Poweliks Virus – A Tough Clean!!

The latest infection, called Poweliks, hides itself in the registry and hijacks and monitors your Internet connection. Other viruses usually load a few programs or objects on the hard drive that can be detected quickly. This one is worse. Two to three hours of cleaning worse.

The infection seems to be related to spam email – client receives a message, clicks the link or opens the attachment that has the infection. That’s what two clients reported so far.

The virus installs itself into the registry using non-standard characters such that Anti virus programs are unlikely to find and clean. Embedded into the characters are the commands to download and re-install the infection if parts of it are removed.

It takes at least 2-3 hours of scanning and manually editing the registry to get this one out. Sometimes the edits won’t take the first time and further cleaning must be done to even get the registry entry out.

Oh yeah, what is the registry? This is the database of everything in your computer that Windows needs to operate. It includes software settings for each program, all of the hardware attached to the operating system and without it, there is no operating system.

In 7 days I have seen two computers infected with this poweliks infection and two infections with the CryptoLocker and Ransomware viruses.

So far the clients have reported that they saw the following: a pop-up on one computer from a hijacked Earthlink landing page – CryptoLocker was the result; another clicked an advertisement for the ten most powerful men – poweliks was that result and the other two are not sure what they clicked on.

First: make sure you have backups that are not attached to the PC all the time. The CryptoLocker will encrypt that as well. Powelick may or may not bring additional malware and trojans in to the computer but play it safe.

Second: do not click on attachments in email or on links in emails that look suspicious.

Third: if you are not sure about an email or a link, call me and send it for analysis before the computer is infected.

Fourth: Make sure you are backing up regularly.

Fifth: Is your AV solution on and working? Have you run regular scans?

Most important: If you need help, CALL! I am here to be of service to my clients and those they refer to me.

Maybe it’s time for a checkup/tuneup/cleanup before we get deep into the holiday season?

Scott PC-ASSIST/MAC-ASSIST (760) 969-0974

Comments

comments

Powered by Facebook Comments

Cryptolocker Ransomware Virus – Back Again!

363 days ago I posted about this latest twist in the schemes of hackers to extort money from computer users. During the course of the last year, some programs were written that could get the virus out and decrypt the files on the hard drive since the original writers of the virus left the key on the hard drive.

This year, the virus writers got better, smarter and more nefarious – the have figured out how to not leave that information on the hard drive after infecting and encrypting all of your data.

(If you click on something for an install, it won’t matter what Antivirus you have on the machine. The installer is OKd and the Antivirus thinks you have said it’s good. Oops. You just accidentally infected the machine. Some innocent looking programs actually install the malware and toolbars without your consent and then the machine crawls to a halt with the other infections brought in. Don’t install any program unless you have gotten it from a reputable source.)

Last week I got a call from a client visiting Hawaii with his laptop. He got the virus from an infected page in Earthlink. (I thought Earthlink was nearly extinct?)

After a few hours of working to remove the virus remotely, the data was totally encrypted but the virus and anything else suspicious was removed. The machine was at least usable until I could get it back into the shop and go through it in person. We had to create a new email profile since the Outlook file was encrypted and unusable.

The Twist – this year they require victims to download software from TOR to get them paid and for you to supposedly get your encryption key so you can access your files again. Unfortunately not everyone gets their key after they pay. Most people do not know how to install and configure TOR, which as of late, is under careful scrutiny from most law enforcement agencies globally. There all sorts of anarchists and terrorists sharing data and information over that network. I would rather lose my data.

The files are completely lost including the Outlook PST data files, all of the pictures and all of the videos and documents stored on his hard drive as it went through the drive while he had it on.

So where am I going with this?

First: make sure you have System Restore turned on. Sometimes this is the only method of getting encrypted files back if they are not backed up. Do not use System Restore until the infection is REMOVED from the operating system, the hard drive and other hiding places. It will just get reinfected.

Second: BACKUP BACKUP BACKUP! I cannot stress this enough. If we have the data remotely stored on hard drive or cloud backup or preferably BOTH, then we can replace the data with less loss of data such as a picture or two that goes missing from the restore set.

Third: Call someone if you have some strange errors on the screen and TURN the computer OFF! It cannot get too deep if the power is turned off almost immediately.

Fourth: Unless you are really good at virus removal, you might make matters worse! This is true for most infections that I have seen. One client brought a computer in that he worked on for four hours. It took me another 3 to get it cleaned up as the virus kept getting deeper and deeper into the operating system.

Worse yet – some cleaners that come up in the search results are VIRUSES!!! I have had clients install more than one fake virus cleaner only to spend hours scrubbing the computer system up. Please, let a pro handle the recovery.

Last of all: If you can set your computer back to factory default and don’t mind losing everything this is another option. It will be just like starting over as if new.

(Exception: one program in Windows 8 that advertises itself as a replacement Menu is really a virus (Pokki) and when I factory reset the windows 8.1 laptop, the virus got right in as the machine was being reloaded. It had put a copy of itself into the factory image on the restore partition. If you are using Microsoft as the online storage in Windows 8, it will backup everything including viruses and then happily restore the viruses as well.)

BUT I can almost always get out the infection without the loss of data. In fact, 90% of the computers that I have cleaned do not require reformatting the drive or any loss of data.

So are you backing up? Here’s what most of my clients are using from doctors to lawyers and everyone in between: http://www.idrive.com/p=scott_pam

With that free 5GB service the most important documents and photos can be stored. Upgrades to 1TB of backup space are under $50.00.

External backup drives are also incredibly cheap with up to 4TB of storage going for under $200.

So, how important is your data? How important is your computer in your business? In your home? How important are those pictures?

Protect it!

Make sure you are backing up regularly.

Is your AV solution on and working? Have you run regular scans?

If you need help, CALL! I am here to be of service to my clients and those they refer to me.

Scott PC-ASSIST/MAC-ASSIST (760) 969-0974

Comments

comments

Powered by Facebook Comments

OTTER-Insanity

OTTER-Insanity!!!!

Have you bought an Otterbox for one of your phones? They are one of the most popular cases ever sold. However, their customer service is completely unable to handle the simplest warranty issues.

I have had an Otterbox around my phones since Blackberry Storm, an ill-planned phone that never made it more than a month in my possession. So far, I have had Otterbox’s for my Blackberry, two iPhones, my iPad and my Samsung Galaxy 3.

Well, I have to say that finally one of their cases did actually break. So I called customer service to get the warranty service on the Defender for the Galaxy S3 holster and on the front part of the case that is the screen protector.

They require photographs on a template – and send the link via email. The process seems simple enough until you start sending the photographs. I take the first photograph and wait until the rep states, “Ok we have the shot and that’s good enough for us to start the process.”

Shortly afterwards, I get this via email:

“Notes from Monica:

1) Place your entire case on a standard sheet of notebook paper.

2) Draw a few arrows indicating where the damage is located. <—NOTE THIS INSTRUCTION…

3) Write down your first and last name

4) Today’s Date

5) The 4-digit product code located inside your case usually located inside a small circle/square inside the rubber part of your case.”

So I take more pictures. They kept asking for arrows drawn on the photography to identify the problem, so I drew them on the photograph through CORELDRAW so they could see the broken clip since the department seems to be visually challenged. They could not see the broken part the first time.

I upload the photo and an hour later get the following back from them: “Notes from Eli:

Thank you for the photo however we can not except digitally altered photos. We need you to write your name, date and 4-digit product code on a piece of paper. Then place your actual case on or next to the paper so the case and the written information is visible is one photo. Once we receive a photo with the above requirements we will be able to process your claim. Thank you and sorry for any inconvenience. ”

First up, learn to spell. ACCEPT not EXCEPT.

So I call again and ask what the problem is. I was told that they could not understand why I even got the response I was sent.

So I upload ANOTHER photo and then get another response:

“Notes from Alex:

Please be sure to include and clearly show your handwritten name, entire Commuter case and all other info that is requested in the template.
Please refrain from digitally altering your photo, this includes adding arrows and changing the colors of the case.
Thank you!”

After this many hours wasted on photography and uploads and phone calls, I sent them this response:

“Are you folks DAFT?

You say to make arrows pointing to the problem and then tell me that no arrows are to be added. What the hell do you folks want? I already called twice and was told this was acceptable. If you don’t want to perform warranty service, just say so rather than making a businessman go through more freaking hoops.

I can’t wait to blog about this on my site and in my mass emails.

I can no longer refer customers to your products with this level of insanity for customer service.

Either accept the FOUR pics I have sent or get sued.”

I am beyond frustrated and will no longer recommend nor purchase any more Otterbox products until they clean up their customer service issues and either send refunds for the products they are refusing to replace under warranty or send new ones.

Comments

comments

Powered by Facebook Comments

“It’s the end of the world as we know it…” REM 1987
Microsoft recently announced that it will no longer be supporting Windows XP after April 8, 2014. This is known as the Windows XP End Of Life date.
After many years of patches, three service packs and other issues including no further Internet Explorer versions past 8, Windows XP has reached it’s end of life. Office 2003 is also slated for end of life on that same date.
While it is estimated that 30% of all the computers on Earth are still running this operating system, Microsoft made the decision to pull the plug.
Well, let’s face it. Most of the hardware from the Windows XP era is running Pentium 4 chips and is underpowered when it comes to the newest operating systems and software products like Adobe’s Photoshop.

Manufacturers of the latest hardware are no engineering parts for these older systems. Try getting a new AGP Video card for your system. That technology has long since been left behind for the newer and more efficient cards sold today.

Many of these XP computers have outlived their estimates for life after 9-13 years. Yeah, I know, it still boots and most of my clients HATE change. The average lifespan of a computer is estimated to be 3-5 years. With care and replacement parts, that can be extended, but today try finding brand new IDE drives for a 9 year old XP machine.
These systems also came with 512MB – 1GB of RAM, and Windows XP in it’s 32 bit version can only theoretically utilize up to 3.5 GB. The 64 bit version of XP never really took off and there were very few programs that were written to take advantage of the 64-bit system, especially drivers needed to make the hardware work.
What’s the difference between the 32-bit and 64-bit? It’s basically the amount of data the main chip can handle when processing instructions. The larger the data path, the more information it can process at one time. This is why 64-bit operating systems can also address larger amounts of RAM and are not limited at 3-4GB of RAM.
Most newer computers have motherboards and chipsets that handle 64-bit operating systems – some can handle up to 1TB of RAM! That’s a TERABYTE…the scale goes from bytes, kilobytes (thousands), megabytes (millions), gigabytes (millions) to terabytes (billions). One bit is either a “one” or a “zero”. A byte is EIGHT bits. The next level is petabyte and you guessed it – trillions.
When I got started in computers, the chips were 8-bit architecture and we used floppy disks to boot them up and run programs by typing commands into a prompt. Ahem, no questions on my age, please….
Today computers sold with the Intel Core series chips handle the newest levels of operating systems. Windows 7 64-bit is also one of the most popular operating systems and Microsoft is trying to get consumers onto Windows 8.
Windows 8 takes the concept of a smartphone running a Windows based operating system and mashes it into a computer. For some, this is OK and they can work with it. However, the new operating system eliminates support for the free email accounts most of my clients have from Time Warner and Verizon. It only handles one type of email account and most of my clients have avoided Windows 8 – even returning the computers only to have me fix the older Windows 7 computer.
NOW WHAT, SCOTT?
But there’s a silver lining: if your computer has one of the newer chips (Dual Core / 64 bit) and was able to handle Windows Vista, then you might benefit from an upgrade to Windows 7. The upgrades are getting a bit harder to find as Microsoft pushes Windows 8 into the retail and distribution channels.
There are a few different paths you can take for your Windows XP computer, depending on the chipset in it and the maximum memory it will take on the motherboard.

First; if your computer is already more than 5-7 years old, it might be time to get a new one and have me transfer the data. As they get older, more problems can start occurring and parts get harder to find. It also take more time to repair as they are slower than newer computers.

Second: if your computer has a “Vista Capable” sticker, there is a chance that it might be upgradable to Windows 7 or 8 with the addition of memory. Now if you have a hard drive with less than 250GB of space, such as the earlier XP/Vista computers, then you have to factor in the cost of an additional hard drive, more memory, the upgrade to the operating system and if I am doing that, the cost of that upgrade at my shop. Maybe a new box would be best….

Third: some of my clients have moved to MacBooks and iMacs with great success even with the slight learning curve of the Mac operating system. Data is transferrable and the Apple store can sometimes do that. Most clients just drop everything off and give me a few days to get it completed at my shop.
Fourth: I was at my distributor’s tech show last week and got to talk with reps about this conundrum. Customers truly are not happy with Windows 8 and currently, Lenovo and Dell are offering computers with licensing for Windows 8 with downgrade rights to Windows 7 or with just Windows 7. I have been recommending Dell for years and have worked on Lenovo’s for clients. Both are excellent choices whether laptop or desktop.

As for that monitor from the early 2000’s, the newer monitors are more energy efficient, have better resolution and can handle the faster video cards with better refresh rates.

So, here’s a couple of deals if you are staying on the Windows side of life and want to upgrade to a new computer:

Dell still has Windows 7 deals at this link. I say go with the highest memory you can get and the best processor you can afford, Dell or Lenovo.

Lenovo has sent me a list of their business class products with Windows 7. Some come with 3 year warranties and some have only one.
Here are a few;
14″ Notebooks

4 GB RAM – 500 GB HDD – DVD-Writer – NVIDIA, Intel GeForce GT 730M, HD 4600 – Windows 7 Professional 64-bit – 1600 x 900 Display – Bluetooth – 3 year warranty mail-in

 15″ Notebooks
Desktops
Lenovo ThinkCentre E73 10AU002PUS Desktop Computer – Intel Core i3 i3-4130 3.4GHz – Small Form Factor – Glossy Black – 4 GB RAM – 500 GB HDD – DVD-Writer – Intel HD 4400 – Windows 7 Professional 64-bit -1 year warranty

4 GB RAM – 500 GB HDD – DVD-Writer – Intel HD 4600 – Windows 7 Professional 64-bit – 3 year warranty

Lenovo ThinkCentre M93p 10A9000SUS Desktop Computer – Intel Core i5 i5-4570 3.2GHz – Small Form Factor – Business Black – 4 GB RAM – 500 GB HDD – DVD-Writer – Intel HD 4600 – Windows 7 Professional 64-bit – 3 year warranty

All-in-One Desktops
 Lenovo ThinkCentre Edge E93z 10B80058US All-in-One Computer – Intel Core i3 i3-4130 3.4GHz – Desktop – Business Black – 4 GB RAM – 500 GB HDD – DVD-Writer – Intel HD 4400 – Windows 7 Professional 64-bit – 21.5″ Display – 1year warranty

Call for availability and if you have any questions regarding your specific computer and how I can be of service to you!
scott@mac-pc-assist.com / 760-550-9496

Comments

comments

Powered by Facebook Comments

Just when you thought you have heard it all.
Last year’s Ransomware infections took pictures of the user at their desk, and then inserted that into a graphic that locked the user’s computer down and attempted to get the user to pay a fine. How? The graphic stated that you had violated the law and you had to pay a fine to unlock your computer. Click here to see some examples. I probably owe amends to a couple of my clients since I did start laughing when I saw their picture on the screen…well, it did look funny.
This year is a new twist. CryptoLocker Virus.
The virus is spreading through phony FedEx and UPS tracking notices. It is also spreading through computers that already have infections that have not been cleaned up. Some of those infections that are more serious can easily connect to the computers that are spreading this virus.
DO NOT OPEN ANY ZIPPED FILES ATTACHED TO THE FAKE NOTICE. 
If you open the zip file and the virus starts running, it will encrypt your hard drive and you will be unable to use the system according to one report.

Another blogger, Krebson Security, said, “Computers infected with CryptoLocker may initially show no outward signs of infection; this is because it often takes many hours for the malware to encrypt all of the files on the victim’s PC and attached or networked drives. When that process is complete, however, the malware will display a pop-up message similar to the one pictured above, complete with a countdown timer that gives victims a short window of time in which to decide whether to pay the ransom or lose access to the files forever.”

Even if you call the number listed, and give them your money, there are reports where the user is not given the encryption key.

If you have been hit with the virus, there may not be much anyone can do since the encryption keys are not available to the infected user.
The only thing that can be done as of now is to wipe the machine, re-install the operating system and programs and restore the data.
Prevention: 
1) Make sure that you have a BACKUP of ALL of your important files. Quickbooks, Quicken, documents, photos need to be backed up both offsite/online and locally on an external drive. Quicken and Quickbooks can also be backed up to a USB flash drive since many people rely on that data daily. Disconnect those devices IMMEDIATELY if you have accidentally clicked on one of the infected emails.
2) Do NOT open any zipped files from unknown
sources. you can forward something to me and I will be happy to determine it’s nature.
3) Do NOT follow links in emails unless you are SURE you know who the sender is. Even if your bank or financial institution appears to have sent the email, go directly to their home page to login from your browser rather than follow any links in the email.
4) As of today there are few tools that can prevent this but if some become available, I will test them out and send out another email. Stay Tuned.
The US CERT team has the following links for more information on prevention:
If you have not yet setup a backup routine for your computer systems and/or need to review the security and anti-virus solutions to prevent an infection, please call before it has to be a recovery operation.
scott@mac-pc-assist.com / 760-550-9496

Comments

comments

Powered by Facebook Comments

This morning I came across this article, which underlines the need to be VERY careful using the results from search engines. The latest Mac Virus Scam is working it’s way into users Macs who are not paying attention to what results are being brought up. The Microsoft Virus Scam is just another twist on an old scam.

http://www.zdnet.com/mac-tech-support-scam-reported-7000022074/?s_cid=e539&ttag=e539

In fact, this article covers the issues I brought up last time and some earlier articles that I wrote about the fake callers telling me my computer was infected.

What’s the difference? This time you are calling OUT for help. If you call the numbers for these advertisers, you are more than likely looking at replacing your credit cards, debit cards and changing all of your passwords thanks to this Mac Virus Scam. Is it only Mac? In this article they focus on just Macs, but I have written many times about the dangers of not checking what you are looking at in the search results and clicking a link. The ZDNET article covers calling the number in the link.

One of my regular clients tried to install the drivers for her new printer and went to the search engines to look up “HP Printer Driver Installation” and got a phone number, that when she called, remote controlled her computer with her permission and loaded a host of viruses into her 2 year old laptop. The infections took four rounds of cleanup over a few hours to get them removed.

On the hilarious Indian Accent side of life, for those of us still getting the “Your Computer Is Infected” calls.

At 8:00 AM or so my friend Vicki called me up to relate her story, so without further delay…

“So I get a call this morning and with a very thick Indian accents tell me he’s from Microsoft and that they have had so many error messages sent to them and they need to get my computer working correctly because it has virus’s……I told him I’m running Kaspersky and he says the it doesn’t stop virus’s coming from the internet….then he goes to my apps and show me how half of them are not working.”

The scam was that he tried to tell her that the services that were not running were the problem.

If you have ever gone to the Task Manager in any version of Windows, you will see the “services” tab at the top. If you click the tab, it will show what services are running and what are stopped. Not every service needs to be running as some of them are for purposes most home users will never use.

The scams never cease to amaze me. They are all out to do one thing: get access to your computer and attempt to get information from it such as passwords and credit card numbers. How? Let’s say you give these hustlers access. They get you to give them passwords and then pay for the “virus cleanup” and the associated “software”. Bam, they have your credit card number. While you were giving them access and they are showing you how “infected” the computer is, they can be downloading your password files (some of you have them written out in Word docs) and other personal information.

If you are NOT sure about someone calling saying they are from Microsoft, let me help you. Microsoft NEVER calls to tell you that your computer is infected. Yes, there are those boxes that come up after a program has crashed and it asks if you want to send the crash report to Microsoft. That is never a reason for Microsoft to be calling you.

If there is still some concern that the machine might be infected, call me. (760) 550-9496 – I am happy to help solve the problem.

And remember, when I get to your computer remotely, you know who I am, I have references and I can never access the computer without permission from you.

 

 

Comments

comments

Powered by Facebook Comments

And you have spent a decent sum of money to get it developed. You never thought about website theft. It’s the last thing on your mind and website theft is probably not even a concept.

You go about your day to day business never really checking the search engines to see where you might be in the rankings.

Then one day you search for your name and the category of business on Google.

You see your website with another name and it’s an EXACT duplicate of yours, including the changes that you just uploaded.

What do you do next?

This was my afternoon from 3:30PM or so until about 5:30PM.

I finished the website for my client, did the few changes she wanted, uploaded it to the server with written approval and sat back around 2:00 waiting to see how fast she might show up in the search engines. I had already submitted her site to Google and Bing…

Around 3:00PM I went to Google to search her out and see where the website was coming up in the results. It was, BUT UNDER ANOTHER PERSON’S WEB DOMAIN!

Well, I started getting this fixed and having to play detective and internet cop, a step up from mall cop, to get this solved. Starting with the hosting account I checked to see if someone had hacked in and got the website pointing to this other domain…nope. This was at a more nefarious level.

I got in touch with register.com, also known as “beingonholdforanhourwithpoorcustomerservice.com”, and it took a long time to get someone on the line.

Register.com (not recommended for clients) took some action to stop this person from stealing the copy written art work and the design and calling it their own even with my client’s name on it.

I even sent a letter to the email address that was registered with the thieving domain. It was basically a cease and desist or face legal action letter. I have yet to hear back from Register.com or the thief.

I still had to get file a complaint with Google for stolen copyright information.

Bottom Line: check your search engines regularly to see if your site is been hacked, stolen or otherwise compromised. You might never know until it’s too late. they can be stealing your spot in Google!

 

Comments

comments

Powered by Facebook Comments

ads for hp printer driver

Ads that look like HP

real HP Support

Real Links to HP Support

When you use Google or another search engine for anything, make sure that the URL, that is the address of the things you are about to click on, is the REAL address of what you were looking for. LOOK BEFORE YOU CLICK!

For example, if you search out “help with hp printer driver” or just “hp printer driver”, you will find that some of the results are not HP.

Clicking into those results may end up with infections, or in some cases, fake tech support phone lines that hook you up to someone who wants to get into your computer. Surprise! You just got infected!

True links to HP have HP.COM in the URL. This is true for any support from any company on the web.

This is also true for financial services and those institutions.

Bottom Line: Always verify the address you are clicking into before you click into it!

Comments

comments

Powered by Facebook Comments

I just got this call and I love it:”This is Microsoft Technical Support. My name it Roy Wilson. We are calling about your Microsoft Computer.” (all in a THICK Indian Accent…you know my imitations…this one made me look like an amateur – he could have said “Roy Rogers” and I still would have had to control my laughter…)
“Really? Which computer? And let me get your number so I can call you back.” Click.This is one of the latest scams for getting people to pay money by falsely telling them that their computer is infected. Anyone who does not know what these calls are about is liable to be taken to the cleaners when their credit card number is given over the phone to the scammers…they will request remote access to your computer, load all sorts of not-so-good programs into it, and charge you money for their “services”. One of their tricks is to remote in, bring up a folder under Windows that 98% of the non-geeks have never seen and then tell them that it’s all infections. Usually it is a folder containing drivers or system files.If you get one of these calls, hang up. Or, if you are like, me, ask if they can diagnose a TRS-80 Model III…

Microsoft has NEVER EVER called me to tell me anything about my computer nor do I think they will be starting to call people anytime soon.If you do think you have an infection, call me. The Microsoft Call Scam is one of the many tricks that people can use to part you from your money.

I will make sure that your computer is virus free. And I won’t be stealing your credit card information!
Sheesh, what’s the next twist?

Comments

comments

Powered by Facebook Comments

Good Morning folks!

It seems that there is some confusion that was generated by a recent email from a colleague of mine who left the desert and sold his business.

His name is also Scott and many of our common clients and friends and acquaintances got an email stating that he left the desert and many thought it was me.

I am still in the desert, still running PC-ASSIST/MAC-ASSIST for all of your computer support needs.

Over the next few days, I will be posting some write-ups on the new Windows 8 systems that are coming out shortly, the takeover of Linksys by Belkin, and a few other tips and tricks for Office 13 and Windows 8. I will also be getting some demo products to review from a few different companies that were at the DANDH Technology show and will be posting them here as well.

My remodeled home office can now accommodate the growing needs for more work space and stations for repairing and cleaning up drop-off computers. There is now a gorgeous workbench, no more pink carpet (or walls) and I have changed most of the lighting in the office to LED.

Stay tuned as it is getting busier here by the day!

PC-ASSIST/MAC-ASSIST
760-550-9496

PS: I also have a large number of used printers that are in good condition for sale. Call or email for the current list.

Comments

comments

Powered by Facebook Comments

« Previous posts Back to top