Archive for the Category ◊ virus ◊

When I am cleaning up computers from the slowdown of malware and unwanted programs, there is one consistent thing I find in common.

There are usually several programs, toolbars, search assistants and more that are loaded onto the computer, without the user’s knowledge.

Most users never use the stuff, and don’t need it. Almost all of it is garbage and just slows things down on the computer and many track what you are doing.

Some of the common things that load uninvited are Google, Yahoo or MSN’s toolbars, Google desktop, Search helpers, disk defraggers, registry cleaners and more.

Google products are so intrusive, they can be hard to remove, including scheduled tasks, that most people don’t realize even exist, and it is another thing that will slow the system down.

One of the main ways these junk programs get on your systems is when you try to download a program that you need. Something such as Adobe Reader or Adobe Flash. Even big name software will try to include crud you don’t need.

When you download a file, you have to be a detective on the page and make sure you do not click on anything but the actual download link. They disguise other links that say DOWNLOAD NOW, and they download one of these other programs.

In the mean time, your program will download and you will have the program you wanted, and something else.

Here is an example of this, and what is crazy, it happens on more than one page, just to get one file. Let’s say you need to get the Mega Codec pack to make your videos work correctly.

You search on Google, and here is the top choice, below. Note all the Red X’s. Those are all links you do not want, and have nothing to do with your download. You need to look carefully when clicking.

In this case you have to click on a mirror or another site that actually has the file that you can download.

Ok, you made it through the first mine field, now you get a second page, the one that should have the file you want. Hmmmmm. Looks a bit familiar huh?

Now look at the above page, and how many Red X’s do we have here? There is only one link to actually download the file, and even it is not really obvious. The green circle is the download button.

As you can see, many things on a website look “legit” but they are just junk begging you to download them and slow down or infect your computer.

Now you need to have Adobe Flash if you are going to do anything on the Internet, including watching videos. Let’s go to the Adobe site and Download Adobe Flash:

 

Here we go again, and this is Adobe doing it as you are trying to download it. You need to UNCHECK any free software helper junk they are trying to push on you. Uncheck the “include in your download.”

Let’s say you got through both minefields of crud to download a file, and now you have the program saved on your computer. You double click the icon to install it. Let’s use good ol’ Ccleaner, a program I like, as an example.

 

This one is a bit sneakier. They try to put it on your computer after you download it, during the installation. Most of us just Click Install>NEXT>NEXT>OK>Done. We never really look at what it is asking us. I find myself doing this at times, and it can get you in trouble.

Ccleaner is a very good and reputable program, but Google and other companies make money each time someone installs it on their system or they pay a certain amount of money to have the software include the junk on their webpage or inside the software.

Why do they do this? Because they get free data from you, your surfing habits, demographics, and then they push out ads to you on the sides of web pages. Your free information makes people like Google Rich.

The key to safe downloading is to be careful, and watch what you download and make sure you uncheck any extra programs they try to install.

Hopefully these tips and examples will help you keep you computer a little cleaner!

 

 
There is a new virus running around, and when you are using Internet Explorer, a window can pop up telling the user to press F1 to view a file. Once you press F1, it will load the virus.
 
This virus will affect Windows 2000 and XP, it is not supposed to affect Vista, Windows 7 and Windows Server 2008.
 
The good thing is that F1 is mainly used for help, and not many programs use that any longer. This happens specifically when on a website with Internet Explorer.
 
DO NOT PRESS F1 if prompted, while using Internet Explorer in Windows XP or Windows 2000.
 
Close your browser if you get a message like this. If it will not close and the “press F1 Window” still shows up, you can try the following:
 
Hit Control + Alt + Del, and bring up the task manager. Highlight the Internet Explorer program that is running, and click the END TASK button. This will force the window to be closed.
 
For more technical details,
 
 
(Thanks to my deputy Geek Harry, for bringing this to my attention!)
Virus Removal and Resetting Restore Points
Tuesday, December 01st, 2009 | Author:

Restore points in Windows XP, Vista and Win 7 are created so that if there is a problem with your Windows installation, you can revert back to a previous date to “undo” problems that may have occurred since that date.

The problem I have encountered is that when a customer brings in a computer that has serious problems, rarely, if ever does the restore point fix the problem. If it does, it usually causes other problems by programs that were installed since the restore point date.

Restore points work from the day the OS (operating system) was installed. A new restore point is created when major updates are done by Microsoft, new software installs, and you can create one manually if desired.

The biggest problem with restore points is that they will contain a virus if the computer becomes infected. Even if the virus is removed completely from the computer and all is clean and well, the virus still can remain hidden in the restore point from when the computer was infected.

Even though you have cleaned out all viruses, as there are still some lurking in the restore points, your current anti-virus program can detect them and will say you have viruses, which is really true. But only if you restore to a previous date that had the virus in it. Usually the antivirus programs will report problems in the System Volume Restore folder.

The only way to clear these out is to turn off the System Restore and then turn it back on. This will flush out the old restore points, and create one single new one, at the moment you turn it back on. This will eliminate any old bad points that contain malware or viruses or other problems.

Here is how to clean out the System Restore Folder:

Windows XP

Right Click on My Computer

Click on Properties

Click on the System Restore Tab

Click on the box next to “Turn off System Restore” and put a check mark there

Click on Apply

This will remove the old restore points

Now uncheck the “Turn off System Restore” which turns it back on

Click on Apply & OK

Vista / Windows 7

Right Click on My Computer

Click on Properties

Click on System Protection

Uncheck the box next to the Local Disk (C:) drive

Confirm you want to turn off system restore (if asked)

Click on Apply

Put a check back in on the Local Disk C: drive to turn the system restore back on

Click on Apply and then OK

You should not have to reboot the computer in between turning on and off the restore points. I have read you should reboot, but I found that you do not have to.

To easily double check if your restore points have been cleared out, install the latest CCleaner (see my earlier blog) and when you open it, click on the Tools Button, and System Restore, and you should only see one recent restore point. If you see a bunch, you did not clear them all out.

ccleaner

I am sure I will offend someone with this post, but here goes. CRAP CLEANER is one of my favorite cleanup and maintenance programs. Well, the name is a bit crazy, but it calls that junk what it is, crap on the computer.

CCleaner is a tool that cleans out temporary Internet files, temporary Windows files, cookies, history and numerous other items from the hard drive, increasing performance, security and privacy.

The Temporary Internet files area is one of the big areas that viruses and malware like to hang out (along with anywhere they can find!) and cleaning out these areas with this tool really helps keep things running faster, smoother and helps protect your privacy and security.

I frequently work on customer computers that have 2 or more GIGABYTES of crud in the temporary Internet files. That can slow down your Internet browser to a crawl.

The program is straight forward and easy to use. Just download and install it, accepting all the defaults unless you know there is something you would like to change.

When you run the program, you will see the above window, and all those check boxes, I normally leave them all checked off. That way it gets a good deep cleaning.
You do not need to run any of the other little features if you do not feel comfortable, especially be careful with the Registry cleanup tool. It works great, but it can also cause problems if you are not careful. Always say yes to the backup of the registry if you dare use this feature. Be warned.
One problem I had when I first started using it, is that I like some cookies on my computer. I visited several websites daily, and I like them remembering my location, etc. So for those, they have a solution.
ccleaner cookies
Click on the Options button on the left, and then click on cookies. All the cookies you have had on your computer (and there can be a lot) will show up in alpha/numeric order and you can choose cookies to keep, or just leave them in the left column to remove. Very easy and nice feature.
Those are the only things you really need to mess with, and this will really help keep things running smoother. I would suggest running this once a month, or once a week, depending on how much surfing you do.
If you have anything over 1 GB, then you should do it more often. If you only have 300k, then you probably don’t need to run it as often.
This program is easy to use, and it is Free. If you do use it and like it, they do ask that you donate to show your appreciation.
I recommend the slim version, which does not have the added bloat of toolbar junk that you do not need. This link will take you to Major Geeks website and you just click on the yellow bar on the top to download, you do not need to click on any other link on the page.
Sneaky Viruses Hidden in Ads and Web Pages
Friday, June 19th, 2009 | Author:
Almost every customer that comes into the office with a virus infected computer asks how does it happen. It used to be so easy to explain. Well you are going to “those” sites, or you are illegally downloading music, or even opened an email that said, “you have won $1,000,000 or whatever the cause was.
Not so any longer. Those things are still around, but now the age of embedded viruses in regular ol mainstream websites. Hackers get into websites and can put viruses right on the webpage, and it can load onto your computer. Some ads recently have even been found to contain viruses.

Here is a recent article

Remember it is important to keep current Anti-virus software on your computer and make sure it is doing a weekly scan, and that it is scanning your email and internet usage. Using IE-8 is not a bad idea. I have gotten past the newness and problems it originally had, but there are some really good security features in it.

Also, be careful of what you search for, and when you go there, be careful of the domain you are going to. The domain is the last part before the .com or .net or whatever the website is.

For example, if you are looking for www.ford .com the ford.com is the domain. Sometimes the link will look like

www.customerservice.ford.joeblow.com

If you see a link like that, the actual domain is joeblow.com, the last letters between the dots. It looks like ford, because ford is in the name. But the important part of the website address is the .com and the letters preceding that. None of the other parts of that website matter, and it is definitely not a ford motor company website.

In this screen shot of IE-8, notice how the domain is in bold, and since it is a secure site, the lock is showing and it is telling you it is the verified BofA site.

Be careful on what sites you go to. Take an extra couple seconds to look up at the address bar and see what domain you are really on. Some of the internet browsers, IE8, Firefox, have the domain highlighted now so you can tell right where you are at.

Also, when you do searches on things, the hackers go out and find what searches are the most popular. Jo-lo, Lindsey Lohan, Obama, whatever is being searched for.

They will put up bogus webpage’s that will go to the top of the search engine, and they are infected sites.

Here is an article with more on this.

Virus News – Macs are not Immune, Conficker Update
Tuesday, April 28th, 2009 | Author:

Macs not as safe as some like to think

Symantec researchers believe they have found evidence of a virus that is specific to the Macintosh computers. Some experts are not sure of the actual threat to Mac Users. The interesting thing is that Mac users have always bragged about how safe their Macs are compared to PCs. You have probably even seen the commercials that try to pound PCs into the ground.

The virus (just like many viruses on the PC side of things) is downloaded along with a pirated or illegal copy of legitimate software. The type of virus is called a botnet, which gets on the computer, and can get out onto the internet, and cause a distributed denial of service (DDos) attack.

The way this attack works is a bunch of computers keep going to a website or sites, over and over. With thousands of computers doing this, it blocks anyone from getting to that site.

Many Mac experts are downplaying this and saying the media attention is not necessary. Many are also saying the Mac is still safe, and security software is not needed. Good luck with that!

Conficker – We are not out of the woods yet

Reports are that the Conficker virus is infecting more computers, and could possibly do more on May 1st. I wrote about this in an entry in March. April 1st has come and gone, and most people think it was just a scare. This particular worm is more of a long-term, slow acting virus. There are three parts to this virus, and the one that has my attention is the last one which has to do with your computer and not stuff it will do to others on the Internet.

Here is a quote from Fox News online, ” Conficker also carries a third virus that warns users their PCs are infected and offers them a fake anti-virus program, Spyware Protect 2009 for $49.95, according to Russian-based security researcher Kaspersky Lab. If they buy it, their credit card information is stolen and the virus downloads even more malicious software.”

Interestingly, I have seen very similar malware on many machines this month. I cannot say it was this virus, but it is interesting that the malware I have been cleaning was similar, and most of the customers had valid, up to date virus protection. They could have been “drive by” type viruses, but there is also a chance the malware was hidden in the Conficker virus. Once these machines are cleaned up, it is really hard to tell, because all traces are gone.

Check out the link to see if you have the conficker virus on your system if you have not already.

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

You can safely click on the link below, to test and see if you have the conficker worm on your computer. A working group has been assembled in to collaborate efforts with technology industry leaders and academia to implement a coordinated, global approach to combating the Conficker worm.

How does this work?

This works by trying to load several pictures from Security Websites. If the top pictures do not load, you may have the virus. That is one of the traits of the conficker, is that it will block you from going to these type of sites. The bottom 3 pictures are from non-security sites, so they should always load.

If you only see some of the pictures, check below the chart for an explantion. Also try hitting F5 to refresh your broswer to see if they load, as you know the browser sometimes does not get all the pictures when you go to a site the first time.

If you get all 6 pictures on the Eye Chart, you are good!

Run the Test!

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

You can also check out the approximate map of infected computers throughout the world!

http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution

How to stay away from Bogus Win Antivirus 2009
Monday, April 06th, 2009 | Author:

These are a couple of samples of the fake software. There are many variations, but this gives you and idea of what they look like. Note the shield and how similar to Microsoft’s Security Warning it looks like.

I have had a larger number of Win Antivirus and Antispyware 2009 infections in the shop lately, and I wanted to give you a few tips on how to avoid this junk on your computer.
The interesting thing is that most of the computers have had valid Antivirus Software, and the Virus still got on the computer. The problem is we say something is OK, and our Antivirus just assumes you want it, even though there may have been a warning, or maybe no warning.
What is this stuff anyway?
Antivirus 2009 and Antispyware 2009 are not real programs. They act like they are going to help you, and when you pay the fee, they are just smoke and mirrors. The program pops up over and over and says you have hundreds upon hundreds of horrible bad stuff, and they are going to do a scan to clean up your computer.
These fake programs use trojans, such as Zlob or Vundo, to spread. These viruses have been around for a while and are really common in the infected computers I work on.
Where does it come from?
Sometimes the viruses come from porn sites or what are called as Warez sites (free illegal software) or other illegally downloaded music/programs/movies. Even though it is very common to come from a place like this, there are a lot of other seemingly innocent ways.
Many viruses can come from files downloaded on Filesharing programs such as Limewire, Bearshare and eDonkey. These is called P2P, or Peer to Peer software. Many people are using this method to share movies/music/software illegally with others, and in turn, others share their stuff with you, including viruses. This is all under the guise of sharing legally, but no one really pays for the stuff and it is a way to get free stuff.
Another way some of the Bogus Antivirus programs show up is on a “drive by.” You go to a site you think is ok, and the message pops up, and it looks like a real antivirus message from your antivirus program.
But if you look closely, you will see that it is not. It is really just a pop up ad, that when you click on it, you are essentially downloading the virus. Dawn had one of these pop up on her desktop, and it was just that, a pop up ad that looked just like a security warning. We did the procedures below, and did a full scan, and thankfully we never actually got the virus.
The so-called program shows hundreds or viruses on your computer. It even acts like it is doing a scan, and then says you need to pay to get rid of the stuff. It is all a scam. Once they get your money, that is it. There is no antivirus program. It does nothing for you, but mess up your computer, and make your pockets lighter if you fall for it.
How to avoid getting it
If you get a message like this suddenly, check it out carefully. It should say Trend Micro or Norton, AVG, or whatever your antivirus program name is on the top or somewhere on the window. If it does not, here is what you do. The window will have the look and feel of a real program. I have included screen shots of what some look like.
First off, DO NOT click on the window at all. Many times the buttons are disguised as to what they will do, and usually clicking on it will attempt to download the problem onto your computer. Even the handy X for exit or other buttons may activate it.
Hit Control+Alt+Del and bring up the task manager. Look at the running applications, and there should be one that is Internet Explorer, or one that says the name of the program Win Antivir 2009. Click on that and click on End Task.
Then disconnect from the internet (easiest way is to unplug your modem from the wall power). Then run a “FULL” scan of your computer and make sure you do not have any Trojans. If you do this, at the first sign, you may have never gotten the virus on your computer, but it was more of a pop up ad/scam to get you to put it on your computer. This is what happened to Dawn, and thankfully she caught it right away.
Also if you have CCleaner on your computer, run that to remove all your Temp files and Temporary Internet files. These are not needed and they are a place where the bad stuff likes to hide. Click here to get CCleaner.

I run this monthly on my computer and would suggest the same for you.

Downloading Tip


One last thing on downloading anything, including this Ccleaner. You have to watch what is on the page, and not click on the DOWNLOAD buttons that are for other stuff. It can be very confusing, and even with all my experience, when I am in a hurry, I have clicked on the wrong thing, and downloaded something I did not want. Clicking on these buttons that look like what you want, can give you a lot of other junk you do not want or need.

One of the things sites have done now, is when you click on download, it goes to the next page, saying your download is starting. While you are waiting (a wait done on purpose by the way) you are presented with a screen which says DOWNLOAD Now! If you look carefully, that is for something different, maybe similar, but not what you are trying to download.

Wait a minute, and usually you will see the bar light up across the top of your browser saying “To help protect your security, IE has blocked this site from downloading… Click here for options.” That yellow bar on the top is where you download the file from. Click on the bar, and then save the file to your computer.

If a download button or pop up window says it will help you speed up your computer, check your computer, clean up your computer, make your bed, clean your registry or any other great claim, completely avoid it unless a reputable source recommends it and has tested it themselves.

Remember, up to date antivirus software and up to date windows security updates are both key to helping you out here.

Several Internet security firms have confirmed that the “conficker” worm is set to go off in possibly millions of computers on April 1st. This virus has been around for a few months and is picking up steam. Many times viruses like this can lay dormant in your computer and pop up on a set date. The Aprils fool day has always been popular amongst virus makers.

There are a lot of theories and suggestions of what it could do. The main thing this virus does is allows many computers to attack or “flood” the internet all at the same time, causing what is called denial of service attacks.

Basically it would be like everyone getting in their car and driving down to main street, and trying to drive. Too many cars, not enough road. This is the same concept. The main difference is, you would know if you were driving downtown, in fact more like someone stole your car to drive down there. Your computer just sits there, and you might not even know it is involved in causing the problem!

Here are a couple of things to make sure you do before April 1st:

Check your antivirus program and make sure it is up to date and working. It should be down in your system tray near your clock. Double click on it, ( all the top programs Trend Micro, Norton, McAfee, F-Secure) show you that everything is working or lets you know if there are problems. Most of them have a FIX it button, just click on that if it shows problems.

Second, run a full scan. Many of the programs run a quick scan. On Trend for example, if you open it up and see the scan button, just to the right is an arrow. Click on the down arrow, and choose FULL SCAN. Run that baby and delete any bad stuff it finds.

Lastly Make sure your Windows Security Updates are up to date! You can click here to check Microsoft Updates

If you do not have the worm, there is nothing to worry about. But it is better safe than sorry when it comes to viruses on computers. The biggest threat is to people who are not protected with Internet Security Software, theirs is not working or it is expired.

Here are a couple articles explaining more about the virus.

Microsoft

Fox News

Parking Ticket, Phishing, Trojan Viruses, Oh My!
Sunday, March 15th, 2009 | Author:

You walk out of the store into the busy parking lot and on your windshield sits a little yellow jewel. A parking ticket! Money is not tight enough, now you have to deal with this stinking ticket.
When you get home, you look at it, and there is a website to take care of it. Being the budding geek that you are, you go online to take care of it. After all, you pay your bills, get airline tickets, and do your banking online. Paying a ticket will be a cinch.

However, you could be directed to a site that installs malware or viruses on your computer or worse yet, trick you into giving them your personal information.

In Grand Forks North Dakota, people received parking tickets, and when they went to the website, they got to a site that looked pretty real; it even had photos of cars parked badly. Once they got there, the site attempted to download Malware onto their computer.

This is touted as the first recorded instance of this kind of scam. It is a real world phishing scam, where they contact you in the real world, then get you to go to a website, which in turn, is trying to install crud on your computer. Normally, this type of scam has been limited to email or websites.

This particular scam was mainly trying to load malware on to the unsuspecting users computer. It is quite easy to take this one step further with not much work. The scammers could have the user put in their credit card info, social security, drivers’ license number, and who knows what. Poof! Identity info stolen.

So far this particular scam was very limited to that community, but it is something to be aware of.

Remember, whenever going to websites, look at the name before you type them in. If you are not sure, go to the site directly. For instance, if you got a ticket in Lebanon or Albany that was suspicious like this, go to the city website first, and see if it is real. If you are still not sure call them.

Under no circumstance, do you want to go to the site from the link on the fake ticket. You also do not want to put any important info in any site that you are not sure of. Many of the Internet Security programs including Trend Micro have a phishing filter that helps with this type of bad stuff. But those scammers might even be able to get around your filter.

Remember, common sense rules! If you are not sure, don’t go there and don’t put in personal information unless you are 100% confident of the site.

Since we are in tax season here is another important tip:

Last year the IRS reported record numbers of scams about taxes. People received emails saying they are being audited, or they need to correct their personal info with the IRS and they were bogus.

Here is a website with information from the IRS on how to spot IRS scams, and what to do if you think you received one: http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=5

Here is a link to a little more of the details of the North Dakota incident: http://www.vnunet.com/vnunet/news/2235808/parking-ticket-scam-brings