Sunday, November 28, 2010

Scan with Microsoft's Malicious Software Removal Tool

One of the tools that comes with Windows operating systems is the Malicious Software Removal Tool. It updates with the monthly MS updates and it runs a quick scan once a month. However, it may be a good idea to actually add another layer of security and run a full scan from time to time.

So how do you run this tool? First, press the Windows logo key+R. This will bring up the following window.
You just type 'mrt' in the input box and hit the OK button. This will bring up the dialog box for the MRT.
Now you just click on the Next> button and you will be presented with the following dialog box.
You then select the Full Scan radio button and click on the Next> button to start the scan off. It may take some time to actually complete, but this will give you another layer of security for your home PC.

Now this will only find known software that Microsoft has added to the MRT so it isn't a silver bullet. Stay safe out there

Sunday, November 21, 2010

Secunia's PSI Documentation

I've written several times in the past about the security company Secunia and the tool that they have created called PSI (Personal Software Inspector). Here is a link from that helps users how to use PSI. This is a tool that helps the average user to keep up to date with all those 3rd party applications like Adobe, Java, iTunes, Safari, etc. I am testing a newer version of PSI that is in Beta. This new version will have many automated updates to help the average user get through the forest of 3rd party applications. When this beta version is released, I will let you know.

The reason why this is so important is that cyber criminals are exploiting these 3rd party applications to install the malicious software that infects so many people's PCs. Be safe out there.

Adobe Reader X Update

OK, I jumped at the chance to download the new updated Adobe Reader that is introducing sandboxing. I haven't had too much of a chance to play with it yet, but one thing I've noticed right away is some settings I changed a long time ago. I've written about those setting changes in earlier blog posts and can be found here and here.

Once you changed these settings, any updates to Reader would carry those changes through the next version released. I did notice that on Adobe Reader X, these settings went back to their default value you so you will want to repeat the steps detailed in the previous blog posts related to disabling Javascript and disabling the setting under Trust Manager.

Stay safe out there.

Friday, November 12, 2010

Is that E-mail Actually from your Family Member or Friend?

You get an e-mail from a family member or friend and they have sent it to several others in the TO line of the e-mail. And many times the SUBJECT line is blank or possibly contains RE:. To top it all off, they don't type anything in the body of the e-mail. You just see a link. No explanations, just the link. So should you click it? Probably not. If you do, most likely you will be directed to some sort of Canadian Pharmacy selling Viagra or Cialis. What you don't see will harm you in ways you won't like. Malware is installed that makes your PC now under the cyber attacker's control.

To stay safe, you must make the correct decisions from time to time. And the one thing you can't do is trust that that e-mail is really from your brother, sister, or your BFF. Always question situations like these. If you are really curious, call them and ask them if they sent you something and if they did, then let them know they need to explain what they are sending you next time.

My advice when it comes to electronic communications is , trust no one. You will be better off if you take that advice.

How to Stay Safer Online

So to understand how you can protect yourself against the malicious attackers looking to install their malware on your PC, you have to know what programs attackers are exploiting. Keeping your software up to date with security patches is vital. The top applications that attackers are having success with when it comes to running exploits on your PC include the following:
  1. Java Runtime Engine (JRE)
  2. Adobe Reader/Acrobat
  3. Adobe Flash Player
It is also important to know that these aren't the only things you need to update. Microsoft updates are important. If you don't already have them set to automatically download and install, you should do this. Updating applications like iTunes, QuickTime, Firefox, just to name a few.

It is also important to have some sort of anti-virus installed on your PC and it should be set up to scan on a regular schedule and keep the signatures up to date. I also recommend that you install a great malware removal tool called Malwarebytes Anti-malware. Download and install the free version. You can find it here.

Lastly, your actions can go a long ways in keeping malware off your PC. Knowing if you should click or not IS a really big deal. If something doesn't look right it probably isn't.

These are just a few steps you can take to keep malicious software from being installed on your PC. Protect your family and your financial health from the cyber attackers. Stay safe out there.

Monday, October 4, 2010

Microsoft Security Essentials

In the past, I would advise people to use the free version of AVG Anti-virus software. I have now officially changed. Anytime anyone asks about AV, I will steer them in the direction Microsoft Security Essentials. You can find the Microsoft download page for Security Essentials here. I personally use it on all my Windows boxes.

Saturday, October 2, 2010

Verizonwireless Down

Appears that is down. Probably just temporary.
Probably due to this problem documented in the Internet Storm Center's post here. It is back up as of this morning.

Thursday, September 30, 2010 Spreading Infections

Seeing some installations of fake anti-virus coming from both and this morning. I would avoid these sites at this time.

Wednesday, September 15, 2010

VMWare Workstation - XP Guest, Fails to find Hard Drive

I had got a new laptop and I was about to go to a class and had to get my laptop set up for the before leaving town. When I went to install my XP guest, I get this message. Setup did not find any hard disk drives installed in your computer. After some digging, I finally found a site that had a great video to give me exactly what to do. If you have this same problem, here is the link for you.

Click here
for the answer you've been looking for.

Wednesday, August 18, 2010

Adobe Updates

Time to update again. Adobe has a patch available now for Flash Player and Adobe Reader/Acrobat will have an update sometime tomorrow. It is critical that you patch these as attackers are using exploits against Adobe applications to install their malicious software.

Saturday, July 24, 2010

Firewall Disabled?

I work on plenty of Windows XP machines that have got malware installed on them. Sometimes after removing the malware, you have to go into services to enable to firewall to be turned back on. How do you do this? Go to START>RUN, then type in services.msc, then scroll down to Windows Firewall/Internet Connection Sharing. If you right mouse click you should be able to start the service back up.

Monday, July 19, 2010

Malwarebytes Rocks!

You may have had malicious software installed on your PC and you have done searching and found references to Malwarebytes Anti-malware tool. Everything you read about it is true. I recommend it to all my friends. If you don't already, click here to download it and install it. There is a free version but if you are finding that you browse to somewhat risky places on the Internet, then maybe you should purchase the paid for version which gives you better protection.

Below I've listed instructions on how to use the tool.

  • After installing, double click on the Malwarebytes Anti-malware tool and you are
    presented with the Malwarebytes dashboard.
  • Click on the Update tab (the third tab over). Click on the "Check for Updates" button to get the new signatures for MBAM. You need to do this step every time prior to running the tool.
  • After the update is complete, then click on the Scanner tab (this tab is the first you will see when opening MBAM). Select the default scanning option (Perform quick scan) and then click on the Scan button. MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is done scanning it will present you with a message box with an OK button. It will either tell you no malicious files found, or if it finds any malicious files, it will then allow you to view the results. Click the OK button.
  • If infected files are found, you will now be back at the main Scanner screen. At this point you should click on the Show Results button. A screen displaying all the malware that the program found will be displayed.
  • You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the infected files and registry keys. When removing the
    files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. If the Quick Scan
    option actually found any malicious software, I always recommend that after you have removed and rebooted if needed, then repeat these steps but select the Perform full scan option. For sure this process will take longer because you are scanning your entire PC.
Let me know if you have any questions.

CCleaner Documentation

I enjoy using a tool called CCleaner. It is a great free utility that I may have suggested to you. If so, here is a link to documentation on how to use the tool CCleaner. If I haven't talked to you about it and are interested, click here to download it from CNet. Enjoy!

Click here for the documentation.

Wednesday, July 14, 2010

How To Identify an E-mail is Malicious

At some point, you have either been faced with or you will be faced with receiving an e-mail from someone you know personally that looks a bit odd. What are some of the things that you can look for to make that decision to click a link or not? This is an example of an e-mail that was actually delivered to a friends inbox and the link in the e-mail was a malicious download. Take a close look at the recipients list, you can see in this example that they are listed in alphabetical order. This is an indication that the attacker is sending e-mails sequentially to all contacts in a hijacked e-mail account. Most times, the SUBJECT line is blank. Another clue is there will be no text in the body of the e-mail, just a link. Remember, if you ever have a question about the validity of an e-mail, it is better to error on caution and just delete it.

Help My E-mail Account Has Been Hijacked!

Have you been told by someone you know that they think your e-mail account has been hacked? It seems like you see it more and more today where people get their e-mail accounts hijacked. E-mails are sent to everyone listed in the e-mail account's contact list that contains a link which is malicious. If any of your friends who open the e-mail from your hijacked e-mail account and they click on the link, more than likely their PC has just had some malicious payload installed on their PC. And so the cycle continues. So what do you do if your e-mail account has been hijacked? Here are some steps you can take to gain control back from the cybercriminal.

More than likely you logged into your personal e-mail account on a PC that had some sort of malicious software installed that was able to steal your login credentials for that account. If you only log into your account from your home PC, then your home PC has some sort of malicious software installed and it needs to be cleaned. Make sure you have an anti-virus product installed and that the virus signatures are current, then scan your PC and remove any malicious software that is found. If the scan comes back clean, I recommend downloading free version of Malwarebytes Anti-malware tool from Follow the instructions and remove any malicious software that is found.

Removing the malicious software is just the first step. You need to regain control of your e-mail account by doing the following steps.

1. Change the account password and make it a strong password.
2. Confirm that the "alternate e-mail address" is your other e-mail and not the criminal attacker's so that they won't be notified of the password change and other changes.
3. Change the answers to your security questions.
4. Change any other information that your e-mail account administrator would use to verify the account.
5. If all these efforts fail, open a new account, notify the e-mail administrator and your contacts, and close down the old account.

As always, the best protection from malicious software and other online attacks is to have a firewall and anti-virus software that is kept current. Also patching 3rd party applications like Adobe Reader/Flash, Java, as well as your Windows updates is critical to stay protected. Probably the best tool you have against is your "online behavior". Stay away from peer-to-peer sites where you can download "free" music and software, don't surf porn, and don't randomly click on links without checking into things. Your motto when online should be "trust no one". Combining all these will keep you protected against malicious software.

Thursday, April 22, 2010

Adobe Reader Setting to Change

So you need to know what the criminal attackers are exploiting so you can defend against it. Adobe Reader/Acrobat and Adobe Flash are at the top of the list. Earlier I wrote about turning off Javascript in Adobe Reader in this post. I come to you with another setting to change. Pull up your Adobe Reader and then go to Edit>Preferences:

Find the category Trust Manager and highlight it, then uncheck the box seen below in this image.

Trying to stay secure is always a moving target. Setting these options as I have mentioned will help protect against current attacks going on now in the wild.

Stay safe and have a great weekend.

Saturday, April 17, 2010

Defending Against ZeuS Trojan

If you are a small business, school districts, local governments, or local entities like community libraries, and you have someone who works for you who transacts business with your bank online, or possibly you use ACH, you had better listen up. Cybercriminals are looking for you and they want to steal you blind. If you have heard from your local financial institution warning you about ZeuS, you need to find yourself someone who can help you defend agasint this silent attack.

Brian Krebs has a great blog and has been writing about the folks behind the ZeuS kit that is stealing literally millions of dollars each year and it doesnt seem to be getting better. ZeuS has its sights on the smaller businesses who probably don't have the computer security staff to help them take steps to lower this risk.

I'm from the northeastern part of Kansas and can help you with a risk assessment to let you know if you are at risk to ZeuS. Contact me if you would like to talk. Have a great weekend and stay safe.

Sunday, February 28, 2010

Criminal Hackers Poison Search Results

So you ever hear news about a celebrity or a current news event, and you want to find out more information so you go do a Google search on the topic? Bad guys know this and will take advantage of tragedy to spread their malware. Check out this video to see how to keep yourself safe based on you inspecting the results you get back closely.

Saturday, January 30, 2010

Adobe Reader Settings

So you want an added layer of protection against the bad guys? Go now to your Adobe reader and open it up and go to HELP on the toolbar and then select Check for Updates... If there is an update, then do it!

After you get it updated, open the Adobe Reader application up again and on the toolbar go to Edit, then Preferences...

This will open another window where you need to look down at the left hand margin and select JavaScript, then uncheck the box Enable Acrobat JavaScript.

If you are like me, almost all will not be affected by having this option turned off. I am aware that the has forms that do require you to have this enabled. Bad guys like to create malicious malformed PDF documents that are many times related to JavaScript. The good news is from this point on, when you update Adobe Reader, it will retain this setting. The only time you will ever need to change this setting is when you receive a PDF document who you absolutely trust the
person who is sending it to you.