Just in case you didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now.   You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad.  See the simple explanation below.

Here’s how Malvertising Works

1. A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
2. A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
3. The ad goes live.
4. At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
5. Once an exploit is available the malicious ad injects malware into the clients PC.
6. The anti-virus may or may not detect it, it’s really just luck.  If the threat is old, then there’s a good chance it will.  If it’s just a few minutes old then there’s a good chance it won’t.
7. The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

1. Keep your Adobe Reader and Flash Updated.  This is not exactly an easy task since Adobe seems to find security holes every other week.  Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!).  Both programs do automatic update checking, however a lot of people just cancel the update.  Bad idea.
2. When Java alerts you that an update is available then yes…install it.  Lot’s of my clients never install this update.  It’s really important that you do.
3. Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
4. Browse the internet with Sandboxie as much as you can.  That goes for everyone who uses the computer.
5. Always download and install your Windows Updates.
6. Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Sadly adobe and sun products are constantly getting new updates and do not uninstall the old updates so the potential for re-infection can still happen. If you don’t need these applications or you do not use applications that require these updates then promptly remove them.

You have noticed that even Apple a large supporter of adobe has decided not to add flash or java to their latest OS updates.

Special thanks to the remove-malware.com people for the information.

So you got one of those great little virus’s going around. You were able to clean it off after a bit of time and gnashing of teeth. However now you cannot launch any applications or more specifically any executables (.exe)

Fixing the association settings using Registry editor

Click Start, Run and type CMD

Type the following commands one by one:

cd\windows
regedit

If Registry Editor opens successfully, then navigate to the following key:

HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command

Double-click the (Default) value in the right pane

Delete the current value data, and then type:

"%1" %*
(ie., quote-percent-one-quote-space-percent-asterisk.)

*Interestingly some virus’s have changed the full path of default value to c:\users\HomerJSimpson<yourUserAccount>\appdata\local\happyvirus.exe /runas “%1” %*

Navigate to:

HKEY_CLASSES_ROOT\.exe

In the right-pane, set (default) to exefile

*Interestingly some virus’s have added things like “sfcfile”

Exit the Registry Editor.

Fix with a com executable

You can use a com object to run the fix

Download Fix from Ramesh

reboot and all should be happy. At least with Executables.

Special thanks to Ramesh for giving me the idea on how to do this.

So I have been in the business of building and rebuilding every type of personal and business computer (Laptop, Desktop, Workstations and Servers).

I have seen my share of virus/spyware infections from easy to kill to so nasty it requires a full rebuild of a said computer. One thing I have been noticing as of late is the the Virus that gets installed and acts as a Antivirus Application. These are the most annoying Virus/Spyware applications. I have seen these applications download more and more Virus’s as well as a plethora of spyware in so much as over loading the Operating System and basically shutting down the computer.

Please if you get one of these type of virus’s or you get a pop up asking you to download it to kill the virus’s. This is a bad idea. Please do not download these type of applications. First they want you to pay for them even sometimes to the point they ask for a large subscription payment. They disable any and all antivirus application.

These applications are essentially evil please stay clear.

Update: This Virus is spreading quickly among many even very protected machines (updated antivirus and antispyware) If you encounter any of these types of Viri please unplug your network cable (commonly called ethernet or data cable).

Common Names I have encountered:

Personal Antivirus (Hardest of them to remove)

Antivirus 2008

Antivirus 2010

WinPC Antivirus

there may be more….

Here is a run down on how to clean. Feel free to contact me if you are unsure how to do this.

1. Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:

   Malwarebytes’ Anti-Malware Download Link

2. Once downloaded, close all programs and Windows on your computer, including this one.
3. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
4. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and  Launch Malwarebytes’ Anti-Malwarechecked. Then click on the Finish button.
5. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Personal Antivirus related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below

.You should click on the OK button to close the message box and continue with the PersonalAntivirus removal process.

You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

2. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
3. You can now exit the MBAM program.

Your computer should now be free of the PersonalAntivirus program. If your current anti-virus solution let this infection through, you may want to considerpurchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

As we all know Windows Operating Systems have been hammered with people attempting to hack and send virus’s as well as Spyware(malware). We have had some good defense against these evil types of individuals with Symantec and AVG and McAffee. Even Microsoft’s Live Onecare is a great Antivirus and my favorite overall for defeating the known bad virus and identity theft software that plaques every windows personal computer.

Recently Microsoft has been talking about a plan to create a free antivirus application for all Windows PC Operating Systems(XP-Windows 7). Today. I got a look at the latest offerings from Microsoft and its new Antivirus (Microsoft Security Essentials). This antivirus is quite nice and small (of course it is in Alpha(Alpha is pre-beta meaning it has a few bugs and needs to be cooked a bit more)) Over all the install was easy and much less intrusive than its competitor Symantec 360 and AVG in all its versions. Simple clean and easy to run.

In my opinion this has been a feature that Windows has needed for a very long time. I will supply a link when the Microsoft Security Essentials goes beta. I am assuming the time line will be fairly soon as the rumor is September for full release.

Until then continue to update you computers antivirus and scan for virus’s often.

*Update: Here is the link to Microsoft Security Essentials

-Mike Dopp