Showing posts with label Virus. Show all posts
Showing posts with label Virus. Show all posts

Thursday, September 1, 2022

Fix the "Virus Scan Failed" download error in Google Chrome, and the "Couldn't Download Virus Scan Failed" error in Microsoft Edge

Fix the "Virus Scan Failed" download error in Google Chrome, and the "Couldn't Download Virus Scan Failed" error in Microsoft Edge

  1. Locate the following registry subkeys:
    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments
  2. If you do not see the "Attachments" subkey, create it by right-clicking on "Policies", selecting "New", then clicking "Key", and then typing "Attachments" as the key name.
  3. Right-click "Attachments", select "New", and then click "DWORD (32-bit) Value".
  4. Type "ScanWithAntiVirus" as the value name, and then press Enter.
  5. Right-click the new "ScanWithAntiVirus" DWORD value, and then click "Modify".
  6. In the "Value data" box, type 1, and then click OK.
  7. Exit the Registry Editor.
  8. Restart your computer, and then log back into Windows to have the registry change take effect!

The download error(s) should be now resolved in both Google Chrome and Microsft Edge!

Jon Pienkowski
Pacific Northwest Computers
www.pnwcomputers.com
www.linktr.ee/pnwcomputers
360-624-7379

Monday, March 7, 2022

Ransomware Infection? This could help!!


Ransomware infections are a very real and very serious problem that general computer users, and businesses alike, should be prepared for!

  • First off, the best prevention to start with is to have good security software installed that can protect you from Ransomware infections (such as Malwarebytes Anti-malware, Kaspersky Antivirus, etc).
  • Secondly, have a good data backup system in place that follows the 3-2-1 backup rule to keep your data safe! 
    • The 3-2-1 backup rule simply states that you should have:
      • 3 copies of your data (your main data and 2 backup copies)
      • On two different media types (NAS drive and a thumb drive)
      • With one copy off-site for disaster recovery (cloud backup, etc).

If you do get hit with a ransomware infection, the website below can help you identify which ransomware you were infected with and if there is a de-encryption tool available to help get your data/files back: https://id-ransomware.malwarehunterteam.com/


Pacific NW Computers
www.pnwcomputers.com
360.624.7379

Monday, January 21, 2019

RansomWare or a Fake Tech Scammer Locked You Out of Your Computer using a "SysKey" Password

Image result for syskey attack

Some RansomWare Viruses and "Microsoft Tech" Scammers will Enable Windows' "SysKey" Function,
 and lock you out of your computer!

Well we have a few ways you can remove that pesky "SysKey,
and get you back into your computer!

*THIS IS FOR WINDOWS 7; MAY WORK ON 8 or 10 BUT THIS IS NOT TESTED OR CONFIRMED.

If this happens to you, the first thing you can try is use a Windows OS Media disk to remove the "SysKey" function using the Command Line.
  1. Boot to the appropriate OS Media (matches the installed OS version of the computer you are fixing). 
  2. When the OS installation screen comes up, Select USA English and then "Repair the Windows Installation"; DO NOT INSTALL!! 
  3. Go to "Advanced Troubleshooting" 
  4. Click on "Advanced Repairs" 
  5. Click on and open the the "Command Line" tool 
  6. Find the OS Disk by changing drive letters and checkin contents with the "dir" command. ie: cd C: cd D: cd E:, etc. 
  7. Run the following command on the OS drive:
    copy c:\windows\system32\config\regback c:\windows\system32\config 
  8. Say no to the "Software" replace prompt, but say yes to the others and replace a total of 4 files; Default, SAM, Security and System. 
  9. Reboot system 
You should be able to login to the computer again!
A warning however, you may have some security, OS and/or user account damage after the fact.

However there is an alternate method (or two) that can also do the trick, if the above process does not work, or is too difficult!

I have also removed the "Syskey" password using the following procedure:
  1. Boot from a Windows 7 Install DVD/Thumbdrive, or boot from a user created Windows Restore/Repair Thumb Drive.
    *You can also attempt the same procedure from Windows Start-Up Repair; if you are able to get there. 
  2. When the "Install Windows" screen appears, click on "Repair your computer" to access the system recovery options. 
  3. From the nex screen, run System Restore to last point before the syskey password on your computer.
    *This will fail, but must be done! 
  4. Click "run system restore again" and this will take you back to the main system recovery options list. 
  5. Open Command Prompt from the main system recovery options list. 
  6. Open Regedit; type "regedit" without the quotes, into the command prompt and the Regedit application will open. 
  7. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa and change the 'SecureBoot' value entry from 1 to 0. 
  8. Navigate to: HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account and delete everything for "F value" so that it's data/value is 0000 
  9. Reboot and you should now be able to Login! 

If you are not able to boot into the Windows 8 or 10 Startup Recovery Environment there is still yet another repair method you can try!

To get the computer to run a system restore if you can't get into the recovery environment, you try to make/trip the computer into doing a Startup Repair. 
  • The way we do this, is by turning the system off mid boot and then Startup Repair should catch that "issue" and run the next time you power on. 
  • During this process Windows typically recommends running a system restore to fix any possible boot issues; allow this process to proceed and complete. 
  • After this process has completed, open the computer's DVD drive and insert a copy of Hiren's All-in-one Boot CD/thumb drive. 
  • Turn the system off/restart the system. 
  • Booting from DVD or USB, boot into the Hiren's All-in-one Media and select "Mini XP Recovery Environment" 
  • Allow your system to boot into the "Mini XP Recovery Environment" RAM Drive environment. 
  • Once booted into "Mini XP" you can now run the built in Registry Editor (regedit) to complete the registry edits needed and listed in the previous repair steps. 
This procedure lets you complete the same repair tasks but using a different access methods and tools, but the same general repair principles and process.

These all have worked for me on client machines and has allowed me to get passed a "syskey" password each time. Once I am able to login to the client's system, I will physically disconnect the internet and start my cleaning procedures on the affected system. After a full clean-up, software removal and tune-up the once locked PC will now run fine without the user getting locked out anymore!

I hope this helps general users or other IT professionals!

Pacific Northwest Computers
Jon Pienkowski - Owner/Operator
www.pnwcomputers.com
360.624.7379

Tuesday, September 19, 2017

Ransomware; What You Need To Know


With the popularity of the "WannaCry" ransomware bug that went around in early 2017, most folks are pretty familiar with the term Ransomware (aka an extortion virus). If you are not familiar with term, essentially a Ransomware virus is bug that usually gets into a system through an infected attachment via a fake Email. Once the email is opened, the virus activates and immediately starts to seek out and encrypt Word Documents, Excel Spreadsheets, Pictures, Music; anything it can get it's hands on. It is a VERY destructive type of attack and if not prepared, you could loose all of the precious data that is stored on your computer and connected to your computer!

So what is Data Encryption?

Data encryption is a way to lock a file, or any type of data on a hard drive, very securely. Encryption essentially locks a file with a nearly unbreakable secret password, key, etc. Once a file has been "locked" or encrypted, you need have to have the secret key or password to be able unlock and access file(s) again. The key or password is what enables you to decrypt, or "unlock" the file, and have access to all your stuff again; pictures, documents, music, etc. So what the scammers are trying to achieve with deploying Ransomware is to lock your data up and then extort money from you to get your data back. Essentially make you pay a ransom to get your data unlocked and accessible again.

What can you do to protect yourself from Ransomware attacks?


  1. BACKUP YOUR DATA: Back up your files remotely every day, but only on a hard drive that is not connected to the internet. So long as you back up files on an external hard drive, you won’t lose any information if hit by a ransomware attack.
  2. NEVER OPEN A SUSPICIOUS EMAIL ATTACHMENT: And never download an app that you haven’t verified with an actual store. Read reviews before installing programs.
  3. SCAN ALL DOWNLOADS: Some antivirus programs have the ability to scan files to see if they might contain ransomware. Make use of them before downloading any questionable attachments from email or software from the internet.
  4. EXTRA PROTECTION: If you want take things a step even further, BitDefender does have an Anti-Ransomware security tool you can install and run on your computer to supplement (and work in conjunction with) your existing security software:
    www.bitdefender.com/solutions/anti-ransomware-tool.html

What do you do if you have already gotten infected with Ransomware?

If your computer has been attacked by ransomware, you can explore the free ransomware response kit (from ZDNet) for a suite of tools that can help with a ransomware attack.
Pacific Northwest Computers also recommends the following to moderate an attack as well:
  1. Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network!! VERY IMPORTANT!!
  2. Decide whether or not to restore from available backups, try to decrypt the encrypted data, or pay the ransom and take it as a lesson learned.
  3. Research if similar malware has been investigated by other IT teams, and if it is possible to decrypt it on your own. About 30 percent of encrypted data can be decrypted without paying a ransom. Some of those tools are listed below:
If the none of the available decryption tools work (or a decryption tool is not available for your specific type or Ransomware) data recovery could be a last resort option. There have been cases where when the Ransomware virus attacks and the data encryption first occurs, the original file is actually copied and then deleted, and the copied file is what gets's encrypted! So we can try to recover those original files!

If you have been hit by a Ransomware virus, you need Ransomware Data Recovery, or you are interested in getting some systems in place to be prepared and protected in the case of a Ransomware attack, feel free to reach out to us!
Pacific Northwest Computers


Jon Pienkowski ~ Owner/Operator
360.624.7379

Monday, May 15, 2017

WannaCry Ransomware Virus




The now infamous "WannaCry" ransom-ware virus has been making headlines and scaring a lot of computer users around the world. It is one of the quickest spreading Ransom-ware bugs that has been released to date, but Ransom-ware viruses are not anything new.

Ransom-ware viruses are a type of virus that infect computers, and then prevent the user from accessing the operating system, or encrypting all the data stored on the computer. Then the user is asked to pay a fixed amount of money as ransom to unlock their files, allowing them to regain access to the operating system and their data again. What sets this virus apart is how quickly and widely it has spread.

As of yesterday a Security Professional, Marcus Hutchins, has been credited with stopping the WannaCry ransomware attack from spreading across the globe, by accidentally triggering a "kill switch" found in reverse engineering the virus. So for now, further infection has been stopped. But to prevent any infections from previous distributions of the bug you can do the following:

"WannaCry" Ransomware Guidelines to Stay Safe:

  • Be careful to NOT click on harmful links in your emails! 
  • Even with security software installed, if you open/download an attachment from a malicious email it can and will infect a computer and network! 
  • If you get an email from someone, look at the email address/email header and make sure it's from who it says it is. 
  • Be aware of fraudulent e-mail messages that use names similar to popular services such as PayPal instead of PayPal or use popular service names without commas or excessive characters. 
  • Be wary of visiting unsafe or unreliable sites 
  • Never click on a link that you do not trust on a web page or access to Facebook or messaging applications such as WatSab and other applications. 
  • If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links). 
  • Always make have the latest update for your Antivirus; Let me know if there are any update issues! 
  • Make sure your windows have the latest updates to close the gap! 
  • If windows has reported that updates are pending/available; download and install immediately!! 
Further Steps to take in-case you WERE to get infected by the "WannaCry":
  • Make a recovery disk! The WannaCry ransomware asks for $300 or more if you a modified version if you do not pay the creators (in Bitcoin to its untraceable and not refundable) encrypt all of your files on the computer. 
  • If your computer gets infected take it off of your network immediately! The ransomware will spread to other computers on the network! You can restore from a backup. 
  • If you would like our assistance with ANY of the procedures above or would like us to secure your computer and/or network to the best of it's ability, let us know and we can schedule an onsite or remote session for you!! 

More from Microsoft on the bug and associated patches to help prevent infections from WannaCry:
https://technet.microsoft.com/…/libr…/security/ms17-010.aspx


Jon-Eric Pienkowski
_________________________
Pacific NorthWest Computers
(360) 624-7379

Friday, June 5, 2015

How can I keep my computer from getting infected? Pacific NW Computers' PC Security Tips


1. Make sure you regularly run MANUAL scans with your installed security software!
Security Programs We Recommend (Or Have Installed):
  • Avast Antivirus, BitDefender Free, Microsoft Security Essentials
  • MalwareBytes Anti-Malware
  • Spybot Search & Destroy
  • CCleaner
*For direct download links to the software listed above, visit "Pacific NorthWest Computers' Links and Recommended Software" page on our Blog Link below!
http://pnwcomputers.blogspot.com/2013/06/pnw-computers-links-and-recommended.html

Basic/General Scanning Procedure:

  • Before running any scans with any of the installed security software, be sure to FULLY update the software FIRST.
  • After updating the security software, perform the deepest and most thorough scan that the software is capable of. This is usually labeled as a FULL or COMPLETE scan.
  • DELETE or QUARANTINE any and all of the security software’s findings.
  • Make sure you DON’T download and install any scanner/security software that solicits you to download and install its software. These scanners are blacklisted because of their questionable reputation.

2. Make sure your Windows is ALWAYS up to date!

  • An unpatched Windows is vulnerable and even with the “best” Antivirus installed; malware will find its way through.
    So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.
  • Be sure to download and install all CRITICAL and SOFTWARE updates! You also may have to do several “passes” of Windows updates before all the available updates/patches are actually installed.
  • Verify that your version of Windows Vista, Windows 7 or Windows 8 has the most recent service pack installed. If this is not currently installed on your system, the Windows Update website will recognize this vulnerability and request you to download and install any available Service Packs and other needed updats.

3. Stay away from questionable sites.

  • This is one of the main causes why a computer gets infected. Visiting cracksites/warezsites – and other questionable/illegal sites is ALWAYS a risk. Even a single click on the site can be responsible for installing a huge amount of malware. Don’t think: “I have a good Antivirus and Firewall installed, they will protect me” – because that’s not true… there is no “Magic Bullet”. Before you know it, your Antivirus and Firewall may already be disabled because malware already found its way on your system.


4. Be careful with email attachments!

  • Malware spreads via email as well, especially email attachments. The most common ones are emails telling you that your computer is infected and that you can find the removal tool in the attachment, emails telling you that your password has changed and can find it in the attachment, emails with product codes in the attachment from software that you purchased (which you didn’t), emails with attachments that are so called “Security Updates”, etc. etc.
  • Don’t trust any emails like the ones listed above. Don’t even attempt to preview/open them and delete them immediately instead! It may also happen you receive an email from someone you know, but with a questionable attachment present and strange content in the e-mail’s message. In this case, this person – or someone else who has your address book in his/her address book – is infected with malware (worm/spambot) and sends these emails without being aware of it.
  • Don’t click links in emails from someone you don’t know, because these links can redirect you to sites where malware gets downloaded and installed.

5. When surfing the internet…

  • Use Google Chrome or the FireFox web browser as your MAIN internet browser. These browsers does not use ActiveX controllers or BHO’s (these are programs that are a standard feature’s of Microsoft’s Internet Explorer and are “exploited” vulnerabilities that hackers use to infect computers). If a specific website (such as a financial institution website) may require Internet Explorer to be used in order for you to view their site, then use Internet Explorer. But for that specific website ONLY!
  • Don’t click on links inside pop-ups. ALWAYS close the windows via the "X" for the window vs. clicking "Cancel" or any other 'escapes' in the pop-up.
  • Download software off of the internet from websites you know and trust. A lot of free software comes bundled with other software, including malware.
  • Be careful when you are viewing videos online. Especially when you get a pop-up asking you to download a “Codec” to be able to watch the video. By default, your media player should already have the necessary codec installed to watch online videos. In the case that you’re prompted to install an additional codec while trying to watch a move online (or downloaded), it is most likely a false alert and this so-called codec may install malware.
  • Don’t install plug-ins (ActiveX) if you’re not certain what it is or why it is you need it. (Unless you are attempting to perform Windows/Microsoft Updates).
  • Glubble is a great FireFox add-on if you want to manage the sites your kids are allowed to see.

6. Watch what you download!

  • If you want to install certain software, always go to the developer’s site to download the software. Then you can be sure you’re downloading and installing the right software. Be aware of the fact that certain software (especially freeware) may contain/come bundled with extra software including spyware and/or adware. So only install when you’re sure they are OK.
  • The use of Torrent sites, Game Patches and Mods, Emulators; really anything "Free" is always a risk. Unless the download/host site is a reputable site, you can never be sure what you are exactly downloading. A file you are looking to download or have downloaded isn’t always what it’s made out to be.

If you have any questions or comments please don't hesitate to get in touch!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379

Thursday, November 7, 2013

New Virus Alert: CryptoLocker!


A New Virus Has Surfaced ~ CryptoLocker

CryptoLocker is a new, nasty piece of malicious software that is infecting computers around the world; encrypting important files and demanding a ransom to unlock them. If you get hit with this virus you risk having your personal data encrypted and lost for good!

This sophisticated malware is delivered the old-fashioned way – an executable file hidden inside an attachment that looks like an ordinary ZIP file or PDF. One small business reports being compromised after clicking on an email attachment that was designed to look like a shipping invoice from the U.S. Postal Service.

The CryptoLocker virus can be removed from an infected system, but unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful.

Preventive Measures:
  1. BACKUP ALL OF YOUR DATA ASAP! That’s the only way to reduce the risk of losing your files forever. Also, to avoid getting your backup's encrypted your backup device should be disconnected from your computer until the next time you need to access it or run a backup. 
  2. Download and install a free utility called 'Crypto Prevent'. Crypto Prevent is a small utility that changes a few settings in your computer to help prevent the CryptoLocker infection from happening in the first place! Its not a golden bullet however, so having current data backups is your ulitimate defense. You can downloading the Crypto Prevent utility directly from the link below!
http://www.foolishit.com/vb6-projects/cryptoprevent/

If you need any assistance we can setup a visit to help secure and backup your computer for you!

Let us know if you have any questions or issues!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379

Tuesday, July 16, 2013

How to Clean up a Slow Performing Computer ~PLUS~ a few Mac tips too ;)


Many think that when a computer starts performing poorly that it's time to buy a new computer. Does your desktop or laptop often hang on the hourglass or swirling circle for several minutes at a time? Does "Not Responding" sound familiar to you? Is it slow to load files or applications, and does it take a long time to boot? Even if you're extremely careful about how you use your computer and never download questionable material, over time it is inevitable that your system will accumulate unwanted registry entries, errors, clutter, and debris. Here's how to clean your computer up and get it running faster again!

Steps To Take:
  1. Update your antivirus software and run a full scan. Antivirus software helps protect you from viruses and other suspect files that can spread by simply opening an email. It performs regular system checks and detects when foreign files are trying to infiltrate your computer. Click the link below for a list of the security software that Pacific Northwest Computers recommends and uses:

    **Do not use Registry Optimizers or so called Clean Reg Tools.!! 
    Most of these cause more harm than good in the future with your PC!!!

  2. Clear up some space on the hard drive. Deleting unnecessary files that your computer stores is an easy and simple way to free up memory and improve overall performance. To do this, access Disk Cleanup in Windows and delete Temporary Files on a Mac.

    *For Windows XP, Windows 7, and Vista: Click Start, click All Programs, click Accessories, click System Tools, and then click Disk Cleanup. If several drives are available, you might be prompted to specify which drive you want to clean.

    *For Mac: Go to Applications, click Utilities, and click Command Prompt. In the Command Prompt, type in "sudo rm -fr /tmp/*" and hit Enter. The temporary files that have been left behind on your computer will now be cleared.
  3. Uninstall useless programs or programs you rarely use. These can include games or media files that you or your children never use, as well as programs that have become redundant or obsolete.

  4. When uninstalling programs be sure you don't need them! Some programs are needed for the operation of the computer. So if you are unsure about a program then leave it alone or do a quick search on Google to see if you can find out whether it's good or bad.
  5. For Windows: Follow the Start Menu to Settings and then to Control Panel. From this screen click on Add/remove programs or Uninstall a program and uninstall programs that are no longer needed.

    *When uninstalling programs, be sure you don't need them before removing them! Some programs are needed for the operation of the computer. So if you are unsure about a program then leave it alone or do a quick search on Google to see if you can find out whether it might be good or bad.

    *For Mac: Kill unwanted or redundant programs by dropping the program files into the Recycle Bin.
  6. Remember to empty your Recycle Bin after deleting these files because they are still on the hard drive and taking up space; just right-click the icon and navigate to “Empty Bin.”
  7. Download and install and run spyware removing programs like Spybot Search and Destroy. Spyware is a kind of malicious software installed on computers that track certain information without the user's knowledge. For both privacy implications and the health of your computer, it's best to delete spyware and other "malware."

    *You can download Spybot and other security software for your computer for free by using this link:

  8. Defragment your hard drive. Fragmentation basically is when your computer's files get disorganized, hurting your computer's ability to lay data out sequentially. Defragmentation is the correction to this process.

    *For Windows: click on My Computer, then click Properties, then click the "Tool's" tab. From this tab just click on the Defragment button and then run the program. You can set it up so that your computer automatically defragments at set intervals.

    *Besides the Windows Defragmentation utility, we recommend MyDefrag (formerly JKDefrag). MyDefrag is a disk defragmenter and optimizer for Windows 2000/2003/XP/Vista/2008/X64 computers. It's very easy to use, fast, low overhead, with several optimization strategies, and can handle floppies, USB disks, memory sticks, and anything else that looks like a disk to Windows!
    *For Mac: Mac operating systems rarely, if ever, need to have their disk space defragmented.

  9. Check your RAM. RAM stands for Random Access Memory. These are the computer's memory chips. If there are not enough of them or they are not very large in size, your computer will use your hard disk to store intermediate results. But this is a much slower process. The computer will appear busy and will also be slow to write and read things from the hard disk. You can hear it, and the LED on the computer itself will light up and just stay on. Right-click on the My Computer icon, then select properties, then read what is said on the 'General' tab. For Windows XP it should be 1GB or more and 2GB's or more for Windows 7 or 8. Anything less than those numbers might be the problem.

    *If RAM is the real problem, your computer will be slow whenever you start a new application. If your computer is only slow when you turn on your computer or reboot, it is more likely that it is some other problem.

    *Before you rush out to get some additional RAM in a computer shop, make sure you know exactly what type fits in with your computer, and convince yourself that there are still empty slots (inside your computer) that can be used to put the RAM in. For most people it is best to make a computer repair shop responsible for all this; you can give us a call and you can bring your system if you need help!!

Tips!
  • Never install software that you don't intend to use regularly.
  • Be careful about what you install; most free downloads from certain sites can come with some form of spyware/malware/grayware or possibly a virus.
  • Make an effort to defrag your computer weekly.
  • To ensure safe broadband internet browsing install a firewall program (Microsoft has one built in with XP) or buy an external firewall router.
  • Always perform a spyware scan and virus scan weekly if you do minimal file/program downloads. If you do many downloads weekly, then the suggested performance is daily.

!!!Warnings!!!
  • When uninstalling programs be sure you don't need them; some programs are needed for the operation of the computer.
  • When using the spyware removal program, be sure to go over the directions thoroughly. Since this program makes changes to the registry you can actually make the computer perform worse than before. If you are not an avid computer user, just clean the detected items that appear in red, or consult a friend who knows about computers.

Wednesday, June 26, 2013

PNW Computers' Links And Recommended Software

PNW Computers' Links And Recommended Software

A basic list of software, tools and utilities that we use and recommend!
We will update this list as much as possible! 

Tools and Utilities:

  • Hirens All-In-On Boot CD - Great utility CD with TONS of diagnostic software; HD manufacturers included!
    http://www.hirensbootcd.org/download/
  • BleachBit - When your computer is getting full, BleachBit quickly frees disk space. When your information is only your business, BleachBit guards your privacy. With BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there!
    https://www.bleachbit.org/
  • GParted - GParted is a free partition manager that enables you tor resize, copy, and move partitions without data loss. Some repair capabilities as well.
    http://gparted.sourceforge.net/download.php
  • Memtest86 - MemTest86 is a free, thorough, stand alone memory test for x86 architecture computers.
    http://www.memtest86.com/
  • Offline NT Password & Registry Editor - This is a utility to reset the password of any user that has a valid lcoal account on your Windows System.
    http://pogostick.net/~pnh/ntpasswd/
  • HFSExplorer - HFSExplorer is an application that can read Mac-formatted hard disks and disk images. It can read the file systems HFS (Mac OS Standard), HFS+ (Mac OS Extended) and HFSX (Mac OS Extended with case sensitive file names), including most .dmg disk images created on a Mac, including zlib / bzip2 compressed images and AES-128 encrypted images
    http://www.catacombae.org/hfsx.html 
  • IsoBuster - IsoBuster is actually a CD/DVD and BD/HD DVD data recovery software that can interpret, open and extract various CD/DVD/Blu-ray disk image files, including DMG.
    http://www.isobuster.com/download.php
  • Revo Uninstaller Free - Revo Uninstaller lists the installed programs and components for all and current user. With a choice of views, as well as a context menu, information on program components is available: program properties, their registry entries and links to manufacturer's web site, for a start. The "Search" option finds installed applications just by typing the first few letters of their name. Revo Uninstaller Free scans for "leftovers" with advanced algorithms that are precise, fast and very effective in searching for leftover Windows Services, Drivers, File associations, Shell Extensions, COM components, Windows Installer components, program settings and more!
    http://www.revouninstaller.com/revo_uninstaller_free_download.html
  • MyDefrag - MyDefrag (formerly JKDefrag) is a disk defragmenter and optimizer for Windows 2000/2003/XP/Vista/2008/X64. Completely automatic and very easy to use, fast, low overhead, with several optimization strategies, and can handle floppies, USB disks, memory sticks, and anything else that looks like a disk to Windows.
    http://www.mydefrag.com/Manual-DownloadAndInstall.html
  • CUTEpdf Writer - Create PDF documents on the fly for Free! Portable Document Format (PDF) is the de facto standard for the secure and reliable distribution and exchange of electronic documents and forms around the world. CutePDF Writer (formerly CutePDF Printer) is the free version of commercial PDF creation software. CutePDF Writer installs itself as a "printer subsystem". This enables virtually any Windows applications (must be able to print) to create professional quality PDF documents - with just a push of a button! ALL FOR FREE!
    http://www.cutepdf.com/products/cutepdf/writer.asp
  • VideoLAN VLC Media Player - VLC media player is a highly portable multimedia player for various audio and video formats as well as DVDs, VCDs, and various streaming protocols without external codec or program. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.
    http://www.videolan.org/vlc/
  • Sumatra PDF Viewer - Sumatra PDF is a slim, free, open-source PDF reader for Windows. Sumatra has a very minimalistic design and is no where NEAR the security risk that Adobe Reader can be. Simplicity has a higher priority than a lot of features with Sumatra. It's small, secure and starts up very fast.
    http://blog.kowalczyk.info/software/sumatrapdf/download-free-pdf-viewer.html
  • Piriform Recuva - Accidentally deleted an important file? Lost something important when your computer crashed? No problem! Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player. And it's free!
    http://www.piriform.com/recuva

Security Software:

What is a rootkit!? A rootkit is a program or a program kit that hides the presence of malware (or itself) in a system. A rootkit for a Windows systems is a program that penetrates into the system and intercepts the system functions; Windows API. It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install their own drivers and services in the system and they also remain “invisible".  

Software Sites:

  • Filehippo.com - Great site that hosts TONS of updates and software titles; anything you can think of really.
  • Ninite.com - Great "update-all-at-once" site that lets you install/update multiple programs without dealing with individual installers, prompts, etc. One download, one install; as many programs as you like!


Let us know of any issues with inks!

Updated 11/1/2013
pnwcomputers@gmail.com

Wednesday, July 18, 2012

How did I get infected? Take these steps so it does not happen again!


One of the most common questions found when cleaning malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.
Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.


Do not use P2P programs

Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet

Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:

1) If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

2)  If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

3) If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.

4) If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.

5) There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.

6) Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.

7) Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.

8) When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.

9) Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

10) Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.

11) DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software. Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date

Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

Windows XP users You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.

Windows Vista users You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.

Windows 7 users You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here

Keep your browser secure

Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:
Microsoft Internet Explorer
Mozilla Firefox
Google Chrome

Use an AntiVirus Software

It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program

Recommended, and free, Anti-Malware programs are Microsoft Security Essentials, Malwarebytes Anti-Malware, Spybot Search & Destroy and SuperAntiSpyware. You can find these programs and more on our other blog article; PNW Computer's Recommended Software Programs & Downloads!

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically!

Grinler. "How Did I Get Infected?" Bleeping Computer - Computer Help and Discussion. Bleepingcomputer.com, 24 Jan. 2004. Web. 22 Dec. 2011.

Friday, May 4, 2012

Fake Hard Drive Diagnostic Virus; Browser Pop-up/Redirection Fix


Pacific NorthWest Computers KNOWS rogue security and fake software applications very well. Fake software virus applications make up for 85% of the infections that we see on a day-to-day, week-to-week, month by month basis here in the shop. At first it was just fake security software programs. But the newest "trend" in the fake malicious software world is fake hard drive diagnostic software.

This fake diagnostic software virus pretends to have found issues with your hard drive, proceeds to hide your data (to seem more legitimate) and then tries to sell it self as a fix for all "problems" it has identified with your hard drive. When first released, it was not to difficult to remove. But the issue we are running into now however is that when a customer brings a system in that has this virus on it, we aren't just worrying about just getting the virus removed. But more importantly, reversing the changes the virus has made to an affected system. The big challenge has been with Browser hooks.


Most of the time when we encounter this virus it will actually "hook" into (or simply put; infect) the executable "IExplorer.exe", which is Internet Explorer. Once "hooked" the virus can change, modify how Internet Explorer functions and can generate pop-ups and redirect searches and navigation in the browser. All after the virus cleaning is completed on the affected computer. Now, most of the time programs like Spybot Search & Destroy are very effective at reversing system modifications created by viruses. But so far, this browser hook issue is not "automatically" fixed by virus scanners and utilities and since hooks can sometimes be impossible to remove. This type of an issue can prevent us from declaring a system clean and can sometimes require us to reinstall the computer's operating system. Well, we think we figured out a fix!

After working on a computer from a local insurance agency, I did some extensive poking around an infected computer's file system and registry and was able to locate a registry location for something called “DOMStorage” under Internet Explorer’s HKEY_ CURRENT_USER registry key (HKCU\Software\Microsoft\Internet Explorer\DOMStorage). In this registry entry, I found folders matching the names for some of the websites that were being generated in the random IE pop-ups's. I knew I was onto something but did not know what "DOMStorage" even was nor did I know why or how Internet Explorer even used it.

After doing some research on DOMStorage (http://en.wikipedia.org/wiki/Web_storage) it looks like DOMStorage, or Document Object Model Storage, is a web application software method and protocol used for storing data in a web browser. So I thought to myself, “Well if they can store data there, they could very well plant a program in those locations to hide and allow themselves to generate those pop-ups!”. So I went ahead and deleted all of the folders in the DOMStorage registry location (and there were A LOT of sites listed in there) and it’s safe to now say after removing those folders there have not been ANY Internet Explorer pop-ups since! After pop-ups coming up several times a minute, the system is running great and is running flawlessly for several days; with web surfing and all! No browser re-directions or anything!
So I would say this is another problem solved and another win against viruses for Pacific NorthWest Computers!

Jon Pienkowski
Owner/Operator
Pacific NorthWest Computers

Thursday, April 14, 2011

Rogue Hard Drive Error Repair Software

A new fake HD repair/error finding virus software is going around, and it hides all of your personal data so it  looks like all of your data has been lost or deleted; RUN FULL, MANUAL, VIRUS SCANS ASAP IF IT HAS BEEN A WHILE and MORE OFTEN THAN USUAL!

Friday, February 18, 2011

New Computer Software To Have & Use: 101 *INCLUDING VIRUS CLEAN-UP HOW-TO!!


With all the software that is out there for surfing the web and for security, it can be kind of confusing which programs you should or should NOT use. Maybe you have a brand new computer that you need to setup. Or you are looking to get your current system spruced and/or re-secured. Or maybe you are looking to overhaul your system's software completely! Here are some of my recommended software programs that I personally like, use and recommend. As well as a basic "How-To" to help get you going on running virus scans and to assist with tuning up your computer!


Google’s Chrome Web Browser
The Web is all about innovation, and Chrome sets the pace with dozens of new features to deliver a faster, more secure and customizable Web browsing experience for all! Google Chrome raises the bar for security. The new malware and phishing protection helps protect from viruses, worms, trojans and spyware to keep people safe while surfing on the Web.


Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free and effective antivirus that is easy to use, and is always kept up to date. So you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple. Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.


Malwarebytes' Anti-Malware (MBAM):
Malwarebytes' Anti-Malware is a high performance anti-malware application that thoroughly removes even the most advanced malware and spyware. With one of the fastest, most effective quick scans and malware removal capabilities on the market, this program is the perfect addition to your PC's defenses. The full version of the product includes a number of key features, including the ability to schedule updates and scans and most importantly, a real-time malware protection module that blocks malicious processes before they even start.


Safer Networking’s Spybot Search & Destroy:
Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behavior to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies. If you see new toolbars in your Internet Explorer that you haven't intentionally installed, if your browser crashes inexplicably, or if your home page has been "hijacked" (or changed without your knowledge), your computer is most probably infected with spyware. Even if you don't see the symptoms, your computer may be infected, because more and more spyware is emerging. Spybot-S&D is also absolutely free.
**NOTE! During the installation of this program, a feature called "Tea-Timer" will attempt to install and run. DO NOT INSTALL or ARM THIS FEATURE! It can be very intrusive and create conflicts with other security software you may have installed.


Trend Micro's HijackThis:
HijackThis inspects your computers browser and operating system settings to generate a log file of the current state of your computer. Using HijackThis you can selectively remove unwanted settings and files from your computer. Because the settings identified in a HijackThis log file can belong to both legitimate software and unwanted malware, it is important to use extreme caution when choosing to removing anything using HijackThis.


Piriform's CCleaner:
CCleaner is a free PC optimization tool. It combines a system cleaner that removes unused and temporary files from your system and also a fully featured registry cleaner! CCleaner allows Windows to run faster, more efficiently and gives you more hard disk space. The best part is that it's Small, Fast and Free!


VSRevo Group's Revo Uninstaller Free:
Revo Uninstaller free lists the installed programs and components for all and current user. With a choice of views, as well as a context menu, information on program components is available: program properties, their registry entries and links to manufacturer's web site, for a start. The "Search" option finds installed applications just by typing the first few letters of their name. Revo Uninstaller Free scans for "leftovers" with advanced algorithms that are precise, fast and very effective in searching for leftover Windows Services, Drivers, File associations, Shell Extensions, COM components, Windows Installer components, program settings and more!


MyDefrag (formerly JKDefrag) is a disk defragmenter and optimizer for Windows 2000/2003/XP/Vista/2008/X64. Completely automatic and very easy to use, fast, low overhead, with several optimization strategies, and can handle floppies, USB disks, memory sticks, and anything else that looks like a disk to Windows. Why use this defragger instead of the standard Windows defragger? 
  • Much faster. 
  • Totally automatic, extremely easy to use.
  • Optimized for daily use.
  • Disk optimization, several strategies.
  • Directories are moved to the beginning of the disk.
  • Reclaims MFT reserved space after disk-full.
  • Maintains free spaces for temporary files.
  • Can defragment very full harddisks.
  • Can defragment very large files.
  • Can defragment individual directories and files.
  • Can be run automatically with the Windows Scheduler.
  • Can be used from the commandline.
  • Can be used as a screen saver.
  • Can be run from cdrom or memory stick.
  • Sources available, can be customized.


    Piriform Recuva:
    Accidentally deleted an important file? Lost something important when your computer crashed? No problem! Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player. And it's free!


    CUTEpdf Writer:
    Create PDF documents on the fly — for Free! Portable Document Format (PDF) is the de facto standard for the secure and reliable distribution and exchange of electronic documents and forms around the world. CutePDF Writer (formerly CutePDF Printer) is the free version of commercial PDF creation software. CutePDF Writer installs itself as a "printer subsystem". This enables virtually any Windows applications (must be able to print) to create professional quality PDF documents - with just a push of a button! ALL FOR FREE! 


    VideoLAN VLC Media Player:
    VLC media player is a highly portable multimedia player for various audio and video formats as well as DVDs, VCDs, and various streaming protocols without external codec or program. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.
    VLC Media Player can play:
    • MPEG-1, MPEG-2 and MPEG-4 / DivX files from a hard disk, a CD-ROM drive, and so on
    • DVDs, VCDs, and Audio CDs.
    • From satellite cards (DVB-S).
    • Network streams: UDP/RTP Unicast, UDP/RTP Multicast, HTTP, RTSP, MMS, etc.
    • From acquisition or encoding cards (on GNU/Linux and Windows only).


      Sumatra PDF Viewer:
      Sumatra PDF is a slim, free, open-source PDF reader for Windows. Sumatra has a very minimalistic design and is no where NEAR the security risk that Adobe Reader can be. Simplicity has a higher priority than a lot of features with Sumatra. It's small, secure and starts up very fast.


      Google's Picasa Picture Manager & Editor:
      Picasa is software that helps you instantly find, edit and share all the pictures on your PC. Every time you open Picasa, it automatically locates all your pictures (even ones you forgot you had) and sorts them into visual albums organized by date with folder names you will recognize. You can drag and drop to arrange your albums and make labels to create new groups. Picasa makes sure your pictures are always organized. Picasa also makes advanced editing simple by putting one-click fixes and powerful effects at your fingertips. And Picasa makes it a snap to share your pictures, you can email, print photos home, make gift CDs, instantly share your images and albums, and even post pictures on your own blog.




       Now here are some basic instructions on how to use the security programs we recommended above!
      1. Double click on a security program’s icon; MS Security Essentials, Spybot, MBAM, etc...
      2. Locates the program’s “Update” button and update the software;
      3. You may need to click ok a few times but this process takes only a minute to download and install updates on a high-speed internet connection.
      4. Once the program has been updated, select “Scan Now” or “Check for Problems” and run a system scan.
      5. If you are given the option to run Quick or Full scan; always run the Full scan. This process can take an hour to a couple of hours to complete and will slow down the computer if you decide to use the computer as it scans.
      6. Once the program says it’s completed its scan, delete or quarantine any and all findings; if the malware can’t be removed, contact Pacific NorthWest Computers ASAP!
      • Run full scans with theyour security software every 2 weeks if you can; at-least once a month. All the security software is 100% free but can also bee purchased. During updates, these programs may pop up an ad for a purchasable version of themselves. But don’t be alarmed! Just simply click an available “later” or “ok” button or just close the box with its upper right "X" button.
      • Use CCleaner to help with the “junk file cleanup” that needs to be routinely cleared for security and performance purposes. To do this, just find and double click the CCleaner icon and then simply click “Run Cleaner”. When it says it’s completed, you’re all done!
      • Use MyDefrag to help keep the files on your hard drive organized as well as help to keep your computer and hard drive running the best that it can! At least once a month run a "System Disk Monthly" de-fragmentation on your "C:\" drive. If you have external hard drives, you can run a "Data Disk Monthly" de-fragmentation on those drives as well to help maintain optimal read/write performance. Also, there area Daily and Weekly defragmentions you can run for both types of hard drives as well.