Back to Top

Tech, Web, Cloud & Cabling Services

Category: Virus / Adware / Spyware Removal

Security / Virus/Adware/Spyware Removal Category

Chrome is marking all HTTP sites as ‘not secure’

Google sends a nudge toward the unencrypted web

Starting in July, Google Chrome marked all HTTP sites as “not secure,” according to a blog post published today by Chrome security product manager Emily Schechter. Chrome currently displays a neutral information icon, but starting with version 68, the browser is warning users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.

Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.

The Chrome team said the announcement was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” Schechter said, “we think that in July the balance was tipped enough so that we can mark all HTTP sites.”

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

HTTPS has also become much easier to implement through automated services like Let’s Encrypt, giving sites even less of an excuse not to adopt it. As part of the same post, Google pointed to its own Lighthouse tool, which includes tools for migrating a website to HTTPS.

 

Scams that Target Small Businesses and How to Spot Them

Consumers are not the only ones vulnerable to scams.  If you own a small business or are part of a nonprofit organization, you could be open to several different types of cons without even realizing it.

The Federal Trade Commission (FTC) has put together a list of some of the more common scams and posted them on the website along with plenty of resources to help you spot con artists and keep them from taking advantage of you and your business.

“Your best protection? Learn the signs of scams that target businesses,” the FTC says. “Then tell your employees and colleagues what to look for so they can avoid scams.”

From the FTC website:

Fake Invoices

Scammers create phony invoices that look like they’re for products or services your business uses — maybe office or cleaning supplies or domain name registrations. Scammers hope the person who pays your bills will assume the invoices are for things the company actually ordered. Scammers know that when the invoice is for something critical, like keeping your website up and running, you may pay first and ask questions later. Except it’s all fake and if you pay, your money may be gone.

Unordered Office Supplies and Other Products

Someone calls to confirm an existing order of office supplies or other merchandise, verify an address, or offer a free catalog or sample. If you say yes, then comes the surprise — unordered merchandise arrives at your doorstep, followed by high-pressure demands to pay for it. If you don’t pay, the scammer may even play back a tape of the earlier call as “proof” that the order was placed. Keep in mind that if you receive merchandise you didn’t order, you have a legal right to keep it for free.

Directory Listing and Advertising Scams

Con artists try to fool you into paying for nonexistent advertising or a listing in a nonexistent directory. They often pretend to be from the Yellow Pages. They may ask you to provide contact information for a “free” listing or say the call is simply to confirm your information for an existing order. Later, you’ll get a big bill, and the scammers may use details or even a recording of the earlier call to pressure you to pay.

Utility Company Imposter Scams

Scammers pretend to call from a gas, electric, or water company saying your service is about to be interrupted. They want to scare you into believing a late bill must be paid immediately, often with a wire transfer or a reloadable card or gift card. Their timing is often carefully planned to create the greatest urgency — like just before the dinner rush in a restaurant.

Government Agency Imposter Scams

Scammers impersonate government agents, threatening to suspend business licenses, impose fines, or even take legal action if you don’t pay taxes, renew government licenses or registrations, or other fees. Some businesses have been scared into buying workplace compliance posters that are available for free from the U.S. Department of Labor. Others have been tricked into paying to receive nonexistent business grants from fake government programs. Businesses have received letters, often claiming to be from the U.S. Patent and Trademark Office, warning that they’ll lose their trademarks if they don’t pay a fee immediately, or saying that they owe money for additional registration services.

Tech Support Scams

Tech support scams start with a call or an alarming pop-up message pretending to be from a well-known company, telling you there is a problem with your computer security. Their goal is to get your money, access to your computer, or both. They may ask you to pay them to fix a problem you don’t really have, or enroll your business in a nonexistent or useless computer maintenance program. They may even access sensitive data like passwords, customer records, or credit card information.

Social Engineering, Phishing and Ransomware

Cyber scammers can trick employees into giving up confidential or sensitive information, such as passwords or bank information. It often starts with a phishing email, social media contact, or a call that seems to come from a trusted source, such as a supervisor or other senior employee, but creates urgency or fear. Scammers tell employees to wire money or provide access to sensitive company information. Other emails may look like routine password update requests or other automated messages but are actually attempts to steal your information. Scammers also can use malware to lock organizations’ files and hold them for ransom.

Business Promotion and Coaching Scams

Some scammers sell bogus business coaching and internet promotion services. Using fake testimonials, videos, seminar presentations, and telemarketing calls, the scammers falsely promise amazing results and exclusive market research for people who pay their fees. They also may lure you in with low initial costs, only to ask for thousands of dollars later. In reality, the scammers leave budding entrepreneurs without the help they sought and with thousands of dollars of debt.

Changing Online Reviews

Some scammers claim they can replace negative reviews of your product or service, or boost your scores on ratings sites. However, posting fake reviews is illegal. FTC guidelines say endorsements — including reviews — must reflect the honest opinions and experiences of the endorser.

Credit Card Processing and Equipment Leasing Scams

Scammers know that small businesses are looking for ways to reduce costs. Some deceptively promise lower rates for processing credit card transactions, or better deals on equipment leasing. These scammers resort to fine print, half-truths, and flat-out lies to get a business owner’s signature on a contract. Some unscrupulous sales agents ask business owners to sign documents that still have key terms left blank. Don’t do it. Others have been known to change terms after the fact. If a sales person refuses to give you copies of all documents right then and there — or tries to put you off with a promise to send them later — that could be a sign that you’re dealing with a scammer.

Fake Check Scams

Fake check scams happen when a scammer overpays with a check and asks you to wire the extra money to a third party. Scammers always have a good story to explain the overpayment — they’re stuck out of the country, they need you to cover taxes or fees, you’ll need to buy supplies, or something else. By the time the bank discovers you’ve deposited a bad check, the scammer already has the money you sent them, and you’re stuck repaying the bank. This can happen even after the funds are made available in your account and the bank has told you the check has “cleared.”

What’s new in search in Office 365

SharePoint now serves up search results personalized to your previous activity and permissions.

In SharePoint Online and on office.com, search is personal, and the search results are even easier to explore. Another user will see different results than you, even when you both search for the same words.

You’ll only see results that you already have access to, and other users can’t find your private documents.

Even before you start typing, you’ll see results based on your previous activity in Office 365. The results update as you start typing.

If these results aren’t what you’re looking for, click the link to see more results or press Enter to open the search results page and see and explore all the results. Here’s an example of search results from SharePoint:

Explore the search results to see more details about the people and files you’ve found, or refine your search to get other results. Here’s an expert tip to quickly see more, or less, details of a result – you can actually click anywhere in the empty space of the result.

You can navigate to locations that you want to explore further and, if you’ve searched in SharePoint Online, you can change where the results come from. For example, if you searched from a site, but really meant to search all of SharePoint, then you’re just one click away. Or, if the site you searched from is associated with another site, but you want to search all the associated sites.

When you exit a search results page, you return to the page where you started your search.

Windows 10 Pro is a dead end for the enterprise, Gartner says

Recent changes by Microsoft to the Windows 10 support schedule underline why Windows 10 Pro is an ill fit for most companies.

Windows 10 Pro is a dead end for enterprises, a prominent Gartner analyst has argued.

“[We] predict that Microsoft will continue positioning Windows [10] Pro as a release that is not appropriate for enterprises by reducing … support and limiting access to enterprise management features,” Stephen Kleynhans, a research vice president at Gartner and one of the research firm’s resident Windows experts, said in a report he co-authored.

Microsoft’s Windows 10 Pro occupies the middle ground between the consumer-grade Home and the corporate-level Enterprise in features, functionality and price. Because Enterprise versions of Windows have never been available to computer makers, Pro – sometimes, as in Windows 7, tagged Professional instead – has been the most popular pre-installed OS on new business PCs. (Corporations typically re-image new personal computers with Enterprise upon receipt of the devices.)

But although Pro or Professional has a long history in business settings, Microsoft has made numerous decisions in its Windows 10 migration campaign to separate Pro and Enterprise even more, pushing them apart. In Kleynhans’ view, the gap has become unbridgeable.

The last straw was Microsoft’s on-the-fly changes to Windows 10 support.

Last year, the Redmond, Wash. developer announced a six-month support extension for Windows 10 1511, the November 2015 feature upgrade, “to help some early enterprise adopters that are still finishing their transition to Windows as a service.” In February, Microsoft added versions 1609, 1703 and 1709 – released in mid-2016, and in April and October of 2017, respectively – to the extended support list, giving each 24 months of support, not the usual 18.

“Some customers have requested an extension to the standard 18 months of support for Windows 10 releases,” a Microsoft executive said at the time.

There was a catch: Only Windows 10 Enterprise (and Windows 10 Education, a similar version for public and private school districts and universities) qualified for the extra six months of support. Users running Windows 10 Pro were still required to upgrade to a successor SKU (stock-keeping unit) within 18 months to continue receiving security patches and other bug fixes.

Windows 10 Enterprise 1709, for example, and its free “supplemental servicing,” will exhaust support in October 2019. But Windows 10 Pro 1709 runs out of support on April 9, 2019.

“The one thing that really surprised me about the added support,” said Kleynhans in an interview, “was the fact that it didn’t apply to Pro. I think that this telegraphed the fact that, for businesses, Pro is being dead-ended.”

Even though the six-month support extension ended with the 1803 feature upgrade, the one that began reaching some users late last month, in the report Kleynhans co-wrote with Gartner colleague Michael Silver, the duo made clear that they believe Pro is viewed by Microsoft as a second-class citizen.

“Customers currently using Windows 10 Pro should continue to monitor Microsoft’s life cycle announcements because they will eventually need to budget for Windows [10] Enterprise as Windows [10] Pro becomes more ‘pro-sumer’ and small-business oriented,” they wrote in a six-item list of recommendations.

Another component of Microsoft’s current Windows 10 support strategy, something the company has labeled “paid supplemental servicing,” was also out of bounds for those running Windows 10 Pro. The extra support, which Microsoft will sell at an undisclosed price, is available only to Enterprise and Education customers.

Paid supplemental servicing adds 12 months to the 18 months provided free of charge.

“The extensions and paid support option only apply to the Enterprise and Education SKUs,” Kleynhans and Silver said in their report, “Plan and Budget for Short Windows and Office Support Cycles Based on Microsoft’s February 2018 Announcements,” which was published by Gartner last month. “Customers using Windows 10 Pro will still see support end after 18 months. In this way, Microsoft is further reinforcing that it expects enterprise customers to move to the Enterprise edition of Windows 10.”

 

Office 365 to get enhanced Anti-spoofing capabilities

Enhanced anti-spoofing safeguards are rolling out for Office 365.

Microsoft services like OneDrive for Business, SharePoint Online, and Microsoft Teams are closely guarded by ATP (Advanced Threat Protection). Besides, there are numerous feature updates available in Office 365 threat protection service to address the evolution and advances in the threat landscape. The addition of enhanced Anti-Spoofing capability in Office ATP for protecting against spoofed emails from external domains further strengthens this security framework.

Anti-spoofing in Office 365 Advanced Threat Protection

The newest anti-spoof features help protect organizations from external domain spoof.  Office 365 recognizes emails from external domains having proper SPF, DMARC, and DKIM authentication settings as legitimate/authentic and therefore allow them to pass authentication, uninterrupted.

This normal process is however challenged when external domains do not have these settings properly configured. Without enforcement of these settings, domains show a high likelihood of being manipulated and maliciously spoofed, leaving customers vulnerable to phishing or spam attacks. The new external domain anti-spoofing capabilities help detect and block emails from external domains that do not have the following features,

  1. Correct authentication configuration
  2. An email infrastructure source with an unknown history

How does it work?

A newly enhanced filter in ATP first checks if the email from external domains, passes SPF, DKIM, and DMARC test.  If not, the filter thoroughly checks for historical sending patterns of that domain and associated infrastructure. If any suspicious behavior is noted, ATP assumes the sender does not bear a good reputation and as such, proceeds to junk the message.

Also, a feature worth noticing about Anti-spoofing – The filter constantly evolves and enhances itself based on mail flow patterns it observes.  ATP subscribers can access the spoof intelligence report in their Antispam Policy and take necessary actions if required.

South Jersey Techies – Managed Services for Businesses

If you’re  tired of the break and fix relationship you have with technology, and would  like a proactive approach for keeping your business running smoothly…

Managed Services

South Jersey Techies, LLC offers complete Flat Rate IT management solutions that take the hassle out  of managing and maintaining your critical IT systems. We’ll customize a managed services support  plan that is tailored to your environment and meets and exceeds the specific  needs for your technology management and support.

What is Managed IT Services?

Managed IT Services is a new solution to an old problem. Instead of the traditional pay to fix a problem as it happens, you pay one  consistent monthly price and your computers, servers and network are  continuously and proactively kept running efficiently.

Automate IT Actions

Automate | Cut Costs | Boost Profits

Being more productive and proactive brings more success in your business. Automation is the key to increase productivity. Maximize  your IT budget and staff by offloading routine IT functions to South Jersey Techies, LLC.

South Jersey Techies, LLC is  always working to provide you with the tools you need to control cost, maintain  continuity, and manage change in your evolving business environment.

Cut Operational Cost

Our  Managed Services enable you to focus more on your business while South Jersey Techies, LLC  proactively manages and monitors your data, security and voice networks.

South Jersey Techies automates your repeated activities such as updating antivirus definitions, upgrading Internet Explorer, installing software, executing scripts, etc. and helps you to concentrate on things that offer more value to your business.

Automation drives to cut down operational costs and achieve higher profits. Our Operations Center will proactively monitor the desktops, servers and applications for availability and performance and reduce down times of business critical applications.

 

How To Remove Windows 7 Antispyware

Remove Windows 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 (See Uninstall Guide Below)

Win 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 are all names for the same rogue anti-spyware program. This family of rogues is promoted in two ways. The first is through the use of fake online antivirus scanners that state that your computer is infected and then prompt you to download a file that will install the infection. The other method are hacked web sites that attempt to exploit vulnerabilities in programs that you are running on your computer to install the infection without your knowledge or permission. Regardless of how it is installed, once it is running on your computer it will install itself as a variety of different program names and graphical user interfaces depending on the version of Windows that is running. Regardless of the name, though, they are all ultimately the same program with just a different skin on it. This rogue goes by different program names, which I have listed below based upon the version of Windows that it is installed on:

Windows XP Rogue Name Windows Vista Rogue Name Windows 7 Rogue Name
XP Antispyware 2012 Vista Antispyware 2012 Win 7 Antispyware 2012
XP Antivirus 2012 Vista Antivirus 2012 Win 7 Antivirus 2012
XP Security 2012 Vista Security 2012 Win 7 Security 2012
XP Home Security 2012 Vista Home Security 2012 Win 7 Home Security 2012
XP Internet Security 2012 Vista Internet Security 2012 Win 7 Internet Security 2012

When installed, this rogue pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single executable that has a random consisting of three characters, such as kdn.exe, that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Vista Home Security 2012, XP Internet Security 2012, Win 7 Security 2012, or any of the other names it goes under. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer from the Window Start Menu it will launch the rogue instead and display a fake firewall warning stating that the program is infected.

Win 7 Antispyware 2012 Screen shot

Once started, the rogue itself, like all other rogues, will scan your computer and state that there are numerous infections on it. If you attempt to use the program to remove any of these infections, though, it will state that you need to purchase the program first. In reality, though, the infections that the rogues states are on your computer are all legitimate files that if deleted could cause Windows to not operate correctly. Therefore, please do not manually delete any files based upon the results from this rogue’s scan.

While running, XP Internet Security 2012, Win 7 Antivirus 2012, and Vista Security 2012 will also display fake security alerts on the infected computer. The text of some of these alerts are:

XP Home Security 2012 Firewall Alert
XP Home Security 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

XP Antispyware 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

Just like the scan results, these security warnings and alerts are all fake and should be ignored.

While running, Win 7 Home Security 2012, XP Antivirus 2012, and Vista Antivirus 2012 will also hijack Internet Explorer so that you cannot visit certain sites. It does this so that you cannot receive help or information at sites like BleepingComputer.com on how to remove this infection. When you attempt to visit these sites you will instead be shown a fake alert stating that the site you are visiting is dangerous and that the rogue is blocking it for your protection. The message that you will see is:

Vista Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.

Things you can do:
– Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)

Just like the fake security alerts, the browser hijack is just another attempt to make you think that your computer has a security problem so that you will then purchase the program.

Without a doubt, this rogue is designed to scam you out of your money by hijacking your computer and trying to trick you into thinking you are infected. Therefore, please do not purchase this program , and if you have, please contact your credit card company and dispute the charges stating that the program is a computer infection. Finally, to remove Win 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 please use the guide below, which only contains programs that are free to use.

Tools Needed for this fix:

  • Malwarebytes’ Anti-Malware

 

Automated Removal Instructions for Win 7 Antispyware 2012 & Vista Antivirus 2012 using Malwarebytes’ Anti-Malware:

  1. Print out these instructions as we will need to close every window that is open later in the fix.
  1. It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
  1. This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive. FixNCR.reg.  Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.regfile to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer’s icon, or any other browser’s icon, and select Run As or Run as Administrator. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administratoruser. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.
  1. Now we must first end the processes that belong to Win 7 Antispyware 2012 & Vista Antivirus 2012 and clean up some Registry settings so they do not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.RKill Download Link.  When at the download page, click on the Download Now button labeled iExplore.exe download link . When you are prompted where to save it, please save it on your desktop.
  1. Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Win 7 Antispyware 2012 & Vista Antivirus 2012 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Win 7 Antispyware 2012 & Vista Antivirus 2012 when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Win 7 Antispyware 2012 & Vista Antivirus 2012 . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.Do not reboot your computer after running RKill as the malware programs will start again.
  1. There have been reports of this infection being bundled with the TDSS rootkit infection. To be safe you should also run a program that can be used to scan for this infection. Please follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

If after running TDSSKiller, you are still unable to update Malwarebytes’ Anti-malware or continue to have Google search result redirects, then you should post a virus removal request using the steps in the following topic rather than continuing with this guide:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help Topic

If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again.

  1. Download Malwarebytes’ Anti-Malware, also referred to as MBAM, from the following location and save it to your desktop:Malwarebytes’ Anti-Malware Download Link (Download page will open in a new window)
  1. Once downloaded, close all programs and Windows on your computer, including this one.
  1. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
  1. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button.
  1. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

 

 

  1. On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Win 7 Antispyware 2012 & Vista Antivirus 2012 related files.
  1. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

 

 

  1. When the scan is finished a message box will appear as shown in the image below.

 

You should click on the OK button to close the message box and continue with the Vista AntiSpyware 2012 & Win 7 Home Security removal process.

  1. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  2. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

 

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

  1. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
  1. You can now exit the MBAM program.
  1. As many rogues and other malware are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

Your computer should now be free of the Vista AntiSpyware 2012 & Win 7 Home Security program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

To see the original article in its entirety click here.

New Security Threat: CryptoWall

 

crypt

In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

  • Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
  • CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
  • Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

  • Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
  • Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

CALL US NOW!