Spotlight on Malware: ZeroAccess Rootkit.

Today's blog post will be about a piece of malware that is considered by many computer security professionals to be one of the worst pieces of malware. This malware is called the ZeroAccess rootkit, although I have given it the nickname "The Devil's malware."

From what it does, some controversy is generated on what kind of malware it should be classified as. It is used to download other malware onto the infected machine and to form a botnet that is mostly used for Bitcoin Mining and Click Fraud. It does this by concealing itself by using techniques commonly used by rootkits. It also can be downloaded by users because it may claim to be something else, which fits into the description of Trojans.

So, it can be classified as a Trojan, a Botnet, or a Rootkit. I prefer to call it a rootkit, but you can call it whichever one you would like as all of these are correct classifications. And it should be noted that this malware also steals passwords which you enter into your computer.

This piece of malware is considered so dangerous because of the fact that it replaces critical system files with it's own. This makes proper removal a challenge for even the most skilled removal professional due to the fact that removal requires the use of specialized tools in a very specific way. This is made more difficult by the fact that one way of removing one variant likely will not work correctly for another.

Despite all the advances made against malware in recent years, it is not possible to ever consider a computer infected with ZeroAccess to ever be safe again. This is even after removal, leaving the only surefire path to computer security a option that is usually employed only after everything else has failed: Reinstalling the operating system. The operating system has just become too compromised.

This is one piece of malware that most conventional antivirus engines are ill equipped to really deal with. And one variant has even been found to completely break Windows Defender. This is why if such an infection is found, I recommend that the reader in question seek out professional help.

Thank You for reading, I invite readers to comment with any questions or comments.

Read More

Hitman Pro: What is it, and what does it do?

In some of my removal posts, some of my readers may have noticed that I recommend using Hitman Pro when your antivirus software cannot do it's job. Some of you may have wondered what this tool was. And to those who did not wonder... Well, you are going to find out in this post anyway.

Hitman Pro is a second opinion antivirus software which uses the scanning engines of 5 different pieces of antivirus software. It uses the scanning engines of IKARUS, Dr. Web, Emsisoft, G Data, and BitDefender. With five engines scanning a computer, it makes the act of detecting stealthy malware much easier.

Of course, you might be wondering two things:

1. Why would you have five pieces of antivirus software loaded on a system? That must cause a lot of system slowdown.

Well, it does cause a bit of slowdown, but because the scanning is done in the cloud, there is no real notable slowdown.

And one specific part of Hitman Pro that is used in my removal guides is the Kickstarter component. This component is used when there is something preventing conventional antivirus from doing it's job. This could include Rogue antivirus software and Ransomware.

It works because it launches Hitman Pro before the ransomware or rogue antivirus software can launch. This prevents the malware from shutting Hitman Pro down.

While I do not recommend using Hitman Pro as the primary antivirus software on a computer, it does have it's place in the fight against malware.

Thank You for reading. I invite readers to comment with any questions or comments.

Read More

Posts of the Month: July 2013

To my readers: Good morning, good evening, wherever you may find yourself today. You may have deduced this from the title, but I would like to say that this is not going to be a regular blog post. This is because I would like to test out an idea that I have thought out for some time now. A special blog post called "Posts of the Month." This type of post is going to be done at the end of the month, and will include links to past posts that I think are worth noting for the month.

This will also include posts that received the most views, and generated quite a bit of feedback. Along with the link, I will include a short description of the post, such as what point I am trying to make, or something worth noting about the post. But if you have read the post before, you will not be missing anything if you decide not to read the short description.

This is purely an idea that I would like to test out, so consider this a sort of "Skunk Works" type thing. And feedback is appreciated. Please note that I am doing this for the benefit of my readers who might not have read some important posts, or might have missed some posts and would like to get caught up a bit. I am not really doing this to get more views.

For testing purposes, I will impose a limit on how many posts I will link to. This will keep my honest, and it will keep the links from becoming excessive. So without any further ado, here are the five posts of the month for July of 2013.

Post #1: Posted on July 9th, this post gives some basic advice that is like the title says. It's back to basic tips that will reduce your risk of getting infected with malware. This post received about 60 views as of this writing.

Post #2: Posted on July 12th, this post is meant to help computer users, old and new, choose an antivirus software. This post includes links to independent tests that are preformed annually, which can help you make a choice that you are going to be happy with. This post received about 75 views as of this writing.

Post #3: Posted on July 15th, this post apparently was helpful to at least one person who provided me feedback via Twitter. This post details how to remove the Mandiant U.S.A. Cyber Security Ransomware. This post received about 240 views as of this writing.

Post #4: Posted on July 15th, this post detailed how the Reveton ransomware is now targeting the Mac. This post also provided instructions on how to get rid of the ransomware. This post received about 90 views as of this writing.

Post #5:  This post provided removal instructions for a new rogue antivirus called Attentive Antivirus. This post received about 65 views as of this writing.

Thank You for reading. I encourage readers to comment with any feedback. Good or bad, let me know if you would like to see this become a regular thing.

Read More

To the spammers of my blog, past, present, and future.

First, to my readers:

As some of you may or may not know, my blogspot blog is starting to become more attractive to spammers who attempt to comment on it. Even with a Turing test for comments listed as anonymous, two spam comments have still made it through to comment moderation. And because I have to approve every comment before it goes through, you will not see these comments.

It seems that the trend is to comment on my blog in hopes of advertising a tech support service. In my evaluation, I found that these services were a bit shady. Even so, I give them the benefit of the doubt and contact them through the contact us form. After this, I never get a response. And not only that, when I left a comment on an offending company's fan page, they named me fan of the week.

Funny, to be sure, but I found out that it was an automated app, and I was the only one who commented that week. Still, I revived no response from them. Not even an acknowledgement of my complaint. This is why I feel in the future, this will continue happening. This is why I am writing this post, to try and nip it in the bud before it begins.

To any spammers reading any part of this blog:

You cannot stop my resolve to keep this blog of mine spam free. As I have a zero tolerance policy for spam, I have had a Turing test set up since the very beginning of my blog for those who comment as an anonymous reader. Not only that, but for comments made by humans, I have comment moderation in place. This also works against more advanced spamming machines which know how to get past the Turing test by a multitude of means.

Translation: I have a zero tolerance policy on spam. Both in my email and on my blog. And because I consider unpaid ads to be spam, that means that your comments will not be seen by anyone but me no matter who you are or what technology you employ to attempt to circumvent this.

That being said, I am willing to offer advertising if you really wish to advertise on my blog. I ask that anyone who would like to arrange a deal email me at the following email address: blogadrequests@yahoo.com

No, this is obviously not the personal account I use for regular email, but I will get your email. And I can dispose of this address whenever I would like, so do not spam this address or I will close it. This address is to be used for legitimate business deals in regards to my blog only.

Thank You for reading, I invite readers to comment with any questions or comments.

Read More

How to remove Attentive Antivirus (Rogue)

As you can tell by the title, this removal guide is going to be about another rogue antivirus. It's name is Attentive Antivirus.

Step 1: Reboot your computer into safe mode with networking. To do this, turn your computer off and then back on. Immediately press the F8 key on your keyboard when you press the button to turn the computer on.

Step 2: Use the arrow keys on your keyboard to select the "Safe Mode with Networking" option. Then press enter.

Step 3: Download the copy of Rkill labeled iExplore.exe here: http://www.bleepingcomputer.com/download/rkill/

Step 4: Double click the downloaded executable to run Rkill.

Step 5: Wait until the black window closes on its own before moving on to the next step of removal.

Step 6: Download Malwarebytes Anti-Malware from the link below and install it:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Step 7: Once the installation has finished, make sure that the Preform full scan option is selected. Then click the scan button.

Step 8: This scan will take some time, up to a few hours depending on how many files you have on your computer. So I recommend doing something else while this scan is running. I usually go to the kitchen and make myself a snack, but you can do whatever you would like. Whatever you do to pass the time, make sure that it is in close proximity to the computer so that you can check on the scan every once in a while.

Step 9: Once the scan is finished, Malwarebytes Anti-Malware will inform you that the scan is done, click OK, then click on the show results button.

Step 10: Click on the Remove Selected button. If Malwarebytes Anti-Malware prompts you to restart you computer, allow it to do so.

Step 11: Enjoy your computer which should now be free of Attentive Antivirus.

Read More

Explaining the fine line between Annoying Software and Adware.

One question I got asked recently when working on a friend's PC was what adware is. I explained to my friend that adware was a piece of software that shows up in the form of toolbars, gadgets, and the like, without the permission of the user. This got me to thinking what would qualify as adware, and what would qualify as just an annoying piece of software. This post will attempt explain that.

Adware is software that shows up in the form of toolbars, additional programs, gadgets, search engines, web browsers, and many other forms. Adware is often installed along with other programs that you install. Often times, adware sneaks onto your computer without the program installer telling you that it is going to install the adware. And in extreme cases, the program installer will tell you that it is going to install the adware, yet doing so in complete disregard of your wishes.

Annoying Software is... Well, annoying. This type of software is often installed along with other programs. But a key difference between adware and software is that the installer will obey your wishes to install the extra software or not. This type of software can also be installed on it's own by a knowing user.

Now, the shift from annoying software to adware is a fine line. Generally any attempts on the part of the software to start doing something that was not installed to do is suspect. And if this is done without the permission or knowledge of the user, it is without a doubt, adware.

So, a general rule to keep in mind that if an installer specifically asks if you want to install a toolbar or whatever it is, then it should not be classified as adware. But when it starts being deceitful towards the user, it should be classified as adware.

Antivirus software can sometimes detect adware. Although it is often labeled as PUP, or Potentially Unwanted Program. So if you want to avoid adware, you should check into weather your antivirus program offers detections or not.

Thank You for reading. I invite readers to comment with any questions or comments.

Read More

Malware Now Taking Advantage of Royal Baby News.

Like with so many other events before. Be it the Boston Marathon Bombing, The explosion at the West Texas fertilizer plant, and even 9/11. Malware is taking advantage of an event making international headlines again.

This time, malware writers are setting their sights on news surrounding the recent birth of the third in line in British Royalty.

At this point, malware seems to be focusing on spreading via email. More specifically through a "video" with the latest news.

So, how this works is that you get an email, possibly from your friend, that contains such a video. You click on the video, intending to watch it. But you are asked to update your Adobe Flash Player before you can view the "video." The installer for the update is actually an installer for a Trojan.

There seems to be enough variation so that the installed Trojan could be one of quite a few Trojans. And one of these Trojans has been found to harvest bank information which can be used by the writers of the Trojan to steal your identity.

One simple way to avoid falling for this trick is to be smart about your security. If something claims that you need to update your software, go to the official website for the software and get the update there. That is, if you actually need an update.

Remember, get your news from reliable and reputable sources, and never click on news stories from your email unless you have actually signed up for a newsletter of some type.

Thank you for reading, I invite readers to comment with any questions or comments.

Read More

How to remove the New Zealand E-Crime Lab Ransomware.

Another day, another annoying piece of ransomware. This one belongs to the Reveton ransomware family.

Like most other pieces of ransomware in this family, this ransomware blocks use of your computer via a screenlocker. It then claims that you have broken the law, and it then demands payment for the unlocking of your computer via a prepaid card.

And like all other guides on my blog regarding this type of ransomware, the below steps will assist with removal.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go to http://www.bleepingcomputer.com/download/hitmanpro/ and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.

Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.

Read More

Mac OS X Ransomware going global.

About a week ago, I posted about the fact that the newest variant of the Reveton ransomware was targeting Macs. And at that point, no matter your location in the world, it would claim to be from the FBI, an American agency.

Now, the website claiming you have broken the law is paying attention to your location in the world. It is then changing the template of the ransomware to suit the law enforcement agency of the country you live in.

Other then this, there are a few other points to note about this:

1. Google has updated Google Chrome to be able to block the ransomware. Therefore, I advise that Mac users that use Chrome update if they have not already.

2. As far as my testing can tell, devices that run iOS are not affected by this ransomware. So, users of iPhones, iPads, and iPods are safe from this.

3. You can reduce the likelihood of you getting the ransomware by avoiding search engine results that look sketchy.

4. Safari users are still stuck with a chance of getting this, so they should follow the method below below, should they get this.

Method of removal:

Step 1: Up at the top of the screen, click on Safari.

Step 2: Choose "Reset Safari."

Step 3: Make sure all items are checked.

Step 4: Click Reset.

Step 5: The ransomware is gone now. So you are now free to browse the internet again without it hindering you.

Thank You for reading. I invite readers to comment with any questions or comments.

Read More

How to remove the Ministry of Public Safety Canada Ransomware

Come on Reveton ransomware, cut me a break. One of my last posts on you got 200 views, and you decide to throw another one out? Oh well.

This is a Canadian variant of the ransomware that claims to be from The Ministry of Public Safety Canada.

Just like the others I've covered in other posts, this ransomware claims that you have broken the law, and demands payment to unlock your PC. So, nothing really different from the others I've covered in other posts.

If you have seen said posts, you know the procedure. But for those that don't, I have it reproduced below.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go to http://www.bleepingcomputer.com/download/hitmanpro/ and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.

Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.

Read More

How the web works: The Technology

Thank you for stopping by for How the web works II: The Wrath of Conn.

If you have not read my first post on this, you can find it here:

The web works on three standards. These standards are generally adhered to by all companies that make products that work with the web.

URL (Uniform Resource Locator): These are the addresses you enter into a web browser to connect to a website. The URL is broken up into 4 parts which are the protocol, the hostname, the port number, and the path that you are requesting.

Protocol: This is the string of characters you see before the hostname. Examples include http, ftp, telnet, etc. They are separated from the hostname with a colon and two forward slashes ( ://). These protocols tell your browser what type of service to use when you connect with the web browser to the hostname. 

If you leave the protocol off your address, by default the Web Browser will assume you are using the HTTP protocol, which is for connecting to web sites, so there is no need to type in the http:// every time you go to a web site. If you specify another protocol like ftp, then the browser will act as an ftp client that will enable you to connect to a ftp server to download files.

Hostname: the address you are going to, minus the Protocol.

Port Number: The port number is a number that you can append to the host name with a colon between them. An example of this would be adding the port number 80. If you leave the port number off, the web browser will assume that the port number is 80 because that is the default port for the http protocol.

Path: This is the path on the server, culminating with the filename you are trying to reach. This path corresponds to an actual directory structure on the web server. So on the web server there is a root directory, a files directory underneath that root directory, and the file you are looking for.

HTTP (Hyper Text Transfer Protocol): This is a defined process of how to transfer information between a web browser and a web server. All web browsers and web servers follow this process.

HTML: (Hyper Text Markup Language): This is the language used in web pages to format text, images, and page layout. This language is in pure text and is entered into a file that has an ending of html.

Thank You for reading. I invite readers to comment with any questions or comments.

Read More

How the web works: The History

For many of us, Web Browsing has become a daily activity. Whether it is used for checking stock prices, shopping, or just larking about, web browsing has become an institution in our lives much the way TV is. But have you ever wondered how it all works? This post is meant to explain the history of the web and how it technically works.

The Web began at CERN, the European Organization for Particle Physics Research, in 1989 when Tim Berners-Lee and Robert Cailliau designed a system called Enquire. 

This system would allow documents to have links between different pieces of data whether they be files on the local computer or stored on a remote computer. The main motivation is said to have been the ability to access library information that was spread across multiple servers at CERN.

On November 12th, 1990, Tim Berners-Lee published a formal proposal called "Information Management: A Proposal" that outlined the web as we know it today by using a system for displaying information called HyperText. This system was first described in 1945 by a man named Vannever Bush to link documents into a large scale information pool.

One day after the proposal was published, Tim Berners-Lee created the first web page. And that following December wrote the first web browser and web server.

The name of this program that was created, was called the WorldWideWeb. Thus the name we use today.

As development of the WorldWideWeb continued, more people from around the world started to get involved. In 1992, one of the first web browsers that supported graphics was introduced called Pei-Yuan Wei's Viola. This led to Marc Andreessen of NCSA releasing a program for UNIX called Mosaic in 1993.

Mosaic was the spark that marked the rise in popularity of the World Wide Web and no longer kept it confined in the academic circles. Marc Andreesen went on to form Mosaic Communications, which then evolved into Netscape Communications. Netscape was the first mainstream graphical Web Browser.

As time went on, more features started to be added to the web browser, more companies got on the internet, and personal pages started springing up everywhere, and the web as we now know it was born.

More in Part 2: The Technology.

Read More

How to remove the SweetPacks/SweetIM toolbar.

Today's post will be regarding a piece of adware that comes as a toolbar installed along with programs that you have downloaded off of the internet. And considering as this piece of adware is often considered very hard to remove, I thought that I would publish a quick guide to help with removal.

Now, keep in mind that this toolbar is not technically malware. But it does modify your homepage and your default search provider. So it is not exactly welcome on your computer.

Step 1: Download AdwCleaner at the link below and save it to your desktop.
http://www.bleepingcomputer.com/download/adwcleaner/

Step 2: Double click the AdwCleaner.exe icon that now appears on your desktop.

Step 3: Select search from the menu that pops up.

Step 4: Once the scan is done, the program will produce a log. This log may look like nothing but gibberish, that's OK. Unless you see something that you know should not be removed, please close the log window.

Step 5: Press the delete button that you see in the AdwCleaner menu.

Step 6: Save any open documents before continuing.

Step 7: You will now be presented with a message that says that AdwCleaner must restart your computer. Press OK to allow it to do so.

Step 8: AdwCleaner will open the log again after restarting. You may close this.

Step 9: Download and install Malwarebytes Anti-Malware from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Step 10: After you install Malwarebytes Anti-Malware, select Full Scan from the scanner tab and then click the scan button.

Step 11: Once the scan is done, follow the prompts and click Remove Selected.

Step 12: At this point, Malwarebytes Anti-Malware may prompt you to reboot your computer. Please allow this.

Step 13: Enjoy your computer, free from this adware.

Step 14: Comment below with any questions or comments.

Read More

F.B.I. Ransomware now targeting Mac OS X

For years, Windows users have been plagued with malware issues, and one in particular that has gained popularity is ransomware. A piece of software that restricts the use of your computer in some way. For the most part, Mac users have remained free of these threats. And so they feel quite safe browsing the internet.

Those days are coming to an end. Because cybercriminals are now targeting Mac OS X with the latest variant of the FBI ransomware.

This ransomware is like most other ransomware with the exception that it only restricts use of Safari, the built in browser, rather then computer use in general. But aside from that, it is just like any other ransomware. It attempts to convince you that you have broken the law in some manner, and demands payment by a prepaid card such as GreenDot MoneyPak.

And if you attempt to close it, it will not close. You can only get it off your screen by quitting Safari, only to find it come back again when you next open Safari. And it will keep coming

Luckily, this is relatively easy to fix.

At the top of your screen, click on the Safari menu, then click Reset Safari. Make sure ALL items are marked, and hit the reset button.

This will reset Safari back to when you first got the Mac. So there go your saved websites and bookmarks. But it's better then not having use of your browser at all.

Unfortunately, this scam is far too fast and efficient to be going anywhere anytime soon. Which is why I predict a large amount of infections with this Ransomware. This is also why I am urging those who read my blog to spread this news on. Let people know that there is a way to get rid of it.

Thanks for reading. I invite readers to comment with any questions or comments. And if this notice helped you, comments from you are especially appreciated.

Read More

How to remove the Mandiant U.S.A. Cyber Security Ransomware.

The Mandiant U.S.A. Cyber Security Ransomware is a piece of ransomware which belongs to the Reveton family of ransomware. It displays a lock screen on your computer claiming that you have violated international law. It also claims that you have illegal files on your computer... such as those that you would not like a child to see.

In order to access your computer, the malware demands a ransom paid via a prepaid card such as GreenDot MoneyPak. This post will detail how to remove it.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go to http://www.bleepingcomputer.com/download/hitmanpro/ and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.

Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.

Read More

How to remove Antivirus System (Rogue Antivirus)

Alright, there's a new rogue antivirus program out there called Antivirus System. It basically does not allow you to run any .exe, claiming that it is infected in order to scare you into buying it. This post will give removal instructions for this rogue.

Step 1: Go into safe mode with networking. This can be done by shutting the computer down, then turning it on. Once you have pressed the button to turn it on, immediately start tapping the F8 key. Do not stop tapping until you are brought to the Windows Advanced Options menu. Once you see this, use the arrow keys on your keyboard to go to safe mode with networking. Press enter.

Step 2: Open your favorite internet browser and download Rkill from here: http://www.bleepingcomputer.com/download/rkill/
Run it by double clicking the downloaded file. It will open a black window, which you should not be alarmed by. Once Rkill is finished, the black window will close, and you can move to the next step.

Step 3: Download Malwarebytes Anti-Malware from here: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Run the downloaded file and install Malwarebytes Anti-Malware. Once Malwarebytes Anti-Malware is installed, it will automatically open a new window which will allow you to scan your computer. Make sure that the full scan option is selected and then press scan. This scan can take quite a while, so while this is running, go take a little break. Have a lovely beverage, watch something on TV, go for a run, something.

Once the scan has completed, you will see a message box. Click OK.

You will now be back at the main scanner screen. At the bottom of the window, press remove selected.

If Malwarebytes Anti-Malware prompts you to reboot the computer, press OK.

Step 4: Enjoy your computer free of Antivirus System.

Thank you for reading. I invite readers to comment with any questions or comments.

Read More

First Q&A session details.

For those of you who do not know yet, I recently created an ask.fm account to make it easier to answer questions that readers have. I also plan on using the account for Question and Answer type events. This blog post will be regarding the details of this first event.

First off, the subject of this Q&A event is going to be about malware. You can ask any question, within reason. And because all my readers read my blog to learn, there are absolutely NO stupid questions.
I'm serious about that, no matter how dumb you think the question may be, you can still ask it and I will still answer it. No one was born knowing this stuff, and I would know, despite how easy I make it seem. So, anything goes as long as it is malware related in some way. No, I am not going to offer relationship advice. And I doubt that you would take said advice anyway, considering as I am single.

And as for rules? When I am doing something like this for the first time, I really can't make much in the way of rules. I don't know what is going to happen, and I really do not want to control something that does not need to be controlled.

But one rule I am going to adhere to is to keep all questions clean of any profanity. I pride myself on staying at least somewhat family friendly with the issue of malware, and this is something that I will extend to anything outside blogging.

Those found to be in violation of this rule will get the following response:

"It's a Q&A session, not a night club."

But of course, I will allow the offending user to get an answer to the same question. Provided that the question is free of profanity.

As for a date and a time, this is why I am posting about this actually. I would like to work out a time that if possible, is best for everyone. The last time I attempted something like this, it was a disaster. So I welcome comments on this, and hopefully we can work something out that will be good for as many people as possible.

And perhaps I will have regular Q&A sessions. If the first one gets good feedback, it might be good to make this a regular thing. But that's the thing I need to find out. Because this is my first attempt at doing something on this scale, there is still quite a bit I need to learn.

You can find me on ask.fm here: http://ask.fm/MalwareBlogger

Thanks for reading. I invite readers to comment with any questions or comments.

Read More

What to keep in mind when choosing your antivirus software.

So, you just got a brand new computer. Or perhaps you are looking because the subscription on your current antivirus is running out. Either way, you are shopping for antivirus software. This blog post will offer some tips on how to make the right choice to protect your investment from malware.

First off, antivirus software does not mean that it only protects against viruses. This is just the most used word to describe it. Most antivirus software these days offers protection from most if not all types of malware. But this is not to say that antivirus software will detect and remove all malware. This is because no piece of software is perfect, no matter how much we attempt to make it perfect.

Tip #1: Remember that the antivirus software you are looking for may be free. Some people purchase the most expensive antivirus software available. The reasoning behind this is that the antivirus software must be good because it is expensive. But in my experience, the antivirus software you need may be free.

Tip #2: Know what you need. This somewhat ties into #1 in that you need to realize what you do or will do on your computer. From this, you would likely pick a more expensive option.  But the most expensive option often includes a lot of stuff that you will never use. This wastes space on your hard drive and might even slow your computer down.

Tip #3: Don't listen when antivirus companies tell you that their antivirus is the best. Everyone will say that they are the best, I am the best anti-malware-blogger on the internet. But without something to back it up, words like these mean nothing.

This is why you should check out independent testing labs that preform tests on antivirus software throughout the year. Two independent testing labs are AV-Test, and Virus Bulletin. You can find test results here:

http://www.av-test.org/en/home/

https://www.virusbtn.com/index

Tip #4: Check to see if the antivirus company you are looking at has actual support. A good antivirus company should have 24/7 support in some way. This can include customer service, a forum, or support by email. This support should also be free. After all, the company you are looking at made the antivirus, they ought to know how to properly fix issues that may come up.

Tip #5: Check reviews of the antivirus software. Even after all is said and done, even after you followed the rest of the tips to the letter, people may have had bad experiences with the software that you might have to watch out for. Although something you should watch for are reviews planted by competitors who want to bring other antivirus software down.

If you have followed all these tips, but still cannot make a choice, ask a geek friend of yours. I'm sure that your friend will be happy to recommend antivirus software to you. And if I am the closest you have to a geek friend, I can help you.

Thanks for reading. I invite readers to comment with any questions or comments.

Read More

My opinion of Data Dealer.

Anyone who has been a loyal reader of my blog for some time will know that this will not be an ordinary post. Far from it, as a matter of fact.

But I very recently discovered an online game that first gathered my attention because of the fact that it turns the tables and allows you to think a little bit like the kind of people who I fight against when I blog. Not that you can really get into the mindset of said person when you are biased against that side, but this game gives you a decent chance to try without causing harm.

The game: Data Dealer
The objective: To become someone who steals data from consumers via the use of hackers and fake websites designed to gather information.

In this game, you start out collecting data from ventures such as a sweepstakes, an online dating website, and a loyalty program. Data collected can be in the form of first and last names, zip codes, medical information, etc. You also have access to informants who work in low paying jobs and need extra money. These informants tend to have access to useful information such as tanning booth sessions, debts, income, and other useful information.

You then sell this information to companies that pay high dollar for information on consumers who they may offer a service or product to. And as you collect more information from your ventures and your informants, companies pay more for the data that you now have more of. This cycle goes on and on.

But you also have to be cautious, because if you gather too much attention, you can find privacy supporters or government officials after you. You stave this risk off by being careful when and at what point you use informants to gather data.

You can also stave the risk off by buying certain upgrades to your ventures. Some upgrades such as a TV ad will reduce the risk you take when you invest in a venture. Of course, this also spreads word around about your venture, which leads to more users of the service that venture is offering. This in turn, leads to more data collected from more people.

As the only game available is a demo, I really cannot offer more information except from my personal opinion.

My personal opinion is that this game may be fraught with satire, but the message that it sends is exceptionally clear.

And while it may be akin to PRISM, it nonetheless is quite fun and addictive.

You can find out more information and play the demo here

Thank You for reading, I invite users to comment with any questions or comments.

Read More

Spotlight On Malware: The Koobface Worm

For Today's blog post, we will be talking about a worm that first appeared in 2008 and has not really left, considering as new variants are constantly being released.

Koobface is a multi-platform computer worm that spreads primarily via social networks such as Facebook, (Its name being an anagram of) Twitter, Friendster, MySpace, as well as other then popular social networks. By multi-platform, I mean that Koobface is designed to infect Windows, Mac OS X, and Linux.

Koobface ultimately attempts, upon successful infection, to gather login information for websites and programs that require passwords such as social networks, and programs such as Skype. Strangely, it does not attempt to gather sensitive financial information. It then uses the infected computers to build a peer to peer botnet. A infected computer contacts other infected computers to receive commands in a peer to peer related fashion. The botnet is used to install pay per install malware as well as to hijack search results to display advertisements.

Koobface originally spread by delivering Facebook messages to people who are friends of a Facebook user whose computer has already been infected. Upon its receipt, the message directs the recipient to a third party website where they are then prompted to download what is purported to be an update to Adobe Flash player. If they download and execute the file, Koobface infects their computer.

Koobface can then commandeer the computer's search engine use and direct it to infected websites.

Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that allows the attackers to abuse the infected computer.

It is worth noting that Koobface has inspired quite a few hoaxes across social networking websites, mainly Facebook. Said hoaxes claim, among other things, that accepting hackers as Facebook friends will download Koobface onto your computer. These hoaxes are untrue and some are even inspired by fake virus hoaxes that remain false.

Thank You for reading. I invite users to comment with any questions or comments. And if you were at one point infected with Koobface, you can also share your story.

Read More

Back To Basics.

For this blog post, we will be going over 7 basic security tips to reduce the odds of your computer getting infected with malware.

This is a basic list, and it is easy for most computer users to read and follow.

1. Don't be click happy: When you are on the internet, you should not be clicking every link that you see. Proceed with caution when you are asked to click on a link such as those in an email. Even though the link looks harmless, you can be redirected to another website that will install malware on your computer.

I'm not saying don't click on anything, just be careful.

2. Passwords are meant to protect you: If you are using "password" as your password for anything, you might want to change that. Use long, complicated passwords that only you can remember, and change them often.

A good starting point is to change all your passwords once a year or whenever there is a security breach in one of the services or websites you use which requires a password.

3. Keep your security software on: Once you get online, it is not a time to be disabling your antivirus software. This is a tip that gamers in particular need reminding of. And me being a gamer myself, I know this quite well :D

Your security software is meant to remain on, it should not be bothering you when you are playing a game on your computer. The only time you should pay attention to your antivirus bugging you is if you have actually gotten onto a game which has malware.

4. Avoid P2P and Pirated software: P2P Stands for Person 2 Person, which in this case is file and program sharing. Pirated software is software that is obtained via illegal means such as getting a product key from someone else, or downloading and using product key generating software.

These software packages, while free, are often a surefire way to get infected. So take the hint, always obtain software legally and pay for it if it normally costs money.

5. Social Engineering Attacks are rampant: This somewhat ties in with tip #1. Popular Social networks such as Facebook and Twitter are being used to distribute malware via several means. These can include, but are not limited to: Infected websites, "videos" that you have to install an "update" to view, and in rare cases, malware that can fit in a twitter message without using any other means.

6. Not everyone is your friend: Just because there is a button that says something like "Click here to like me" does not mean that is something you should do. Your default answer should always be something such as "I do not even know you, why should I hit a button to like you?"

Because when you like somebody or something, you are also sharing information with them. So be careful what buttons you click.

7. Be cautious when using public Wi-Fi: Needless to say, McDonald's is not the place where you should be doing your online banking. Not only does such action make you look somewhat... odd, it also allows hackers with even inexpensive equipment to find out what you are doing, and if possible, steal info that can be used to steal your identity.

Thank You for reading. I invite users to comment with any questions or comments.

Read More

Typosquatting: What it is and how to avoid it.

This blog post will focus on Typosquatting. More specifically what it is and how you can avoid it.

Typosquatting at it's basest level is the act of taking advantage of common misspellings of an official website's domain name. Although the website that is doing the typosquatting may take the deception further by using the same domain name and then using a different Top Level Domain.

An example of these ways of typosquatting can be found below:

Say the real website is example.com

You use a common misspelling such as exemple.com

The result: You are led to a different website then the one you intended to go to.

Alternatively, the website can have the exact same spelling, but a different top level domain such as example.net or example.org

Once on the typosquatter's website, the user can be deceived into believing that he or she has arrived to the correct website through the use of copied logos, website layouts, or content.

There are sevral different reasons for a typosquatter to buy a typo domain. These include, but are not limited to:

Selling the domain to the person or company who owns the legitimate website for a large profit.
To generate pay-per-click revenue from misspellings.
To redirect the typo traffic to a competitor.
To redirect to the legitimate website. This generates commissions for the typosquatter through the company's affiliate program.
To block malevolent use of the typo domain by others.

And there are also ways that typosquatters can use a typo domain for purposes that are much worse then generating pay per click revenue.

A phishing scam to be used with websites where someone must log in. This scam intercepts passwords that a victim enters unsuspectingly.
To install drive by malware or revenue generating adware onto a victim's computer.
To harvest misdirected email messages mistakenly sent to the typo domain.

To avoid this, you have two options that combat the problem as a whole:

Check the spelling of the website you enter into the address bar before you press enter.
Install a browser add-on such as Web Of Trust that can show you the reputation of the website. This can only work for websites that are not new, but considering as the number of users of Web Of Trust is at 81.5 million and counting, odds are it will not be long before many people notice the typo domain for what it is.

Thanks for reading. I invite users to comment with any questions or comments.

Read More

My opinion of Microsoft Windows Defender.

One question I get asked quite a bit when people ask me to help them pick out a new computer is if they should get antivirus software. When I get to the heart of the question, more often then not, they mean to ask if they should leave protection to Windows Defender. This post will attempt to answer that question for some of my readers who may be wondering the same thing.

But first, a little history.

Windows Defender was originally an anti-spyware tool included in Windows 7 and to a lesser extent, Windows Vista. By the time Windows 7 was released, Microsoft had come up with a new antimalware offering known as Microsoft Security Essentials. Microsoft had delved into antimalware products before with Windows Live OneCare, but MSE was meant to be a successor to Windows Live OneCare. With the release of Windows 8, Microsoft bundled the antimalware protection in MSE into Windows Defender.

The reactions to Microsoft coming up with its own antimalware product were mixed. Some AV vendors dismissed it as a competitor, while others welcomed it.

Now for testing. Does Windows Defender match up against other antivirus software?

According to Independent testing done by AV-Test, the answer to that question is no.

Throughout it's life as Microsoft Security Essentials, and then Windows Defender, the product has never done well.

Don't believe me? Take a look:

http://www.av-test.org/en/tests/home-user/windows-8/janfeb-2013/

http://www.av-test.org/en/tests/home-user/windows-7/novdec-2012/

http://www.av-test.org/en/tests/home-user/windows-vista/quarter-42010/

The tests results are clear. While Windows Defender gets top marks for usability, It does poorly in actual detection. This can be somewhat expected, even Microsoft has admitted at one point that it is basic protection.

But because Windows Defender is automatically protecting your computer from the first time you turn on a Windows 8 PC, there are less infections overall. While the product might not be the best at detecting, it's better then nothing. And this is considering that those who know very little about computers usually have no protection at all.

So while I consider Windows Defender to be bad at its job, it is something that is automatically on without user intervention. If it could detect and remove more malware, I might even call it something that is playing a key role in combating malware by automatically protecting thousands of new PCs.

So overall, there are better options out there that are still free, but I can see Windows Defender having some promise.

Thanks for reading. I invite readers to comment with any questions or comments.

Read More

Spotlight on Malware: The Happy 99 worm.

With today being the 4th of July and all, I thought that it would be a good idea to do a short post about a piece of malware that has something to do with fireworks. And I think the Happy99 worm is the best representation of that. This is why it will be our focus for today.

The Happy99 worm first appeared via email in January of 1999. It is generally considered to be the first piece of malware spread by email. The worm installs itself without the knowledge or consent of the user. When executed, animated fireworks and a Happy New Year message is seen.

The worm modifies WinStock, a Windows communication library, to allow itself to spread. The worm then attaches itself automatically to all subsequent emails sent by a user. It also modifies a registry key which will automatically run the worm any time the computer is rebooted.

It is unknown how many computers were infected by this worm. However, when malware researcher Craig Schmugar posted a fix for the worm on his website, one million people downloaded it. The amount of downloads suggest that the malware may have broken a record for amount of machines infected at the time.

Thank you for reading. I invite readers to comment below with any comments or questions. Have a happy 4th of July, no matter if you are in America or not.

Read More

Symbiosis in malware

The relationship one piece of malware has with another has always been lukewarm at best. Some malware, such as the Netsky worm, actually hunts out and attempts to destroy other malware. In this way, symbiosis seems impossible. Because for it to take place, said malware would have to work together.

Unfortunately, we are now seeing this in one case of malware. Two pieces of malware that assist each other in staying on a computer are proving difficult to remove.

Vobfus and Beebone help each other by downloading other variants of the other piece of malware. This helps avoid detection because of the fact that other variants might not be detected. And new variants are not likely to be detected at first by many antivirus programs.

Two pieces of malware on a computer is in and of itself, a combo that you would wish to avoid. But when the pieces of malware are actually helping each other, you know that there will be quite a bit of successful infection.

Vobfus is a worm that spreads primarily via infected flash drives. Once infection on a computer has taken place, it then downloads the latest variant of Beebone from a Command and Control server. Vobfus also uses the autorun function which, if enabled, allows Vobfus to automatically infect a computer running Windows.

I see this method of infection becoming popular. If later variants cannot be detected by antivirus programs, this makes the odds of the malware staying on an infected computer that much higher. And if the malware is too fast in downloading the latest variants, the only real option could be to reinstall the operating system. And while this may seem cynical, it truly is the reality of the situation we face.

Thank You for reading. I invite readers to comment with any questions or comments.

Read More

Spotlight On Malware: Zeus

It may not be as powerful as the ruler of Mt. Olympus, but even so, the Trojan horse known as Zeus sure made a big mess of things in 2009. This is why it will be the focus of today's blog post.

But first off, I must tell you that Zeus is a piece of malware. (Well, thank you Captain Obvious.)

Zeus is a Trojan horse which was first identified in July of 2007. It was found to steal banking information by using a keylogger. It is mainly spread by drive-by downloads and phishing attacks. It became more widespread in March of 2009 and by June of that year, it had compromised over 74,000 accounts on websites such as Bank of America, NASA, Monster.com, as well as others.

The various Zeus botnets are estimated to include millions of infected computers (3.6 million in the USA alone.) And as of October 28th of 2009, 1.5 million phishing messages were sent out on Facebook purpose of spreading the Zeus Trojan. From November 14-15, phishing emails were sent out claiming to be from Verizon Wireless. A total of nine million phishing emails just like this one were sent in that time frame.

By 2010, Zeus was still not done. In July of that year, credit cards of more then 15 US banks were compromised. In October of that year, the FBI announced that it had discovered a major international cyber crime which had used Zeus to hack into US computers. This allowed the cybercriminals to steal over $70 million. More then 90 arrests were made in the US with arrests also made in the UK and in Ukraine.

In late 2010, a number of internet security vendors such as McAfee claimed that the creator of Zeus had said that he was retiring and had given the source code and the rights to sell Zeus to his biggest competitor, the creator of the SpyEye Trojan. In May of 2011, the source code of the then current version of Zeus was leaked.

Read More