RIMM Stock Down The Drain

Research In Motion Ltd. (NASDAQ: RIMM) posted disappointing results.  The Blackberry maker reported earnings of $0.86 on $2.58 billion in revenue.  First Call had estimates of $0.87 for earnings and $2.6 billion for revenue.  Its guidance didn’t get much better for those hoping the light earnings would be a one-time event.

For the current quarter, RIM sees earnings of $0.89 to $0.97 and revenue of $2.95 to $3.1 billion in revenues.  First Call estimates are $0.98 and $2.94 billion.  Margin targets are 47% vs. 50.7% for this last quarter.  For such a high-growth stock, this just doesn’t cut it.

The revenue breakdown for the quarter was approximately 82% for devices, 13% for service, 3% for software and 2% for other revenue. RIM shipped approximately 6.1 million devices during the quarter. The company added 2.6 million net subscriber additions and expects to add about 2.9 million this coming quarter.

RIM shares closed up almost 1% at $97.53 today after earlier plunging almost 17% to $81.00.  Its stock is now in danger of challenging its 52-week lows of $80.20. This is what happens when Wall Street decides that high-growth companies are maturing or having a hard time keeping up with earnings expectations.

 

Jon C. Ogg
September 25, 2008

Iams Home for the holidays

More than 490,000 Pets will go  Home 4 the Holiday and can set a WorldAdoption Record!

About 500,000 orphaned cats, dogs  and other pets began year 2008 with their new families. They were adopted at the 2007 “Iams Home for the Holidays” pet adoption initiative.

The previous record of 378,764 adopted pets was set in 2006!

JS_DLOADER.PCT a.k.a. Email-Worm.Win32.Zhelatin zhelati.mab removal

The Worm_Zhelati.Mab is spread via emails.

Usually, it is a message from a fake classmate with a link to YouTube :

Subject: Are you kidding me? lol

MessageBody: Dude, I know that’s you: someone emailed me a link to the video. see for yourself… http://www.youtube.com/watch?v={random 11 characters}

If the hyperlink is clicked, it redirects to a Web page masked as a YouTube page.

You are told to download latest Microsoft Data in order to viwe the movie.

Clicking click here will download a copy of the  worm Email-Worm.Win32.Zhelatin  into your system. The fake YouTube page is detected by Trend Micro as JS_DLOADER.PCT.

Email-Worm.Win32.Zhelatin   collects  email addresses. It avoids sending e-mail messages to addresses, containing some strings.

It then sends emails without using any email system like  Microsoft Outlook.

How to remove  Worm_Zhelati.Mab :

1. Open Task Manager /Alt+Ctr+Del/ and find and wincom32 process.

2. Do a search for spooldr.ini, wincom32.sys and wincom32.ini files and delete them using Shift+Delete / go in Safe mode by Restart and pressing F8 key if impossible to delete in normal mode./

3. Click Start button –> Run and type Regedt32 –>OK to open Registry Editor

4. Perform a search /Edit menu/ for wincom32  and delete all found keys.

Never click on links in emails from not expected senders!

Thiago da Silva Killed

A Brazilian soccer player named Thiago da Silva was tortured and murdered by assassins hired by his ex-girlfriend, according to media reports.

Alyne Padula, his ex-girlfriend and her aunt Marcia Padula Viana, were arrested and taken into custody on Sept. 21 for possible involvement in the homicide.

He was practicing on a field in a small suburb outside of Brazil last Thursday, when three men came up to him, tortured and shot him, according to Goal.com.

Before he passed away, Thiago was able to tell the police that he had fallen into a trap last Thursday evening, shortly after ending the relationship with his girlfriend.

One of the three men is a member of the military police and all are friends of his ex-girlfriends aunt.

Details of what he meant by “trap” was not revealed by the police.

Da Silva, 25, formerly of Vasco da Gama player and had been playing for second division team Estacio de Sa Soccer Club, died in hospital last night in Rio de Janeiro.

Source: http://www.ibtimes.com/articles/20080925/brazilian-soccer-player-thiago-silva-assassinated-girlfriend-accused.htm

Trojan-Clicker.Win32 malware remove

It is alerted by popup of your antivirus program: ‘Trojan-Clicker.Win32.Agent.aig’ 

This means you are infected. This trojan /‘Trojan-Clicker.Win32′/ isn’t  very harmful but it is better to get rid over it:

1. Download the latest versions of Zone Alarm

2. Be sure you are with Admin privileges.

3. Disable System Restore:

System Restore

4. Reboot in SAFE MODE /press F8 key during restart./

5. Run Zone Alarm

6. Perform a full Antivirus scan

7. Reboot and start Windows in normal mode.

8. Enable SystemRestore

Trojan Horse SHEUR.AFJ Detected

If you receive such a message from your antivirus program, don’t panic.

First, you maybe using AVG – it is the anti-virus program that generates this FALSE positive virus message.

And second: it alerts for fake trojans mainly at Quickbooks, AdobeRdr, DNA.exe, WDSync files.

If you have downloaded them from producer site, you can ask their support to confirm it is not infected.

The name of false trojan detected is always  SHEUR but extension may vary.

Cannot change Screensaver

If you cannot change screensaver because the tab is missing in Properties window, this is a sign you may be infected by Vundo trojan/ MS Juan ./

Also the wallpaper cannot be changed because the wallpaper tab is missing.

Also your screensaver may be changed to  Windous “Blue screen”

Another sign are many pop-ups - with ads of fake antivirus programs.

Do not click on this ads! They all are scam!

Here is a good program made especially to fight Vundo virus: http://vundofix.atribune.org/ 

Vundofix is free.  You can read about Vundofix program here: http://en.wikipedia.org/wiki/VundoFix

Windows cannot find svchost.exe error message

If the following message appears:
“Windows cannot find ‘c:/windows/system/programas/svchost.exe’. Make sure you typed the name correctly, and then try again.”  - this means your computer is infected by trojans, viruses or worms.

This is so called  ‘temp1.exe’  or  ‘copy.exe’ or ’svohost.exe’ virus.
You can got infected opening an email attachment from unknown sender or from infected executable file you have downloaded.
The original Svchost.exe file is  important Windows generic host process . It works for running DLL services and is placed in folder %SystemRoot%\System32.

 The Svchost.exe process can not be stopped from TaskManager.
Because it is very important Windows file, svchost.exe is a target for many viruses and Trojans.

Worms like MSBlaster usually exploit a bug in svhost.exe.

If the worm manage to implement in the file, it causes svhost.exe to crash. Then follows a reboot and after restarting, Windows is infectes . The worm has masked itself in same folder /system32/ and has similar name.
Another sign you are infected – loosing CopyPaste functionality.

Cleaning the worm/virus is hard to do.
The best way is first to delete all the cookies and temporaly files /menu Tools –> Internet Options –> Browsing history –> Delete/
Then disable System Restore because the worm may be hidden there and waiting to attack again.

System Restore

At the end you may use the program: ccleaner – it is popular among the ‘victims’ of that virus.
After that : use Firewall.
Install and an antivirus program.
And DO NOT open email attachments from unknown people/organisations.

Free MySpace search tool by a Freelancer

I am tired doing programs for a freelance site and not choosing me.

Instead of it, I will publish here for free download some of my programs – most of them are ebay, myspace tools, scrappers and data mining. Also have forum posters, translators-dictionary, and all the Internet stuff that can be automated.

If you have ideas, questions or found bugs – please leave a short comment to let me know.

Soon will start my Autoit tutorial also.

The first program I want to give out for free is MySpace search tool: http://craigmaster.freehostia.com/MsTool.rar

No need to install – just run and type your search words, space separated:

for example: Seattle T-mobile phone, or  Clay Aiken, Dallas yoga or Ohio Google phone or California restaurant or Vegas casino, etc.

Wait program to do the search. Three files are created : the “ms.csv” – results and two temp files – you can delete them.

To terminate program use ESC.

At the end there are all friendIDs found for your search /clay aiken in example./

Soon will post second program which uses that friendID to extract more data from user profiles, even theyr MySpace layout.

Here is the source:

#include<ie.au3>
#include<inet.au3>
#include<array.au3>
#include<file.au3>
Dim $a, $aa
HotKeySet(”{ESC}”, “Terminate”)
$f = FileOpen(’ms.csv’, 2)
$search0 = InputBox(”searcg box”, “Please type the search words separated by space”)
$search = StringReplace($search0, ‘ ‘, ‘%20′)
$u = “http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry=” & $search & “&type=AllMySpace”
InetGet($u, ‘temp.txt’)
_FileReadToArray(’temp.txt’, $a)
For $ar = 100 To 300
 If StringInStr($a[$ar], ‘ results for’) Then
  $br = SttringBetween($a[$ar], ’span>’, ‘ results for’)
  ;ConsoleWrite($br & @CR)
  ExitLoop
 EndIf
Next
$br = StringReplace($br, ‘,’, ”)
$br = StringReplace($br, ‘of’, ”)
$br = StringReplace($br, ‘ ‘, ”)
FileWriteLine($f, ‘Found:’ & $br & ‘ results for ‘ & $search0)
$br = Number($br)
For $i = 1 To round($br/10)
 HotKeySet(”{ESC}”, “Terminate”) 
 $u1 = “http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry=” & $search & “&type=AllMySpace&searchid=f6309e4f-39f2-43c6-9b59-5adef4eaa395&pg=” & $i
 InetGet($u1, ‘temp1.txt’)
 _FileReadToArray(’temp1.txt’, $aa)
 $lines =$aa[0]
 $rold=”
 For $j = 100 To $lines
  HotKeySet(”{ESC}”, “Terminate”)
  If StringInStr($aa[$j], ‘friendid=’) Then
   $r = SttringBetween($aa[$j], ‘friendid=’, ‘”‘)
   if $r=$rold then continueloop
   if stringlen($r)<9 then
   FileWriteLine($f, $r)
      EndIf
   $rold=$r
  EndIf
 Next
Next
MsgBox(0, ‘READY!’, ‘You can see results in ms.csv file’)
FileClose($f)

Func Terminate()
 FileClose($f)
 Exit 0
EndFunc   ;==>Terminate

Func SttringBetween($s, $from, $to)
 $x = StringInStr($s, $from) + StringLen($from)
 $y = StringInStr(StringTrimLeft($s, $x), $to)
 Return StringMid($s, $x, $y)
EndFunc   ;==>SttringBetween

===========================================================

In next post I will upload source code file in .Au3 format /Autoit/ with comments.

You will be able to compile it, change it and add more features.

Micro Antivirus 2009

Micro Antivirus 2009 is very similar to famous fake anti-spyware programs  MS Antivirus,  Vitae Antivirus 2008 and Vista Antivirus.

MicroAntivirus can be distributed by Trojans that are masked as fake video codecs.

If you try to install them, the trojan is activated. 

Then trojans issue fake security alerts.

To get rid on it you have to find in registry editor /Rubn regedt32/ all keys containing MicroAntivirus in their name and delete.

Then search computer for files containing MicroAntivirus in their name and delete them too.

Use firewall and antivirus software from wellknown and original brands /NOD32, Symantec, Panda, Kaspersky, AVG./

Antispywaremaster.com Virus

Yet another Myspace virus. It can be seen on Myspace forums. Pop ups offer you to download Antispywaremaster.com software telling you are infected with thousands of trojans and viruses. It is similar to WindowsAntivirus 2008 and AntispywareDeluxe.

The standard message is:

“Warning! xx suspicious files found! Potentially dangerous files were found on your system during the last scan! IT is highly recommended to remove them as soon as possible…
Remove Now!”

DO NOT CLICK ON THE AD!!!

The pop up is impossible to close, so you have to close the Myspace malicious page as soon as possible and use popup blockers and firewall.

If you got infected, first stop asm.exe and/or Antispywaremaster.exe processes /Alt+Ctrl+Del/ to open Task Manager, find processes and delete them.

Then run regedt32 and find and delete the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareDeluxe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpywareDeluxe_is1
HKEY_LOCAL_MACHINE\SOFTWARE\AntispywareD
HKEY_CURRENT_USER\Software\AntiSpywareMaster
HKEY_CURRENT_USER\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350}

/Hint – try Edit menu –> search from the root ‘MyComputer’ for ‘AntiSpyware’ and delete all results found/

At the end, find and delete the following files:

AntiSpywareMaster 7.3.url
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk
%UserProfile%\Desktop\AntiSpywareMaster.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk

/Hint – try Search console –> search ‘MyComputer’ for word ’AntiSpyware’ as file name and delete all files  found/

Amber Alert on Myspace

Amber Alert http://www.amberalert.gov/  is an US Goverment program for kidnapped children.

When you see the alert “ATTENTION: There is an AMBER Alert in your area.
Please CLICK HERE to find out more information.” it means that there is a kidnapped child in your area. You may click to see more info. The more people see this alert the bigger is chance to help. This way public gets involved in helping to spot the missing children.

How to add Amber Alert to your Myspace profile:

1. Go to your profile –>  click  Home link.

2. On your HomePage you have to find  the Application box.

3. In the Application box you click the Get Apps link.

4. Click the News & Weather category.

5. Then find the Amber Alert application and click it.

6.  You have to see  Add This App button. Click the button and Amber Alert is added to your profile.

Myspace Possible_HiFrm Virus

Myspace Possible_HiFrm Virus is detected by Trend Micro mainly in login pages.

It means this is a possible malicious software using iframes to redirect your browser.

Myspase itself is not spreading viruses. This is done by users who have put some corrupted scripts in their profiles.

If you are visiting unknown Myspace page and your anti-virus program alerts for possible virus, it  is better to leave this site immediately.

The Suspicious MySpace pages contain malicious javascripts that are detected as JS_DIRESEX.A.

The script is programmed to invisibly connect you to a pornsite. If such site which pops up unexpectedly – you have been infected.

As advice in case your computer behavies strange when visited some MS pages, you have to use pop up blocker, firewall, anti-virus programs /of course./ You have to delete temporaly Internet files and restore to earlier point.

JavaScript injection

JavaScript injection become a very popylar hacking method nowdays.

As Javascript is enabled by default in web browsers, it is easy to become a victim.

The malicious websites use installing of ActiveX controls to get control.

The way to avoid JavaScript injection is not to visit unknown sites, especially those offering pirated software. Update Windows regularry and apply the critical patches. Disable active Javascript in IE. 

And main: use firewall and anti-virus software. 

Here is a link with a list with malware sites: http://malwaredomains.com/?tag=sql-injection

It is often updated and one can see how fast is growing their number every day.

How to Enable Javascript in Firefox and Internet Explorer

 Javascript is enabled by default in web browsers. If you for some reasons have disabled it, a message will pop when you visit pages with Javascript.

• Here is how to enable Javascript in Firefox :

Menu  “Tools” __> “Options” __> “Content” __> “Enable JavaScript”  and OK

• Here is how to enable Javascript  in Internet explorer:

Menu “Tools” __> “Internet Options”

tools_internetoptions

 

Then choose “Security” tab –> “Custom Level” button.

New dialog window is opened.

Scroll down to find  “Scripting” –> “Active scripting”

Chesck  ”Enable” radio button and press OK.

 

 

• Here is How to Enable Javascript in Opera:  File menu __>  Quick Preferences –> Check Enable JavaScript –> Reload .

 

• Here is How to Enable Javascript in Safari /Mac OS/                                        

From  menu –> Select Preferences  –> Security –> check Enable JavaScript __> close window  and Reload.