BLOG.COMPUTER-CREW.NET
July 2012 Internet Loss Issue
Last November, FBI and other authorities prepared themselves for a sting to take out a hacker ring who had been running an Internet ad scheme on a huge network of infected machines.
"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get `page not found' and think the Internet is broken."
During the night of the arrests, FBI used Paul Vixie, chairman and founder of Internet Systems Consortium, to install two servers to take place of the impounded rogue servers. The plan was to keep these in place until March. However, a federal judge in New York extended the deadline until July.
Here's the rundown:
Hackers infected a network of more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.
The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.
Check to see if you are infected!\
Why Use A Firewall At Home?
Using a firewall on your home computer(s) is extremely important. A simple piece of software that will notify you when an intrusion or ouftbound connection is trying to be established. Most viruses and malware can't initiate unless they are given rights to these options. Without a firewall monitoring the status of these, you are allowing these malicious codes to operate freely.
Commodo Dragon is simple and free. Once installed, a small training period is required. Pay attention during this time as decisions made will change the status of inbound and outbound connections. If you see a suspicious entry pop-up, simply call us to verify or Google it. If you know the program and trust it, simply allow it and the program will remember your entry.
This is the simplest way to add another level of protection to your home network!
Yahoo C.O.R.E - A New Way To Get Information
Yahoo has launched C.O.R.E. (Content Optimization and Relevance Engine), which means that they are now able to categorize how you want to search for information on the web. You can filter what content you would like to see by gender, age, interests or location. This nifty tool can be seen at visualize.yahoo.com/core.
Yahoo explains the the algorithm and how content is delivered to you.
Computer Crew
Yahoo explains the the algorithm and how content is delivered to you.
Today, C.O.R.E. powers content on many Yahoo! properties, including Yahoo! News and the Today Module. There, editors write and gather the most important and engaging stories of the day, and C.O.R.E. determines how stories should be ordered, dependent on each user. Similarly, C.O.R.E. figures out which story categories (i.e. technology, health, finance, or entertainment) should be displayed prominently on the page to help deepen engagement for each viewer.This algorithmic tool will be used to populate the articles and stories you see on Yahoo's home page. C.O.R.E. is strictly so all users can visually see behind the scenes.
Computer Crew
Rootkit.ZeroAccess - Not Your Ordinary Mal-Ware
About Rootkit.zeroaccess
Rootkit.zeroaccess is a nasty piece of mal-ware which acts just like the TDSS Rootkit. Although they share some common code and after effects, they are quite different. Infiltration for this program is quite simple, done through security holes in your anti-virus, or firewall. One purpose of this mal-ware is to lay dormant on your machine, undetectable while opening up a passage for other infections to install on your machine. This is not your ordinary piece of mal-ware, it is a rootkit which runs from the MBR (Master Boot Record). Therfore, sophisticated and well written. When infected it will hide from mal-ware scans, anti-virus scans or other conventional removal methods. If conventional methods do find it and remove it, it will reinstall itself since it is located in the MBR which loads prior to Windows. Another purpose is to make the program writer money, redirecting the search engine results to an investors site. The more people infected with this virus, the more traffic is generated to a site, therefore the more money the program writer makes.
Some symptoms you may experience are:
- Multiple pop-up windows at Windows startup
- Anti-virus symbol not appearing in bottom right hand corner
- “Your computer is infected” warning signs
- Anti-Virus 2012 system scans
- Desktop icons missing, My Documents or Pictures empty
- Search engine results redirecting to advertisement sites (Most Popular)
How to remove Rootkit.zeroaccess
There are multiple methods for removing this virus. Some work, some seem like they work, most don’t work. The best way to be sure this is completely gone is to backup your data and reinstall Windows. I have seen many techs mess this up royally also. Data loss is a real potential with removal of this rootkit, please be cautious. Make sure you have a backup prior to proceeding.
This process can be done in either normal or safe-mode.
Malwarebytes will remove the first portion of this, run that first. Do not reboot after removing infections however. Follow that scan directly behind with a Combofix scan. This will pickup the rootkit and a couple tracer files. Once that is complete, have a bootable anti-virus program ready. We use the Kaspersky rescue disk which will pick up on the remaining pieces of executables. Once all that is complete run TDSKiller for giggles. I usually run a registry repair, cookie cleaner and spyware cleaner. When all of those steps are completed run HijackThis and find out.
If that went too fast for you, call us! You shouldn’t be trying to do this yourself anyway…
Google Will Own You
In the last week Google has announced that they are going to be combining 60+ user policies into ONE. Their aim with this is to make the user experience more enjoyable. What this really means is that starting March 1, 2012, when you log into any of your Google products you will be automatically logged into the rest. Those of us with Google products on our phones and such devices know that when we go to YouTube, Picasa or other Google Accounts we get asked if we want to sign in with Gmail. The point of the policy, claims Google, is to provide “a beautifully simple, intuitive user experience.” This couldn’t be more from the truth.
Google’s most likely trying to compete with Facebook and Apple, who already use targeted recommendations on their sidebar advertisements. Ever wonder why after you “liked” a company or music fan page, ads began popping up with every piece of marketing about that company and its affiliates. It’s no coincidence- the network is closely watching your interests, and click habits. This is how they generate the most money, strategically placed ads on the walls or pages of people who are most likely to click them.
Google Policy
In a post on the company's public policy blog, Google's Betsy Masiello wrote that there have been misconceptions about the changes.
"A lot has been said about our new privacy policy," she wrote. "Some have praised us for making our privacy policy easier to understand. Others have asked questions, including members of Congress, and that's understandable too."
Among the points that Masiello makes in the post:
Are you convinced?
I am not sure if the eight members of Congress, both Democrats and Republicans, who wrote a letter to Google CEO Larry Page asking for clarification about the changes are.
"While Google suggests that the purpose of this shift in policy is to make the consumer experience simpler, we want to make sure it does not make protecting consumer privacy more complicated," reads the letter. The lawmakers also noted that because of Google's global reach, the change "potentially touches billions of people worldwide."
Computer Crew
Google’s most likely trying to compete with Facebook and Apple, who already use targeted recommendations on their sidebar advertisements. Ever wonder why after you “liked” a company or music fan page, ads began popping up with every piece of marketing about that company and its affiliates. It’s no coincidence- the network is closely watching your interests, and click habits. This is how they generate the most money, strategically placed ads on the walls or pages of people who are most likely to click them.
Google Policy
In a post on the company's public policy blog, Google's Betsy Masiello wrote that there have been misconceptions about the changes.
"A lot has been said about our new privacy policy," she wrote. "Some have praised us for making our privacy policy easier to understand. Others have asked questions, including members of Congress, and that's understandable too."
Among the points that Masiello makes in the post:
- Users don’t have to log in to use some of our products. Search and YouTube are two examples.
- When logged in, users can edit or turn off their search histories, switch Gmail chat to "off the record," use "incognito mode" on the Google Chrome browser or employ other of Google's privacy tools. (This is not going to be easy for novice computer users)
- She noted that “Google won't be collecting any more data about users than it was before. We're making things simpler and we're trying to be upfront about it. Period," she wrote.
Are you convinced?
I am not sure if the eight members of Congress, both Democrats and Republicans, who wrote a letter to Google CEO Larry Page asking for clarification about the changes are.
"While Google suggests that the purpose of this shift in policy is to make the consumer experience simpler, we want to make sure it does not make protecting consumer privacy more complicated," reads the letter. The lawmakers also noted that because of Google's global reach, the change "potentially touches billions of people worldwide."
Computer Crew
How to Remove Malware With Malwarebytes
Anyone who has used a Windows based machine has had mal-ware installed on their computer at some point in time or another. If you don't know that you have, it makes it that much more dangerous. Using a scanner such as Malwarebytes periodically will ensure that your computer will stay clean.
Malwarebytes can be used with any existing anti-virus program as it will detect and remove many things left behind by traditional scans. They offer a real-time protection which only costs $25 for the lifetime of your computer. We have recommended this option for many of our clients who continously experience malware issues.
You may need to boot into safe mode with networking for this. Here's a guide
Instructions provided by BleepingComputer
1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:
3. Once downloaded, close all programs and Windows on your computer, including this one.
4. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
7.On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for infections.
8.MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
9.When the scan is finished a message box will appear as shown in the image below.
You should click on the OK button to close the message box and continue with the removal process.
10.You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
11.A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
12.When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
13.You can now exit the MBAM program.
If your infection is still present, give us a call. The next step could get a little more involved.
Computer Crew is not responsible for damage caused to a machine or personal data by anyone using this guide. Call us if you need help!
Malwarebytes can be used with any existing anti-virus program as it will detect and remove many things left behind by traditional scans. They offer a real-time protection which only costs $25 for the lifetime of your computer. We have recommended this option for many of our clients who continously experience malware issues.
You may need to boot into safe mode with networking for this. Here's a guide
Instructions provided by BleepingComputer
1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:
Malwarebytes' Anti-Malware Download Link (Download page will open in a new window)
3. Once downloaded, close all programs and Windows on your computer, including this one.
4. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
7.On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for infections.
8.MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
9.When the scan is finished a message box will appear as shown in the image below.
You should click on the OK button to close the message box and continue with the removal process.
10.You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
11.A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
12.When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
13.You can now exit the MBAM program.
If your infection is still present, give us a call. The next step could get a little more involved.
Computer Crew is not responsible for damage caused to a machine or personal data by anyone using this guide. Call us if you need help!
How to boot into safe mode
Normally you would only want to boot windows into safe mode to diagnose a problem or remove a virus. If you were reading our other guides on how to remove mal-ware and you found yourself here, you're on the right path. Lately, Windows XP users have been experiencing "XP Ant-Virus 2012" which will be discussed in another post. It appears to have destroyed your files, and programs but don't worry, they are still there!
If you are having problems with Windows freezing, crashing, Blue Screen of Death, pop-ups or other un-wanted behavior. Start Windows in safe mode for a quick diagnostic. If you are still having the issues, it might be a hardware related problem. Safe mode only loads certain features Windows needs to run. You won't have anti-virus, web cam or the other amenities we live by everyday but will give you a better understanding the problem.
Booting Into Safe-Mode
· Reboot your computer
· Repeatedly press the "F8" key on your keyboard (your computer might beep at you, it's ok)
· A menu will appear, use the arrows on the keyboard to highlight, "Safe-Mode" or "Safe Mode with Networking"
· Press "Enter" to select the option
· A long list of code will appear. This is normal.
· Some computers will ask you to select an operating system, Windows XP, Vista or 7. It is usually defaulted to the correct option, just press "Enter"
· If you have to enter a password to log into Windows, select your user name (not administrator) and type your password in. Press "enter"
· Click "yes" on the next window to continue into safe-mode
You will use this guide to bypass most Mal-ware and you can now continue on to "How to Remove Mal-Ware" If you were just trying to diagnose a problem, does your problem still exist in this format? Is you computer still freezing or Blue Screening? You might need to replace the hard drive and remove your files off the old one before it's too late.
If you are still confused, or think you may have messed something up; please contact Computer Crew
If you are having problems with Windows freezing, crashing, Blue Screen of Death, pop-ups or other un-wanted behavior. Start Windows in safe mode for a quick diagnostic. If you are still having the issues, it might be a hardware related problem. Safe mode only loads certain features Windows needs to run. You won't have anti-virus, web cam or the other amenities we live by everyday but will give you a better understanding the problem.
Booting Into Safe-Mode
· Reboot your computer
· Repeatedly press the "F8" key on your keyboard (your computer might beep at you, it's ok)
· A menu will appear, use the arrows on the keyboard to highlight, "Safe-Mode" or "Safe Mode with Networking"
· Press "Enter" to select the option
· A long list of code will appear. This is normal.
· Some computers will ask you to select an operating system, Windows XP, Vista or 7. It is usually defaulted to the correct option, just press "Enter"
· If you have to enter a password to log into Windows, select your user name (not administrator) and type your password in. Press "enter"
· Click "yes" on the next window to continue into safe-mode
You will use this guide to bypass most Mal-ware and you can now continue on to "How to Remove Mal-Ware" If you were just trying to diagnose a problem, does your problem still exist in this format? Is you computer still freezing or Blue Screening? You might need to replace the hard drive and remove your files off the old one before it's too late.
If you are still confused, or think you may have messed something up; please contact Computer Crew
