Showing posts with label infected. Show all posts
Showing posts with label infected. Show all posts

Monday, July 8, 2024

How Did I Get Infected!?!


For those of you who think, "Well, if I don't install random new programs from the internet or download random EXE files, I won't get infected" that's not really the case today. Most people are not infected because they browse the internet and accidentally click on an EXE file. That was more common several years ago.

Nowadays, most people get infected because the malware comes to them. 

You don't have to go out on the internet and have to "find" viruses or malware to get infected.

The malware arrives in your inbox, in your private messages, from a trusted source, a hacked website, or inside a program you use, whose company got hacked, like in the case of 3CX.
  • The 3CX hack, which came to light in late March 2023, was a sophisticated supply chain attack. The incident involved the compromise of 3CX’s Windows and macOS build environments, allowing hackers to push trojanized software to 3CX customers.
  • The breach began when an employee at 3CX downloaded a trojanized installer for the X_Trader trading software, which had been compromised by North Korean threat actors. This malicious installer gave the attackers access to the employee's device and corporate credentials, enabling them to infiltrate 3CX’s network and insert malware into the 3CXDesktopApp. The attack was likely carried out by a North Korean hacking group tracked as UNC4736, linked to the financially motivated operation dubbed AppleJeus​ (Security Week)​​ (Security Week)​​ (CISA)​.
This doesn't mean there aren't still things like malware advertising (malvertising), where you see ads on Google to entice you to click on or download something malicious. Another major source of malware now is also social media platforms! YouTube videos as well!! 

For instance, if you look for any kind of cheat, crack, or mod for a popular video game, you will often find videos with external links. Many of these links, especially if they're password protected, contain malware.

Sometimes, it's literally the first search result when looking up something as harmless as "sewing patterns and templates"!!

Here are further examples of common ways people can get infected:

  • Phishing Emails:
    One of the most prevalent methods. Attackers send emails that appear to be from trusted sources, tricking recipients into clicking malicious links or downloading infected attachments. These emails often mimic legitimate communications from banks, social media platforms, or even colleagues.
  • Compromised Websites:
    Legitimate websites can be hacked to serve malware to visitors. This method doesn't require any action from the user other than visiting the site. Drive-by downloads exploit vulnerabilities in browsers or plugins to install malware without the user’s knowledge.
  • Software Supply Chain Attacks:
    These involve compromising a trusted software vendor to distribute malware to end users. The 3CX hack is a prime example, where attackers infiltrated the development pipeline of 3CX, a business communication software, and inserted malware into the software updates, affecting thousands of users.
  • Malvertising:
    Malicious advertisements, or malvertising, are another common method. These ads can appear on legitimate websites and redirect users to malicious sites or directly download malware. Even major advertising networks have been exploited to serve malvertising.
  • Social Media Platforms:
    Attackers exploit the popularity of social media to spread malware. They create posts or messages with enticing links that lead to malicious sites. YouTube videos offering cheats, cracks, or mods often include external links that direct users to malware. These links can appear highly ranked in search results, making them seem legitimate.
  • Messaging Apps:
    Private messages on platforms like WhatsApp, Facebook Messenger, and others can carry malicious links or attachments. Since these messages often come from known contacts, users are more likely to trust and click on them.
  • Trusted Sources:
    Sometimes, malware is spread through channels that users inherently trust. This could be through an email from a known contact whose account has been compromised or through a popular website that has been hacked.

We always recommend installing and using good, trusted, and reliable antivirus and antimalware software for your system. While they are not a silver bullet, these tools provide essential layers of defense against various cyber threats. Antivirus software is designed to detect and remove viruses, while antimalware software targets a broader range of threats, including spyware, adware, and ransomware. 


In addition to antivirus and antimalware software, browser add-ons can enhance your online security by providing additional protection against malicious websites and phishing attacks. One such recommended add-on is Malwarebytes's Browser Guard


Benefits of Using a Browser Guard: 
  • Blocking Malicious Websites:
    Browser Guard blocks websites that are known to host malware, preventing you from inadvertently visiting harmful sites.
  • Protection Against Phishing:
    It helps identify and block phishing attempts, protecting your personal information from being stolen.
  • Ad Blocking:
    The add-on can block unwanted ads, which can be a source of malware through malvertising.
  • Improved Browser Performance:
    By blocking malicious content and unwanted ads, Browser Guard can enhance your browsing experience and speed.

Pacific Northwest Computers Practices Combined Protection; What is That?!

No single solution can offer complete protection against all cyber threats. Using a combination of antivirus, antimalware software, and browser add-ons provides multiple layers of defense, significantly reducing the risk of infection and data breaches. 
Here’s why combined protection is essential:
  • Layered Defense: Different tools specialize in different areas of protection. Antivirus software focuses on traditional viruses, while antimalware software targets newer, more sophisticated threats. Browser add-ons provide real-time protection while you browse the web.
  • Reduced Risk of Zero-Day Attacks:
    Zero-day attacks exploit unknown vulnerabilities. Having multiple layers of protection increases the chances of detecting and stopping these attacks.
  • Comprehensive Coverage:
    Combined tools cover a wider range of potential threats, from viruses and worms to phishing attempts and malicious websites. 
  • We recommend using an Antivirus, 1-2 "stand-alone" scanning tools for general malware and adware scanning, as well as a maintenance/clean-up utility for removing junk/temp/cache/cookie data. 


In today's cybersecurity landscape, simply avoiding the download of random programs or EXE files is not enough to protect against infections. Malware delivery methods have become more sophisticated, targeting users through phishing emails, compromised websites, and even trusted sources like popular software vendors, as seen in the 3CX hack.


Malicious advertisements and social media platforms have also become significant vectors for malware distribution. Given this complexity, it's essential to use a multi-layered defense strategy. This includes installing and regularly updating trusted antivirus and antimalware software to provide essential protection against various threats.


Additionally, browser add-ons such as Malwarebytes Browser Guard offer critical extra layers of security by blocking malicious websites, protecting against phishing attempts, and enhancing overall browsing performance by removing unwanted ads.


Combining these tools creates a robust defense system, significantly reducing the risk of infection and providing comprehensive coverage against a wide range of cyber threats. By staying informed and proactive, users can better safeguard their systems and personal information from evolving cyber threats.

Monday, May 15, 2017

WannaCry Ransomware Virus




The now infamous "WannaCry" ransom-ware virus has been making headlines and scaring a lot of computer users around the world. It is one of the quickest spreading Ransom-ware bugs that has been released to date, but Ransom-ware viruses are not anything new.

Ransom-ware viruses are a type of virus that infect computers, and then prevent the user from accessing the operating system, or encrypting all the data stored on the computer. Then the user is asked to pay a fixed amount of money as ransom to unlock their files, allowing them to regain access to the operating system and their data again. What sets this virus apart is how quickly and widely it has spread.

As of yesterday a Security Professional, Marcus Hutchins, has been credited with stopping the WannaCry ransomware attack from spreading across the globe, by accidentally triggering a "kill switch" found in reverse engineering the virus. So for now, further infection has been stopped. But to prevent any infections from previous distributions of the bug you can do the following:

"WannaCry" Ransomware Guidelines to Stay Safe:

  • Be careful to NOT click on harmful links in your emails! 
  • Even with security software installed, if you open/download an attachment from a malicious email it can and will infect a computer and network! 
  • If you get an email from someone, look at the email address/email header and make sure it's from who it says it is. 
  • Be aware of fraudulent e-mail messages that use names similar to popular services such as PayPal instead of PayPal or use popular service names without commas or excessive characters. 
  • Be wary of visiting unsafe or unreliable sites 
  • Never click on a link that you do not trust on a web page or access to Facebook or messaging applications such as WatSab and other applications. 
  • If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links). 
  • Always make have the latest update for your Antivirus; Let me know if there are any update issues! 
  • Make sure your windows have the latest updates to close the gap! 
  • If windows has reported that updates are pending/available; download and install immediately!! 
Further Steps to take in-case you WERE to get infected by the "WannaCry":
  • Make a recovery disk! The WannaCry ransomware asks for $300 or more if you a modified version if you do not pay the creators (in Bitcoin to its untraceable and not refundable) encrypt all of your files on the computer. 
  • If your computer gets infected take it off of your network immediately! The ransomware will spread to other computers on the network! You can restore from a backup. 
  • If you would like our assistance with ANY of the procedures above or would like us to secure your computer and/or network to the best of it's ability, let us know and we can schedule an onsite or remote session for you!! 

More from Microsoft on the bug and associated patches to help prevent infections from WannaCry:
https://technet.microsoft.com/…/libr…/security/ms17-010.aspx


Jon-Eric Pienkowski
_________________________
Pacific NorthWest Computers
(360) 624-7379

Friday, June 5, 2015

How can I keep my computer from getting infected? Pacific NW Computers' PC Security Tips


1. Make sure you regularly run MANUAL scans with your installed security software!
Security Programs We Recommend (Or Have Installed):
  • Avast Antivirus, BitDefender Free, Microsoft Security Essentials
  • MalwareBytes Anti-Malware
  • Spybot Search & Destroy
  • CCleaner
*For direct download links to the software listed above, visit "Pacific NorthWest Computers' Links and Recommended Software" page on our Blog Link below!
http://pnwcomputers.blogspot.com/2013/06/pnw-computers-links-and-recommended.html

Basic/General Scanning Procedure:

  • Before running any scans with any of the installed security software, be sure to FULLY update the software FIRST.
  • After updating the security software, perform the deepest and most thorough scan that the software is capable of. This is usually labeled as a FULL or COMPLETE scan.
  • DELETE or QUARANTINE any and all of the security software’s findings.
  • Make sure you DON’T download and install any scanner/security software that solicits you to download and install its software. These scanners are blacklisted because of their questionable reputation.

2. Make sure your Windows is ALWAYS up to date!

  • An unpatched Windows is vulnerable and even with the “best” Antivirus installed; malware will find its way through.
    So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.
  • Be sure to download and install all CRITICAL and SOFTWARE updates! You also may have to do several “passes” of Windows updates before all the available updates/patches are actually installed.
  • Verify that your version of Windows Vista, Windows 7 or Windows 8 has the most recent service pack installed. If this is not currently installed on your system, the Windows Update website will recognize this vulnerability and request you to download and install any available Service Packs and other needed updats.

3. Stay away from questionable sites.

  • This is one of the main causes why a computer gets infected. Visiting cracksites/warezsites – and other questionable/illegal sites is ALWAYS a risk. Even a single click on the site can be responsible for installing a huge amount of malware. Don’t think: “I have a good Antivirus and Firewall installed, they will protect me” – because that’s not true… there is no “Magic Bullet”. Before you know it, your Antivirus and Firewall may already be disabled because malware already found its way on your system.


4. Be careful with email attachments!

  • Malware spreads via email as well, especially email attachments. The most common ones are emails telling you that your computer is infected and that you can find the removal tool in the attachment, emails telling you that your password has changed and can find it in the attachment, emails with product codes in the attachment from software that you purchased (which you didn’t), emails with attachments that are so called “Security Updates”, etc. etc.
  • Don’t trust any emails like the ones listed above. Don’t even attempt to preview/open them and delete them immediately instead! It may also happen you receive an email from someone you know, but with a questionable attachment present and strange content in the e-mail’s message. In this case, this person – or someone else who has your address book in his/her address book – is infected with malware (worm/spambot) and sends these emails without being aware of it.
  • Don’t click links in emails from someone you don’t know, because these links can redirect you to sites where malware gets downloaded and installed.

5. When surfing the internet…

  • Use Google Chrome or the FireFox web browser as your MAIN internet browser. These browsers does not use ActiveX controllers or BHO’s (these are programs that are a standard feature’s of Microsoft’s Internet Explorer and are “exploited” vulnerabilities that hackers use to infect computers). If a specific website (such as a financial institution website) may require Internet Explorer to be used in order for you to view their site, then use Internet Explorer. But for that specific website ONLY!
  • Don’t click on links inside pop-ups. ALWAYS close the windows via the "X" for the window vs. clicking "Cancel" or any other 'escapes' in the pop-up.
  • Download software off of the internet from websites you know and trust. A lot of free software comes bundled with other software, including malware.
  • Be careful when you are viewing videos online. Especially when you get a pop-up asking you to download a “Codec” to be able to watch the video. By default, your media player should already have the necessary codec installed to watch online videos. In the case that you’re prompted to install an additional codec while trying to watch a move online (or downloaded), it is most likely a false alert and this so-called codec may install malware.
  • Don’t install plug-ins (ActiveX) if you’re not certain what it is or why it is you need it. (Unless you are attempting to perform Windows/Microsoft Updates).
  • Glubble is a great FireFox add-on if you want to manage the sites your kids are allowed to see.

6. Watch what you download!

  • If you want to install certain software, always go to the developer’s site to download the software. Then you can be sure you’re downloading and installing the right software. Be aware of the fact that certain software (especially freeware) may contain/come bundled with extra software including spyware and/or adware. So only install when you’re sure they are OK.
  • The use of Torrent sites, Game Patches and Mods, Emulators; really anything "Free" is always a risk. Unless the download/host site is a reputable site, you can never be sure what you are exactly downloading. A file you are looking to download or have downloaded isn’t always what it’s made out to be.

If you have any questions or comments please don't hesitate to get in touch!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379

Thursday, November 7, 2013

New Virus Alert: CryptoLocker!


A New Virus Has Surfaced ~ CryptoLocker

CryptoLocker is a new, nasty piece of malicious software that is infecting computers around the world; encrypting important files and demanding a ransom to unlock them. If you get hit with this virus you risk having your personal data encrypted and lost for good!

This sophisticated malware is delivered the old-fashioned way – an executable file hidden inside an attachment that looks like an ordinary ZIP file or PDF. One small business reports being compromised after clicking on an email attachment that was designed to look like a shipping invoice from the U.S. Postal Service.

The CryptoLocker virus can be removed from an infected system, but unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful.

Preventive Measures:
  1. BACKUP ALL OF YOUR DATA ASAP! That’s the only way to reduce the risk of losing your files forever. Also, to avoid getting your backup's encrypted your backup device should be disconnected from your computer until the next time you need to access it or run a backup. 
  2. Download and install a free utility called 'Crypto Prevent'. Crypto Prevent is a small utility that changes a few settings in your computer to help prevent the CryptoLocker infection from happening in the first place! Its not a golden bullet however, so having current data backups is your ulitimate defense. You can downloading the Crypto Prevent utility directly from the link below!
http://www.foolishit.com/vb6-projects/cryptoprevent/

If you need any assistance we can setup a visit to help secure and backup your computer for you!

Let us know if you have any questions or issues!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379

Thursday, October 31, 2013

Browser Redirect Virus Fix! Search Conduit, DefaultTab, MyWay Web Search, Etc.



The majority of computers coming in with virus infections all have browser hi-jacks and other browser-related malware infections. A browser hijacker is something installed onto a computer system and attaches to an internet browser to change internet browser settings; such as the home page and default search engine. This causes the now infected internet browsers to start up using their search bar or their search engine OR even just redirect you to where they want you to go. This type of infection can generate browser pop-ups while you’re surfing the internet, slow the computer's overall performance as well as lead to further and more severe virus and infection issues!

As with a vast MAJORITY of BHO's (browser helper objects such as toolbars), most use unethical practices and are utilized by ethical and unethical third parties, including cybercriminals and scam artists, to generate revenue through sites tied they are working for/partnered with as well as other third-party domains and advertising based search services.

Products and software associated with the browser redirection infections:
  • Activeris AntiMalware
  • Ado System Protect
  • AnyProtect
  • Any Send
  • AssetsManager
  • Babylon Toolbar
  • BFlix Toolbar and TheBFlix
  • BlockandSurf
  • Boost Shopping
  • Browser Guard
  • Browser Protector
  • BrowserRedirector
  • Bubble Sound
  • Chromium (Dregal)
  • CinemaPlus vX.X
  • Conduit
  • Consumer Input Firefox Extension
  • Coupoon (two 'oo')
  • CrossBrowse
  • DefaultTab
  • Delta Toolbar
  • Dregal (Chromium)
  • Driver Pro
  • Driver Restore
  • Driver Updater (No Publisher/Specifics)
  • File Type Assistant
  • FLV Runner Toolbar
  • Free Ride Games Player
  • Games Desktop vX.X
  • GeniusBox
  • HashBrat
  • IdleCrawler
  • IE Web Protect
  • IE Web Protect Plus
  • Linkey
  • Linksicle
  • MapsGalaxy Toolbar (and other random/various related 'MapGalaxy' products)
  • MediaPlayerEnhance
  • MixiDJ  
  • Mobogenie
  • MyPC Backup
  • MyWayWeb Search Toolbar
  • NewPlayer
  • Optimizer Pro vx.x
  • OneSoftPerDay
  • Pasta Leads
  • PC Fix Speed vx.x.x
  • Plus-HD-x.x
  • PC Optimizer Pro
  • PC Pro Cleaner
  • Powerful Browse
  • QuickRef
  • Remote Desktop Access (No Publisher/Specifics)
  • Search Conduit
  • Search Protect
  • Search Results LLC
  • Shop To win
  • Shopper Pro
  • Shoperz
  • SmartWeb
  • Software Updater (No Publisher/Specifics)
  • Software Version Updater (No Publisher/Specifics)
  • Special Savings
  • Unico Browser
  • Wajam
  • Web Companion
  • WebProtector
  • Web Protect for Windows
  • WiseCare 365
  • Yontoo
  • Yontoo Layers
  • YTDownloader

Removal Process:
1st Step
Uninstall all programs listed (and any others "odd" programs that have a similar install date) through "Programs and Features" aka "Add/Remove Programs" found through your computer's control panel.

2nd Step
Download and install MalwareByte’s Antimalware and Spybot Search and Destroy (1.6.2) to use in conjunction with your antivirus to run full virus scans on your computer! Remove (or at least quarantine) anything that the programs identify!
*If you don't have a current anti-virus we recommend one of the following AntiVirus titles; Microsoft Security EssentialsAvast! Antivirus or Bitdefender Free.

3rd Step
In all of your web browsers (Internet Explorer, Firefox, Chrome, etc) you want to examine all installed add-ons and extensions. Remove anything that is related to the software programs listed above. Additionally, you can use ADWCleaner and JRT to get even further "under the hood" to make sure all of your web browsers are clean from Adware and Browser Hi-Jack software.

4th Step (EXTRA)
Download and run TDSKiller from Kaspersky Labs to check your systems for any types of rootkit infections.

For direct download links to the software listed above, visit "Pacific NorthWest Computers' Links and Recommended Software" blog post:
http://pnwcomputers.blogspot.com/2013/06/pnw-computers-links-and-recommended.html

Further Reading/Related Articles:

How you can get infected & what you can do to try to prevent it:

Wednesday, July 18, 2012

How did I get infected? Take these steps so it does not happen again!


One of the most common questions found when cleaning malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.
Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.


Do not use P2P programs

Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet

Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:

1) If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

2)  If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

3) If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.

4) If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.

5) There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.

6) Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.

7) Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.

8) When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.

9) Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

10) Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.

11) DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software. Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date

Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

Windows XP users You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.

Windows Vista users You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.

Windows 7 users You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here

Keep your browser secure

Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:
Microsoft Internet Explorer
Mozilla Firefox
Google Chrome

Use an AntiVirus Software

It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program

Recommended, and free, Anti-Malware programs are Microsoft Security Essentials, Malwarebytes Anti-Malware, Spybot Search & Destroy and SuperAntiSpyware. You can find these programs and more on our other blog article; PNW Computer's Recommended Software Programs & Downloads!

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically!

Grinler. "How Did I Get Infected?" Bleeping Computer - Computer Help and Discussion. Bleepingcomputer.com, 24 Jan. 2004. Web. 22 Dec. 2011.

Friday, May 4, 2012

Fake Hard Drive Diagnostic Virus; Browser Pop-up/Redirection Fix


Pacific NorthWest Computers KNOWS rogue security and fake software applications very well. Fake software virus applications make up for 85% of the infections that we see on a day-to-day, week-to-week, month by month basis here in the shop. At first it was just fake security software programs. But the newest "trend" in the fake malicious software world is fake hard drive diagnostic software.

This fake diagnostic software virus pretends to have found issues with your hard drive, proceeds to hide your data (to seem more legitimate) and then tries to sell it self as a fix for all "problems" it has identified with your hard drive. When first released, it was not to difficult to remove. But the issue we are running into now however is that when a customer brings a system in that has this virus on it, we aren't just worrying about just getting the virus removed. But more importantly, reversing the changes the virus has made to an affected system. The big challenge has been with Browser hooks.


Most of the time when we encounter this virus it will actually "hook" into (or simply put; infect) the executable "IExplorer.exe", which is Internet Explorer. Once "hooked" the virus can change, modify how Internet Explorer functions and can generate pop-ups and redirect searches and navigation in the browser. All after the virus cleaning is completed on the affected computer. Now, most of the time programs like Spybot Search & Destroy are very effective at reversing system modifications created by viruses. But so far, this browser hook issue is not "automatically" fixed by virus scanners and utilities and since hooks can sometimes be impossible to remove. This type of an issue can prevent us from declaring a system clean and can sometimes require us to reinstall the computer's operating system. Well, we think we figured out a fix!

After working on a computer from a local insurance agency, I did some extensive poking around an infected computer's file system and registry and was able to locate a registry location for something called “DOMStorage” under Internet Explorer’s HKEY_ CURRENT_USER registry key (HKCU\Software\Microsoft\Internet Explorer\DOMStorage). In this registry entry, I found folders matching the names for some of the websites that were being generated in the random IE pop-ups's. I knew I was onto something but did not know what "DOMStorage" even was nor did I know why or how Internet Explorer even used it.

After doing some research on DOMStorage (http://en.wikipedia.org/wiki/Web_storage) it looks like DOMStorage, or Document Object Model Storage, is a web application software method and protocol used for storing data in a web browser. So I thought to myself, “Well if they can store data there, they could very well plant a program in those locations to hide and allow themselves to generate those pop-ups!”. So I went ahead and deleted all of the folders in the DOMStorage registry location (and there were A LOT of sites listed in there) and it’s safe to now say after removing those folders there have not been ANY Internet Explorer pop-ups since! After pop-ups coming up several times a minute, the system is running great and is running flawlessly for several days; with web surfing and all! No browser re-directions or anything!
So I would say this is another problem solved and another win against viruses for Pacific NorthWest Computers!

Jon Pienkowski
Owner/Operator
Pacific NorthWest Computers

Thursday, April 14, 2011

Rogue Hard Drive Error Repair Software

A new fake HD repair/error finding virus software is going around, and it hides all of your personal data so it  looks like all of your data has been lost or deleted; RUN FULL, MANUAL, VIRUS SCANS ASAP IF IT HAS BEEN A WHILE and MORE OFTEN THAN USUAL!

Wednesday, January 6, 2010

Rogue Security Program Infections; At a Glance!

More and more everyday I am see and hear about people becoming infected with Rogue security Software virus. 
Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. – Wiki

Right now the most common form of infection they are using is web page hi-jacking and “trap” websites that are created to “host” the virus (why using Firefox is so important).

So what people end up encountering is a web page that has been hacked, hi-jacked, infected or exploited that is unknowingly “hosting” this virus and ends up spreading the infection to whom ever visits the website. In doing this, their trap has been set and the infections begin! This form of infection is commonly refered to as a “Drive-by Download“.

After the computer becomes infected, users start to see and encounter “security warning” icons in their task bar (lower right of the desktop), pop-ups warning of an infection and fake animated virus scans indicating your computer is infected as the virus itself tries to build its credibility. In  most cases the virus can even infect the Windows Security Center making it even harder for users to identify whether the software is real or not. However the goal being achieved out all of this is for the virus creators to make money. So they are hoping that the users of the computers that become infected, and fooled by the “song and dance” the virus puts on, and buy their infectious and fake security software.

So I wanted this to be a little heads up and explanation for everybody about this subject since it is the most common repair I encounter to date.

Be Aware, Stay Informed and Scan Often!
 
~Jon Pienkowski, Pacific NorthWest Computers