Free Computer Consultant ………. Daily Insights

I have been using Ultimate Boot CD recently to give myself convenient access to a hard drive that will not boot Windows for one reason or another. And while convenient to use, Ultimate Boot CD might not be the best all around tool to have on hand simply because the antivirus definitions are not very recent (a new beta release changes that but they will go out of date too naturally).

Many people don’t follow my advice for safe computing or to install competent auto updating internet security software and end up with problems requiring a rescue boot cd to clean their PC.

So when I saw some of the free rescue cds profiled in another letter recently, I thought I would highlight them here. There are pros and cons to each of the four, and rather than rank them as others do, I will just list them and let you look for yourself.

I really hate rankings unless one is head and shoulders above the rest. Reason being is that I know as soon as I write something in this business, someone has updated their software and what I wrote is out of date.

The first is Avira’s rescue CD. Avira’s AntiVir kind of jumped on the scene recently with some good scores in their free antivirus solution.

Bitdefender is a well known name and you can find theirs here. Beware that this is an .ISO image that you have to burn to a CD with either freeware or paid commercial software.

F-Secure’s CD is available here.

Kaspersky Rescue CD here. (This also an .ISO)

The nice thing about the rescue CDs mentioned is that they have a variety of tools on them, not just virus and malware cleaning tools.

Have these available ahead of time, before the problem rears its ugly head. That way you don’t have to borrow a friends CD and worry about whether his CD burner works or what software he has available to burn an .ISO image to CD.

One of my clients emailed yesterday to say that one workstation kept getting a popup about Antivirus 2009 and how they had 40 some threats on the PC that could be easily cleaned by Antivirus 2009 if they would only plunk down the $40 or so to buy it.

Well, someone obviously surfed where she shouldn’t. Now how to get rid of it?

I could have gone over there and charged them about $100 to clean the PC of the Antivirus 2009 malware, but instead I directed them to Lavasoft USA to pick up the free version of AdAware.

Cleaned it right up.

I had two people contact me today saying they had received an email warning them of the “Postcard” virus.

Naturally, the email tells them this has already been checked out via snopes.com and even includes the URL to get there and check it out for themselves. Naturally, no one does, but at least these two individuals contacted me before looking like an idiot and passing it on.

The email indicates that some original writer even checked with the Norton Antivirus people (probably called the CEO, don’t you suppose?) and they are “gearing up” for this one.

Further, to really move you to take action, the email warns you that this Postcard virus will “burn your whole hard disc” and the CNN classified it as the worst virus ever.

Well, I went to snopes.com and sent this paragraph from the end of the snopes page referenced to these people:

From Snopes.com:

Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

Bottom line: this is old news, won’t burn your entire drive, it’s not the worst virus ever in anybody’s book and you probably don’t need to read on online postcard from anyone in the first place.

When someone sends you an email like this, DON’T FORWARD IT; at least not without checking it out (don’t follow any links provided, that could be a trap) go to snopes.com or truthorfiction.com and do a simple search. Chances are it will be easy to find - especially if it’s at all valid. And if you do forward it, at least use BCC (blind carbon copy) so you don’t look like an idiot even if it is a valid threat.

You can also expect that the people who received these out of date and inaccurate emails will be less likely to open ANY email from the people who sent them junk like that in the first place.

Take a look at my Email Etiquette eBook to get your emails read and avoid looking foolish.

Virus Bulletin is a paid service that, among other things, tests antivirus products and rates them according to how well they catch virus, trojan and other malware threats.

They recently released the results of tests run on Windows Vista PCs and included threats known to be circulating in early 2008.

Of those tested, five products scored a perfect 100%.

Want to know what they are?

• Avira Antivir Personal (free for noncommercial use) - I mentioned this one recently in an update to my subscribers. It has gotten a lot of attention lately.
• ESET NOD32 - Been around for a long time; not known for ease of use, but good reputation.
• Fortinet FortiClient - This surprised me; I use FortiClient for secure IPSec VPN’s to client firewalls (Fortinet Fortigate Firewalls) but have never used the antivirus feature.
• Frisk FPROT - Another name that has been around a while.
• Symantec Norton Antivirus - It pains me to see them in this category. In times past they have missed infections that free online scanners have caught. Known for being a resource hog and slowing your computer down.

These five scored a perfect 100, but most names you know scored a 98 or 99.

Keep in mind however, that this is one set of tests. If those same tests were run today (whatever day you read this) you may find a different group in the 100% category. Also, as I noted above, no antivirus program is known for having more problems slowing down your computer or giving you difficulty installing or uninstalling than Symantec Norton Antivirus. I personally wouldn’t use it if it were free and always rated a 100.

The important points are these:

• Do select a quality antivirus program and make sure it is always up to date.
• Do employ a quality firewall, hardware (like the Fortinet Fortigate) if possible, software otherwise. This may or may not come with the antivirus software.
• Do use common sense when using email and surfing the web. I have written about this on my website - look under Computer Security.
• Do NOT engage in illegal file sharing.
• Do NOT act recklessly on social networking sites (myspace, facebook, etc). A news article just came out indicating that’s where hackers are spending most of their focus.

One product that scores very well overall, though not perfect in this test, comes with both antivirus, software firewall, antispam and other features is ZoneAlarm Security Suite from Zone Labs. This product I have found to be much easier to understand than many of its competitors.

The best product in the world can be useless if you don’t understand how to operate it. And these days, any comprehensive antivirus and firewall product will take some level of understanding by the user to make sure it is working properly protecting you.

Like many computer security suites today, you can pay one fee and cover multiple computers. Save $20 when you Download ZoneAlarm Security Suite today
.

I wish I weren’t such a nice guy. A gal that works for one of my clients asked where she could take her laptop to for cleaning.

There wasn’t anyone I really felt comfortable recommending and I figured “how bad can it be?”

“Bring it to me”, I foolishly said.

It’s an IBM Thinkpad, which is good, with a Celeron processor, that’s bad.

Even though it has a Windows XP Pro license sticker on the bottom, XP Home is installed - Strike two.

And this thing is so polluted you can barely move the mouse pointer. There was no working antivirus software, although I finally found some program shortcuts for Norton 2003. No sign of the software though.

Internet Explorer is absolutely useless, well, more than usual. Unless you like infinite exploding popup windows. So after cleaning out the registry and everything else that was easy to find, I loaded BOClean antitrojan, antimalware and Firefox. BOClean has found only 1 item so far (and killed it).

Firefox runs, go to Google and do a search, no problem. Try to navigate to http://housecall.trendmicro.com and the program closes.

Using a USB flash drive I copied adaware 2007 (free version) and ran it twice. Found quite a bit and cleaned it. Now it refuses to run.

Using a USB flash drive I copied SysClean from another PC where I downloaded it. It gave me fits too, but finally I was able to make it run.

Also from a USB flash drive I copied the free antivirus from Comodo. It found nothing, although much had already been cleaned.

Searching for RootKits I used F-Secure’s Free (expires Oct 1st) BlackLight. It found nothing.

The persistent file I find, loading from the registry is PRX.exe in C:\Windows\System32. Googling it brought up nothing of any use.

I keep threatening to blast the whole thing, format the drive and reinstall Windows XP Pro from scratch but:

• I’m stubborn and see this as a challenge
• The owner says there is nothing she wants on the machine, but I’ve heard that before
• I can save C:\Windows\inf off to USB before I blast it, but I still fear the potential hassle of finding all of the drivers I will need for a laptop this old

Folks, surf wisely. Check out my User Behavior page on my website. Use SiteAdvisor. Run a competent antivirus program and BOClean for malware. Don’t open suspicious emails.

============

Update

============

• McAfee’s rootkit tool found nothing
• Trend Micro PC-Cillin would not install.. reported corrupt installation file. Installs fine on other, known clean, PC’s
• Navigating to Avast.com or AVG in Firefox caused the browser to immediately close
• Even if left unattended, at some point IE windows would open at a furious rate trying to go to www.llehs.com

Final resolution: Wipe Drive and Reinstall Windows XP.

I use Google quite a bit and I just realized that McAfee SiteAdvisor was not highlighting the search results with green, yellow, red or gray. A quick Google search didn’t help much either.

So I went to McAfee’s website and downloaded the plugin for Firefox again and voila, it works again.

I heavily rely on McAfee’s SiteAdvisor (free version) to help me stay away from bad sites. And that is the secret to keeping your computer clean of malware.

Check out McAfee SiteAdvisor here.

Yahoo! news has a neat story about the guy who purportedly unleashed the first computer virus 25 years ago. It was called Elk Cloner, and was more a harmless prank than anything like what we see today.

You can read the whole story here.

A reminder that BOClean, an antitrojan now labeled antimalware, is free since the buyout by Comodo.

Read more about BOClean here.

Elk Cloner was written by Rich Skrenta, who later founded Topix and other worthwhile technology. Rich was doing what many of us were doing back then, programming just because it was fun - and a challenge.

I remember breaking code on copy protected games that required a floppy in the drive in order to play it. A nuisance. And a challenge.