SPAUG Newsletter January 2006

SPAUG Editor: John Buck
SPAUG Publisher/Business Manager: Susan Mueller
SPAUG Co-Webmasters: Stan Hutchings & John Sleeman

TABLE OF CONTENTS

• Notes from the Prez by Jim Dinkey
  
  
• General Meeting Notes by Stan Hutchings
  
  
• Planning Meeting Notes by Stan Hutchings
  
  
• Smart Computing Tips & Fun Facts Reprinted with permission from Smart Computing
  
  
• How to use HiJackThis and Help2Go Detective to remove Malware by Jim Dinkey
  
  
• Security update for WMF vulnerability by John Buck and Jim Dinkey
  
  
• Help with Symantec Internet Security (SIC) by Bob Meltzer
  
  
• Anti-Spam Programs - Do They Really Work?  by Vinny La Bash, Member of the Sarasota Personal Computer Users Group, Inc.
  
  

Notes from the Prez

by Jim Dinkey

HiJackThis, having been demonstrated at the last meeting has stirred up quite a bit of interest in the ability to identify and remove not only malware, but also items that are of little or no specific benefit for the computer operator.

You have three steps:
1. Make a HiJackThis run that will allow you to capture the contents of the processes running on your computer;
2. Plug those processes into the Help2Go Detective;
3. Take the recommendations of the Help2Go Detective and check off the indicated problems/non-essentials back in the original HiJackThis program.

First, run GOOGLE: Help2GO DETECTIVE which will locate and provide a place for the results of the HiJackThis run to be inserted and scanned.

Now that you have a place for the results of HiJackThis go ahead and run HiJackThis which will scan your computer and will obtain a listing of all programs running on your computer and place that listing into the Wordpad program for easy manipulation by you.

At that point, go to the HELP2GO DETECTIVE mentioned above, and paste the list of programs into the box provided.

Click the SUBMIT button.

After about a second, the scan of your computer's running programs will be presented to you with comments about what programs to remove from your computer and why. One of nicest parts of the HELP2GO DETECTIVE is that it comments not only on any possible malware, but that it also comments on many items that are not malware at all but are merely nonessential.

Having had the various removable programs identified, your job is then to go back to the original HiJackThis program and check the boxes of the programs that you want to permanently delete from you computer. I find it convenient to go to the taskbar just to the left of the right-side icons and right click there to allow me to "Tile Windows Horizontally" so I can read what has to be accomplished and use the other screen to get the item checked off.

Tell HiJackThis to remove the item and you are completed. Reboot.

A/V SIG information:
Arlan Kertz has donated a very fine computer to SPAUG for either passing it on to another or for our own use. The timing happened to be perfect as we were planning to purchase an Audio/Visual computer for SPAUG to use to support the A/V SIG. This one will do just fine. It is not a laptop, but we can overcome that. Many thanks Arlan.

There were few responses from the membership about the A/V SIG and so I urge you to give the Planning Committee feedback about your interest in such a SIG and what projects you propose to accomplish. I want to automate the conversion of my LP record collection. Anyone else?

[ TOP ]

General Meeting Notes

by Stan Hutchings

Presentation

Gene Barlow talked about new releases from Acronis Software; and a new release from White Canyon Software, a product called My SecurityVault Pro (was My PassWord Vault).

• Acronis True Image 9.0 has many new features, including individual file backups, differential backup images, and enhanced backup scheduling ability.
• Acronis Disk Director Suite 10.0 has Partition Split and Merge functions, explorer partitions ability, and the ability to boot from other hard drives or CD/DVDs.
• Acronis Privacy Expert Suite 9.0 can detect and remove RootKits, perform daily malware definition updates, quarantine detected spyware, and has enhanced pop-up blocker ability.
• My SecurityVault Pro can find hidden, private information and remove it. For instance, most people don't realize that when they purchase products over the Internet, like airline tickets, meds, or whatever, private information - like credit card numbers - is hidden in Windows, and hackers can find it.

Gene gave the group his User Group Pricing on all these products, and more, at the meeting. If you missed out, visit his website at /www.usergroupstore.com/.

[ TOP ]

Planning Meeting Notes

by Stan Hutchings

• The meeting was held at Bev Altman's house; attendees: Jim Dinkey, John Sleeman, Bev Altman, John Buck, Stan Hutchings, Nat Landes, Richard Sweet. The attendees enjoyed the refreshments served.
• Review of finances - Nat reports we're in good shape. He received $505 from Bev, from CD sales and a new member. He reported that Susan is being reimbursed for publication expenses (printing and mailing) for the Newsletter, as she submits invoices. Jim said he'll be paying the Elks Lodge for 6 months advance rent soon, and will give him an invoice. It looks to Jim like we'll have at least three more years before reconstruction gets fully under way and we may need to find a new meeting location.
• Membership - Bev reports 116 current members.
• Review of topic vs. attendance - Gene's presentation was pretty successful - there was a long line of members waiting to buy his software with the club discount.
  interesting topics and speakers result in better attendance. We'll continue to schedule speakers with good draw.
• Mail - John Sleeman reports no mail this time. Only a single letter last time. The box will have to be renewed by the end of March; he will extend the box for another year sometime in March.
• PrintScreen - John Buck reports things are OK, the next meeting is the 8th, so prompt submission of articles, etc. would be good so we can get it produced in time to mail before the meeting. We might add a form to get a Palo Alto library card.
• Arlen Kertz donated a computer to the club; we will use it for our educational Digital Multimedia SIG. It should be powerful enough to get started. We'll get software and more hardware as required.
• WebSIG activities and schedules - next Tuesday 7:30 at Stan's
  There is a Digital Media SIG proposed. Member input has been sparse, only one person replied to Jim's request for comments.
• Publicity - Richard Sweet reports the San Jose Mercury still isn't satisfactory, he'll keep working to find the right place and person to submit our program. Other publications are doing OK; one didn't have room to post ours. The online notices are more successful, but don't seem to draw as many people to the meetings.
• Status of SPAUG CD - we have about 12 unsold from the first run of 60. We may have to produce some more.
• Future speakers & potential pre-meeting dinner locations:
  • 8 February 2006 - George Sidman of WebLOQ. The pre-meeting dinner will be at .
  • 8 Mar 06 - Microcenter. The pre-meeting dinner will be at .
  • 12 Apr 06 - Gary Sasaki will speak about “Digital Cable Ready”. Visit Gary's website at www.digdia.com. The pre-meeting dinner will be at .
  • 10 May 06 - a genealogy program has been arranged. The pre-meeting dinner will be at .
  • 14 Jun 06 - Andy Marken from Marken Communications has been invited by Maury Green. The pre-meeting dinner will be at .
  • 12 Jul 06 - Paul Kunz has been invited by John Sleeman. The pre-meeting dinner will be at .
  • Possibilities for 2006 - presentations are being considered or investigated by: Acronis, Dan Gillmor, Mike Langberg, Electronic Freedom Foundation, voice recognition software, history of the Internet [arranged by J. Sleeman].
    What do you want to hear about?
  • Clinic activities and changes - the Saturday Clinic will be available by pre-arranged appointment only.
  • Other individual reports and suggestions - Jim Dinkey has a new service he's rolling out for SPAUG members: LogMeIn, a program to allow remote control of a computer. For a while, this will be done from the Clinic at Jim's house, until he gains experience and confidence in the remote operation. Some problems include inability to see and hear the physical setup - hard drive operation, CD/DVD drive operation, connections, other hardware, etc. But it will be useful for follow-up work, and minor problems that don't require very much physical hands-on.
    We have a subscription to APCUG, and a link to their site on our Table of Contents page. We need to evaluate the services we get, and determine if it's worth the $50/year dues.
  • Other items that came before the Committee -
    

  We were saddened to hear that a long-time SPAUG member, Del Philpott, has passed away. Del was an active member for 18 years. He will be missed very much. Our condolences go out to his wife, Donna, also an active SPAUG member. Services for Del were held on 21 January at Liberty Lodge, Santa Clara.

  [ TOP ]

  ---

  Smart Computing Tips & Fun Facts

  "Reprinted with permission from Smart Computing. Click to learn what Smart Computing can do for you and your user group!"

  Windows Malicious Software Removal Tool — Microsoft now offers a way to root out major worms and system infections (updated with the latest definitions every month). At the Microsoft Web site (www.microsoft.com), type KB890830 in the Search box to get a link to the Windows Malicious Software Removal Tool download page. You can scan your PC from the Web or via a downloadable version of the tool, but keep in mind that neither promises the kind of protection/detection of a memory-resident antivirus shield.

  Organize Your IE Favorites — By default IE lists Favorites in the order that you add them. To make items easy to locate, you can reorganize the list alphabetically or in any other order that you prefer. To sort Favorites alphabetically, open the Favorites menu, right-click any item in the list, and click Sort By Name. IE lists all folders in alphabetical order first, followed by individual bookmarks. Unfortunately, as you add items, IE places them at the end of the list. You must repeat the Sort By Name selection to alphabetize your list again. In addition to alphabetizing the list, you can customize the order by dragging items to any location. This feature functions with the Favorites menu, the Favorites icon, and the Organize Favorites option. When you use the Favorites icon or the Organize Favorites option, you can also use the ALT-Up arrow key combination to move an item up the list and ALT-Down arrow keys to move an item down the list. You also can rename a bookmark or change its underlying URL. To rename an item, display your Favorites list, right-click the item, and click Rename. Type the new name and press ENTER. To modify a bookmark's URL, right-click the item, click Properties, and click the Web Document tab. Edit the data in the URL field and click OK.

  Organize Your IE Favorites — By default IE lists Favorites in the order that you add them. To make items easy to locate, you can reorganize the list alphabetically or in any other order that you prefer. To sort Favorites alphabetically, open the Favorites menu, right-click any item in the list, and click Sort By Name. IE lists all folders in alphabetical order first, followed by individual bookmarks. Unfortunately, as you add items, IE places them at the end of the list. You must repeat the Sort By Name selection to alphabetize your list again. In addition to alphabetizing the list, you can customize the order by dragging items to any location. This feature functions with the Favorites menu, the Favorites icon, and the Organize Favorites option. When you use the Favorites icon or the Organize Favorites option, you can also use the ALT-Up arrow key combination to move an item up the list and ALT-Down arrow keys to move an item down the list. You also can rename a bookmark or change its underlying URL. To rename an item, display your Favorites list, right-click the item, and click Rename. Type the new name and press ENTER. To modify a bookmark's URL, right-click the item, click Properties, and click the Web Document tab. Edit the data in the URL field and click OK.

  “Let The Music Play” Top Media Players For Audio & Video: You've done most of the work. You downloaded and/or transferred those awesome tunes and treasured home movies onto your PC, so you have just one more task to complete before you can click Play: Choose the best media player for your needs. Media players are essential to playing and organizing your audio files, and finding the right media player is the final but crucial step to fully enjoying them. And getting just the right software won't cost you a thing because there are several free, well-designed, and robust applications to choose from.

  “Sally Forth” Online Mapping Services Guide The Way: If your car is filled with a mess of unfolded maps each time you take a road trip, consider switching to an online service to get point-to-point driving directions instead. But with so many choices out there, it's sometimes difficult to know which one to use. Each service has its own niche, so different services are better for different users. We obtained directions to five locations using five free mapping services to see how they stacked up.

  [ TOP ]

  ---

  How to use HiJackThis and Help2Go Detective to remove Malware

  by Jim Dinkey

  If you have any of these symptoms: the computer seems busy (the hourglass cursor is shown, hard disk is spinning) even when I'm not doing anything; the computer has slowed down recently; I get a lot of pop-ups advertising all kinds of stuff; my Home Page has changed.
  Recommendation: First, go here and follow the procedure. Then, install and use HiJackThis to take a snapshot of the computer applications and processes that are running on your computer. Copy and Submit the resultant report to the space provided at Help2Go Detective, which will then tell you what to clean off your computer. You can find many articles about Help2Go if you just Google: help2go detective. After your computer is malware-free, look at the January newsletter, how to set up your computer and how to keep it running well. Add any applications recommended that you haven't already, and check for updates at their websites. As a minimum, install any patches or updates to the operating system, antivirus application, firewall (ZoneAlarm), and anti-malware programs (such as Spybot and AdAware). Run Regclean. Defragment and chkdisk/scandisk. After everything, make a backup.

  [ TOP ]

  ---

  Security update for WMF vulnerability

  by John Buck and Jim Dinkey

  A high-priority patch (there have been over a million computers infected through the mechanism so far):
  "Get the security update for the Windows Meta File (WMF) vulnerability from Microsoft Update. The bulletin title for this update is: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (KB912919). Microsoft will release the update today, Thursday, Jan. 5, 2006, earlier than planned." News release:
  www.microsoft.com/presspass/press/2006/jan06/01-05UpdatePR.mspx
  To update your home computer, follow the steps on this page.
  Original info found on Digg.com

  [ TOP ]

  ---

  Help with Symantec Internet Security (SIC)

  by Bob Meltzer

  Symantec's tech support number is 800-441-7234. You may or may not have to pay to have them comment on/help your problem. In order to install another anti-virus program I just removed some Norton Anti-virus files that were still on my computer even after running the MS Add-Remove program by using Symantec's SymNRT download. I did not have to pay for Symantec's advice.
  [N.B.- it's common for antivirus programs to leave residue, even after you use their own uninstaller and/or Windows Add/Remove program. Often the vendor has special removers, like SymNRT to remove the last traces. Be sure everything is gone, then run Regedit or other registry cleaner. Reboot, and continue. Be sure everything is gone before installing another antivirus application.]

  [ TOP ]

  ---

  Anti-Spam Programs - Do They Really Work?

  by Vinny La Bash (Member of the Sarasota Personal Computer Users Group, Inc.)

  February 2006 issue of the Sarasota PC Monitor www.spcug.org

  Among the most effective anti-spam programs are the ones that use some kind of approval based email management system. They work by constructing a "white list" of permitted email addresses, accepting mail from anyone on the list, and rejecting everything else. The program initially sniffs through your contact list, inbox, and other email folders, organizes the email addresses it finds, asks you if you want to add or change anything, and the list is complete.

  From that moment on, any incoming email that is not on the list is considered to be spam, and is automatically exiled to a quarantine folder or wherever you decided it should go during installation. The programs do work as advertised, which is both their greatest strength and their greatest weakness. Here's what you need to know before installing one of these puppies.

  Scenario 1: A friend you have lost contact with over the years sends you an email. That friend's email address is not on your white list. Unless you have a quarantine folder where unapproved email is sent without automatically deleting it, you will never see this email. You have to check your quarantine folder, at least occasionally, to see if there are any false positives residing in there with all the junk. How much time will this take? Who knows? None of the programs mention this in their promotional material or specification lists.

  Scenario 2: You install a new program or device and run into difficulties. The troubleshooting guide sends you to an email address where you can get a solution to your problem. You remember to add the email address to your white list. You wait for a reply, and wait, and wait. What happened?
  Your problem was given to a technical representative who has an email address different from the general support address. You don't see the reply unless you check the quarantine email folder, assuming that in your efforts to rid yourself of all spam you did not specify that anything not on your white list be automatically deleted.

  Scenario 3: You order something from an online merchant and before your order is shipped the merchant emails you to ask whether you want the white one or the black one. The query has been rerouted to the quarantine folder because the person trying to contact you has an email address that is not on your white list.

  Scenario 4: Your spouse sets up a Yahoo! Email account for the sole purpose of sending you a surprise Valentine's Day email. For no apparent reason you are getting the silent treatment. You ask, "What's wrong"? Your spouse replies, "Nothing".

  Scenario 5: Your granddaughter just got an email address of her own. She sends you a message, and can't understand why you won't answer. She asks her parents "Why doesn't grandpa love me anymore"?

  We could go on, but you get the general idea. 99.99% of all real spam will be banished from your sight, but the very few legitimate emails identified as spam will very likely be the ones you most want or need to see. Some anti-spam programs have a "sender confirmation feature" that automatically sends a personalized notification to anyone whose message has been quarantined. Simply replying to the challenge causes the original message to be moved to your inbox, and allows their email address to be added to the white list. Legitimate senders can respond to these challenge messages, but suppose that for whatever reason they don't. Does a seven year old grandchild really understand why she needs a grandparent's permission to send an email?

  What you end up with is a time-consuming process of back and forth emails. Why should every email first contact have to be sent twice? What a waste of time. This might be acceptable if your email volume is very low, but who are we kidding. Simply establishing an email account anywhere will get you a boatload of spam. ISP level filters are a joke. How many essays do you want to compose explaining why someone needs "permission" to send you an email? I don't respond to challenge email. Why should anyone respond to mine?

  You can check your quarantine folder regularly, but with the huge quantity of genuine spam generated and thrust upon us daily, it's too easy to overlook a legitimate message. When you finally delete the spam, there is a good chance that among the junk a valuable note is lost forever.

  After using one of these programs for several months, I decided that I would much rather delete spam manually, rather than run the risk of missing an important legitimate email. No computer program, no matter how expertly crafted or trained, can ultimately determine what emails I do or don't want to read. Even after being married for 38 years, my wife still can't read my mind. How do I expect a dumb computer to do it?

  There is no restriction against any non-profit group using this article as long as it is kept in context with proper credit given the author. The Editorial Committee of the Association of Personal Computer User Groups (APCUG), an international organization of which this group is a member, brings this article to you.

  [N.B.- I subscribe to this philosophy, too. Both my wife and I let all the email come into the inbox of our home computers, then arrow-down & delete any obvious spam. I may report scams/phishing/Nigeria letters etc. to the FTC, antispam.org and State Attorney General. We do keep our antivirus up-to-date in case someone we know's computer is infected and sending us malware. We do not have the Preview Pane open, ever. On the other hand, at work, I get announcements that the company server has intercepted some suspected spam. I have to go to a website and mark each suspected email for receive or delete, submit, and then the server sends the ones I accept. It's actually more time consuming to go through the checking process than to do it manually, and quite often (more than 10%) are items I want to see. Scenario 2 above is so true - I contact tech support for something I'm investigating, and someone else emails me with an answer. Unfortunately, I cannot turn the system off - it's company policy.

  [ TOP ]