A fake Facebook password reset email seems to be doing the rounds in the last few days. When and if you see this email I suggest you delete it. If you get this we can remove it for you. The Facebook password reset email says the following:
Subject: Facebook Password Reset Confirmation! Customer Support
Dear user of Facebook,
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Thanks,
Your Facebook.
1: Install an Anti-Virus/Anti-Spyware program. Ensure to keep this up to date and do weekly full scans.
2: Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system (I.E Windows) and Internet Explorer. These updates fix security holes in both pieces of software.
3: Install and use an alternative web browser such as “Firefox” or “Google chrome” which generally have a less security risk.
Having the above set will help protect your computer but will not guarantee 100% protection. To aid yourself further in reducing the possibility of getting a virus or similar please note the following:
1: Email is a common way of getting infected
Whilst you can safely open an Email, NEVER click on a link within it or open an attachment that you are not positive is from a trusted source.
Here are 2 scenarios:
I. You get an Email from someone you DON’T know. You open it. It tells you (or, persuades you) to click on a link in the Email. You do so. That is when you get infected. Frequently, the Email appears to be from a bank or a company you know. Do not fall for this. Businesses do not normally send unsolicited Email.
II. You get (what appears to be) an Email from someone you do know. Unknown to you, a virus generated that Email (and not your friend). It could be that your friend’s computer is infected, but, not always. Obviously, the actual Email writer doesn’t know you and cannot say anything personal to you, so, typically, it says something like “Click on this link for some important information… “. You are now infected.
If in doubt, delete the Email.
2: Instant messengers. The same caution should be used with opening links and attachments as Emails.
3: Web sites
Visiting Adult, Free game or gambling sites pose a high risk of infection. In addition, do not download software or “Addons” from web sites that you are unfamiliar with. This includes sites such as “Facebbook” and “Myspace”.
4: Do not click on sudden pop-up windows whilst browsing the internet.
5: Do not use disks or usb drives that other people give you.
They could be infected with a virus. Of course, you can run a virus scan on it first, but Anti-Virus programs are not 100% effective.
6: Stay away from file-sharing sites.
Sites that distribute illegal software, music, or movies are known to be riddled with viruses. This includes torrents or other forms of P2P activities (Limewire for example). Staying away from these sites and programs is in your computer’s health’s best interest, as well as a good way to avoid being sued for copyright violation.
The above advice is generally good practice to follow but is not a 100% guarantee that your computer will not get infected again in the future, however, by following these tips you minimise the possibility greatly.
There are always computers that we see on site that have Norton, McAfee, Trend and WebRoot Spy Sweeper on them, and they are FULL OF SPYWARE!
I need to say that loudly because it doesn’t really matter what anti-virus program you use, spyware seems to get through them all.
So Lisa, please tell us…what are those programs good for? Well..they are good for a couple of things.
1. Regular virus protection (today’s viruses are spyware)
2. Slowing down your computer.
Period.
Spyware viruses and regular old viruses are not the same these days. Norton (I know this for a fact), will not support certain viruses and you will have to pay “extra” to get those removed. When you’re paying $80+ for the 360 package, you should get everything included. One of my clients had to pay extra for a certain virus removal. Kinda sad.
If you have purchased those products, have had a virus or 20 sneak past them or are finding them to slow down your computer…please Call That Girl for a phone consult and let us help you figure out a better system for protection.
If you are considering buying them, I would not. I remove many of those big box programs because they don’t work and are slower than bisquits drying in a hot sun.
My 2 cents! Enjoy your Wed!
Computer Maintenance Made Simple
Just like cleaning is an important part of any maintenance procedure, whether it is your automobile or whether it is your house, it is important for you to cleanup your PC while performing computer maintenance as well. In this article, we are going to discuss a few handy tools that enable you to cleanup your PC and maintain it in a good working condition.
Registry Cleaner Tool
The Windows registry is like the brain of your Windows PC. Even a small activity, such as browsing the Web or opening a Word document, affects the registry in some way or another. As your PC grows older, the registry, where all configuration information of your system is stored, gets cluttered with loads of outdated, obsolete, and incorrect data. This digital junk causes your registry to grow at an uncontrollable speed, eventually damaging it. A damaged registry generates frequent system errors and causes system freezes and crashes.
To fix registry errors and free it from all the junk data, you need to use a reliable and efficient registry utility. Using a registry utility, you can perform several registry repair tasks, such as scan, detect, and remove unwanted files, defrag the registry to make it contiguous, and create regular registry backups that can be restored easily if the registry fails.
Disk Cleanup Tool
Just like the registry, your hard disk also bears the load of unwanted program installation files, obsolete temporary files, and loads of other outdated, unwanted files and folders. The Disk Cleanup tool that is shipped with your Windows XP operating system is one tool that you can use to get rid all this unwanted data in one go. The Disk Cleanup tool also enables you to uninstall unwanted applications and Windows components, delete obsolete System Restore snapshots and compress old files.
To start the Disk Cleanup tool, open the Start menu, select All Programs, select Accessories, select System Tools and then select Disk Cleanup.
After you have cleaned your hard disk with the Disk Cleanup tool, you may use the Disk Defragmenter tool—also available in System Tools—to analyze your hard disk for fragmented files and make them contiguous.
Windows Uninstaller Tool
The Add or Remove Program option available in Windows systems to uninstall applications from your system, usually fails in completely removing the applications. To counter this problem, many advanced third-party tools are available on the Internet. These tools come in handy when you are cleaning up your PC. They work by scanning your entire system and registry for any files and folders related to the program you want to uninstall, and enable you to delete them, and to completely get rid of the application you are uninstalling.
Antivirus and Antispyware Tools
Last but not least, the PC cleanup process requires you to scan your system for any malicious files and registry entries added by malware programs, such as virus, Trojans, worms, spyware and aware, and delete them. In order to perform these tasks, you need to use the Antivirus and Antispyware tools. You must always keep these tools updated with the latest virus definitions to ensure that your PC is protected against the latest threats. It is also recommended that you opt for tools that provide you with the real time protection feature. This feature, as the name implies, works in real time and blocks malicious files from infiltrating your system.
Using the above tools regularly not only helps you in maintaining a PC free from junk, but also enables you to enjoy an excellent computing experience for a long time to come.
1. START-UP FOLDER. Windows opens every item in the Start Menu’s
Start Up folder. This folder is prominent in the Programs folder of the Start Menu.
Notice that I did not say that Windows “runs” every program that is represented in the
Start Up folder. I said it “opens every item.” There’s an important difference.
Programs represented in the
Start Up folder will run, of course. But you can have shortcuts in the
Start Up folder that represent documents, not programs.
For example, if you put a Microsoft Word document in the Start Up folder, Word will run and automatically open that document at bootup; if you put a WAV file there, your audio software will play the music at bootup, and if you put a Web-page Favourites there, Internet Explorer (or your own choice of a browser) will run and open that Web page for you when the computer starts up. (The examples cited here could just as easily be shortcuts to a WAV file or a Word document, and so on.)
2. REGISTRY. Windows executes all instructions in the “Run” section of the Windows Registry. Items in the “Run” section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above.
3. REGISTRY. Windows executes all instructions in the “RunServices” section of the Registry.
4. REGISTRY. Windows executes all instructions in the “RunOnce” part of the Registry.
5. REGISTRY. Windows executes instructions in the “RunServicesOnce” section of the Registry. (Windows uses the two “RunOnce” sections to run programs a single time only, usually on the next bootup after a program installation.)
7. REGISTRY. Windows executes instructions in the HKEY_CLASSES_ROOT\exefile\shell\open\command “%1″ %* section of the Registry. Any command imbedded here will open when any exe file is executed.
Other possibles:
[HKEY_CLASSES_ROOT\exefile\shell\open\command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\comfile\shell\open\command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\batfile\shell\open\command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] =”\”%1\” %*”
[HKEY_CLASSES_ROOT\piffile\shell\open\command] =”\”%1\” %*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] =”\”%1\”
%*”
[HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] =”\”%1\”
%*”
If keys don’t have the “\”%1\” %*” value as shown, and are changed to something like “\”somefilename.exe %1\” %*” than they are automatically invoking the specified file.
8. BATCH FILE. Windows executes all instructions in the Winstart batch file, located in the Windows folder. (This file is unknown to nearly all Windows users and most Windows experts, and might not exist on your system. You can easily create it, however. Note that some versions of Windows call the Windows folder the “WinNT” folder.) The full filename is WINSTART.BAT.
9. INITIALIZATION FILE. Windows executes instructions in the “RUN=” line in the WIN.INI file, located in the Windows (or WinNT) folder.
10. INITIALIZATION FILE. Windows executes instructions in the “LOAD=” line in the WIN.INI file, located in the Windows (or WinNT) folder.
It also runs things in shell= in System.ini or c:\windows\system.ini:
[boot]
shell=explorer.exe C:\windows\filename
The file name following explorer.exe will start whenever Windows starts.
As with Win.ini, file names might be preceeded by considerable space on such a line, to reduce the chance that they will be seen. Normally, the full path of the file will be included in this entry. If not, check the \Windows directory
11. RELAUNCHING. Windows reruns programs that were running when Windows shut down. Windows cannot do this with most non-Microsoft programs, but it will do it easily with Internet Explorer and with Windows Explorer, the file-and-folder manager built into Windows. If you have Internet Explorer open when you shut Windows down, Windows will reopen IE with the same page open when you boot up again. (If this does not happen on your Windows PC, someone has turned that feature off. Use Tweak UI, the free Microsoft Windows user interface manager, to reactivate “Remember Explorer settings,” or whatever it is called in your version of Windows.)
12. TASK
SCHEDULER. Windows executes autorun instructions in the Windows Task Scheduler (or any other
scheduler that supplements or replaces the Task
Scheduler). The Task
Scheduler is an official part of all Windows versions except the first version of Windows 95, but is included in Windows 95 if the Microsoft Plus Pack was installed.
13. SECONDARY INSTRUCTIONS. Programs that Windows launches at startup are free to launch separate programs on their own. Technically, these are not programs that Windows launches, but they are often indistinguishable from ordinary auto-running programs if they are launched right after their “parent” programs run.
14. C:\EXPLORER.EXE METHOD.
C:\Explorer.exe
Windows loads explorer.exe (typically located in the Windows directory)during the boot process. However, if c:\explorer.exe exists, it will be executed instead of the Windows explorer.exe. If c:\explorer.exe is corrupt, the user will effectively be locked out of their system after they reboot.
If c:\explorer.exe is a trojan, it will be executed. Unlike all other autostart methods, there is no need for any file or registry changes – the file just simply has to be named c:\explorer.exe
15. ADDITIONAL METHODS.
Additional autostart methods. The first two are used by Trojan SubSeven 2.2.
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\explorer\Usershell folders
Icq Inet
[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\test]
“Path”=”test.exe”
“Startup”=”c:\\test”
“Parameters”=”"
“Enable”=”Yes”
[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\]
This key specifies that all applications will be executed if ICQNET Detects an Internet Connection.
[HKEY_LOCAL_MACHINE\Software\CLASSES\ShellScrap] =”Scrap object”
“NeverShowExt”=”"
This key changes your file’s specified extension.
Hey Everyone,
Since there has been a huge influx of people reporting Viruses, Spyware, and Adware both here, I figured I would offer a “walk-through” of sorts to successfully remove these annoying items that plague us all. However, in this post I have made a few of assumptions.
These are:
1. You are a local administrator of your computer, and you know all of the passwords to your computer.
2. You have Internet access
3. You are able to boot successfully in to Windows XP SP3 (Latest)
4. You understand that there is absolutely no way to prevent Viruses and other forms of Malware 100% of the time.
—
So, lets begin.
First you will need to boot to Windows in normal operating mode. This is your standard operating environment. Once in Windows perform the following steps to turn off the System Restore function built-in to Windows XP. This is a useless feature anyway:
1. RClick on My Computer -> Select Properties
2. Choose the “System Restore” tab
3. Select/Check the checkbox that says “Turn off System Restore on all drives”
4. Click “Apply” -> Click “OK”
Now you will go download your prefferred removal utility. As a Systems Engineer I am constantly searching for softwares that are able to successfully remove dangerous malware/spyware. Currently, I am recommending the following softwares:
http://www.malwarebytes.org
http://www.superantispyware.com
http://free.avg.com
http://www.spybot.net
These are all free software programs. Absolutely no charge, but work extremely well when used in conjunction with eachother. Of the four software titles, SpyBot works the least and should be used last.
–
Once you have downloaded your preferred softwares you will need to install them. Once you have installed the software titles, make sure you update them to their latest definitions. When you are positive you have the latest definitions for all of your software tools shut your computer down completely.
At this point you will need to press the power button on your system to power the machine on. Once you have done so, and have received your POST beep-code begin pressing the F8 key once every second. This is most frequently found above the number 7/8 keys accross the top. After a time you will be prompted to select a Windows Startup mode. You are going to go all the way to the top, and select “Safe Mode”. Then press Enter.
*Important* At this point you will see a ton of directorys and files flood the screen, and your system will halt at the end for approximately 1-3 minutes while the safemode environment loads. This is normal. *DO NOT TURN OFF YOUR COMPUTER*
Once you have entered Safe-Mode you will be prompted with a Yes / No dialog box informing you that the computer is running in safe mode. Please Click Yes to continue running in safe mode. Then log in as the local Administrator.
Now that you are in safe mode, open the first of your preferred removal utilities. I recommend using MalwareBytes first for those of you using my recommended list. Perform a full system scan. This will take approximately 1-2 hours depending on the size of your computer, and the number of files it must scan. Once this is complete, move on to remove the items listed. Do not be concerned if any items are not able to be removed successfully. Remember: You have more software titles to run!
Now run the second of your preferred removal softwares. I recommend using SuperAntiSpyware at this time, if you are using my recommended list. Perform a Quick system scan. This will take approximately 1 hour. Perform appropriate removal.
Now run your Antivirus utility. If using my recommended tools, this will be a quick system scan using AVG Free Antivirus. This will take approximately 1 hour. Removal will be performed automatically with AVG in Safe Mode.
Finally, perform the same steps using your last scan using another alternative removal utility. This is when I would determine if I need to run SpyBot, or if I am comfortable with the results I have received with my other tools. Perform the appropriate steps for removal.
Now you can reboot your computer. I know, that was a long process but well worth it! 2-4 hours is better than rebuilding your system OS, and then having to reinstall all of your applications and drivers!
Once you have rebooted in to your normal Windows Operating environment, you can choose to re-enable the Windows XP System Restore feature I had you disable previously. I strongly recommend leaving it disabled, but some people swear up and down that stupid feature actually works. I just don’t agree.
At this time your system should be virus, spyware, and adware free! (Relatively speaking)
Remember folks: The only way to be 100% certain you will never receive Malware is to simply not use the Internet and to not allow ANYONE to touch your computer. This is usually not a viable option, particularly for gamers so BE CAREFUL!
I hope this is found helpful by at least one person.
What this programs does:
Antivirus 2009 is a new rogue anti-spyware program from the same family as Antivirus 2008 and Doctor Antivirus . Antivirus 2009 is installed and advertised through the use of misleading web sites that attempt to make you think your computer is infected with a variety of malware. Once installed, Antivirus 2009 will scan your computer and list a variety of fake infections that can’t be removed unless you first purchase the software. These infections are fake, though, and only being shown to scare you into purchasing the software.
When Antivirus 2009 is installed, a Internet Explorer browser helper object is also installed that displays fake messages when using Internet Explorer. These messages range from a line at the top of the browser stating an infection was found to adding a box to the Google homepage stating Google detected that your computer was infected. These tactics are just two more methods where Antivirus 2009 uses false information to scare you into purchasing their software.
[
Screen shot of Antivirus 2009
For more screen shots of this infection click on the image above.
There are a total of 4 images you can view.
This guide will walk you through removing the Antivirus 2009 program and its associated malware for free.
Tools Needed for this fix:
Symptoms that may be in a HijackThis Log:
Note: Some of these entries are random named.
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O4 - HKCU\..\Run: [75319611769193918898704537500611] C:\Program Files\Antivirus 2009\av2009.exe
O4 – HKCU\..\Run: [ieupdate] “C:\WINDOWS\system32\ieupdates.exe”
Guide Updates:
06/28/08 – Initial guide creation.
You should click on the OK button to close the message box and continue with the Antivirus 2009 removal process.
You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
Your computer should now be free of the Antivirus 2009 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.
Note: Some of these entries are random named.
%UserProfile%\Desktop\Antivirus 2009.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
%UserProfile%\Start Menu\Antivirus 2009
%UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\Program Files\Antivirus 2009
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll
Associated Antivirus 2009 Windows Registry Information:
Note: Some of these entries are random named.
HKEY_CURRENT_USER\Software\75319611769193918898704537500611
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “75319611769193918898704537500611″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ieupdate”
This is a self-help guide. Use at your own risk.
System Techs can not be held responsible for problems that may occur by using this information.
The most common places are:
Groups that are Prone to attack:
OK so you know you have a virus if you see any of the following going on: (the more you have the worse it is)
Desktop view is completely wacked
Your internet provider sent you a letter or turned off your service.
A social engineering scam has been detected which is about the Bank of America.
When users click the link on their emails, they will be redirected to a site which asks them to download an updated Flash player. A screen shot is included in the article at F-Secure which shows the site and the pop-up save message. The filename in the pop-up is Adobe_Player9.exe and it is 3.1 kb.
When that file is executed, it will download a trojan which steals confidential information.
Source: F-Secure
A few days ago, some malware authors went on a campaign and sent out spam about the new U.S. president, Barack Obama.
The example of the spam that is posted at Sophos contain three paragraphs and a link. The link directs the user to a news site and a pop-up message will show. The message tries to tell the user that he or she needs to update their Adobe Flash version to view the video in the site. Therefore, they need to download an .exe file which turns out to be a malicious Trojan horse.
It is detected as Mal/Behav-027 or Mal/Heuri-E.
Source: Sophos
