Many computers experienced BSOD (Blue Screen Of Death) or continuous reboots after applying security update 977165. Often this was an indicator that the PC was infected with a rootkit virus.
Microsoft has a free “fix it” tool that will scan your PC and let you know if they think you will have a problem installing 977165.
It does not FIX anything, just let you know if it’s probably safe to do the fix.
Find the utility here:
There have been a lot of really authentic looking emails coming from spammers with viruses, trojans and malware – usually as an attachment.
Do you know which email to be suspicious of?
Here is a short video I did to warn PC users and help them identify what might be harmful to your PC.
This week I had the distinctly disagreeable task of trying to clean a PC that was infected with primarily one trojan.
However, it attached itself to about every executable file on the system including the i386 directory copies of the XP CD; about 896 files in total that were uncleanable and therefore had to be moved to quarantine.
As you can imagine, the PC does not work too well for the most part. I will have to completely reinstall Windows. This could be avoided, of course, if the user had a USB drive that had a disk image made with Acronis True Image (Save 35% here) at any point before the infection.
The real problem was that this home user had ignored my stipulation to get a quality antivirus program (she did not want me to do it at the time I upgraded her hard drive).
So, she’s been tooling about the internet with computer security software whatsoever.
Please, please make sure you are covered and that the antivirus signatures are up to date.
With most of these internet security suites, it is your choice if you want a software firewall or not and if you want a full complement of antispam, etc. (This is usually the difference between buying just an antivirus program and getting a suite, but some have middle ground).
Here is a list of quality antivirus programs/suites to choose from:
Eset is (currently) said to be the best antivirus. Firewall is optional purchase.
AVG has a free version, but the paid software is an upgrade.
Panda internet security is highly acclaimed.
Trend Micro has been a reliable option over the years for many of my clients on their home PC’s.
ZoneAlarm has always been known for their software firewall product that was pretty much the first of its kind. I have used this product in many small office situations.
Antivirus software, usually bundled in an internet security suite, is frustrating to me.
First off, you have to pay for this software (yes, there are free alternatives -but…) only because there are bad people out there.
Second, it slows your PC down. In the case of Symantec’s Norton, sometimes, with some versions, it slows down A LOT!
Third, many times it will tell you that it found the virus, but cannot clean or delete it – the rest is up to you. WHAT? This usually has to do with the malware actually running within Windows, and Windows places a “lock” on a file that is running in order to protect it. Good through the normal course of operation, bad when it comes to cleaning trojans, viruses and other malware from your PC.
The above three items are fairly well known. Here is one that isn’t:
Current malware is using a basic operation of Windows networking to maintain itself even after your PC has been cleaned.
The Windows hosts file.
The Windows hosts file resides in the C:\Windows\system32\drivers\etc (or, more precisely, %SystemRoot%\system32\drivers\etc since some versions may use WINNT or some other directory instead of Windows).
What it does is help Windows resolve the IP address for some domain names. By default, it doesn’t do much at all. But a network administrator in a corporate environment will likely make use of the file to assist with network connectivity.
The hosts file can also be used to BLOCK access to certain known malicious sites. It does that by pointing, say, www.badsite.com right back to the local machine with the entry 127.0.0.1 (known as localhost). That prevents the web browser from opening the known malicious site.
But turn that around.
Plug in your malicious site IP address and connect it to updates.microsoft.com in your victims hosts file and next time automatic (or manual) Windows updates kicks in, voila, they come to your site and get reinfected all over again!
Here is what a default Windows XP host file usually looks like:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host127.0.0.1 localhost
The lines beginning with the pound sign are comments. The only line that does anything in this file is the one assigning the term “localhost” to the address 127.0.0.1, also known as the loopback address. It simply points back to the computer itself.
Thus if you add this line to the file:
127.0.0.1 microsoft.com
then your computer will try to access the web server on YOUR OWN COMPUTER (if installed, usually not) when you type www.microsoft.com in a browser address bar; thus preventing you from getting to Microsoft’s website. But if you replace the 127.0.0.1 with an ip address of your own malicious server, then anything the user, or automatic updates, tries to access Microsoft’s servers, you get reinfected by the malicious server instead.
If you have been infected, it’s worth a look at the Windows hosts file just to make sure there aren’t any entries that shouldn’t be there. If you are on a company network, ask the IT department – don’t make any changes yourself. If it’s your own PC, back up the file first before making changes just in case.
When reading reviews of the best antivirus and internet security product or product suite, ESET NOD32, will often be at the top of the list. The users of the product tend to be vocal supporters as well.
Is it justified? Well, it’s hard to stay at the top of the heap when it comes to antivirus security products. Companies have a tendency to leap frog one another as the “latest version” gets released.
When you have an infected PC, it is common to scan and clean with one company’s product, then scan with another company’s scanner and find some more.
Recently I had a users laptop with a nasty trojan infection. One of the top internet security suites was unable to stop the infection, but scanning did find most of the infected files.
However, I then scanned the hard drive with ESET NOD32 and found a few more infected files. Does that mean that ESET is better? Well, maybe; but one of the “infected” files was an executable for the OTHER antivirus product. Was that file infected or just a case of old fashioned rivalry?
I don’t know for sure, but I will say that ESET NOD32 is an impressive internet security suite and antivirus.
The downside is that it does cost a bit more than most of its competitors. But sometimes you pay for quality.
I give ESET NOD32 a big thumbs up; you can check it out with a free 30 day trial here.
There have been scores of articles in the mainstream media about Conficker.C, April Fool’s day, and cleaning Conficker off your PC.
Problem is, the only people who can navigate to the links they give in these articles are those who have PC’s WITHOUT Conficker on it.
Conficker BLOCKS access to most any website that can be of help to you, like the one they always point you to – Microsoft.com for updates or safety.live.com for a conficker removal tool. (I dislike live.com anyway.)
www.BDTools.net MIGHT work for you as of this morning. It is a brand new domain setup by BitDefender for the very purpose of being a domain that you can get to if you are infected with the Conficker virus (worm, whatever).
There is a great list of tools at the ConfickerWorkingGroup site, unfortunately you can’t get there either if you are infected because the malware will block a domain with conficker in its name.
Hint: If you can access the Conficker working group site and one or more removal tools linked there, it is almost a certainty that you DO NOT have Conficker on your PC. But why not run the removal tool anyway, just to be sure.
The best thing you can do if your PC is infected with Conficker is to find an UNINFECTED PC, perhaps even at a library, take a USB device with you, and download a cleaning tool from one of the links at ConfickerWorkingGroup.
Then take the USB device home and clean your PC.
After that, check out this tip-of-the-week archive and get your PC caught up to where it should be.
I have been using Ultimate Boot CD recently to give myself convenient access to a hard drive that will not boot Windows for one reason or another. And while convenient to use, Ultimate Boot CD might not be the best all around tool to have on hand simply because the antivirus definitions are not very recent (a new beta release changes that but they will go out of date too naturally).
Many people don’t follow my advice for safe computing or to install competent auto updating internet security software and end up with problems requiring a rescue boot cd to clean their PC.
So when I saw some of the free rescue cds profiled in another letter recently, I thought I would highlight them here. There are pros and cons to each of the four, and rather than rank them as others do, I will just list them and let you look for yourself.
I really hate rankings unless one is head and shoulders above the rest. Reason being is that I know as soon as I write something in this business, someone has updated their software and what I wrote is out of date.
The first is Avira’s rescue CD. Avira’s AntiVir kind of jumped on the scene recently with some good scores in their free antivirus solution.
Bitdefender is a well known name and you can find theirs here. Beware that this is an .ISO image that you have to burn to a CD with either freeware or paid commercial software.
F-Secure’s CD is available here.
Kaspersky Rescue CD here. (This also an .ISO)
The nice thing about the rescue CDs mentioned is that they have a variety of tools on them, not just virus and malware cleaning tools.
Have these available ahead of time, before the problem rears its ugly head. That way you don’t have to borrow a friends CD and worry about whether his CD burner works or what software he has available to burn an .ISO image to CD.
One of my clients emailed yesterday to say that one workstation kept getting a popup about Antivirus 2009 and how they had 40 some threats on the PC that could be easily cleaned by Antivirus 2009 if they would only plunk down the $40 or so to buy it.
Well, someone obviously surfed where she shouldn’t. Now how to get rid of it?
I could have gone over there and charged them about $100 to clean the PC of the Antivirus 2009 malware, but instead I directed them to Lavasoft USA to pick up the free version of AdAware.
Cleaned it right up.
I had two people contact me today saying they had received an email warning them of the “Postcard” virus.
Naturally, the email tells them this has already been checked out via snopes.com and even includes the URL to get there and check it out for themselves. Naturally, no one does, but at least these two individuals contacted me before looking like an idiot and passing it on.
The email indicates that some original writer even checked with the Norton Antivirus people (probably called the CEO, don’t you suppose?) and they are “gearing up” for this one.
Further, to really move you to take action, the email warns you that this Postcard virus will “burn your whole hard disc” and the CNN classified it as the worst virus ever.
Well, I went to snopes.com and sent this paragraph from the end of the snopes page referenced to these people:
From Snopes.com:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’
Bottom line: this is old news, won’t burn your entire drive, it’s not the worst virus ever in anybody’s book and you probably don’t need to read on online postcard from anyone in the first place.
When someone sends you an email like this, DON’T FORWARD IT; at least not without checking it out (don’t follow any links provided, that could be a trap) go to snopes.com or truthorfiction.com and do a simple search. Chances are it will be easy to find – especially if it’s at all valid. And if you do forward it, at least use BCC (blind carbon copy) so you don’t look like an idiot even if it is a valid threat.
You can also expect that the people who received these out of date and inaccurate emails will be less likely to open ANY email from the people who sent them junk like that in the first place.
Take a look at my Email Etiquette eBook to get your emails read and avoid looking foolish.
Virus Bulletin is a paid service that, among other things, tests antivirus products and rates them according to how well they catch virus, trojan and other malware threats.
They recently released the results of tests run on Windows Vista PCs and included threats known to be circulating in early 2008.
Of those tested, five products scored a perfect 100%.
Want to know what they are?
These five scored a perfect 100, but most names you know scored a 98 or 99.
Keep in mind however, that this is one set of tests. If those same tests were run today (whatever day you read this) you may find a different group in the 100% category. Also, as I noted above, no antivirus program is known for having more problems slowing down your computer or giving you difficulty installing or uninstalling than Symantec Norton Antivirus. I personally wouldn’t use it if it were free and always rated a 100.
The important points are these:
One product that scores very well overall, though not perfect in this test, comes with both antivirus, software firewall, antispam and other features is ZoneAlarm Security Suite from Zone Labs. This product I have found to be much easier to understand than many of its competitors.
The best product in the world can be useless if you don’t understand how to operate it. And these days, any comprehensive antivirus and firewall product will take some level of understanding by the user to make sure it is working properly protecting you.
Like many computer security suites today, you can pay one fee and cover multiple computers. Save $20 when you Download ZoneAlarm Security Suite today
.
Subscribe to this site's RSS feed.