Blog

Posts Tagged fbi-virus-removal

Alert: Petya Ransomware May Be the Worst Yet | Los Angeles, CA | PC Medics 911

ransomware-virus-removalAlert: Petya Ransomware May Be the Worst YetinShareRansomware is such a popular method of attack used by hackers that new variants of it pop up every few months. Among these is Petya, a nasty new ransomware that masquerades as an unsolicited resume in an organization’s email inbox. Don’t be fooled, though; the only work these hackers are looking for is to work you out of a couple hundred dollars.Once the file has been downloaded, Petya causes a Windows error and forces the system to endure the typical “blue screen of death,” causing a reboot. The computer will then display a red skull and crossbones, and a fraudulent “system check” infects and encrypts the master file table (MFT) with military-grade encryption protocol. This causes the computer to basically forget which files it has, and where they are stored.

Rather than closing access to particular files, Petya completely locks the user out of the system by overwriting the computer’s master boot record. The computer is essentially rendered useless by the user, who can’t even log in. Petya will display a list of demands, as well as how to meet them. As is the case with most ransomware, the ransom must be paid in Bitcoin. Once this has been done, the criminal supplies a decryption key that’s used to regain access to the files.

The initial cost for the decryption key is .99 Bitcoins, which is an estimated $430. However, paying for the decryption key isn’t that simple. Once the user accesses the payment page, they’re given a limited amount of time to access the key before the price is doubled. While there are some websites that claim there are commands that can allow users to skip the lock screen, the MFT will still be encrypted, rendering the files useless. Even if the user pays the ransom, there’s still no guarantee that the decryption key provided by the hackers will work. This is why we always suggest that you don’t pay the ransom, and instead contact a professional technician who can consult you on the situation.

In particular, business owners and human resources representatives who are responsible for the hiring procedure are the preferred targets. Petya is distributed through emails that are disguised as potential job seekers. The message will often contain a hyperlink that redirects to a Dropbox containing a resume, which is really just a Trojan horse containing Petya that’s capable of weaseling its way past your antivirus solution. Petya had been causing significant trouble for German businesses, but a programmer has found a solution. Admittedly, it’s a tricky solution to implement, but it’s still preferable to paying a ransom.

As is the case with most ransomware, your best chance of escaping unscathed is by dodging the attacks altogether. Ransomware is notoriously difficult to crack, even for seasoned IT veterans, but keeping a watchful eye on anything you find on the Internet can help you avoid infections. With PC Medics’ security solutions, you can proactively detect and eliminate threats to your IT infrastructure. To learn more, give us a call at 818-357-2338.

Source: Alert: Petya Ransomware May Be the Worst Yet | Los Angeles, CA | Techmedics

Posted in: Company News, Latest Computer News

Leave a Comment (0) →

How to enable Developer Options on your Android phone or tablet | Greenbot

How to enable Developer Options on your Android phone or tablet

More like this

Unlock your Android device’s potential with the Android Debug Bridge (ADB)

Don’t want to wait for Android L? Try Android Runtime (ART) now

11 simple tips and tricks to get more from your LG G3

Credit: Blake Stimac

By Blake Stimac Follow

Greenbot | Jul 25, 2014 6:00 AM

Android How-To

So you’ve finally decided to root your phone and install a custom ROM, or maybe you want to sideload an app from your computer. Before you can jump into ADB commands and perform some software surgery on your phone, you have to enable the Developer options.

Cleverly hidden away from the average user, enabling Developer options is incredibly easy to do if you know where to look.

Find the Android Build number in Settings

Build number menu for the Samsung Galaxy S5, LG G3, and HTC One (M8)

While enabling Developer Options is done in the same way for every Android phone or tablet, OEMs don’t always put the option in the same place. Navigate your phone to the “Build number” portion of the settings, which can be tucked away and buried in submenus.

Here’s how to get there on a few popular devices:

Stock Android: Settings > About phone > Build number

Samsung Galaxy S5: Settings > About device > Build number

LG G3: Settings > About phone > Software information > Build number

HTC One (M8): Settings > About > Software information > More > Build number

Once you’ve found the Build number section of the settings, tap on the section 7 times. After two taps, a small pop up notification should appear saying “you are now X steps away from being a developer” with a number that counts down with every additional tap.

When the Developer options are unlocked, you should see something like this.

After the 7th tap, the Developer options will be unlocked and available. They can usually be found in the main settings menu. You dive into that menu to do things like enable USB debugging (a frequent prerequisite to lots of hacks).

Developer options for the Samsung Galaxy S5, LG G3, and HTC One (M8).

Removing Developer options is possible, but only for certain phones

So you want to get rid of the developer options in the settings menu of your phone? Well, the sad truth is that the only sure-fire way to do this is to perform a factory reset. Luckily, a few phones can kill off the extra settings menu without wiping the phone completely.

Clearing the Settings data will remove Developer options for some phones and tablets.

If you have a phone with stock Android or the HTC One (M8), Developer options can be removed completely from your phone without wiping it. Sorry, Galaxy S5 and LG G3 users, you’re gonna need to either live with the extra menu or wipe your phone.

Go to Settings>Apps>Settings and tap on Clear Data. A popup will ask you to confirm, press OK, and you’re done. This method may work with more phones and tablets, so be sure to let us know in the comments below if it worked for you.

Blake Stimac — Staff Writer

Blake has been an Android fan since the G1 days, tinkering with any device he can get his hands on. When he’s not geeking out on Android devices, you’ll likely find him playing video games or watching a laundry list of horror movies.

via How to enable Developer Options on your Android phone or tablet | Greenbot.

Posted in: Latest Computer News

Leave a Comment (0) →

Cryptolocker Ransomware: What You Need To Know | Malwarebytes Unpacked

Cryptolocker Ransomware: What You Need To Know

Update 12/20/2013: A new version of Cryptolocker—dubbed Cryptolocker 2.0—has been discovered by ESET, although researchers believe it to be a copycat of the original Cryptolocker after noting large differences in the program’s code and operation. You can read the full blog comparing the two here.

Original story:

Just last month, antivirus companies  discovered a new ransomware known as Cryptolocker.

This ransomware is particularly nasty because infected users are in danger of losing their personal files forever.

cryptolocker

Spread through email attachments, this ransomware has been seen targeting companies through phishing attacks.

Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key.

The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.

Below is an image from Microsoft depicting the process of asymmetric encryption.

assemcrypto

The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.

Currently, infected users are instructed to pay $300 USD to receive this private key.

Infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever.

Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files. The folks at BleepingComputer have some additional insight on this found here.

Removal:

Malwarebytes detects Cryptolocker infections as Trojan.Ransom, but it cannot recover your encrypted files due to the nature of asymmetric encryption, which requires a private key to decrypt files encrypted with the public key.

mbam-detect

In order to make removal even easier, a video was also created to guide users through the process (courtesy of Pieter Arntz).

While Malwarebytes cannot recover your encrypted files post-infection, we do have options to prevent infections before they start.

Users of Malwarebytes Anti-Malware Pro are protected by malware execution prevention and blocking of malware sites and servers.

To learn more on how Malwarebytes stops malware at its source, check out thisblog.

Free users will still be able to detect the malware if present on a PC, but will need to upgrade to Pro in order to access these additional protection options.

mbam-pro

Backup:

Also, the existence of malware such as Cryptolocker reinforces the need to back up your personal files.

However, a local backup may not be enough in some instances, as Cryptolocker may even go after backups located on a network drive connected to an infected PC.

Cloud-based backup solutions are advisable for business professionals and consumers alike. Malwarebytes offers Malwarebytes Secure Backup, which offers an added layer of protection by scanning every file before it is stored within the cloud in an encrypted format (don’t worry, you can decrypt these).

mbsb

To find out more on remove Cryptolocker, check out the official removal guide from Malwarebytes.

Update: Adam Kujawa from Malwarebytes gives further insight about Cryptolocker in an interview with Category 5

 

This article was sourced from: Cryptolocker Ransomware: What You Need To Know | Malwarebytes Unpacked.

Posted in: Latest Computer News

Leave a Comment (0) →

‘Operation Hangover’ hackers exploit latest Windows zero-day – Computerworld

‘Operation Hangover’ hackers exploit latest Windows zero-day

Indian gang ups its game with targeted attacks that rely on malicious Word docs

By Gregg Keizer

November 7, 2013 10:47 AM ET

1 CommentinShare4

Computerworld – The unpatched vulnerability in Windows that Microsoft acknowledged on Tuesday has been used by a known Indian hacker group responsible for earlier "Operation Hangover" attacks, security company Symantec said yesterday.

The gang behind Operation Hangover is believed to be based in India, and the bulk of the first round of cyber-espionage attacks, which were discovered in May, were aimed at its neighbor and long-time adversary Pakistan.

"After analyzing the payloads being used in this attack, we have identified that the targeted emails are part of an attack campaign known as Operation Hangover," Symantec said in a blog, referring to the newest campaign that relies on the Microsoft zero-day vulnerability to hijack and infect Windows PCs.

Microsoft issued a security alert Tuesday, saying that a vulnerability in the TIFF image-format parsing component of Windows was being exploited in attacks aimed at targets in the Middle East and South Asia, the latter region representing countries like India and Pakistan.

The attacks Symantec captured used malicious Word documents attached to emails with subject headings such as "Illegal Authorization for Funds Transfer" and "Problem with Credit September 26th 2013."

It was the first time that the Hangover group has used a zero-day vulnerability in its attacks, Symantec said.

Researcher Haifei Li of security company McAfee was the first to find and report the unpatched bug to Microsoft. The Redmond, Wash., company’s security team was alerted of the vulnerability Oct. 31.

According to Li, the exploit uses multiple XML objects to "spray the heap memory," a technique more than a decade old, to uncover sections of memory suitable for use by the actual attack code.

"It is worth [noting] that this heap-spraying in Office via ActiveX objects is a new exploitation trick which we [haven’t] seen before," Li wrote earlier this week.

Microsoft’s own researchers confirmed the ActiveX-based head-spray tactic in a detailed description published on its Security Research & Defense blog Tuesday.

This article, ‘Operation Hangover’ hackers exploit latest Windows zero-day, was originally published at Computerworld.com.

via 'Operation Hangover' hackers exploit latest Windows zero-day – Computerworld.

Posted in: Latest Computer News

Leave a Comment (0) →

How to Diagnose a Computer Problem: 10 Quick Steps

computer diagnosis

How to Diagnose a Computer Problem
Edited by Cameron, Brandywine, R1zen187, Username152 and 11 others

Many people are faced with everyday computer problems that are easy to fix, but are unable to diagnose the actual problem. While there are many problems a computer will be faced with, this article will tell you where to look for common problems.

EditSteps
1Check the POST. POST stands for Power On Self Test. This is generally the first or second thing that appears on a computer after turning on the power. This appears before the operating system begins to load. The POST will display any problems found with hardware that makes the computer unable to boot, POST may also display problems with hardware that allow the computer to boot, but not operate at its full capacity during operation.

2Notice the load time of the OS (operating system). A longer than usual load time may indicate seek errors (or other errors) in the hard drive.
3Notice any graphics problems once the OS has loaded. Reduced graphics may indicate driver failures or hardware failures with graphic cards.
4Perform an auditory test. An auditory test is an unorthodox, but still effective way of judging how hard a computer is working. With the computer on and running, play any decent length audio file (usually above 30 secs). If the audio is choppy or slow, it usually means that the processor is working at an elevated level, or there is not enough RAM to run all programs loading. Changing the startup sound is a great way to apply this test. Another issue associated with choppy sounds is PIO (Programmed Input/Output) Mode. This affects how the hard drive reads and writes data from a drive. Switching to DMA allows for faster reads and writes, and can sometimes repair choppy audio.
5Check any newly installed hardware. Many operating systems, especially Windows, can conflict with new drivers. The driver may be badly written, or it may conflict with another process. Windows will usually notify you about devices that are causing a problem, or have a problem. To check this use the Device Manager, this can be accessed by entering the Control Panel, clicking the System icon, clicking the Hardware tab, and clicking on Device Manager. Use this to check and arrange the properties of hardware.
6Check any newly installed software. Software may require more resources than the system can provide. Chances are that if a problem begins after software starts, the software is causing it. If the problem appears directly upon startup, it may be caused by software that starts automatically on boot.
7Check RAM and CPU consumption. A common problem is a choppy or sluggish system. If a system is choppy it is good practice to see if a program is consuming more resources than the computer can provide. An easy way to check this is to use the Task Manager, right click on the taskbar select Task Manager, and click the Processes tab. The CPU column contains a number that indicates the percentage of CPU the process is consuming. The Mem Usage column indicates how much memory a process is consuming.
8Listen to the computer, if the hard drive is scratching or making loud noises, shut off the computer and have a professional diagnose the hard drive. Listen to the CPU fan, this comes on a high speed when the CPU is working hard, and can tell you when the computer is working beyond its capacity.
9Run a virus and malware scan. Performance problems can be caused by malware on the computer. Running a virus scan can unearth any problems. Use a commonly updated virus scanner (such as Norton Antivirus or Avast! Antivirus) and a commonly updated malware scanner (such as Spybot Search & Destroy).
10Check for the problem in safe mode. As a last ditch effort, check the problem in safe mode. To enter safe mode, tap F8 repeatedly during POST (this works on most systems). If the problem persists in safe mode, it is a fair bet that the operating system itself is to blame.

This article was taken from the following site: http://www.wikihow.com/Diagnose-a-Computer-Problem

Posted in: Latest Computer News

Leave a Comment (0) →

5 tips to keep you cyber-safe this buying season | Computerworld Blogs

5 tips to keep you cyber-safe this buying season

By David A. Milman
November 30, 2010 10:35 AM EST

5 tips to keep you cyber-safe this buying season | Computerworld Blogs

Black Friday and Cyber Monday may mark the high points of the holiday shopping season, but they are by no means the end of it.  In a still struggling economy, with everyone searching for value, consumers will encounter technology deals that might seem too good to be true.

As reported by the Dow Jones newswires, online shopping may well top $1 billion dollars on a single day this year.  With more and more consumers willing to spend money online, sales will rise, but so will the risk of exposure to some sort of scam or cyber-crime right alongside those fabulous deals.

So, how can you avoid being taken advantage of?

There are many ways to keep yourself, your privacy, and your money safe this holiday season.  But, as the countdown to Christmas grows shorter, many of us abandon our common sense in the desperate pursuit of that one great gift or that one fantastic deal.

Therein lies the problem.  The number one way to guard against online scams is to employ some common sense.

For example, many of us will go to extreme lengths to save a few dollars.  This often includes venturing off the ‘beaten path’ and looking outside the major retailers on online auction or classified sites such as E-Bay or Craigslist, which the Better Business Bureau has cautioned against.  While many of the deals offered on such sites are perfectly legitimate, the likelihood of stumbling into a scam is far greater on these sorts of sites.

Tip #1 — If a deal seems too greatit probably is, especially if it’s from an individual user or a ‘minor’ retailer.  Be suspicious of any deal or sale that you can’t believe is real.  Maybe you’ve found the best buy of the season, but it’s more likely that you’ve stumbled into a scam set up to defraud you and steal your money or information.

It’s also important to remember that anyone you do business with online knows more about Internet commerce — and its dangers — than you do.

An excellent tip #2 is to do some research about any online vendor you’re considering making a purchase from.  Some vendors believe quality customer service goes hand in hand with turning a profit.  Others, however, such asVitaly Borker, seem to value their bottom line over the satisfaction of their customers.

As reported in the New York Times and on Cnet.com, Borker took advantage of loopholes in credit card policies to refuse refunds and threaten customers.  Only when he was in danger of being cut off by Visa and MasterCard did Borker begin meeting his customer’s needs.

Some simple research might have tipped customers off that Borker’s website was one to be avoided.

As heinous as Borker’s actions may seem, they do bring to light tip #3 for the online shopper: understand your credit cards.  Borker and other merchants like him, were able to take advantage of customers because of the rules set up by the credit cards those customers use.

With credit card purchases being the dominant form of online shopping, it’s vital that consumers know the policies of the cards they use and what recourse they have should those policies be abused.

Tip #4 — Consumers would also be wise to investigate other forms of payment, such as PayPal or Bill Me Later, a PayPal service.  While alternative methods may not offer the convenience of credit cards, they may provide more security against potential scams and those who know how to abuse the system.

Regardless of where and when you shop online, tip #5 applies: be cautious.  The Internet can be a dangerous place at the best of times.  During the often stressful and expensive holiday season the dangers increase exponentially.

Be wary every time you shop online and help to make sure this time remains a time of giving, and not of taking.

This article was cited from: http://blogs.computerworld.com/17440/safe_cyber_shopping_tips_for_the_holiday_season 

David A. Milman, Founder and CEO of Rescuecom

 

Posted in: Latest Computer News

Leave a Comment (0) →

The infamous fake “FBI Virus”

fbi-virus-malicious

fbi-virus

Beware of the FBI Virus

The FBI Virus is a virus that locks down your computer shortly after you turn it on preventing you from accessing any files or programs. The cleverly designed virus will tell you that your system has been used for different types of illegal activity and will demand a payment via Moneypak to unlock your computer. The payment requests could be anywhere from $100 – $700 depending on the variant installed on your computer. There are several variants. However, once you have paid nothing will change & your computer will remain infected.

Some of the viruses even state that they have taken pictures of you through your webcam and have your image on file. You may even be shown a photo of yourself taken with your webcam. Luckily, none of this is true. Here is what the virus might look like:

 

Since late last year, PC Medics 911 has been experiencing an influx of computers infected with what has now known as the FBI Virus. This virus is not going away anytime soon.

Fortunately, we have all the tool necessary to remove it! We have continuously removed the FBI virus successfully here at our Granada Hills store. Our highly trained emergency computer technicians will make sure any data you need protected is backed up prior to removal.

Give us a call today if you believe you are infected with this virus. Our toll free number is 888-729-1163.

 

Posted in: Latest Computer News

Leave a Comment (1) →