btvstack.exe – What is it and why is it seeking permission in skype?

skype logo

In your first run of skype you may get a little puzzled when you see the following in the top of skype window:

what is btvstack.exe why is skype asking to allow permission

The message is: “BtvStack.exe wants to use skype”

If you see this – there is nothing to worry. It is actually the bluetooth driver in your computer which is trying to access Skype – so that if you’d like use Skype with Bluetooth headset. So, it is safe to allow btvstack.exe to access to your Skype.

You may Allow access if you intend to use any such bluetooth device with your skype. otherwise you may Deny access.  However, you may change this setting in future from: Tools -> Options -> Advanced -> Advanced Settings: Now select “Manage Other Programs’ access to Skype”.

skype advanced settings other programs access

You may Allow or deny API access control from here.

skype advanced settings other programs access api access control

If you’ve read this post – you are a security concerned person. Now a days many a person ignores small issues like these and suffer a lot later on. Although the issue I am talking about is harmless – but there are many other programs which are not safe for your computer or mobile devices. If you are not sure about something -always try searching in the Internet for reference.

Firewall + Bandwidth monitoring software : Sygate Personal Firewall

I was planning for this post for a long time. I am a big fan of the software named: Sygate Personal Firewall.

It gives a powerful and easy to use firewall along with a bandwidth meter to monitor the upload and download speed. You can view 4 types of logs – Traffic, security, packet and system logs.

The packet log is very helpful to understand from where and to where packets are coming and going to respectively. It will show the destination IP along with the mac address of that IP device. You can also get the IPs of the sites you are visiting. You can view the packet types (UDP/TCP/IP etc).

It is a great tool to monitor the bandwidth (Upload/download speed).

You can control the applications and software that wants the internet connectivity. You can allow or deny access for individual application. You can even entirely block access or allow all to all the applications.

Options:

I have been using this for years and recommended to many of my friends who are aware of computer security along with bandwidth monitoring facility. I would like to recommend you also. Usage of this might seem a bit disturbing at the beginning as it will often prompt for your permission on whether it should allow or block the applications that want network/internet access.

I bet if you start using it, you’ll start liking it to. And at a certain time it will become a primary application that your PC will need. You can download the application

You can download Sygate Personal Firewall from this link.

W32/Mysamurai worm, Scary background in the Windows folder

I recently suffered by a worm named W32/Mysamurai. It changed the background of the C:\WINDOWS folder with a scary photo.

My pc was dead slow and I was looking for the solution. Atlast the Norton Security Scan in my PC could detect it. There was a file named windxp.ini in the C:\WINDOWS\System32 folder which was responsible for that. As soon as Norton Security scan detected it, I deleted it and I found my C:\WINDOWS folder back to how it should Look. Mcafee Security Center couldn’t detect it and neither could it remove it.

Information about the W32/Mysamurai Worm:

W32/Mysamurai is a worm. The worm will infect Windows systems and spreads through shared network drives.

Upon execution, the worm copies itself as:

(Temp name).tmp in the Windows Temp folder,
AdobeGama.pif in the Documents and Settings\All Users\Start Menu\Programs\Startup folder,
AdobeGama.pif in the %User Profile%\Start Menu\Programs\Startup folder,
htSystem.cfg in the C:\System Volume Information\_Resto~1 folder,
explore.exe in the Windows folder.

It also copies iteslf as the following files in the Windows System folder.

CommandPrompt.Sysm
NvMedia.sysm
Restoration.msd
Windows 3D.scr
odbcad32.dll
shareNet.msd
Ngsys.exe
runer.exe
rvshost.exe
system31.exe
userint.exe
windxp.exe
winzipt.exe

It also creates WindXP.ini file in the Windows System folder.

The worm modifies the Desktop.ini configuration information file present in the Windows and Windows System folder.

It modifies the registry at the following location to ensure its automatic execution at every Windows startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CLASSES_ROOT\.Msd
HKEY_CLASSES_ROOT\.Msd\DefaultIcon
HKEY_CLASSES_ROOT\.Msd\Shell\Open\Command
HKEY_CLASSES_ROOT\.sysm
HKEY_CLASSES_ROOT\.sysm\DefaultIcon
HKEY_CLASSES_ROOT\.sysm\Shell\Open\Command

It also modifies the registry to ensure that the screensaver is active and will run. The threat will run when the computer is restarted in Safe Mode, and that file extensions are not shown.

The worm then spreads by copying itself to shared drives.

This worm first appeared on September 02, 2007.

Blueball Other names of W32/Mysamurai Worm:

This Worm is also known as W32.Mysamurai.