplies. I'm working on the means to get them in usable order, but it's going to take some fundage that I don't currently have....can anyone help? UPDATED 12 FEB 2005: I know people are waiting on this document! Gomennasai...but I will hopefully be much closer after this weekend. I should be picking up two shuttle systems this weekend, one of which will be my new mail server. I will be using this to finalize all the steps I will take to make this document finally useful.
I have Amavisd-new, SpamAssassin,ClamAV and Maia Mailguard all running now. I still need to get Mailman list manager tested and Squirrelmail running on https, but I promise! it's getting closer!
UPDATED 13 OCT 2004: getting closer! See the bottom for the newest info... Wednesday, September 29 2004 @ 12:02 AM CDT Just a little heads-up...I'm currently working on a test mail server, incorporating Fedora Core 1, Postfix, Dovecot Imap, fetchmail, amavisd, and Maia Mailguard, with full SSL and virtual domain/user support tied into a MySQL database. Like the title says, it's a work in progress, so I don't have a whole lot to give you yet, but I do have some success:
Postfix is working to receive mail to users who only exist in the MySQL database.
Dovecot will authenticate users via SSL, logging into the database.
I can perform all IMAP functions with Dovecot and Mozilla Thunderbird as the client.
I had to build custom RPMS for Postfix and Dovecot to incorporate the features I wanted (and remove Postgres support from Dovecot...grrrr)
Still to come:
Installing and setting up Amavis, SpamAssassin, and ClamAV, and tying it into Maia Mailguard for per-user configuration.
Setting up Fetchmail to POP several external accounts.
Setting up name-based virtual hosting on Apache2.
Probably other issues as they come up.
Writing up coherent documentation on the process.
Doesn't sound like much, really, but it's been a big accomplishment for me so far, especially considering how badly certain applications (*cough*dovecot*cough*) are documented. To be fair, it is a fairly new app, and the userbase is not what it could be (many people sticking with Courier and Cyrus out of familiarity, I'm sure). I'm going to attempt to do my part by creating documentation on the process here, so others can benefit from my experimentation.
I'll be writing up a static document for this site once everything is in place, so be watching for it!
UPDATE 13 OCT 2004:
Process/Progress
Requirements:
SMTP-AUTH
IMAPS
all auth to sqldb
anti-spam
antivirus
web managable
virtual domain hosting
per-user config for antispam
Implementation:
Fedora Core 1
MySQL 3.23.58
Postfix 2.1.5 w/ pcre, MySQL, sasl2, tls, vda support
Dovecot 0.99.11 with MySQL support
Maildir-formatted mailboxes
Done and Notes:
OS - Fedora Core 1 and updates
MySQL
Postfix
set up SMTP via SASL/Pam for auth over TLS.
Requires Pam-mysql 0.5 module
User passwords in db must be in MySQL-Crypt format
Maildir mailbox format in /home/postbox/%domain/%name/
Dovecot
configured to only offer IMAPS for encrypted comms
User passwords in DB must be in PLAIN-MD5 format
PostfixAdmin
Web interface for virtual domains in Postfix
can set passwords in several formats. Set to md5crypt.
added new $CONF['postfix_smtp_pw'] set to mysql crypt for smtp-auth
I'm just going to brag a little...I've passed the Helper Exam atSpywareInfo.Com's Support Forums! This means that they think I known enough to not endanger anyone when it comes to cleaning malware off computers. If you need assistance with your computer, you are more than welcome to visit SWI. The volunteer helpers there certainly do their best to help you.
I've also been accepted for membership in the Alliance of Security Analysis Professionals. "ASAP is made up of website/forum owners and administrators, forum staff, individuals, companies and various organizations who all provide security related support to computer end users."
I finally got reconnected to Yahoo! chat today (I use the Gaim chat client, so AOL, ICQ and Yahoo are in one easy-to-use, and free, program). Yahoo pulled a nice stunt on Thursday, changing the chat protocol so that "that spammers will be blocked from abusing our system to spam our
users". Unfortunately, they failed to take into account that spammers will always find a way. They're kinda like roaches. Click to read my letter to messenger-security@yahoo-inc.com, and the response I received....
Here's what I sent to the email address I could find. For some reason, "messenger-security" seems like an appropriate recipient, as they're claiming that the blocking is a "security measure"....
To: messenger-security[at]yahoo-inc.com
Subject: Blocking third-party clients -- bogus "security" argument is shameful
The latest argument being used by Yahoo to block third-party clients from their IM service is one of the biggest crocks of bullhockey that I've heard. Security? Anti-spim? That's already taken care of by the client, when the user chooses to accept messages only from his buddies. This sounds like another case of greed getting the better of the users' (and thus the CUSTOMERS') experience.
I have had a Yahoo! account for years (at least four, possibly closer to seven). I didn't start using Yahoo's Messenger services until I discovered a client I liked (Gaim, in this case) that allowed me to open ICQ, AIM, and Yahoo! together. If the client hadn't been able to talk to Yahoo messaging protocol, I would still not be using Yahoo for messaging because having to download and install yet another chat client simply wasn't worth my time.
If you want to increase the value of your instant messaging system, add features (such as AmiKai's AmiChat: http://www.amikai.com/products/portal/amichat.jsp) instead of acting like the three-year-old who takes his ball and goes home when the game doesn't go his way. The way to survive is to adapt and be open to changes that benefit you AND your customers.
"This time, however, Yahoo said it will continue changing its protocols to prevent clients such as Trillian from finding new ways to incorporate Yahoo. Again, the measure was cited by Yahoo as a way to prevent IM spam.
"By making frequent protocol changes, it is our expectation that spammers will be blocked from abusing our system to spam our users," [Yahoo spokeswoman Mary] Osako said."
-=-=-=-=-
And the response I received....
-=-=-=-=-
Followup to my email to Yahoo. Here is their reply....
Hello,
Thank you for writing to Yahoo! Messenger.
Yahoo! does not support third-party applications. Please contact the manufacturer directly in regard to this issue.
Thank you again for contacting Yahoo! Customer Care.
Regards,
Minnie
Yahoo! Customer Care
-=-=-=-=-
Sounds like issue avoidance to me. I thought my message was pretty clear.
In response to numerous requests I get for information on cleaning up viruses and spyware from personal computers running Microsoft Windows, I have put together the following document.
The first tool to run is McAfee's Stinger utility. Stinger is a stand-alone antivirus scanner that is regularly updated by McAfee that will catch and clean the most current viruses and worms. Simply double-click the S-T-I-N-G-E-R.EXE file, then click the Scan Now icon. Let the scanner run to completion.
As a checkpoint, now run HijackThis. It's also a stand-alone utility that will scan for certain anomolies and make a list that can be analyzed. Double-click the HijackThis.exe icon, the click the Scan button. When the scan finishes, click the same button (now labeled Save Log) and save the file somewhere you can find it. Then you can exit the HijackThis utility.
The third step is to install and run Lavasoft's Ad-Aware. Double-click the aawpersonal.exe file and click Next four times, then Finish. The installation program will put an icon on your desktop.
Close all open windows, especially any Explorer and Internet Explorer windows. Double-click the icon, then click on the Check for updates now link. In the update window, click the Connect button, then click OK to update the signature file. (Keep in mind the dates in this program are in European format, DAY.MO.YEAR.) After the update is done, click Finish, then Start and Next. When the scan finishes, click Next twice and say OK when prompted. After that, you can close Ad-Aware.
Step four: Spybot Search & Destroy. Double-click the spybotsd14.exe icon. click Next, Read and accept the license agreement and click Next twice. On the "Select Components" screen, uncheck everything except the "Main Files" component, then click Next twice. On the "Select Additional Tasks" screen, uncheck the "Create a Quick Launch icon", then Next and Finish.
Double-click the Spybot - Search & Destroy icon. Select the language (English is the white flag with the red cross). On the next two dialog boxes, read the warnings and click OK. Then, click the Search for updates button. Install any updates found; the program will restart on it's own. After it restarts, click Check for problems.
When the scan finishes, click Fix selected problems and remove everything selected by default.
Last, run HijackThis again, and save the second log file with a new name ("hijack2.log" for example"). Then, if you have any questions or concerns about anything else installed on your computer, post the contents of the second log file to one of the ASAP member forums.
The last four tools, CWShredder is designed to clean up a specific strain of spyware, known under the name "Cool Web Search". BHODemon, Startup Control Panel and MyTop are not specifically spyware or virus removal tools, but are useful for diagnostics.
CWShredder
From the original author of HijackThis: CWShredder is "a small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names)....This program is updated to remove the new variants once they come out.
Read my article with documentation on Coolwebsearch here." From Intermute: "CWShredder� finds and destroys traces of CoolWebSearch. CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators."
BHODemon
From the author: "BHODemon scans your Registry for BHOs (Browser Helper Objects), and presents any it finds in a list. By highlighting a BHO in this list, and clicking the "Details" button, you can see information about this BHO, and even disable it if you wish."
Startup Control Panel
From the Author: "Startup Control Panel is a nifty control panel applet that allows you to easily configure which programs run when your computer starts. It's simple to use and, like all my programs, is very small and won't burden your system. A valuable tool for system administrators!"
MyTop
Handy utility, especially with Windows 95/98 (and possibly ME) which do not have a task manager. MyTop lists all currently running processes on your computer and gives you the ability to kill them, without having to give a CTRL-ALT-DEL. Windows NT, 2000 and XP all have a built-in utility that performs the same function, the Task Manager, which can be accessed by either pressing CTRL-ALT-DEL and clicking "Task List", right-clicking on the Taskbar and selecting "Task Manager", or pressing SHIFT-CTRL-ESC.
Process Explorer
From the Author: "The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work."
Root Kit Detector
aports.exe
This set of tools is useful in removing a newer, nasty version of CoolWebSearch that uses a malicious hacker tool called Hacker Defender to prevent removal of it's files and hide the processes and other means of identifying the offender. Instructions can be found at This page at the University of Wales at Swansea.
