Avast 2015

There are quite a few antivirus software out there that do the job. Of all the software that is out there, I recommend Avast 2015. You can certainly use the Avast Free Antivirus, but I recommend Avast Premiere if you want extra protection. If you happen to get a virus or malware running on your computer, you can use Avast to scan your drive. If that doesn’t fix it, I also recommend that you install MalwareBytes and Ad-Aware software. These trifecta of antivirus software usually takes care of the job.

Heartbleed is going to be painful

Security experts are bracing for the impact of Heartbleed. It’s going to be painful for both companies and users alike. No one knows for sure how much data was compromised. The list of potential sites affected is long and distinguished. Any site using OpenSSL is vulnerable. Some security experts are saying to wait before changing passwords until security admins have patched their servers. You don’t want to change passwords twice. Like it or not, we may be forced to change passwords sooner than we think.

Check If You Have DNSChanger Malware

An estimated 275,000 computers are infected by the DNSChanger malware. Users who have the five year old malware may lose their Internet connection on Monday, July 9. If access to the Internet is ok, the other scenario is, they could be redirected to another website.

So, how do you know if your computer is infected by the DNSChanger malware? There is an organization called DNS Changer Working Group (DCWG) which launched a new tool to check if your computer is infected or not.

Just go to http://www.dns-ok.us/ to check if your PC’s health.

If the box in the resulting website is green, your computer is ok. If the box is red, your computer is infected by DNSChanger. Now, it’s highly unlikely that my Ubuntu desktop contains the DNSChanger malware. Here’s the snapshot of my result.

If you have the malware, you can run any of these free tools to remove DNSChanger.

Fix Flashback Trojan on Macs

As reported yesterday, over 600,000 Macs are infected by a Flashback Trojan botnet. The good news is, Apple has patched Java. You can visit Apple’s Support website and download the latest update.

http://support.apple.com/downloads/

Just a little background on the Flashback Trojan botnet per ZDNet.

Flashback was initially discovered in September 2011 masquerading as a fake Adobe Flash Player installer. A month later, a variant that disables Mac OS X antivirus signatures updates was spotted in the wild.

In the past few months, Flashback has evolved to exploiting Java vulnerabilities. This means it doesn’t require any user intervention if Java has not been patched on your Mac: all you have to do is visit a malicious website, and the malware will be automatically downloaded and installed.

Another variant spotted last month asks for administrative privileges, but it does not require them. If you give it permission, it will install itself into the Applications folder where it will silently hook itself into Firefox and Safari, and launch whenever you open one of the two browsers.

If you don’t give it permission, it will install itself to the user accounts folder, where it can run in a more global manner, launching itself whenever any application is launched, but where it can also more easily detected.

As a precaution, you should probably update to the latest Java release from Apple’s website. Just choose the OS X version you are using. I have Lion or OS X 10.7.x. Download and run the package. The patch takes less than one minute to install. It’s a quick and easy fix.

Removing Antivirus Live Virus

I was working with a client on Friday to remove a nasty malware called Antivirus Live. This rogue and fake antivirus program disables the browser from accessing the internet. It prevent users from launching or installing applications. The virus hijacks the computer with popups telling the user the computer is infected with many viruses, although they are not really there. The fake antivirus program recommends that a user buy their antivirus program to remove the viruses.

A year ago, I posted an article documenting how to remove the Antivirus Pro virus. It’s similar to Antivirus Live, in that it fakes the user there are viruses on the computer and recommend users to buy their own solution. Battling Antivirus Live is a bit more involved because the tools and processes I use before were ineffective with Antivirus Live. I ran Malwarebytes but it did not detect any malware or viruses.

So, I searched the internet for Antivirus Live and came across this website. It recommends that you use SuperAntiSpyware, MalwareBytes and Microsoft Security Essentials to remove Antivirus Live virus. The SuperAntiSpyware program turned out to be the super star. It was able to remove Antivirus Live as well as a few more. In the end, it found 67 items, in which 2 were viruses, and the rest were tracking cookies. I was disappointed with MalwareBytes. I’m not convinced with Microsoft Security Essentials either, but I left it on the computer.

If you ever face the Antivirus Live virus, just follow the instructions here.

One thing I forgot to mention. I had to boot into Windows Safe Mode (Press F8 on boot up) to perform all the drive scans. Otherwise, it would be impossible to launch any program in normal Windows mode since the computer is hijacked.

Panda Cloud Antivirus 1.1

PCMag.com just published a new article entitled, “Best Antivirus Software for 2011.” The title was a bit misleading because it focuses only on antivirus software that were recently released. There are a number of antivirus software suites that were ommitted, and were not included in the test, since they haven’t been released yet. One area that I really want to focus on, is in the area of free antivirus software. We all love free stuff.

Panda Cloud Antivirus 1.1 gets the Editor choice award. Not bad for a fairly new product. What are the pros and cons of Panda? The good. It’s great a keeping malicious software from installing on your clean computer. The bad. It’s not as effective at removing viruses. The author recommends another antivirus software for malware removal.

I think Panda Cloud Antivirus 1.1 deserves a try. If it does a great job of protection, there’s no really need for removal. After all, what else can you ask for a free product.

Antivirus System Pro

I have a client who just recently got his system hijacked by the nasty Antivirus System Pro malware. I could not remove the rogue virus running the normal antivirus software. I ended up removing the program files, DLL files and several registry entries from Windows. What a struggle that was. Here’s some info about the Antivirus System Pro from remove-malware.net.

Antivirus System PRO (aka AntivirusSystem PRO or AntivirusSystemPRO) appears to be the representative of the new generation of rogue anti-spywares. Being a clone of the infamous Spyware Protect 2009 and System Guard 2009 scarewares, Antivirus System PRO inherits its determinative traits; moreover, the hackers have been driving a lot of traffic to the websites promoting it, one of which is Antivirsystem.com.

Antivirus System PRO infiltrates the target computers through illicit browser-hijacking techniques or via Trojans using backdoor tactics to trespass undetected. When inside, Antivirus System PRO freeware will do its best to convince the victim to register its license. For this purpose, Antivirus System PRO usually floods the compromised system with its exaggerated popup alerts that state the PC is badly infected and needs a remedy, i.e. Antivirus System PRO full version which demands payment.

The deceitful effect of Antivirus System PRO pop-ups may he reinforced by its bogus security scanners that emerge out of nowhere and claim to detect more infections on your computer. The ultimate goal of Antivirus System PRO is to brainwash the victim into purchasing its license; if the victim is “stubborn” and refrains from installing the pimped scamware, Antivirus System PRO will attempt disrupting the target system. Therefore, it’s strongly recommended to remove Antivirus System PRO rogue as soon as possible.

In case you run into the same issue, perform the following to remove the annoying Antivirus System Pro malware.

Delete the following files:

  • c:\windows\sysguard.exe
  • c:windows\system32\iehelper.dll.

You may have to boot to the Windows command line to remove these files especially if the DLL file is running in the background.

In addition, you need to remove these registry entries:

  • HKEY_CURRENT_USER\Software\AvScan
  • HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”

Good luck. It’s an annoying virus if there was one.

Cornficker

I was just reading about the Cornficker worm on how it’s going to infect hundreds or perhaps millions of personal computers on April 1, 2009. Here are some facts about the Cornficker worm from ZDNet’s website.

What is Conficker and how does it work?
Conficker is a worm, also known as Kido or Downadup, that cropped up in November. It exploits a vulnerability in Windows that Microsoft patched in October.

Conficker.B, detected in February, added the ability to spread through network shares and via removable storage devices, like USB drives, through the AutoRun function in Windows.

Conficker.C, which surfaced earlier this month, shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It also reaches out to other infected computers via peer-to-peer networking and includes a list of 50,000 different domains, of which 500 will be contacted by the infected computer on April 1 to receive updated copies or other malware or instructions. Previous Conficker variants were written to connect to 250 domains a day.

After reading more of it, I just realized, I have nothing to worry about. My desktop is running Ubuntu Linux.