Back in Nov2011, there was an FBI Sting called “Operation Ghost Click” that resulted in the arrest of six Estonian cyber-criminals that used malware known as DNSChanger that infected over 4.2 million computers. Despite their arrest several months ago, there are many computers that could still be infected. So in an effort to clean up the mess left behind by their internet fraud ring, the FBI is urging internet users to check their computers for any DNS Changer malware.
One major sign of the infection is a hijacked internet browser which redirects to other unintended websites, maybe even porn sites, via fake DNS servers. Once your computer is infected with this DNSChanger, it relies on these fake DNS servers to access “all” websites. If the DNS Changer Working Group (DCWG) were to shutdown all these fake DNS servers at once, millions of computers “still” infected with this malware would lose their internet connection. As it was, the DWCG converted all but 350,000 of these fake DNS servers to temporary “clean” DNS servers. Read More Here…
Read More...
Just a brief post about using System Restore and malware infections. I recall in the past that one of the first things Symantec (Norton) suggested you do when your computer got infected, was to “disable” System Restore”. Disabling System Restore deletes all your old System Restore points. Their motive was to prevent you from reinfecting your computer later on in case you ever ran System Restore. I always disable/re-enable System Restore after removing malware, but “never” until “after” I have restored Windows to my satisfaction.
Recent System Restore Story
A recent example of this, is that I had a customer come in with a FakeHDD Program. He initially called telling me he had a bad hard drive. When he brought it in, I could immediately tell that he was just infected with a “fake” program called “System Check” telling him he had problems with his hard drive, but that is another story.
Anyway, he did the right thing bringing it in right away, and not putting off repairs for weeks and months like many other customers do. This could have been an easy fix using System Restore, but unfortunately, System Restore had been turned-off (disabled). System Restore can be very effective at reversing the effects of a sudden infection, but with no restore points to work with, I’ll have to disinfect the malware the time-consuming, old fashioned,way.
Also, when you get one of these types of infections, the average person probably won’t be able to invoke System Restore because these infections usually block you from running many built-in Windows utilities such as regedit, msconfig, Task Manager, and System Restore. But a decent PC Technician can usually work around this with advanced techniques and 3rd party software.
Suggestions
Before you ever decide to try and fix one of these problems yourself, please don’t go out and by some “miracle product” you heard about from the TV or Radio. PC Techs don’t use them and neither should you! Some FakeHDD infections hide and move files and folders into “Temp” folders and if you start trying to fix the problem yourself by using some “cleaner”, you may cause permanent program shortcut and misc data loss. So always back up your important data first. And don’t use System Restore frivolously, you might fix one problem and get another.
Read More...
Yes, This is one of my Tech Rants
I had a lady call me today asking how much it costs to have a virus removed. First off, we do this for a fixed-flat rate which is published at our shop and online on our website. Even so, the answer can be as loaded as the question itself when the customer challenges the amount. We charge a mid-range price for this service. It isn’t as low as some of the bargain-basement pseudo techs on Craigslist, yet not nearly as much as the Geek Squad at Best Buy.
Anyway, I told her we do it for a flat rate of $129.99 in-shop. Then she responded, “Just to remove only “1″ virus?” She wanted to haggle the price because she thinks she only has just “1″ virus, as if the price should be pro-rated. How much for just 1 peanut I thought. I tried to ask some questions about the problem, but her expectations quickly met her ignorance and she was mildly rude about it. I kept professional about it and she hung up without saying goodbye. I can usually shake it off, but this call drove me nuts, because I know my local market, my abilities, and the computer mentality of most of my customers. While I’m not famous, Ashton Kutcher could’ve Punk’d me good with this one, but I think this lady was for real. Read More Here…
Read More...
Posted in
Tech Rants
Anybody who banks online knows to check their account periodically to reconcile your transactions and verify your balance. By keeping a close eye on your balance, as well as checking for unauthorized transactions, you could immediately identify any fraudulent activity with your account and report it asap, or can you? Well, a new version of the SpyEye Trojan just made the news and is making many rethink how they monitor their bank accounts online. This trojan has been used to to steal funds from consumer’s accounts with a twist, it covers it tracks, and edits the balance you see displayed on your computer, making you think your money is still there! Read More Here…
Read More...
While many people have a love-hate relationship with Microsoft about their Windows Updates, these aren’t the only updates you should be keeping up with. By the way I already covered Windows Updates in a previous article. As for Java Updates, it is a good idea to keep up-to-date because I am seeing more and more computers infected with Java Exploits that may have been prevented if they had the latest version of Java installed. Some Java exploits do little to make the victim aware that their computer is even being exploited, so you won’t always see symptoms that you are infected, so performing updates and regular security scans is a must. Below is a screenshot of a Java infection detected by ESET Nod32.
Read More Here…
Read More...
If you receive a call from a person from (425) 998-1533 with an Unknown Name on Caller ID claiming that your computer has errors and/or viruses, it is a Phishing Scam. They might even claim they are from Microsoft, which might appear legit to some because of the Washington State area code. But if you call the number back, you will get a recording from the FTC with a message describing that this is a phishing scam and will refer you to http://onguardonline.gov for more information about online safety.
I even had 2 of my own computer repair customers here in Hawaii that were called and one even went as far as letting the scammer remotely access their computer with Logmein Rescue software. Luckily, her husband suspected something fishy about the call and literally unplugged their computer to stop whatever the scammer was doing. When my customer brought their computer to me in my shop, all I found was the Logmein remote access software and they didn’t appear to get a chance to do any harm. Read More Here…
Read More...
I mentioned this in a previous post but I wanted to bring it up again because I continue to see a variety of “malicious” FakeHDD Alert programs that are rendering people’s computers almost useless because it hides many of your programs, files and folders.
The biggest preliminary caution about this type of infection is to “NOT” run a Temp File cleaner like CCleaner until “AFTER” you have restored your Program File shortcuts. While cleaning the temp files would normally be one of the early steps you should perform, in this case, you would be deleting the folder that the malicious program is hiding them in, namely C:\Windows\Temp\smtmp. Read More Here…
Read More...
Removing “Privacy Protection” Malware with System Restore
Manually removing malware, especially Fake Alerts like “Privacy Protection” is a fine art practiced by dedicated, starving PC Technicians. It isn’t something that is taught so much as it is a skill that needs to be absorbed by years of hands-on experience. Because of the ever changing cat-and-mouse game involved with battling malicious software (malware), it is not something the average person is trained or equipped for. But for the average person who wants to take a stab at it, read on… Read More Here…
Read More...
I’ve been seeing an increase in a different type of Fake Alert program in the last few months that are really annoying. I suppose the masses are now aware of the Fake Antivirus, AntiSpyware and Registry Cleaner programs by now, but there are other types of Fake Alert programs that may catch you off guard and people are falling for them. One such Fake Alert are computer analysis and optimization programs in the the Fake Hard Disk Drive (FakeHDD) family of programs.
The majority of these FakeHDD programs involve making you think your hard drive is going bad and that you have lost data. While it is possible for a bad hard drive to still work well enough to boot to Windows, some of the errors these FakeHDD programs warn you about should be fatal to your system. And if that were true, your computer shouldn’t even work enough to for you to even be seeing the alert. I hope that makes sense. Two FakeHDD programs I have been seeing recently are called “System Restore” and “Data Restore“. Some of the fake errors you might see are: Read More Here…
Read More...
Yes, this post qualifies as a Rant (although it does involve spyware prevention), but don’t read-on if you don’t want to read about some of my computer repair pet peeves. I just repaired a customer’s Acer laptop computer that had a bad hard drive. The platter was so damaged that not even DriveSavers could recover the data! Anyway, I installed a new Sata Hard Drive and installed Windows Vista from scratch. As part of the job, I installed the latest Drivers from Acer’s website, Windows Vista Service Pack 2 (Vista SP2) and some miscellaneous Security Updates. Of course I did much more than that, but I want to focus on an issue with Windows Updates and Registry Cleaners. Read More Here…
Read More...
