Product Description We’ll teach you proven techniques and provide you with the software professionals use. These “self proclaimed” professionals easily charge up to $200 for the same cleaning. In some cases even more, just look… Geek Squad (Best Buy) | $199.99 in-store | $299.99 in-home Local Computer Shop | $99-$125 per hour The pricing is only good for one time and backed with a limited warranty that only covers infections they may have missed. Also keep in mind that you could wait 3-10 days for service depending on backlog. Why bother? Do it yourself for a fraction of the cost in a fraction of the time. Not just one time, every time you get infected. Antivirus and Antispyware software DO NOT WORK! Honestly, there is no software, paid or free, on the market today that can effectively prevent a virus/spyware infection. So there is no point in subscribing to one. Trust us, we have repaired computers running brand new updated antivirus and antispyware software completely full of viruses and spyware. Sometimes the antivirus software recognizes an infection but can’t remove or quarantine it. Quite frustrating. The bottom line is, don’t waste your time and money on software not guaranteed to work. Our DVD will teach you how to clean your pc quickly and easily, Guaranteed or Your Money Back!. What you will get with your purchase: 80min Instructional DVD (Region Free) Software tools included on DVD Cleaning Checklist Tips to optimize and keep optimized Unlimited email support Free Worldwide Shipping

©2010 . All Rights Reserved.

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

©2010 . All Rights Reserved.

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

• PE_SALITY.JER (Trend Micro)

• Virus.Win32.Sality.aa (Kaspersky)

• Virus.Win32.Sality.y (Ikarus)

• Virus:Win32/Sality.AM (Microsoft)

• W32.Sality.AE (Symantec)

• W32/Sality-AM (Sophos)

• W32/Sality.AE (Norman)

• W32/Sality.AH (Panda)

• W32/Sality.AK (F-Prot)

• Win32.KUKU.a (Rising)

• Win32.Sality.OG (BitDefender)

• Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

©2010 . All Rights Reserved.

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

[via Avast Forums]

After you get this very bad Virus you are done for.  You would need to install the Operating system from backups or even start a new.   This seems to be building this week and there isn’t much you can do once your infected.  I do recommend a good Anti-virus and Firewall but that wouldn’t fix the problem right now.  You will need to pull your backups out and start the process.  I suggest a complete wipe and then do the Restoring the backups.  This little virus likes to infect any .EXE it can so just restoring the Windows Directory will not help.  Remember only you can prevent from getting infected.

©2010 . All Rights Reserved.

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam

[Click Picture to see the full story]

As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

You could be the next person to have your Identity taken away from you.  So what should you do to prevent this type of phishing attacks, assume any email you get from Facebook, Myspace, Twitter, and Any other Social Sites to be a possible phish email.   These are always going to be a problem for these sites.  The spammers want access to be able to spam your friends and family with links, or to make you look foolish.  This is the reason they do it for Money or just for laughs.

One thing to remember is having a strong password will make it that much harder for you to be phished because if you can’t remember it you will be more careful.  I will keep preaching this having a good Firewall and Anti-virus will also prevent you from getting viruses from these type of phishing attacks.  It will also make it much more harder to go to sites that smell like Phish.  Remember only you can keep your identity a secret.

©2010 . All Rights Reserved.

With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

So which ones will likely be the exploits they will use? I have a few theories on that and One of them is the INTERNET EXPLORER vulnerability that will be patched and will try to get you to launch the link and will most likely try to launch it in Internet explorer, That would be my guess.    It seems to be Internet Explorer 7 and Below which will be patched so if you want to try out the IE 8 Beta,  You should be safe on that.  Although the best bet is to prevent users from clicking links in emails and also warning them not to open any attachments they are not expecting.    I’d also have the AutoPatcher ready to install the lastest patches for this Tuesday and schedule a time this week to update all the possible systems involved with the Databases.  Although this isn’t one that tries to steal your data it is however a chance the writers to look at what you have and you know how that can be call a data breach.   So if your the IT for the department I’d suggest sending out warnings so they can keep from being caught with their pants down.   I’d also suggest having Anti-Virus and free Firewall installed on all the major systems and it wouldn’t hurt to have the installed on minor systems if at all possible.

©2010 . All Rights Reserved.

It’s that time of year where people are hearing about the Stimulus Checks and some Phishing people are still trying to get people’s information for your bank account and steal your identity. One such one is sending out email for the 2008 Stimulus Program this email account looks to be “stumulusref@i-r-s.com”. As you can see this is a .com email address and not a .gov address.

The IRS will never send out email. The IRS will never ask you for your PIN or Any personal information. Don’t reply and don’t open any attachments, more like is if they send out any attachments they are going to be a virus and you will infect your system with any number of possible viruses out there. To protect yourself from virus you should consider installing one of the many free anti-virus softwares and also installing a firewall will help protect you. Only true way to prevent yourself from being a victim is YOU. No one else can keep your information private but you.

©2010 . All Rights Reserved.

After seeing more and more the updates coming from the net.  I wanted to talk about what a Computer Virus or Trojan is and how you get it.   So how did  you could of gotten a Virus in the first place.   So here are some information to consider:

The vulnerability of operating systems to viruses

So what does that mean to you?  Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit.

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit.  Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems.  You see if they can get on one system they can then find ways to get on other systems.

In the Old days, you’d ask

How Did I Get This Virus, Anyway?

You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document. How you copy the infected files is irrelevant: Viruses don’t care if you get them as an e-mail attachment, a download, or via a shared floppy disk, though e-mail attachments are the most prevalent (and easiest) mode of transport.

[via PcWorld] (Dated Oct 13, 2000 11:00 pm)

Viruses & Trojans try to Avoid detection

So you have a virus, it wouldn’t do a virus any good to be detected right after getting onto a system.   More and more, viruses are trying to avoid being seen and heard.  Most hackers who program are wanting to infect more than one system so they have to make really sure that you don’t find out your infected.    So with that said there are several ways  and I won’t try to explain them because I think the link talks about it better than I could.   It however will give people something to think about.

In the next few days there will be another post on How you will be able to figure out if you have a virus.  I had to talk about this first so people could understand how to figure out if you have in the next post.  So stay tuned for more

©2010 . All Rights Reserved.

Think you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack.

If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

If you don’t know what you need to update sometimes just having a program check for you can make a really good difference.   The one that I like to use is Appsnap and it actually searches you computer to see what might need to be updated.   I also suggest for the final suggestion is check out my Anti-Virus and Anit-Spyware Resources and make sure you have a firewall and anti-virus software.  This will greatly reduce your chances of getting a virus but that isn’t all you have to be careful on what you click on read this article on Some Important programs to prevent yourself from having viruses and Malware!! Read that carefully to better understand how you can protect yourself in the future.

©2010 . All Rights Reserved.

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

As PC Trojans go, the programming features of RSPlug.E look fairly basic. PC malware is more highly evolved and usually cleverer. But a programmer – probably a Russian – with knowledge of OSX had taken time to create a Trojan that hits Macs instead of PCs, James pointed out.

[via Techworld]

Which looks like it has already begun. So what can Mac users do, get an Anti-virus and maybe Apple will have to start backing down from the Virus commercials and actually admit it. Sooner or later someone will have to challenge Apple to get them to start admitting to it.

©2010 . All Rights Reserved.

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

• Avg detected Trojan Horse Generic 12.htc? – This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.
  
• Some Important programs to prevent yourself from having viruses and Malware!! — This article gives you some other programs to use other than Symantec.   You have a wide variety of choices on Anti-virus programs and Firewall Choices.  You also have some choices on Spyware removal programs.

This is just the beginning in getting your system clean.  You have to keep all you programs up to date and one way I do that is with Appsnap.  This little program keeps you programs up to date from Virus to Firewall.  I hope this helps people prevent and control spyware.

©2010 . All Rights Reserved.

OK, so let’s say the user (by some stroke of luckless chance, or courtesy of a trojan downloader) ends up with the demo installer of Rogue:W32/VirusRemover2008.C on their hands and it runs
[via F-Secure]

According to them, they have many different version of this rogue antispyware.  They have de, dk, es, fr, it, no, nl, and no, which are all attempting for you to buy this no so Virusremover2008 software.  They talk about how it tells you have a 9 infected viruses and that you need to remove them, but in truth, they use a text file to create this lie.  Check out all the details for further information.

©2010 . All Rights Reserved.

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update.  If you haven’t updated your system just yet you should.   This troublesome fake virus seems to have been killed  from several systems.  This could effectively make it harder for these guys who ever designed this program to make money.  I hope microsoft does even more virus removals in next month.  If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.

©2010 . All Rights Reserved.

From what I’ve seen so far. There seems to be a new rash of email going around with the heading that makes it look and feel like either UPS or Fedex. Saying that you have an undelivered package from them and to either print the order confirmation or to click a link. I will say this once, if you get this delete it. Fedex and UPS will never hide the link and tell you have an package waiting in the email. They will leave a note your door. You must ask yourself how Fedex/UPS found out your email address to tell you have a package waiting? They don’t and they won’t, just a fact.

UPS/FedEx Delivery Failure : Snopes

TROJ_DLOADR.GG and TSPY_ZBOT.NM Trojan, which will Monitor and try to steal your data. The other one is a ZBot and will try to steal you data also. If you need help removing this virus, I’d suggest checking out my other virus article Avg detected Trojan Horse Generic 12.htc?. There are a lot of ways to remove this virus but the first step is never click on any links in your emails. I also wrote about Some Important programs to prevent yourself from having viruses and Malware!! This will help prevent and fix the common virus problems you might have.

©2010 . All Rights Reserved.

I’ve had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw.  So I did some research and found some sites that you should not go to, or download from.   These sites have been know to spread the fake anti-virus malware software.   So I wanted to warn people of some common websites that have been known to have viruses on them:

• hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.
• hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.
• hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube,   When you go to this site they say you need a special to play a video clip.  Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.
• hxxp://0scanner.com/—censored—/ –  This site usually tries to send you the “Adware.FakeAntiVirus.L” virus.  Another site trying to install malware.

If you want to check your system, here are some places to go to get a free Anti-virus check:

• Panda Security Active Scan
• Trend Micro House Call
• Kaspersky Labs Free Virus Scan
• Symantec Free Antivirus Scan
• Bitdefender Free Online Scanner
• F-Secure Online Scanner

If you have any other ways sites that we should avoid by all means comment about it. I would love to hear sites that you know are bad!!

©2010 . All Rights Reserved.

Having been going to the Google Trends and keeping watching.  I am starting to wonder something?  Take a look at this and you tell me?

Can you see how someone might use this to create a Goog-411 and use it to promote there website? It is all about the hits and getting what publishers like to say the eyes on a website. Now is that going to confuse people or make people not want to come to a site.  So how would people abuse this?

Very Simple, they’d watch what is trending and post accordingly.  Now you as a reader would click on the website expecting to see what you want to see but instead it would popup with advertisements and maybe malware?  Check these links to better understand it:

• Skype isn’t always safe!
• Some Important programs to prevent yourself from having viruses and Malware!!

Now even though these are just a few.  You can see how someone might want to abuse it and get there site up on Google trends and be able to infect several to even millions of computers before Google sees that or stops.  You could in theory take over a website high in Google rankings and do exactly that.

Then I have to ask myself, why would hackers want to do it in the first? One they’d be able to direct people to sites that they could use to phish your information, or maybe make money by you going to these sites. It is all about money, I don’t say that lightly, but it seems to always be true.

So what is Google doing to prevent this? is it right to use Google for your advantage? Do we need it for anything other than to see what people are looking at? Is that a form of them tracking your every click.

Are you comfortable with them keeping the list of what people searched for last year? if you don’t believe me, go check it out yourself. These are important questions to answer and should be explored.

©2010 . All Rights Reserved.

If your have been having problems with Flash Players stoping after 2 seconds of playing.  I have a few ideas to try to get rid of the problem.  It used to happen all the time with Vista in the early days.  Here’s what I did to occasionally get the flash player to work:

• Cleaning out the Prefetch Directory! — Having seen this from time to time. If you have programs startup that might need to be refreshed this will refresh them so that they run like new. You occasionally can get programs that will load in a odd way and this will fix that also.

• You want to be more anonymous? — Cleaning out your cache on your browser can sometimes fix the problem. It’s like anything else it can sometimes be corrupted.

• Some Important programs to prevent yourself from having viruses and Malware!! — Having seen this with my own two eyes, if you have a viruses or malware on your system that too can cause problems with playback of flash media.  So just double check making sure you don’t have any viruses.
  

• Adobe Flash tips and Tricks! — Also having found this out.  Adobe actually keeps the flash video on there servers cached or sometimes somewhat buffered to help with playback.  Clean the cache out at the source sometimes fixes the problem also.

Now having used some of these tricks to get flash players to run has on occasion worked for some strange reason or another.  Although I don’t know if this will fix the 2 second playing video problem I get the feeling it should since in theory it has everything to do with cache and corruptions of the files. If you can come up with some other tips or tricks to fix the problem let me know!!

©2010 . All Rights Reserved.