FINALLY - Microsoft comes to (their?) senses

FINALLY something IMHO long overdue is going to happen:

Microsoft will start to remove the worst of the bad ones!

Please read the details here.

You don't need to call me if after March 1st. your "Optimizer program" has gone missing. I will wait and see what else they (Micro$oft) will declare "coercive" and then remove.

Stay safe!

2016-03-24 WBKV Talking Points

Today nothing but viruses, malware and currently acute dangers.

• Ransomware (so far mainly from infectious MS-Office documents)
  Record ransom paid; 17 million US$ 
   -  -
• now infectious advertisements on BIG company web sites with 100s of millions of visitors every day:
  - -
  New York Times (nyt.com)
  AOL.com
  ESPN.com
  MSN.com (MicroSoft Network)
  NFL.com (yes, National Football League)
  TheWeatherNetwork.com
  TheHill.com
  Yahoo.com  and many more.

I feel like a prayer wheel:
   If you see advertisements in your web browser your computer is at risk!

Firefox web browser with Adblock Plus and WOT are the browser protections you should use!

No, not Goggle Chrome, Safari or Edge or Internet Explorer!

2016-03-10 WBKV Talking Points

Part 2: Stay Safe on the Internet

Be aware that trustworthy companies, especially Microsoft and it’s affiliates, will never contact you because of a supposed technical problem of any kind.

The following will definitely be scams:

• Phone calls
• Advertisements for technical support for any software product on search engines like Google, Yahoo or Bing
• Pop-ups for tech support from social web sites (Facebook! or LinkedIn)
• Pop-ups for tech support that promote phone based tech; these usually require a previous malware infection or an unsafe web browser.

Scam avoidance 101:

1. Never completely trust someone you don’t know who called you.
   Listen to them, if you like.
   
2. Ask questions, if you feel like it, but NEVER EVER give them access to your PC
   
3. NEVER EVER give them any payment information.
   
4. Tell them that you will let your local tech look into it (even if you don’t have one).
   
5. If the caller hangs up – good for you.
   
6. If he/she gets impolite or abusive it’s your time to hang up!

Afraid of a real problem? Do the research yourself or contact a trusted tech support person.

Chances are there’s nothing to see at all.

If you have handed over payment information, you’ve just given that information to a complete stranger. Immediately put your credit card or payment provider on fraud alert. If you allowed the scammer to access your computer things can get ugly. Do NOT use the computer; you usually have no idea what they did. You need a trusted technician to check out your machine.

This IS a common scam right now and the best defense is to not fall for it in the first place.

Another currently growing threat: MS-Word, Excel or Powerpoint files sent as attachments! When these files are opened you mostly see the request “... to turn protection on ...” or similar tricks. Don’t do it, don't believe it, it's a trick!  Many very nasty ransomware viruses use this trick! If you do not have a current backup YOU PAY! You either pay the crooks to get your files back and/or a trusted technician to re-build all the software on your computer.  And if you don't have install disks for Windows  - b.t.w. they do NOT come with computers any longer - you have even more problems.

Stay safe.

Wrong, Every Step She Took Wrong

Original text of email I got from a long ago customer:

Recently our Microsoft Essentials "little house"  has been erratic in its stability.  We have done full scans and quick scans with it staying green for a short period of time changing to orange and then eventually to red.

I googled this question and received an answer that Microsoft is not updating this since last year - so the definitions are not really up to date.  Is this true?
It was suggested that I get AVG Anti Virus which is Free.  I did do this and it  appears to be doing the job with the green circles, etc. 

On that same page there is a area where I can check to "fix performance".  It is a PC Analyzer - After doing this, the report was: many errors in various areas and they said it could be fixed for fee/one time and/or I could get a program for 1 year.  I would not need one for one year but I would like take advantage of the free analyzing of this performance.  Do you think I should do this and is AVG a good solution if indeed Microsoft has stopped updating?

... [I] realize we will have to update to windows 10 when they force us to do so.  If we do not do this will they charge us?

 And here is the original text of my reply, please judge for yourself:

Thanks for asking. If you remember I do not express myself politically correct so please brace yourself for some rough truths:

• The "little house" you refer to represents Microsoft Security Essentials which was your anti virus program until you installed AVG.
• ANY anomaly with your anti virus should have rang a LOUD alarm bell.
• If it has not updated since last year your computer potentially was not protected against common viruses.
• AVG is a program that I urge my customers to stay away from!
• It installs really crappy programs, that is how AVG (the company) makes money nowadays.
• PC Analyzer IMHO is known malware.
• I bet you that almost ALL the errors that you get shown are false messages meant to scare you into installing even more useless programs.
• Keep going with these silly suggestions and soon your computer will likely not be usable any longer.
• No, DO NOT take "advantage" of the "free" solution that you mention, it will make it only worse.

I believe I still could fix the situation and hopefully repair your computer. I guarantee that the free solution will not work to your satisfaction. 

The question about "they" ( I assume you mean Microsoft?) charging you only Microsoft can answer and they, MS, has been asked the same thing thousands of times; so far MS has only replied with marketing blah-blah; we just do not know. My personal suspicion is yes, no later than January 2020 when in MS's view Windows 7 comes to the end of it's supported lifetime.

In case my replies offended you I apologize, that was and is not my intention at all.

For my readers here: No further comment from my side; please come to your own conclusion and PLEASE, don't make similar or the same mistakes.

Stay safe.
 

2016-02-25 WBKV Talking Points

Stay Safe on the Internet

1. Always install Operating System updates
    
2. Keep your installed applications up-to-date
    
3. Do not use the same password at every site
    
4. Install and be sure to update your anti-virus software
   
   
5. Additionally install a free anti-malware scanner and use it(!) regularly
    
6. Use a firewall (the FW built-in to Windows is good enough!)
    
7. Backup your data!
    
8. Enable the display of file extensions
    
9. Do not open attachments from people you do not know (especially Word files, Locky ransomware travels in Word files! Use MS's Word and Powerpoint viewers to check files)
    
10. Delete emails that say you won a contest or a stranger asking for assistance with their inheritance or money transfer
     
11. Watch out for online and phone support scams
     
12. Ignore and close web pop ups saying your computer is infected or has a problem (use ALT+F4)
     
13. Ignore and close web pop ups that pretend to be a Windows alert (use ALT+F4)
     
14. Some types of web sites are more dangerous than others
     
15. Be extra vigilant when using Peer-To-Peer Software (torrents!)
     
16. When installing software, watch for "bundled" tool bars and programs you don't want
     
17. Read the End User License Agreement (EULA) Lol, I know!  
    
     

2016-02-11 WBKV Talking Points

Today I want to talk only (or mainly) about modern malware and how it gets in our computers.

Pull up this web page and you have the detailed blueprint for today's talk.

The 10 worst offenders are (IMHO #1 is by far the worst one):

1. Download portals
2. Fake updates (e.g. Java, Adobe Flash, Yahoo!) 
3. Installer programs (mainly from download portals)
4. PuPs downloading and installing more PuPs
5. Express installation (expressway to an infected computer)
6. Custom Install abused with confusing EULAs
7. Home page and search provider changed
8. Forced install (e.g. Inbox Toolbar)
9. Other people(!) using your computer (visitors, relatives)
10. Researching PuPs; do it ONLY in a virtual machine! 

Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid Them.

Disclaimer: I copied the title literally from this blog post.

And that is all I want to say here; this article is simply a MUST READ if you ever had PuPs installed or had to call me because everything got so slow or whatever problem you had.

95% or more of all computer problems I encounter nowadays are initially caused by a PuP! The authors of these PuPs have gotten very clever and constantly invent new tricks to dupe the unsuspecting computer user.

Only permanent vigilance, caution and attention to detail can ultimately somewhat protect us and our computers. 

Please note the use of the word "somewhat" in the previous paragraph! 

For the first time ever I will directly recommend a piece of commercial security software. 

If you want the IMHO best automatic protection against all kinds of malicious programs including PuPs then you will have to pay some money, currently just shy of $40 per year for a single computer. You find details about Emsisoft Anti-Malware here.

Another disclaimer: I am in no way at all associated with Emsisoft or any of their distributors or resellers!

If you don't want to pay that is fine, you just have to DIY (do it yourself). MSE or Defender in conjunction with Malwarebytes Free will do it just as well but you have to regularly do more yourself.

Whether you want to pay for Emsisoft Anti-Malware or not doesn't really matter, IMHO you simply HAVE TO READ this article.

 Stay safe.

Yahoo! - Helps to Distribute Malware

I have said it to countless customers and I say it again, publicly and absolutely clear:

If you see advertisements while browsing the internet
then your computer is not set up safely!

I have said it to countless customers and I say it again, publicly and absolutely clear:

Stay away from Yahoo!

And I mean Yahoo! everything; email, finance, sports, EVERYTHING that comes from Yahoo! 

Here is a literal quote from NetworkWorld.com (bolding and links added by yours truly):

Malwarebytes Labs recently uncovered a large malvertising attack on the Yahoo! advertising network that started on July 28. Malwarebytes estimates that up to 6.9 billion readers could have been affected, making it one of the largest malvertising attacks Malwarebytes Labs has seen recently.

Malvertising is defined as crafted advertisements that intentionally infect the computers of anyone who visits the site. A tiny piece of code hidden deep in the ad will reroute your computer to criminal servers without your knowledge, which then determines how exposed your computer is and decides which piece of malware to send you.

In the case of the Yahoo ad, victims are infected with ransomware via the Angler Exploit Kit, but it’s possible that anything from banking Trojans to additional advertising fraud is also being used in this attack.

Malwarebytes said that the infection included Yahoo's main site, as well as subgroups like News, Finance, Sports, Celebrity, and Games. The ads route users to a site on Microsoft Azure, which eventually leads to the Angler Exploit Kit.

But, according to a friend at Malwarebytes, when you are running Adblock Plus or any other ad blocker, then the ad never plays, so no payload is delivered to your PC. So the malware doesn't ever get to touch your PC. Even if you don't click on the ad, the fact is it loads and becomes saved in your browser cache, so it does get onto your PC without the blocker.

My customers do not need to worry about malvertising, they all have Adblock Plus installed. All others please listen up:

If you use ANYthing from Yahoo! and/or
if you see advertisements when web surfing
then your computer is UNSAFE!

Do yourself a favor, get your computer cleaned up and secured.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

For whatever reason the darned TOC (table of contents) feature that I got from Google does not work any longer, sorry.

Bye bye Viruses, Hello Carelessness

It's almost like in the Everly Brothers song "Bye Bye Love" from 1957. They sang

Bye bye happiness, hello loneliness...

I am enticed to, no, don't be afraid, not sing but say

Bye bye viruses, hello carelessness...

In August 2014 I wrote in this blog the 2014 Update On Malicious Programs. Everything in this article is still valid today – which in the fast changing world of computers is astonishing all by itself. Self replicating viruses that "find and infect" our computers by their own accord have gone almost extinct.

What has massively changed though are the tricks and methods used by miscreants to foist their malicious junk software on our computers. It is so bad that I feel compelled to say

Do NOT click on any link in any email,
do NOT open any email attachment
and NEVER click in any advertisement.

Does that sound extreme to you? Good, because it is extreme. We are in an extreme situation and it's getting worse so extreme measures seem appropriate.

In the meantime you have learned to immediately delete emails with an unfamiliar sender address. But what about the email from that buddy of yours who always sends all the jokes? My advice is to IGNORE it! Just hit the Delete button. If that email really was from him and if he were a nice guy he would have told you in the email why and what he sends there. If he does not have the decency to do that you better err on the side of caution and delete that email; you may “miss” a joke but what is that compared to $100 or $200 cost for a good clean-up job?

Another way how modern malware (called PuPs) is distributed are dirty tricks pulled on us when we apply required updates. Even big, well known companies participate in these schemes; names that come to mind as examples are Oracle, Norton, McAfee and Adobe. Some visual examples are here.

And don't get me going on advertisements. Listen up:

If you see advertisements on your computer screen then you computer most likely already is compromised. Get it cleaned up!

And then the sneaky methods that well known download web sites like Download.com, Cnet.com and other use. You want to download that nice free little program and what they give you is a specially crafted downloader program that in turn is supposed to download the program you actually want. But what you get are one or several PuPs and then the program you really wanted.

The only method to help here is to watch for the tricks, traps and deceptions. 

In July 2013 I published my 10 Commandments Of Safe Computing. To heed the first of these has become more important than ever before; it reads:

Thou shalt read and think(!) before you click.

Be vigilant, pay attention to details and always remember: If it sounds too good to be true it usually is not true; especially in this day and age on the Internet.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Computer(s) And "Friends"

And again it was a customer's email that brings forth another post on this blog; thank you G. G. With his kind permission here is his email:

I recently have run into a situation about which I don’t know what to do.

For the last few years I have occasionally let a friend, who does not have a computer, use mine.  This would be a few times per year.  Basically he wanted to go on Craig’s List, so he used my second address, with his own password for a Craig’s List account. I didn’t really question what he was doing, because I know one can sell and buy on Craig’s List.

What I found out is that he was posting sexually explicit ads on Craig’s List.

While the screen shows all the ads have been deleted, I cannot figure out a way to get them off of my computer.  An email to Craig’s List was of no help, it just told how to delete the ads, but not how to permanently remove them from my computer.

I’m finding this to be a difficult situation, not only because of the mechanics of getting rid of something I don’t want on my computer, but because of the personal factors involved with someone who was a friend, and trying to weigh in if that relationship can be continued.  Any help that you can give will be appreciated.  

And here is my reply:

Dear Mr. G,

I have heard of similar situations like yours and you have my sympathy.

To your question about cleaning up your computer: I can most likely help. I can try to do that via remote support or in a house call, that is your choice. Although since sexually explicit material is involved I would strongly prefer a house call. Working locally on the computer will allow me to disconnect the computer from the Internet which will allow deeper analysis and cleaning and protect the computer and your Internet connection from eavesdropping.

Additionally and because you asked me I will voice some general ideas:

• NEVER let a "friend" or relative (children, teenager, nephew/niece, grandchildren!) use your computer in/with your regular user account.
  
  If you are a "normal" home user you most likely always work in an administrator account; that can incur added risks.  If you follow this link to the explanation of administrator account please ignore the outdated line "Applies to Windows Vista". These basic concepts apply to all modern operating systems.
   
• For other people on your computer always create "standard" user accounts.
   
• NEVER trust that anybody will behave responsibly and that they will follow basic rules of safe computing.
   
• NEVER let anybody (and not for ANY reason) use an identifier that is tied to your person (email account). It may happen that you will have to answer to the FBI if the person for example uploaded child pornography.
   
• Only allow any third parties (whether visitor or family!) to use your internet connection (wireless network, cell phones, tablets a.s.o) when you can be certain that your internet connection is secured beyond browser and operating system based measures.
  One option of several is described here.

Above advice may seem harsh but consider your situation. Naturally I can not "advise" you on how to handle the situation with your "friend".

My very personal and for you irrelevant opinion is that this person has proven beyond doubt that he is not a friend, maybe not even an acquaintance worth my time. But I am certain you will find your way of dealing with this aspect of the situation.

Additionally and independent of all the preceding I want to ask your kind permission to re-work your question and my answer into an article on my blog. What has happened to you is so "typical" that it lends itself to wider attention. Naturally your text would be quoted completely anonymously.

So much for the customer's letter and my response.

All the above was meant to be the whole post on this issue and then the heavens made me meet with a friend who had given his computer to someone when last fall they were on a hunting excursion.

In this case there are no sexually explicit materials involved but the computer was majorly infected with PuPs, this nasty new kind of malicious programs that I talked about here and here. And here are a few more examples of how we get tricked to allow this stuff to be installed.

I want to add here that you should never activate the Guest account that you find in many versions of Windows. Crooks and hackers know about this account and will be happy to exploit it if they find a computer with activated Guest account.

Update 2/19/2015
I forgot to mention that all good will and the best intentions by us and by others are null and void if my
10 Commandment of Safe Computing are ignored!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

How To Spot Socially Engineered Emails

For quite some time I wanted to give information about how to spot spam emails. That is quite a sizable field and I wavered too long. This time to my  and I believe to your advantage the wait pays off.

I discovered that KnowBe4.com already had done an excellent job and published the result as a one page fact sheet much better and more concise than I could ever have done it. The paper is called Social Engineering Red Flags. This link should show the information in your browser or in your reader application for PDF files.

I recommend to print it as a handy reference guide.

And here is a real life example; just this morning (10-20-2014) I received an email that looks on first glance like it came from Facebook, optically quite convincing. It is such a "classical" example that I took a screen shot to show it to you:

For me it goes without saying that I do NOT just click on a link in ANY email, no matter who the sender is supposed to be, no matter how "familiar" it looks.

The first clue is the sender address. Bad, simple forgery, not even an attempt to disguise the forgery; maybe that is even the miscreant's real email address. This is one of the times where I regret not to be a security researcher because I would love to mess a bit with this guy.

Then I did what for me by now has become second nature: I rested my mouse on the link (see the cursor). The translation of where the link would have taken my computer to in the status line (bottom left corner of the picture) confirmed my suspicion: The link goes to a web site in Russia. Did you see "http://pemoht-tb.ru/rand..."? ".ru" is the country code for Russia!

If you handle your email with programs or techniques that do not show you all the information from this example then you live dangerously. Imagine a teenager; they would blindly click on the link and voilà, the computer is infected and maybe you even loose all your files!

Oh well, more work for me... (tongue in cheek!_).


As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Details on CryptoWall

This article assumes that you are familiar with my previous article CryptoLocker - Revisited.

Detailed information was released about CryptoWall, one of the CryptoLocker variants.

Between mid-March and late August CryptoWall infected almost 625,000 systems; on these systems it encrypted more than 5.25 billion files.

The US seems to have the most CryptoWall infections: 253,521 (or about 40 percent), followed by Vietnam with 66,590 infections, the U.K. with 40,258, Canada with 32,579 and India with 22,582.

The US likely got targeted more often because CryptoWall's got distributed through spam emails sent from the Cutwail botnet which targets English language computer users.

Researchers collected data directly from CryptoWall's  payment server such as the exact number of paying victims and the amount of payments. Of nearly 625,000 infections and over about six months 1,683 victims (0.27%) paid the ransom for a total of $1,101,900.

CryptoWall seems to have  a home-made problem by accepting payment of ransom by Bitcoin only. Many average computer users will have problems paying with Bitcoin and reseachers assume that this is part of the reason that only 0.27% of CryptoWall's victims paid compared to 1.3% of CryptoLocker victims; CryptoLocker allowed payment by MoneyPak as well.

As sad as it is, these numbers clearly show that cyber crime pays.


As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

CryptoLocker - Revisited

In December 2012 I wrote for the first time about the back then new relatively virus CryptoLocker.
In October 2013 I wrote again about new variants of this virus. Now I have new information that warrants to visit CryptoLocker again.

This family of viruses is by now one of the most destructive threats I have seen. Much of the news regarding CryptoLocker is rather negative but there is at least a bit of positive news as well.

CryptoLocker has evolved

Very shortly after the original CryptoLocker had appeared the first variant was discovered; on first glance it appeared to be similar to the original version. It almost was a look-alike, the method of infection was the same, the encryption seemed the same and the message on the infected computer's screen was very much like the original's. There were only two obvious differences: The original CryptoLocker demanded $100 for information to decrypt the user's files and it offered two payment methods (MoneyPak or Bitcoin); the “look alike” demanded $300 and accepted Bitcoin only.

Time consuming and detailed analysis uncovered significant internal differences. Specialists found that the second version most likely was written by a different programmer or even programming team. It was written in a different programming language and many other internal differences were discovered as well.

In the meantime we know of at least six other virus programs that work similar to CryptoLocker. They are called “encrypting ransom ware” (in the following ERW), they are actively distributed, modified and improved. Most likely they were created and are being run by different groups of malware creators and distributors. Some names I have run across:

• CryptoLocker (the original)
• CryptoLocker 2 (the first imitator referenced above, my naming))
• Critroni
• CryptoDefense
• CryptorBit
• CryptoWall (see this new article for details)
• CTB Locker
• PrisonLocker or PowerLocker
• TorLocker

The newer versions of ERW viruses have become increasingly sophisticated, hard to detect and difficult to remove.

How these infections spread

Many infections happen when the user attempts to opens an e-mail attachment that then in turn launches the ERW. By now almost any file type can be abused in this way; you just can't trust so called “safe” file types any longer.

Over time I have received many emails about supposedly failed deliveries of goods. Some of these emails were made professionally and looked at first glance almost authentic. It made no difference whether the email seemed to be from DHL, FedEx, UPS or the US Postal Service; there always seemed to be some legitimate sounding reason to open the attachment.

In all cases attention to detail and applied common sense protected my computer better than any security program could have done; I simply avoided that one fatal click to open an attachment.

Another increasingly often encountered way for ERWs to spread are “drive-by downloads”. They come from compromised websites and compromised web servers. These sophisticated attacks take advantage of known vulnerabilities in almost ubiquitous software like Windows, Adobe Flash, Adobe Reader, Java and so on. Since these vulnerabilities are known there is only very little excuse to get caught by a drive-by download. To get the computer infected by a drive-by download is very unlikely if the user keeps all software up to date.

Protection?

On the positive side we have to my knowledge three options, some free and some with premium versions for a charge. These programs do not interfere in or conflict with common anti virus or security software. I warn against running any two of these programs concurrently due to the likelihood of conflicts with each other.

1. CryptoPrevent
2. MalwareBytes Anti-Exploit
3. HitmanPro Alert with CryptoGuard

If you are interested to learn more please follow the links.

To make it perfectly clear: I am convinced that the best protection is our own attention to detail, caution and applied common sense. No software in the world can replace our watchfulness!

ERWs on non-Windows computers

To make a bad situation even worse there are reports of ERWs on other, non-Windows platforms like tablets and smart phones with the Android operating system. There was talk about a popular NAS system (Network Attached Storage) being targeted as well. Only Apple systems seem to be not affected, so far at least; as we all know that can change any moment.

A bit of good news

Fairly recently, I believe it was in early August 2014, two software companies announced that they have jointly developed a method to decrypt at least some of the files that were encrypted by the original CryptoLocker. The companies and their web sites are The companies offer their program free of charge to people who still have files encrypted by the original version of CryptoLocker who wants to attempt to recover them.

The companies are FireEye (www.fireeye.com) and Fox-IT (www.fox-it.com). These companies apparently did not crack the encryption, they gained access to some of the command and control servers where some private keys were stored that the original CryptoLocker virus had used.

Much detailed sleuthing, dis-assembling, re-engineering and analysis of the original virus enabled them to write a program called DecryptCryptoLocker that can decrypt affected files when the were encrypted using any of the recovered private keys. At https://www.decryptcryptolocker.com/ you can read how this works. There is a decent chance that this program will recover encrypted files but there is no guarantee.Some so far encountered obstacles that may prevent decryption are:

• It works only on files encrypted by the original version of CryptoLocker infections; it may or may not work on files encrypted by later versions of ERW.
   
• Nobody knows if the servers accessed by FireEye and Fox-IT contained all private keys CryptoLocker had used.
   
• The original CryptoLocker was effectively eliminated late in May, 2014; any later infections will most likely have used different sets of private keys.

Despite these obvious limitations of the procedure FireEye and Fox-IT deserve a lot of credit and big kudos. Anybody who still has files encrypted by the original CryptoLocker should try the procedure and see if it works for them.

My personal conclusion

It is primarily user behavior that protects the computer by always keeping Windows and all other regularly used programs up to date. If all this is accompanied by attention to detail and applied common sense then the computer will most likely remain “healthy” and safe.

In the worst case scenario, that is after your computer got hit by CrypyoLocker or a look-alike having a recent clean backup will be the best medicine against sleepless nights.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

 

Voicemail via Email? No Way!

Here is yet another example of a scam I hear often about. This is a screen shot of what I saw in my email program:

At first glance a friendly, nicely formatted and really "professional" looking email.

Three things caught my attention before I would have clicked on "Listen";

1. Red highlight: The sender address seems to come from "@pushworth.com". Big discrepancy to the supposes (company?) name "Whats App".
   In my mind the warning lights went on.
    
2. Purple highlight: The sender disguised very well the actual route the email had taken. That shows technical know how and (criminal?) intent.
   By now the warning bells where ringing loud.
    
3. Blue highlight: When I rested the mouse cursor on the pretty "Listen" button the link behind this button translated to "casinotipps.net".  Casino tips and forwarding voice mails via email? Oh Please, don't think I am that dumb. 
   Now I was already chuckling; just another scam email.

On top of all that I have never given neither the phone company nor the cell phone carrier any instructions to "forward voice mails by email"; what an abstruse idea.

But I know from experience that there are simple souls out there who did click on "Listen"; although the mail they had gotten likely looked different.

Actually I should be thanking the creator of this scam because he keeps me in the business of cleaning up virus infected computers.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents. 

New Twist - Old Scam

Whether you ever would read The New York Times or whatever your political stance is,


      if you have a computer you NEED to read this NYT article.

The age old story of "User Beware" with a macabre twist.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.  

.

Warning - W A R N I N G - Warning

On October 23rd 2013 I wrote about a really, really bad new virus called CryptoLocker.

Back then, only three and a half weeks ago, CryptoLocker was an acute danger mainly in the UK, parts of continental Europe and in some Asian countries.

This has changed dramatically. Computer users in the USA get hit with this virus increasingly often. Since a few days I receive about five emails every day that offer me "free money" or pre approved credit cards "ready to be shipped" my way. Would I ever click on a link in such an email? Would I ever be tempted to open one of the attachments? You bet not!

A free(!) protection method is available but it will interfere to some degree with normal computer operation. When this happens the computer user needs a certain amount of technical know-how to correctly diagnose the reason for the interruption and the to create an exception; this has to happen every time when it happens. If you can do that you should look at CryptoPrevent.

For everybody else I shout as loud as I can:

Disconnect your external backup drive when the backup is done!

If you don't disconnect the backup drive your backup files will be encrypted as well! They are totally useless once encrypted.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

How Malware Gets Installed

You hear from me that your computer got infected with malware, especially PuPs, and you ask:

"How did that stuff get on my computer? I did not download or install it".

Sorry, but in most cases you did give permission to install that garbage alongside some legitimate install or update. You did not do it consciously, you got duped or tricked into allowing the installation. See this article for just one all too common example.

These tricks can have many different shapes and forms. They all are designed to trick or fool us into allowing the garbage to get installed alongside a legitimate program or update. User beware!

One of the more and more common forms is a legitimate install or update that asks something along the lines of

• Default (or Express) install (recommended)
• Custom install (for experienced users)

No matter whether you consider yourself to be experienced or not, if you click Default (which always is pre-selected!) or just click on the Next button you likely get PuPs installed. By now even software from well known names does that! Just as an example: Oracle's Java and Adobe Reader are bundled with PuPs; most downloads from well known download portals are by now loaded with PuPs. Why is that happening?

Simple answer: Money! The authors of PuPs pay for their stuff being bundled with legitimate software. There is a lot of money to be made from advertising!

Distributing viruses is illegal, distributing "search helpers"  or tool bars is not!

My advice: When you have to choose between Default and Custom installs always(!) click Custom; it is the only way to check for PuPs because so far at least they are being offered with some sort of a choice to decline or skip them.

If you are in doubt take a screen shot of the window(s) that sparked your suspicion, postpone the install and ask me in an email about it; don't forget to attach the screen shot please.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

PUPs - No Virus But Just As Nasty

Updated Oct. 27th, 2013

The latest and fast growing trend of cyber crime against the unsuspecting user of a Windows PC is a new breed of malware, so called PuP programs (Potentially Unwanted Program).

These programs technically are not viruses; that is why anti virus programs don't find them - although there are some special programs for geeks and technicians that can clean this stuff from your computer.

You can easily check your computer for at least a few the most commonly encountered names.

1. Open the Control Panel
2. Set "View by" in the right top corner to Small Icons and 
3. Open Programs and Features

You find names of PuPs that I have encountered in this list. Warning: The list is long, by it's very nature incomplete and it keeps growing almost every week. Please be aware that spelling, capitalization, prepended or appended numbers or syllables and inserted or omitted spaces are common and still denote the "main offender" as worthy of removal.

The somewhat good news: Many of these pieces of trouble can be uninstalled, that is removed, from right there in the Programs and Features window where you just found them.

The really BAD news: Even if you uninstall them successfully there will be leftovers in web browsers and other important locations in the operating system.; especially Google Chrome seems to be likely to retain some of that. These leftover entries can be numerous, affect functioning of web browser(s) and significantly hamper the computer; they can only be removed with some specially written very detail oriented clean-up programs.

Well, you know who can help, don't you?

Please remember: Toolbars are forbidden, no matter who promises what, no matter how tempting the name and no matter who made the tool bar! If you find any toolbars remove them right away.

If you find folders with names from random letters or numbers like for example:
         pgmfkblbflahhponhjmkcnpjinenhlnc
you have a clear indicator of malicious software. You know who can help, don't you?

If you wonder how all this stuff got on the computer then please read the explanation  here.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Cybercrime

If you ever wondered about the how and why of virus programs, cyber crime and all that nasty stuff then please take 18 minutes out of your busy schedule and watch this video.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Gunk - Everyday Examples

On September 16, 2012 I wrote about a very bad example of a useful program trying to trick us into installing lots of unwanted software; admittedly this was an exceptionally bad example. 

Last week I got my most beloved question about malicious and unwanted programs one too many times. It is the question "But how does this sort of program get on my computer? I certainly did not install it."

Here is my reaction to all this: Dear customer, you did it, I bet!

Let me show you some examples. Today I deliberately used the automatically appearing reminder to update Java; I used the mechanism that every unsuspecting computer user gets offered. The first program downloaded was a downloader which then in turn downloads the actual update.

This and other "download" programs download not only the real updater program that you want and need, no, they almost always offer some unrelated software sort of disguised as part of the actual update, here Java. The installer for the Java update showed several common windows to select the location for the install, agree to the ubiquitous End User License Agreement and so on. And among all these small windows was this one:

The title shows clearly that Java Setup is running, see the blue marking. If you read the text in the window, and you should read it, you see that they, whoever that may be, "... recommends insrtalling the FREE Browser Add-on from Ask, see the green marking. And then it comes:

Two lines that very clearly state what the gunk software wants to do:

• Install the Ask Toolbar and
• "Set and Keep" Ask as the default search provider.

And the check boxes in front of the text are pre-selected, naturally! Please see the red marking.

The "Set and Keep" is really tricky. Not only do they change your default search provider, they also tell the web browser not to allow future change.That means you can not just go in and set the browser back to the search provider of your choice. 


Every single of my customers has heard me saying: Toolbars are POISON for computers, no exceptions and no matter whose name they carry, no matter where they come from, no matter who made them and no matter what they promise.

We have to read these little windows, see that there are pre-selected check marks and let our common sense tell us that the Ask Toolbar and Search Page have absolutely nothing to do with Java. We need to un-check both check marks or our web browser will be messed up - and then it will get worse and worse and in the end effect some of you will call me for help.

Update 2014-01-16:

Here are more examples of the same process with different optics and different "gunk" to be foisted on our computers.

 

Updating Adobe Shockwave player would install Norton Security Scan.

Or, in different optics and different content because downloaded from a different download site:

 

IMHO the worst example because even Google employs these sneaky tactics:

This is how Google Chrome got on your computer Jerry G, you did allow it's installation.

Make no mistake, these things can happen with any installer or update of any program. Isn't it a shame that even well known big companies like Adobe, Oracle, Symantec (Norton products), McAfee and others employ these sneaky tactics trying to dupe us into installing something else than what we want?

Please save yourself the aggravation and some money, simply by paying attention!
As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.