Index Page
Viruses and Hoaxes
If you look at the adverts, please come back by clicking the back arrow at the top
| Index Page |
To view the whole site please click on >>
SITE MAP
Next
Page |
|
This page may help you avoid those nasty destructive programs
See also Here for Basic Security
There are literally hundreds of items which may legitimately appear in your Startup list (Start, Run, Msconfig, startup tab) but this is where things like viruses and Trojans may hide, so they load each time you start the machine. If you wish to check what they are see http://www.sysinfo.org/startuplist.php.
26th June 09 One
of the fastest ways to become infected (apart from a tour of a pig farm in
Mexico) is to do a search of the Internet and follow the links blindly. Mcafee
has summarised the searches that most commonly led to sites harbouring viruses.
Mcafee has a free Site Advisor, which rates sites (but with
some inaccuracies - a suspicious site can appear and disappear in a
day)
The top most dangerous terms to search for in the
UK:
Screensavers (34% risk)
Bebo (33.3 % risk of exposing web users to malware)
Friv (22.2 % risk)
Hotmail (20 %t risk)
Yahoo Mail (20 % risk)
Alistair Darling (16.7 % risk)(I always thought he was pretty harmless)
Hot UK deals (14.3 % risk)
YouTube (14.3 % risk)
Gordon Brown (12.5 % risk)
iPhone (12.5 % risk)
Jogos (12.5 % risk) What is/are a Jogos ? DON'T do a search to find
out
Free games (6.8%% risk)
In my own experience searching for free Video converters is just as dangerous
!
But, although there is much talk of 'drive by' infections the most common method is suggesting you download and run a program. If you do, make sure you check it with your anti virus program.
26th May 09. After Conficker comes 'Gumblar'. This is caught merely by opening infected websites. The virus then redirects Google Searches to fraudulent websites and also recruits your PC into a Botnet
10th May 09. Trend Micro are saying that Conficker infected PCs will show 'scareware' adverts for Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, Worse than that they will get your credit card details !
28th April 09 Conficker News. The Conficker worm is slowly being activated according to security experts, weeks after being dismissed as a false alarm.Conficker, also known as Downadup or Kido, is quietly turning thousands of PCs into spambots and installing spyware, they claim. We are likely to see an increase in Spam and also 'scareware' (false anti-malwre programs). Despite international efforts to thwart Conficker it seems impossible to know whether one's machine is infected, although earlier reports indicated that normal good security measures should prevent this. But it can still spread via USB memory keys. My guess is that the machines most likely to be infected are the millions who run non copyright Windows programs, which includes the majority in China, India and Russia. Perhaps, for the sake of the world internet Microsoft should allow security updates even on such machines ?
10th April 09 The Conficker story moves on day by day and it is thought that the latest version (named Version E) is now installing further malware on the 10 million already infected machines in the vast 'Botnet'. It is thought that the malware includes 'Waledec'. This is a very serious piece of work, capable of giving control to the owners and copying things such as passwords and bank account details. It is also thought that the Conficker writers may be selling access to the botnet to spammers or scareware profiteers. Microsoft have offered a $250,000 bounty on the heads of the organisers. For more information from PCworld click HERE
8th April 09 While the Conficker virus turned out to be an April Fool joke (nothing appeared to have been triggered on the 1st April) it is probably still resident in millions of computers - hopefully not yours. There are various tests you can carry out to make sure. If your PC has been acting in any peculiar way please read the article HERE. If you think you have it then run one of the free cleanup tools. The Conficker-specific tools are McAfee's Stinger, Eset's Win32/Conficker Worm Removal Tool, Symantec's W32.Downadup Removal Tool, and Sophos' Conficker Cleanup Tool.
In a recent report from Microsoft it was found that spam as a percentage of emails can be as much as 80 or 90%. Whereas this seems high to me I am surprised that virus infection is as low as the quoted figures which were around 8.6 per thousand. In the UK it is lower, at 5.7 per thousand. Brazil and Russia are the most badly affected. In the main, if one keeps up with updates from Microsoft, your anti virus program and things like Acrobat (PDF Reader) you have a good chance of infections being spotted and cleared. 'Scareware', i.e. downloads that try to scare you into buying software to clear what often turns out to be harmless 'tracking cookies' is quite common and a good earner for the perpetrators. Nevertheless, known losses from illegal credit card use and bank account accesses amount to HUNDREDS OF MILLIONS (£) per year but one wonders how much people and banks are prepared to admit - so it could be higher still.
5th April 09 Recently called to a PC that was showing an error message about a missing DLL file. I discovered there was a program of the same name which was ticked to start in the Startup (go Run, Msconfig, Startup). But it also turned out that the machine had an infection with the Vundo Trojan, which can wreak all kinds of mischief on a machine... Blue screens, restarts, turning off the Microsoft Updates and preventing access to your anti virus programs. I used Malwarebytes to clear it and, although it took two hours it found all the four Vundo entries and cleared them. The Restore file was also infected, so I stopped that temporarily to clear it then restarted it. Job done ! FULL MARKS to Malwarebytes.. a free program
30th March 09 Security experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines which is easy to detect using a variety of off-the-shelf network scanners. But still no-one knows what the affect will be on Wednesday. Personally it will be my day of rest and I would advise others to take time out and watch for TV reports to see if there is havoc in the airways (if the satellites still work)
26th March 2009. The Conficker worm is now thought to have infected millions of computers, including those at Westminster See HERE It is thought that is will trigger something on the 1st April but no-one knows what. If you have up-to-date antivirus software you should be in the clear (unlike our MPs!)
18th March 09. People know that I am keen on Avast anti Virus program but I did not realise that it could be beefed up (until friend Bert told me how) If you use the program left click on the blue ball on the bottom line. You will see that you can increase the sensitivity of the program. Also, there are numerous programs listed on the left, including Internet Mail. Having clicked on that, click Customise Looking at each tab in turn you will find that you can put a tick in to insert messages in sent mail (to indicate that the mail has been scanned. It will also insert a message in any mail that it considers to be infected. Worth doing.
A new one... I spent a long time getting rid of a supposed anti virus program on someone's laptop. It was called Antivirus 2009, though there was a similar one called Antivirus 2008 and now an Antivirus 2010. Although they list any viruses on your PC and offer to get rid of them for a price, using them only infects your further. The best program for clearing them is the genuine Malwarebytes, which is free. However, with a new twist, the same rogues are managing to redirect you to a fake CNET Download.com page. If you click on many of the links you are correctly redirected but if you click on Download you just get infected further ! See BBC Article on this at http://news.bbc.co.uk/1/hi/technology/7907635.stm And this is not a fake link... HONEST !
25th February 2009. Last night I had an apparent call from a contact using Live Messenger. The message contained a link (blue underlined) which included my Hotmail address. I thought it strange and asked them about it. It seems that their machine had been infected as they had received something similar and had, unwisely, clicked on the link. This then sent the same link to every one of their contacts, so spreading the thing like wildfire! Repeated messages came through to me every few seconds! I told them to go off line and do an anti virus check. This appears to have cleared it.
18th February 2007 Microsoft has admitted that there have been continuing attacks via its Internet Explorer 7 (IE 7) and suggest that everyone who is using it MUST get the latest patches fro http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx choosing the one appropriate to your Operating System (XP/Vista etc). The most recent attack is via a spammed email with a Word (doc) attachment. It is expected that attacks will become more sophisticated and will steal information from PCs
Chrome gets the thumbs down from Windows Secrets Newsletter. They say: If you use Google Chrome, make sure you update to version 1.0.154.48. Or perhaps you should consider an alternative browser — for now, anyway. Like all new software, Chrome is plagued by dangerous bugs.
5th February It seems to me that malware is becoming more sophisticated. It is more difficult to find and eradicate, hiding away even from Hijackthis (a major tool in fighting these things). However, I received this letter from someone who was very exercised by Adware/Spyware products from Funweb and Mywebsearch programs Having found no signs (apart from pages of deletions by Spybot) in the Hijackthis log I turned the problem over to Zuumedia. I was finally relieved to get this response from my contact:
"A great big bouquet to you. Firstly, I would like to thank you again for help with my pc problem. You were very patient. You are absolutely right about Zuumedia. I had three people Brian, Bill and finally James working on this problem, You were on the right track and I think it helped when I was able to tell them some of the things you said. Especially telling them what they were looking for i.e. Funweb and Mywebsearch toolbar. CCleaner did not fix the problem but dear old AVG did the trick. Using a deep scan and 2 hours later the two culprits appeared and in a flash they were erased. They certainly were hidden. I cannot praise them enough and would like to recommend them to everyone with a pc. I have three free months of their service, but I definitely will join Zuumedia. For a fairly modest price I will have complete freedom of worry. Also every quarter they will overhaul my computer and fix anything that may be needed. Thanks again Keith. In addition, if you would like to use any or all of this email in Silverhairs I would be delighted"
To go for their 30 day trial click
HERE
January 2009 Had a real struggle disinfecting a friend's laptop. It had no anti virus program so was full of malware. Worse than that they had loaded Antivirus 2009, which is a very serious scareware program. As well as pointing out the viruses and demanding cash for their removal it cleverly prevented me from installing all my favourite security software. In the end I found something that could be installed from www.malwarebytes.org. That cleared about 50 malware and enabled me to get on the net, install AVG, Spybot search and Destroy, Hijackthis and Superantispyware. I did thorough checks with each of them and they each found a little bit more. But finally it was clean and running smoothly. But, in all, it must have taken about six hours. The only good thing is that I have made yet one more discovery in how to beat these nasties. Full marks to MalwareBytes. I will send them a contribution. Lastly I was bothered that the laptop would not close down unless I shut down a program called Sample.exe. After going up a blind alley about the Nimda Trojan I discovered that it is loaded in the startup (Msconfig) in the form of zcfgsvc.exe and/or ifrmewrk.exe programs. These are Intel utilities intended to run the wireless function. They are not required (as the Microsoft software does the job) so one can happily untick them by Running Msconfig and looking down the Startup list.
1st February 2009 Ran Superantispyware on my laptop. It found only two problems and one was a simple cookie. However the other mentioned Vundo. It removed this on reboot. But I decided to look up Vundo and it is more than just the usual spyware. See the Wikipedia HERE. More credit to Superantispyware. Worth my contribution.
January 15th. F-Secure have said that the latest version of the Worm virus, Downadup (or Conficker), first found in November 2008 is infecting unprotected computers at a rapid rate. This will turn all the infected computers into a large 'Botnet' under the control of the malware authors. The noticeable effect would be a slowing computer as files are downloaded. Both F-secure and Symantec have removal tools e.g. Click HERE for the Symantec version.
The Conficker virus has opened a new can of worms for security experts. Drives such as USB sticks infected with the virus trick users into installing the worm. The "Autoplay" function in Vista and early versions of Windows 7 automatically searches for programs on removable drives. However, the virus hijacks this process, masquerading as a folder to be opened. When clicked, the worm installs itself.
If you find a file which you suspect is malware you can submit it to Sunbelt who will test it in an on-line 'sandbox' (secure area of their computers) and let you know the result
January 09. Had considerable difficulty cleaning up a friend's laptop, which had become infected with the Antivirus 2009 scareware product. It was true to say that the machine was thoroughly infected with viruses but the so-called antivirus program filled the screen with dire warnings to the extent that it wasn't possible to do anything with it. The program even prevented me from loading things I would normally use to get rid of such wretched software. This was eventually cleared by downloading a program from www.malwarebytes.org. An excellent program that cleared it and 50 other malware files. I was then able to access the net and download and install AVG, Superantispyware and Spybot Search and Destroy, running each in turn. Even then I was suspicious of the fact that the PC was running slowly and when I went to close it down it would fail to do so unless I closed a program called Sample. Searches revealed no such program and the Task Manager showed nothing, either. I looked again on the net and it was suggested by Symantec that Sample was the Nimda Trojan. I downloaded the Symantec Nimda removal tool and, after closing Restore, as directed, ran this tool through the whole hard disk. Nothing was found and I later discovered that the problem was caused by an Intel program loaded on Toshiba and Dell laptops to run the wireless function. This is loaded in the startup (Msconfig) in the form of zcfgsvc.exe and/or ifrmewrk.exe programs. They are not required (as the Microsoft software does the job) so one can happily untick them by Running Msconfig and looking down the Startup list.
Virus writers are getting more sophisticated (and are selling their wares to crooks, who are out for your hard earned cash. Unless we keep ahead of them they are sure to infiltrate onto your computer in one way or another. Guru Bob Rankin has some good advice for you on this subject. See http://askbobrankin.com/how_to_mess_up_your_computer.html
And one of the latest summaries on the malware business is mention on the BBC site HERE
January 09. If you are replacing Norton with another AV product you should uninstall the Norton with their own uninstall program which you can find HERE Make sure you choose the right version
December 08 Facebook's 120 million users are being targeted by a virus designed to get hold of sensitive information like credit card details. 'Koobface' spreads by sending a message to people's inboxes, pretending to be from a Facebook friend. It says "you look funny in this new video" or "you look just awesome in this new video". By clicking on the link provided they're then asked to watch a "secret video by Tom". When users try and play the video they're asked to download the latest version of Adobe Flash Player. If they do, that's when the virus takes hold and attacks the computer. It can then get card details when you order something (a 'keylogger') or has the ability to read Cookies when you have ordered something in the past.
November 08 RSA FraudAction Research Lab reports that a single criminal gang has used a Trojan to gather login information for 300,000 online bank accounts and 250,000 credit card accounts, t. The information was harvested over the last three years using the Sinowal Trojan, which is typically found on gambling or porn sites. The worm triggers when a user visits one of 2,700 banking URLs, and initiates a HTML injection attack that creates legitimate looking fields on the website, prompting the user to enter a national insurance number, or other piece of personal information. "Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006. Sinowal has also been evolving at a dramatic pace - its rate of attacks spiked upwards from March through September of this year," the blog adds. The lab claims the Sinowal Trojan was once associated with the infamous Russian Business Network, but may now be under the control of a new gang.
October 08 There is an even greater need these days to be alert to the possibility of viruses and Trojans. In a recent report one security company said "People think not clicking on a pop up or an attachment means they are safe. What people don't realise now is that just visiting an infected website is good enough to infect them." The company said it is co-operating with banks and financial institutions the world over to tell them about Sinowal (the Trojan) It has also passed information about the virus to law enforcement agencies. Keep checking your bank statements closely and report any unusual withdrawals to the bank. One way to check whether a site is reasonably safe is to install the Mcafee Site Advisor. But even this is not 100% They do a Site Advisor Plus (£14.99 per year) which is more thorough. Although they work with Internet Explorer and Firefox (get the add-on), so far it doesn't appear to work with Google Chrome.
August 08. A flurry of e-mails entitled CNN has been arriving. Clicking on ANY of the links to stories in the email will infect your PC with the old Storm virus or one of its derivatives. Your PC will then form part of a massive Botnet and be capable of all kinds of mischief (without you being aware). See next paragraph
August 08 What is a Botnet ? The term "botnet" is short for "robot network" .It is a collection of ordinary home and office computers (like yours) that have been compromised by rogue software. Computers that have been caught up in a botnet have been effectively taken over, and can be used to perform almost any task by the people who control the botnet. Botnets are controlled by criminals and other miscreants whose motives include selling products, operating financial scams and crippling websites through coordinated attacks.
July 08 In my view one of the best anti virus products and absolutely free is Avast. Now on version 4.8122. Get it HERE
July 08 An unpatched PC is likely to last just four minutes on the internet before been attacked and compromised. The time it takes for a PC to get itself 'owned **'varies by operating system and what activities a user engages in - but even allowing for this, putting an unpatched Windows PC directly onto the net in the hope that it downloads patches faster than it gets exploited give you "odds that you wouldn't bet on in Vegas", warns Lorna Hutcheson, a researcher at the SANS Institute's Internet Storm Centre (ISC). **"Owned" means taken over by another person or robot software that plants software on it so it can be accessed by others or used as a 'zombie' to send spam or viruses to other computers.
Another July 08 report says that, because there is so much competition from selling credit card and bank details on line the price has come down to as little as £5. The criminals selling the information may even give a guarantee (!) that the information is up to date.
June 08 Protecting your computer is not just a nerd's thing. If you don't do it you may be liable for losses. The Banking Code, says banks should provide protection for consumers in cases where their accounts have been misused but also says you must: “Use up-to-date anti-virus and spyware software and a personal firewall” ... then later “If you act without reasonable care, and this causes losses, you may be responsible for them” and specifically refers back to the bit about anti-virus. While the burden of proof's on the bank to prove you didn’t act with care... its best to be safe.
In my (humble) view, using a computer with a dialup connection (i.e. not Broadband) is no longer a realistic option. This is because the number and SIZE of the downloads necessary to stay protected is now so great that many people just put it off if they are on a slow connection. One NEEDS a regularly updated anti virus program. Mine updates at least twice a week. You NEED a firewall. The minimum program is the Windows XP firewall. These days you would also be wise to run an anti spyware program . Apart from these one NEEDS to have Windows Updates turned on and there are several other forms of protection offered by individual ISPs. Make no mistake there are criminals out there who are creaming off millions from unsuspecting internet users.
May 08 AVG (Anti Virus) have issued a new version (8). It can be downloaded from HERE But please note that is is no longer compatible with Windows 95, 98,NT and ME. People with XP and Windows 2000 should make sure that they have the latest Service Pack updates
March 08 One of the latest threats to computing come from websites which have been tampered with and which, when clicked on download malicious software to your PC. The sites which do this are known to security software companies. Mozilla, have updated their browser, Firefox so it can detect such sites and prevent surfers from being infected. It is therefore preferable to use Firefox, certainly until Internet Explorer 8 arrives. You can download it by clicking the link at the top of my Page on photography
Dec 07 A teenager in New Zealand has been caught by the FBI after infecting a million PCs in Holland with Keylogger viruses. These keep records of things you type in such as bank details, which he was able to access, siphoning off millions from their accounts. I wonder how many people do not keep their anti virus software up to date because they don't know how, it takes too long, or they haven't even got any ! If you are one of them, sleep well.
Nov 07 If you haven't seen a virus in ages then thank your anti virus software or your ISP. If you check on http://www.threatexpert.com/ you will see at least 200 will have been reported in the last couple of days !
Nov 07 A warning has been issued by F-secure that PDF file attachments might contain malware, unless the latest Acrobat program is used to open them. Most virus filtering software does not warn about PDF files as they were not thought to be a risk. Be careful if you see a PDF attachment to an e-mail and only open it if you are sure of its contents (preferably by checking with the sender first)
Oct 07 A new exploit has been notified by Symantec. It involves Internet explorer and Real Player . See HERE The main sign that you have been infected is that Real Player will play a clip called Videotest.
Sept 07. An article in the Telegraph about protecting your PC suggests AVG and Avast for anti virus and a lighter option called AntiVir (www.free-av.com) All of these have free versions. For firewalls (essential) they suggest Zone Alarm free, Comodo and R-Firewall, though I must admit that I am just leaving it to my Vista on this occasions. WebUser magazine tested a number of firewalls and gave Comodo five stars against Zone Alarm's three. The others are fine and check OUT-going attempts as well. This is good if you think you might have a virus which is communicating with the net. But it does mean that you have to approve every program that you WISH to communicate. And there are quite a few. Zone Alarm will pop up a notice asking you whether you wish to allow such and such a program to communicate. You should agree this (if you do) and click to 'Always allow this program. ZA will then popup a green version of the same thing and you have to confirm your agreement. The article also suggests and occasional check with spybot search and Destroy or A-squared free. You can find all these programs on the net by doing a quick search via Google.
May 07. If you are purchasing security software from major suppliers you should be careful to check the small print. You may find that you are signing to be directed debited from your card each year. Sometimes it is quite difficult to see how to prevent this (if you want to) and you are almost certain to have to give notice before the first year is up. Unfortunately, this is a legitimate practice but the way they make it difficult to see and to withdraw from may seem to be unfair. When buying a new PC for someone I usually spend an hour or so getting rid of these temporary programs and installing free ones
Google reports that 10% of websites are infected with links that, if clicked, could load malware into your PC. See http://news.bbc.co.uk/1/hi/technology/6645895.stm "Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information. They usually consist of malicious programs that automatically install when a potential victim visits a booby-trapped website " (which may be unknown to the website author). I trust that none of my links (or adverts) lead you to this sort of hassle.
These days I would hesitate to connect to a site which did not have Mcafee Site Advisor approval. It is a great, free ,tool and I would recommend it to everyone. It works well with Internet Explorer but for folks who prefer to 'browse' the net with Firefox they should get the version from http://www.siteadvisor.com/download/ff.html
The Internet Storm Centre at http://isc.incidents.org estimates that an unprotected PC will be infected with a virus within five minutes of connecting to the net ! So, it is vital that a new machine is set up with Anti Virus and Firewall software even before it is connected. Doing a recent count I found I have installed 9 security programs on my PC plus what is provided by Microsoft and NTL. NTL Broadband has a free security suite now.
DrWatson Postmortem Debugger is a generation of the DrWatson tool, originally used by Microsoft to find bugs within their software. Today, this tool plays a major part in the Windows 2000/XP operating systems. It reports bugs to Microsoft if you choose to send the Error. It is NOT a virus, although at one time it did disguise one.
My Avast anti virus program has been reporting
a number of suspicious emails lately, all containing " A Card for you" (or
reporting some disaster) type messages and with EXE attachments. Open
these at your peril.
Norton have sent out a belated warning about it - it started in January and
is called Trojan.Peacomm (also known as the Storm Trojan). If
you fall for it your machine will become a 'Zombie' and be used (with thousands
of others) to spam people with those stupid penny stock boosters.
Well, that is the least it will do. There can be much worse
consequences from having a wooden horse in your camp.
Spyware
and Anti-virus Programs
For the top ten virus threats see
http://www.sophos.com/security/top-10/
One kind friend who seems to suffer more from 'Malware' than most has told me about Prevx1, which cured one of his problems rapidly and at no cost. Prevx1 from http://www.prevx.com/security.asp is a 12Mb download. It will check your machine for any nasties on there and clear them, free. If you find the program effective you are invited to buy it at £14.50. The Prevx site is approved by Mcafee Site Advisor as being safe.
How can you check whether things in your Startup file are good or evil ? This is often where such threats are loaded so they reload every time you start your machine. See http://www.windowsstartup.com/wso/search.php
If you still suspect that your machine is infected
Microsoft have developed their own 'malware' protection program called Windows Live OneCare. They say it is a 'comprehensive PC Care service that helps protect and maintain your computer with antivirus, firewall, antispyware, PC performance tuneups, and file backup and restore functionality'. There is a 90 day free trial. After that it is only $49.95... and with the exchange rate at around $2 = £1 that compares well with the competition. Click on http://www.windowsonecare.com/faq.aspx.
Jan 07 Had a call out from someone whose machine was said to be infected. I found the program Winstall.exe in his startup. Winstall is one of those programs which make exaggerated claims about a computer being infected in order to sell a program such as Drivecleaner. Both Winstall and Drivecleaner are therefore suspect. My Avast AV was unable to clear the memory- resident Winstall on the first run. I unticked it in Startup and rebooted, then re-ran the AV program which then quarantined it. Symantec also reports that it is associated with Spysheriff.com. Here is an example of why people are scared into purchasing this rubbish. It is difficult to know whether this should be classed as a virus, adware, spyware or just a plain scam. Beware.
People who use AVG (Free) are concerned by AVG popups that indicate it will no longer be free in the 2008. Computer Active No 229 (Page 7) clearly states that this is NOT the case. The latest version will still be free but wont have 24 hour support.
Also be warned that if you lose your mobile phone, laptop or Personal Digital Assistant (PDA) you should try to get it back. If it ends up in unclaimed lost property it may be auctioned off complete with all the details necessary for someone to impersonate you. However it is easy to stop calls being made from your mobile phone by getting in touch with your phone provider. It is best if you can give them your serial number.
Guru Fred Langa uses an anti virus program called NOD32, which he rates above Mcafee and Symantec. There is a trial version and then the purchase price is £23 or half that for non profit making organisations and students. See http://www.eset.com/index.php.
According to a study by Sophos, the anti virus company, there was a dramatic reduction in viral email traffic, indicating that malware authors are looking for other methods of infection. The firm warned that, while hackers are turning away from mass-mailing viruses and worms, they are instead turning to "more insidious" Trojan horse targeted attacks aimed at smaller groups of users, spamming out links to malicious websites, and attempting to steal money and identities.The study identified 3,715 new threats in July, bringing the total of malware protected against to 184,007. The majority of the new threats (87 per cent) were Trojan horses, while just 13 per cent were worms or viruses. In fact VNUNET indicated that there was a massive release of phishing e-mail at the beginning of August. Click Here for more detail.
Microsoft releases new software patches on the second Tuesday of every month, and August's round of patches was the largest in history. Of the 23 patches Microsoft released on Aug 8, nine are rated "critical" and one is rated so critical that the U.S. Department of Homeland Security posted an announcement at http://www.dhs.gov/dhspublic/display?content=5789 recommending that everyone immediately install the patch. If you have Windows XP or 2000, you can download all 23 patches in one fell swoop by running Windows Update or Microsoft Update. In Internet Explorer, go to Tools > Windows Update and then click the "Express" button. If you have an older version of Windows, I have some bad news: there are no patches available for your operating system. On July 11th, 2006, Microsoft stopped supporting Windows 98, Windows 98 SE, and Windows ME. No more security updates, no more technical support, nothing. I do have a consolation prize for you, though. Check out this article on how to protect your legacy Windows operating system from future attacks. http://www.netsquirrel.com/articles/securing_win9x.html
Guru Patrick Crispen recommends that, if you continue to use Win 98 you should be sure to have good security protection such as anti virus and firewall. He also adds that, in his view Internet Explorer will continue to be a vulnerable Browser and recommends that you change to Mozilla Firefox.
The Internet Storm Centre at http://isc.incidents.org estimates that an unprotected PC will be infected with a virus within five minutes of connecting to the net ! So, it is vital that a new machine is set up with Anti Virus and Firewall software even before it is connected. Doing a recent count I found I have installed 9 security programs on my PC plus what is provided by Microsoft and NTL. NTL Broadband has a free security suite now.
For lots of information of threats and what you can do about them visit Microsoft's http://safety.live.com/site/en-US/default.htm
N.B. When removing a virus all Windows XP and ME users are told to turn off Restore. Go Start, Help and search on the word Restore and follow the instructions. A good explanation can be found in the www.symantec.com site
Just to keep us on our toes, Kaspersky, that reputable Russian security company (well, retired KGB experts have to find something to do) reports that the lines between Adware, Trojans and Viruses have become blurred and existing Adware blockers are failing users For information about Spyware click Here (next page).
You are advised to download the latest patches for Internet Explorer to prevent hackers from getting access to your computer. Please click on www.microsoft.com/security/
Pav.sig If your antivirus program reports this 'virus' ignore it. It is merely the Panda anti virus program's virus signature list. In my case it must have been downloaded when I used Trendmicro Housecall.
The Kama Sutra, Blackmal, Blackworm, Nyxem
virus (different names, same infection) was said to delete all Word, Excel,
PDF and Powerpoint files. This could be very damaging, especially to
companies. If you suspect that you have this virus get the cleaning
tool from www.symantec.com and follow
the instructions.
A regular threat is a version of the Sober Virus. It comes attached
to an e-mail purporting to be from The FBI or CIA claiming that you are visiting
illegal websites. Just delete it.
A virus hidden inside a pop-up advert that appears on screen without warning. Clicking on the 'close' button to get rid of the advert prompts the virus secretly to install itself on the computer. The bug then waits until the user begins logging on to their Internet bank account, where it tries to steal personal details, such as passwords, before the information reaches the bank. The Web site created to gather the information has now been closed down, but Internet security firm Symantec, which has monitored the virus, is warning that computer users remain at risk. If I saw such a popup screen I would switch off the computer immediately. But if you think you were caught you should change your bank password(s).
Another Trojan exploits WMF (Windows Metafile graphics) which are the ones which Word uses. Opening a Word file with a WMF graphic may result in a Trojan infection. Microsoft subsequently not issued a protective patch for Internet Explorer for this. Other browsers may be affected but, at least, they do ask whether you wish to open a WMF picture.
Microsoft has a suite of programs called One Care Live which it offers on a subscription basis to protect Windows computers See http://beta.windowsonecare.com/ Microsoft has also a new, and very thorough, anti Spyware program. Download it (free) from www.microsoft.com/athome/security/spyware They also can check your XP computer for malicious programs. See http://www.microsoft.com/security/malwareremove/default.mspx#run
There is a particularly thorough external virus checker at http://support.f-secure.com/enu/home/ols.shtml. It is a 6 Mb download, so dialup folk will find it will take quite a while to do. For a useful site to ask questions about viruses and spyware click on : Spyware and Anti-virus Programs
What is a Firewall ?
For a complete description of this essential security element see
http://www.askbobrankin.com/do_i_need_a_firewall.html
Most people know that XP has its own Firewall. Unfortunately it
is not completely effective (doesn't check outgoing calls) and it is advisable
to add another such as Comodo
The other famous free firewall is Zone Alarm from Zonelabs. Lately I have found that their newest version has selectively caused problems with (1) NTL e-mail collection (2) Avast anti virus updates and (3) Google Earth. So I gave it the heave-ho and used Sygate for a while. But I found that Sygate was letting everything through and I have returned to Zone Alarm. The easiest way is to get Zone Alarm is to click on www.computeractive.co.uk/downloads/ A Firewall is a program which tries to warn you and prevent unwanted intrusions but, like a lot of medicines, they can have side effects. At first you will have to tell about each program which you wish to be able to access the Internet. Even Internet Explorer. You may have to set the Security level of Internet access to Medium. I recently found mine had gone up to High and I was unable to access any web site !
For a nice explanation of Zone Alarm click on http://download.zonelabs.com/bin/media/flash/clientTutorial/overview.html Or download the Vista version HERE
Another excellent free firewall comes from Comodo. You can download it from HERE
** It is very difficult to find a free firewall that will work with Windows 98 and ME
If you have a firewall.... and you SHOULD have... do you know whether it actually stops your computer accessing the internet without your permission. There is a small program called the Leaktest from http://www.grc.com/lt/leaktest.htm that will check this. But your firewall may be doing this outward bound check. Certainly Zone Alarm does. So, if you use Leaktest, the correct result is that your firewall should BLOCK it when it tries to access the net
It really is about time all ISP's woke up to their responsibility to protect their customers from malware. A friend has been seriously inconvenienced in this respect and, after getting a second new machine in under a year, this one has become infected with a Trojan, probably as a result of being inundated with popups shortly after he got on the net. His Norton has said there is no problem but there clearly is and he is now completely off the air. It really is not fair of Tiscali to let him down like this and it is costing him dear in cash and worry. There is no good reason why an ISP should let through 1) viruses 2) Spyware 3) Popups 4) Spam. Mine doesn't and there is no excuse. Once again I suggest that anyone who is bothered by these things despite heeding all the warnings and installing all the requisite protection they should CHANGE THEIR ISP.
Grisoft's excellent free AVG anti virus program can be downloaded from www.grisoft.com . Be aware that it is over 10Mb.
Good alternatives to AVG
are Clamwin, Antivir from
www.free-av.com and Avast! from
www.avast.com, which is my favourite.
At one stage the US Government suggested we don't use Internet Explorer (!!!)
to browse the net as it was so full of holes! Alternatives are Opera and
the latest favourite Firefox, free from Mozilla. See the link at the
top of the page on Web surfing. It is the one I use
in preference to Internet Explorer. Unfortunately even these Browsers are
vulnerable.
Lately I have found that people are getting infected
by simply clicking on a website or clicking on a message which has appeared
on their screen. It says click here to do ...(various things).
Whether you click Yes or No you still get infected. My advice
would be to go off line immediately, even if you have to pull the plug out
of the wall or the modem. Keeping your PC clean of viruses is important,
not only for you but for the rest of the Internet system. Your PC
may be among those being hijacked to send the emails and spam! Such PC's
are termed 'zombies'. As well as proliferating the problems the method is
used to prevent the rogues being traced. .
It is now possible for any idiot hacker to get hold of
"Phishing" software, which will 'spoof' you bank's
heading and lead you to click on a link aimed at getting your account details.
So, think before your click links in email messages, even if those email
messages are from friends, family or companies. This is especially true for
links in email messages from Amazon, AOL, eBay, PayPal, your bank, your credit
card company, or any other company you normally do business with. If any
web site, financial company, or commercial entity sends you an email asking
you to click on a hyperlink in that email to update your account information,
DO NOT CLICK ON THAT LINK. This only applies to hyperlinks in email messages
and web pages, not addresses you manually key in to your browser's address
bar. So,to be really safe, if you need to access your account information
at Amazon, AOL, eBay, PayPal, your bank or financial institution, your credit
card company etc and manually enter the address.
Software is also available to view and hear you through your webcam, so be sure you are properly dressed !
SIMPLE SECURITY RULES
:
(1) NEVER download an attachment to an e-mail (even from a know address)
if you are unsure what it is. Infected attachments most commonly end in Pif,
Scr, Exe, Com and lately may be Zip(ped- compressed versions )of these
(2) Keep your email and web browser programs up-to-date; get the latest updates
from Microsoft from
Http://windowsupdate.microsoft.com
.
(3) Get and keep up-to-date an anti virus program.
(4) Install a Firewall program.
(5) Occasionally run an up-to-date anti Spyware program.
(6) If an e-mail says "Pass this warning on", don't bother, it will be a
hoax.
(7) If you are suddenly invited to 'click here', win cash or take an IQ test,
don't. Go off line and get back on again. See below for free
programs that can help.
(8) If you use music file sharing software, expect to get virus
infections.
(9) If you get a spam email then DO NOT CLICK ON ANY LINK in it, even one
which say you can unsubscribe with it. It is possible that the link
will lead to a website which will send you a VIRUS ! This is called
V-SPAM
If you want to know how to avoid viruses look at the following page http://uk.trendmicro-europe.com/ It is also the home of the Housecall free virus checker.
A general site for virus information is www.f-secure.com And PLEASE check with them that the scary message you are forwarding is not a hoax. Many of them are, (see list below). You can also check for hoaxes on www.vmyths.com. See also www.getvirushelp.com/.
There is a good explanation of virus prevention at http://www.tourbus.com/vp101.htm
Another nice explanation is at http://www.securityfocus.com/columnists/220
What to do if you get a virus infection
Obviously, if you have an anti virus program you should do a full scan. However, no anti virus software is completely effective and many are out of date, so you should also run another anti virus program from the net e.g. http://housecall.trendmicro.com
When I get a request about a problem that I suspect
is a virus I immediately search the Internet for the main word e.g. "Sober"
or "Bagle". Inevitably I am led to helpful 'Forums' or Anti virus companies
that are having to deal with similar problems. If you get problems, such
as regular unwanted pop-ups I suggest that you do a search of the Internet
in this way and look for links to sites that appear to be dealing with the
problem. You may find a simple cleaner : There are a number of small programs
that will clear groups of viruses and there are also tools issued by anti
virus companies to clear specific viruses: see their sites e.g.
For Bugbear get a fix from
http://securityresponse.symantec.com/avcenter/FxBgbear.exe
For a tiny virus cleaner for Bagle, Bugbear, Netsky, Sasser, Bispy,
Zafi, download the remover vcleaner.exe from
www.grisoft.com.
Avast also do an effective free anti virus program.
Network Associates (Mcafee) provide another excellent 750k program
(Stinger) which will check your machine for 30 recent
viruses. Download it from
http://vil.nai.com/vil/stinger.
Windows ME and XP users, when clearing viruses, should temporarily turn off Restore (go Start, Help, and search for Turn off system restore). If you do not do this you are in danger of re-infection and your anti virus software will also continue to report an infection. Turning it off (see XP Help) will clear all previous restore points, so make sure you restore RESTORE after you have cleaned up.
Often the problems are caused by, not one
but, a number of 'foreign' files in the computer and one technique to get
rid of these things invariably involves downloading a program called
Hijackthis from www.download.com
. When run on your computer this program shows a list of the programs
(good and bad) that are running in the background so a forum expert can advise
which are the nasty ones and how to get rid of them. They usually also advise
the running of the latest versions of programs such as Ad-aware and Spybot
and external virus checkers such as the one offered by Housecall (see above).
But the Hijackthis log will mean very little to the average computer user
and has to be analysed by an expert.
**************
Dialers or Diallers. Recently I have
been called on to disable a number of these programs. It is difficult to
know how they arrive on people's computers but they can have rather unpleasant
results. One of them constantly contacted a pornography site and others have
been know to dial very expensive premium numbers without the knowledge of
the person using the computer. In two cases the person had responded to a
pop-up, which had invited them to take an IQ test. This connected them to
a premium number which remained connected even after the test was completed.
Dialers can cost a great deal of money in phone bills and this is not discovered
until your next bill arrives. I have heard that the IQ test person,
Neils Jalbo in Denmark, is STILL doing it and has recently
ripped off one person for £60. Rogue dialers cannot affect people on
Broadband .
A friend got a virus as a result of downloading an attachment to a very official looking email purporting to be an update from Microsoft. So watch out ! Microsoft NEVER send out updates. You either have to go and beg for them or your machine may be scheduled to automatically update. The symptoms of the virus were an error message about memory problems and a disabled anti virus program (which prompted the memory error at Startup). This was followed by over 90 emails, mainly bounced from non existent addresses and a few which told him he had the virus (Worm Swen A). I cleaned it by downloading www.housecall.antivirus.com then installed an up to date anti virus program and did a second scan.
Msblast is a common worm (virus)
It doesn't affect Windows 95, 98 or ME but can hit Windows XP. It is
not received via email but through a weakness in XP's armour. You are unlikely
to get it if you have a Firewall active or if you have downloaded
the latest XP patches. It is not destructive in that it does not delete
files but may cause your machine to 'boot' over and over again, which makes
it difficult to remove. In order to remove this virus please search your
PC for msblast.exe (usually found in system32 folder) Delete it. Then
Click Start and select Run, Type msconfig & click OK. Select the start-up
tab. Disable msblast. Reboot machine and enable your firewall and
anti-virus software. As an added precaution, perform the next 2 steps: Disable
Client for Microsoft Networks ; Disable File and Printer Sharing. Once you
have done the above, get a Patch from an Anti Virus program supplier such
as
http://securityresponse.symantec.com
If you are unable to get on-line, then the file is small enough to download
from another PC on to a floppy disc, to install on your PC at a later time.
Definitions :
One very silly 'virus', which may show up on your computer is Clickme. This shows as an icon on your desktop which, when clicked, moves to a different place. Not damaging but very annoying and difficult to remove as, like many of these programs, it is working in the background and you cannot remove a file which is in use. It is often necessary to start your machine in "Safe Mode" in order to do anything about it.
Excel and Word macro vulnerabilities discovered ! What's new about that ? ! Microsoft is encouraging users of their Office suite to download patches that will fix a problem discovered in both Word and Excel. Affected Windows versions include: Excel and Word 2000 and 2002, Microsoft Office XP. Get the details and patches from Microsoft.
A friend asked me to speed up his Word program, which had slowed suddenly. Printing took for ever. I didn't suspect a virus as he had PCCillin and Norton on the machine. But they were out of date and a virus is what it turned out to be. I never thought that a virus would just affect one program but it did.
IMPORTANT : To prevent accidental re-infection with a virus you should delete infected mail from your Inbox and your Deleted folder. I suggest the following method. First make sure that your e-mail Display Panel is OFF. Then right click and Delete all suspected emails (with attachments).
When you have cleared a virus always restart
your computer because it is very likely to still be in
memory
***************
HOAXES. Almost as bad as viruses and Spam for blocking
up the system are hoaxes. They almost all have dire warnings and advise
you to pass the message on to everyone you know.
A site which lists Internet hoaxes and myths is www.vmyths.com. They are pleased to receive any hoaxes so that they can track the occurrence of these. You should forward them to HoaxFYI@vmyths.com Also see www.snopes.com
Please don't delete the file Jdbgmgr.exe, even if some e-mail tells you to. It is a HOAX. The file relates to Windows Java Debug Manager. And it is quite normal for the file to show a small teddy bear icon by the side of it. If you have already deleted the file you can get it back by going to the Microsoft knowledgebase article Q322993 for instructions how to restore your system: http://support.microsoft.com/ But your PC wont collapse if you don't. HOWEVER, if you receive an email with an attachment called Jdbgmgr.exe you should not (of course) download it and run it because some crafty soul has confused the whole issue by using it to disguise a virus ! On my XP machine the file Properties shows the genuine one to be dated May 2002 and is 15,120 bytes, though hovering over the file says 14.7k.
Similar is the Sulfnbk.exe hoax. Please note that your computer SHOULD have the program Sulfnbk.exe, which is a Long File name utility (it stands for Set Up Long File Name Backup) So, you should NOT remove it. But, no more panic notes about it please !
Typical Hoax Names
Before circulating these (and blocking up the WWW) please check with www.snopes.com. Some may be real threats. Most are not.
Backup methods :
For small amounts of data you can still use floppy disks. But with today's hard disk sizes they are getting to be a bit useless.
Other possibilities include
Technical Note : A copy of the virus tracing
program Hijackthis can be downloaded from this site by clicking
HERE
Site Navigation Links :- Please click on SITE
MAP
| Index Page |
Top of Page | Next
Page |