If you have been exposed to Malware/Viruses you may notice that when you go to view files, they are hidden. How do you unhide these files?
Go to a command prompt as an administrator and type the following -
cd\ (Hit Enter)
attrib -s -h -r c:/*.* /s /d (Hit Enter)
This process will take several minutes to run.
We were interviewed about Mac Malware with PCWorld and now the details about the attack from Naked Security.
(April 13, 2012)
“Flashback Malware Puts Apple in Security Spotlight: Experts Weigh In” - PCWorld
The website sicherheitstacho.edu shows cyber attacks as they happen. Currently with 97 sensors, the site gives information about malicious activities on the web.
Spycar attempts to make changes to your registry and Windows system to test your anti-virus and malware protection software. Follow the links on Spycar’s website and click through the tests. Your antivirus should block any attempt of malicious activities. Spycar is free to use and is an excellent resource for quick testing your security.
BitDefender blocking Spycar’s attempts
EICAR has several files you can download and test your antivirus and malware software. Your antivirus should block the downloading of these files or quarantine the files immediately.
I was recently asked why computers get infected with viruses. To show how easy it can be, I could easily log into Facebook and just start clicking or look for an archived file (zipped) with something I was looking for. To show how easy it is and being a NASA buff, I simply searched for Apollo photos that were publicly shared. Once I found the zipped file, I scanned the file and yep, the first one I found was infected. (Note: This was under a VM and in a controlled lab)
So a couple of friends told me there was nothing wrong with their computers…. I asked if I could scan them because I just wanted to see what was on them…
Malware today can be removed using SuperAntiSpyware Portable, A-Squared, and other utilities such as Malwarebytes. You may be infected and not even know it.
What is the order to remove viruses and malware? It varies. Start here-
BE PATIENT let the scan finish in each one of the above programs. The programs may find something the others didn’t. LET IT FINISH!
So you went into safe mode, ran a cleaner (ccleaner or bleachbit) and ran an anti-malware program and when you restart, your PC becomes infected again. So what happened?
Many times, the virus is in the startup group and has been copied to your program files or programdata folder. Even though the cleaners removed the virus, the virus may be dynamic and when restarted, it spawns (polymorphic) and reinfects the computer. The virus has cloned itself and is basically regenerating itself when Windows reboots.
You can get to the source of the problem and delete the virus and left over files just after you clean it in safe mode.
MSConfig (Finding the rogue software)
MSConfig Close-up
Navigate to the folder and delete the files. You will see a pattern of odd files.
Properties of the file
Note: Executing the file by identically clicking on it will reinfect the computer. If single click is on (Mouse), turn off the single mouse click option prior to navigating to the folder containing the virus.
Skilled professionals can capture the virus and practice removing the virus by using an old pc or a virtualized operating system in an educational environment. This should be in a controlled lab. Anytime you work with viruses (removal or educational), it must be controlled and infected computers should be backed up and removed from the network.
How do I remove the virus and what programs should I use? Link
(Above pics by Michael M. -Bama)
Credit to Bill Mullins for posting this at his blog - original post at ThreatPost
Here’s a good program that is free for home use.
Emsisoft Emergency Kit 2.0 protects against malware infections of any kind. It is fully portable and therefore requires no installation whatsoever, ready to be launched directly from storage media devices. (shared by addthis) Read more at Help Net Security
Emsisoft Emergency Kit 2.0 (131 mb)
- Your emergency kit for infected PCs!
- Detects and removes Malware
- >5 million known dangers
- World class dual-scan-engine
- 100% portable – perfect for USB sticks
- HiJackFree and BlitzBlank included
Kevin (a student) recently showed me an email from an internet vendor. Having placed several orders he hesitated before he clicked an order he knew he didn’t order. He knew he didn’t place an order and he had WOT (Web of Trust) loaded. The links in the email are red and marked by WOT. This indicates and warns the user the link is more than likely malicious. He also hovered over the link and as you can see, the link (bottom left corner) goes to a .ru domain. The likelihood the link contains malicious code is great. Use caution when you receive any email.
If you receive an email like this, mark it as spam, delete it and never click the link even out of curiosity.
A review by Bill Mullins
Rick reviews WOT at Whats On My PC
Please tweet, share or reblog this post. With this problem coming up, get the word out. See how to check your computer at the end of this article.
In July thousands of computers will be without internet. Over 300,000 users still infected! DNS Changer is a piece of malware that could possibly affect thousands of computers that are currently running through FBI computers. This Malware redirected you to malicious DNS servers.
What is DNS? DNS is a form of services all computers, notebooks, tablets, netbooks and phones run through in order to use the internet. When you type a url such as http://www.wordpress.com your computer goes to a DNS server and the name is converted to an IP address so that your information can be routed to the webserver you are trying to view.
Scan your computer for viruses, malware and spyware. Use your anti-virus program (Download AVG free or Microsoft Security Essentials) and scan with Malwarebytes or SuperAntispyware portable edition. Check your computer by using the information found below.
Want to learn about malicious activities and the internet? Be sure to visit each of the links below.
Fortunately, the FBI intercepted these (all known) malicious DNS servers in order for users to travel to legitimate sites. However the intercepted DNS servers and redirects by the FBI will be turned off in July. It is estimated over 300,000 people are infected. Be sure to check your network and computers for these infections.
DCWG gives information on Detect, Fix and Protecting your computer.
FBI – Check to see if your computer is using a rogue DNS server – Link
Operation Ghost Click Information
Dark Readings Article on Teaming Up to Take Down Threats
Team Cymru Information (Security)
Team Cymru helps organizations identify and eradicate problems in their networks, providing insight that improves lives.
Check out their movie on one day of malicious activities
Team Cymru Battle Project
Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) displays IRC and HTTP botnet, crimeware, and phishing data on an interactive world map in near real time. It is intended to provide enough information to enable law enforcment to identify botnets and attacks that are of interest to them. On the right-hand side of this page you can see an example screen shot of the BATTLE interface.
Security professionals are leery of one-way public-private partnerships, but Operation Ghost Click shows that the model is necessary to take on international threats
Advanced IT Professionals – Information on Servers
Advanced IT Professionals can see DNS server status here.
Sample Status for IT Professionals – below (use the link above to check DNS status)
Sandia National Laboratories gives an analysis of your domain here
Sample Status of DNS/Domain information
(provides DNSSEC, Responses, Servers and the ability to Analyze domains)
Thanks to Dawn Babian our Network Admin, Mickey Chilton and Virginia Dennis for links and information.
