Archive for the ‘Antivirus’ Category

As many of you know I have a fondness for Microsoft Security Essentials. I am biased towards this antivirus due to the fact it is free and it’s the best Antivirus out there as of this article.

Today is the release of the update from 1.0 to 2.0 a few needed features and better support for your killing off of those pesky viruses.

MicrosoftSecurityEssentials

Will this antivirus kill 100% of all viruses? NO. Unfortunately no antivirus can do such a thing. However it does it better than any other antivirus I have found.

Another great reason I prefer Microsoft Security Essentials is how well it integrates with native windows operating system utilities. Without adding extra fluff like its own firewall or proxy servers (this is true for your expensive Antivirus suites). These extras will commonly get attacked and slow down your computer. Microsoft Security Essentials does not slow down your pc unless it finds an virus or threat and it will immediately stop the process and let you know.

These features translate into not only faster boot and shutdown times but also a much smoother day to day protection.

What’s great is it now it allows Small Business users a free antivirus without cost. Now if we could just get this for the Enterprise size Business.

Never the less. Go update your copy of Microsoft Security Essentials. Did I mention it is free?

Let us know how much you like Microsoft Security Essentials on Twitter or Facebook.

Very good question. I usually goes more like this:

I have installed a well known anti-virus and have kept up on all updates on it.”

I just found a pop-up that says I have over 50,000 virus’s (may or may not be a exaggeration). I have heard that there are these “fake anti-virus’s” How come my Anti-Virus doesn’t kill it?”

Antivirus

Where to start.

The easiest way to explain it is the Police Department theory. “If the police don’t know of a threat or a crime. It (crime) happens and the police come running. However all the criminals friends are distracting the police and the real criminal doesn’t get caught.”

Typical Anti-Virus software is very much like this.

The not so simple explanation.

You click on a link that takes you to a site and exposes a known vulnerability in software (operating system, firmware, applications, etc…). We have seen this with adobe, sun, Windows (you name it), OSX (yes even the beloved apple), Sun (Java) and many more. What typically happens is a link is clicked or an active x com object is installed and immediately kills any antivirus service that is working. Then it proceeds to mass download other virus’s and malicious content thus jamming up the most fastest processors with “crap calls” (yes that is a technical term made by me.) thus slowing your machine down to a crawl. Some even more fun virus’s add their own registry settings to stop your .exe’s from executing and other important files from working. So in a way with the virus taking over the anti-virus (which is typically very resource (CPU, Memory, I/O) heavy itself doesn’t have a chance to react. Some even more fun Virus’s/Spyware  introduce root kits that are the most evil of virus’s and are harder for an anti-virus to detect.

So why have an anti-virus? Well it gives you some protection. Not 100% but good protection from “Known” Virus’s. Because anti-virus’s are not 100% why pay for a anti-virus? or any anti-spyware?

What to Do:

Don’t install more than one anti-virus thinking you will get extra protection. In most cases you will get less and they will cancel each other out.

Install a good high performance anti-virus. One that does not need to take over your computer but one that boots up fast with your computer and sits quietly in the background (no pop-ups or annoying update information.). Also that does both antispyware and antivirus clean up.

Future.

Something you will see more of in the future is “Web Safe” anti-malware type applications.

facebooksafeweb

That will be installed on your online profile. These are still experimental at best. Be careful of anything that wants to give you “Web Safe” anti-anything.

Be careful and enjoy!

I know I am. I have noticed the serious growth in URL(Web Address) Shortening Services like bit.ly, Tinyurl, and etc..

Sure I agree there are some seriously long URL (Web Address’s) out there and these great services allow us to post these links via copy and paste to our favorite social media hubs.

The question is do we trust everyone else’s links? Especially when everyone else’s PC seems to be getting virus’s from these type of URL’s?

Here is a simple way to check those urls are bad or have been reported as malicious.

http://www.urlvoid.com/

Here is a way to expand those url’s and preview them before you click on them.

http://www.prevurl.com/

Here is a way to see the URL expanded.

http://longurl.org/

 

These three links can help you be more safe and vigilant when surfing the web and using the social web sites.

Just in case you didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now.   You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad.  See the simple explanation below.

Here’s how Malvertising Works

  1. A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
  2. A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
  3. The ad goes live.
  4. At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
  5. Once an exploit is available the malicious ad injects malware into the clients PC.
  6. The anti-virus may or may not detect it, it’s really just luck.  If the threat is old, then there’s a good chance it will.  If it’s just a few minutes old then there’s a good chance it won’t.
  7. The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

  1. Keep your Adobe Reader and Flash Updated.  This is not exactly an easy task since Adobe seems to find security holes every other week.  Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!).  Both programs do automatic update checking, however a lot of people just cancel the update.  Bad idea.
  2. When Java alerts you that an update is available then yes…install it.  Lot’s of my clients never install this update.  It’s really important that you do.
  3. Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
  4. Browse the internet with Sandboxie as much as you can.  That goes for everyone who uses the computer.
  5. Always download and install your Windows Updates.
  6. Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Sadly adobe and sun products are constantly getting new updates and do not uninstall the old updates so the potential for re-infection can still happen. If you don’t need these applications or you do not use applications that require these updates then promptly remove them.

You have noticed that even Apple a large supporter of adobe has decided not to add flash or java to their latest OS updates.

Special thanks to the remove-malware.com people for the information.

So you got one of those great little virus’s going around. You were able to clean it off after a bit of time and gnashing of teeth. However now you cannot launch any applications or more specifically any executables (.exe)

 

Fixing the association settings using Registry editor

Click Start, Run and type CMD

Type the following commands one by one:

cdwindows
regedit

If Registry Editor opens successfully, then navigate to the following key:

HKEY_CLASSES_ROOT exefile shell open command

Double-click the (Default) value in the right pane

Delete the current value data, and then type:

"%1" %*
(ie., quote-percent-one-quote-space-percent-asterisk.)

*Interestingly some virus’s have changed the full path of default value to c:usersHomerJSimpson<yourUserAccount>appdatalocalhappyvirus.exe /runas “%1” %*

Navigate to:

HKEY_CLASSES_ROOT.exe

In the right-pane, set (default) to exefile

*Interestingly some virus’s have added things like “sfcfile”

Exit the Registry Editor.

 

Fix with a com executable

You can use a com object to run the fix

Download Fix from Ramesh

reboot and all should be happy. At least with Executables.

Special thanks to Ramesh for giving me the idea on how to do this.

So I have been in the business of building and rebuilding every type of personal and business computer (Laptop, Desktop, Workstations and Servers).WINPCVIRUS

I have seen my share of virus/spyware infections from easy to kill to so nasty it requires a full rebuild of a said computer. One thing I have been noticing as of late is the the Virus that gets installed and acts as a Antivirus Application. These are the most annoying Virus/Spyware applications. I have seen these applications download more and more Virus’s as well as a plethora of spyware in so much as over loading the Operating System and basically shutting down the computer.

Please if you get one of these type of virus’s or you get a pop up asking you to download it to kill the virus’s. This is a bad idea. Please do not download these type of applications. First they want you to pay for them even sometimes to the point they ask for a large subscription payment. They disable any and all antivirus application.

These applications are essentially evil please stay clear.

Update: This Virus is spreading quickly among many even very protected machines (updated antivirus and antispyware) If you encounter any of these types of Viri please unplug your network cable (commonly called ethernet or data cable).

Common Names I have encountered:

Personal Antivirus (Hardest of them to remove)

Antivirus 2008

Antivirus 2010

WinPC Antivirus

there may be more….

Here is a run down on how to clean. Feel free to contact me if you are unsure how to do this.

  1. Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:

    Malwarebytes’ Anti-Malware Download Link

  2. Once downloaded, close all programs and Windows on your computer, including this one.
  3. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
  4. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and  Launch Malwarebytes’ Anti-Malwarechecked. Then click on the Finish button.
  5. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

MalwareBytes Anti-Malware Screen

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Personal Antivirus related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below

.You should click on the OK button to close the message box and continue with the PersonalAntivirus removal process.

You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

  1. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
  2. You can now exit the MBAM program.

Your computer should now be free of the PersonalAntivirus program. If your current anti-virus solution let this infection through, you may want to considerpurchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

As we all know Windows Operating Systems have been hammered with people attempting to hack and send virus’s as well as Spyware(malware). We have had some good defense against these evil types of individuals with Symantec and AVG and McAffee. Even Microsoft’s Live Onecare is a great Antivirus and my favorite overall for defeating the known bad virus and identity theft software that plaques every windows personal computer.

Recently Microsoft has been talking about a plan to create a free antivirus application for all Windows PC Operating Systems(XP-Windows 7). Today. I got a look at the latest offerings from Microsoft and its new Antivirus (Microsoft Security Essentials). This antivirus is quite nice and small (of course it is in Alpha(Alpha is pre-beta meaning it has a few bugs and needs to be cooked a bit more)) Over all the install was easy and much less intrusive than its competitor Symantec 360 and AVG in all its versions. Simple clean and easy to run.

In my opinion this has been a feature that Windows has needed for a very long time. I will supply a link when the Microsoft Security Essentials goes beta. I am assuming the time line will be fairly soon as the rumor is September for full release.

Until then continue to update you computers antivirus and scan for virus’s often.

*Update: Here is the link to Microsoft Security Essentials

-Mike Dopp





Theme by GDScomp. Developed by Joe Levi. Hosted at Media Temple.