How to remove the Reveton Ransomware (UPDATED)

This piece of malware, known as the Reveton ransomware, is still infecting people. And although the steps I made to remove this malware earlier on in the year still work for some variants, Most variants have adapted so the first method of removal no longer works. That being said, I have decided to write another guide with both methods of removal included.

If you can go into safe mode just fine, this is the guide you will want to follow.

Step 1: In safe mode with networking, open your web browser and go to http://www.malwarebytes.org/

Step 2: Click on free download. Download and Install Malwarebytes Anti-Malware

Step 3: Once Malwarebytes Anti-Malware has been installed, run a full scan.

Step 4: After the scan is complete, it may prompt you to reboot your computer to finish removing any detected items.


If you cannot go into safe mode without the ransomware blocking you from doing anything, or the above method does not work, follow this method. Note that for a few steps, you will need to have access to an uninfected computer if you cannot go into safe mode. These steps are slightly more involved then the above steps, but I have done my best to make it easier to do.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go here and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.


Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.

Read More

News on the new blog.

It's been a little over a month since my last update on a blog that I've been working on. So here is some more info on what is going on.

First off, the new blog is now what I consider to be in late private beta. I will be sending a link to a few select people who will be part of the first group of beta readers soon. I have been focusing on getting blog posts up and creating the website. This brings me to the point that the blog is an actual website, not just a blog.

When I first started blogging, I was aiming for simplicity. My blog only had one page which was the blog itself. With this new blog, the design is meant for simplicity, but there are five pages so far and there is also a contact me tab.

I honestly do not expect this new blog to get read much at all. If I am being realistic, I consider this to be a stepping stone to a new blog with paid hosting. And it will culminate in malwareaware.com if all goes to plan. After I make the link to the new blog completely public, I will look into the feasibility of WordPress as the last platform that will have malwareaware as a sub-domain.

I write this post with another purpose then informing my readers, I also write to ask for help from you. If you consider my blog to be a good resource for those that are infected with malware, share it. To maximize my audience, this blog must become viral. It must become viral to the point where it rivals the speed of viruses in spreading. Because when the cure spreads as fast as the illness, it gives us a true chance in winning the war.

This post also serves as a reminder to my readers and to myself that I will settle for nothing less then the complete eradication of malware.

The quoted text below is from Professor Stephen Hawking during his Life in the Universe lecture. The full text of the lecture can be found here.

"I think computer viruses should count as life. Maybe it says something about human nature, that the only form of life we have created so far is purely destructive. Talk about creating life in our own image."

Read More

Why read my blog?

I originally wrote a small list of reasons to read my blog for my first blog post. But as it has been a little over five months since I started blogging, I feel that it would be a good exercise for myself and a help to my readers to reaffirm this. And while my vision and goals may have changed slightly from my beginnings, I still have the same ultimate goal in mind as I did five months ago.

1: I am Independent. I do not work for any company that wants to sell you its products. I also have no affiliation with any company at all, save for the fact that I may use their products. I am not contracted by any agency that assists companies or corporations in selling their products. And of course, I do not work for Microsoft in any way, shape, or form.

2: I've been a victim of malware. I recognize that no one is born knowing the information I post on my blog. As such, I was a victim of malware countless times before knew what I know now. As a result, I now am determined to help bring about the end of malware in some way. This helps me blog, because I blog with only one goal in mind.

3: I do not run ads. Quite simply, I do not run ads on any blogs that I author. And as such, I do not make a penny off of my blog. And while this may change in the future because of the fact that the future is unpredictable, I have no plans to run ads on any blog that I have now or will have in the future. This helps keep the look and feel of my blogs clean and less susceptible to malware.

Now here is what you will not get by reading my blog:

1: Malware. I can't say that it is impossible you will ever get infected again, but you can lower your risk by following my advice. Also, I will not distribute malware to any party on any blog platform. Besides the fact that it is against the terms of service, it would violate my ethics.

2: Someone talking over your head. I've been to enough talks to learn that some computer experts really do not explain themselves clearly when they are talking to the public at large. In some cases, this is so bad that you could almost swear that the person talking is using a different language. And while I might fail in some aspects, I try to explain things as best as I can.

3: A completely boring blog. Boredom. It's a constant on the internet at some point. I not only fight malware, but I also fight boredom. Sometimes I call fake tech support companies or they call me. When I have them on the line, I mess with them and waste their time as much as I can. By reading these posts, you do your part to fight against boredom.

Thank You for reading. I invite readers to comment with any questions or comments.

Read More

6 outdated gadgets that we still use.

This post will include mentions of gadgets that today are seen as outdated or obsolete, yet we still use them. For the gadgets on this list: Outdated? Yes Outclassed? No.

Fax Machines: In the 1970s, fax machines became valuable office devices. This device processed the scanned paper as a fixed graphic image which it then converted into a bitmap and them transferred it through the phone system. The receiving machine then reconverted the image before printing out a paper copy. These machines are still in use by offices even with the invention of email already ten years old. Perhaps this is because signed copies of documents are still required, and using a pen is very user friendly.

Windows 98 and 2000: While some of the newest cars on the market are electric, there is always someone who will not part with a 1977 Honda Civic. If it worked good during the Carter Administration, it will work good now. By the same token, 0.05% of people are still browsing the internet on computers running Windows 98 and 2000. And considering that there are over 300 million PCs in use in the USA alone, there are more then 150,000 people using an operating system from the last century.

VHS tapes: Even though we can now stream shows for on demand viewing, VHS tapes are still going strong as a reliable and cheap way to get family memories recorded. I myself am guilty of still having a collection of movies on VHS which I make a selection from when I feel like watching a film that was not released a few years ago.

Pay Phones: Costumed superheros reading this post will want to play close attention to this one. The USA still has 305,000 working pay phones. This is one gadget that is primarily used by low income users who cannot afford a cell phone. It is also used by cell phone users who cannot get service. And of course, spies also use them to avoid tracking or detection.

Pagers: In the early 1990s, there was no better status symbol then the pager. Like an emergency surgeon or the CEO of a Fortune 500 company, you were important enough to be reachable at all times. With the high popularity of cell phones, you would think that this gadget would die. But many doctors and hospitals still find pagers more reliable, particularly in emergencies when cell phone networks are down.

Dot matrix printers: This is a 20 year old gadget that has not been in my home or office for years. But I can still hear the sound of a printout on a Dot matrix printer. This is because point of sale, warehouse inventory, and other business systems still require carbon copy and multipart forms that work only with the hard impact of a dot matrix printhead.

Thank You for reading. I invite readers to comment with their experiences with outdated gadgets such as these. Moving foreword, perhaps these gadgets will still be used several decades from now as technology that is outdated, but still not outclassed.

Read More

Why malware writers write malware.

"What motivates who create malware?" This is a question that I have been asked more then a few times by those that I have helped remove malware. And while my answer is always a good one, it really does not paint a full picture. Because to really understand, we need to go beyond the scope of that question. We have to ask what motivated those that made the first pieces of real malware.

Back in the 1990s, malware writers were teenagers who really did not have much in the way of motivation. They wrote malware to create some interesting effect, or to impress friends. There was no intent to cause real harm with this. Some however, had a score to settle with someone such as a former boss. These few took another step and made a piece of software with the intent to cause harm. But even at this level, malware of the 1990s did not match the intent of malware today.

In the 1990s, very few writers tried for real and irreversible harm. Make it clear who was superior in this new world of technology and then move on. For a while, this was the system. But it had to happen, someone would change the world forever.

After those who had scores to settle did their malicious deeds, quite a few people realized that this new thing called malware worked well. And so began the first wave of serious malware. Most of this malware did something to either inconvenience the user, or made the computer unusable in some way.

Flash foreword to today, and those who write malware can now make money off of writing malware. And one thing that is often asked as how the malware writers of the 1990s would feel about the malware of today.

People ask if the malware writers from that time would be impressed at all. My answer is a theory which I really cannot verify, but I know it to be true. My theory is that the writers from the 1990s and the writers of today are the same people. They are the same people doing the same thing they have done for over a decade. And at this point, with all the ways to make money using malware, It is a sure bet that the malware writers are not letting their talents go to waste. They are getting paid, this is something I am sure of.

Thank You for reading. I invite readers to comment with any questions or comments.

Read More

Interrupting the fake tech support scammer: Part 2

This is continued from Part 1 of the already funny call between me and a fake tech support technician.

Tech: "OK, once again, I am calling from Microsoft. OK?"
Me: "OK. But why is Microsoft calling me?"
Tech: "Because your computer has been infected with viruses."
Me: "OK. And this is something that Microsoft did, correct?"
Tech: "No sir. Viruses can infect your computer by-"
Me: "Why is it that Microsoft is pestering me to upgrade my computer? Now they are- I'm sorry, what are you saying?"
Tech: "Sir. I am calling to help you remove the viruses on your computer."
Me: "Of course you are. You infected my computer, you should fix it."
Tech: "No sir. I did nothing to your computer."
Me: "I know you personally did nothing. But someone else from Microsoft did it."
Tech: "Whatever you would like to think sir. Now can we fix the problum?"
Me: "Yes, I want my computer fixed, even though I'm placing the blame for that on Microsoft."
Tech: "OK. Now are you in front of the computer?"
Me: "Yes I am."
Tech: "OK. And is the computer on?"
Me: "Yes, the Mac is on."
Tech: "Sir, do you have-"
Me: "Why is Microsoft calling about my Mac in- Hello?"
Tech; "Yes sir."
Me: "Well you cannot keep talking while I am talking. Otherwise I am not going to hear you."
Tech: "OK sir."
Me: "OK, shall we begin?"
Tech: "As long as you stop interrupting me."
Me: "I am not interrupting you. You are interrupting me."
Tech: "Sir will you listen to what-"
Me: "Why do you keep talking over me? You called me, and I was under the impression that you were going to help me. I am not going to- Will you stop that!"
Tech: "Stop what sir?"
Me: "That, that- You know what you are doing sir. That is very rude what you are doing."
Tech: "OK, sir. Can you answer a question for me?"
Me: "Sure."
Tech: "Do you have a computer running Windows?"
Me: "No, I only have a Mac."
Tech: "OK, then I am sorry to bother you sir."
Me: "OK. And I am sorry that we had that issue with you interrupting me."
Tech: "OK sir, have a good day sir."

The tech was quite nice on the phone, even though we were going in circles with me not allowing him to get out anything more then the basic script. And I have a feeling that he did not know what was going on until after he hung up.

Read More

Interrupting the fake tech support scammer: Part 1

Over the past while, I’ve been posting transcripts of calls between me and fake tech support technicians. Sometimes they call me, sometimes I call them. And when I post these, they always get some kind of positive response. So because of this, I am planning to keep doing this along with my posts about malware. I could possibly make another blog just for this if I get enough positive feedback on it. So if someone thinks that is a good idea, I would ask that person to let me know in some way.

Now in this transcript, they called me. The tech on the other end claimed to be calling from Microsoft. And if you have read posts like these, you know that I did what I had to do. I kept him on the phone for some time, he was being stubborn. Good news for me and those who need a laugh, and good news for those that he might have scammed if he had not called me.

Me: "Hello?"

Tech: "Yes sir, I am calling from Microsoft. My name is Jim. How are you doing today?"

Me: "I am doing well, thank you for asking. I'm glad you called."

Tech: "OK, thank you."

Me: "Oh, you're welcome. Now what are you calling about?"

Tech: "I'm calling because-"

Me: "You said you were calling from Microsoft. But I was- I'm sorry?"

Tech: "Yes sir, I am calling from-"

Me: "We seem to be having- Are you there?"

Tech: "Yes sir, I am here."

Me: "Can you hear me?"

Tech: "Yes sir. I can hear you well."

Me: "OK. It seemed like we had some sort of issue there for a minute. How about we start from the beginning?"

Tech: "OK, first off, I am calling from Microsoft-"

Me: "Microsoft? Are you calling me to try to get me to upgrade?"

Tech: "No sir, I am calling because-"

Me: "My computer works fine, I don't want to upgrade- Are you there?"

Tech: Yes sir, what is the problem?"

Me: "Well I am trying to get some information about who you are and why you are calling, but you keep interrupting."
Tech: "Can you hear me?"
Me: "Yes, I can hear you OK. But you can't talk at the same time I'm talking or else I will not hear you."

Tech: "OK, I am calling because it has been reported to Microsoft that your computer has been infected with-"

Me: "I already paid for my computer and my computer work- Are you there?"

Tech: "Yes sir, I-"

Me: "Why do you keep talking over me? That's very unprofessional, and I may want to buy what you are selling. But I can't do business if i don't know what you are selling."

Tech: "Sir I am not selling anything. I am calling to remove-"

Me: "Let's start from the beginning, from scratch."

Continued in Part 2.

Read More

I am going to be a billionaire!

For those of you that have been reading my blog for some time, you know I like to mess with scammers, fake tech support and the like. But this has a bit of a twist to it. Yesterday, I got an email in my spam folder informing me that the phone number for my BlackBerry phone had won a UK lottery. The prize? £8.3 billion. And all I have to do is call a telephone number.

There are four things that made my "scam" alarm bells go off:

1. I don't own a cell phone, much less a BlackBerry.
2. I do not live in the UK and have never even been to the UK.
3. This email was in my spam folder.
4. I have not entered a lottery even once in my life.

So this was oviously a scam. But I was a bit curious about the phone number. Not having much else to do at the time, I called the number. This is the transcript of the call, which I had the thought to write down.

Scammer: "Hello. Thank You for calling. How may I help you?"
Me: "Yeah, hi. I got an email saying that my phone won a UK lottery. But I don't remember entering a lottery."
Scammer: "Yes sir. What is your name?"
Me: "Uh, Tom."
Scammer: "OK Mr. Tom. Where are you calling from?"
Me: "I'm calling from the USA, but I live in London."
Scammer: "Sorry, from where?"
Me: "From the UK. I live in London."
Scammer: "Yes sir, I know you live in London. But where are you calling from now?"
Me: "I am calling from the United States of America."
Scammer: "OK, thank you sir. Now what is the phone number for your BlackBerry phone?"
Me: "Actually, there is a bit of an issue there."
Scammer: "What would that be Mr. Tom?"
Me: "Here's the thing. I don't own a cell phone and have never owned a cell phone."
Scammer: "I'm sorry?"
Me: "I don't own a cell phone. And I know that this is a scam."
Scammer: "I am sorry sir, you said that this is a scam?"
Me: "Yes I did."
Scammer: "OK, well I am sorry you feel that way sir."
Me: "It is not that I feel that way, it's that I do not have a phone and I did not enter a lottery."
Scammer: "OK, are you through sir?"
Me: "Yes sir."
Scammer: "OK, well I am sorry that the email bothered you sir. Have a good day sir."
Me: "And you as well. Bye Bye."

I hope I can still get my billions, I want to buy some stuff.

Thank You for reading. If you found this funny, or you wish to make a claim for some of the money I am getting, be sure to comment below.

Read More

Use VBScript to pull a joke on your friends.

Do you want to play a trick on your friends, family, or coworkers? Well this one's for you. You can make a fake piece of malware on your victim's Windows computer by using VBScript. I will provide a step by step system which you can use to make the "malware." What you do with it, or how far you take the joke is entirely up to you.

Step 1: Open notepad by going to the start menu and typing in notepad. Once you see notepad, click on it to launch the program.

Step 2: Copy and paste this code: X=MsgBox("Message Description",0+16,"Title")

Step 3: Now for the fun part, customization. You can change what the message says by changing the text in the quotes with what you wish to place in. You can also change what kind of message box pops up by changing the numbers outside the quotes.

First Number:

Put in 0 for the OK button
1 For OK/Cancel
2 For Abort/Retry/Ignore
3 For Yes/No/Cancel
4 For Yes/No

Second Number: This deals with the icon that shows up beside your message.

16 For the Critical Icon
32 For Help Icon
48 For Warning Icon
64 For Information Icon

Step 4: Save your "malware" by pressing the file button in the notepad window, then press save.
Put the file on the desktop, but be sure to give it a nice name before you save it. Whatever name you give it, it must end with .vbs (For example, if you were to name it My Computer, the name would have to be My Computer.vbs)

Step 5 (Optional): Adding more. If one message box is not enough and you really want to freak out your victim, add another message box. Open the file by right clicking the file and then pressing edit. Add another message box by pressing enter twice and using the same code from above. Follow the same first 3 three steps from above, just like before. You do not need to follow the forth step. This is because once the file has been saved to the desktop, you can save the new code to the file by closing the notepad window. It will ask you if you want to save the changes, click yes.

You can make the malware ahead of time on your own Windows computer. Once it is finished and you are ready to show your victim, follow these steps.

Step 1: Copy the file to a flash drive.

Step 2: Take the flash drive to your victim's computer.

Step 3: If your victim is not at his or her computer, but the computer is on without it being password protected, move the file from the flash drive over to the desktop of the victim. If the victim is at his or her computer, hand them the flash drive and ask them to open the file you put on the flash drive.

Step 4: Once the prank has begun, act like you have no idea what is going on. For example, you could say: "What did you do? It has never done that before."

Once again, how far you take this prank is up to you and I accept no responsibility for what you do with this code, or the reactions of your victims. Thank You for reading. Be sure to comment with results if you decide to play this prank.

Read More

Armor For Android

 Update: Published on 9/11/2013
--------------------------------------------------------------------------------------------------------------
 Attention all future readers of this blog post: In some cases, with some newer variants of Armor for Android, this removal guide may not work correctly. If you came here because you are infected with Armor For Android, please go to the following removal guide which has been revised.

http://malwareaware.blogspot.com/2013/09/armor-for-android-updated.html

I will leave this blog post up because of the fact that this has already been read so many times.

------------------------------------------------------------------------------------------------------------
Original post:

It seems that the Android platform is getting to be quite the hotbed for malware. And while most android malware out there at this point are Trojans, a new app is actually a rogue antivirus program. So rogues are starting to move to the Android platform.

You get infected by going to a webpage that claims that you have to install antivirus software because new threats are emerging for the android platform. So you can only be infected if you install it and because of this, I do not expect that there will be many infections. I would think those that read this blog would know not to trust something on any device that says they need to install something that they did not go looking for.

But, failing that. If you do install the antivirus, you will notice that the price of the antivirus is $1.99. This is a weekly subscription, so you could be spending over $100 a year on a rogue if you do buy this.

Obviously, you would want to remove this. And removal requires only one step.

Step 1: Uninstall it. The malware does not have a trojan element to it, so it is only the program and the APK file you have to be worried about. And this can be done by going to the settings menu. From there, press Applications, then press Manage Applications. From this point, you will find the apps you have installed on your Android Device. Find Armor For Android, press on the app, then press uninstall. Your device should give you a notice that the app was deleted. From here, your device is not infected anymore with this malware.

If you would like to protect your Android device from malware such as this, there are quite a few free options out there for security. I personally recommend Avast! Mobile Security. I recommend this not just because of its antimalware component, but also because of its anti-theft component.

Thank You for reading, as always I invite readers to comment with questions or comments.

Read More

12,000 Views.

The title is self explanatory, but I just want to say it out load. My blogs have collectively reach the 12,000 view mark. This is in my opinion, really awesome. And I know for myself that I have my readers to thank.

I had no idea that my blog would ever get viewed, and the feeling I have now that it is getting viewed is indescribable.

I have been blogging for about 5 months now. I started on the 21st of January in the year 2013, the same day as my birthday. So for this response to my blog, I just have to say thank you to all of my readers. I never expected my blog to ever get read, I was one voice in a sea of voices, trying to carve out a way that I might be heard.

I thank all of my readers, all my fans, and all my detractors if there ever are any. If you guys did not read, I would have no reason to write. Our relationship comes full circle because of this. The friendship between the author and his readers is not one that can be truly measured.

I also have two blogging platforms to thank for this, and I will have more to thank as my adiunce grows and I breach out into other platforms to spread my knowledge.

First, I would like to thank Blogger. As my first blogging platform, Blogger gave me the roots that I can now shoot from. Although I may be destined not to become popular on Blogger, Blogger has a special place in my heart for giving me a launching pad for those first two months of blogging.

Glipho: This blogging platform may not have been part of my plan as a blogger from my humble beginnings, but it has truly grown on me. Not just as another platform that I can spread my knowledge on, but as a social network in its own right. In using Glipho, I have found quite a few people who have become regular readers and feel the same way about malware that I do.

Both of these platforms are, and will continue to me, instrumental in the pursuit of my goal of stopping malware.

Once again, I would like to thank all my readers. I also thank you for reading this post. It really means a lot to me. I invite readers to comment with any questions or comments.

Read More

Fake Tech Support Conversations: FAILS

For those of you that have just started reading my blog, I often find that there are fake tech support companies trying to make money by playing off the fear of others. How such a company works is that they either call the victim or they get the victim to call them. They then convince the victim to allow remote control of their PC. After the scammer has remote control, he or she finds fake "issues" such as viruses on the victim's computer that do not exist on the victim's computer.

Now, I said that they call victims, they mostly do cold calling. But occasionally they run into someone who knows that it is a scam and has nothing better to do then waste their time. This blog post will include some of the pranks I pull on these scammers that just did not work. And if you have been reading my blog for some time, you recognize this post as another one that is going to be funny. So without any further ado, these are the FAILS that I decided to share with my readers.


Tech: "Are you sitting at your computer?"
Me: "Yes."
Tech: "OK, and what is your lost name sir."
Me: "Henderson."
Tech: "OK Mr. Henderson, and what is your first name?"
Me: "Florence."
Tech: "So your name is Florance Henderson?"
Me: "Yes."
Tech: *Hangs Up*
Me: "Hello?"


Tech: Thank You for calling 24/7 PC Guard, how may I help you?"
Me: "Yes, I want to order a pizza."
Tech: "Sir, you do understand that you are calling a tech support company... right?"
Me: "Yes, now what toppings do you have?"
Tech: *Hangs Up*
Me: "Do you offer free delivery? Hello? Why did you hang up on me?"

Tech: "Sir, I recognize your caller ID as the same person who called us yesterday and disrupted our work. Are you calling with an actual issue, or are you just going to be a nuisance again?"
Me: "I was hoping to do a little bit of both actually."
Tech: *Hangs Up*

Tech: "Thank You for calling Securebit Technologies, my name is Dave. How may I help you?"
Me: "Where is the nearest PC repair shop?"
Tech: "Sir, this is where you get tech support for a PC that has issues."
Me: "Well maybe you can help me then. I shot a bullet through my PC because it would not load fast enough."
Tech: "So, your computer is running slow?"
Me: "It was."
Tech: "OK, and what have you tried to remady the issue?"
Me: "I shot the screen off with a double barreled shotgun."
Tech: *Hangs Up*

Now for the Finale, 24/7 PC Guard talks to Securebit Technologies.

24/7 Tech: "Thank You for calling 24/7 PC Guard. My name is Kevin, how may I help you?"
Securebit Tech: "Thank You for calling Securebit Technologies. How may I help you?"
*pause*
"Hello?"
24/7 Tech: "I'm sorry sir, we do not need any help. Hello?"
Securebit Tech: "Yes sir. How may I help you today?"
24/7 Tech: "I'm sorry sir. It looks like someone 3-wayed our call. They were in the background earlier, and I am sorry for this."
Securebit Tech: "I'm sorry?"
24/7 Tech: "Someone connected our call or something. I am so sorry for this."
Securebit Tech: "I see."
24/7 Tech: "OK, have a good day sir."
Sceurebit Tech: "You too. Bye."


Thank You for reading. As always, I invite readers to comment below with any comments or questions.

Read More

Malwarebytes Anti-Malware

Those of you who have been reading my blog for a while know that in my self help removal posts, I often recommend the usage of a tool called Malwarebytes Anti-Malware. Although, I give little information on what it is and why I use it. This blog post will help explain just that and will help you understand why I use it.

Malwarebytes Anti-Malware is a piece of software that tends to do very well at the job of detecting and removing malware such as ransomware and rogue antivirus software that conventional antivirus software just is not meant to remove. It is very easy to use, and it is one of the only tools that I recommend keeping on your computer after you have removed a piece of malware.

I like Malwarebytes so much because it is designed to be compatible with conventional antivirus. Think of it as the armed security guard you have posted behind a locked door, an extra layer of protection. It is also lightweight and will not slow your system down.

Simply put, I like Malwarebytes Anti-Malware because it does the job well. So well that antivirus companies often recommend using Malwarebytes Anti-Malware as an extra layer of protection, or when their antivirus just cannot get the job done.

Malwarebytes Anti-Malware is available in a free version which allows you to scan your hard drive for malware on demand. This is the version I use myself as it is highly robust despite being free, and my regular antivirus blocks most threats from reaching my computer in the first place.

It is also available in a paid version which gives you the same features as the free version and it also gives you real-time protection to keep malware from getting to your computer if it gets past your main antivirus program.

Quite frankly, I love it. My only complaint is that you have to update it manually in the free version, you have to pay for the paid version if you want automatic updates.

You can read more about Malwarebytes Anti-Malware here.

Thank You for reading. As always, I invite readers to comment with any questions or comments.

Read More

Spotlight On Malware: The Ari Virus.

The Ari Virus is a virus written for DOS which is quite annoying, mostly because it takes its sweet time writing a mini biography by typing out one letter at a time. It also plays consistent sound through the infected computer's speakers. It only works half of the time that the command is launched. So like other viruses of that era of computing, the virus cannot do much unless you run it. I have the entire message reproduced below if you would like to read it, but it is quite a long one. So if you do not want to read it and you decide to just skip to the bottom, I will understand. And the info in this message is from the 90's, so it is likely not correct anymore and I imagine that the person it references is dead by now. Not sure on that, but it is probable.

"Real Name: John A. Buchanan
Alias: Page, Jimmy Page, Aristotle.
Home Phone: (804) 595-2672
Work Phone: (804) 857-6000
BBS Phone: Black Axis, (804) 599-4152
Address: 502 Hammond Street
City/State: Newport News, Virginia
Employer: Information Technology Solutions
Work Loc: 2551 East Elthoma
InMode: Unstable, Insecure
ExMode: Egoist
Motivation: Power (or the appearance thereof)
Intelligence: Average (below average for the computer underground)"

At this point, the message tells you to press any key to continue.

"Details:
John A. Buchanan, better known as Aristotle (or ARiSToTLE), is a member of the ever-degrading Virus eXchange (VX) underground. Not a programer of any degree himself, he has relied on his mouth to gain a name in the scene. Aristotle runs a BBS system dedicated to exchanging viruses, and claims to be a member of NuKE, an elite underground group with a partial focus in viruses. NuKE, however, seems to view him as a pest-at best.

For an occasional power-trip, Aristotle has been known to post real information, including name, phone, etc. of virus writers to attempt to scare them. he has allegedly given the same information to law-enforcement agencies on several occasions, and seems to have been the cause of several people's arrests. This is the only way, it seems, that he can feel like he has any power. he is also commonly inciting flame wars (arguments on a very base level) for a similar purpose."

That's it for the Ari DOS Virus. Thank You for reading. As always, I invite readers to comment below with any comments or questions.

Read More

There is no good malware: Part 2.

Before I begin, did you read Part 1 that was published 2 days ago? Because if not, now would be a good time to, and you can find it here. So go read it, I'll wait.


Got it? Good

Sony was not the first case of a company attempting to stop software piracy by use of malware. And I certainly wish that whoever thought to place rootkits on CDs would have looked back and saw that someone already tried something like that. I speak of a virus that is considered by many to be the first virus for MS-DOS. So we are going back quite a ways, back to January 1986. This virus, called Brain, infected the boot sector of storage media formatted with the DOS FAT file system.

The virus was only meant to target those that infringed copyright.

This virus was written by two brothers in an attempt to protect their medical software from piracy. Brain affected MS-DOS by replacing the boot sector of a floppy disk with a copy of the virus. The real boot sector is moved to another sector and marked as bad. The disk label is changed to ©Brain, and the following text can be seen in infected boot sectors:

"Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages" 

The virus was only meant to target those that infringed copyright. So when the brothers began to receive a large number of phone calls from users from around the world demanding that they disinfect their machines, the two brothers were stunned and attempted to explain to outraged callers that their intention had not been malicious.

Thank You for reading. As always, I invite readers to comment below with any questions or comments. And if you were a user infected with Brain, I even more so invite you to comment and share your story, should you be able to recall. 

Read More

How to remove System Doctor 2014

There is a new rogue AV making the rounds on the web called System Doctor 2014.

For those that have just started reading my blog or for those who do not know what a rogue antivirus program is, it is a program that installs itself on your computer and then "detects" fake malware that is not on your system. Once the program has finished its "scan" it then demands payment for the removal of non existent malware from your machine. This blog post will deal with how to remove this rogue.

Step 1: Reboot your computer into safe mode with networking. To do this, turn off your computer. Then when you press the power button to turn it back on, press the F8 key repeatedly until you see a screen that gives you advanced boot options. Use the arrow keys on your keyboard to navigate to the option that says Safe Mode With Networking. Press Enter.

Step 2: Download and run RKill. Once you reach the desktop of your computer, open up a window in your favorite internet browser. Go here and download RKill. Run the executable downloaded. If System Doctor claims that it is infected, continue attempts to run the executable. Once you have run the executable, it should stop the rogue process and allow you to remove it.

Step 3: Download and install Malwarebytes Anti-Malware. With your internet browser still open, go here and click the download now button. Once the executable for Malwarebytes Anti-Malware is downloaded, run it. Proceed with the installation of Malwarebytes Anti-Malware.

Step 4: Run a full scan with Malwarebytes Anti-Malware. Once installed, the program will pop up with the main menu. Select full scan from the menu and then click on the scan button. The process of scanning can take a while, so you can go ahead and go do something else for a while and then come back. Once the scan is completed, click OK to view the results and then press the remove selected button. If Malwarebytes asks you to reboot your computer, please do so. Once you have restarted if prompted to do so, that is it. You are malware free.

Thank You for reading. As always, I invite readers to comment below with any questions or comments.

Read More

There is no good malware: Part 1.

For some, the title should be obvious and so true that it does not need to be stated. But for some companies, this is not considered true. This blog post will take a look back at attempts on the part of one company to use malware.

In 2005, Sony implemented copy protection measures on 22 million CDs. This copy protection prevented piracy of the software and music included on the CD by installing one of two rootkits onto the users hard drive. The rootkits modified the operating system to interfere with CD copying. The rootkit installed could not easily be removed, and it unintentionally created vulnerabilities in the computer that were exploited by unrelated malware.

One variant of the rootkit asks that the user accept an End User License Agreement, but the rootkit is installed regardless of the choice to accept the EULA on the part of the user. The other variant installs itself silently without the user being any the wiser. Sony initially denied that the rootkits were harmful. Sony then released an "uninstaller" that only installed more software, collected an email address, and introduced more security vulnerabilities.

Following public scorn, government investigations and class-action lawsuits in 2005 and 2006, Sony partially addressed the issue with consumer settlements, a recall of about 10% of the affected CDs, and the suspension of copy protection measures taken in early 2007.

It is important to note that this is not the only case where a company has attempted to protect its software from piracy using malware.

Stay tuned for Part 2. As always, I invite readers to comment with any questions or comments, thank you for reading.

Read More