New Malware Petya Locks Down PCs Until Ransom Is Paid

malwareA new piece of malware is making the rounds using the cloud storage service Dropbox. This ransomware named Petya is reportedly able to lock you out of your computer and forces you to pay ransom to regain access to your files.

According to a report from Trend Micro Petya is being distributed via email. The package is included in a email message from a professional looking for work, which contains a Dropbox link that will supposedly allow the recipient to download their resume.

The file is a self-extracting executable that installs a Trojan which blocks any security software and downloads the Petya ransomware. Once that is completed the real attack gets started.

Petya overwrites the master boot record of the infected computer, causing a blue screen of death. When you try to reboot, you will see a bright red screen with an ASCII skull and crossbones. There’s no way of escaping this because safe mode and system restore points have been disabled.

You are then informed your computer has been locked with a “military-grade encryption algorithm” and only way to get your files back is the dark Web and pay for a key with bitcoin. The going rate is $431, and that doubles if the victim doesn’t pay within a certain time period.

This is a very nasty piece of malware and proves criminals are always developing new methods of attack. To avoid being targeted you must be vigilant about links in emails from unknown senders.

Active Virus Called CryptoWall 3.0

cryptowall-ransomwareThere is a relatively active virus on the loose called CryptoWall 3.0. People experienced problems with this virus in recent days. The virus attacks .jpg, Office and other files and encrypts them so they’re unable to be opened. Unfortunately, the virus is also considered “ransomware” which means the author attempts to extort users into paying to get the encrypted files unlocked. Reports indicate that the initial ransom starts at $500.00 and the files may remain unavailable even after paying the fee.

My experience shows that multiple anti-virus programs have been unsuccessful at blocking this attack. We’ve also had mixed results when attempting to restore files from backups.

It appears that the virus is primarily being transmitted via normal methods: email attachments and embedded links within emailed documents. As always, be sure you know your sender before opening any attachments and, if uncertain about the message, contact the sender before opening the suspect email. If in doubt, delete the suspect email message. Several users have downloaded .zip, .pdf and .jpg files, plus other file extensions with .exe names. Unfortunately, this is quite common since organizations are reviewing job applicant credentials and are processing orders/tracking shipments: Both of these message types may include file attachments.

The virus has encrypted files on local hard drives, external drives (like backup systems) as well as flash drives and shared network locations. Again, there is no guarantee that we can restore files once they’ve been encrypted.

Once your computer has been infected we’ve see several hints:
1) Your Internet Explorer and/or Chrome browser home pages will be redirected to the Ransomware site.
2) Files with the following names will begin to appear in folders, on the desktop, on the network:
– help_decrypt.txt
– help_decrypt.png
– help_decrypt.html

IF you see any of these files or if your browser home page is hijacked to a different location than normal, immediately shut down the computer in order to reduce the risk of further file corruption, then contact me.

Finally, I would not be a bad idea to have several flash drives in use as alternative backup options. Backup any critical files and keep rotating them every three days or so in case the last backup is already corrupted. Unfortunately, if the virus is already on your system then the backups files could be corrupted and useless.

Two New Scams Circulating On Facebook

The first is a scam that promises to give you a free iPhone 6. Yes, it sounds too good to be true and it is.

facebookThe scam first shows up as a shared post. Users who click it are taken to a Facebook fan page where they are asked two do three things. The first is to “like” the page and the second is to share the page with your friends so they can enter the contest too. Sharing the page spreads the scam to your friends.

Then to get your free iPhone, you’re taken to a different website, and that’s where the real trouble begins. That external site tells you to fill out a quick survey to get your free iPhone, but if you fill it out, you instead sign yourself up for services you likely don’t want.

“Some of the available surveys want you to provide your mobile phone number, ostensibly to go in the draw for extra prizes or offers. But by submitting your number, you will actually be subscribing to a very expensive text-messaging “service” that will charge you several dollars every time it sends you a message,” reports Hoax-Slayer.com.

The scam also takes your name, address and other personal information which it then sells to third-party marketers to send you junk mail and annoying phone calls.

SCAM TWO: This is a video you don’t want to watch

The second scam involves a fake video that’s being shared across Facebook titled “Girl killed by husband just because she kissed another man.”

The video seems to show an Asian woman about to get her head chopped off with a sword, and it looks like tons of people have already liked and shared the video.

Call Ace Computer Guy to remove malware programs from your computer.

Unwanted Programs Bundled With Downloaded Programs

pupsPotentially unwanted programs, also known as PUPs, are a real threat. A July 2014, blog post on CERT.org shows the pervasiveness of such programs on search engine results, software portals, popups, ads, etc.

 

 

Hi, it’s Will. We are all probably annoyed by software that bundles other applications that we didn’t ask for. You want a specific application, but depending on what the application is, where you downloaded it from, and how carefully you paid attention to the installation process, you could have some extra goodies that came along for the ride. You might have components referred to as adware, foistware, scareware, potentially unwanted programs (PUPs), or worse. Sure, these may be annoyances, but there’s an even more important security aspect to these types of applications: attack surface.

Recently I was working in a virtual machine, and I needed to extract an archive. 7-Zip seemed like a reasonable choice, so I used the default search engine in the default browser in the virtual machine.

I encountered quite the minefield, and I hadn’t even gotten to the point of downloading anything yet! It’s not that any of the sites outlined in red are necessarily malicious, but rather, if 7-zip is installed from any of those sites, I will likely end up with additional unwanted software. This got me wondering about what sort of software other folks might be downloading.

There are sites that are known for bundling installers for the purpose of generating advertising revenue, such as Download.com, Softonic.com, or Winstally.com. Let’s look at a single download from one of the many sites where you can download software, in particular, KMPlayer from CNET Download.com. I chose this application from the list of popular downloads that Download.com provides. In any given week, this application is downloaded approximately half a million times.

Read The Rest Of the Article Here

Call Ace Computer Guy to remove potentially unwanted programs from your computer.

Windows Is Less Vulnerable To Viruses Without Admin Rights

computer securityDoing your work as a standard user on Windows operating system is the safest way to use your computer. When I need to perform an administrative task, I switch to my “admin account”, complete the task, then log off. I don’t surf the internet or download stuff with my admin account because Microsoft Windows is less vulnerable to viruses without admin rights. After setting up a new computer, I don’t need administrative rights that often. This article provides evidence that bears repeating.

Taking away the administrative rights from Microsoft Windows 7 users will lessen the risk posed by 90 percent of the critical Windows 7 vulnerabilities reported to date and 100 percent of the Microsoft Office vulnerabilities reported last year.

It will also mitigate the risk of 94 percent of vulnerabilities reported in all versions of Internet Explorer in 2009 and 100 percent of the vulnerabilities reported in Internet Explorer 8 during the same time period.

Finally, it will reduce the danger posed by 64 percent of all Microsoft vulnerabilities reported last year.

Read The rest Of The Article Here

Photo Credit

Computer Repair in Lockport, IL

Windows Necessary Firewall Is Rouge Program

Windows Necessary FirewallWindows Necessary Firewall is just another virus developed only to make your computer vulnerable and leave it exposed to all the existing threats. As proof of that, it can be noted that this fake anti-spyware is associated with the Fake Microsoft Security Essentials infection.

If you ever have the misfortune to encounter this anti-spyware application and see its alerts or fake scan reports on the screen, just ignore them. This rogueware is nothing but a scam and the only reason it displays these warnings, is to charge you for useless software. 

When choosing a program to ensure the security of your system, you have to distinguish between a legitimate and secure anti-spyware program and malicious programs.

Remove rouge programs from your computer using Avira Aniivirus Software

Windows Troubles Solver Is Another Rouge Anti-Malware Program

Windows Troubles SolverThis post begins with a the deceptive name of the main character – Windows Troubles Solver. This is another new rogue anti-malware program. Windows Troubles Solver is very similar to the other fake security programs, distributed by the Fake Microsoft Security Essentials Alert Trojan. It most commonly gets into a user’s PC when you enter malicious web pages or free online scanners. You will most probably notice its presence when your computers starts working very slowly and will not be able to load a web page. This rogue launches itself automatically by showing you fake security warnings and then it starts scanning your computer.

It is so arrogant that it will not even let you stop this process. After it is done scanning, it will display the staggering results, stating that your system has been assailed by an ‘Unknown Win32/Trojan’ infection. The primary objective of this rather convincing show is to make you believe that you need to acquire the extended version of Windows Troubles Solver, which can help you remove all the imaginary infections and threats.

In the end, the most important thing you need to know is that you must not believe Windows Troubles Solver simply because it is useless. So what you should do is get rid of it as soon as possible.

For the best antivirus software, use Avira Aniivirus Software

Windows Stability Center Is Rogue Anti-Spyware Software

Windows Stability CenterTrustworthy, as it may appear to you, this program is just another rogue anti-spyware software, developed by the cyber criminals. In many ways, this program and any other intruder application are strikingly similar. Windows Stability Center is developed in such a way that it finds some vulnerability in the PC system and takes advantage of it. The fake software will produce hundreds of false alerts for serious infections.

However, these are just empty threats, intended to scare you and make you believe in some danger that does not exist. Neither the warnings of a Trojan, found on your machine, nor some of the other frightening scan messages, are valid. The one and only plan of rogueware programs, is to confuse potential victims and prompt them to pay for a “real” anti-spyware software that is just a fake one.

There is no escaping the fact that Windows Stability Center has not been developed to ensure the safety of your PC at all. On the contrary – buying this application will be only a waste of money and will, in fact, allow the intruder to accomplish its mission.

Ace Computer Guy in Lockport, IL recommends Avira antivirus software

Remove Contraviro Malware From Your Computer

Contraviro MalwareContraviro is a rouge program created to make you believe your computer is infected with malware and viruses. This rogue anti-spyware program is from the same family as Unvirex. Contraviro usually installs itself onto your PC without your permission and will be configured to start automatically when you log into Windows. Contraviro will display fake system alerts or fake security alerts to trick you to buy the paid version of Contraviro. This is an old trick from the creators of spyware. Contraviro causes your computer to slow down dramatically. Your privacy and data are at risk if it’s not immediately removed.

If you’re not already protected, look for reputable award-winning software such as Avira Antivirus Software

Contact Ace Computer Guy in Lockport, IL to have your PC or Laptop repaired

Computer Spyware Defined

Computer SpywareSpyware is defined as any program that secretly gathers information about you (or your computer use) through your Internet connection. Once installed, spyware programs monitor your activity on the Internet and give this information to interested parties, such as marketing firms. Spyware can also cause problems with your computer’s performance. A computer infected with spyware may slow to a crawl or even a complete halt, unable to perform the simplest of functions.

Spyware can come in many different forms:

Adware

Adware displays pop-up advertisements whenever an associated program is running. Let’s say, for example, that you download and install a free program. If the program came with adware embedded within the software, every time you use that program, you could see pop-up windows. As well as producing unwelcome pop-up windows, adware may also be tracking other information about you such as Web browsing habits, user names, passwords, and more.

System Monitors

These malicious programs are particularly dangerous, and can record almost everything you do on your computer, including email messages, chat room conversations, Web sites visited, and programs you run. They can even keep track of each individual key you press, which can help thieves snare your passwords and allow them to steal personal and financial information.

Trojan Horses

Trojan horses are malicious programs that pretend to be harmless or desirable. Their purpose is to steal or damage your computer data. Some Trojan horses allow an attacker to gain unrestricted access to your computer whenever you are online.

It is important to remember that not all programs that sound like spyware are harmful. Many are legitimate that help your Internet surfing by allowing a web site to keep track of the needs of its customers. Additionally, browser “cookies” can store personalized information for Web sites that you use frequently. The myYahoo start page is a good example of one such site. You can sign in to your myYahoo page, personalize the content, and your browser will store these settings in a “cookie” for the next time you visit the page.

A majority of spyware comes in through downloading software off the Internet. It’s always a good idea to take extra care to read the information that comes with the program before you download so that you can ensure that you know exactly what you are downloading. This information will often be included in the Terms and Conditions you need to accept before the program can install onto your system.

Avira, Best Anti Spyware Protection.