Detect and Remove The Most Common Viruses with McAfee Stinger

Anti-Virus 2010, Total Security Center, Windows Security Center – These names all sound like legitimate antivirus software, but they are actually viruses in disguise.   Virus removal programs such as SUPERAntiSpyware and Malwarebytes can sometimes have a difficult time removing these types of viruses, and new malicious software appears every day.

McAfee Stinger takes a different approach to removing viruses.  Instead of looking for all of the possible infections, McAfee Stinger looks only the most recent and most common viruses.

Using McAfee Stinger

Start by download the latest version of McAfee Stinger.  Open the downloaded file and click Scan Now as shown below.  By default, McAfee Stinger will scan the entire C:\ drive.

If you want to see exactly what McAfee Stinger is looking for (or you think you know what you might be infected with), you can see a list of the viruses it is capable of removing under the List Viruses menu.

Have you use McAfee Stinger to remove a virus?  How does McAfee Stinger compare to other virus removal utilities?  Let us know your thoughts by commenting below.

Don’t Get Caught Off Guard By Web Pages Imitating Antivirus Software

Malware, which is any type of harmful software, uses many different methods to trick users into installing it.  A recent trend is to imitate legitimate antivirus software so you inadvertently install the malicious program.

Malware creators utilize scary pictures and language to trick people into believing their computer is infected, and ultimately attempt to make the individual purchase something to remove the fabricated “threats”.

In my experience as an IT support technician, this type of malware is generally installed on an individual’s computers when they click a seemingly harmless link on a website or download a file.  This means the malware can be prevented if users know what to look for and follow safe browsing habits. This article will provide one example of how to do that.

Malware in Disguise

Recently I came across a very interesting pop-up I hadn’t seen before:

Pop-upAt first glance, this error message looks like a legitimate virus notification.  However, this image has some flaws that, with the right knowledge, make it easy to spot as a fake and avoid the consequences of clicking on it.

How to Identify a Fake Virus Notification

The first giveaway that the virus notification shown above is a fake is that it shows the virus scanner running in a “My Computer” window (as seen in the title of the window).  This implies that the virus scanner is a part of Windows, but Microsoft does not have any antivirus software integrated directly into the operating system.

Second, nothing happens when trying to move the window.  Moving the mouse cursor over the buttons doesn’t make them change like you normally see in Windows. You can also observe that there are numerous spelling and grammar mistakes in the text – any professional product would not contain such mistakes so frequently.

Finally, my taskbar only showed that Firefox, iTunes, and Pidgin windows were open, no antivirus. However, it showed an extra Firefox window which I had not opened. At this point I clicked it to bring that window to the foreground and the bogus virus scan appeared.

Since experiencing that first pop-up, I have seen several others that are similar. Each has its own unique features, but the general premise in all of them is the same. Observation techniques such as the ones I used in this situation can be used to determine the legitimacy of many other fake notifications and will help you avoid viruses.

Additional Tips

Besides the specifics of the example in this article, here are some general “good computing” habits to prevent you from being a victim of this latest type of virus:

  • Have legitimate antivirus software installed and updated (Microsoft Security Essentials, avast!, Avira, and AVG are all good antivirus products that can be downloaded and used free of charge).
  • Know the name and logo of your installed antivirus software.  If you see a notification with a different name, you’ll immediately know that it’s a fake.
  • Take time before clicking on links or images to make sure you know what they are and where they lead.

In the past, this type of virus has been relatively easy to remove.  However, recent iterations have proved more tenacious, which makes it that much more important to know how to prevent them.

Have you have encountered any similar pop-ups? Or have you gotten the malware that can be caused by them? Do you have any other additions, comments or questions about good browsing habits to prevent getting malware? Please let me know in the comments below!

Image Credit: http://www.salisbury.edu/helpdesk/

Fix: What To Do if Removing a Virus Blocks Executable (.EXE) Files From Opening

I have recently observed that after removing certain fake anti-spyware viruses (such as “Windows Security Center” or “Anti Virus 2010″), all executable (.exe) files will no longer open.  No matter what file you try to open – iTunes, Firefox, or even Malwarebytes – they will not open because they are all .exe files.

To fix this problem, I came across a process that fixes the registry keys that have been changed due to this virus.

The Problem

When attempting to open any executable file, you see the image shown below.  It is a notification asking you to choose what program you would like to open the file with, which means Windows does not understand how to open .exe files.

The Solution

Disclaimer: Before you start this guide, please keep in mind that this is an advanced procedure and you could potentially end up doing more harm than good by following this guide.  If you are not comfortable with the procedures mentioned in this guide, please call your computer’s manufacturer for support or bring it to an authorized PC technician.  We can take no responsibility for damage done to your system by following this guide.

Step 1: Open the Run dialog box by going to Start -> Run or pressing WIN + R.  Then open the command prompt by typing “command” (instead of typing “cmd” because “cmd” links to an .exe file which will not open).  “Command” links to a .com file which is not affected by the virus.

Step 2: Once you have opened the Command Prompt, type “regedit” and hit enter.

If you can’t open regedit (which is certainly possible because it is an executable file itself), try typing the following commands, one at a time, and press enter after each one.

cd \

cd \windows

copy regedit.exe regedit.com

start regedit.com

This makes a copy of regedit in the form of a .com file so it can be opened.

Step 3: As a precaution you should back up your registry.  To do this, go to File->Export to save a backup file.  You should save this backup to a USB flash drive or other type of portable media just in case you can’t access your hard drive.

Leave the Registry Editor open after you have made a backup because you may need it in the next step.

Step 4: You will now need to run a special registry file that will re-establish the file associations for executable files.  This file is specially tailored for your operating system, so make sure you use the correct file.  You will need to right click these files and select Save As to download them to your computer.

After downloading the correct file for your operating system, you need to try opening it to add those values to the registry.

a) You can first try double clicking the file (or right clicking it and selecting Merge).  If this works you can skip to Step 5.

b) If a) didn’t work, go back to the Registry Editor which you opened in Step 2 and go to File -> Import.  Navigate to the .reg file you downloaded and select it.

c) If neither of those worked, check out the final section of this guide for more help.  Windows XP users can check out this guide which offers the registry fix in a .COM file format.

Step 5: If you were able to successfully install the registry fix for your operating system, you should be good to go now.  Restart your computer and try opening any executable files to see if it worked.

If you encounter problems after changing your registry, you can restore the backup you made in Step 3.

If you still have problems

I’ve dealt with a few computers that have been afflicted with this problem, and I have discovered that there is a tremendous amount of variability that can occur.  If this guide wasn’t able to help you, I recommend checking out the following guides which offer more solutions:

If you’re still stuck after that, post in the comments below and provide as much information as possible.

Remember, if in doubt: call your computer’s manufacturer for support or contact an authorized PC technician.  We can take no responsibility for damage done to your system by following this guide.

SUPERAntiSpyware Releases Portable Scanner

Removing spyware from your computer can often prove to be a difficult task. Many programs are available to remove viruses and other malware in the case that your computer does become infected.

The developers of SUPERAntiSpyware have recently released a portable version of their popular spyware removal application called SUPERAntiSpyware Portable.  SUPERAntiSpyware Portable is a spyware removal utility that can be used in the event that you become infected.

Downloading and Running

You will first need to download SUPERAntiSpyware Portable from the software’s website.  Since it is a portable version, installation is not required.  The file you download will be saved as a random name to prevent spyware developers from blocking the portable scanner from running.  A great feature of SUPERAntiSpyware is that the downloaded file will contain the most recent spyware definitions.  This will allow you to run the program on a computer without an internet connection.

Run the executable file once the download has finished.  You will be presented with the splash start screen as shown below.

Select the language that you wish SUPERAntiSpyware to use.

The main program window will then be shown.

Click the Scan your computer… button on the main program window.  A new window will appear asking which drive(s) you wish to scan.  You can also select how thorough of a scan to perform.  Click Next to begin the scanning process.

The current status of any infected items is shown during the scan.

Once the scan has completed, a summary screen will appear showing the number of infected items.

The complete list of infected items will appear and allow the user to remove them from the system.

SUPERAntiSpyware will notify you once all items have been successfully removed.

Conclusion

SUPERAntiSpyware Portable is free for personal use, with technical and corporate licenses available.  If you’re looking for a portable spyware removal utility, then I suggest that you give SUPERAntiSpyware Portable a try.

Have a Virus? Let Malwarebytes Help

It can happen to anyone:  You turn on your computer and log in, only to find pop-up advertisements, search bars, a changed desktop background, and many screens warning that you may be infected with a virus.

virus1
Desktop background changed by a virus

One sign that you have been infected with a virus (or what can be referred to as malware) is the sudden appearance of new “security” software, such as AntiVirus 2009, Total Security Center, and System Security.  These programs are not valid anti-virus software, and will often warn you that your system is infected and then direct you to their site and request payment for running scans on your system.  It is important that you do not pay for these “services”.

system-security

Depending on the severity of the virus infection, the usability of your computer may range from moderately usable with moderate pop-ups, to random restarts, system errors, and blue screens of death.

Although the situation may seem dire, there is hope.  Malwarebytes is a free program that swiftly remove virus and malware infections.

Using Malwarebytes

Start by downloading the free version of Malwarebytes.  Before finishing the installation, be sure that the check boxes for “Updating Malwarebytes’ Anti-Malware” and “Launching Malwarebytes’ Anti-Malware” are checked.

When the program has launched, select Perform full scan to scan your entire hard drive. and click Scan.  The full scan will take quite a bit of time, so if you’re in a hurry select the Perform quick scan option.

scan1

On the next screen, select the drives you wish to let Malwarebytes scan.  Although the default C: drive may be sufficient, I would recommend scanning all attached drives.  Click Start Scan to start the virus scan.  Depending on the size of your drives and the amount of data stored on them, a full scan may take well over an hour.

When the scan has completed, the results will be shown.  Click Show Results and click Remove Selected Items to remove the virus infection from your system.  Depending on the virus, it may be necessary to reboot your system to completely remove some items.

scan-results
Malwarebytes Scan Results

Tips for improving scan performance

Run the scan in Safe mode

Many times a virus will embed itself into a running system file.  Malwarebytes will not always be able to remove virus items that are embedded in running processes.  The easiest way to reduce the number of running processes is to boot into Windows Safe mode.  To enter Windows Safe mode, repeatedly press the F8 key when first booting your computer.

Update software before each use

It is important that you update the virus database before you perform a scan.  Click the Update tab on the Malwarebytes main window and click Check for Updates.  After the update has been finished, you can then continue with the scan as shown above.

Multiple scans

Although Malwarebytes may be successful, it may be possible that not all parts of the virus were removed during the scan.  It can be helpful to perform a second scan of the system to verify that all items were removed.

Conclusion

Although it is important to take steps to prevent a virus infection, Malwarebytes can be a useful program for removing malicious software.  Your first defense to preventing a virus infection is to have up-to-date virus software.  A free anti-virus solution is Microsoft Security Essentials.  Above all, smart internet browsing will be the best way to avoid malware.

Preventing Viruses Part 1: Email Viruses

keyboard-virus-thumbWhen you think of a computer virus, you might imagine a hacker in a dimly-lit room deliberately targeting your computer with malicious software.  While that might happen in movies, real viruses are nearly autonomous and are constantly scanning the internet seeking vulnerable software and hardware.  As soon as they find a viable target, they infect and attempt to propagate again.

So how does your computer get infected with viruses (or more broadly defined as malware)?  The unfortunate truth is that most viruses are self-inflicted, so in this guide I’ll be giving you some tips on how to avoid viruses that spread through email.

Why Email?

Email is a common way to become infected because it provides a simple method for transferring files as attachments.  This doesn’t mean that reading an email in your inbox will infect your computer, but it does mean that your messages could have viruses attached to them disguised as ordinary files.

Here’s a likely scenario:  A friend of yours gets a computer virus.  The virus then uses their email address book to spread itself over the internet (and your address is on that list).  You receive an email from your friend saying you should open the attached file.  You open it and your computer becomes infected, and the cycle continues.

The Art of Avoiding Email Viruses

Avoiding email viruses isn’t as easy as never opening attachments.  You need to be actively aware of the messages you’re receiving, including the sender, addressees, and message content.  If anything seems wrong, it’s probably in your best interest to leave it alone.  One of the oldest rules of the internet continues to hold true for email: if it seems too good to be true, it probably is.

The most important thing is to only open attachments you were expecting to receive, and make sure they are the correct file you expected.  You’re most likely to be infected by an email from a friend or family member, so if you receive an attachment when you weren’t expecting one, don’t hesitate to email them back and ask what the file is before opening it.

If you’re receiving a file you were expecting, it still doesn’t hurt to run your virus scanner before opening it.  Most email programs (including Gmail) can automatically scan attached files for viruses.

What to Watch Out For

I recently received a suspicious email from a friend that didn’t have an attachment, it instead had a link to an executable (.exe) file.  The email came with the subject “WOW”, which can easily pique your curiosity as to what the file may be.  I noted that the email was addressed to me and several people I had never heard of, which also alerted me that something was awry.

Before opening the file, I replied to my friend asking him if he intended to send that email (or if he was even aware it was sent).  I also suggested that if he didn’t intend to send the file, that he should immediately notify the recipients of the email to stop them from opening it.  It turns out that he had no idea the email had been sent from his account, and he began notifying the recipients not to open the file.

virus-prevention-email-message

General Rules for Avoiding Email Viruses

  1. If you weren’t expecting a file, don’t open it.
  2. Ask the sender what the attachment is before opening it.  They may not have been aware it was even sent.
  3. Make sure you have an anti-virus program installed and keep it updated.  Microsoft Security Essentials is free and provides good protection.
  4. Especially avoid executable file (.exe) attachments.  Viruses can be stored in many ways, but .exe’s are more likely than others to be malicious.

By following the tips in this guide, you should be well on your way safely using your email.  Have any tips for avoiding email viruses?  Share them with us in the comments!

Looking for Free Virus, Spyware, and Malware Protection? Try Microsoft Security Essentials

ms-security-essentials-scanningsmallrightWindows only:  Microsoft has just released the public version of their free virus, spyware, and malware protection suite dubbed Microsoft Security Essentials (the successor to their lesser-known Live OneCare product which offered similar features).  Security Essentials is a quick download and simple installation, giving users clear and easy-to-use indications whether your PC is secure or not.

Installing Security Essentials took approximately 60 seconds (not including updating the virus definition files) and my first Quick scan was completed in about 5 minutes.  The Full Scan took significantly more time, but this will be dependent on your processor speed and the size of your hard drive.  The software itself used around 60 MB of RAM while performing a virus scan, which is fairly light compared to other commercial anti-virus products.

ms-security-essentials-scanning

Security Essentials offers a simple interface, allowing users to select Quick scan, Full scan, or use custom settings from the Home screen.  Updating the software can be easily done in the Update tab, and the software also utilizes your system’s Windows Update service to stay up-to-date.

ms-security-essentials-home

Since Security Essentials only offers virus, spyware, and malware protection, this software isn’t intended to compete with full-fledged commercial security suites.  Security Essentials provides good basic protection for normal use and is a great contender in the free protection market.

Microsoft Security Essentials is a free download for Windows XP, Vista, and 7 (but you will have to validate your copy of Windows before installation).  [Download]

Conficker Worm: How to Check If Your Computer Is Infected

keysToday is April 1st, and with that comes the fear of your computer being infected with the Conficker worm.  Besides following Lifehacker’s tips to protect your PC from Conficker, you can follow a more advanced method of scanning your computer in this guide.

UPDATE: There are new and easier methods to scan your computer for the Conficker worm: