What to do when you can't delete a program in Windows
Featured How To Manually Uninstall a Stubborn Service in Windows?
Featured When Was The Password Last Changed On This Mac?
Local Session Manager
Featured How To Find Out All Remote Desktop Logon Sessions That Took Place On Windows Server 2012 R2
Sitemap Illustration
Featured How to Refresh My Sitemap for Google Search Console to Find It?

Category: Malware

AntivirusLittle TipsMalwareSecurityWindows 10 Tips

Critical Vulnerability in WinRAR Exposed – Absolute Path Traversal

According to a report this morning from SonicWall, a vulnerability that could allow remote code execution has been discovered in WinRAR. This software vulnerability exposes the half a billion users of this Windows unarchiver. The vulnerability exploited is detailed by MITRE in CVE-2018-20250.

To find out if you are vulnerable, check to see if your WinRAR version is anything prior to WinRAR prior to 5.70 beta 1.

The fix is to update your software to the latest WinRAR version to resolve the issue.

For those not familiar with WinRAR, according to Wikipedia, “WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. To enable the user to test the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports creating encrypted, multi-part and self-extracting archives.”

Update: According to a March 23 2019 report by SonicWall, this WinRAR vulnerability is now being exploited in the wild.

“There have been two major exploits of this vulnerability, one targeting Ukraine with an Ukrainian law related PDF document and another targeting users in the Middle East. Last week, SonicWall Capture Labs Threat Research team has observed another campaign targeting users in Chile. WinRAR vulnerability is the most sought after exploit used by both cyber criminals and nation state actors.”

The security news brief from SonicWall also details the infection cycle of a WinRAR exploit. Be on guard!

GoogleLittle TipsMalwareNetworkingSecurity

And That Is How Your TV Is Watching You

Have you ever heard of the term “idiot box?” Maybe they are not that dumb? Smart TV’s are able to watch you watch TV and learn about the devices on the same network in your home. By the way, even if you had never heard of the idiot box term, I am sure you can easily guess that it is the North American word for a television set. At least, that is what Google seems to believe.

idiot box definition by Google

In fact, search of “define idiot box” yielded the definition “a television set.” Marriam-Webster seems to agree as well.

Back to our point, though. Your Smart TV has been reported to spying on you with your consent but, if you are like the majority of Smart TV owners, without your knowledge. So, go ahead and read up on these stories about what Samba TV does with your data and what bad hackers could trick your device into doing. Armed with this knowledge, you will at least be able to understand how in the world did that company know to advertise this or the other product to you.

AntivirusLittle TipsMalwarePhishingSecurity

Spam Alert: These People Never Get Tired Of Trying To Get You

 

Here is little warning and reminder not to get too comfortable thinking that scammers are gone or that your email spam filter is so good they will never get to you. Here is your wake up call: These people never get tired of trying. They use all sorts of means to disguise themselves including shortening their links by means of “short url” machines like in the case of the above picture.

Spam Email Example

Example of an email that hides a dangerous link behind a tinyurl link under the UPGRADE NOW button.

In fact, I just got right in my inbox one of those messages with a malicious link to some phishing scam hosted on https:// [some_malicious_place] .us.archive.org. But the link that was actually in the big blue button was not pointing there directly. It was disguised behind a https:// tinyurl.com/ [some_extension_goes_here]. It took running the link through Google’s online virus scanner virustotal.com to detect that the final destination of the link is an archive.org-hosted malicious content and site.

So, when you get an email that makes you uncomfortable as to why you are getting it or one that it looks suspicious, you probably are right. It is probably suspicious and dangerous. Get your IT friend look at it or just do not click on any links or attachments in it until you can get it verified by someone who has the tools. If you know how to extract the links without activating them, then do that and report the links if malicious to places like virustotal.com or to your antivirus software so they can include it in their next update. Please note that sometimes the email may come from an address of a person you actually know (after their mailbox was hijacked or is being spoofed).

Google is full of resources on how to tell if the email you are looking at is Spam. Seriously. Just type such a question and you will find a plethora of reputable sites with good examples. Emphasis on reputable. Do not fall for more phishing while trying to detect some.

virustotal.com reveals the actual final destination of a tinyurl or Shortened URL.

This screenshot from virustotal.com details page shows us the final URL the tinyurl link or Shortened URL that was in the phishing email would have led to.

What to do when you can't delete a program in Windows
Little TipsMalwareWindows 10 TipsWindows PCWindows Server Tips

How To Manually Uninstall a Stubborn Service in Windows?

There are programs that are not easy to uninstall. Sometimes you can easily uninstall the said programs only to find out that they left a trail of files in C:\Program Files\ or C:\Program Files (86)\ that you then try to manually delete.

If all goes away and leaves your computer alone, great! You do not need this article. This article is for times when the program just won’t go away and reports that there is another system using it or another user currently running the program. If there is no user that you know of and there are not programs you are aware of that are still running the unwanted application:

  1. Try to kill the process in the Applications tab of your Windows Task Manager.
  2. If the problem persists, Check your Services tab of the Windows Task Manager and look for the name of the unwanted application or for anything related to it.
  3. If the application you are uninstalling had a server component, you will find it in the list of Services. (Hint: Sort the list by Name instead of PID you can at least identify the program by name.)
  4. Once you find the problematic service. Right mouse click on it to Stop the service and then try to delete the folder or application you had a hard time deleting.
  5. If that still does not let you remove it, then go ahead and run an elevated command prompt to run sc.exe
  6. The command  sc.exe delete <service name> should help you completely remove or delete the service, where <service name> is the name of the service itself as you see it in the service management console, not of the exe.
  7. Finally try to delete the folder you were attempting to delete from C:\Program Files\ or wherever you had installed the application.
  8. If all none of the above solves the problem, there are certainly other methods out here. Let us know what did the trick for you by commenting below. (Pro Tip: Consider bringing in some of the big guns like the Process Explorer from Microsoft’s SysInternals Utilities).