How to remove the United Kingdom Police ransomware.

There is a new piece of ransomware making the rounds on the internet. It is called the United Kingdom Police ransomware.

Like most ransomware, this one locks up your computer and claims that you have violated some law that you have not violated. The ransomware demands money for the unlocking of your computer via a prepaid card such as a GreenDot MoneyPak card. And like most ransomware going around today, I will provide a removal guide for this ransomware.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go to http://www.bleepingcomputer.com/download/hitmanpro/ and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.

Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.

Read More

How to remove the PRISM/NSA Ransomware.

There is a new piece of ransomware making the rounds on the internet. It is called the PRISM ransomware. And there is another variant that has also been making the rounds called the NSA ransomware. The removal guide for both is the same, so I decided to kill two birds with one stone.

Like all ransomware, this one locks up your computer and claims that you have violated some law that you have not violated. The ransomware demands money for the unlocking of your computer via a prepaid card such as a GreenDot MoneyPak card. And like most ransomware going around today, I will provide a removal guide for this ransomware.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go to http://www.bleepingcomputer.com/download/hitmanpro/ and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.

Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.

Read More

How to get rid of the new ransomware for Mac.

Last July, I covered a new variant of the Reveton ransomware which affected Macs. Now there is a new variant for the Macs making the rounds. And this ransomware learned from the mistakes of the last variant by affecting Safari users as well as Google Chrome users.

Let me say that this is not really malware in the strict definition. But this malware attempts to get you to pay money in order to use your browser. And while "removal" is a bit more technical then the kind of stuff I normally talk about, most users will still be able to do this.

Google Chrome ransomware removal guide:

Step 1:  Type in the following URL without the quotes: "chrome://settings/clearBrowserData"

Step 2: Clear any data that appears to be related to this ransomware.

Safari ransomware removal guide:

Step 1: Click on the Safari button in the top bar on your Mac. (It will be near the apple you click on to turn off your Mac)

Step 2: Click on Reset Safari.

Step 3: Ensure that all checkboxes are checked and then click reset.

Thank you for reading. I invite readers to comment with any questions or comments.

Read More

How to be safer with Android.

With the rising popularity of Android malware that does not seem to be stopping any time soon, I thought it prudent to make a guide such as this which will help keep you a bit safer with Android. And I know that people who have been infected with something like Armor for Android will appreciate this. Because these tips are designed to help decrease the odds of that kind of thing happening again.

I could go through several tips for those that use Android devices, but they all boil down to two.

Tip #1: Be smart about what you download. The ability to download apps from anywhere with Android brings users a lot of freedom to seek out cheaper or free alternatives to overpriced software. But this also gives malware writers the freedom to write malware and disguise it as something else. As these are often disguised as apps, you can download malware onto your device without even knowing it.

To help prevent this, you can do three things.

1. Make sure you have the downloads from untrusted sources option unchecked. If you need the app and are sure that it is safe, you can easily enable it. And for those of you who are not sure, it gives you an extra few seconds to hesitate and decide that something is not right.

2. Look at permissions asked for with a fine tooth comb. Think about it, does a Christmas caroling app really need to monitor your phone calls? Permissions are often the issue for well intentioned users to cause issues. But thinking of what permissions are needed can be time consuming for most users. So I like to think of it in terms of what permissions I would ask for. Then I would think of what permissions I would ask for if I wanted this app to do something malicious. Ask yourself that and then look at the list of permissions. Which list is it closer to?

3. Only download from the Play Store. That overpriced software we were talking about? Odds are good that there is a cheaper version in the Play Store. In a world where there's an app for that, odds are good that someone is fed up with overpriced apps. And besides that, very few malicious apps have gotten through the security of the Play Store. I'm not saying that you should not download from regular online sources. Just look twice before you download.

Tip #2: Keep security software on your device. Even though you may be a pro at figuring out what apps are safe, you can still be the victim of drive by downloads. These types of downloads often contain Trojans which download and install themselves to your device without you seeing anything asking your permission.

This is why security software is a must.

There are quite a few apps which will help you stay secure, but one of my personal favorites is Avast Mobile Security. This app not only has a top notch antivirus scanner that protects you in real time, but it also has anti-theft components which can help you get your device back if it is stolen.

And one app that is being worked on is Malwarebytes Anti-Malware for the Android platform. It is not available yet, but I will be downloading it on my Android devices when it is.

Thank you for reading, I invite readers to comment with any questions or comments. And if you have a tip I missed, please comment and tell me about it.

Read More

How to remove Mobile Defender (Rogue)

There is a new rogue antivirus program affecting the Android platform. It is called Mobile Defender, and another variant is called Android Defender. It is a little bit like the $1.99 per week Armor for Android rogue that I talked about some time ago. It has no Trojan element and it is easy enough to remove. But because of the fact that it asks for quite a few permissions, it is important that you get this off of your Android device.

I'm not really sure if a removal guide is really necessary, because you have to change settings in order to download the app which is not from the Play Store. But the app claims to be WhatsApp when you go to install it, so no one can really be blamed if someone inadvertently installs it. With that in mind, I will go ahead with a removal guide.

Step #1: Go to Settings.

Step #2: Now go to Location and Security. This might also just be called Security depending on the version of Android you are running.

Step #3: Tap on Select Device Administrators, which might just be called Device Administrators.

Step #4: Uncheck or Deactivate Mobile Defender (or Android Defender depending on what variant you have.)

Step #5: Go back to the settings menu.

Step #6: Go to Applications.

Step #7: Press Manage Applications.

Step #8: Find the app.

Step #9: Press the app and choose to uninstall it.

Thank you for reading. I invite readers to comment with any questions or comments.

Read More

Recaping CryptoLocker.

This is going to be a recap post going over some of the stuff I have covered as far as the CryptoLocker ransomware.

It seems to be spreading via social media and old school email Trojans. So, it can be avoided via email by not downloading any exe files via email. And if the file name contains .zip, walk away.

Removing it is the easy part. You can remove it with the Kickstarter program of Hitman Pro, or Malwarebytes Anti-Malware in safe mode. Both of these have been proven to work with CryptoLocker. And when I say that removing it is the easy part, I am not joking. CryptoLocker encrypts your files with RSA 2048 bit encryption. This type of encryption has never been broken before and likely will not be broken for at least 10 years. So... no decryption tool can be written in the foreseeable future.

But there is a possible way to recover your files. In select versions of Windows, (Vista and 7) you can restore your files to a previous state using Shadow Explorer. Shadow Explorer is a freeware program that you can find on the internet. It does nothing but access the file restore function of Windows which is built-in to System Restore. Be careful to restore your files to a date before the event.

On Windows 8, if you do not already have File History enabled, it is too late if you are infected. File History is disabled by default, but you can enable it by following the guides that Microsoft provides for enabling it.

http://windows.microsoft.com/en-us/windows-8/how-use-file-history

http://windows.microsoft.com/en-us/windows-8/set-drive-file-history

If you do not have System Restore or File History enabled and you are infected, there is not much you can do. If there is no system restore point, then your only viable options left are to either pay the ransom, buy a new hard drive, or restore from a backup that you would need to have ahead of time.

If given the choice, I would buy a new hard drive rather then pay the ransom. You have no idea what you are funding when you pay the people who write the ransomware. And doing this only encourages these people to keep doing what they know is working.

However, I do understand the importance of restoring your files. And depending you the variant you have and what kind of hard drive you have, it can cost more to replace the hard drive then to pay the ransom.

Offline backups are the only surefire way to get all of your files back again. If you are now planing to do that in order to prepare for if you do get infected, I recommend an external hard drive. You can find one that holds 500 GBs for somewhere in the neighborhood of $50.

Thank you for reading. I invite readers to comment with any questions or comments.

And to those of you who have read every post I have written about this, I greatly appreciate it. I hope that this series of posts has not seemed boring or annoying. I really have tried to make it all nice and informative.

Thank You.

Read More

How to remove Sinergia Cleaner (Rogue)

There is a new piece of rogue antivirus software making the rounds on the internet. It's called Sinergia Cleaner.

For those of you who do not know, a rogue antivirus program is a piece of malware that pretends to be an antivirus program. It then scans your computer and detects threats that are not actually on your computer. It is just trying to make you purchase it.

A removal guide follows:

Step #1: Reboot your computer into safe mode with networking. To do this, turn the computer off and turn it back on. Immediately after you press the power button to turn the computer back on, press the F8 key on your keyboard repeatedly until you come to a menu that gives you options such as Safe Mode. Use the arrow keys on your keyboard to select Safe Mode With Networking.

Step #2: To make sure that the rogue will not interfere with removal, we must run Rkill. Download iExplore.exe here: http://www.bleepingcomputer.com/download/rkill/

Step #3: Run the downloaded executable. It will open a black box, this is normal. Once the black box has closed on its own, proceed to step 4.

Step #4: Download Malwarebytes Anti-Malware from here: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Step #5: Run the downloaded installer and install Malwarebytes Anti-Malware.

Step #6: Once the program is installed, it will automatically open a window. Once this window is open, click Perform Full Scan, and then click the scan button.

Step #7: As this scan will take some time, I suggest you do something else while remaining in close proximity to the computer so you can check on the scan every once in a while. Once the scan is complete, proceed to step 8.

Step #8: When the scan is complete, it will open a message box. Click OK, and then click show results.

Step #9: Click Remove Selected. If Malwarebytes prompts you to restart your computer, please allow it to do so.

Step #10: Enjoy your computer which should now be free of Sinergia Cleaner.

Read More

Four Questions about CryptoLocker.

For this blog post, I would like to take the time to answer some questions posed by some readers of my blog who wanted to know more about CryptoLocker. And these were such good questions that I decided to make a blog post out of them. In order to respect the privacy of others, I will not publish names or email addresses.

Question #1: "If someone paid the ransom, would they send you the key?"

Answer: The way CryptoLocker does it is automatic once your payment has been processed. No need to enter in a key. Please note that there will most likely be copycats of this ransomware that will be less honest. Like not decrypting the files when you pay.

Question #2: "Would using a sandboxed browser prevent the infection?"

Answer: A sandboxed browser would protect users from some vectors of attack. There are two main methods that CryptoLocker is spreading.

1. Old school email attachment Trojans, which trick you into opening an email attachment.

2. Botnets. Which are computers that have been hijacked by the malware writers and have unwittingly become vectors of infection.

Neither of these methods would be effected by a sandboxed browser, at least in the short run. A sandboxed browser might prevent some botnets from coming in. But if you already have the botnet, it is too late unless you remove the botnets first.

Question #3: " Is any antivirus software able to block CryptoLocker?"

Answer: Some can catch it before it gets on your computer. And as time goes on, antivirus software will be better at catching this. Right now, quite a few pieces of antivirus software can only detect the ransomware AFTER you are infected and your files have been encrypted.

That said, the goal of any malware is to go unnoticed by antivirus software for as long as possible. And it really does not take the much of a modification to the code to ensure that it is not detected by antivirus software.

Question #4: Do you know if the NSA has a backdoor to whoever wrote CryptoLocker? If they have a backdoor, then surely they would be able to retrieve the key that CryptoLocker uses, right?

Answer: Before I get on with my answer, I would like to thank the person who asked the question. If you are reading, thanks for thinking out of the box.

I really do not know if the NSA has a backdoor to whoever wrote it. If they do, they will likely not release the backdoor to the public.

But I do know that the US Government is at least looking into this. It seems that CryptoLocker has hit some of the FBI's servers. And it would be wise of any government to investigate a cybersecurity issue if it starts knocking on the door loudly like CryptoLocker has.

Thank you for reading. And if you have any comments or questions about CryptoLocker, comment below. I just might use your question in a future blog post.

Read More

Info on the type of ransomware we are dealing with.

CryptoLocker is not the first piece of malware to encrypt the files of a computer. And chances are it will not be the last. This post will offer info on this type of infection as a whole.

First off, this type of malware is not new at all. The first piece of malware to encrypt files was a piece of malware which was called "PC Cyborg." Written in 1989, this malware claimed that a user's license to use a certain piece of software had expired. It then required the user to pay 189 US Dollars to unlock the system.

Ransomware that encrypts files is the new breed of moneymaker for malware writers. And considering that it has become relatively easy to encrypt files, this can now be done by an individual or a small group rather then a large company.

In the past, rogue antivirus programs were seen as the main moneymaker. But credit card merchants have caught on to this fact, which is one of the reasons why the amount of rogue antivirus software is decreasing.

Now, ransomware authors demand payment via a prepaid card such as GreenDot MoneyPak, ukash, and now BitCoins. They do this because payment via one of these methods is somewhat like cash. It's virtually untraceable and once the money is gone, it's gone.

Education is the only way to prevent infection unfortunately. Without education, users will continue to open email attachments they shouldn't, use weak passwords, and go to websites that they should not.

I suggest that no one pay the ransomware. Doing so only encourages the writer or writers to continue because the scam is working. Besides that, there is no way of knowing what you are funding when you pay. For all a user who pays knows, he or she could be funding terrorism.

But by the same token, I know that sometimes it is important for a user to get his or her files back using any means necessary.

And as for steps that a user should take to avoid having to pay, should he or she get infected, backups are the only clear way to do it. Writing decryption tools is hard work and will not always succeed.

And because of the fact that the type of encryption that is now being used by the ransomware has never been broken before, it leaves little hope that decryption tools will be a safe bet for a long time to come.

Read More

More info on CryptoLocker Ransomware.

If you or someone you know has been infected with this, you might already know. But there is a new piece of ransomware making the rounds on the internet. It is called CryptoLocker.

To remove it is simple. Simply follow the removal guide that is in the last blog post. But the hard part is figuring out how to decrypt the files that it actually does encrypt. So, actual removal of the malicious files and registry entries is only half of the battle.

Before we go into the possibilities for decryption, the main thing to take from this blog post is that the ransomware seems to be spreading via an email attachment. Look out for files in emails that have file name extensions such as .doc.exe or .doc.scr. If there is something more then .doc, (or whatever the file is) it is possible that it may be the ransomware.

My advice is that you do not download attachments coming from an email that match the criteria above. Especially if the file name includes .zip. And if the file comes from FedEx, UPS, or any agency that claims you have a package waiting, delete the email without downloading the attachment. If you are actually expecting a package, call the agency and ask. Do not trust an email.

Now, as for decryption: The ransomware uses 2048-bit RSA encryption and a public and private AES 256 key to encrypt your files. Translation: Whoever wrote this ransomware did not cut any corners when it came to decryption. He or she wanted to make it extremely difficult to decrypt the files affected. These files include documents, excel spreadsheets, powerpoint presentations, PDF files, and photos.

The best way to combat this is offline backups of the affected files which you needed to make prior to infection. But there has been limited success with using System Restore and File Restore on newer versions of Windows (Newer then XP.)

And please note that as a very last resort only, paying the ransom does seem to work.

Never thought that I would say that paying is a viable option? Well sometimes the malware wins. Sometimes the writer is clever enough so that he wins a round. And I only recommend paying the ransom as a last resort when all other possibilities have been exhausted. And then only when you absolutely need the files. Because if you pay, you can't really know just what it is you are funding.

I recommend that whoever has exhausted all other options hold off on paying the ransom as long as possible.

Other then the above, there is no currently known way as of this writing to get the files back. However, TrendMicro says that they are currently working on a decryption tool, so we will see where that goes.

As the ransomware needs to be downloaded and executed for the effect to take place, I recommend not opening any files downloaded from the internet (including email) until said file has been scanned with your antivirus software. As most antivirus software have definitions for the ransomware, it should give you a reasonable chance of avoiding this ransomware.

I predict that this type of ransomware is the new breed of moneymaker for malware writers. And because making decryption tools takes some time, (at least a few days after discovery) it is not wise to count on ways of decryption.

I recommend offline backups of your important files to ensure that you are prepared should you ever be hit with encrypting ransomware. You can create offline backups without any special software. All you really need is a flash drive which can store a sizable amount of files, or if you work with a very large volume of files, an external hard drive.

These options are not expensive. You can get a Terabyte of storage for for somewhere in the neighborhood of $50.

Thank you for reading. I invite readers to comment with any questions or comments.

----------------------------------------------------------------------------------------------------------------------------------------------------
Update: Friday, 13 September 2013 21:00 CST.
A way to restore files to previous versions has been uncovered. This helps for the following versions of Windows:

Windows Vista Business Edition.

Windows Vista Ultimate Edition.

All Editions of Windows 7.

These versions of Windows have a feature which allows you to restore previous versions of files. This is enabled by default. Microsoft just does not provide an interface for it. A freeware program called Shadow Explorer allows you to restore these previous versions of the affected files. I'm not going to put a link up, but you can Google it and it will be easy to find.

In Windows 8, the feature is called File History. It is disabled by default, which means that if you are not infected with this, you need to enable it.

Follow the following guides on setting up File History:

http://windows.microsoft.com/en-us/windows-8/how-use-file-history

http://windows.microsoft.com/en-us/windows-8/set-drive-file-history

Stay tuned to this blog for further breaking news on the CryptoLocker ransomware. If this works in all cases, we might have won.

Read More

How to remove the CryptoLocker Ransomware.

There is a new piece of ransomware making the rounds on the internet. It is called CryptoLocker.

For those of you who do not know, ransomware blocks you from using your computer in some way. It then demands payment for the unlocking of your computer.

I have posted the steps for removal below.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go to http://www.bleepingcomputer.com/download/hitmanpro/ and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.

Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. When it is rebooted it should be free of the ransomware.

Thank you for reading. I invite readers to comment with any questions or comments.

Please read the companion to this blog post here: http://malwareaware.blogspot.com/2013/09/more-info-on-cryptolocker-ransomware.html

Read More

Armor For Android (Updated)

Originally I wrote a blog post about Armor For Android in the context that it would be easy to remove. But it has come to my attention that some newer versions of this rogue require a bit more complicated removal then just uninstalling the app.

Now, I say that it's a bit more complicated, but most users will be able to do this.

But first, a bit of a summation: Armor For Android is an example of more types of malware moving to the android platform. While rogue antivirus software often affects only Windows, this rogue is on Android.

The revised removal steps follow:

Step #1: Go to Settings.

Step #2: Now go to Location and Security. This might also just be called Security depending on the version of Android you are running.

Step #3: Tap on Select Device Administrators, which might just be called Device Administrators.

Step #4: Uncheck or Deactivate Armor For Android.

Step #5: Go back to the settings menu.

Step #6: Go to Applications.

Step #7: Press Manage Applications.

Step #8: Find the app.

Step #9: Press the app and choose to uninstall it.

This removal guide works for both variants of the app. Although it should be noted that the one that costs $1.99 for the weekly subscription is the rogue. It has recently come to my attention that the rogue is based off a legitimate app going by the same name. The real app costs $29.95 for a lifetime subscription.

So, the difference between the two is price and the fact that the you can find the real app on the Google Play Store.

Thank you for reading. I invite readers to comment with any questions or comments.

Read More

Background Info on AMA and what else we could do.

Alright, as some of you reading this likely know, I am hosting an AMA session on Friday, September 28th of 2013. This AMA session is going to be focusing on malware and removal questions. So... everything you wanted to know but were afraid to ask. And if you did not know, you do now, and this gliph will actually be a reply to that gliph, so you can see all the info you need to see.

I have wanted to do something like this for the longest time, but the time never seemed just right. Now, the time seems right. And I think that the AMA session is going to get at least a few questions. And let me tell all of those who are considering posing a question: There are no stupid questions. Repeat after me: There are no stupid questions. No one was born knowing everything about malware, I certainly know that I was not.

An AMA session is nice for now, but I feel like going further with my readers. So, here is a little peak at what you might see coming to my blog within the next year.

1. Surveys: Nothing better then a user survey so that I can understand what my readers like reading best. Expect a survey to contain questions such as how knowledgeable I seem in my topic, and what particular kind of gliph you like reading best. All survey answers would be used to improve my blog. Your answers will remain completely private.

2. Livestream: Doing a Google+ Livestream thing is not really that popular, but we can do it anyway. I could even remove a rogue antivirus program live if that's the sort of thing that my readers would be interested in viewing.

3. Donate system: Some of the ideas listed here would work best if financed by generous readers. Keeps my costs down, and ensures that I can do those kinds of ideas more often if they are a hit. Even if none of the other ideas pan out, this might still be a good idea. Obviously it would make me VERY happy if a reader shows their appreciation by buying me a meal or two. Not that I'm expecting that, but it would be nice if that happened.

I have never run ads on any of my blogs, and I intend to never do so. Why? Because for one thing, ads tend to get in the way quite a bit when you are trying to read something. For another, my blog is independent. No company or manufacturer can buy a good review from me, nor can they buy good publicity from me either. And some people might think that I actually approve the products or services offered. So this is why I will not put ads on my blogs.

4. Phone based conversations: Would you like to have a talk with yours truly? We can make it happen. I can easily buy a disposable phone for use in phone calls. I could publish the phone number for the disposable phone and readers could call me. After the minutes are up, if I decide that I don't want to do another calling session, I could make a video of me smashing the phone or something like that.

The downside of this is that it would cost money, and I've noticed that disposable phones sometimes have issues with incoming calls from international numbers.

5. Phone based conference call: This might work better for international readers. I still have a conference call number from a call that did not really pan out. The conference will be free. The only charge on the part of the reader would be regular long distance or international call changes that come from your phone company.

The downside of this is that it could cost you money depending on where you are in the world. The company that I use for this service does have a toll free option available, however that would cost me money.

6. Giveaways: I have some old software in CD disk format that I really do not want or need. On a walk around my neighborhood, someone just left it out in the street. Everything has been opened, but most disks are still in their original cases.

Like I said, I really don't have any real reason to hang onto this software. Some of it's vintage, some of it is just old. I have disks for Windows 95 through Windows 98 and some other software. I could run a giveaway and send out a disk to the winner of whatever I decide to do as part of the Giveaway.

Maybe you could use some of this software for something. Most of it's meant for use with Windows 95, but still usable.

Hope this provided you with more info as to what I think is possible with my blog. I invite readers to comment with feedback on any of the above ideas.

Read More

AMA Date And Info.

Attention all readers.

I have nailed down a time and date for a AMA (Ask Me Anything) session. So if you only take one thing away from this post, it is this: Saturday the 28th of September of 2013. Starting at 10 AM CST and lasting the whole day.

That's right, everything you wanted to know about malware and how to remove it but were afraid to ask. And I am doing it in a way that most people will be able to ask questions from. I'm taking questions in four ways.

Way #1: Twitter. You can tweet your question to @MalwareBlogger On Twitter. Please use Hashtag #ambq so that I can more easily answer questions.

Way #2: Ask.fm. My ask.fm profile is MalwareBlogger. So, the link would be: ask.fm/MalwareBlogger

Way #3: Email. If you prefer to have your question be private, you can send your question to doctormalware2@gmail.com

Way #4: Comment on the recap post that I will make on that day. Nothing simpler then commenting on a post that you are reading anyway.

I have no rules except for two:

Rule 1: Keep it about malware or the removal thereof.

Rule 2: Keep the language clean (And you know what I mean by clean.) Any questions will be answered in the following manner: "It's an AMA session, not a nightclub!"

Thank You for reading. Comment below if you have any questions or comments about the event itself. And you can look here if you do not go by CST and you want to participate: http://www.timeanddate.com/worldclock/full.html

Read More

How to Remove the United States Courts Ransomware.

The piece of ransomware this removal guide will be covering is a little old, but it has recently been updated. And I have not written a removal guide for it in the first place, so I thought I should get that squared away.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go to http://www.bleepingcomputer.com/download/hitmanpro/ and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.

Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.

Read More