Recently a virus that has been around since earlier this year, has morphed into a greedier and more prolific version. The current version of this virus was first reported in September of 2013 and is considered to be in the class of Ransomware. What this virus does is it encrypts certain file types on your computer such as pictures, documents etc using a mixture of AES and RSA encryption. Once the virus has encrypted the files, you will not longer be able to access them, and it will display a CryptoLocker payment program which says you must pay $300 USD within 96 hours or the encryption key which will unlock your files will be destroyed making your files for all intents and purposes unrecoverable. Currently there is no one who has been able to crack this encryption, and a brute for attack to decrypt the files would take a super computer years and years.
Although some websites have reported that this virus makes your computer completely unusable, that is far from the truth, you can still use your computer, the virus makers need you to be able to use your computer to pay the ransom, you can even easily remove the virus, however at this time, the only known way to recover the files is to pay the ransom (we are not suggesting to do this, as there is still no guarantee that it will get you your files back). The virus is being spread most commonly through email attachments that pretend to be from places like FedEx, DHL, UPS and are often sent to company email addresses. The emails contain a ZIP file that when opened show a file that will often to appear to be a PDF file but is actually a exe file (file names like FORM_12345.pdf.exe with the exe being hidden depending upon your computer settings). In order to see the hidden exe extension in Windows, open Windows Explorer (file manager ie My Computer), and if on Windows XP, Vista, or Windows 7, go to Tools, Folder Options, View and uncheck the box that says “Hide extensions for known file types” – in Windows 8, go to the View tab at the top of Windows Explorer and Check the box that says “File name extensions”. You should never ever run any kind of .EXE file that comes in an email, and you should only open any kind of attachment when you know that the specific person who sent the email was sending you that specific file – when it doubt, call the person/business, or send them an email asking about it BEFORE you open the attachment.
It is also been mentioned that if your computer is already infected with some malware that makes your computer a member of a botnet, that this virus can be automatically downloaded by other malware on your computer – you should always keep your antivirus and antimalware software up to date and do regular scans! If you do get this virus and your files become encrypted, you have 96 hours to pay the ransom or the current copies of your files will become useless. This virus is especially dangerous to businesses as it is reported that it can and will encrypt files that are on mapped network drives (usually on servers in businesses where files are shared and stored). Unless you have what is called shadow copies enabled on your computers, or have online backups or backups that are not on any mapped network drives, it is possible that you will never be able to recover viable copies of these documents once they have been encrypted – we highly recommend using online backup such as iDrive or Carbonite – ( visit us at http://pensacolacomputers.com for more info on online backup solutions)
This virus is actually fairly easy to remove, however if it is removed by antivirus after the files are encrypted, you will have to manually re-install the virus in order to pay the ransom. The guys over at Bleepingcomputer.com have an excellent guide telling all about the cryptolocker virus as well as removal instructions – http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information although if the virus morphs, these tools may not work.
For virus and malware removal, or general computer repair or computer service here in Pensacola Florida, visit Pensacola Computers at: http://pensacolacomputers.com
Pensacola computers has been providing licensed and certified computer repair and computer service to local businesses and home users since 2003 and focuses exclusively on Microsoft Windows and PC’s
Recently, a previous client called me and told me that Microsoft had called them and told them their computer was infected, and that they needed to allow one of their engineers to remote into their system to clean it – Please note: MICROSOFT WILL NEVER CALL YOU ON THE PHONE ABOUT A VIRUS ON YOUR COMPUTER! As a matter of fact, no one reputable will ever call you on the phone and tell you there is a problem on your computer – first of all, how would they know? (unless they themselves created the problem). While it is possible that you may receive a call from your ISP (Cox, ATT etc) if your computer is spamming emails or something, no software company will ever call you on the phone (if you do receive a call from Cox or ATT, never allow anyone you do not specifically know and trust to remote into your computer! – also if you ever have a question as to the legitimacy of a caller, call them back on the official phone number for their company)
Remote computer support is something that a lot of technology companies offer, but it should only be allowed if you know the person/company (and trust them). Also, you should be careful to only allow reputable remote software such as Citrix GotoAssist – beware if someone wants to install something like GoToMyPC, or TeamViewer on your computer as these software installations can be set to allow a hacker unrestricted access to your computer (GotoAssist only allows a single session and requires a unique one time key that the technician will give you, it also requires you to grant it permission to do things before someone can get into your computer). Remote support is a great tool for helping people solve some computer issues, but once again, it should only be allowed if you personally know/trust the person/company using it.
If you have questions about remote computer support, or need computer help or service visit http://pensacolacomputers.com or call Pensacola Computers at (850) 390*4242. Pensacola Computers provides computer service, computer repair, troubleshooting, hardware and software help, malware and virus removal, and is always available to answer your computer questions. Now providing support for Windows 8 and Windows 8.1 as well as Office 2013 and Office 365
Once again it is hurricane season with an imminent threat looming over the gulf coast. It is time to prepare for the storm and this includes protecting our valuables including our data as best we can. One of the often overlooked things in the rush to evacuate or stay and ride out the storm (not advised if evacuations are recommended) is the protection of our technology, our computers and most importantly the data stored on them. Having a good backup plan is extremely important as today we often have irreplaceable and important data stored on our computers.
For both business and home users, it is recommended to have a two stage backup plan in force at all times, this includes an on-site removable backup device as well as online backup storage. Keeping a full backup of your computer on a removable hard drive is the best way to ensure a quick recovery in case of disaster as you can store an image of your entire computer on a backup drive. If you are running Windows Vista, Windows 7, or have Server 2008 (R2), there is a Windows Backup program that will make an entire image of your computer for you. If you are still running Windows XP, you can get a third party backup tool, such as Acronis to help you create a computer image backup. You should also have online backup, such as Carbonite, or IBackup as a second line of backup. Online backup will help give you piece of mind should anything happen to your on-site backup, but it is not recommended as your only backup due to the time involved in restoring everything (downloading an entire computer’s worth of data from the internet can take a very long time!).
The best case scenario in case of a hurricane is to take your computer with you, however this is not always practical, and in the case of businesses almost impossible. For businesses it is recommended to move or remove your servers if at all possible before the storm. For computers that must be left behind, it is recommended that both the power and ethernet cables be removed before a storm to prevent electrical shocks from entering the systems – this is true for all electronic devices as well! Also, if the systems are in an area that could possibly be effected by roof leakage or flooding it is recommended that if they cannot be removed, that they are set up off the floor and covered with a water barrier such as heavy plastic bag or tarp.
Having good backup plans as well as equipment protection plans in place is the best way to ensure the safety of your data, and when it comes to irreplacable data, multiple backups are always recommended.
For questions regarding backup systems and backup plans, visit http://pensacolacomputers.com
Microsoft’s Windows 8 has already been released to manufacturers and developers and is scheduled to be released to the general public and for sale on new computers as of October 26th. Windows 8 brings a wealth of new features and better security to the PC as well as tablets. Optimized for touch screens, Windows 8 is a pretty big departure from previous versions of Windows and make take some getting used to. We have been using Windows 8 throughout it’s development cycle and have been playing with the final release version now for over a week and it is impressive.
Starting with the new Start Screen (there is no more start button), Windows 8 brings us live tiles and apps that provide a live link to web content in a full screen app. We were really impressed with some of the start up apps such as Weather, which brings together a wealth of information in an easy to browse format. Also included in Windows 8 are 2 versions of Internet Explorer 10, a full screen one that runs from the app screen (but does not include support for plug-ins) and the normal desktop mode. We found that while the full screen app version does provide both excellent speed and rendering, the lack of plug-in support made us switch to the desktop version quite frequently – this will of course depend upon your own personal browsing habits, but we tend to use quite a few sites that require plug-ins on a regular basis.
Under the hood there have been quite a lot of changes to optimize the Windows experience, both from a performance and a security standpoint. Gone is the resource hogging Windows Aero (which provided the cool transparent windows borders, but also taxed the system), and Windows now sports many updated features including a new Windows Explorer and a much improved task manager. Windows also comes with much better default security and privacy features that offer a much higher level of protection than previously.
Coming in the following weeks will be providing a wealth of info on the new Windows 8 including some galleries and specific hardware review.
For any questions on the upcoming Windows 8, including information on Windows 8 installation and Windows 8 upgrades, please visit http://pensacolacomputers.com
There is a virus/malware computer scam going around that we have seen already on a number of computers here in Pensacola, FL called the FBI MoneyPak Rasomware aka the Reveton Trojan. This little nasty locks up your computer and programs and tells you that you are guilty of either download illegal copywrited material or porn and that you could be fined and or go to jail. It then tells you that your computer is locked until you follow the instructions and pay $100 or $200 dollars via MoneyPak. The page that is show with the warning may also have the ability to activate your webcam which scares people even more into thinking this is legit – it is NOT legit!!!
The warning also tells you your ISP, which is easy enough to do from any webpage, which is what the warning actually is.
Thankfully, the guys over at bleepingcomputer.com have a guide to help remove this particular nasty – http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware - just be careful in doing so as using any of these tools can cause issues if not used properly. If you have any questions, or prefer to have someone else help you remove this, head over to http://pensacolacomputers.com and give us a call.
On today’s internet, you can never be too careful about what you view or download. A good antivirus is essential for anyone using the internet for more than the most basic of tasks, but there are many options available, and they are not equal in the quality or degree of protection they provide.
Two of the most popular Antivirus software’s are Norton’s antivirus and Mcaffee, unfortunately, due to their popularity and the fact that they are pre-installed as trial versions on so many computers, these are often the first two Antivirus software’s that virus writers work to disable and this greatly reduces their effectiveness. While there are quite a few advanced security suites that are fee based, the comprehensive solutions too often bombard the user with constant pop-ups asking what to do, and for most people these become such an annoyance that they either just click on them to get them out of the way, or disable them, which defeats the purpose of having those features in the first place. Generally for most users, a free version of one of the current Antivirus software’s will provide adequate protection with minimal annoyance.
A good choice, and one that comes without costly subscriptions, is Avast Free Antivirus [http://www.avast.com/en-us/index]. Avast is a very old brand, originating in 1988 as a tiny program designed by two Czechoslovakian university students to remove the then-common Vienna virus. Today, it is a major competitor in the antivirus market, with over 150 million users. The latest iteration of the software has three versions (Free, Pro, and Internet Security) [http://www.avast.com/en-us/free-antivirus-download]. The Pro and Internet Security versions come with some additional features, such as spam blocking and an integrated firewall, but for the majority of users, the free version provides enough security.
The most basic component of Avast (and any antivirus) is the ability to scan your computer for malware and then to remove any that is found. In this field, Avast can hold its own with other similar products. What makes Avast great, however, is the inclusion of so many extra features. First, there’s an entire suite of real-time scanners, checking websites, network connections, emails, and even scripts running in the background. If any signs of malware or suspicious behaviors are found, Avast will alert you and provide options to terminate the connection or process before damage can be done. Also included is “sandbox mode”, which isolates programs from accessing any important system files until you approve them as safe. Avast also makes use of cloud streaming technology. It uses this technology both to stream updates to your computer and to keep a database of programs. When a program is run, Avast checks against the cloud database to see what the reputation of the program is. If the program has been marked as dangerous or is unknown to Avast, it will warn you and offer to run the program in sandbox mode until you decide whether to risk it.
For our Pensacola area readers, if your computer does become infected with a virus, there are a few posts here you might want to read such as “Pensacola – Why do I keep getting viruses and malware on my computer?, and “Pensacola Computers Presents – How to Use System Restore in XP”
Alas, if you cannot get past a nasty virus, please visit http://pensacolacomputers.com where you can find information to help you or contact info for immediate computer service and repair.
“qwerty”, “monkey”, and “abc123”. These are the 4th, 5th, and 6th most-used passwords of 2011, according to a study [http://splashdata.com/splashid/worst-passwords/index.htm] released by password management software company Splashdata. Also on the list are classics like “123456” and, of course, “password”. It should be obvious to just about anyone that passwords like these are not especially good ones, so why do people keep using them? The mere fact that a password is present is no guarantee of security. Hackers and those wishing to gain unauthorized access to a system have any number of tools at their disposal to help them discover and thus bypass passwords. This does not mean that placing password protection in the way is futile, however. The better the password, the longer it will take for hackers to go through or around it.
So what makes a good password? Cracking passwords is a matter of time, and the time depends on how many characters the program doing the cracking is required to guess. Consider a password with nothing but lowercase letters (a bad idea, but one that will be covered later). There are 26 letters, and thus 26 possibilities for each character. A one-character password thus has 26 possibilities, and for every character past that, the number of potential passwords is increased by 26. A password with five characters has over eleven million possible combinations. Keep in mind, however, that it is a computer doing the cracking in most cases, a machine capable of performing millions of calculations in seconds. That five character, lowercase letters only password would be broken in mere moments by a dedicated hacker. But now consider adding a single uppercase letter in place of a lowercase one. This doubles the number of potential values per character, so that the time-to-crack is increased by a factor of thirty. Adding numbers to the mix triples that time. Then we have what are known as “special characters”, the set including things like punctuation, brackets, symbols, and the like. Since there are tons of these characters, and no pattern to guess which one might be inserted where, the resulting delay in cracking is huge. Special characters can make any password vastly harder to break.
Up to this point, we’ve been discussing a mere five character password, but now we come to one of the most important points: length. Even when using only lowercase letters, increasing the length of the password by one letter multiplies the field of potential passwords by 26. A long password, even without variation in the characters, is much harder to crack by brute force. There are other types of password crackers to worry about, however. The dictionary cracker, for instance, runs through a dictionary stored in its memory and tries every word. Using “elephant” as your password might befuddle a brute force cracker, but the dictionary hacker would figure you out in no time at all. Don’t try to play around with substituting numbers for letters in common words (“passw0rd”) either, as hackers have long since grown wise to this trick and programmed their tools to check for such substitutions; the same goes abbreviations (“trustno1”) and common character sequences (“123456”, “abcde”) . Nonsense passwords, or those which have meaning only to you, are better choices; you won’t find “18kaff?kaff!92cake” in any dictionary, and a brute-force cracker would take months, if not years, to bypass it.
The last point of importance is less about passwords and more about how you use them. While it might be tempting to come up with one good password and use it for all your important business, keep in mind that not all websites are equal in terms of security. If a single site turns out to be less trustworthy than you thought, and hackers gain access to their databases, your password could be handed to them on a silver platter, potentially allowing them access to any accounts, like your facebook or email, using the same password. If you’re really concerned about security, it’s best to change your passwords every few months, ensuring that even if someone got access to old account records, their information would be obsolete and useless.
Unfortunately, in my job I see a lot of computers that have gotten a virus or malware and need to be fixed (and not just PC’s but Mac’s as well lately). While some infections are due to lack of adequate protection – up-to-date antivirus and antimalware/antispyware software, others are due to people falling prey to social engineered malware (fake links on facebook etc), or people accidentally clicking on things, or one of the ones I really dislike – a virus coming in through one of the mass forwarded emails.
It is a misconception that just because you have antivirus/antimalware software that it will protect you 100% – even the best software is hard pressed to protect a computer when someone allows something to come in by clicking ok, yes, or installing questionable software or downloading questionable files (yes, all of the people using limewire, frostwire, or torrent software – you all are at risk every time you download a shared file!). Many times a virus or malware will get onto a computer because someone has installed some ‘toolbar’, ‘searchbar’, screen-saver, coupon printer, rebate searcher, or other such program like those worthless ‘speed up my computer’ programs that are either badly written or are actually malicious and downloads other bad software behind the scenes. **Special note: Almost ALL of the speed up my PC programs are basically worthless and can often do much more damage to your computer than good. Anything that messes with the Windows Registry can damage your Windows installation if it remove the wrong things, and many of them do that!
So what can you do to better protect yourself and your computer from these nasties? Here is a short list of things that I always recommend following to eliminate the most common ways that a computer can get a virus, malware or spyware.
1. Never click on links from social networks such as facebook, or links in emails – regardless of what a link says it is, it can easily be made to hide something else. What you can do is right click on the link, select ‘copy shortcut’ then paste that into the address bar of your browser to see what it really is (or if you have the status bar in your browser enabled, you can often see it there) – if you don’t recognize the link or it looks suspicious – DON’T GO THERE!
2. Never open email attachments unless you specifically know that the specific person who sent you that specific email was sending you that specific attachement – too often people will get an email from a friend or family member that has an attachment and that attachment is a virus that a virus on their computer sent without them even knowing about it. If you don’t know what it is, and weren’t expecting it – DON’T OPEN IT!
3. Don’t download songs, software, videos etc from file sharing networks – when you use software such as Limewire, Frostwire, Vuze, or other torrent or file sharing software to download things you always take a big risk because you have no way of knowing where exactly the files are coming from, or if they have been altered – even a song can hide a virus or malware within it and it won’t activate until you play it. Also the majority of software ‘cracks’ or ‘activators’ have malicious viruses in them. Not to mention that downloading copywrited material is also illegal
4: Keep your antivirus and antimalware/antispyware software as well as your operating system software up to date! It is always important to update your system regularly as the software updates often carry fixes for security issues that have been found and without them you are much more vulnerable. Also update your OS to the latest version (yes, if you are still running Windows XP you might have to get a new computer, but XP is 11 years old and was never designed to handle today’s internet).
5: Beware programs like coupon printers, rebate searches, search toolbars, browser add-on’s, screen savers, and especially the fix all or speed up pc programs. Many times these programs are either malicous themselves or are so poorly coded that they make it much easier for bad things to get onto your computer – IF IT ISN’T FROM A TRUSTED SOURCE – DON’T INSTALL IT!
If your computer does get a virus, try to remove it with your antivirus/antimalware/antispyware software, or you can try to do a Windows system restore to a time before you got the virus (as opposed to a full computer factory restore which will wipe all your data).
Got a virus or malware and not sure what to do? If you run into something particularly nasty or need some advice on how to get rid of something, or just need great computer service or computer repair, visit http://pensacolacomputers.com and give us a call.
After completing 8 upgrades of OfficeMate 8 to OfficeMate version 10.5 ( 10.5.23 is the lastest as I write this), a few observations from my own experiences and from things I have gleaned through conversations with others who have done the upgrade:
Firewalls are not really mentioned in the installation guide, but they can definitely cause issues, especially trying to get clients to connect to the server – if you have an issue with the clients not successfully working, and you can see the files on your network share, it is most likely a firewall issue. Open task manager, look for Login.exe and if you find it running, kill that process and then turn off the firewall on your server. If it work after that you will need to go to your server and configure the firewall for the ports that your SQL installation is using.
If you are upgrading from the Access based version of OfficeMate, make sure you have a backup solution that will properly backup your SQL database file (normal file backup programs do not work properly for SQL databases). You will need either a backup program that has a SQL database backup component, such as iDrive, or you can script a backup through the SQL management console then create a scheduled task to back it up. (There are plenty of guides out there on how to do this).
Make sure that you download the latest installation files from OfficeMate IMMEDIATELY prior to installation. There is no easy way to tell the actual version of the file you download (OfficeMate doesn’t properly sign their installation files nor do they include the actual version of the OfficeMate installation in the install executable), so if you download it days or weeks prior to installation you might not have the most current version.
As I have experiened a few issues in the Server installations and database conversions, I highly suggest that you have a full bare metal backup/image of you server that you can use to roll everything back in case an installation goes bad. Even though it is time consuming to make a full backup on some servers, it is well worth the effort for peace of mind if anything.
If you have any questions or issues, feel free to contact us via our contact information at http://pensacolacomputers.com
* Pensacola Computers is not officially connected to OfficeMate software in any way, and all opinions stated are my own observations and you may experience different results. This guide is meant only as a narrative of my own experiences and is current as of the date posted.
I have been working as an IT consultant with Optometrists that use OfficeMate for over 5 years and have installed OfficeMate numerous times for 7 different practices. I have successfully done 7 upgrades in the past few months and assisted on a few others. Please feel free to contact me with any questions.
I recently ran across an issue where a client using a Windows Vista machine could not connect to a specific server via RDP. Every time they would try to connect to this specific server they would get an error that stated “The remote computer disconnected the session because of an error in the licensing protocol”. This computer would connect ok to other servers via RDP, and I could connect to that specific server via RDP from many other computers I tried. So I searched the web for an answer, and many seemed to point to a specific registry key.
The instructions I found all said to delete a couple of keys using these instructions:
1. Click Start, type regedit and hit enter.
2. On registry editor window, navigate to Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing
3. Right click on MSLicensing, click Export and give a name to file e.g. RemoteKeyBackup and click Save it on the Desktop.
4. Right click on HardwareID and Store keys folder under MSLicensing and click Delete.
5. Restart the computer for the changes to take effect. Restarting the computer will create new keys.
I did this and it did not create the new keys and I kept getting the same error.
After a bit more digging, I found the answer, a very simple on it seems in hindsight, but one that escaped me.
**Note: I am not sure if doing the above mentioned registry fix had anything to do with the final fix or not, but it made sense to try it.
To fix this, all I did was go to Programs > Accessories, and right click on Remote Desktop Connection and select “Run as Administrator”
Running as administrator fixed the issue – I think that I probably had a corrupt registry key and only by running Remote Desktop as an administrator was I able to recreate the proper keys.
Hopefully this will save someone else a ton of searching