from nuts and bolts to nets and bytes

© 2022. All rights reserved.

MS Security Essentials comes through again

08 Feb 2010

I had to deal with another friend’s badly infected computer this weekend. This computer had AVG and Spy-bot installed but neither was able to detect an infection.

With the computer connected to the Internet something was launching Firefox and sending it to websites designed to cause more problems.

The computer would also generate AXWIN frame window errors at random. Sometimes when you answered the warning dialogs the computer would reboot.

For the last year we’ve made short work of viruses and spyware. We simply boot from the UBCD (Ultimate Boot CD) and let it do an offline antivirus scan. That makes short work of the worst viruses. There was a problem with the UBCD this time though. Antivir was failing to get updates. Without updates it found nothing. I’m assuming that the UBCD needs re-compiled with newer components.

I’ve had some success finding Rootkits from the command line while in this offline mode. I look in the Windows system folders for newer files that look suspicious. A word of warning — you need to know what you are looking for. If you don’t stay out of here!

c:
# Change to the system32 directory
cd C:\Windows\system32
# Use dir switches
#    to sort by date in reverse order [ /o-d]
#    and pause after each page of file listings[ /p ]
dir /o-d /p

#   ...look for suspicious files with recent modified dates

#

# Change to the drivers directory
cd C:\Windows\system32\drivers
dir /o-d /p

#   ...look for suspicious files with recent modified dates

The atapi.sys file in the drivers folder was new. That qualifies as suspicious but it is an important system file so I left it alone. I later found out that the rootkit infected the computer but one of my rules is stick to the motto: first, do no harm…

The next step was to uninstall AVG and install MS Security Essentials. MSSE immediately found Zango and JS/Iframe.F but there were still errors with the system. I used the built-in Windows utility msconfig to start in a ‘clean boot’ state. A Full scan by MSSE then found Alureon.F which was the rootkit. Alureon.F infected the system driver atapi.sys that I’d noticed in offline mode. MSSE safely removed the infection.

There are still problems with the system but the infections are gone. Microsoft Security Essentials did a good job here.

Another post on MS Security Essentials.

update:  How not to respond to a targeted malware attack – October 2, 2009

“…I have been on multiple customer systems this week to clear up infections, and in every case, Symantec/Norton missed it, but the new Microsoft Security Essentials found and cleaned it. MSE had the definitions more than a week ago. Not bad for free, eh?”

Recipe to sync your iPhone to the cloud for free

04 Feb 2010

iTunes will sync your iPhone to your Mac or Windows PC. There are options to work with Outlook and other Mac/PC software for contacts and calendars. It works but it is not that flexible.

Here’s a link to enable iPhone syncing with a Google account. Google pushes email to the iPhone. Changes to contacts and calendars are kept up to date whether you update the iPhone or Google Calendar, or Contacts. You only need iTunes for is backing up the iPhone or getting software updates. Of course iTunes does the music and other media but I’m looking at the PIM plumbing.

Here’s the link to import Contacts from Outlook into GMail contacts. Google has good instructions for exporting contacts from Outlook or other software and into your Google Contacts.

Here’s a link to a free Google utility to sync the GMail calendar with the Outlook calendar. I used this for six months and it works as advertised.

I am keeping watch on the growing feud between Apple and Google. A couple of years ago they were BFF’s. Now with Google Phones v/s iPhone, Safari web browser v/s Chrome the two companies locked in competition and it is showing. Steve Job’s recent comments sound serious. This recipe works for free if you’re not too worried about Outlook being in sync. If this feud gets out of hand it will pay to have a copy of your personal data that is in your control.

I haven’t found a decent sync utility for Contacts between GMail & Outlook for free. By decent I mean a utility that my aunt, who isn’t a geek, can use. gSyncIt for $15 is the best option to keep Outlook in the loop. There are a few other options but I like gSyncIt because it gives me an up to date copy of my data that is in my control. That might be a little old-fashioned but I’m not quite ready to trust the cloud.

Skype and The Browser Highlighter add-in automatically installs updates in Firefox without asking

19 Jan 2010

Skype is the free instant messaging and VOIP (voice over IP) program. Skype is popular to make free phone calls to another Skype user any where in the world. eBay bought Skype a few years ago.

A recent automatic update by Skype installs another program without prompting the user. The program is ‘The Browser Highlighter’. The Browser Highlighter linked to spyware infections. It was also reported as causing problems with Firefox.

The Browser Highlighter program is only installed if Skype is left configured to get updates automatically. If the Skype updates download from their website The Browser Highlighter program is not included. If you use Skype at home avoid this problem by disabling Skype’s automatic updates. Look under ‘Options/Advanced’ for the settings.

Uninstall the Browser Highlighter program using Windows Control Panel – Add and Remove Programs. Check Firefox add-ons and uninstall it there as well.

Resources:

Tips for backing up your PC

18 Jan 2010

Download & Install SyncBack

  • The reason I like SyncBack most for backups is because it is simple and easy to get at the backed up files. With many other backup solutions I need the backup software installed to open the backup archive file before I can even get to the file I want. That’s a big pain if my computer just died!
  • The free version of SyncBack is here: http://www.2brightsparks.com/downloads.html#freeware
  • 2BrightSparks.com has paid versions also. One of the advantages of the paid version is that it backs up locked files or in use files. The free version cannot.

Get an external hard drive

  • Most major hard drive vendors sell external hard drives as well. The drives come as two types.
  • The first type connects to your computer with a USB or FireWire cable.
  • The second type of external drive connects to your network with an ethernet cable. While it costs more a network attached hard drive allows more than one computer to use it without swapping cables or moving the drive. Consider this if you backup more than one computer.
  • The links below are to Newegg.com but you can get the drives at BestBuy, Staples and most office supply stores as well.
  • Western Digital My Book — USB & FireWire
  • WD My Book World Edition — ethernet

Getting everything set up

  1. Plug in the external hard drive
  2. Create a folder on the new hard drive for the backups. Call it something like F:\Backups (if the new drive is F:). Create more than one folder if the drive is for multiple PCs or people like F:\Mom’s, F:\Dad’s, F:\Kids, etc.
  3. Start SyncBack and create a new Profile with the New button.
  4. Select Backup for the profile type.
  5. Give the backup profile a name like ‘Dave’s Backup’.
  6. Select the Source like ‘C:\Users\Dave\Documents\’ (in Windows XP it might look like C:**Documents and Settings**\Dave\My Documents)
  7. Select the Destination like ‘F:\Dave’s Backup\Documents\’
  8. Under the Simple tab I usually select Backup the source directories files, including selected sub-directories which allows me to choose which sub-folders. Since the videos and music folders are huge I back them up separately. If you just want backups of all sub-folders select the option above this.
  9. Under the Copy/Delete tab check Verify that files copied correctly and Force the file modification date & time to be correct…
  10. Select the Sub-directories tab. Depending on how many sub-folders you have it can take a few seconds to scan. Go through the list and uncheck the folders that you do not want backed up. Check the box that says, “Do not automatically check/uncheck parent and sub-directories.” I found that folders containing temporary stuff was getting checked automatically.
  11. Click the Ok button to save the profile.
  12. Answer Yes to allow SyncBack to run simulation of the new backup profile. Don’t worry, it isn’t backing everything up yet.
  13. When you are ready select the backup profile and click the Run button. The first time you run the backup profile the process takes longer because it backs up everything. After the first full backup SyncBack only copies new files and the files that changed. This is another reason I like SyncBack — the process runs fast. Traditional backup software backs up everything, every time. When the backup is quicker it is more likely to get done!
  14. If you want SyncBack can schedule profiles to run automatically at specified times. You can schedule it to run Nightly or Weekly or Monthly, etc. Do this! When automated you do not need to worry about forgetting.

Alternatives

  • Windows Home Server – HP and other vendors sell Home Servers ($250 – $800). One of the features is to give backup storage accessed over your home network. I haven’t played with this yet. Folks that I’ve talked to love the HP Home Server. The thing they like the most is that it is brain-dead simple. The HP has Mac friendly features in their version so if you have OSX Leopard or Snow Leopard you can use the HP with Time Machine. (Time Machine is Apple’s integrated solution similar to SyncBack)
  • Carbonite – Carbonite, Mozy, JungleDisk, etc. offer online backup. You install their client software on your PC and the software backs up your files to the cloud.

Resources:

Scareware is a growing threat to your computer’s security

18 Jan 2010

Scareware was around for a couple of years but it definitely appears on the rise. The number of calls is increasing. I got of a dozen questions about scareware in the last couple weeks.

Scareware comprises several classes of scam software{.mw-redirect}, often with limited or no benefit, sold to consumers via certain unethical marketing practices. The selling approach causes shock, anxiety, or perception of a threat{.extiw}, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.

A tactic often used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) antivirus software to remove it.[1] Usually the virus is entirely fictional and the software is non-functional or malware itself.[2] According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008.[3] In the first half of 2009, the APWG identified a 583% increase in scareware programs.[4]

The “scareware” label can also apply to any application or virus (not necessarily sold as above) which pranks users with intent to cause anxiety or panic.

http://en.wikipedia.org/wiki/Scareware

It is important not to over react.

That is what the Scareware is hoping for.

Most of the time (but not always) the popup warning is a web page and not a real warning. If that is the case you can close it with the alt-F4 shortcut or Task Manager.

It is best to avoid clicking in the popup window.

Prevention is the best solution. Here are a few tips.

Upgrade Internet Explorer if you are using version 6

  • Do not use Internet Explorer version 6.
  • Upgrade to IE 7 or IE 8.
  • The upgrade is free.

Stay up to date with Windows Security Updates.

  • This is how Microsoft patches issues with Internet Explorer and Windows.
  • Windows provides a few options for managing the updates. Just don’t turn it off.

Use Antivirus and anti-spyware software.

  • Keep them up to date.
  • There are free options so cost is no excuse. Google for AVG, Microsoft Security Essentials and Spybot to name a few.
  • Take the time to scan your computer. It saves a lot of time later.

Use Firefox as your default web browser.

  • Scareware appears to come through advertisements on websites. Ad networks deliver the advertisements. I use a Firefox add-in called Adblock Plus. It is a good layer of defense and Adblock can get rid of those annoying banner ads also.
  • Internet Explorer is the main target because it is the most popular web browser. Using Firefox means there aren’t as many threats looking for you. That is until Firefox becomes the most popular…but that’s not today.

Don’t panic!

  • When you get a warning take a minute before clicking on it.
  • Try the alt-F4 shortcut to close the popup if it looks suspicious.
  • Try Task Manager to find the popup and end it.
  • It wouldn’t be a bad idea to scan your computer with the antivirus and anti-spyware software that you installed after getting a popup.