Tag Archives: malware

How to find out if your Mac is infected with malware

One of the favorite Mac vs. PC myths is “PCs are slow, they always crash, and get viruses!” The corollary to that would be “Macs never get viruses.” That’s getting harder to say with a straight face.

In April, research firm Sophos released a study that found one in five Macs was infected with malware. The study comes from a survey of 100,000 Macs that downloaded Sophos’s free Mac antivirus software, so it was a decent sample size.

(It’s important to note that these malware programs are Windows programs, so they aren’t able to do anything unless the Mac runs Windows software. They are mostly harmless.)

No matter what software is affected though, this increasing trend demonstrates that hackers are able to sneak unwanted software payload onto Apple  computers. Currently, 2.7 percent of infected Macs are infected with Mac OS-compatible malware.

Malware such as the Flashfake Mac OS X botnet have been reported to have infected 500,000 Macs. It disguises itself as an Adobe Flash installer and hijacks the search engine results that appear in a browser.

How to find out if your Mac is infected

There are several free applications to help you find out if your Mac is infected:

The word “trusted” on the last item is important because the list is part of a post on a new malware which specifically targets Macs. Fake security applications like “Mac Defender,” “Mac Security,” and “Mac Protector” have tricked unsuspecting users into installing malware instead of antivirus software. Luckily this one is fairly obvious to find (read the post for very good instructions.)

To avoid future malicious downloads, the post recommends turning off any option that automatically opens or installs downloaded files, as well as restricting downloads to specific folders.

The only guaranteed way to avoid malware is to not connect your Mac to the Internet. Being careful while using the Internet helps, but even the most computer-savvy users can get infected with malware without knowing it. In lieu of completely disconnecting your computer from the Internet, the most effective deterrent seems to be keeping up with the latest Apple security updates.

Don’t Get Caught Off Guard By Web Pages Imitating Antivirus Software

Malware, which is any type of harmful software, uses many different methods to trick users into installing it.  A recent trend is to imitate legitimate antivirus software so you inadvertently install the malicious program.

Malware creators utilize scary pictures and language to trick people into believing their computer is infected, and ultimately attempt to make the individual purchase something to remove the fabricated “threats”.

In my experience as an IT support technician, this type of malware is generally installed on an individual’s computers when they click a seemingly harmless link on a website or download a file.  This means the malware can be prevented if users know what to look for and follow safe browsing habits. This article will provide one example of how to do that.

Malware in Disguise

Recently I came across a very interesting pop-up I hadn’t seen before:

Pop-upAt first glance, this error message looks like a legitimate virus notification.  However, this image has some flaws that, with the right knowledge, make it easy to spot as a fake and avoid the consequences of clicking on it.

How to Identify a Fake Virus Notification

The first giveaway that the virus notification shown above is a fake is that it shows the virus scanner running in a “My Computer” window (as seen in the title of the window).  This implies that the virus scanner is a part of Windows, but Microsoft does not have any antivirus software integrated directly into the operating system.

Second, nothing happens when trying to move the window.  Moving the mouse cursor over the buttons doesn’t make them change like you normally see in Windows. You can also observe that there are numerous spelling and grammar mistakes in the text – any professional product would not contain such mistakes so frequently.

Finally, my taskbar only showed that Firefox, iTunes, and Pidgin windows were open, no antivirus. However, it showed an extra Firefox window which I had not opened. At this point I clicked it to bring that window to the foreground and the bogus virus scan appeared.

Since experiencing that first pop-up, I have seen several others that are similar. Each has its own unique features, but the general premise in all of them is the same. Observation techniques such as the ones I used in this situation can be used to determine the legitimacy of many other fake notifications and will help you avoid viruses.

Additional Tips

Besides the specifics of the example in this article, here are some general “good computing” habits to prevent you from being a victim of this latest type of virus:

  • Have legitimate antivirus software installed and updated (Microsoft Security Essentials, avast!, Avira, and AVG are all good antivirus products that can be downloaded and used free of charge).
  • Know the name and logo of your installed antivirus software.  If you see a notification with a different name, you’ll immediately know that it’s a fake.
  • Take time before clicking on links or images to make sure you know what they are and where they lead.

In the past, this type of virus has been relatively easy to remove.  However, recent iterations have proved more tenacious, which makes it that much more important to know how to prevent them.

Have you have encountered any similar pop-ups? Or have you gotten the malware that can be caused by them? Do you have any other additions, comments or questions about good browsing habits to prevent getting malware? Please let me know in the comments below!

Image Credit: http://www.salisbury.edu/helpdesk/

Fix: What To Do if Removing a Virus Blocks Executable (.EXE) Files From Opening

I have recently observed that after removing certain fake anti-spyware viruses (such as “Windows Security Center” or “Anti Virus 2010″), all executable (.exe) files will no longer open.  No matter what file you try to open – iTunes, Firefox, or even Malwarebytes – they will not open because they are all .exe files.

To fix this problem, I came across a process that fixes the registry keys that have been changed due to this virus.

The Problem

When attempting to open any executable file, you see the image shown below.  It is a notification asking you to choose what program you would like to open the file with, which means Windows does not understand how to open .exe files.

The Solution

Disclaimer: Before you start this guide, please keep in mind that this is an advanced procedure and you could potentially end up doing more harm than good by following this guide.  If you are not comfortable with the procedures mentioned in this guide, please call your computer’s manufacturer for support or bring it to an authorized PC technician.  We can take no responsibility for damage done to your system by following this guide.

Step 1: Open the Run dialog box by going to Start -> Run or pressing WIN + R.  Then open the command prompt by typing “command” (instead of typing “cmd” because “cmd” links to an .exe file which will not open).  “Command” links to a .com file which is not affected by the virus.

Step 2: Once you have opened the Command Prompt, type “regedit” and hit enter.

If you can’t open regedit (which is certainly possible because it is an executable file itself), try typing the following commands, one at a time, and press enter after each one.

cd \

cd \windows

copy regedit.exe regedit.com

start regedit.com

This makes a copy of regedit in the form of a .com file so it can be opened.

Step 3: As a precaution you should back up your registry.  To do this, go to File->Export to save a backup file.  You should save this backup to a USB flash drive or other type of portable media just in case you can’t access your hard drive.

Leave the Registry Editor open after you have made a backup because you may need it in the next step.

Step 4: You will now need to run a special registry file that will re-establish the file associations for executable files.  This file is specially tailored for your operating system, so make sure you use the correct file.  You will need to right click these files and select Save As to download them to your computer.

After downloading the correct file for your operating system, you need to try opening it to add those values to the registry.

a) You can first try double clicking the file (or right clicking it and selecting Merge).  If this works you can skip to Step 5.

b) If a) didn’t work, go back to the Registry Editor which you opened in Step 2 and go to File -> Import.  Navigate to the .reg file you downloaded and select it.

c) If neither of those worked, check out the final section of this guide for more help.  Windows XP users can check out this guide which offers the registry fix in a .COM file format.

Step 5: If you were able to successfully install the registry fix for your operating system, you should be good to go now.  Restart your computer and try opening any executable files to see if it worked.

If you encounter problems after changing your registry, you can restore the backup you made in Step 3.

If you still have problems

I’ve dealt with a few computers that have been afflicted with this problem, and I have discovered that there is a tremendous amount of variability that can occur.  If this guide wasn’t able to help you, I recommend checking out the following guides which offer more solutions:

If you’re still stuck after that, post in the comments below and provide as much information as possible.

Remember, if in doubt: call your computer’s manufacturer for support or contact an authorized PC technician.  We can take no responsibility for damage done to your system by following this guide.

Follow Up: My Experience with Microsoft Security Essentials Anti-Malware Software

ThumbnailA few months ago, Evan wrote a great article about Microsoft’s free anti-malware application, Microsoft Security Essentials. After using Microsoft Security Essentials for several months, I’ve been able to get a good sense of how it stacks up against the competition.

My first experience with Security Essentials was on my own computer. It had some relatively benign spyware which wasn’t being removed by my standard set of scans, so I thought I’d give Microsoft Security Essentials a try.

As Evan mentioned in his article, Microsoft Security Essentials is a quick, painless installation and it automatically updates its virus definitions. This is a handy feature because it prevents me from wasting time by running a scan and then realizing I forgot to update and having to do it all over again.

After updating the virus definitions, I elected to go straight for the full scan option, not really knowing what to expect in terms of time. The full scan took about 3 hours to finish. This was on an older computer, but it still surprised me how long it took. However, the wait was worth it, as it found and easily removed the malware that none of the other products I tried were able to!

Microsoft Security Essentials

Since I found Microsoft Security Essentials to be successful at home, I have been using it more frequently at my IT job. Although it still isn’t part of the standard set of scans we run, Microsoft Security Essentials seems to find malware that other applications miss. Most of the time, it takes care of the malware without causing any additional problems to the system.

We’ve recently seen an issue with a Windows Update for Windows XP combined with a virus causing a Blue Screen of Death error.  Kevin wrote a fantastic guide to resolving the problem, and he found that using Microsoft Security Essentials seems to be the most successful  method for removing this particularly nasty malware.

Conclusion

Although the full scan still seems to take significantly longer than other products on the same hardware, it can be worth the time because Microsoft Security Essentials finds malware that other products miss. I still recommend using a combination of anti-malware products when running manual scans (since each one has unique strengths and weaknesses), but if your usual set of scans does not do the trick, I would give Microsoft Security Essentials a spin!

Have you used Security Essentials? Have your results been similar to mine, or have you had a different experience? I’d love to get feedback in the comments below!

SUPERAntiSpyware Releases Portable Scanner

Removing spyware from your computer can often prove to be a difficult task. Many programs are available to remove viruses and other malware in the case that your computer does become infected.

The developers of SUPERAntiSpyware have recently released a portable version of their popular spyware removal application called SUPERAntiSpyware Portable.  SUPERAntiSpyware Portable is a spyware removal utility that can be used in the event that you become infected.

Downloading and Running

You will first need to download SUPERAntiSpyware Portable from the software’s website.  Since it is a portable version, installation is not required.  The file you download will be saved as a random name to prevent spyware developers from blocking the portable scanner from running.  A great feature of SUPERAntiSpyware is that the downloaded file will contain the most recent spyware definitions.  This will allow you to run the program on a computer without an internet connection.

Run the executable file once the download has finished.  You will be presented with the splash start screen as shown below.

Select the language that you wish SUPERAntiSpyware to use.

The main program window will then be shown.

Click the Scan your computer… button on the main program window.  A new window will appear asking which drive(s) you wish to scan.  You can also select how thorough of a scan to perform.  Click Next to begin the scanning process.

The current status of any infected items is shown during the scan.

Once the scan has completed, a summary screen will appear showing the number of infected items.

The complete list of infected items will appear and allow the user to remove them from the system.

SUPERAntiSpyware will notify you once all items have been successfully removed.

Conclusion

SUPERAntiSpyware Portable is free for personal use, with technical and corporate licenses available.  If you’re looking for a portable spyware removal utility, then I suggest that you give SUPERAntiSpyware Portable a try.

Have a Virus? Let Malwarebytes Help

It can happen to anyone:  You turn on your computer and log in, only to find pop-up advertisements, search bars, a changed desktop background, and many screens warning that you may be infected with a virus.

virus1
Desktop background changed by a virus

One sign that you have been infected with a virus (or what can be referred to as malware) is the sudden appearance of new “security” software, such as AntiVirus 2009, Total Security Center, and System Security.  These programs are not valid anti-virus software, and will often warn you that your system is infected and then direct you to their site and request payment for running scans on your system.  It is important that you do not pay for these “services”.

system-security

Depending on the severity of the virus infection, the usability of your computer may range from moderately usable with moderate pop-ups, to random restarts, system errors, and blue screens of death.

Although the situation may seem dire, there is hope.  Malwarebytes is a free program that swiftly remove virus and malware infections.

Using Malwarebytes

Start by downloading the free version of Malwarebytes.  Before finishing the installation, be sure that the check boxes for “Updating Malwarebytes’ Anti-Malware” and “Launching Malwarebytes’ Anti-Malware” are checked.

When the program has launched, select Perform full scan to scan your entire hard drive. and click Scan.  The full scan will take quite a bit of time, so if you’re in a hurry select the Perform quick scan option.

scan1

On the next screen, select the drives you wish to let Malwarebytes scan.  Although the default C: drive may be sufficient, I would recommend scanning all attached drives.  Click Start Scan to start the virus scan.  Depending on the size of your drives and the amount of data stored on them, a full scan may take well over an hour.

When the scan has completed, the results will be shown.  Click Show Results and click Remove Selected Items to remove the virus infection from your system.  Depending on the virus, it may be necessary to reboot your system to completely remove some items.

scan-results
Malwarebytes Scan Results

Tips for improving scan performance

Run the scan in Safe mode

Many times a virus will embed itself into a running system file.  Malwarebytes will not always be able to remove virus items that are embedded in running processes.  The easiest way to reduce the number of running processes is to boot into Windows Safe mode.  To enter Windows Safe mode, repeatedly press the F8 key when first booting your computer.

Update software before each use

It is important that you update the virus database before you perform a scan.  Click the Update tab on the Malwarebytes main window and click Check for Updates.  After the update has been finished, you can then continue with the scan as shown above.

Multiple scans

Although Malwarebytes may be successful, it may be possible that not all parts of the virus were removed during the scan.  It can be helpful to perform a second scan of the system to verify that all items were removed.

Conclusion

Although it is important to take steps to prevent a virus infection, Malwarebytes can be a useful program for removing malicious software.  Your first defense to preventing a virus infection is to have up-to-date virus software.  A free anti-virus solution is Microsoft Security Essentials.  Above all, smart internet browsing will be the best way to avoid malware.

Preventing Viruses Part 1: Email Viruses

keyboard-virus-thumbWhen you think of a computer virus, you might imagine a hacker in a dimly-lit room deliberately targeting your computer with malicious software.  While that might happen in movies, real viruses are nearly autonomous and are constantly scanning the internet seeking vulnerable software and hardware.  As soon as they find a viable target, they infect and attempt to propagate again.

So how does your computer get infected with viruses (or more broadly defined as malware)?  The unfortunate truth is that most viruses are self-inflicted, so in this guide I’ll be giving you some tips on how to avoid viruses that spread through email.

Why Email?

Email is a common way to become infected because it provides a simple method for transferring files as attachments.  This doesn’t mean that reading an email in your inbox will infect your computer, but it does mean that your messages could have viruses attached to them disguised as ordinary files.

Here’s a likely scenario:  A friend of yours gets a computer virus.  The virus then uses their email address book to spread itself over the internet (and your address is on that list).  You receive an email from your friend saying you should open the attached file.  You open it and your computer becomes infected, and the cycle continues.

The Art of Avoiding Email Viruses

Avoiding email viruses isn’t as easy as never opening attachments.  You need to be actively aware of the messages you’re receiving, including the sender, addressees, and message content.  If anything seems wrong, it’s probably in your best interest to leave it alone.  One of the oldest rules of the internet continues to hold true for email: if it seems too good to be true, it probably is.

The most important thing is to only open attachments you were expecting to receive, and make sure they are the correct file you expected.  You’re most likely to be infected by an email from a friend or family member, so if you receive an attachment when you weren’t expecting one, don’t hesitate to email them back and ask what the file is before opening it.

If you’re receiving a file you were expecting, it still doesn’t hurt to run your virus scanner before opening it.  Most email programs (including Gmail) can automatically scan attached files for viruses.

What to Watch Out For

I recently received a suspicious email from a friend that didn’t have an attachment, it instead had a link to an executable (.exe) file.  The email came with the subject “WOW”, which can easily pique your curiosity as to what the file may be.  I noted that the email was addressed to me and several people I had never heard of, which also alerted me that something was awry.

Before opening the file, I replied to my friend asking him if he intended to send that email (or if he was even aware it was sent).  I also suggested that if he didn’t intend to send the file, that he should immediately notify the recipients of the email to stop them from opening it.  It turns out that he had no idea the email had been sent from his account, and he began notifying the recipients not to open the file.

virus-prevention-email-message

General Rules for Avoiding Email Viruses

  1. If you weren’t expecting a file, don’t open it.
  2. Ask the sender what the attachment is before opening it.  They may not have been aware it was even sent.
  3. Make sure you have an anti-virus program installed and keep it updated.  Microsoft Security Essentials is free and provides good protection.
  4. Especially avoid executable file (.exe) attachments.  Viruses can be stored in many ways, but .exe’s are more likely than others to be malicious.

By following the tips in this guide, you should be well on your way safely using your email.  Have any tips for avoiding email viruses?  Share them with us in the comments!

Looking for Free Virus, Spyware, and Malware Protection? Try Microsoft Security Essentials

ms-security-essentials-scanningsmallrightWindows only:  Microsoft has just released the public version of their free virus, spyware, and malware protection suite dubbed Microsoft Security Essentials (the successor to their lesser-known Live OneCare product which offered similar features).  Security Essentials is a quick download and simple installation, giving users clear and easy-to-use indications whether your PC is secure or not.

Installing Security Essentials took approximately 60 seconds (not including updating the virus definition files) and my first Quick scan was completed in about 5 minutes.  The Full Scan took significantly more time, but this will be dependent on your processor speed and the size of your hard drive.  The software itself used around 60 MB of RAM while performing a virus scan, which is fairly light compared to other commercial anti-virus products.

ms-security-essentials-scanning

Security Essentials offers a simple interface, allowing users to select Quick scan, Full scan, or use custom settings from the Home screen.  Updating the software can be easily done in the Update tab, and the software also utilizes your system’s Windows Update service to stay up-to-date.

ms-security-essentials-home

Since Security Essentials only offers virus, spyware, and malware protection, this software isn’t intended to compete with full-fledged commercial security suites.  Security Essentials provides good basic protection for normal use and is a great contender in the free protection market.

Microsoft Security Essentials is a free download for Windows XP, Vista, and 7 (but you will have to validate your copy of Windows before installation).  [Download]