Thursday, February 24, 2011

Fake Anti-virus: AntiVira AV

Well, not more than three days after my last post, I am dealing with another fake antivirus program, the culprit this time – AntiVira AV. Customer called and said he was getting a popup that said the computer was infected, and the antivirus program had to be renewed. Interestingly the internet did not work, so time to look up this anti-virus program; even more interesting, it’s on Wikipedia’s list of fake anti-virus programs. And a quick Bing (sorry Google) search reveals similar results.
Antivira Av
Once I got my hands on the computer things got interesting. The computer has Microsoft Security Essentials on it; however, it was disabled, definitely not a good sign. In addition, lots of annoying popups about how the computer is infected by a zillion viruses and how the program is blocking these constant online threats. So, time to start trying things:
  • First off, try uninstalling the program (Start >> Control Panel >> Add or Remove Programs). Nope, cannot open Add or Remove Programs. Not a big surprise, but worth a try!
  • Next, Task Manager, hmmm. Virus Alert??? Nope I don’t believe that’ll work.
  • How about Internet? Nope nice message about how I need renew my anti-virus software and how my computer is infected. Oh, wait it’s redirecting, yes the internet does work, now let me see what pills do I want – Viagra anyone?
  • MSConfig – no go.
  • Try my USB flash drive with some handy utilities. Interesting according to an AntiVira AV popup message all my .exe’s on my flash drive are corrupt!
  • Attempt scanning the hard drive on another computer with Norton Antivirus. Nothing found! Now that is bad.
  • Time to give Safe Mode a try! Surprisingly it actually works! So far so good, no AntiVira AV shutting everything down. Time install some real AV programs!
  • Hmm, restarted computer and now computer Blue Screens when trying to logon to the desktop. Definitely not good. I think my AV program is having a conflict with the fake AV program.
  • OK, back to Safe Mode, this time I’m using Safe Mode with Networking. The program I’m using is called UnHackMe http://greatis.com/unhackme/, which also comes with a Live CD that you can run if your computer is in really bad shape. A Live CD is an operating system that can run off an optical disk, no hard drive or installation required.
  • Time to update the virus definitions and let UnHackMe run a virus scan. After running the scan, UnHackMe found 1 threat and 20 potential threats; of the potential threats about half of them were legitimate programs/services.
  • Reboot computer again, UnHackMe finishes the cleaning process and loads the desktop. No AntiVira AV to be found and Microsoft Security Essentials is working again!
  • Internet still is not working, but a quick trip to Internet Options >> Connections tab >> LAN Settings >> and uncheck the option to use a proxy server.
  • Finally finish up the cleanup job with a full system scan from Microsoft Security Essentials, Norton Antivirus, and Spybot Search & Destroy. A couple more minor nasty's were found and cleaned!

Monday, February 21, 2011

Scareware Be Very Scared!

One of the most common problems I have had to deal with in the last year is fake anti-virus programs.  These programs usually claim your computer has a large number of infections and of course require the user to pay for the “program” before the infections are removed.  These programs usually come with some fancy names and very professional interfaces.  Even most professional will have trouble determining from the name or interface if the program is indeed a fake.  For example check out the screen shot of an anti-virus program below:
Antivirus Pro 2010
This program (Antivirus Pro 2010) is actually a virus!  And of course it claims your computer is infected by multiple viruses.  And last but not least in order to remove these viruses you need to pay for the program!  Oh, and do not forget it can spy on you as well!  Try uninstalling it?  Forget it!  Some of these programs take extreme measures to be removed!
It is worth noting that not all these programs are viruses, some of them are simply shoddy anti-virus apps that do not work or do work well.  Malicious fake anti-virus programs usually have a multi-faceted approach:
  • Mask and hide the real virus while trying to give the users a sense of security.
  • Download and install additional viruses onto the user’s computer.
  • Remove another company’s or malicious user’s viruses
  • Require the user to pay to remove the supposed viruses.
  • Spy on the user and steal any valuable information.
Some of the trouble stems from the fact that users do not know what anti-virus program (if any!) is protecting their computer.  Do you know what is protecting your computer?  Hopefully it is not one of the programs on Wikipedia’s list: http://en.wikipedia.org/wiki/List_of_rogue_security_software!  Generally, how a user gets one of these programs is by browsing the web and clicking a popup that states that their computer is infected.  Naturally the user immediately becomes concerned and likely will click on the option to “clean computer” or some other such wording.  Before clicking on any such warnings, the user needs to make sure that the warning is actually coming from the anti-virus program installed on the computer!  Most importantly NEVER click on anything shows up as a popup in a web browser that says your computer is infected.  If you are not sure if the popup is valid or not; I would suggest closing the popup window and opening up your anti-virus application.  If the concern was valid you should see a warning; if not, you can always run a virus scan just to be sure!  Just to note, make sure you read any messages that popup in a web browser carefully, sometimes by clicking the wrong option the malicious program will automatically be installed!
Spyware Protect 2009
Above is an example of a popup in Internet Explorer, the site that Internet Explorer is attempting to load is actually microsoft.com.  In this case neither choice is a good option, and attempting to close the browser window would be the best bet.

Tuesday, February 15, 2011

How to Speed Up Your Computer!

I’m sure most of you have heard advertisements for programs and services that are supposed to speed up and unclutter your computer.  Most of these programs and services are simply registry cleaners and really have nothing to do with what is most likely slowing your computer down (more on that in a minute).  There is actually some debate that cleaning the registry may be more harmful than good.  For those of you who are uncertain what the registry is; it is the location where the Windows operating system stores settings for both Windows and programs stored and installed on the computer.  A damaged registry can result in a computer that will never see the “light of day” again!  And it is for that reason some experts do not recommend using registry cleaners, there is also little evidence that cleaning the registry actually speeds up computer.
Start menu msconfigSo, if the registry most likely is not slowing the computer down, what is slowing down the performance?  There are two likely answers, running (installed) programs and (or) malicious programs (viruses, malware, spyware, scarware, ect.).  I am not going to cover the malicious software in this article.  Running programs slow a computer down by consuming resources and processing time both during boot up and while running.  Most of these programs do not need to be running, especially during start up!  The first thing to do is to uninstall any unneeded programs, see my previous blog post for a little bit on that: http://computer-skills-online.blogspot.com/2011/02/new-computer-first-stepdecrapify.html.  Once any unneeded programs have been removed, the second step is to open System Configuration and remove all unneeded items from starting up with the computer.  To open System Configuration go Start and type “msconfig” in the search box and press Enter on the keyboard.  In Windows XP you need to go Start >> Run and type in “msconfig” and click OK.
Once you press enter (or click OK) the System Configuration window should open.
system configuration msconfig
To view the items that are starting up with the computer click the Startup tab.  This will display a list of most of the items that are starting up with the computer.  To prevent an item from starting up with the computer simply uncheck the item. 
So how do you know what to uncheck?  The short answer is virtually everything!  A good way to start is by expanding the Startup Item and Command columns so you can see more of the name and command, sometimes the names on the programs do no make sense, in which case looking at the command column may give a clue as to what the program is.  Some items that should startup with the computer are antivirus programs, firewalls, backup software, and printer software (depends the printer).  Just to note as well, just because you uncheck an item does not mean that it will not work, the program simply will not startup with computer and will not be running in the background.  An example of this above is Adobe Acrobat, just because I have unchecked it does not mean it it does not work; it simply starts up when I want to look at a PDF file.
In the screenshot above I have unchecked a total of 30 items that are starting up with computer!  Which provides a noticeable difference in startup time as well as overall performance!  You can also note from the list that I could have actually unchecked all but the Microsoft Security Essentials program; however, I want the programs that are checked to startup with the computer, for example Windows Live Messenger will automatically start and log me in when I start my computer.  Now, I could uncheck it from starting up, which would mean if I want to use I would have to start it manually.
Once you have finished making all your changes, you click OK and you will be asked wither you want to restart the computer.  It does not matter with you restart now or later, though you may want to check and see if your changes actually made a difference.
Once you restart the computer, another System Configuration dialogue box will appear letting you know you have made changes, assuming you find the changes acceptable, just tell the dialogue not show this message.
If you do not find the changes acceptable, simply open the System Configuration, go to the startup tab and recheck any programs that you want to start up with the computer.

Sunday, February 13, 2011

New Computer? First Step–Decrapify!

So, you just got a new a computer?  Well, if you got it from your local computer store or from an online retailer (Dell, HP, ect.) they most likely loaded it up with programs you will never use or don’t even know what they are!  All these programs will do is take up space and slow the computer (if they start up with the computer).  Most these programs are only demos or 30 day free trials anyway.
The first thing to do is start by uninstalling the items you do not need.  Sorry, deleting the icons off the desktop does not mean the program is uninstalled!  To remove a program in Windows 7 (very similar in Windows Vista and Add or Remove Programs in XP), you need to go to Start >> Control Panel >> Uninstall a Program or the long way Start >> Control Panel >> Programs >> Programs and Features.
Control Panel
The Program List, note the number of Asus programs that came installed on my Asus Laptop:
Control Panel Uninstall Program
This is actually only a small number of the programs that originally came with the laptop, most of the others have already been uninstalled.  Before uninstalling a program, I suggest finding out what the program does, you may just want to keep it.  For example my Laptop comes with a webcam application that comes in handy.  Don’t worry if you uninstall a program accidentally, most manufactures provide a installation CD/DVD with the computer or they can be downloaded online from the manufactures website.

Welcome to Computer Skills Blog

Welcome to my new blog Computer Skills Online.  In this blog I hope to help struggling (even if you don't realize it) computer users.  I plan to stick to the basics with this blog.  So, if you have a suggestion for a blog post on something what you want to know or a problem you have, please post it in the comments!