Malware: A virus, trojan, worm, exploit of any kind, Fake Alert message like “Disk drive C:\ is unreadable” or “you are seriously infected” etc. etc.
Some suggestions on how to how to remove malware can be found under services at the link Malware Removal Tips
Web hosting available.
We offer very reasonable hosting for experienced website and Word Press users.
Computer Repair Tips using Microsoft Windows Defender, see link below.
CAUTION: using these tools may really break your computer! …Of course it is probably already really broken or you would not be reading this…Select The Services tab above for services we offer and more ideas on how to fix your own computer.
Recently a student ask me about using this product which is named just like a number of fake alert (scare ware) Trojans. Be careful of the URL you select when you search for solutions, many of the listings are bad people. It is always better to go to the windows.microsoft.com link (see below) or search for Windows Defender Offline Beta in Google and make sure the site you select is at a windows.microsoft.com/…something URL.
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
This is the new production (but still Beta!) version of the Microsoft System Sweeper which I have used many times in past years. It is used mostly for hidden root level file (Root Kits) detection and will only eliminate trojan and virus files which are in it’s data base the day you download it. I usually burn a new disc every three days or so. If you use a thumb drive or flash drive then you can update the “signature or database” without re-installing this utility. In use Microsoft Defender Offline Beta will often see a new root kit and attempt to delete it but since this may mess with the MBR (a portion of the hard drive which creates a table of where things are) you may also be get taken to the Microsoft Recovery console on restart. If Recovery console attempts to repair, which may or may not work, it is best left to run. This is a new version which has the Microsoft Security Essentials interface screen. So my experience the older version may not apply completely to tool. My guess is that you would use it last, after using SuperAntiSpyware and Malwarebytes (see earlier posts). New versions of malware are created hourly and new responses by anti-malware vendors are created hourly as well but there is usually a 2 or 3 day offset between first detection and first response. This tool can be used by those with a moderate level of computer savy but may not be a cure all.
We are now seeing physical damage done to the hard drive when root kit malware fails to infect the drive properly. I call it physical damage because portions of the hard drive are overwritten in such a way as to make that portion of repair, or even use, difficult. All in all Windows Defender Offline Beta is a good tool but if you feel that you need to use it then there is likely already a dangerous level of infection which may continue to leave your computer unusable.
Use with caution, SuperAntiSpyware first, Malwarebytes second. Rootkit scanners third, Windows Defender Offline Beta third as well. In other posts I mention a program called “RKill” from Grindler and provide instruction on how to run this “process killer” first before running other off of the shelf solutions mentioned above.
Check the date of this post, my recommendations should only be regarded if they are within two weeks of that date.
Good Luck, it is getting ugly out there!
If you are just looking for information on repair services check out the post following this one or the Services Page and please feel free to skip the following discussion!
FYI (to students and friends in computer science)
While not aimed at command and control of physical plants and in particular not aimed at PLC controllers, this “weaponized” attack is almost identical to Stuxnet and since you have knowledge of that attack vector I thought you might be interested in this one.
(or Google: white paper symantec duqu)
A most interesting part is the creation, in Method 0, of the attack out of a ram cache which means that component files and their “signatures” do not exist on the hard drive. We are seeing a lot of attacks like this these days. While the US and Israel were fingered as the possible creators of this intelligence gathering device it is clear that anyone who has reverse engineered Stuxnet could use either Stuxnet or Duqu as a model for future attacks of their own. As it stands today, most modern attacks use many of these techniques. Shares of almost any description are one of the vectors for this type of attack and like Stuxnet could be “walked” into the facility on a thumb drive.
Several of the “traces” have been seen since Nov of 2010 and there is speculation that Duqu is possibly near retirement by the intelligence community but ready for prime time by the reverse engineers.
Jerry Del Valle likes this source much better and I admit that it is an easier read.
The number one software web browser which allows infection is internet explorer but often this is in conjunction with internet programs like Java, Adobe Flash and Adobe Reader. The number two browser to allow infection is Firefox and then Chrome, Safari and Opera. These numbers are pretty much the same as the actual percentage of use of these different browsers. In all cases they often need the “help” of an out of date version of Java, Flash or Reader.
What is the safest thing to do?
Update your computer, don’t open email links, avoid third party software and tool bars which “help” you surf the internet like the “Ask” toolbar. Use Chrome instead of IE. Check the Services tab above and follow those “best practices”.
PH