Archive for the Category ◊ Malware ◊

When I am cleaning up computers from the slowdown of malware and unwanted programs, there is one consistent thing I find in common.

There are usually several programs, toolbars, search assistants and more that are loaded onto the computer, without the user’s knowledge.

Most users never use the stuff, and don’t need it. Almost all of it is garbage and just slows things down on the computer and many track what you are doing.

Some of the common things that load uninvited are Google, Yahoo or MSN’s toolbars, Google desktop, Search helpers, disk defraggers, registry cleaners and more.

Google products are so intrusive, they can be hard to remove, including scheduled tasks, that most people don’t realize even exist, and it is another thing that will slow the system down.

One of the main ways these junk programs get on your systems is when you try to download a program that you need. Something such as Adobe Reader or Adobe Flash. Even big name software will try to include crud you don’t need.

When you download a file, you have to be a detective on the page and make sure you do not click on anything but the actual download link. They disguise other links that say DOWNLOAD NOW, and they download one of these other programs.

In the mean time, your program will download and you will have the program you wanted, and something else.

Here is an example of this, and what is crazy, it happens on more than one page, just to get one file. Let’s say you need to get the Mega Codec pack to make your videos work correctly.

You search on Google, and here is the top choice, below. Note all the Red X’s. Those are all links you do not want, and have nothing to do with your download. You need to look carefully when clicking.

In this case you have to click on a mirror or another site that actually has the file that you can download.

Ok, you made it through the first mine field, now you get a second page, the one that should have the file you want. Hmmmmm. Looks a bit familiar huh?

Now look at the above page, and how many Red X’s do we have here? There is only one link to actually download the file, and even it is not really obvious. The green circle is the download button.

As you can see, many things on a website look “legit” but they are just junk begging you to download them and slow down or infect your computer.

Now you need to have Adobe Flash if you are going to do anything on the Internet, including watching videos. Let’s go to the Adobe site and Download Adobe Flash:


Here we go again, and this is Adobe doing it as you are trying to download it. You need to UNCHECK any free software helper junk they are trying to push on you. Uncheck the “include in your download.”

Let’s say you got through both minefields of crud to download a file, and now you have the program saved on your computer. You double click the icon to install it. Let’s use good ol’ Ccleaner, a program I like, as an example.


This one is a bit sneakier. They try to put it on your computer after you download it, during the installation. Most of us just Click Install>NEXT>NEXT>OK>Done. We never really look at what it is asking us. I find myself doing this at times, and it can get you in trouble.

Ccleaner is a very good and reputable program, but Google and other companies make money each time someone installs it on their system or they pay a certain amount of money to have the software include the junk on their webpage or inside the software.

Why do they do this? Because they get free data from you, your surfing habits, demographics, and then they push out ads to you on the sides of web pages. Your free information makes people like Google Rich.

The key to safe downloading is to be careful, and watch what you download and make sure you uncheck any extra programs they try to install.

Hopefully these tips and examples will help you keep you computer a little cleaner!

Top 5 Ways to Avoid Viruses on Your Computer this New Year
Thursday, January 07th, 2010 | Author:

Viruses & Malware are all very destructive to your computer and it’s smooth running. Viruses and Malware get onto the computer in various ways such as downloaded files, websites, and email.

There are some other ways for your computer to get infected, but these are the main ways. I want to start off your new year with some tips on avoiding this junk that will mess up your computer.

The analogy I always use about Viruses and Malware is to compare them to criminals (which the people who make these are.) You have the criminals who just want to spray paint on a building or break out some windows to be recognized or feel big. This is Malicious, thus the term Mal-ware.

Then there are those who rob banks or embezzle money for profit or gain. Virus/Malware makers that do it for gain are just the same. They make money by swindling people out of their money for fake antivirus programs or they get paid by companies to write ads that push their product on you, or steal someone’s identity.

This is the one year anniversary of this blog, and I have enjoyed all the work I have done and positive feedback I have received. So to kick off the new year, here are the top 5 ways you can make your computer safe from viruses and other crud!

1. Stay Away from Applications or Apps on Websites

We all hear the term Apps, but what are they actually? On cell phones they are usually cool programs or Applications that do cool stuff. On computers they are supposed to be the same.

Apps on computers are mainly used on the social network sites such as FaceBook, MySpace, Friendster and others. These are programs, usually little games that seem cute, fun or cool. These apps can be things like Mafia Wars, Throwing a pie or water balloon at someone, send a kiss, adopt a pet, join my clan and more. I have even seen a train simulation game.

The problem with Apps is that they are not created or written by the website, but by a 3rd party. That means someone creates them that you don’t know or trust, nor does the website. Many times the website will even warn you when you go to play, WARNING, this is a 3rd party application… and they even go on to warn you of viruses and such.

The Key to not getting infected: STAY AWAY and do not get sucked in, even if that nice brother of yours asked you to play. I cannot tell you how many computers I clean up have been using these apps quite a bit.

Kids and adults love these things, but they are trouble for your computer and you are asking for problems if you use this junk. The catch is, these programs seem cool since they are free and EVERYONE is playing them.

2. Rogue Antivirus and Security Programs

Above I mentioned Friendster, which is definitely a big culprit in this area, but even worse, just going to this site will load viruses on to your computer. We call this a Drive By Infection.

Rogue Antivirus and Security programs have exploded and have seen huge numbers of computers infected with these viruses in the second half of 2009.

Here is how they get on your computer. Usually a message pops up and says you have viruses and need to click here for a full scan.

If you are not paying attention to see if this is your Antivirus program, and you click on it anywhere, even to close it, it will load onto your computer and you are infected. It does not go away easily after that.

Then later they want you to pay $50-$75 to remove all the stuff it “says” it found. These programs are called fake antivirus programs, they charge you and do nothing.

Last April I wrote about these programs and specifically the bogus WinAntiVirus 2009, well it is back as WinAntivirus 2010, WinAntiSpyware 2010, Eco Antivirus, and just about anything else you can think of that sounds official.

They are all scams and will only infect your computer if you even click on them. You have to close the window without clicking on it, and I have directions on how to get out of it safely.

The Key to not getting infected on this one: Know how to close the window without loading it on your computer (see the link above), and know what your Antivirus program is and when it is asking you things or telling you things. If you have Norton or Trend and the pop up box says Windows Pest Patrol, then something fishy is going on, and you want to avoid it!

3. Pay for a good Anti-Virus Program

The key is to keep it up to date and make sure it is always turned on and working. Sounds simple, but you would be amazed at how many infected computers come in here that have virus definitions that are over a month old. Antivirus programs will update daily and some several times a day to make sure you have the latest definitions to stop the latest bad stuff.

I recommend Trend Micro Internet Security and Sunbelt’s Vipre Antivirus. These are my two top favorite programs for keeping your computer safe. I still think Norton & McAfee are not the best programs available. They are both resource hogs and have a lot of issues. Both Trend and Vipre do not slow down the computer down as much and work really well.

4. Clean up your temporary files often

Most people don’t realize this but every time you go to a website, that information is stored on your computer until you dump it. Viruses love to hide in this area. Also cleaning up the computer’s other temporary files will keep things running better.

Here is a link on using Crap Cleaner, a program I really like.

5. Keep Windows Updated

The updates that Windows performs on a regular basis are VERY important and always have some sort of new fix for security issues that were found. Another common thing I see on computers that are infected with junk is that they do not have the latest updates. Service Packs are also very important.

If you have Windows XP, you should have SP3 installed, and if you are running Vista you should have SP2. Each Service Pack (SP) contains a huge amount of fixes and updates all rolled up into one.

This is a previous blog on checking for updates and making sure you have it turned on.

I know a lot of people fear updates because sometimes they change stuff, or cause problems on the system. The truth is it does happen, but it is better to get the updates and take those chances than it is to leave yourself vulnerable to attack by Viruses and Malware.


I am sure I will offend someone with this post, but here goes. CRAP CLEANER is one of my favorite cleanup and maintenance programs. Well, the name is a bit crazy, but it calls that junk what it is, crap on the computer.

CCleaner is a tool that cleans out temporary Internet files, temporary Windows files, cookies, history and numerous other items from the hard drive, increasing performance, security and privacy.

The Temporary Internet files area is one of the big areas that viruses and malware like to hang out (along with anywhere they can find!) and cleaning out these areas with this tool really helps keep things running faster, smoother and helps protect your privacy and security.

I frequently work on customer computers that have 2 or more GIGABYTES of crud in the temporary Internet files. That can slow down your Internet browser to a crawl.

The program is straight forward and easy to use. Just download and install it, accepting all the defaults unless you know there is something you would like to change.

When you run the program, you will see the above window, and all those check boxes, I normally leave them all checked off. That way it gets a good deep cleaning.
You do not need to run any of the other little features if you do not feel comfortable, especially be careful with the Registry cleanup tool. It works great, but it can also cause problems if you are not careful. Always say yes to the backup of the registry if you dare use this feature. Be warned.
One problem I had when I first started using it, is that I like some cookies on my computer. I visited several websites daily, and I like them remembering my location, etc. So for those, they have a solution.
ccleaner cookies
Click on the Options button on the left, and then click on cookies. All the cookies you have had on your computer (and there can be a lot) will show up in alpha/numeric order and you can choose cookies to keep, or just leave them in the left column to remove. Very easy and nice feature.
Those are the only things you really need to mess with, and this will really help keep things running smoother. I would suggest running this once a month, or once a week, depending on how much surfing you do.
If you have anything over 1 GB, then you should do it more often. If you only have 300k, then you probably don’t need to run it as often.
This program is easy to use, and it is Free. If you do use it and like it, they do ask that you donate to show your appreciation.
I recommend the slim version, which does not have the added bloat of toolbar junk that you do not need. This link will take you to Major Geeks website and you just click on the yellow bar on the top to download, you do not need to click on any other link on the page.
Kids Website being used by Identity Thiefs
Friday, July 10th, 2009 | Author:

Neopets is a website for kids where they can adopt these “cyber-pets” which I guess is a cool thing if you are a kid. You take care of it and it grows and does stuff. Most of the kids are between 8 and 12 years old, but some are as young as 6. There are over 25 million users on this site!
Media giant Viacom (MTV) owns the site where hackers have taken advantage of kids to steal identities. They send the kids an an email or message telling them there is a secret site where they can get a magic paint brush to change their pet and not cost them points.
The kids go to the secret site and never get the magic paintbrush. The scam site works by getting mom and dads important information off the computer.
This is a good (or bad) example of Malware. This is the stuff I have mentioned in many of my blogs and on KGAL’s Tech Talk. This bad stuff gets loaded on the computer when the kids go to the infected “secret” web site.
This is another great example where parents have to be vigilant in watching what their kids do on the Internet. It is also a great case for having up to date Internet Security/Anti Virus software and making sure it is constantly being updated with the latest definitions.
You know if a huge money making company like Viacom and MTV are doing something free for kids, you can be assured that there is some marketing ploy behind the whole thing anyway.
As an old Sergeant used to say on Hill Street Blues, “Hey, let’s be careful out there!”
Sneaky Viruses Hidden in Ads and Web Pages
Friday, June 19th, 2009 | Author:
Almost every customer that comes into the office with a virus infected computer asks how does it happen. It used to be so easy to explain. Well you are going to “those” sites, or you are illegally downloading music, or even opened an email that said, “you have won $1,000,000 or whatever the cause was.
Not so any longer. Those things are still around, but now the age of embedded viruses in regular ol mainstream websites. Hackers get into websites and can put viruses right on the webpage, and it can load onto your computer. Some ads recently have even been found to contain viruses.

Here is a recent article

Remember it is important to keep current Anti-virus software on your computer and make sure it is doing a weekly scan, and that it is scanning your email and internet usage. Using IE-8 is not a bad idea. I have gotten past the newness and problems it originally had, but there are some really good security features in it.

Also, be careful of what you search for, and when you go there, be careful of the domain you are going to. The domain is the last part before the .com or .net or whatever the website is.

For example, if you are looking for .com the is the domain. Sometimes the link will look like

If you see a link like that, the actual domain is, the last letters between the dots. It looks like ford, because ford is in the name. But the important part of the website address is the .com and the letters preceding that. None of the other parts of that website matter, and it is definitely not a ford motor company website.

In this screen shot of IE-8, notice how the domain is in bold, and since it is a secure site, the lock is showing and it is telling you it is the verified BofA site.

Be careful on what sites you go to. Take an extra couple seconds to look up at the address bar and see what domain you are really on. Some of the internet browsers, IE8, Firefox, have the domain highlighted now so you can tell right where you are at.

Also, when you do searches on things, the hackers go out and find what searches are the most popular. Jo-lo, Lindsey Lohan, Obama, whatever is being searched for.

They will put up bogus webpage’s that will go to the top of the search engine, and they are infected sites.

Here is an article with more on this.

Virus News – Macs are not Immune, Conficker Update
Tuesday, April 28th, 2009 | Author:

Macs not as safe as some like to think

Symantec researchers believe they have found evidence of a virus that is specific to the Macintosh computers. Some experts are not sure of the actual threat to Mac Users. The interesting thing is that Mac users have always bragged about how safe their Macs are compared to PCs. You have probably even seen the commercials that try to pound PCs into the ground.

The virus (just like many viruses on the PC side of things) is downloaded along with a pirated or illegal copy of legitimate software. The type of virus is called a botnet, which gets on the computer, and can get out onto the internet, and cause a distributed denial of service (DDos) attack.

The way this attack works is a bunch of computers keep going to a website or sites, over and over. With thousands of computers doing this, it blocks anyone from getting to that site.

Many Mac experts are downplaying this and saying the media attention is not necessary. Many are also saying the Mac is still safe, and security software is not needed. Good luck with that!

Conficker – We are not out of the woods yet

Reports are that the Conficker virus is infecting more computers, and could possibly do more on May 1st. I wrote about this in an entry in March. April 1st has come and gone, and most people think it was just a scare. This particular worm is more of a long-term, slow acting virus. There are three parts to this virus, and the one that has my attention is the last one which has to do with your computer and not stuff it will do to others on the Internet.

Here is a quote from Fox News online, ” Conficker also carries a third virus that warns users their PCs are infected and offers them a fake anti-virus program, Spyware Protect 2009 for $49.95, according to Russian-based security researcher Kaspersky Lab. If they buy it, their credit card information is stolen and the virus downloads even more malicious software.”

Interestingly, I have seen very similar malware on many machines this month. I cannot say it was this virus, but it is interesting that the malware I have been cleaning was similar, and most of the customers had valid, up to date virus protection. They could have been “drive by” type viruses, but there is also a chance the malware was hidden in the Conficker virus. Once these machines are cleaned up, it is really hard to tell, because all traces are gone.

Check out the link to see if you have the conficker virus on your system if you have not already.

You can safely click on the link below, to test and see if you have the conficker worm on your computer. A working group has been assembled in to collaborate efforts with technology industry leaders and academia to implement a coordinated, global approach to combating the Conficker worm.

How does this work?

This works by trying to load several pictures from Security Websites. If the top pictures do not load, you may have the virus. That is one of the traits of the conficker, is that it will block you from going to these type of sites. The bottom 3 pictures are from non-security sites, so they should always load.

If you only see some of the pictures, check below the chart for an explantion. Also try hitting F5 to refresh your broswer to see if they load, as you know the browser sometimes does not get all the pictures when you go to a site the first time.

If you get all 6 pictures on the Eye Chart, you are good!

Run the Test!

You can also check out the approximate map of infected computers throughout the world!

How to stay away from Bogus Win Antivirus 2009
Monday, April 06th, 2009 | Author:

These are a couple of samples of the fake software. There are many variations, but this gives you and idea of what they look like. Note the shield and how similar to Microsoft’s Security Warning it looks like.

I have had a larger number of Win Antivirus and Antispyware 2009 infections in the shop lately, and I wanted to give you a few tips on how to avoid this junk on your computer.
The interesting thing is that most of the computers have had valid Antivirus Software, and the Virus still got on the computer. The problem is we say something is OK, and our Antivirus just assumes you want it, even though there may have been a warning, or maybe no warning.
What is this stuff anyway?
Antivirus 2009 and Antispyware 2009 are not real programs. They act like they are going to help you, and when you pay the fee, they are just smoke and mirrors. The program pops up over and over and says you have hundreds upon hundreds of horrible bad stuff, and they are going to do a scan to clean up your computer.
These fake programs use trojans, such as Zlob or Vundo, to spread. These viruses have been around for a while and are really common in the infected computers I work on.
Where does it come from?
Sometimes the viruses come from porn sites or what are called as Warez sites (free illegal software) or other illegally downloaded music/programs/movies. Even though it is very common to come from a place like this, there are a lot of other seemingly innocent ways.
Many viruses can come from files downloaded on Filesharing programs such as Limewire, Bearshare and eDonkey. These is called P2P, or Peer to Peer software. Many people are using this method to share movies/music/software illegally with others, and in turn, others share their stuff with you, including viruses. This is all under the guise of sharing legally, but no one really pays for the stuff and it is a way to get free stuff.
Another way some of the Bogus Antivirus programs show up is on a “drive by.” You go to a site you think is ok, and the message pops up, and it looks like a real antivirus message from your antivirus program.
But if you look closely, you will see that it is not. It is really just a pop up ad, that when you click on it, you are essentially downloading the virus. Dawn had one of these pop up on her desktop, and it was just that, a pop up ad that looked just like a security warning. We did the procedures below, and did a full scan, and thankfully we never actually got the virus.
The so-called program shows hundreds or viruses on your computer. It even acts like it is doing a scan, and then says you need to pay to get rid of the stuff. It is all a scam. Once they get your money, that is it. There is no antivirus program. It does nothing for you, but mess up your computer, and make your pockets lighter if you fall for it.
How to avoid getting it
If you get a message like this suddenly, check it out carefully. It should say Trend Micro or Norton, AVG, or whatever your antivirus program name is on the top or somewhere on the window. If it does not, here is what you do. The window will have the look and feel of a real program. I have included screen shots of what some look like.
First off, DO NOT click on the window at all. Many times the buttons are disguised as to what they will do, and usually clicking on it will attempt to download the problem onto your computer. Even the handy X for exit or other buttons may activate it.
Hit Control+Alt+Del and bring up the task manager. Look at the running applications, and there should be one that is Internet Explorer, or one that says the name of the program Win Antivir 2009. Click on that and click on End Task.
Then disconnect from the internet (easiest way is to unplug your modem from the wall power). Then run a “FULL” scan of your computer and make sure you do not have any Trojans. If you do this, at the first sign, you may have never gotten the virus on your computer, but it was more of a pop up ad/scam to get you to put it on your computer. This is what happened to Dawn, and thankfully she caught it right away.
Also if you have CCleaner on your computer, run that to remove all your Temp files and Temporary Internet files. These are not needed and they are a place where the bad stuff likes to hide. Click here to get CCleaner.

I run this monthly on my computer and would suggest the same for you.

Downloading Tip

One last thing on downloading anything, including this Ccleaner. You have to watch what is on the page, and not click on the DOWNLOAD buttons that are for other stuff. It can be very confusing, and even with all my experience, when I am in a hurry, I have clicked on the wrong thing, and downloaded something I did not want. Clicking on these buttons that look like what you want, can give you a lot of other junk you do not want or need.

One of the things sites have done now, is when you click on download, it goes to the next page, saying your download is starting. While you are waiting (a wait done on purpose by the way) you are presented with a screen which says DOWNLOAD Now! If you look carefully, that is for something different, maybe similar, but not what you are trying to download.

Wait a minute, and usually you will see the bar light up across the top of your browser saying “To help protect your security, IE has blocked this site from downloading… Click here for options.” That yellow bar on the top is where you download the file from. Click on the bar, and then save the file to your computer.

If a download button or pop up window says it will help you speed up your computer, check your computer, clean up your computer, make your bed, clean your registry or any other great claim, completely avoid it unless a reputable source recommends it and has tested it themselves.

Remember, up to date antivirus software and up to date windows security updates are both key to helping you out here.

Several Internet security firms have confirmed that the “conficker” worm is set to go off in possibly millions of computers on April 1st. This virus has been around for a few months and is picking up steam. Many times viruses like this can lay dormant in your computer and pop up on a set date. The Aprils fool day has always been popular amongst virus makers.

There are a lot of theories and suggestions of what it could do. The main thing this virus does is allows many computers to attack or “flood” the internet all at the same time, causing what is called denial of service attacks.

Basically it would be like everyone getting in their car and driving down to main street, and trying to drive. Too many cars, not enough road. This is the same concept. The main difference is, you would know if you were driving downtown, in fact more like someone stole your car to drive down there. Your computer just sits there, and you might not even know it is involved in causing the problem!

Here are a couple of things to make sure you do before April 1st:

Check your antivirus program and make sure it is up to date and working. It should be down in your system tray near your clock. Double click on it, ( all the top programs Trend Micro, Norton, McAfee, F-Secure) show you that everything is working or lets you know if there are problems. Most of them have a FIX it button, just click on that if it shows problems.

Second, run a full scan. Many of the programs run a quick scan. On Trend for example, if you open it up and see the scan button, just to the right is an arrow. Click on the down arrow, and choose FULL SCAN. Run that baby and delete any bad stuff it finds.

Lastly Make sure your Windows Security Updates are up to date! You can click here to check Microsoft Updates

If you do not have the worm, there is nothing to worry about. But it is better safe than sorry when it comes to viruses on computers. The biggest threat is to people who are not protected with Internet Security Software, theirs is not working or it is expired.

Here are a couple articles explaining more about the virus.


Fox News