Response: Control panel>Uninstall FireFox. Then I went to the (windows Vista settings) user/application data> local and roaming directories and deleted the FieFox folders completely. Then downloading and installing a new copy of FireFox solved the problem. That was three days ago, and I’ve not been called back for subsequent fixes.

I have been chasing the Windows XP Anti-Virus 2012 and Firewall malware for about a week now, in a home with three computers, that don’t share data, but the malware seems to get taken off, then shows up on one of the other (or both) computer(s). a day later. The computers are all being used for separate uses, so common websites/files aren’t a condition. Best guess I can come to right now is the Internet Explorer * is compromised on one of the systems, since we can scan with several products, block with firewalls, and at some point, it’s either hammering to get in with great rapidity, or it reappears on the screen. Today I had them shift that computer to FireFox as the default browser and it’s been quiet on the phone since this morning. Haven’t gotten an email or call, so I suspect that’s the case. In a few days, barring a reinfection, I’ll have to figure out how to uninstall IE 8 and put it back in again.

Between all of these, I can’t figure a common thread of how it’s happening, but the result is not so good for the users. I have a suspicion one of the flash game websites, frequented by one user may be injecting scripts, but that’s still just speculation right now.

Be careful out there! Make sure any links you click are really good ones…..that will be the topic of another full featured post soon: How to validate links.

I didn’t get to see all the problems, as he tired to fix it first, before deciding this was something different. The story goes like this: “I had a message on the screen to upgrade [not update] Avast.” He did as directed, and it said it had to reboot. When he came back to the login screen, all three users were presented and he clicked on his own icon. In he went, to a balck desktop, missing all but the public icons. When he started Outlook 2007, it took him to the new install, set up a new account wizard.

He ran a restore point, yet the results were the same. He left me a message.

I go there and began to look for the associated “hide all your icons” malware, but the user documents folder was empty…not even any hidden files, just like a new Windows 7 user would be. Found the Outlook .pst, and it was very small, but there with a new date. His desktop folder had none of his files/icons, so this left me wondering what was up. I pulled up the cmd line and what caught my eye was the initial directory was “C:\Users\TEMP>,” not one named for his user, as he signed in under.

From here, I wondered what was up, so I went to regedit and did a serach for “\users\temp.” I got the result I was looking for (in HKey_Users), but it was the surrounding registry entries that clued me to the fix required: The malware had taken the normal -1000 (first user) and had renamed in with a “.bak” extension, and then in the now existing -1000 user settings, it had used his login in name, but pointed his settings to the “\user\temp” folders, which now explained the absence of any of his files.

I went back to Windows Explorer and confirmed all his files were actually in the user folder bearing his name, and then, being a bit smarter on the problem, noted the temp user folders were, of course, like a brand new user.

The repair was simple at this point: Rename the offending -1000 user with a “.bad” extension on the entry, then removed the “.bak” from his real -1000 user entry. Of course, I first backed up the registry as it was, just in case I would find out this wasn’t the case, and then, with the changes in place, restarted the system and all was now back to normal.

Still can’t tell you the exact cause, but the symptoms were a solid black desktop, and empty files for My Documents/Pictures/etc, and Outlook wanted to create a new install for a new user. All it turned out to be was the infection had copied and renamed the proper user registry entry, and put iteslf in is the user, and, while using the the correct user name, it was sending the coputer to the new “TEMP user name, now new and empty folders.

The reboot after correcting the registry entries worked fine, and that was two weeks ago.

Not only was the email addressed to me, but to a number of local business people I know, but do not correspond with via that email address, if I do at all. Most are people I have met networking and have their cards, so I know who they are. Point 1: I could see all their email addresses.

It didn’t take much scanning to figure out point 2: I can guess with about 99% certainty who has been sending out emails with this list of addresses. I get them from him, too, and in this email account.

Point 3: Because of his method of blasting his email contact list “in the clear” using the “to:” and “cc:” fields, he now makes all his contacts vulnerable to be collected and used, increasing the quantity of SPAM traffic on the net, not to mention annoying (at the least) and infecting (at the worst) all those computers of your friends and family and business contacts.

Putting all those puzzle pieces together, he’s how you can save your friends, family and business contacts from more of such a fate:

1) If you feel inclined to send something out, put their addresses in the “Bcc:” field. Then any recipient will only see their names, and no one else, and therefore, if this email finds it’s way into someone’s email account where they farm email addresses to send out SPAM to, you’ve put up a simple firewall on that activity.

2) When you get that forwarded 20 bizillion times joke, or offer for Bill Gates to donate $1 to your favorite charity, do this: Right after you click on the “Forward” function of your email, hilight and delete all the other lists of emails that are visible in the body of the message. Besides saving someone from being SPAMed as a result of you inadvertently helping SPAMers collect their address, think how much better a reading experience those who receive it will have when they don’t have to scroll down 37 screens to read the relevant material?

Summary: Put email address for blast work in the “Bcc:” field and remove any visible lists of email addresses in items sent to you, if you forward them along!

Understanding the Digital Landscape

What is it?
How do you find it?
How do you use it effectively?

Computers save us time in everything from information storage and retrieval, calculation, graphic design, and report preparation. E-commerce allows our websites to keep our businesses running 24/7.

A failure at any point, from our office records to our online presence, can quickly snowball into a technological disaster, especially for a small business that doesn’t have an IT (information technology) staff in-house.

Seminar leader Curt Middlebrook, The Computer Whisperer, provides insights into the equipment, computer programs, and office and internet support services out there, and the people who provide them. You’ll learn how to maximize your online efficiency, and how to track the success of your online marketing.
This is a Lunch & Learn program, part of the Pinellas Park/Gateway Chamber of Commerce Success in Business Series. Your registration includes detailed information for evaluating every aspect of your company’s digital landscape, as well as a light lunch.

When : Tuesday, November 16; 11:30 am to 1:30 pm
Where : Park Station, 5851 Park Blvd., Pinellas Park, Room 202

Cost : $19.95 Pinellas Park/Gateway Chamber Members
$24.95 Non-members

Call Chamber Manager Larry Steinlauf at 544-4777 to register.
You must be registered to attend.

The irony? as I was removing a virus off a “real” PC this morning, my client indicated they might buy a Mac, so they wouldn’t viruses. I began with a little business analogy: One day, it will happen. When? When the Macs in the market reach some magical %, the “bad guys” will then take the time to study the Mac OS in detail, to try and exploit it. I also went on to discuss how a business decision, when done right, always looks for the most impact, for the least expenditure of resources. And, as of that moment, it must haven’t arrived (little did I know)…yet. I potulated, that when it did, it would be like a very big tidal wave, particulalry accentuated by the fact that it’s “well known” Macs are invulnerable from attack. Yeah, right.

So any how, for you MacoPhiles…gird your loins, the attainment of 20% of the PC market by Macs announced by Steve Jobs a few days ago, has had an impact on your bulletproofness. Be on your toes, and hope the good guys have anti-virus software ready for you, really, really soon.

Here’s the warning from the articles at ARSTechnica:

A new trojan horse has cropped up that affects Mac OS X (and Windows as well), primarily disguised as a video flitting around social networking sites. When users click an infected link, a Java applet is launched that downloads multiple files, including an installer that runs automatically without users’ knowledge.

While between other appointments this after noon, I saw the article (linked above) and I knew the time has come.

Note, too, you Windows based PC users, you’re a casualty of this new attack, too.

Be on the look out for any video on the social media sites….all of you computer users.

I’ll bring this history, too, because there have been Mac based viruses before. In early 1988, I contracted the “Scores” virus on my Mac II from a download off of GEnie.

That was bad news. The good news is the PC market exploded on cheap Intel based PCs and the bad guys went after them. That has left the Mac world as the untouchables for all these years…until now.

In one case it wasn’t pretty at all, with me spending three evening trying to save their family photos.

The “bad guys” figured out how to insert viruses and Trojans in the “free” files, on that peer-to-peer sharing network. Not all of them, but it certainly was a crap shoot when you tried to pick a torrent to pull down for your entertainment.

Anyhow, the full report from TechCrunch is here.

What does that mean exactly? It means the people who write and manage software are doing a pretty good job of staying ahead of the hacker crowd, but,we the users, are become our own worst enemies. Not that we purposely let spyware, malware and viruses in, but we are more easily fooled into doing just that.

The “bad guys” are becoming very good at replicating things that are legitmate, both in look and in a social context, that make us want to click it.

Next hing you know, you’ve got a “ScareWare” problem, which, if you don’t pay the ransom, it begins to dig about your files and, over time, render your PC useless.

What got me to post this? An article in a security news feed I track saying there are a crop of “Browser Updates” showing up on people’s screen, and, we do what we are told “KEEP YOUR COMPUTER UP TO DATE!”

That makes it increasingly difficult to sort the fake updates from the real ones.

Let’s be careful out there and, according to Symantec researcher Parveen Vashishtha know this:

Malware authors are employing innovative social engineering tricks to fool users — it’s as simple as that…”

< a href="http://consumerist.com/2010/07/security-patching-for-xp-service-pack-2-ends-today.html">“Security Patching for XP Service Pack 2 Ends Today”.

It costs money to have teams of people, like fire fighters, employed for the “in case of emergency” situations. Yes, while they aren’t responding to the latest hacker attacks, they can be doing productive things with their product line, but consider Microsoft has two other fully functional PC operating systems they have to support as well: Vista and Windows 7.

Short translation: If your computer(s) is (are) running Windows XP, and you haven’t updated beyond Service Pack 2, then you are potentially at risk if the hackers figure out a new way to end around the security features of XP/SP2.

The good news? Make sure you’ve installed Service Pack 3. Microsoft will still have resources that keep that “vintage” of XP updated and patched for security holes.

In the long run, it’s notice to consider drafting your plan to upgrade your operating system software, and possibly your systems. I have been using Windows 7 on various machines for about a year now, the first installation on a very old computer, and I did it just to see if it worked…it did. Not that some of the others I’ve upgraded haven’t had a few issues with finding drivers, but it’s time. Besides, it runs fast like XP, yet is pretty like Vista!

If you need help laying out a plan and a budget for your business, contact me!

The “bad guys” on the Internet have long had a habit of finding the biggest security holes with the greatest potential impact. That’s one reason why the Apple computer line has remained effectively virus free (I caught at least one in the early Mac days (Scores), so don’t tell me there never has been any Mac viruses).

Over the years, operating systems have been “hardened”, so the bad guys have become creative and looked towards other avenues, to the point that Mike Cox in an article “Social media attacks dominate first half of 2010 malware trends” on eChannelLive tells us what is now going as as the biggest impact by the bad guys:

“Cyber criminals are putting increasing emphasis on using social media platforms like Facebook and Twitter as effective ‘spread mechanisms’ for malicious software,” said Arvid Gomez, Norman vice president, OEM and Technology. “In the past, they put nearly all of their efforts into compromising PC operating systems. As social media use becomes part of the fabric of our daily life, Internet users need to make certain they are taking the necessary steps to protect their privacy and security.”

He then goes on the discuss the koobface malware that has come through FaceBook since 2007. I encountered this at a client’s site about 4 months ago.

Another method to not only frustrate you, but also get some money, or your credit card number for use in, in the least case fraud, and the worst case, identity theft, are the “scareware” or “rasomware” programs that take over your system and basically demand that you buy their removal tools, which…are pretty much garbage anyhow. Mike has this comment:

Norman security experts also note that fake antivirus programs continued to plague many home PC and business users. Rogue antimalware programs have been around for a long time. In recent years however, they have become increasingly widespread, and represent a major problem. These programs can be difficult to eradicate, as they often consist of many different malicious elements.

I spent a better part of Wednesday ripping one of these attacks out of a laptop of a client’s office machine. I’ll say this: About 6 months ago, I could find these and get around them and eliminate them in about an hour. That was thanks to having seen several in a short time frame. They all had different file names, and loaded themselves from different places on the drive, but they all used the same methods. The one I ran into Wednesday had grown far smarter. I found it pretty quickly, but it had done many things to mask itself, and had placed some more hooks in the registry than I was used to deleting. Additional, I found a browser web director trojan in there, too. It may have arrived as a package deal, but it took 6 hours to find it, delete the offending things, much of the time was spent running scans, which found more things with each delete/reboot/scan cycle. It’s gone now and they are back to work, without having to just wipe the drive and begin all over, but it was a long day, when some elements have become smart enough to even force a load, regardless of some settings you applied to keep them from coming in a boot up.

I know many people don’t want to learn about the specifics of keeping your computers free of malware and other bad things, but your choice, as I see it, is to commit to some training by your local computer support person/people/staff/support company, or you can call us up and pay by the hour to undo what was maybe a 5 second decision on what to do about the question: “XXX is requesting to run. Do you want to block or allow it?” from your firewall protection. Because of the bad guys, you must get some education in how to keep from your system from becoming unavailable for a few hours (at best) to days (worst case).

Good rule of thumb: You can unblock accidentally prohibited functions. You will lose time and money if you let something in out of “I don’t have time to deal with this, I just want to get back to work!” frustration.

Read Mike’s article and practice intelligent computing!