3 Steps to Removing Malware

Is your PC running slower or are you getting unwanted popups and ads?  You may have a malware or virus infection. Here are 3 ways to remove infections.

1. First, make sure that you have an infection.

Aside from Windows running slowly, one telltale sign of an infection is the computer running programs and processes that look completely unfamiliar.

Open Windows Task Manager. Right- click the taskbar and choose Task Manager from the menu.

Windows 8 taskbar

Select the Processes tab and click Memory or Mem Usage to to sort the running processes by how much RAM they use.

memory_usage

This should display the processes in descending order of memory usage. If it is in ascending order, you can click the Memory or Mem Usage tab again to view the processes with the largest memory on top. Paying special attention to these processes, look for ones with unfamiliar looking names.

strange_process

In particular, focus on high memory processes running in the task manager that have names with strange characters or symbols. Perform a google search on the peculiar looking processes to find out if they are legitimate.

If the search results  on the web point toward it being a malicious process,  you may be able to remove it as a startup program. Click the Start button, type msconfig in the search box, and click it when it comes up as a menu selection.

program-msconfig

After the system configuration utility loads, click the Startup tab to display the programs the system loads  when the computer starts up.

msconfig_startup_programs

Try to find the suspect process in the list of Startup Items and uncheck the box next to it to remove it as a startup process. It will be removed when Windows restarts.

2. Run a virus scan on your system

If you haven’t already done so, run a scan of your system with an antimalware or antivirus program.  Malwarebytes and Microsoft Security Essentials are highly recommended. First start with a simple scan. If this detects anything, remove the threats it detects. Next, run a full system scan.

If successive full system scans still detect malware, take note of the threats the scanner displays. Run a Google search on the threats to see if anyone has posted a successful method to remove the virus.

Detection of viruses on successive scans likely indicates that your antimalware program has been compromised. Accordingly,  downloading a new malware scanner is a good idea. Barring Malwarebytes, Bitdefender, Eset Online Scanner, and House Call are excellent suggestions.

But before running a scan with any of these antimalware programs, reboot the computer into Safe Mode with Networking. To do this, restart the computer and press F8 repeatedly when the logo of the motherboard manufacturer appears on the screen.

You will next see a black screen showing Advanced Boot Options. From this list select Safe Mode with Networking.

safe-modewithnetworking

This will boot into a simplified version of Windows that runs only necessary programs. Usually malware doesn’t load in safe mode. In safe mode, run your new malware scanner in advanced or custom mode. These modes are favored because you need to scan every directory on the computer. Be sure to perform a full scan on the entire system. This will take some time. You can probably watch a full length feature film while this occurs.

After this scan cleans up your computer, run another with a different malware program. Again, be sure to do a full system scan in Safe Mode with Networking. If the second scanner detects nothing, it is a good bet your system is purged of infections.

3. Run a live disc virus scan

If multiple scans keep detecting infections, you will need to reboot into a Linux live disc. While there are many live Linux distributions to choose from, Kaspersky Rescue Disk is highly recommended, as the interface is simple for Windows users.

For more assistance on this or other issues affecting your computer, consult your local IT professionals.

Read More


A fairly new CryptoLocker malware has been spreading via Yahoo Messenger, and if you’re infected it may cost you a fortune to retrieve your own data.

Look Before You Jump, Steer Clear of YOURS.JPG.exe

The CryptoLocker ransomware has been wreaking havoc among many users, disguising itself as a file named ‘YOURS.JPG.exe’, the malware will encrypt important system files, and basically locking out rightful owners from their computers and documents.

2309323926

To regain access, the ransomware—as the name suggests—will demand ransom money from its victims.  In this particular case, the CryptoLocker ransomware demands $400 for a key which will supposedly unlock the encrypted files.  Once the ransom process is initiated, the malware will set off a timer that will destroy the key within a given amount of time if the exploiters don’t receive their fund.

Main Target: Yahoo Messenger Users

If you’re using Yahoo Messenger at home and especially at work, please take the necessary precautions to prevent this form of exploitation from happening to you. Recently CrytpoLocker has been targeting Yahoo Messenger users in the form of image attachments. First, we suggest you install the latest version of CryptoPrevent to keep CryptoLocker from infecting your computers.  It is also highly advisable that you keep your antivirus/antimalware software up-to-date, as this will also shield your computers from various online attacks.

For more tips and tricks on what you can do to prevent these types of intrusions and attacks, please don’t hesitate to contact our IT professionals.

Read More


1314

Windows XP, despite its age in the software ecosystem, still controls nearly 30% of worldwide operating system share distribution.  Microsoft announced several months back that it will cease supporting Windows XP as of April 8, 2014.  For consumers, especially those that have already upgraded to Windows 7, the news didn’t mean much.  Businesses that rely on Windows XP for their IT solution, however, the news meant that they will have to either upgrade or find an exemplary IT partner to maintain their infrastructure.

There’s no running away from Windows XP if your business relies heavily on the dated OS to run things like legacy software.  So when Microsoft announced earlier this week that it will continue to provide antimalware signature and engine updates until July 14, 2015, most were relatively happy about the news.

Old Software and Hardware Can’t Keep Up

According to Microsoft, XP users will continue to get antimalware updates because Microsoft wants to ‘help organizations complete their migrations.’  On the enterprise end, the patch updates apply to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune.  Casual XP users will continue to receive the antimalware patch as a part of the Microsoft Security Essentials.

Although antimalware support will last for a bit longer, Microsoft recommends that XP users upgrade as soon as possible.  The reason being, old software and hardware may not be capable of keeping up with modern day threats.

What Are the Upgrade Options?

As we’ve already mentioned in a previous post, businesses that have a heavily connected infrastructure should consider upgrading from Windows XP.  When patches and update packages stop coming, the systems will become vulnerable to hackers and other threats on the internet.  Windows 7 still has quite a bit of shelf life left in it, so upgrading to this version of Windows is ideal if businesses are seeking a similar-to-XP experience.

6175_large

At the moment, most businesses will probably stay away from Windows 8 as it is a rather new platform that will take some getting used to.

If your business is still running Windows XP, contact our IT professionals for advice on how you can extend the life of the system without official Microsoft support, or how you can leverage your current hardware and save by upgrading to Windows 7.

Lastly, Microsoft also clarified to XP users that as of April 8, 2014, the ‘no longer supported operating system’ means that users will no longer get the official security updates, non-security hotfixes, free or paid assisted support options, or online technical updates.

Read More


OnsitePCSolution_MSE_Protecting_Computer

In our previous article on Microsoft ending support and updates for Windows XP, we described what made Windows XP so commonly used and the dangers of continuing to run it after April of 2014.  Microsoft has put another nail in the coffin for users who want to continue running Windows XP: no more virus definition updates for Microsoft Security Essentials on Windows XP after April 2014.

This will be quite a problem as Microsoft Security Essentials (download here) is the most commonly used free anti-virus and anti-malware on Windows computers.

In this article from ZDNet, a Microsoft spokesperson states:

“Microsoft will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014…”

Windows8or7b

The message further pushes users to upgrade to more modern Windows operating systems such as Windows 7 (which we recommend) and Windows 8.  If you want to risk running Windows XP after the April 2014 end of life date, you can use free anti-virus solutions such as AVG or Avira.  As long as you are running regular backups or Windows XP isn’t running on a business computer, then the risk is minimized.

If you are not sure if you are running Windows XP or whether you need to upgrade, contact your office or home IT support.

Read More


CryptoLocker Ransomware demands $300 to decrypt your files

CryptoLocker is becoming the most malicious ransomware (a virus that holds your data ransom) of 2013 since your data is forever lost without a solid backup copy or shadow copy. Here is a summary of what it does and how you can protect yourself.

What does it do to my files?

CryptoLocker will scan your computer and shared network drive for common document files and encrypt them making the files completely innaccessible until you pay a ransom of approximately $300 within 4 days. There is no way to decrypt your files even if your anti-virus cleans the infected computer.

[spoiler title=”Here is a full list of files affected:” open=”0″ style=”1″]
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c[/spoiler]

How would I get infected?

CryptoLocker spreads through attachments in e-mails. The email will look like a customer support issue with a zip file attachment. The virus is inside the zip file hidden as a PDF document.

There have also been reports of people being infected by visiting a website that has Java, a common web programming language.

cryptolocker_wallpaper

How can I protect myself?

There are some security policy changes that can be made to computers to prevent the virus from running, however you must be comfortable with Windows system administration to make the changes. CryptoPrevent will also make these changes for you.  Although rare, you must be careful since it could disable other programs.

The most straightforward way to protect yourself now and in the future is to install MalwareBytes Pro and Avast which both detect and prevent infections. Microsoft Security Essentials is simply not advanced enough to detect this virus.

Having an office or home policy of never opening emails or attachments unless they are from a trusted sender is the first line of defence.

What are my options if I am infected?

The best way to recover from an infection is to run the free version of MalwareBytes to delete the virus, then recover your encrypted files from a backup.

Alternatively, you can use ShadowExplorer or Shadow Volume Copies to recover an older un-encrypted version of the file only if System Restore is enabled in Windows.

If you have no backup, your only option is to pay the ransom and wait for your files to be decrypted by the virus.

cryptolocker_decrypting

Read More