Category: Virus Prevention

One of the most complicated tasks we perform is virus removal. Also known as malware, trojans, back door threats, and adware.
A computer virus is a small software program that spreads from one computer to another and interferes with computer operation. A computer virus might corrupt or delete data on a computer, use an email program to spread the virus to other computers, or even delete everything on the hard disk. During the past few months we have seen a proliferation of  a nasty virus and variants of what is called the FBI moneypack virus.  FBI Moneypak ransom ware is a virus  that displays a fraudulent FBI warning as part of its attempt to steal money from the victim via Moneypak (that is typically purchased from local convenient stores). It is a close relative of the ‘Access to your computer was denied’ Virus, Police Central e-crime Unit ransomware, and others.

How do I know if my computer has been infected?

After you open and run an infected program or attachment on your computer, you might not realize that you’ve introduced a virus until you notice your system is somehow not acting as it usually does.

A few indicators that your computer might be infected:

• Your computer runs more slowly than normal
• Your computer stops responding or freezes often
• Your computer crashes and restarts every few minutes
• Your computer restarts on its own and then fails to run normally
• Applications on your computer don’t work correctly
• Disks or disk drives are inaccessible
• You can’t print correctly
• You see unusual error messages
• You see distorted menus and dialog boxes
• upon starting, you get an error message stating “operating system not found”

Thorough removal of these can take upwards to four hours and includes detecting the virus, deleting the signatures, and subsequent scans to be sure nothing is hidden and waiting to come back to life at a later date. If you pay what the virus programmers want, typically between $200 to $400, the virus will appear to be eliminated, when actually it is only disarmed so that it can, and will, again infect your system.

I can remove all these types of Virus/malware and others for around $80. You can be guaranteed your device will be clean and no remnants remain.

These viruses are typically the result of a visit to an adult site, coupon sites, an intentional dirty site, or through email. However, Beware of messages warning you that you’ve sent email that contained a virus. This can indicate that the virus has listed your email address as the sender of tainted email. This does not necessarily mean you have a virus. Some viruses have the ability to forge email addresses. In addition, there is a category of malware called rogue security software that works by causing fake virus alerts to pop up on your computer.

How do I prevent these programs from gaining control of your system?

Although a good virus program is your best first line of defense, these advanced, nasty viruses are known to disable your virus scanner as the first measure of gaining control of your device. You must be proactive whenever you go online. If you frequent adult and coupon sites, make sure your virus definitions are up to date, and do a full computer scan after leaving a suspect site. Download Malwarebyte’s  anti-malware program and run once a month to remove rogue programs. Be sure to just run this program as a standalone process, and do not run on an a consistent basis if you use Norton Internet Security as your virus program because of incompatibilities (this is as of May, 2013). Make sure the icon for your virus program is visible in the taskbar, so you will notice if it needs attention. Other things to consider include:

ü  Keep all software up to date. Regularly install updates for all your software and subscribe to automatic updates wherever possible.

ü  Use strong passwords and keep them secret. You can use a piece of software like Roboform that generates and stores strong passwords.

ü  Never turn off your firewall. A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a minute increases the risk that your PC will be infected with malware.

ü  Use flash drives cautiously. Putting your flash drive (sometimes called a thumb drive) in a computer that is infected could corrupt the drive, and ultimately your computer.

Do not be tricked into downloading malware

• Delivering malware in downloads that you think are pictures or movies, or through links that you click in email or instant messages (IM), or on a social network.
• Scaring you into clicking a button or link they supply with fake warnings that your computer has a virus.
• When downloading Adobe or Java updates, be sure to uncheck the box asking you to install Google or Ask toolbars. TOOLBARS are notorious for containing adware. Try to stay away from toolbar extensions.

Virus and spyware can cause many computing headaches. You must utilize a proactive approach to when online to mitigate your chances of infection.

Use the latest operating system from Microsoft available when at all possible. When Windows XP was released, it was the greatest thing since sliced bread – but it was also full of security issues, which got much, much worse as time went on. Windows XP is now ranked one of the most unsecure and dangerous operating systems in the world. In other words, don’t use Windows XP; instead, use Windows 7, 8, or 10 – preferably Windows 10 – because each edition of Windows contains more security features to protect you from today’s threats.

Never, ever call a 1-800 number to “fix” a “computer problem” that spontaneously appears out of nowhere – especially while you’re browsing the Internet. These are scams. Examples include: you visit a website and all the sudden, your computer starts talking to you and says you’re infected; it then conveniently provides a 1-800 number to “fix” the problem. Another example: you visit a website and you experience a (fake) “blue screen of death” or a fake “firewall warning” message, along with a 1-800 number to “fix” the problem. Another example: you visit a webpage and all the sudden it lists your IP address, your country, location, and even your Internet Service Provider, then tells you to call a 1-800 number because you’re “infected”. These are scams for fake tech support with the average cost of $300 or more, plus the risk of identify theft. Once these scammers get your credit card, they will hound you repeatedly for more “fixes” to up the ante.

If “Microsoft” calls you on the phone and says your computer is “infected”, tell them to pound sand and immediately hang up the phone. I have another post that goes in depth about this. This is a scam for fake tech support, similar to the above example, with the average cost of $300 or more, plus the risk of identify theft. These bastards won’t give up easily and will likely call you repeatedly – you need to be resilient and simply hang up. Note that the real Microsoft Corporation does not solicit tech support over the phone. In fact, if any “technician” solicits you on the phone out of the blue and claims you have a virus, or that they want to get into your computer for this, that, or anything else – it’s probably a scam! Take note – if they usually solicit you – not you soliciting them – it’s probably a scam!

Backup your system regularly using disk images. Do the backups locally – not on the cloud – preferably on an external hard drive. Disk images are the best backup choice because they can restore both operating system and user files, whereas simple backup programs can only restore user files. Cloud backups are not ideal for disk images because it requires backing up the entire hard drive, which would take days, if not weeks to backup (and restore) over the Internet due to inadequate connection speeds. Cloud backups for the most part are simply a bad decision, cost money, and are not necessary – this is especially true when free cloud backups exist – but only for a small subset of data. Besides that, cloud backups cannot restore your operating system especially if the operating system is unbootable; disk image backups always have a bootable recovery environment (usually on CD or USB) in such cases.

Download Windows Updates and install them whenever they become available. Most operating system security issues are related to loopholes in the graphical user interface (GUI) of Windows. Therefore, you need to patch your system regularly, and as soon as the patches become available. If you are worried that a patch may install improperly and cause problems on your machine, you can use a disk image backup to rollback if necessary. There is no reason to delay patching your system.

Always keep your antivirus up to date and do a full system scan once in a while (example: every 30 days). Most antivirus programs will patch themselves automatically, but it’s important to check the interface to ensure the antivirus is running and that your system is protected. Also, be aware of fake antivirus and fake antimalware programs online – these are scams. Stick to brand names like Avast, Avira, Norton, Mcafee, and the like.

Don’t go overboard on “protection” with third-party utilities that claim to “protect” your system “more” than the operating system already does, as this will only serve to slow your computer down to a crawl. This is especially true if you are running Windows 10, which offers the most protection for PCs. The only protection you need is a properly configured firewall (the Windows Firewall works fine as it is), and real-time antivirus file scanning.

Don’t click on email attachments even if they come from “friends”. The rule here is: if you didn’t ask for it, don’t click it and certainly don’t install it, no matter how convincing the source may be. If your friend gets infected with malware, the malware will propagate itself by emailing everyone on his contact list with a convincing “personalized” message, usually asking to open some sort of email attachment (which then infects you) or click on a link (with the potential to infect you). Only open an email attachment if and only if you’ve expressly asked for the attachment ahead of time.

Never, ever download or install a program from a source you don’t otherwise have a trust relationship with. For example: if you click on a friend’s email link that contains a “funny video” and it takes you to a website you’ve never been to before, which then promises to ‘fix’ a problem for your computer, or provides you with something that seems too good to be true, don’t click it and don’t install it. Remember: if you didn’t ask for it, don’t click it and certainly don’t install it, no matter how convincing the source may be.

Should you download a program from a reputable website and install the program to your machine, always be careful to read through the EULA (end user license agreement) to make sure the program you’re installing isn’t going to spy on you or install third-party programs. Also, whenever possible, don’t install any “third party offers” that prompt you during a program installation (otherwise known as “bundled goodies”), as they are usually scams. Remember: if you didn’t ask for it, don’t click it and certainly don’t install it, no matter how convincing the source may be.

Always keep banking and other financial information secure, encrypted, and password protected. Should your system become compromised, you don’t want hackers accessing your financial data in a plain text file. Instead, use a password-protected and encrypted file to store such information.

Don’t use the same password on every website – this is one of the best things you can do online to help keep online data breaches under control. Use unique, strong passwords for every website you visit. This will lessen the chance of a hacker gaining access to one account, and then accessing all your accounts online. If possible, use a password manager like Roboform (That is what I have used over 10 years) that can encryp,t and keep track of all your passwords, and automatically fill forms for you.

When in doubt: hire a good tech that knows what he’s doing, is trustworthy and has your best interest at heart, and will always steer you in the right direction. I provide such a service. If you need to get in touch, all you need to do is contact me at:

Coast Computing

561.452.6132.

 

[paypal_donation_button]

Advertisements that not only look legitimate but also contain malicious code in an effort to infect systems are known as a Malvertisements. Cyber-criminals use Malvertisements to try to spread their malware to a greater audience of users by submitting malicious ads to online advertisement networks.  The ad networks are usually not aware of the cyber criminal’s intent and approve non-malicious ads, initially submitted by the criminals.  Once the ad is approved the cyber criminals switch out the legitimate ad for the malicious one, right under the noses of the ad networks.

The networks fail to check modifications made to the advertisements and therefore allow the Malvertisments to be shown on their customers’ webpages. The ad networks also quickly cycle through different advertisements with each view of the customer web-page. The dynamic scrolling of ads makes it difficult not only to flag the existence of a Malvertisement circulating on a network but also identifying which advertisement is the culprit!

Examples

Here are a few examples of Malvertisements in action:

July 2010: TweetMeme.com

• Malicious Advertisements targeted site visitors after a rogue advertiser spread a malicious advert through y5-media.com.  The result was users redirected to drive-by attack sites that installed fake antivirus malware

April 2010: Facebook Farm Town Game

• An advertisement served on a popular Facebook game was delivering Rogue AV software, claiming that the user’s system had been infected with malware and their product could help them

May 2012: Malvertisements found on Blogger Website

• Adverting network, Clicksor, was found serving malicious advertisements to users of a Blogger website leading to the BlackHole Exploit Kit

As you can see, Malvertising happens all the time; and while the effort from the community to fight these attacks has advanced greatly over the last few years, the threat is far from gone.

 

Using a product like Malwarebytes Anti-Malware can help with these type of infections.

What is Koobface?

Koobface is a computer worm which spreads via social networking sites. Koobface is being “invited” onto many computers through infected links in Facebook.

Most social networking scams spread on social networks because users inadvertently recommend them to their friends and within their circles. Koobface actively infects your PC and then it deliberately spreads itself via social networking sites.

Koobface knows how to create its own social networking accounts so that it can aggressively post links helping it to spread even further.

The most common infection method is through a fake video player. If you click on one of the links which Koobface has posted, you’ll end up on a fake web page – typically a fake YouTube, Facebook Video or a fake Adobe Flash download page. They might offer a clip to watch. However, they claim first you need a Flash update. The video player popup update notice is fake, it’s actually just an installer for the Koobface virus. The only real Adobe Flash download page is found at “http://get.adobe.com/flashplayer/”  If you will notice the link presented to you as the download address, it is different.

 

Important Side Note:

As a side note anytime you go to a website that asks you to update your Flash Player, it most likely is a false infected link you are being given. If you do, however, get to a site that inundates you with a pop up that doesn’t seem to close immediately do the following:

-Do not touch any browser window to close it or try to browse further.

-Immediately press Ctrl-Alt-Del (Ctrl-Shift-Esc in Vista or Win 7) and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or, the executable for the browser you are using. –or– -Go to Start/Shut Down and restart the PC without touching any browser windows.

-If you have used task manager to close browser instances, reboot the machine.

-Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same – delete the local cached files and cookies.

-Perform a full scan with your virus program or a third party malware scanner like Malwarebytes anti-malware.

The above steps should prevent the infection from taking hold if you suddenly receive random pop ups from Koobface or any other program trying to infect your computer by posting false advertisements. Remember: No one knows if your computer is infected and if a popup says you are infected, it is almost always a lie.

 

Back to Koobface:

Koobface is part of a zombie network that allows cyber crooks to be able to instruct your PC to download and run any other software they choose. The Koobface worm allows cyber-criminals to track and record sensitive data about you, for example, it can see what logins and passwords you enter on particular websites, and it can discover credit card information and other banking information. In addition, this malicious worm can display vague ads convincing you to install fake anti-virus programs and other malicious software.

 

How to avoid getting infected in future:

– Keep your patches and your anti-virus up-to-date. This won’t stop all threats, but it will stop most of them, including Koobface.

– Don’t be tempted by links on social networking sites just because they look cool. A little caution goes a long way.

– Never download video player software just because a site offers you an update. Reputable sites will explain what you need so you can seek it yourself, rather than trying to trick you into downloading what they want.

 

After removing any malware, especially zombie malware, it’s a good idea to change passwords on all your on-line accounts. And keep an eye on your bank statements, just in case.

 

Also view our article dated 11-18-2014 called “Your computer is infected”

 

If you are unsure or need assistance, please call Coast Computing 561.452.6132. We can help you remotely while you watch.

 

 

 

 

[paypal_donation_button]

People have asked where can they find the latest information about recent viral attacks. The following site has an updated page that will inform the reader to the latest attacks, and allows you search for specific attacts by name. Of course if you have a nasty infection that you cannot seem to eliminate, you can call us at 561.452.6132 and we can remote into your computer. Beware of boiler room calls when a person proclaims to know you have a virus, will connect to you, and when they (mostly falsely) say they can repair your computer for $250. When you decline because of this outrageous price, they will then proceed to infect your computer further so that you will panic and pay them what they want. We perform this service for under $80.00. Sometimes less than $65.00. Don’t be scammed by people claiming to be from Microsoft, or a Microsoft partner. Microsoft has never performed virus removals. If you ever do fall prey to one of these services, be away they typically install a time-delayed virus that will re-infect your computer at a later time so they can again rob you of your hard earned money.

 

Site: Updated Virus Information Site

 

Paul

 

“Warning—your computer is infected! System detected virus activities. They may cause critical system failure. Click here to get available software.”
You may be one of the numerous people who have received similar pop-up alerts. They commonly appear after you open an email attachment, download files, visit websites programmed to download malicious software or click on a pop-up advertisement.
Consumers be wary of fake anti-virus alerts. NEVER click on pop-up anti-virus alerts.
Scammers often use the names of well-known companies that specialize in computer software to gain your trust. The pop-up advertisements aim to mimic genuine warning alerts generated by computer security software.
The software or “free scan” offered in pop-up alerts often doesn’t work or actually infects your computer with the dangerous programs it is supposed to protect against.
This scam aims to either charge you for bogus software and/or obtain your personal information. Once your computer is infected, the scammer commonly gathers personal information to steal your identity or to sell it to other criminals.
Although the majority of anti-virus pop-up alerts are fake, there is an off-chance that you have received a legitimate virus warning. If you are unsure whether it is a genuine warning, check the official virus page of your anti-virus vendor or give us a call at 561.452.6132.

Warning signs
• Fake anti-virus spyware programs often generate more “alerts” than the software made by reputable companies.
• You may be bombarded with pop-up alerts, even when you’re not online.
• Scammers commonly use high pressure sales tactics to convince you to buy NOW!
• The alert may request you to pass on the “warning” to “others in your address book” or “everyone you know”.
• Broken or oddly phrased English.
• The message is not addressed to a specified recipient, instead it is addressed to the ‘account holder’ or uses another generic title.
• If your computer has been infected, it may dramatically slow down. Other signs that your computer has been infected include new desktop icons, new wallpaper or your default homepage is redirected to another site.
Protect yourself
• NEVER click on pop-up alerts! Don’t even click on the cross to delete the pop-up alert as this may result in getting more pop-ups. Instead, hit control + alt + delete to view a list of programs currently running and delete the pop-up alert from the list of running programs.
• Use reputable pop-up blocker software to avoid pop-ups on your computer.
• Keep your computer updated with the latest anti-virus and anti-spy ware software. Also use a good firewall.
• NEVER open email attachments unless you can verify the sender and you trust them.
• NEVER click on the links in spam email.
• NEVER rely on the contact details provided in a pop-up message. Instead, find your anti-virus vendor’s contact details through an internet search.
• Avoid questionable websites. Some sites may automatically download malicious software on to your computer.

A call comes in, the client says they downloaded Adobe Reader and now they have Junkware all over their computer. Their search engine is messed up and they have pornographic ads on their Google page.  Just downloading an easy program like Adobe can do this to your computer, but come on….Adobe Reader is from Adobe, right? Of course it is, but its not at the top of your Google search. It’s about 4 places down. See the picture below?

It shows you a basic search in Google for Adobe Reader. The real one is the 4th one down, under the “Ads”. This is sometimes hard to notice. I know this because the website is actually an Adobe website, not Adobereader.com or some other fake site. Sometimes it is very tough to tell these days!

However, Adobe did download and works, so what happened?

You did get Adobe Reader, but it was bundled in a “download manager” filled with adware, spyware and sometimes Trojans! Sometimes you can download up to 20 programs! I have spent over an hour  uninstalling this Junkwareware.

So please be mindful when Googling and if you are not sure, don’t do anything and call us to install the program(s) properly. This will end up being cheaper than a virus removal.

During the month of August, 2013, we have noticed two phishing attempts from people trying to get personal information through emails appearing to come from the IRS and PayPal. Remember, neither company will ever send a personal email to you asking to update your account. If you do receive such an email, forward the entire mail to the appropriate address listed below:

phishing@irs.gov    or    spoof@paypal.com

I contacted each and got the following:

From the Internal Revenue Service:

Please note that the IRS does not contact individuals by email.

Therefore, if you received an email claiming to be from the IRS it is a phishing attempt and should be reported to us.

 

From Paypal:

• to stay safe from PayPal fraud or scams:
• Log in safely: To log in to your PayPal account or access the PayPal website, open a new web browser (e.g., Internet Explorer or Firefox or Chrome) and type in the following: https://www.paypal.com/
• Check the email greeting: Emails from PayPal will always address you by your first and last name or the business name associated with your PayPal account. A PayPal scam email may include the salutation “Dear PayPal User” or “Dear PayPal Member”
• Look out for attachments: PayPal emails will never ask you to download an attachment or a software program. An attachment found in a PayPal scam email will often contain a virus that can harm your computer or compromise your PayPal account
• Never give out personal information: If we require information from you, we will notify you in an email and request that you enter the information only after you have safely and securely logged in to your PayPal account.

PF 8.23.13

Amsecure.exe is the main process of Internet Security 2013 virus. When Internet Security 2013  gets installed onto your computer it will  report various sorts of security problems.

It will report of many viruses allegedly attacking your computer, such as the W32/Blaster.worm. The viruses  reported are real signatures, however, they have not infected your system. The only real virus you have is The Internet Security 2013 virus.

The software bearing the name of Internet Security 2013 is not capable of identifying real security threats and thus cannot remove them. The reason why this rogue security program was developed was to trick users into paying for the licensed version of this malware program.

So, when you see Internet Security 2013 fake anti-spyware in front of you remember what we’ve told you – this is a rogue security tool and not any legitimate program. Do not let this malware sample scare you. The reports it gives are not based on the true facts. You must ignore them all and get rid of the hoax without hesitation. Needless to mention, do not pay for this program. You will waste your money and will not receive any decent protection of security for your computer.

In fact, by disclosing your personal bank details or the information about your credit card you are making your finances vulnerable to further attacks and attempts of the frauds to rob you.

If you get infected, call us to guide you in removal of this virus. This virus started affecting computers in southern Florida around May 5, 2013.

Please call us for help if you get this infection. It will normally disable the virus program ypu are using.