Virus and Malware Cleanup

A quick fix for problems with Windows Update
2012.09.20.07:27
Microsoft’s Windows Update Fix-it. This automated tool will scan your Windows Update configuration and repair any problems it finds, resolve any incorrect data locations, and re-register required services.

Microsoft points to security tool to plug IE vulnerability
2012.09.18.06:14
Windows users are asked to download free security software following the recent discovery of a zero-day vulnerability in Internet Explorer.

Your PC may come with malware pre-installed
2012.09.14.10:45
It is rare to find a new PC that doesn’t come with additional bells and whistles in addition to the operating system itself. The “bloatware” that PC vendors add on often includes useful tools like third-party security software. It seems, though, that some PCs also come with something more insidious—pre-installed malware.

Java zero day vulnerability actively used in targeted attacks
2012.08.27.12:20
Security researchers from FireEye, AlienVault, and DeependResearch have intercepted targeted malware attacks utilizing the latest Java zero day exploit. The vulnerability affects Java 7 (1.7) Update 0 to 6. It does not affect Java 6 and below.

Gauss Malware: What You Need to Know
2012.08.10.13:32
Another day, another scary computer virus tearing through the Middle East. The latest piece of malware is called Gauss, and it’s designed to steal bank account credentials while gathering as much information about the infected machines as possible.

Test-driving ‘free scan’ tune-up suites
2012.08.08.22:33
Even on well-maintained systems, free system scanners might find hundreds of “problems,” as I discovered from a test of three products from well-known companies.

Facebook virus warning: Massive children charity scam
2012.07.24.13:19
Cybercriminals have developed a custom piece of malware that injects itself into your Facebook session and prompts you to donate to a charity for sick children. The scammers’ goal is to make off with your personal data, especially your credit card number.

Virus warning: Someone tagged or added a photo of you on Facebook
2012.07.18.12:24
Scammers are spamming a new e-mail that claims you were tagged in a photo added on the social network. The e-mail includes a link to a webpage that uses the Blackhole exploit kit to put malware onto your computer, before quietly redirecting you to a Facebook profile as if nothing was amiss.

FBI Warning: Don’t Update Software on the Road
2012.05.09.1543
The Federal Bureau of Investigation is warning travelers to watch out for fake and malicious software update messages when connecting to the wireless network at their hotels.

New scam involves PayPal and Western Union
2012.03.21.22:34
There’s a new variation on the old “Nigerian” or “419″ scam, one that invokes the names of PayPal, Western Union, and the FBI — and the scammers are raking in billions.

Is your free AV tool a ‘resource pig?’
2012.02.15.22:35
A reader’s complaint about Microsoft Security Essentials (MSE) spurred head-to-head comparison tests of AV-software resource usage.

The advanced system-recover toolkit
2011.07.27.22:45
You probably know and use various real-time antivirus tools, but there are also advanced security tools that work under the operating system.

Best Free Antivirus Software
2011.07.25.09:50
Nobody wants their system to get infected by malware, but no one likes paying for security companies for protection. Thing is, you really don’t have to. There are plenty of great antivirus apps that you can download legally for free. How do you know they really work? We tested them and here are our picks.

Anti-rootkit utility TDSSKiller
2011.07.25.09:19
This section explains how to neutralize complicated malware, i.e. when user participation is required to modify the system registry or execute a special utility, for example. If you have not found the requested information in this section please submit a request to the Kaspersky Lab Technical support.

Not Even Security Managers Immune to FakeAV Infection
2011.06.01.09:07
According to Sophos, FakeAV is a rapidly growing threat on the Internet, mainly because it’s profitable to the people who wrote and distributed it.

‘Here you Have’ Virus Tries to Delete Your Security Software
2010.09.09.23:14
A new worm spreading through e-mail looks like a harmless message, but instead downloads malware that searches for and tries to delete your security software, then spreads via your address book.

How to Murder a Flash Cookie Zombie
2010.08.27.15:12
Flash cookies can be used to track you across the Web without telling you. Here’s how to cut their heads off.

Ika-tako Virus Replaces Your Files With Octopus Photos
2010.08.18.09:51
It’s always frustrating to find that your computer has been infected with a virus, especially one that can potentially wipe your files. However one hacker decided that he would bring a little humor to viruses by replacing any infected file with a particularly cute sea creature anime.

Facebook Warns of Clickjacking Scam
2010.08.18.05:57
Security firm Sophos recently discovered a new clickjacking scam on Facebook that spreads via the social network’s “share” feature and could be costing you $5 a week. The new malware is similar to a so-called “likejacking” worm discovered last May. But instead of exploiting Facebook’s “Like” button, the new scam uses the “Share” feature that posts content to your profile wall where your friends are encouraged to click on it.

Android Game Is a Spy App in Disguise
2010.08.17.14:38
Researchers with F-Secure discovered an Android app that is a spy app disguised as a Snake game. The Snake spy app is for use with GPS Spy, an Android spy app. The idea is that you’d download and install the Snake spy app onto the Android phones that you’ll want to spy on; from there, the Snake app will run in the background and keep tabs on that phone.

Koobface Variant Tainted 5 Million Websites
2010.08.17.13:43
Hack delivered worm via a widget, and it appeared on every parked domain hosted by registrar Network Solutions.

Sexy Malware Bound for Smartphones
2010.08.15.08:02
Beware the creative and destructive bots finding their way onto mobile devices.

Warning: Fake LinkedIn E-Mail Could Infect Your PC
2010.08.15.06:43
A new spate of e-junk that masquerades as a message from a colleague is on the rise.

Comodo Cleaning Essentials
2012.04.02
Portable Malware Cleaner
Sometimes malware will prevent you from installing new anti-malware software. Comodo Cleaning Essentials doesn’t need installation; run it from a USB drive to counter this and other problems.
http://www.comodo.com/business-security/network-protection/cleaning_essentials.php

Complete Guide to Windows Malware Removal and Prevention
2017.04.10
Guides
A useful guide to prevent and remove some of the most common and prevalent malware.
https://www.comparitech.com/blog/information-security/windows-malware-removal-prevention/

Immunet Protect
Offers extra protection from millions of malware and spyware threats. This free, lightweight software can compliment your existing Norton Security or other anti-virus software.
http://www.immunet.com

Norman Malware Cleaner 2.1
2012.04.02
Portable Malware Cleaner
Norman Malware Cleaner doesn’t need to be installed and it works in Windows Safe Mode, so it could be the quick fix your infected system needs.
http://www.norman.com/downloads/malware_cleaner

Webroot SecureAnywhere Endpoint Protection
Our 30-day trial will show you what real endpoint protection should look like – and while it won’t conflict with your existing security, it will certainly convince you to replace it. We give you 30 days to try out our product, but we think it will take you less than 3 minutes to see that Webroot SecureAnywhere – Endpoint Protection is the fastest, easiest-to-manage, most effective endpoint security – ever. Take the “3-minute Trial”
• 4-seconds to download and install
• 2 minutes for full, deep scan
• 52-seconds to grab a cup of coffee
• 4 seconds to uninstall (but you won’t want to!)
Webroot will run right alongside your existing endpoint security, so no need to turn it off.
http://www.webbuyersguide.com/Resource/Resourcedetails.aspx?mode=wpclog&page=Resource&id=21659&fromlogin=yes

System Explorer Version 3.7.1
Portable Freeware System Utility
Release Date: 2012.01.18
System Explorer Portable is an analyzing tool lets you see what’s happening in your system, from currently active processes to installed drivers, including also network collections, startup applications and Internet Explorer add-ons, if you have any. You can end any active process or delete items from the startup menu, to name a couple of examples. System Explorer has the possibility to obtain more information about each process from Google, or check it for virus with an online anti-virus tool.
http://systemexplorer.net

Windows Defender Offline
Freeware Anti-Malware (Windows)
Release Date: 2012.01.04
Microsoft’s newly released beta version of Windows Defender Offline, a rootkit-sniffing and Windows-rehabilitation tool, should be the latest addition to your bag of Windows-repair tricks. WDO should be able to catch a wide variety of nasties that evade detection by more traditional antivirus methods.
http://windowssecrets.com/forums/showthread.php/143307-Windows-Defender-Offline-%E2%80%94-old-name-new-use

WinPatrol
Freeware System Utility
Not nearly as automated as some of the other tools on this list, but what it lacks in automation, it makes up for with control. WinPatrol provides extensive lists of the applications on your system and gives you the choice to disable or remove them. There is a feature-limited free edition as well as a paid version.
http://www.winpatrol.com/

ZoneAlarm Free Firewall
2012.04.02
Freeware Firewall Installer
Editors’ Choice for free firewalls, ZoneAlarm configures network permissions for your programs automatically, blocks phishing websites, can’t be disabled by malware, and provides all-around excellent protection.
http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

Microsoft sets up virus-hunting fund
By Robert Lemos and Margaret Kane, Staff Writer, CNET News.com
2003.11.05.09:40

Microsoft will work with law enforcement to track down writers of worms, viruses and other malicious code, and is ponying up $5 million to fund the search.

As first reported by CNET News.com, the initiative’s first two bounties–to the tune of $250,000 each–will be for information leading to the arrest and conviction of the people responsible for releasing the MSBlast worm and Sobig virus, both of which wreaked havoc online over the summer.

Microsoft executives were joined by representatives from the FBI, the Secret Service and Interpol at a press conference Wednesday that announced the new fund.

“These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that disrupt the lives of real people,” Brad Smith, general counsel at Microsoft, said in a press conference.

The rewards will be open to residents of any country, subject to that country’s laws, Microsoft said. People with information can report it to law enforcement online to Interpol, to the Internet Fraud Complaint Center or to FBI, Secret Service or Interpol field offices.

Dubbed the Anti-Virus Reward Program, the initiative marks the latest move by Microsoft and law enforcement to put a stop to the repeated waves of attacks that have hit the Internet in the past decade. The two rewards posted on Wednesday could also jump-start federal law enforcement’s seeming stalled investigation into the attacks that infected hundreds of thousands of computers in August and September.

The U.S. Department of Justice, the FBI and Microsoft had earlier announced the arrests of two men who are suspected of modifying and releasing minor variations of the MSBlast worm, but have made little progress in catching the original author or the person or group responsible for the Sobig virus. Those attacks were serious enough to hurt Microsoft’s bottom line and help security companies post more profits.

MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 million computers, according to data from security company Symantec. The worm compromised computers by using a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier. A variant of the worm, MSBlast.D, was intended to protect machines against the original program, but it ended up being so aggressive that the avalanche of data it produced shut down networks.

The Sobig.F virus spread through e-mail on Aug. 19, compromising users’ computers with software designed to turn the systems into tools for junk e-mailers.

Calling all bounty hunters?

The rewards may motivate security researchers into becoming amateur bounty hunters, but real leads are likely to come from those close to the actual miscreants involved, Peter Nevitt, director of information systems for Interpol, said in a CNET News.com interview.

“It is less likely that we will have bounty hunters and more likely that we will have people that will break ranks within those in the know,” he said.

Keith Lourdeau, acting deputy assistant director for the FBI’s Cyber Division, said that while rewards have been used in the past to garner information, there’s no quantitative measure of how successful the tactic is.

“In the cases that I know of, including bank robberies and major theft cases, offering a reward has generated a lot of information,” he said. Sifting through the massive amounts of information will be the job of law enforcement.

The decision to offer rewards for only the two latest threats doesn’t preclude additional bounties to be made for other Internet attacks, such as the MSBlast.D worm, also known as Nachi and Welchia.

“We wanted to earmark $5 million so there would be ample resources for the near future,” said Microsoft’s Smith, who said that tapping into the fund will be done case by case. “We need to make decisions (about rewards) on a variety of criteria.

The severity of the virus is one criteria; another is timeliness.”

Smith said he hopes that Microsoft’s move will put worm and virus writers on notice.

“These people are the saboteurs of cyberspace sitting behind their computer screens,” he said. “This is a broad problem and we need to act, not only with determination, but with a long-term resolve.”

Protecting a system 2011.06.16.08:57

• Disable and Enable System Restore.– If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide

• Make your Internet Explorer more secure – This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

• Use an AntiVirus Software – It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

• Update your AntiVirus Software – It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
• Use a Firewall– I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls
• Visit Microsoft’s Windows Update Site Frequently – It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
• Install SpywareBlaster– SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware
• Update all these programs regularly – Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it’s free.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software