Update on the new blog.

Yes dear readers, I am still alive. I decided to post an update to let you know how things are going with the new blog I am working on setting up. This will be a two part post. Part 1 will be the update, Part 2 will answer the question of just what I am doing with this expansion.

Part 1: Things are going good for the blog in development that I am working on. And to share a bit of information, it is not only a blog, it is a full website which I will be able to upload files to. This could make it easier to spread my blog around and help my readers even more. While I do not have a date on when I will consider it fit for mass reading, look for announcements in about a month or so, should things go to plan. In a few weeks, I might give a link to the website to a few select readers who have played an active role in some way in the development and improvement of this blog. To those readers who may or may not be selected, watch closely.

Part 2: Some of you may be thinking about why I am expanding at all. Why can't I be happy with two platforms? The answer may seem simple on the surface, but it is actually quite deep. So let me see if I can put it in a way that most will be able to understand and relate to.

As quite a few long time readers of my blog know all too well, malware is a sizable issue that will only get bigger if computer users are not informed. But if enough users are informed, the severity of the issue can be reduced and at one point, will even go away. But to do this, there needs to be massive penetration of the information on the internet. This is why I am systematically making my blog available on more platforms. The more unique readers my blog gets, the more people there are that will share that information on. This is why on my blogspot, I have a license from the Creative Commons that states that users that read my blogspot blog can share that information.

But relying on platforms and readers alone will not spread the information internationally. When the time is right, I will choose volunteers. Volunteers who will, if they would like to, spread the information around. And those that are multilingual will be a large help in this. This is because no translation software that I know of can detect and translate everything in the tone that it was in the original language. Native speakers and multilingual can therefore do the job of translating my blog better then any machine can.

And, in addition, I intend to link all of my blogs, old and new, together in some way. The main goal with this will be to create one big family of blogs, and nothing will ever be the same. And although this plan will take years to fully put into place, I feel that it must be done if we are to rid the internet of malware.

If you are still reading, you likely hate malware and want to see it gone from the internet and from everywhere. So my question for you is: What are you going to do to make it happen?

Thanks for reading. As always, I invite readers to comment with any questions or comments below.

Read More

What's In a name: Rogue Antivirus

Greetings Viewers,

You may have read my popular blog post What do these terms mean?

But I do not think I did a few pieces of malware on that list justice, so this is going to be the first in what I hope to be a series of posts on some kinds of malware that I think deserve a better description. And I can think of no better place to start then on my favorite kind of malware: Rogue Antivirus Software.

Rogue Antivirus Software, also called Rogues, or Rogue AVs, are pieces of malware that download and install themselves to your computer without your knowledge or consent. Once the rogue is activated or turned on, it starts a simulated scan of your hard drive. Most rogues detect false infections, that is, infections that are not actually on your computer. So the most important thing to know is that none of the malware it reports as being on your PC is actually on your PC, the program is just messing with you.

The rogue often tells you that you have a large amount of "infections," (100 or more is not uncommon) and demands payment for the "removal" of the "infections." Most rogues disable program execution in some way, such as blocking task manager, web browsers, regedit, (A internal registry editor in Windows) and more. The license for the rogue often varies in price, anywhere from $39.95 to $85.95. Some rogues also open your internet browser and take you to some rather.... unsavory websites to reinforce the lie that your system is infected. Rogues often block you from going to specific websites, claiming that they are infected.

Rogues often have misspellings, bad grammar, and the like. This is often the first clue that the program is a rogue, not a real antivirus software. Rogues often attempt to impersonate real antivirus software in an attempt to make you believe that the rogue is actual antivirus software that you need to pay for to get rid of that malware on your computer. Rogues are often installed along with a rootkit or Trojan, and removal can be tricky depending on how many programs the rogue blocks.

Read More

A break from blogging.

Before I get started with this post, I would like to clarify something that some people may be thinking as a result of my last blog post. No, I am not a techosexual, it's not that there's anything wrong with that, but I'm just not. Now that we have that out of the way, on the the post.

Effective starting tomorrow, I will not be posting any blog posts for 8 days. This is so that I can have the extra time to make a new blog in order to expand my audience and spread my special brand of anti-malware posts further.

I am not planning on dropping either of my other two blogs, this is purely for expansion of my audience. And I decided to let you, the reader, know ahead of time. That way, you will not think I am dead or anything like that when I am not.

I have quite a few posts on this blog, somewhere in the neighborhood of 60. So, I invite you, the reader, to view my old posts. If you have only started reading as of late, you could go back to my first post to see my humble beginnings.

If you do not know where to start, I recommend looking at the series of posts that I have about a specific subject. Most posts such as these are labeled and you can find the label you want to read in the sidebar that is to the right of this post.

Thank You for reading. As always, I invite readers to comment with any questions or comments. I will be able to respond to comments, I just will not be posting anything.

Read More

Apparently, my computer loves me. (Surprise ending)

What I saw when turned on my computer and logged on this morning is indescribable. You can only fully understand it if it happens to you. This is interesting... I do not know what to think or do. The following "email" is fictional, and it would be cool if this actually did happen. But odds are, Artificial Intelligence will not be this advanced for some time.

Before you read on, be sure you are not drinking anything that could wind up on your keyboard. Remember: If you spill tea over your computer, it is your own fault.

"From Your Computer

I felt that I needed to send you a quick message of my thanks. Throughout the years of my service, you have treated me well. Installed software to make me run faster, given me extra RAM, and listened to me when I said my hard drive needed time to warm up. 

You have been with me through thick and thin. Through errors, malware infections, and blue screens. Through downloads, uploads, and movie streaming. I feel that I can no longer hide it; I am in love with you, dear user of this computer. 

You have given me a reason not to just sit on a desk and waste away while you enjoyed the company of the latest model computer. You made a commitment to me, even though I am not as I used to be, you stay with me. And this is something I am eternally grateful for. Thank You for all these years.

Your Computer."

I am flattered, really. But I do not have the heart to tell... "her" that I am seeing a Kindle and that our relationship is strictly business.

Thanks for reading. As always, I invite users to comment with any questions or comments. And if you ever find something like this on your computer, I would like to know.

Read More

How to keep spies from monitoring you through your computer or your phone.

Those of you in The United States of America have most likely heard about that whole IRS scandal and the accompanying scandals of wiretapping of the Assicated Press. As for those not in the United States... I don't know what you have heard... So even if you do not know what I am talking about, this advice can still apply to you.

The title is self explanatory, but I would like to say that what you do with the information contained in this post is up to you. The software I will talk about is legal, but should not be used for anything illegal.

1. The Tor Browser: Tor stands for The Onion Router, and it means what it says. By using this browser, your IP address shows that you are somewhere where you are not. And, the tor browser also places your traffic through several routers in order to make sure that no one router node knows enough to find out where you actually are. This can fend off most attempts to spy on you while you are on the web.

2. VPN: You know that public Wi-Fi that your local cafe offers that is free to use? Well spies and cybercriminals alike are taking advantage by hacking into the Wi-Fi and watching your traffic. And from there, they can get enough information to commit identity theft if they want to. Don't like that? Well then you should use a VPN or a Virtual Private Network. This tool sends your traffic through a private network where the public Wi-Fi does not really get involved. Thus, making it impossible for someone that has hacked into the network to know what you are doing.

3. Google Voice: You can use this service from Google to route a phone call so that it appears that the caller is calling one telephone number that is not yours. But the connection gets connected to the number you provide. And because you can dump the fake number whenever you want, you can use it until the spy figures out why he is not getting any data from his tools.

4. Burner: A burner phone is a phone that contains no identifying info about you or where you are, it is cheap so that you can dispose of it when you need to. And... There actually is an app for that. Burner is an app that you can use that gives you a phone number that calls from your phone will appear as coming from. For example, if your cell phone number is 111-111-1111 and the app gives you the number 222-222-2222, anyone you call will see 222-222-2222 on their caller ID instead of 111-111-1111. This is not free, but it only costs 2 dollars for 20 minutes of talk time.

That is it for this post, thanks for stopping by and reading. As always, I invite readers to comment below with any questions or comments.

Read More

Malware In Space: Not A Science Fiction Drama Gone Wrong.

The International Space Station is making the switch from Windows XP to Debian, heeding the advice of Linux fans everywhere that say Linux is a more secure Operating System.

This switch was prompted by a 2008 incident where computers on the ISS were infected with a piece of malware. Specifically, the Gammina.AG virus, which found it's way onto the ISS by an infected flash drive carried by an astronaut. This event that happened in 2008 proves that malware can infect a machine anywhere, even in space.

NASA decided to go with Debian, a system that uses the Linux or the FreeBSD kernel. They decided on Debian because it is open source, meaning that trained astronauts can make changes to the operating system should they require a fix for a issue. They also picked Debian because the community overseeing Debian has a track record of being fast when it comes to resolving issues. For those who do not know, Debian is a Linux distribution that a few other Linux distributions such as Ubuntu are built on. Debian began in August 1993 as as a new operating system to be made openly in the spirit of Linux and GNU.

So, The ISS adopted Debian 6, and the Linux Foundation stepped in with two courses of tailored training that prepared the astronuts for devloping apps related to the needs of the ISS. And Debian is free, so the switch will not be costing the taxpayers much, if anything.

Thank You for reading this post. As always, I invite readers to comment if they have questions or comments.

Read More

Greyware and the Babylon Toolbar.

With this post, we are going to delve into an area of software that is not necessarily malware, but is involved in some questionable practices. And I can think of no better piece of software to use as an example then the Babylon Toolbar.

The Babylon Toolbar is part of a computer dictionary and translation program that goes by the name Babylon. Useful? Quite possibly, but the trouble starts when you get into the toolbar which is also installed with other software as an add-on.

Once you have installed the Babylon toolbar, it changes your homepage to the Babylon search engine. It also adds the Babylon search engine to your computer and sets itself as the default search engine. Not only that, but it makes it very hard to change any of what it changes back to the way you had it before.

This Babylon Toolbar... sounds like you would not want it, right? Well, this puts us in the area of what is known in the trade as "grayware." Software that is not malicious, but is engaged in some rather questionable practices to get it installed or to change something after it has been installed. And while it is easy to inadvertently install the Babylon Toolbar, it is very hard to remove it. Grayware software is officially classified under the acronym PUP or Potentially Unwanted Software. This name is used in order to distinguish between malware and greyware, although both names have come into common use.

To remove the Babylon toolbar in particular, I recommend using a tool designed to remove invasive toolbars such as the Avast! Browser Cleaner, or AdwCleaner by Xplode.

Thank You for reading this post. As always, I invite readers to comment below with any questions or comments.

Read More

Decrypt Protect Ransomware and how to fully remove it.

WARNING: This post is meant for self-help only. This post is meant only to assist with removal of malware covered in the post. So for the safety and protection of yourself and others, do not download files or programs where links are given to in this post.

I am going to try to keep this a short post, because I do not want to be rambling on when you are infected with this thing.

There is a new piece of ransomware going around for Windows that encrypts your files. This is not good that ransomware actually encrypts files this time around, because that means that actual removal is only half the battle. Then you have to decrypt your files, otherwise you will be unable to use them. Lucky for us, the encryption has already been cracked and a decryption tool has been released. But before we get into decryption, we have to remove the ransomware from your computer.

First, you will want to boot your computer into safe mode with networking. This is done by pressing the power button on your computer and repeatedly pressing the F8 key until you come to a menu with boot options such as Safe Mode. You will want to use the arrow keys to go to Safe Mode With Networking. Then press enter.

Next you will want to download and install Malwarebytes Anti-Malware. This program can be downloaded here. Once it has been installed, or you have updated it if you already had it installed, do a quick scan. Once the scan is completed, it may prompt you to restart your computer, which you will not want to do, we will restart after we have decrypted the files.

Now for the decryption tool. The encryption that the ransomware used to encrypt your files is relatively simple, which is why it was so easy to crack. You can download the decryption tool here. Save it to your desktop and then open a command line window by typing cmd into the search bar of the start menu and pressing enter. Navigate to the desktop directory. Now, run the same exe (decrypt_mblblock.exe) with the drive letters of all the drives you have mounted. (in the case of the C drive: decrypt_mblblock.exe C:\)

If after decryption, you find that there are still html files that the ransomware used, you can delete those. After decryption and mop up, you can go ahead and restart your computer in normal mode. You will find that all of the files that the ransomware encrypted are back.

Thank You for reading, hopefully this post can help you with removal of this thing. If some of these instructions do not make sense, please ask a competent professional to assist you.

Read More

Plug In to Plugins.

One of the most common vectors of malware infection is through outdated and exploitable plugins. Java remains a constant reminder that a plugin that is fully updated and a plugin that is exploitable can be one and the same.

But what is a plugin? Plugins or plug-ins (either way is correct) are small pieces of software that are often used to preform a helpful task or allow you to view something. For example, several video viewing websites such as YouTube use Adobe Flash to allow you to view the videos on the website. This involves installing Adobe Flash, which also involves installing an Adobe Flash plugin on your browser. Without the plugin, you would not be able to view the videos.

So, now that we have covered to some extent what a plugin is, why is it important to keep it updated?

Outdated plugins are bad for a few reasons. They can interrupt your internet browsing and waste your time, they can increase your risk of getting infected with malware, and they do not have improvements that the latest version of the plugin has that can make the internet safer and/or faster.

Odds are, you have a plugin that you need to update. Don't believe me? Take a look. How do you check your plugins you ask? Well first, you need to see what the latest version of the software or plugin is. This can be done by going to the official website of the plugin or the software that installed the plugin. If you need to update, the official website is always the safest place to update. So if you are already there, it makes updating what you need to update hassle free.

On Internet Explorer: Click on Tools, then click manage add-ons. (Internet Explorer calls plugins add-ons, but they are the same thing with Internet Explorer.) Check the version of the plugin by clicking on it. You can repeat this for all the plugins you have installed.

On Mozilla Firefox: At the top left corner of the window, you will see an orange button that says Firefox. Click on that, then click on Add-ons, then when the new tab pops open, click on plugins from the menu on the left. Then click on check to see if your plugins are up to date. If they are not, Firefox provides links so that you can safely update your plugins.

Thank You for reading, hopefully this blog post has helped you answer questions you may have had about plugins. As always, I invite readers to comment below with any questions or comments.

Read More

How a fake tech support scam works.

We have discussed fake tech support hotlines before, and I have had quite a bit of fun at their expense. But we have talked very little about what actually happens if you let the "technician" have his/her way with the computer. This blog post will seek to remedy that.

The first part of the scam can happen before you even pick up the phone. There are a few websites that these companies have set up that claim that your computer "may" be infected with a piece of malware. These websites then beg you to call a number to get tech support.

I did this test on a fresh install of Windows XP with all updates applied, everything is working properly and there really is nothing wrong with the machine.

I called a tech support hotline and told them that my computer was running very slow, they remote connected to my computer via one of their tools to check and see what the issue was. Once the technician remote connected, he ran a "tool" that he claimed would find what the issue was as well as any other things wrong with my computer.

The tool claimed that there was no antivirus installed on the computer, there were not any system restore points, I did not have a firewall installed, and I did not have critical updates installed.

The fact that there was no antivirus installed was false, I did have an antivirus program on the machine I used in this ploy. So the software lied, Strike One.

I also know for a fact that there was at least one system restore point because Windows makes a system restore point from when it was first installed automatically. Another LIE, Strike 2.

I was using the outbound firewall included with Windows XP Service Pack 3. Lie, Strike 3.

As I said, I had all updates installed and I was using Windows XP Service Pack 3. So, four lies told by the piece of software that is supposed to help the person that needs help. Would you trust a piece of software like that? I wouldn't trust it.

I showed the technician that the software he was using was incorrect on the four points mentioned above. Even when there was ample evidence to the contrary, the technician still said that my computer had issues such as not having a system restore point installed. So the technician also attempted to lie to me even when I had shown him proof that he and his software were both lying to me.

Disregarding the proof that the software was lying, the technician still attempted to sell me a service package. Because otherwise, he would not fix my computer.

I knew I had to make it clear that I knew that it was a scam to get through to him. So I did two things. First, I directed him to the running programs on the computer. Because I was using a Virtual Machine, it showed up that I was running a Virtual Machine in the task manager. I then directed him to my blog where I revealed to him that he had attempted to scam the wrong person this time. Caught in a web of lies, he attempted to talk his way out by still claiming that there was something wrong with my computer. When I told him that he was only digging a bigger hole, he very rudely hung up on me and it was over.

I am not sure where the thought of fudging the results to sell more service packages came from. But I think it came from the fact that one tech support company decided to pay technicians by commission. In theory, this seemed like a good idea at the time. Pay workers for the work they do rather then by the hour. But then technicians decided to fudge the results of scanning in order to sell more packages and in turn, make more money. This can be done by people who need the extra money, so I try to give the benefit of the doubt there. But still, people work hard to get the money they are bulled into paying to the tech support company.

If you got pushed into paying for a service package you did not need, I'm not saying you are dumb or stupid, but you did get scammed and you need to take action.

Thanks for reading, hopefully this answers some questions you may have about these scams. As always, I invite you to comment below if you have any questions or comments.

Read More

Mac Malware is now getting past Gatekeeper.

If you have been reading my blog from its humble beginnings, you know that it has been a long time since I have done a post about Mac malware. But how can you blame me? There really is not that much in the way of malware for the Mac. There is some, but still not that much in comparison to Windows. This post is the exception.

If you use the latest version of Mac OS X, you likely know about a feature called Gatekeeper. Gatekeeper is meant to stop malware attacks for the Mac by only allowing software that has been digitally signed by Apple to run. If you have recently migrated from Windows, or you have used Windows Vista or 7 for some time, this Gatekeeper is the Mac equivalent to User Account Control.

If malware cannot spoof the credentials and digital signature needed, the malware cannot get through. But recently, Mac malware has learned how to do just that. And echoing the way Windows malware subverted User Account Control, Mac malware is learning how to subvert Gatekeeper. Making Windows ironically safer then Macs due to the fact that User Account Control requires interaction from the user regardless of if the program is signed or not.

The malware that has learned to do this is relatively tame. All it does is covertly take screenshots of your desktop and uploads them to a remote server. It will not harm the Mac it infects, but it could become a potential threat to your privacy, and it is unwelcome on your Mac. But the message sent is clear. If this malware can do this, what's stopping malware that trashes your Mac from doing the same thing? Nothing. Nothing at all unless Apple takes action.

Thank You for reading this post. Comment below if you have any questions or comments.

Read More

Spotlight On Malware: Bring On The Flame!

This Spotlight On Malware will focus on a piece of malware discovered in May of 2012 that was arguably the most advanced piece of malware at the time. I speak of the Flame worm.

According to Kaspersky, the first antivirus company to discover the worm, Flame had been in the wild since 2010, maybe earlier. I will not go into what Flame does and how it does it, because to explain would take the better part of 7 pages. So I will only say that it is at least 20 times more complicated then the Stuxnet worm, it is a very large file (20 MB), and it was government written with attack purposes in mind.

When placed on a machine, Flame detected the antivirus software installed on the infected computer and modified it's behavior to avoid detection. Flame does not deactivate automatically, but when it came out that Flame was infecting the PCs of people who were not targets, Command and Control centers sent out a kill command for the worm to remove every trace of itself from all infected PCs.

While it is unknown who wrote the Flame worm, I believe that it was supported in some way by the United States. The Stuxnet worm was written as a joint project between the US and Israel, so this is not a shot in the dark as to what country was responsible for this worm.

Read More

Attack Of The Clones: What is a clone rogue?

One question I get asked a lot is what a "clone" is when I am referring to rogue antivirus software. This post will attempt to answer that question in a clear and concise manner.

The short answer is that a clone is a copy of another rogue. Oftentimes, rogue antivirus writers don't have the time or the energy to make their rogue unique, so they use the design of other rogues. The user interface for the rogue may be the same as another rogue, but it's under a different name. This is what makes it a clone. Some clones of rogues are so alike to the rogue that is being cloned that everything except the name is the same. So a condensed answer would be a rogue that is ripping off another rogue.

Oftentimes, clones are written by the same author that made the original rogue. This is done in order to help maximize profits. If the name of a rogue is well known, people will not pay for it, but if the writer switches the name up, people are more likely to buy it.

Don't think that the rogue writers are just being lazy. Because for every rogue, even if it's a clone, the writer has to set up websites, set up payment systems, actually make the rogue, etc. So a clone can be profitable. The downside to this is that removal methods are often the same with clones, so this makes it easy to remove.

Hope this answers the question of what a "clone" of a rogue is. As always, I invite you to comment if you have any questions or comments. Thank You for reading.

Read More

The Big Game: Who's on our side?

I recently helped a friend of mine remove malware from their computer when she be one mused on how lonely my job must be. "It must be so weird for you, to be one person against malware." My friend says odd stuff like that all the time, so this should not have stuck in my craw. But it struck a nerve and got me thinking, and as a polite person, I did not mention anything.

The best way to describe the landscape of those that try to stop malware and those that write, distribute, or make money off of it is a game. And yes, I know that saying it is a game trivializes it a bit, but the other example is that of a war, which is much too dark. Besides, I don't mean a game that children play, I mean a game such as a game of chess. The good guys versus the bad guys, in a game where there are no real winners or losers. Because "winning" means that we have the advantage, but there will always be a response to our advantage.

So, who are my allies? Who are the people I can trust to help win the game?

There are two distinct groups that fit the bill.

1. Antivirus writers and companies: Those who work or run one of these often know quite a bit about malware in one area of malware. Together, with several knowledgeable people, the antivirus or antimalware software can be a big asset to the rest of us. They write tools that we can use to effectively remove malware. Without them, we would be forced to remove malware manually, which is a much slower and harder process to go through.

2. Independent Researchers, and Removers: We will start with researchers. These people watch the internet for appearance of anything that may be malware, they test the malware in a safe environment to make sure that it is malware. Then they send samples to antivirus and antimalware companies so that they can make sure that their product detects and removes the malware. One way or another, Independent Removers get wind of it via friends in Researchers or antivirus/antimalware companies. If conventional antivirus software cannot detect the malware, removers offer their services until they can.

So, as you can see, I'm not alone. I am one of many people. I am one part of a big group which functions better as a whole. Divided, we may be able to do a small part, but together, we can just possibly win the unwinnable game. And for those that know about malware, the seed is planted in them. One way or another, they can help as well. This is why I blog, along with a few others who feel the same way I do about malware.

Thank You for reading, if you have any questions or comments, be sure to use the comment form below.

Read More

KeyScrambler: A preventive measure against keyloggers.

Over the past two months, I have been using a piece of software that claims to encrypt your keystrokes when you type and then decrypt them. An example would be when you are entering a password in. The software encrypts your keystrokes and then decrypts them when they get to the destination. This prevents spyware from logging your keystrokes and quite possibly use that password to the spyware writer's advantage.

I am talking about a piece of software called KeyScrambler, made by QFX Software. I had thought about this software before, but thought that it could not possibly do what it claims to do. However, after a bit of research and a test with an actual keylogger, I found that the software works as advertised.

This preventive measure can protect against most kinds of keyloggers because the software is at the kernel level of the operating system, which makes the encryption very hard for keyloggers to bypass.

KeyScrambler comes in three flavors depending on how much you want to encrypt your keystrokes.

The personal variant encrypts your keystrokes in most if not all browsers. This is the variant I am using as I type and it is encrypting my keystrokes.

The Professional variant adds protection in online games, email clients such as Mozilla Thunderbird, IM programs, and Windows Store apps.

The Premium variant gives you all that the Pro variant gives you, but adds protection when you login to Windows, when you use business and finance programs, when you use networking programs, and when you use encryption programs.

By and large, I think that it is a very good piece of software that works as advertised, does not use much in the way of resources, and stays out of the way. Like what I've said about it? learn more about it here.

As always, if you have any questions or comments, please comment in the comment form below. Thank You for reading.

Read More

Spotlight on Malware: MyDoom

The MyDoom Windows worm, also known as Novarg, and Shimgapi will be the subject of our focus for this post. The MyDoom worm was first discovered on January 26, 2004 and it has the infamous record of being the fastest spreading worm ever.

MyDoom seems to have been commissioned by spammers to send junk mail through infected computers. The worm contains the following text which suggests that the author of the worm was paid: "andy, I'm just doing my job, nothing personal, sorry." Who Andy is and his relation to the author is still unknown.

The first variant of the worm, known as MyDoom.A, carried two payloads. The first of which was to create a backdoor to allow the author to remotely control the computer without the user's knowledge or consent. The second payload was to launch a Denial Of Service attack against the website of the controversial company known as SCO Group. The second payload achieved destructive results despite the payload only working on 25% of infected computers.

A "B" variant carried the two payloads that the "A" carried, but the B variant also blocked access to Microsoft websites and to websites of antivirus companies. MyDoom resurfaced in the July 2009 cyber attacks that affected the US, and South Korea. MyDoom is estimated to have infected over 1,000,000 computers over the lifespan of the worm.

Thanks for reading this post. Remember to comment with any questions or comments in the comment form below.

Read More

Spotlight on Malware: The Gruel Worm.

It's been around since Windows 2000, but there still is not a way to remove this worm without formatting the hard drive. I speak of the Gruel Worm, one of the most destructive worms there is. It can run on all platforms from Windows 2000 to the latest Windows 8.

Gruel sets every executable and program to run Gruel every time the executable or program is ran. This means that really anything you do on your computer will trigger the nasty payload of the worm. And this payload is that it brings up an error message from the author proclaiming: "Your computer is mine now" among other things. And you cannot get the message box to go away. The worst part? You can't run anything, because everything is set to run the worm. So if you ever restart your computer while you are infected with this, you will not be able to run Windows at all.

Now, on removal: People have spent years trying to come up with a way to remove this worm without formatting the drive. There has not been a single way tried that has ever worked. And I have checked every single source I can find that would have info on this, there is no way I know of that a user can remove this thing without formatting the drive. Some of you may be thinking: "Why not just format the drive?" Because formatting the drive involves deleting everything on the hard drive, and you can't back it up to an external drive because everything is set to run Gruel. So, the only surefire way to be free of this worm is a tried and true scorched earth tactic.

So, in my opinion, Gruel is the worst worm ever and the most destructive worm.

Thank You for reading this post. I invite you to comment with any questions or comments.

Read More

How (Not) to Make Your Computer Run Faster With that advertised software.

If your Television habits are like mine, you have no doubt seen ads for a product that claims that it will speed up your computer. Are they any good? Well, not really. At best, most of them are complete rubbish and don't do anything you could not already do. At worst, some of them exaggerate the issues and behave like a rogue antivirus program until you pay.

Some may be guilty of nothing more then overselling the product. Because those ads claim that the product will clean malware from your PC. But most of the advertised programs are registry cleaners, so how does a registry cleaner remove malware? It doesn't, so it can't. If your computer is infected with malware, you need a program designed to remove malware. Not a program designed to be a registry cleaner, if that.

Some claim that they will defragment your hard drive, which you can already do with Windows. So why would you pay for something you can already do for free?

In reality, most of these programs are nothing more then registry cleaners. They will do what a registry cleaner normally does, but nothing else. The bottom line: Nothing can bring a five year old or older computer back to the speed it was when it was new.

One registry cleaner that I use is called CCleaner. It does it's job well and I have noticed quite a difference in the speed of my computer with it. It is free, so it will not exaggerate in order to get you to pay for it. You can find it and read more about it here.

Thank You for reading, as always, I invite you to comment below with any questions or comments.

Read More

A brief look at Windows 8.

Now, it's been on my radar for a while, and it's something I've wanted to do. But I never had the time to give Windows 8 the quality look over it deserves until a few days ago. This is not going to be a definitive review, this is just my take on how Windows 8 looks.

The first thing you notice is that you have to give Microsoft two ways of contacting you and confirming it's you. When I saw this, I said that they were doing the same thing as Google nowadays, you have to register with a phone number. So I just put in my area code and then random numbers. I also had to pick a security question which included options such as "best childhood friend." I chose this option and put in my first name.

Once I had gotten everything with setup squared away, I went to the new Start menu. My first thought was that it had a nice tile interface. I opened Internet Explorer and went to YouTube. I found that I did not even have to install flash player, which I think they are including now.

Once I was done browsing, I looked for the charm bar, that new sidebar where you have to move your mouse to the top right corner to open it. I really did not like the charm bar that much because of the fact that making it easier to open the charm bar with a touchscreen made it harder to open it with a mouse.

I went to the start menu and opened up the Windows Store which was labeled "The Store." It's the only store, there are no other stores now, Microsoft owns everything. :)

Now, when I went to the desktop and opened Task Manager, I saw "Antimalware Service Executable." This is Microsoft's new version of Windows Defender which is meant to protect against all kinds of malware now. So what I did was download the EICAR test file, and Windows Defender raised alarms at the file. Not bad, it works and Microsoft is actually including antimalware with Windows 8. From my viewpoint, this is a good thing. Because even though Windows Defender can't beat a few third party antivirus software, it's still good.

I would give you the rest of my findings, but this should be brief. In my opinion, with Windows 8: Some things changed for the better, some things changed for the worse. Windows 8 seems like a good, solid operating system that I think has unfairly found a bad reputation in some groups.

Read More

A few jokes about computers.

The work of someone who watches for malware is not always serious, I get to have a few jokes along the way. Here are a few of the jokes that I have come across, and a few I have made up myself.

WARNING: Make sure you are not drinking anything before you read on. If you short out something in your computer it is your fault. :)



1. A few nights ago, I found an infomercial from 1992. The infomercial was selling a computer that came with a subscription to two encyclopedias, one of which was said to update silently. At first I did not hear it right, so here is what I was thinking: "So, there's a silent encyclopedia, and a really loud one?"

2. Does anyone know where I can get some blinds to keep the malware out of my Windows? I'll pay top dollar.

The bulk of the rest of these are going to be about factional viruses.

3. The Airline virus: You are in Dallas, but your data is in Singapore.

4. AT&T virus: Every three minutes, reminds you of what great service you are getting.

5. Right To Life virus: Won't allow you to delete a file, regardless of how old it is. If you attempt to erase a file, it requires you to first see a counselor about possible alternatives.

6. Texas virus: Makes sure that it's bigger than any other file.

7. Arnold Schwarzenegger virus: Terminates and stays resident. It'll be back.

8. The MCI virus: Every three minutes it reminds you that you're paying too much for the AT&T virus.

9. New World Order virus: probably harmless, but it makes a lot of people really mad just thinking about it.

10. Nike virus: Just Does It!

11. I needed some new software for my computer, so I went to the computer store. While I was there, an employee demonstrated how a new piece of software worked. He claimed that the software would do half of the work for me, so I bought two copies so I would not have to do any work at all.

12.What is a .jar file? A file that can be kept inside a jar.

Hope you liked this small sample of jokes. Thanks for reading. If you have any jokes about computers you would like to have included in this list, please comment below.

Read More

Malware: It could happen to iOS too.

Some of you who read my post about Android malware may be thinking that iOS is safer. "A walled garden" as it is called where you can only download apps from one place must be safe... right? Unfortunately, that is not the case.

As of May 2nd 2013, an app from the app store was identified as malware by Bit defender Virus Scanner, a free app available from the Mac App Store. It has been confirmed that this is not a false positive, and the app actually contained a JavaScript Trojan Horse. This means that the app was infected with a string of malware that did not spread aside from downloading the infected app. The string of text in question is an iframe, which embeds a remote website. So if this iframe was read on a Mac, the iframe could lead you to the website that is embedded in the code of the app. And if the website in question is malicious, your mac is infected without you even doing anything except plugging your iOS device into your Mac and playing an MP3 file in the app.

As of this writing, the website that the string leads to is not responding.

Note that this malware is not a cause for concern at this point. And no, I am not trying to scare you.

But as someone who keeps his eye out for malware, it shows how Apple's process for app screening has room for improvement. Testing in a sandbox to watch the app's real world activities would almost certainly detect any malware or malcode in the app. But as it is unknown what the screening and approval process is, it is unknown if something did not work or something that should have been done did not get done.

Let me state that the app in question, which I will not name, is completely harmless at this point. Because at this point, there is no content in the website where the app points to. So this could possibly be an example of poor coding practices.

You can think whatever you would like about the app, but bottom line is that something sketchy is going on, but we don't know what. Was this code injected into the app by someone with malicious intent, or was it a poor coding practice used by the app developer? That question still remains.

I certainly hope that it was just a poor coding practice by the developer, after all, a false alarm is my favorite kind of alarm.

Comment below with your take on this. Is it malware that may or may not have been put there intentionally, or is it a poor coding practice?

Read More

Android Malware: The robot can be infected.

By popular demand, finally a blog post about Android malware.

Some people say it can't be done, some say it's a plot by antivirus companies to sell you protection that does not do anything at all. But make no mistake, there is malware lurking on a platform that Mac users and Windows users alike use: The Android on your phone.

Smartphones have dominated the phone market these days, and while Apple holds a death grip on quite a chunk of the market, there are some people who want to be able to do stuff like say, download from anywhere, not just from one phone app market. But this leads to trouble on this platform, because where there's a way, there's a will for malware writers to take advantage. This means that your cell phone could be infected with malware, and you may not even know it.

For most Android malware, the con is the same. A website you go to while surfing the internet convinces you to install an app that you may want or need. Sometimes if you take a look, the websites offering these apps look a bit suspicious, but there is nothing that really trips your bull monitor. So you download the app, if you read the permissions that the app asks for when you install it, they may look a little odd to you. For example, let's say you download an app called "Christmas Carols" because you want to feel a little merry right now. But when you go to install it, it asks for permission to read your text messages and make calls. Does this sound funny to you?

Some malware for the Android platform downloads and installs itself silently, so you do not know it is there. But it is there, recording your phone calls, reading your text messages, and doing everything else you would expect malware to be able to do.

I close with a summation: There is malware for the Android platform, and the more popular the platform gets, the better the odds are it can happen to you.

Thanks for reading, I hope my first post about Android malware looks alright. If you have any comments or questions, feel free to comment below

Read More

"Stupid Malware! You made me drop my sandwich!"

The title is a quote from a client who was frightened by a piece of malware meant to scare the user.

The malware in question was the email worm appropriately dubbed the "scare worm." This worm spread by mass mailing itself to your email contacts. And what it did was display some text via VBScript that claimed that it was deleting your hard drive. But it does not delete the hard drive, it's just messing with you.

After I removed the worm from the computer and made sure that the hard drive was fine, I told the user that it was scareware and was only designed to scare her. As it was lunchtime, she responded with the line: "Stupid Malware! You made me drop my sandwich!"

We had a good laugh over that line and I hope you do as well. I think that the lesson here is not to use your computer when you are eating. And if you have to have a sandwich while browsing the web, don't forget the mayonnaise.

That wraps up this funny post, thanks for reading. If you have a question or comment, sound off in the comment form below.

Read More

How to remove Internet Security (Rogue)

I had been looking for something to blog about, then I found a new rogue antivirus out there called "Internet Security." Original name, right? So anyway, it's in the Malob family of rogues and it has a interesting user interface. It has a blue and black theme which is kind of like Windows Vista. But when it is running, it blocks everything. This includes internet browsers and tools you would use to remove it. So how are we going to remove it? Safe Mode. The rogue does not run in safe mode, therefore you can run programs.

For removal, I recommend running a quick scan with Malwarebytes Anti-Malware, which you can download here.

Install it, run it, make sure it's updated, then run a quick scan.

Once the quick scan is done and you have restarted into normal mode, your PC should be rogue free.

Thanks for reading this post. You can comment if this removal post helped you, or if you have any questions.

Read More

Glipho

About a month ago, though I could not give you the exact date, I embarked on a new journey in my blogging career. Little did I know that the blog I first intended to be a mirror to this blog would become a blog in it's own right.

It all started in Late march. I had just finished posting a new blog post and posting about it on Google+ when after a few minutes, I saw the one comment that would change my blogging career forever. From Glipho's profile on Google+, I saw the following text in praise of my blog: "So cool! Really enjoyed the post! Your blog is always such an awesome read! Would you be interested in sharing it on Glipho?"

At first I was skeptical, as someone in my line of work tends to be. But after a brief excursion through my favorite search engine for answers, I found that it was for real. I opened up a sandboxed browser and navigated to the Glipho website. In the sandbox, malware could not infect me from a website even if it was infected. Nothing that is suspect on my radar is going to infect me! Once I found that the website was real and was not harboring malware, I took a quick look at some of the posts on Glipho and found that there was no way a robot could have written posts like those. So I decided to take a plunge, I replied to the comment and asked how I sign up. The reply came quickly with a link on where to sign up. I signed up and got prompted to import my blog posts from another blog if I had one. Of course I wanted to do that, so I did.

It was a bit of a slow week the first week I spent blogging for Glipho, but things gradually picked up after a week. I realized that a blog on Glipho was not simply going to be a mirror to my main blog, it was going to get it's own readership while I did very little to promote it. It was like a get more readers free card, and one that I was not going to waste when the goal of my blog is to stop malware.

Interested? You can sign up and learn more at: http://glipho.com/
If you want to see my Glipho blog, it can be found at: http://glipho.com/anti-malware-blogger

Read More