Tuesday, December 23, 2008

Virus for Christmas ?

In the last few weeks, some virus distributors try to exploit the holiday season in order to spread Viruses more easily. The viruses are attached to email messages that offer coupons or special offers for Christmas.
The first 2 'Christmas Virus Messages' already appeared in the beginning of december and these emails identified themselves as originating from Coca Cola and Mcdonalds.
Now there are 3 new messages which identified themselves as originating from Symantec, British Airways and Jack Daniel's.

As my email address is pretty popular, I received dozens of these emails together with other junk, as you can see in the following screenshot:



All these emails instruct the user to open the attached file, which contain a Virus that probably continues to send these emails to more and more people.

Here's the details of all 5 Christmas Virus Messages:

  • Symantec

    Subject: Christmas Product Extention
    From: "noreply@symantec.com"
    Attachment: product-extention.zip

    Message Body:
    This holiday season Synamtec is rewarding our valued customers by extending your products protection period by six months.
    Follow the instrustions in the attachment to receive your extra protection and have a wonderful Christmas!
    Offer valid until midnight 31st January 2008.

  • British Airways

    Subject: Holiday Savings
    From: "noreply@britishairways.com"
    Attachment: britishairways-coupon.zip

    Message Body:
    British Airways is offering fantastic deals this festive season. Check your attached coupon and book online today for an amazing holiday!




  • Jack Daniel's:

    Subject: Limited Edition Merchandise
    From: "noreply@jackdaniels.com"
    Attachment: jackdaniels-coupon.zip

    Message Body:
    Have yourself a Merry Christmas with Jack Daniel's.
    Print the coupon and head for your local outlet
    for limited edition merchandise.


  • Coca Cola

    Subject: Coca Cola is proud to announce our new Christmas Promotion
    From: "noreply@coca-cola.com"
    Attachment: promotion.zip

    Message Body:
    Coca Cola is proud to announce our new Christmas Promotion.

    December, 2008

    Play our fantastic new online game for your chance to WIN a trip to the Bahamas and get all Coca Cola drinks for free in the rest of your life. See the attachment for details.


  • Mcdonalds

    Subject: Mcdonalds wishes you Merry Christmas!
    From: "giveaway@mcdonalds.com"
    Attachment: coupon.zip

    Message Body:
    McDonald's is proud to present our latest discount menu.

    Simply print the coupon from this Email and head to your local McDonald's for FREE giveaways and AWESOME savings.


Sunday, December 21, 2008

Running operating system inside a Virtual PC with specific date/time

When you run operating system inside a Virtual PC, the current date/time is automatically taken from the host operating system.
This feature is useful for most cases, but sometimes you may want to run the guest operating system with specific date and time, instead of the current date/time.
You can do that simply by changing the date/time of your computer, but this change will also affect the other programs running in the same machine.

To change only the date/time of the guest operating system, you can use one of the following methods:
  1. Manually change the .vmc file:

    The .vmc files contain the configuration of each virtual machine and are usually located under [User Profile]\My Documents\My Virtual Machines\[Virtual Machine Name]

    You have to make 2 changes in the right .vmc file:

    A. Disable the time synchronization:

    Under the following mouse configuration:
    <mouse>
    <allow type="boolean">true</allow>
    </mouse>

    Add this:
    <components>
    <host_time_sync>
    <enabled type="boolean">false</enabled>
    </host_time_sync>
    </components>


    B. Set the desired date/time:

    You have to find the time_bytes value inside the .vmc file, which looks like this one:

    <time_bytes type="bytes">27003200110001201008</time_bytes>

    After finding it, set the desired date/time value according to the following specification:
    Digits 1 - 2 contain the seconds value.
    Digits 5 - 6 contain the minutes value.
    Digits 9 - 10 contain the hours value.
    Digits 15 - 16 contain the day value.
    Digits 17 - 18 contain the month value.
    Digits 19 - 20 contain the year value.

    In the above example, the date/time value is 11:32:27, 20/10/2008

    After making the above 2 changes, save the .vmc file, and the guest operating system will start in the same date/time that you set in the time_bytes value.

  2. By using RunAsDate utility:

    In order to use this method, download and run the RunAsDate utility, choose the desired date/time, and select the path of the Virtual PC application, (It should be something like C:\Program Files\Microsoft Virtual PC\Virtual PC.exe) and then click the 'Run' button to start running the Virtual PC application. If Virtual PC is already running in your computer, you should close it before starting the new one.



    When you run the Virtual PC application within RunAsDate utility, all the guest operating systems that you run from it will automatically use the date/time that you set with RunAsDate utility, instead of the real date/time of your computer.

If you successfully used one of the above methods, you should have a running guest operating system with the date/time that you chose, while the computer's date/time continues to run normally:


Monday, December 15, 2008

Recover wireless network keys from external drive

The new version of WirelessKeyView now allows you to recover your wireless network keys from external instance of Windows XP operating system (Vista is not supported yet). This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the 'Advanced Options' in the File
menu, or from command-line, by using the /external parameter.

Monday, December 8, 2008

Dialupass 3 (Beta) is available to download

Dialupass is one of the oldest utilities in my sites (7+ years !), so I decided to completely rewrite it, instead of continuing the development of the old one. The new version contains all the current NirSoft standards, including the ability to translate to other languages.
There is also one useful new feature: You can now extract the dialup passwords from an external instance of Windows 2000/XP/2003 (In Advanced Options).

Dialupass 3 is not officially released yet, but you can download a Beta version from here.

Saturday, December 6, 2008

View LSA secrets of external drive

The new version of LsaSecretsView allows you to extract the LSA secrets from an external instance of Windows operating system. This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the 'Advanced Options' in the File
menu, or from command-line, by using the /external parameter.
This feature was also added to LSASecretsDump, which is the console version of LsaSecretsView.

Be aware the currently this feature works for Windows 2000/XP/2003, but not for Windows Vista.