Symantec published a report in October of 2009 reporting 40 million infected users worldwide. http://eval.symantec.com/mktginfo/enterprise/white_papers/b-symc_report_on_rogue_security_software_WP_20100385.en-us.pdf

As Scareware continues to proliferate via Facebook, with the deaths or misfortunes of celebrities, due to web site injections and drive-by downloads and the profitability of this scam, expect it to rise dramatically in 2010.

So what is a person and business to do?
I have discussed the details of these infections over the last 13 months more than I would like. Today I want to help you clean up your computer from an infection and give you a suggestion or two on preventing the fake anti-virus and fake infection warnings.

Let’s start with prevention.
The bulk of these infections come from “scripts” (which are part of the code that allows web sites to be seen on your browser) running on a web site or in a web based activity such as a game or download. The “warnings” are scareware and are usually only pop-ups disguised as real programs. When you click on the fake security program your computer is hijacked with ads and more crapware, this is more commonly being referred to as click jacking.

Internet Explorer 6 and 7 had various downloads that would allow an end user or computer administrator to block or allow more features, one of them being scripts. Unfortunately these were buggy for IE 6 and not easily understood or configured for IE 7. A Google search for IE8 script blockers or add-ons that blocks scripts delivers no useable results.

What is a person to do?
Unfortunately my best answer is “switch to Firefox, install ‘no-scripts’ (by Giorgio Maone) and Ad Blocker (by Dragos Ogean) you are partially there.

Install a real router; yes it is time to buy a SonicWall for your home, especially if you have more than one computer connecting to the internet. Businesses can be greatly helped with the blocking of sites and subjects that could get them sued as well as prevent employees from goofing off during work hours. Parents and home owners can benefit by blocking rouge scripts, web sites that they consider objectionable and allowing various security implementations based on wants and needs. You must also configure these to work properly. If you cannot or don’t have the time, call a professional and have it done right (IFix Computers at 417-337-7184 can do this for you).

Yes, these routers cost real money, no $39.99 routers here and they have annual fees to keep up the blocking. Yours truly, The Weekly Geek switched to one about a year ago for my home and I have not looked back since.

Oh, yeah, also, keep the latest Windows Critical updates installed, an up-to-date QUALITY anti-virus. Yes the anti-virus does cost money to, get ESET or from Kaspersky and configure them properly, again if you don’t have the time to configure them, contact IFix Computers at 417-337-7184, they can do most if not all the work remotely.

Repairing / Removing Scareware and Crapware from your computer

Ok, so my parents don’t understand why I drink. Well even though I don’t drink in public, sometimes I read the technology reports, blogs,  news et al and just say to myself “how do we beat or even win major battles in this war against ‘the bad guys’”. You see, I don’t get paid for these articles, I don’t sell anything. The links may have an affiliate code but to date, in the last 10 years I have not made enough to be sent “the check” from any company simply because I don’t push software. What does this have to do with the color of cheese? Well, the scareware and crapware people made $150 million from US “customers” last year and I made, well, I had the privilege of helping in the “war against crapware”. Anyway, I have been in the technology business one way or another since about 1982 or 1984 depending on your point of view (as Obi-Wan Kenobi told Luke about his father) and I have been fighting with malware (or writing malware / pointing out vulnerabilities) since 1991 and I am still broke!
Ok, enough with that tangent, on with the show!

To remove most of the current crapware / scareware, I contacted Mike Rosmis at IFix Computers for his remedy. Mike had been great at not only removing such “issues” but also making sure that they have not left junk in the registry or that pops up later.

First run Combo-Fix from http://www.combofix.org/download.php

Next if you have Windows XP, run Dial-a-fix, it can be downloaded from here http://www.softpedia.com/progDownload/Dial-a-fix-Download-27328.html

Next install, update and run Malware bytes. To be sure you get a good copy download it from here http://www.malwarebytes.org/

Then install, update and run Spybot Search and Destroy by running “Immunize” then under “Mode /Advanced” and selecting “Tools” from the left hand bar click on “Active X” and remove any non needed items, and repeating with “BHOs”, going to “Host File” and selecting “Add Spybot-S&D hosts list”, finally going back to “Spybot S&D on the left column and running “Check for problems”. http://www.safer-networking.org/en/download/index.html

Finally updating your anti-virus, running it in a thorough mode and rebooting.

That should take care of any nasty scareware you have.

Until we meet again, have a virus and scareware free week!

Open Adobe Acrobat, go to “Edit” on the menu bar (2nd from the left) select “Preferences” (at the bottom of the drop down menu).
A new menu will appear, on the left side select “JavaScript” and on the right side uncheck “Enable Acrobat JavaScript”.

Now that you are “safe” for now, here is a little information on the attack. The attach uses a malicious PDF file and the JavaScripts within Adobe to retrieve data off an infected machine. If you want more information on the attack go to ZDNet here.

My intention here is to work together and find a PDF reader alternative. I have a few I have played with over the years but would love the input from our readers. So post a comment below, what PDF reader do you actually use and why?

Until we meet again, have a virus free week!

With that aside, there are some vulnerabilities that need to be patched. Just as in a previous post I warned of JAVA and Adobe vulnerabilities we have some in AOL Radio AmpX and AOL SuperBuddy. Time to run you AOL updates.

Along the same topic, PBS.org has been hacked and specifically the Curious George web page. Yes, they (PBS) have fixed this problem, however if you (or your child / grandchild) visited the site during the time it was infested, you have a problem. If you have not installed the patches for Adobe products, JAVA and AOL and visited this site, you have been hacked too.

Here is a link to the information on the hack http://blog.purewire.com/bid/20389/PBS-Website-Compromised-Used-to-Serve-Exploits

Curiously (George) enough, PBS has nothing on their web site about the hack, not even a warning.

Just another example of how the bad guys work, no-one is safe and you cannot get too comfortable with your computer and surfing habits.

So update now, run full security scans (Anti-Virus, Anti-Malware et al) and until we meet again, have a virus free week.

In the last 3 weeks we have received more calls per day than we receive in a normal month from people who have pop-ups claiming they are infected or who actually clicked on the pop-up and became infected.

Hacker and @#^&*%$ heads are using news events to spread these fake alerts and infecting computers.

The wild fire stories, the Obama speech in schools, Ted (I can kill and get away with it) Kennedys death, all have sprouted a flurry of fake security warnings, infected e-mail (Phishing attacks), and fake web sites.

Without creating a 3 hour seminar, here are the basics…

1. Quit searching the internet for “fantastic” stories. Within hours of Michael Jackson’s death 212 new web sites that were infected with crap-ware popped up proposing to be Michael Jackson sites. There were also dozens of different emails with links to or pictures of his death, all which were fake.

2. Stop using My Space and Face Book! I know this is going to get me flamed and maybe even a note from one of these “businesses” but they are @$@#$ (I really do dislike using so many language referenced but this is ridiculous). Why are you telling strangers when and where you are going on vacation? To make it easier to rob you? Why are you telling the world about your 4 year old grandchild’s ability to ride his bike down the street? So the local pedophiles know where to pick him up for a little “play time”? Do you just like complaining about the cost of getting crap-ware and infections off your computer?

3. Just stop thinking the world owes you free anything. Free music, programs, data, cheese… in this age of ever expanding socialism in America, you must remember, nothing comes without a price. Limewire is a perfect example of what happens. Hackers get into or create all this “free” content management, take over your computer, infect your computer and more. That is how terrorist in Iran got plans to the presidential helicopter. Turn on the radio or go to your local radio stations web site, go to the local video store or Netflix to get a movie.

4. Stop forwarding junk emails. “Verified by Snopes” – what a crock. Almost daily I “reply all” to the sender of this type of stupidity and give actual links to Snopes and other  sources showing the hype and falsity of their fantasy. Just because you don’t like the current US President does not mean you can hope hatred or that he is not a US citizen will remove him from office. The Democratic Party may be the dumocrats to many but they certainly would not make that mistake, just quit forwarding the email.

If you received it in all capitals or with large colorful letters, underlines bolded et al please for the love of Jesus (I know the one who sent it to you told them Jesus asked them to forward it – He didn’t, I double-checked in person this morning) stop forwarding this junk.

5. Read what you are installing or updating and NEVER accept the defaults. People consistently ask me how they acquired 4, 5, 6 or more toolbars. Yes, you need the Adobe and JAVA updates but please pay attention, you should take the extra 30 seconds of your life and read each screen before selecting “Next”.

Now that I have offended most of you, what can you do if you have already been infected?

1. Update and run your PAID FOR, quality, properly configured anti-virus program (Kaspersky http://www.kaspersky.com and ESET http://www.eset.com).

2. Install, update, configure and run a real copy of Malware Bytes http://www.malwarebytes.org/ and Spybot Search and Destroy http://www.safer-networking.org

The above are excellent programs and many malicious people have created fake sites leading to crap-ware, USE the links I have provided.

There are numerous other good to excellent programs that can be used to clean up an infection, just be sure of the program and then the source where you are getting the program from.

There are several other security basics home users should have and many great hardware and software tools for Micro and Small businesses to use. Just search this site for the many articles on security your computers and network.

Until I cool off, have a virus free week!

Update software programs – check for updates on all programs, even those you “rarly” use. Adobe, Pinnacle, your GPS software. Bad guys use “holes” in these programs to get into and mess up your computer and life.

Check for hardware driver updates – Your video card may work better, your Network may run faster and again, there have been hackers that used holes in these programs to infest your computer.

Remove old unused programs – for the same reason as above, if you dont use it or know how it got there, like the 8 toolbars in your browser, remove the programs.

Run Disk Clean or if you have it another temporary file cleanup program – old files clog the hard drive and do cause issues, get rid of them. There are a couple of detailed articles on this site.

Run Disk Defrag or again if you have a 3rd party defrag program use it – this organizes your files and programs in a logical order for the operating system, allowing faster access. Again, there are articles on this site with step by step instructions.

Until we meet again, have a virus free week!