Currently browsing posts under the tag: trojans.

A nasty ransomware trojan making the rounds

Written by: StevenHodson on November 9, 2009

2

ransomnote For those not familiar with the term ransomware trojans basically infect your computer and in the process encrypt your files, change extensions and several types of nasty tricks to them. When done the trojan will typically pop up a dialog demanding cash to return your system to normal.

There is a new one according to a report from Symantec called Ramvicrype Trojan that well encrypt your files and then when you are search for a fix you find yourself directed to a website that will sell you some software to fix the problem. The search will yield the expected results because of the unique file extension the malware uses on the encrypted files.

Using the file extension – *.vicrypt it takes short order to find the solution but Symantec has published a specific utility program to help any victims hit by this trojan.

Continue reading A nasty ransomware trojan making the rounds »

Post tags: , ,

Category: Security

System Restore and malware – a piece of advise

Written by: StevenHodson on September 25, 2009

0

The other day I wrote here about why I think that System Restore isn’t a service in Windows that should be disabled regardless of the number of tweaking sites that recommend you do so. I want to add a bit of a caveat to that post in light of a post over at The H Security blog about a trojan that can hide in your System Recovery files.

I have seen this in the past when working on client’s machines where malware scans have shown viruses and trojans hiding out in both System Restore and the $Recycle Bin folders. Even from there as Chun Feng, a Microsoft virus specialist, speaking at the Virus Bulletin conference in Geneva pointed out the known trojan Dogrobot can survive and re-infect your machine.

So while I am an advocate of using System Restore I also suggest that you clean out your system restore on a regular basis using the following steps

1. Before you clean out your system restore cache make sure that you first clean out your Recycle Bin. The reason for this is if there is any malware you might have hiding in there it will get deleted but remember these files will also be a part of your System Restore cache as well. By deleting these files you remove the surface threat of them still being able to re-infect your machine.

2. Once you have done that it is time to delete all the System Restore files you have collected. This is a pretty simple procedure which you can start by clicking on the Start button and the right click on the Computer menu item

sys5

That will bring up your System Information dialog where you select System Protection

sys1

This will display the System Properties dialog with the System Protection tab selected. There you will see a list of drives that have System Restore enabled on them.

sys3

Select the drive your want to turn System Restore off on (you should actually do it for all drives where it is enabled) and then select the Configure button which will display the following dialog window

sys4

Select the Turn off protection option and then click Okay on the confirmation dialog that will pop up.

3. Once you have done that for all the drives re-boot your machine. This will clear out all the files in the System Restore cache.

4. After rebooting repeat the process above and re-enable System Restore on your drives and then create a fresh restore point.

This process will always make sure that any baddies that might be hiding in places you would think are safe are actually gone for good.

Post tags: , ,

Category: Security

Search for news on wildfires could land you a trojan

Written by: StevenHodson on September 1, 2009

0

If there is one thing you can say about malware authors it is that they are almost as quick at Twitter is capitalizing on bad news and disasters.

The lastest case is the wildfires creating havoc in California as malicious sites are serving some nasty trojans up to surfers trying to find all the news they can on the disaster. As Steve Bass, who is near Altadena, California, writes to the guys at Sunbelt Software

“We’ve discovered that if you conduct an "Altadenablog" search on Google right now, it will point you to several sites that will try to load malware on your computer. It’s pretty insidious — it will not allow you to surf away nor shut off the browser unless you click the "Yes" button on the "Download antivirus software now!" box. We have a Mac and know a few hacker tricks to shut down a recalcitrant browser, but others might not be so lucky.”
Another dangerous search string is: "Altadena Fire Hottest Info" Steve said.

Another reader of the Sunbelt Software blog sent in a screen capture of one such site

calif fire malcode

So as much as you might want to find out what is going on in California this is no time to let your guard down, or you’ll find yourself having to do a system rebuild instead of keeping up on the news.

Post tags: , ,

Category: Security

RogueWare Warning: PC Antispyware 2010

Written by: StevenHodson on August 2, 2009

0

A new rogue security application called PC Antispyware 2010 is starting to show up. This is another application from the WinReanimator family and delivers the Braviax trojan as part of the install.

Program Splash screen

PCA_202010_20Splash

Program GUI

PCA_202010

thanks to Sunbelt Software

Post tags: , ,

Category: Security