Blog

Posts Tagged fake-fbi-virus

Cryptolocker Ransomware: What You Need To Know | Malwarebytes Unpacked

Cryptolocker Ransomware: What You Need To Know

Update 12/20/2013: A new version of Cryptolocker—dubbed Cryptolocker 2.0—has been discovered by ESET, although researchers believe it to be a copycat of the original Cryptolocker after noting large differences in the program’s code and operation. You can read the full blog comparing the two here.

Original story:

Just last month, antivirus companies  discovered a new ransomware known as Cryptolocker.

This ransomware is particularly nasty because infected users are in danger of losing their personal files forever.

cryptolocker

Spread through email attachments, this ransomware has been seen targeting companies through phishing attacks.

Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key.

The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.

Below is an image from Microsoft depicting the process of asymmetric encryption.

assemcrypto

The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.

Currently, infected users are instructed to pay $300 USD to receive this private key.

Infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever.

Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files. The folks at BleepingComputer have some additional insight on this found here.

Removal:

Malwarebytes detects Cryptolocker infections as Trojan.Ransom, but it cannot recover your encrypted files due to the nature of asymmetric encryption, which requires a private key to decrypt files encrypted with the public key.

mbam-detect

In order to make removal even easier, a video was also created to guide users through the process (courtesy of Pieter Arntz).

While Malwarebytes cannot recover your encrypted files post-infection, we do have options to prevent infections before they start.

Users of Malwarebytes Anti-Malware Pro are protected by malware execution prevention and blocking of malware sites and servers.

To learn more on how Malwarebytes stops malware at its source, check out thisblog.

Free users will still be able to detect the malware if present on a PC, but will need to upgrade to Pro in order to access these additional protection options.

mbam-pro

Backup:

Also, the existence of malware such as Cryptolocker reinforces the need to back up your personal files.

However, a local backup may not be enough in some instances, as Cryptolocker may even go after backups located on a network drive connected to an infected PC.

Cloud-based backup solutions are advisable for business professionals and consumers alike. Malwarebytes offers Malwarebytes Secure Backup, which offers an added layer of protection by scanning every file before it is stored within the cloud in an encrypted format (don’t worry, you can decrypt these).

mbsb

To find out more on remove Cryptolocker, check out the official removal guide from Malwarebytes.

Update: Adam Kujawa from Malwarebytes gives further insight about Cryptolocker in an interview with Category 5

 

This article was sourced from: Cryptolocker Ransomware: What You Need To Know | Malwarebytes Unpacked.

Posted in: Latest Computer News

Leave a Comment (0) →

How to remove the YAC virus – Removal Guide Yet Another Cleaner | Malware Removal – Software & Tutorials

How to remove the YAC virus – Removal Guide

The YAC virus (also found as YAC Search virus, YACmx virus, YAC Cleaner, Yet Another Cleaner virus, Elex do Brasil Participações Ltda, YAC computer virus, Woodtale virus, and more) is dangerous malware categorized as scareware (rogue software) that is promoted as an unregistered (free) and registered (full) Microsoft Windows cleaner and optimizer tool; however, YAC Cleaner is essentially considered a non-beneficial rogue Windows Optimizer and Antivirusprogram that participates in unethical marketing practices and performs fraudulent, non-beneficial computer scans with highly misleading results in order to create customers and collect user information using scare tactics.

remove YAC virus

YAC promotes a free trial is a that displays misleading information, misleading scan results, including a quick clean scan, deep clean scan, system boost, and more.

Once installed, the non-beneficial YAC cleaning software will begin to perform a scan without authorization. The scan will then claim that there are a numerical amount of problems detected, and will also claim that a certain amount of them are not safe. Most of the time the malicious results shown do not exist on the computer system and is fabricated by the software.

YAC malware also opens internet browser windows and cause unwanted pop-ups to appear, as well as change your homepage, default search engine, and start page causing your internet browsers to constantly start up on and redirect to search.yac.mx and other websites when users search the web, open a browser window, open a new browser tab, and perform similar tasks. In Google Chrome, YAC hijacks the startpage settings, home page settings (as well as causes the home button to appear), and default engine.

YAC pop-up

YAC will also collect and distribute user information manually submitted online while the program is installed or information submitted to the initial party and involved third-parties, as well as what they describe as anonymous usage information (anonymous information can still be used to identify a person or make communications).

YAC will collect complete computing and browser activity. The information collected is often submitted to marketing and mailing lists. Victims have reported excessive email spam from YAC Software and third-parties, as well as junk mail and telephone calls from telemarketers at home.

YAC malware often bundles with third-party adware, spyware, and browser hijackers used to display pop-up ads, banner ads, coupon drop-down ads, and cause browser redirections and start-ups.

YAC.mx and the items they develop and promote are very malicious and have connections to Hong Kong, Brazil, Mexico and other countries. In most cases the items seem to be repackaged and renamed.

YAC Cleaner is confusing and difficult to install for many users.

YAC has also been documented spam commenting and forum spamming many websites, including ours in efforts to promote the product and defame legitimate software used to remove it such as Malwarebytes.

YAC.mx also misleads their web visitors by displaying defamatory and false information about legitimate sources including our website, Botcrawl.com in efforts to create customers via unethical marketing tactics. You can view images of this in the gallery below. Please note, we are not a“malicious thing” that does any harm to anyone, all information displayed on the website is false. There is no need for us to file suit against them at the moment as this patently potrays how unethical their product and website is.

Yac.mx published this post after learning about our research of their product.

How does YAC malware get onto a computer?

YAC Software can be manually and voluntarily downloaded from a variety of locations including download.com, and others; however, most users claim that YAC scareware installed without consent.

YAC also bundles with third-party freeware and shareware.

In some instances YAC scareware may be contracted via advertisements, email spam, and compromised social media content.

   Green Arrow Bullet   How to remove YAC Malware

  1. Automatically remove YAC – Scan for and automatically remove YAC malware
  2. Manually remove YAC – Remove/Uninstall YAC and third-party malware if allowed

1. Automatic YAC removal

Use the instructions below to automatically remove YAC scareware and third-party malware.

Malwarebytes Anti-Malware

1. Install the free or paid version of Malwarebytes Anti-Malware.

Purchase   Download

2. Once Malwarebytes is installed, run the program. If you are using the free version of Malwarebytes you will be prompted to update the database, make sure to do so.

3. On the first tab labeled “Scanner” select the Perform full scan option and click the Scan button to perform a full system scan. Malwarebytes will automatically detect malware infecting the computer system.

Malwarebytes Perform Full Scan

4. Once the malware scan is complete, Malwarebytes may prompt a notice stating malicious objects were detected. Select the malicious objects and click the Remove Selected button to completely remove the malicious files from your computer (the image below shows a file that is NOT selected) or click the Delete button to remove quarantined files.

Malwarebytes Gadgetbox

CCleaner

CCleaner can be used to automatically repair internet browser settings startup up settings, and uninstall stubborn and possibly rogue YAC software.

1. Install the free or paid version of CCleaner by Piriform.

CCleaner Analyze Cleaner

2. Once installed, open the program and navigate to Cleaner > Windows/Applications and click the Analyze button. Afterwards, click the Run Cleaner button on the bottom right of the program interface.

SpeedUpMyPC 2013 start up removal

3. Next, navigate to Tools > Startup and search through each tab starting from windows, internet explorer, etc., all the way to Content Menu, for additional suspicious entries and click Disable and Delete once anything is found. Something to look for might include the title “YAC.”

4. To automatically uninstall YAC and unwanted programs, navigate to the Uninstall tab and located software in the list of installed programs. Uninstall the programs as selected. Keep in mind that the publisher of the program often changes from Elex do Brasil Participações Ltdalocated in Sao Paulo, Brazil to WoodtaleMedia.com and iSafe Virus Removal.

2. Manual YAC removal

Use the instructions below to manually uninstall rogue YAC software using generic removal procedures (if allowed), as well as third-party malware that may have installed alongside rogue Windows optimization software.

How to uninstall YAC (Yet Another Cleaner)

1. Access Windows Start Menu and navigate to the Control Panel.

Uninstall a program

2. Click Uninstall a program or Add and remove a program.

3. In the list of installed programs, search for YAC (Elex do Brasil Participações Ltda) and other potentially unwanted software. Once located, double click the unwanted programs or highlight them in the list and click the Uninstall button.

It is important to stay alert when uninstalling YAC as the process may be difficult. If a prompt appears, click Uninstall YAC, then click the Uninstall button, then choose a reason for uninstalling the malware, and click the new Uninstall button.

Some versions of YAC software do now show buttons when uninstalling the software. If this is the case, viewers have suggested to use the video below as a guideline in order to click the screen in the appropriate locations to perform the appropiate tasks to remove this pesky software.

Related Articles & Troubleshooting

In some cases YAC malware will reinstall itself. If this is the case there are several options to remove Yet Another Cleaner listed below, as well as instructions to remove similar rogue software.

This site’s original source is the following:

How to remove the YAC virus – Removal Guide Yet Another Cleaner | Malware Removal – Software & Tutorials.

Posted in: Latest Computer News

Leave a Comment (0) →

‘Operation Hangover’ hackers exploit latest Windows zero-day – Computerworld

‘Operation Hangover’ hackers exploit latest Windows zero-day

Indian gang ups its game with targeted attacks that rely on malicious Word docs

By Gregg Keizer

November 7, 2013 10:47 AM ET

1 CommentinShare4

Computerworld – The unpatched vulnerability in Windows that Microsoft acknowledged on Tuesday has been used by a known Indian hacker group responsible for earlier "Operation Hangover" attacks, security company Symantec said yesterday.

The gang behind Operation Hangover is believed to be based in India, and the bulk of the first round of cyber-espionage attacks, which were discovered in May, were aimed at its neighbor and long-time adversary Pakistan.

"After analyzing the payloads being used in this attack, we have identified that the targeted emails are part of an attack campaign known as Operation Hangover," Symantec said in a blog, referring to the newest campaign that relies on the Microsoft zero-day vulnerability to hijack and infect Windows PCs.

Microsoft issued a security alert Tuesday, saying that a vulnerability in the TIFF image-format parsing component of Windows was being exploited in attacks aimed at targets in the Middle East and South Asia, the latter region representing countries like India and Pakistan.

The attacks Symantec captured used malicious Word documents attached to emails with subject headings such as "Illegal Authorization for Funds Transfer" and "Problem with Credit September 26th 2013."

It was the first time that the Hangover group has used a zero-day vulnerability in its attacks, Symantec said.

Researcher Haifei Li of security company McAfee was the first to find and report the unpatched bug to Microsoft. The Redmond, Wash., company’s security team was alerted of the vulnerability Oct. 31.

According to Li, the exploit uses multiple XML objects to "spray the heap memory," a technique more than a decade old, to uncover sections of memory suitable for use by the actual attack code.

"It is worth [noting] that this heap-spraying in Office via ActiveX objects is a new exploitation trick which we [haven’t] seen before," Li wrote earlier this week.

Microsoft’s own researchers confirmed the ActiveX-based head-spray tactic in a detailed description published on its Security Research & Defense blog Tuesday.

This article, ‘Operation Hangover’ hackers exploit latest Windows zero-day, was originally published at Computerworld.com.

via 'Operation Hangover' hackers exploit latest Windows zero-day – Computerworld.

Posted in: Latest Computer News

Leave a Comment (0) →

How to Diagnose a Computer Problem: 10 Quick Steps

computer diagnosis

How to Diagnose a Computer Problem
Edited by Cameron, Brandywine, R1zen187, Username152 and 11 others

Many people are faced with everyday computer problems that are easy to fix, but are unable to diagnose the actual problem. While there are many problems a computer will be faced with, this article will tell you where to look for common problems.

EditSteps
1Check the POST. POST stands for Power On Self Test. This is generally the first or second thing that appears on a computer after turning on the power. This appears before the operating system begins to load. The POST will display any problems found with hardware that makes the computer unable to boot, POST may also display problems with hardware that allow the computer to boot, but not operate at its full capacity during operation.

2Notice the load time of the OS (operating system). A longer than usual load time may indicate seek errors (or other errors) in the hard drive.
3Notice any graphics problems once the OS has loaded. Reduced graphics may indicate driver failures or hardware failures with graphic cards.
4Perform an auditory test. An auditory test is an unorthodox, but still effective way of judging how hard a computer is working. With the computer on and running, play any decent length audio file (usually above 30 secs). If the audio is choppy or slow, it usually means that the processor is working at an elevated level, or there is not enough RAM to run all programs loading. Changing the startup sound is a great way to apply this test. Another issue associated with choppy sounds is PIO (Programmed Input/Output) Mode. This affects how the hard drive reads and writes data from a drive. Switching to DMA allows for faster reads and writes, and can sometimes repair choppy audio.
5Check any newly installed hardware. Many operating systems, especially Windows, can conflict with new drivers. The driver may be badly written, or it may conflict with another process. Windows will usually notify you about devices that are causing a problem, or have a problem. To check this use the Device Manager, this can be accessed by entering the Control Panel, clicking the System icon, clicking the Hardware tab, and clicking on Device Manager. Use this to check and arrange the properties of hardware.
6Check any newly installed software. Software may require more resources than the system can provide. Chances are that if a problem begins after software starts, the software is causing it. If the problem appears directly upon startup, it may be caused by software that starts automatically on boot.
7Check RAM and CPU consumption. A common problem is a choppy or sluggish system. If a system is choppy it is good practice to see if a program is consuming more resources than the computer can provide. An easy way to check this is to use the Task Manager, right click on the taskbar select Task Manager, and click the Processes tab. The CPU column contains a number that indicates the percentage of CPU the process is consuming. The Mem Usage column indicates how much memory a process is consuming.
8Listen to the computer, if the hard drive is scratching or making loud noises, shut off the computer and have a professional diagnose the hard drive. Listen to the CPU fan, this comes on a high speed when the CPU is working hard, and can tell you when the computer is working beyond its capacity.
9Run a virus and malware scan. Performance problems can be caused by malware on the computer. Running a virus scan can unearth any problems. Use a commonly updated virus scanner (such as Norton Antivirus or Avast! Antivirus) and a commonly updated malware scanner (such as Spybot Search & Destroy).
10Check for the problem in safe mode. As a last ditch effort, check the problem in safe mode. To enter safe mode, tap F8 repeatedly during POST (this works on most systems). If the problem persists in safe mode, it is a fair bet that the operating system itself is to blame.

This article was taken from the following site: http://www.wikihow.com/Diagnose-a-Computer-Problem

Posted in: Latest Computer News

Leave a Comment (0) →

The infamous fake “FBI Virus”

fbi-virus-malicious

fbi-virus

Beware of the FBI Virus

The FBI Virus is a virus that locks down your computer shortly after you turn it on preventing you from accessing any files or programs. The cleverly designed virus will tell you that your system has been used for different types of illegal activity and will demand a payment via Moneypak to unlock your computer. The payment requests could be anywhere from $100 – $700 depending on the variant installed on your computer. There are several variants. However, once you have paid nothing will change & your computer will remain infected.

Some of the viruses even state that they have taken pictures of you through your webcam and have your image on file. You may even be shown a photo of yourself taken with your webcam. Luckily, none of this is true. Here is what the virus might look like:

 

Since late last year, PC Medics 911 has been experiencing an influx of computers infected with what has now known as the FBI Virus. This virus is not going away anytime soon.

Fortunately, we have all the tool necessary to remove it! We have continuously removed the FBI virus successfully here at our Granada Hills store. Our highly trained emergency computer technicians will make sure any data you need protected is backed up prior to removal.

Give us a call today if you believe you are infected with this virus. Our toll free number is 888-729-1163.

 

Posted in: Latest Computer News

Leave a Comment (1) →