Recently a virus that has been around since earlier this year, has morphed into a greedier and more prolific version. The current version of this virus was first reported in September of 2013 and is considered to be in the class of Ransomware. What this virus does is it encrypts certain file types on your computer such as pictures, documents etc using a mixture of AES and RSA encryption. Once the virus has encrypted the files, you will not longer be able to access them, and it will display a CryptoLocker payment program which says you must pay $300 USD within 96 hours or the encryption key which will unlock your files will be destroyed making your files for all intents and purposes unrecoverable. Currently there is no one who has been able to crack this encryption, and a brute for attack to decrypt the files would take a super computer years and years.
Although some websites have reported that this virus makes your computer completely unusable, that is far from the truth, you can still use your computer, the virus makers need you to be able to use your computer to pay the ransom, you can even easily remove the virus, however at this time, the only known way to recover the files is to pay the ransom (we are not suggesting to do this, as there is still no guarantee that it will get you your files back). The virus is being spread most commonly through email attachments that pretend to be from places like FedEx, DHL, UPS and are often sent to company email addresses. The emails contain a ZIP file that when opened show a file that will often to appear to be a PDF file but is actually a exe file (file names like FORM_12345.pdf.exe with the exe being hidden depending upon your computer settings). In order to see the hidden exe extension in Windows, open Windows Explorer (file manager ie My Computer), and if on Windows XP, Vista, or Windows 7, go to Tools, Folder Options, View and uncheck the box that says “Hide extensions for known file types” – in Windows 8, go to the View tab at the top of Windows Explorer and Check the box that says “File name extensions”. You should never ever run any kind of .EXE file that comes in an email, and you should only open any kind of attachment when you know that the specific person who sent the email was sending you that specific file – when it doubt, call the person/business, or send them an email asking about it BEFORE you open the attachment.
It is also been mentioned that if your computer is already infected with some malware that makes your computer a member of a botnet, that this virus can be automatically downloaded by other malware on your computer – you should always keep your antivirus and antimalware software up to date and do regular scans! If you do get this virus and your files become encrypted, you have 96 hours to pay the ransom or the current copies of your files will become useless. This virus is especially dangerous to businesses as it is reported that it can and will encrypt files that are on mapped network drives (usually on servers in businesses where files are shared and stored). Unless you have what is called shadow copies enabled on your computers, or have online backups or backups that are not on any mapped network drives, it is possible that you will never be able to recover viable copies of these documents once they have been encrypted – we highly recommend using online backup such as iDrive or Carbonite – ( visit us at http://pensacolacomputers.com for more info on online backup solutions)
This virus is actually fairly easy to remove, however if it is removed by antivirus after the files are encrypted, you will have to manually re-install the virus in order to pay the ransom. The guys over at Bleepingcomputer.com have an excellent guide telling all about the cryptolocker virus as well as removal instructions – http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information although if the virus morphs, these tools may not work.
For virus and malware removal, or general computer repair or computer service here in Pensacola Florida, visit Pensacola Computers at: http://pensacolacomputers.com
Pensacola computers has been providing licensed and certified computer repair and computer service to local businesses and home users since 2003 and focuses exclusively on Microsoft Windows and PC’s
Unfortunately, in my job I see a lot of computers that have gotten a virus or malware and need to be fixed (and not just PC’s but Mac’s as well lately). While some infections are due to lack of adequate protection – up-to-date antivirus and antimalware/antispyware software, others are due to people falling prey to social engineered malware (fake links on facebook etc), or people accidentally clicking on things, or one of the ones I really dislike – a virus coming in through one of the mass forwarded emails.
It is a misconception that just because you have antivirus/antimalware software that it will protect you 100% – even the best software is hard pressed to protect a computer when someone allows something to come in by clicking ok, yes, or installing questionable software or downloading questionable files (yes, all of the people using limewire, frostwire, or torrent software – you all are at risk every time you download a shared file!). Many times a virus or malware will get onto a computer because someone has installed some ‘toolbar’, ‘searchbar’, screen-saver, coupon printer, rebate searcher, or other such program like those worthless ‘speed up my computer’ programs that are either badly written or are actually malicious and downloads other bad software behind the scenes. **Special note: Almost ALL of the speed up my PC programs are basically worthless and can often do much more damage to your computer than good. Anything that messes with the Windows Registry can damage your Windows installation if it remove the wrong things, and many of them do that!
So what can you do to better protect yourself and your computer from these nasties? Here is a short list of things that I always recommend following to eliminate the most common ways that a computer can get a virus, malware or spyware.
1. Never click on links from social networks such as facebook, or links in emails – regardless of what a link says it is, it can easily be made to hide something else. What you can do is right click on the link, select ‘copy shortcut’ then paste that into the address bar of your browser to see what it really is (or if you have the status bar in your browser enabled, you can often see it there) – if you don’t recognize the link or it looks suspicious – DON’T GO THERE!
2. Never open email attachments unless you specifically know that the specific person who sent you that specific email was sending you that specific attachement – too often people will get an email from a friend or family member that has an attachment and that attachment is a virus that a virus on their computer sent without them even knowing about it. If you don’t know what it is, and weren’t expecting it – DON’T OPEN IT!
3. Don’t download songs, software, videos etc from file sharing networks – when you use software such as Limewire, Frostwire, Vuze, or other torrent or file sharing software to download things you always take a big risk because you have no way of knowing where exactly the files are coming from, or if they have been altered – even a song can hide a virus or malware within it and it won’t activate until you play it. Also the majority of software ‘cracks’ or ‘activators’ have malicious viruses in them. Not to mention that downloading copywrited material is also illegal 😉
4: Keep your antivirus and antimalware/antispyware software as well as your operating system software up to date! It is always important to update your system regularly as the software updates often carry fixes for security issues that have been found and without them you are much more vulnerable. Also update your OS to the latest version (yes, if you are still running Windows XP you might have to get a new computer, but XP is 11 years old and was never designed to handle today’s internet).
5: Beware programs like coupon printers, rebate searches, search toolbars, browser add-on’s, screen savers, and especially the fix all or speed up pc programs. Many times these programs are either malicous themselves or are so poorly coded that they make it much easier for bad things to get onto your computer – IF IT ISN’T FROM A TRUSTED SOURCE – DON’T INSTALL IT!
If your computer does get a virus, try to remove it with your antivirus/antimalware/antispyware software, or you can try to do a Windows system restore to a time before you got the virus (as opposed to a full computer factory restore which will wipe all your data).
Got a virus or malware and not sure what to do? If you run into something particularly nasty or need some advice on how to get rid of something, or just need great computer service or computer repair, visit http://pensacolacomputers.com and give us a call.
For those who might have waited until the last minute, or forgotten someone on their list, here are a few great last minute tech gift ideas:
Malwarebytes Pro – Malwarebytes is one of the best and finding and killing pesky malware on your computer. The Pro edition also offers a pretty good protection module and best of all it is a lifetime license with free upgrades. Use coupon code Q65-TRJ-G7J for a 15% discount at checkout here: Buy Malwarebytes from Malwarebytes.org
Carbonite online backup – This is one of the best ways to protect your data from hard drive crashes, accidents, data corruption etc. You should Always have backups of the important files and pictures that you can’t replace. Carbonite offers basically unlimited backup for a great price and it is one of the most easy to use, set it and forget it programs out there: Click the following link to get the computer protected now!
ESET NOD32 Antivirus – ESET is hands down one of the best antivirus products out there with consistently excellent detection rates and low demands on your system resources. All computers should have an up-to-date Antivirus software product protecting them – use the following link to save 25% : New – ESET NOD32 Antivirus 5 – Save 25%
Also, if you hurry, BestBuy is currently having a special midnight sale with some great discounts through 7AM Central time on the 23rd: Midnight Sale, Online Only, Starts Thursday (12/22) at Midnight Through Friday (12/23) at 8am EST.
For any computer or technology related questions or needs, contact us at http://pensacolacomputers.com where the advice is always free! Providing the best IT service in Pensacola
Microsoft has just released Security Essentials 2.0 (MSE 2.0), which includes a number of enhanced features. In this latest version there is a updated and reportedly much better hueristic scanning engine for viruses and malware (heuristics look for virus/malware like behavior on your computer). Also included is improved integration with Windows Firewall, and new network traffic inspection. The firewall enhancements are only available to those running Vista or Windows 7 as Windows XP does not have the needed platform to run (if you are still on XP, it is really time to seriously consider upgrading as XP is now 10 years old and was never designed for today’s internet or programs).
Microsoft Security Essentials integrates with Internet Explorer to protect your machine from Web threats like malicous scripts. With the increasing number of viruses and malware spreading to all computers from social networking sites like Facebook, and the constant email bombardment, it is imperative to make sure that you have active and updated anti-virus and antispyware/antimalware software on our computer (yes, even Macs and Linux machines are now getting infected with viruses and malware).
The best part of Microsoft Security Essentials is that it is free for home users as well as being free for small businesses with 10 PC’s or fewer. While only time will tell how effetive this latest version is, I would certainly recommend using it in place of software like Nortons or Mcaffee (both of which are often first targets for virus and malware writers).
You can download Microsoft Security Essentials free directly from Microsoft here: http://www.microsoft.com/security_essentials/
*Note: Microsoft Security Essentials, like most antivirus software cannot be installed with other antivirus software as well as some other security software, so make sure to remove other security software before installing it.
For links to other free security software or help with Malware, Spyware and Virus removal, visit Pensacola Computers Tech Support page
Once again, a round of Facebook scams is hitting users. This recent one is a rehash of one that has been done before that entices users by telling them they can install an app to see who has viewed their profile. In the past few days, messages such as “OMG OMG I can’t believe this actually works! Now you can really see who viewed your profile on:” followed by a link that redirects people to ads, malware, or other garbage.
According to security firm Sophos, over sixty thousand people clicked on the link in a period of a few hours. Sophos recently published a blog post that outlines the scam here. For people who are wondering, Facebook has repeatedly said that there is no way to see who has viewed your profile and no way for such a function to be created. Facebook security encourages users to report any such suspicious activity and remove any references to such things from your news feeds. They also suggest making sure that you only grant known applications rights via your Account>Privacy Settings>Applications and Websites settings.
As always, all users should follow internet security guidelines and not click on suspicious links, regardless of their supposed source. Always ensure that you are running up to date antivirus and antispyware/antimalware software, and do regular scans. You can find links to free antivirus and antispyware, antimalware software on our Pensacola Computers Tech Support page. If you do get infected or have a question, contact us at Pensacola Computers
Security software manufacturer BitDefender today released some very interesting statistics which it has garnered from its Facebook Safego app which allows users to check their vulnerability to malware that they are exposed to via Facebook. The scary results show that 20 percent of Facebook users are exposed to malicous posts in their ‘news feeds’. These users are at risk just by clicking on one of these posts which have been highjacked maliciously. The scary part, is that the sampling that was gotten in these statistics come from people who were at least security conscious enough to install this app in the first place which means that these numbers could in fact be much higher in reality.
A breakdown of how these malicious malware items can get into your computer:
For those who think they are safe because they have a Mac, guess again, you are actually probably more at risk on Facebook through viruses like the latest Koobface variant that is multi-platform due to most Mac users not having adequate anti-virus/anti-malware software (and the inherent flaws already known in Mac security).
Remember, just because a post ‘appears’ to come from a friend, doesn’t mean it does – many people get their accounts hijacked every day, either through malware on their own systems, or just plain easy to guess passwords. Always be carefull clicking links, never EVER download software that comes through a link on Facebook, and be very careful installing any Facebook app.
If you are interested in the Safego app from BitDefender, you can find it here: Safego Facebook App
If you are in Pensacola and worried about virus/malware infection or think you have gotten a Computer virus or have Malware on your computer, visit Pensacola Computers at http://pensacolacomputers.com and check out the Tech Support page there for links to the best free and paid for Antivirus and Antimalware software.
For those who are still using Windows XP (still quite a few, although that number is rapidly decreasing), here is a short tutorial from Pensacola Computers on how to use System restore in XP Safe Mode. This can be extremely useful when faced with a virus, malware, or any kind of software change that has made using XP in regular mode difficult or impossible. System restore is often the easiest way to reverse the harmful effects of a virus or malware. Always be aware that System Restore, while reversing software changes, does NOT remove files, so even if the virus or malware is not active, the files are still there and must be removed. If you are using System restore due to a virus or malware infection, be sure to run full virus and malware/spyware scans as well as reapplying any needed Windows and software updates. While system restore is not always able to fix a bad virus or malware infection, it is a great first step in attempting to bring your system back to a usable state.
Visit Pensacola Computers Tech Support page for links for the best free and paid for antivirus, antimalware, and antispyware software.
If you need more in-depth help with virus removal, malware removal, computer service, or computer repair here in Pensacola Florida, please give Jeff at Pensacola Computers a call today at 850*390-4242
This past week, Facebook has once again been the target of a massive malware attack, this time through a huge emailing campaign that sent out millions of fake emails that read “Because of the measure taken to provide safety to our clients, your password has been changed. You can find your new password in the attached document.” – Of course, the attachment is malware that includes password stealing Trojans, downloaders and scareware fake antivirus software. Opening the attachment is of course on of the big no-no’s in computer security – you should never ever open an attachment unless you specifically know the person and that they have told you that they were sending you an attachment. Facebook continues to be one of the highest used vectors for the spread of malware, and a lot of the danger comes from the inadequate security measures that Facebook takes in regards to its users.
Also this week, the cybercriminals have targeted college basketball fans and celebrity gossip watchers (specifically the Jesse James/Sandra Bullock story). These criminals have very slickly optimized their malware infested webpages for the search engines. Security biggee Mcafee reported that 5 out of the first 10 hot searches on Google Trends were sites that had been hacked to serve malware. Most of these sites are not dangerours to systems that are protected, however there are many people who do not keep their antivirus/antispyware software up to date and are vulnerable.
The greatest defense to all of these things is of course to not visit such sites – however that is not always practical. Keeping up to date security software, and never EVER downloading software without knowing the source, and never EVER opening attachments in emails without first verifying the source and content are important practices to follow. Remember, if you get a pop-up saying to update your Flash player, or Quicktime or anything else, Do NOT allow it to install anything – instead go to the source of the software, ie: Adobe.com for Flash, or Apple for quicktime etc.
Here in Pensacola, approx 60% of the computers I have had to clean malware and viruses off of got infected from Facebook, so for users of this popular social networking site, I advise extra caution. One of the easiest ways to get infected on Facebook is from a friend who has had their account hacked (usually because of using an easy to guess password – make sure to always use a complex password on such sites!). One an account is hacked, the hackers send out messages to all the friends on the persons lists, usually with links to infected websites, so be careful even of messages from friends!
For links to great free and paid for antivirus and antispyware, visit Pensacola Computers.Com Tech Support page
Lately I have been seeing more computers infected with the Vundo Trojan, which as one of the ill effects constantly bombards users with Antivirus 360 messages that their computer is infected. This program should not be confused with Norton’s 360 (which in my opinion is almost as bad, but not malware). The infections it tells users are on their machines are bogus, and are often critical Windows Files. Of course they want you to buy their product in order to ‘clean’ your system, however what you buy is actually more spyware/malware. Unfortunately, in many cases if your computer is infected with this, there is a chance that you also have other infections, and while there are tools such as Malwarebytes Anti-Malware and Spybot S&D that can help remove some of these, they often cannot get everything (it is a hit or miss kind of thing).
The best thing of course is not to get infected in the first place, which can be done by keeping up to date Windows updates, a good antivirus, and usually a couple anti-spyware products, and of course not downloading anything that you aren’t sure of what it is. Many of these spyware products are installed when you install supposed ‘video codecs’ or by viewing infected videos and even music files (stay away from the file sharing sites). You can also be infected by malicious code that can attack your computer from social networking sites like MySpace and Facebook (never click on a link that you aren’t sure of, nor download any kind of ‘media viewer’ from these sites).
If you do get infected, you can try a system restore (hopefully you have a restore point that is before you got infected), as well as run full antivirus and anti-spyware scans. Many times it is best to run these scans in Windows Safe Mode (press the F8 key when the computer is first booting). Safe mode will load only essential drivers and services and often the antivirus/antispyware software will have better success at killing these pesty infections. Of course, before attempting any cures, it is a good idea to make sure you have critical data backed up (and make sure you scan your backups for viruses/spyware before putting it back on your system once it is cured!)
Win Antivirus 2009, it’s not an antivirus program, rather it is a particularly nasty piece of malware that will infect your machine, tell you that your machine is infected (all the stuff it says you are infected with is bogus), and will try to get you to purchase something that will ‘clean’ your system, when in fact it will just infect it further. What is particularly nasty about this program is that it often bundles even more garbage on your system and the resultant infection can be almost impossible to remove. Besides hitting you with constant popups telling you that your system is infected, it will slow your internet browsing to a crawl, redirect your web searches, and it, or one of the other bits of crap it installs, can disable your antivirus, block you from downloading products that can actually detect and remove some parts of it, disable your system restore points, replace critical system files, install other nasties like keyloggers which can steal your passwords, infect your email program and send off copies of other malware to your contacts, and generally just make your system unusable.
While I have read of many different methods to remove this infection, due to the nature of it, the only guaranteed way to ensure a clean system after a nasty infection like this is to wipe the drive and reinstall Windows. This is often the cheapest (in terms of time) and pretty much the only sure fire way to make sure your system is clean.
So how do these infections spread? There are a few ways that such nasty malware is spread across the internet, some of the more popular ways are through email attachments (never open attachements unless you know specifically that someone was sending you something, as even if the email comes from a friend, they themselves may be infected, and it is the virus that sent the email and not them), another way is through false ‘updates’, like if you go to a website that says something like “in order to view this content you need to update your flash player, or quicktime, or you need some kind of codec” – when you get something like this, NEVER install from that site. If you actually do need an update to flash, go to adobe.com, for quicktime, go to apple.com, for other codecs, go to the manufacturer. Once you have the latest update, or if you already do, and you still get those kind of popups, then you can be pretty much assured that it is a scam. These kind of things can also come from some spoofed Ecard sites, ie: you get an email from a known friend or associate that has a link to view an ecard they sent you, and when you go to the site, it says something like “click here to install the ecard viewer” – this is most commonly another way to install garbage on your computer.
Most importantly, make sure you are running current antivirus and antispyware programs. If you are unsure of something, don’t click on it. If you do get infected, as soon as you experience symptoms, try to do a system restore to a point before you got infected (sometimes you can’t as the system restore points are removed by the virus). In cases where you can’t get rid of it, take it to a professional, or if you are comfortable doing it yourself, back up all your important files, and reinstall Windows (a fresh install of Windows can be a good thing in terms of bringing back the speed to your system). Just make sure to update Windows with all the patches and service packs before venturing back out onto the internet!