Zeus Virus Removal

A new customer called me to say that his laptop was locked with a warning that he had a virus (Zeus virus) and it was playing a loud audio warning and displaying warning with a number to phone to have it removed.

I’m pretty sure that he didn’t have the Zeus Virus, he had some fake virus warning that is designed to lock you out until you call the fake tech support phone number to let them log in and sort out non-existent problems and charge a fortune for it.

His “free trial” of McAfee had expired, and after fixing the virus warning I recommended my combination of security software and did a full scan for him to ensure no infections remained.

 

If you have any type of virus warning on your computer, or thing you might be a target for fake tech support, please contact me on the numbers top-right of this page or via the Contact form on the right of the menu bar at the top of this page.

Recent Jobs catchup

It has been a very busy time recently. I’m catching up with paperwork today, so here’s a selection of the recent jobs I’ve completed. “Remote support” is where I’m in the office and a customer logs me in via the internet, “on-site” is where I visit the customer’s home of office premises, and “return to base” is where I bring the computer back to my office to complete the work.

PC Tune-up via remote support.

Customer called saying he had a warning on his computer that he had a virus and “someone is trying to exploit your hard drive”, and that his files would be deleted in five minutes. He logged me in for remote support and less that 30 minutes later his computer was back to normal.

For another customer, he had a hard disk failure that needed a replacement, including data recovery and backup, supply and fit new hard disk, install Windows 10, and restore data from backup. Initially the customer reported several problems such as Chrome freezing when trying to attach files, Word and Excel freezing when using cut and paste, and Excel freezing when using “open” or “save as”. My diagnostics revealed that the hard disk was failing. Return to base to complete the work as it was more convenient for us both.

Security set-up on three PCs. Same customer as above logged me in for remote support on his three computers (one desktop, one old laptop, and one new laptop) to ensure all had my recommended combination of security software/apps.

Another long job. Customer contacted me about her computer freezing the un-freezing, constant cut-outs of Wifi, and the cursor jumping all over the screen when she was typing. I went on-site to take a look, but had to bring the laptop back to the office for more diagnostics. It turned out to be two separate issues; the freezing and WiFi issues were caused by a faulty DVD/CD drive (maybe shorting out), and the jumping cursor was caused by a faulty touch-pad. I removed the DVD/CD tray and disconnected the touch pad and returned the laptop to the customer (with a mouse she could borrow) while I sourced replacement parts. When the parts were in I went on-site and fitted them there.

That’s enough for now.

If you need help, please contact me on the numbers at the top-right of the page, or via this contact form this contact form (click here). Please do not leave comments to request help, as I may not see them for some time.

 

 

 

You need a (local) backup of important photos and files before you get an encryption virus

Encrytion viruses such as Cryptolocker, Cryptowall and Teslacrypt silently encrypt your files (photos, documents, everything) so you can’t open them without paying around £400 to the bad guys for the decryption password. Antivirus might not protect you. The new viruses also encrypt online storage and backup, so having an online backup or online storage might not help you. What you need is a memory stick or an external hard disk that you can connect whenever you want to do a backup and disconnect when the back is done.

Please, if you value those photos and files, make sure you have a proper backup that you control (ie more than one copy, not online). If you want me to help you set it up, including recommending any memory stick or hard disk you need, then please get in touch.

If you see anything like this, then you have a PUP (Potentially Unwanted Program)

RegServo

This is an example of a Potentially Unwanted Program (or PUP). These are generally offered as free scanners or bundled with other free software. PUPs are sometimes referred to as a virus, malware, fakeware or scareware. They offer little or no benefit. Moreover, they slow down the computer and generally annoy you.

Any program that gets onto you system and reports that you have problems is probably reporting fake issues. They generally ask you to register the software to clean up these fake problems, and part of the registration often includes paying money.

You should uninstall all such software, if you can. If you need help, please contact me. Most of this can be cleaned up remotely by me. The quicker you act, the less chance there is of this software messing up your computer even more or installing more software you don’t want.

Call me now if you want me to check your system security, remove software, sort out any other issues. Same day service often available!

Foxit Reader now comes with unwanted programs

I have to be careful here, so I don’t get sued, but my recommended PDF reading software now comes with Conduit Search and maybe SearchProtect, which some people label as malware or virus.

The latest version of the free Foxit Reader has an option during the installation to opt-out of the added software.  Since most people just click through with OK or Accept they’re unlikely to notice they are installing additional software.  Conduit and Search Protect are therefore ‘potentially unwanted programs”, or PUPs.

If you have these unwanted programs on your computer, contact me and I will remove them for you if you can’t do it yourself.

Conduit is adware, meaning it delivers adverts to people who have it installed.  It’s a ‘browser hijack’ which takes over your browser (Internet Explorer, Chrome, etc) and instead of using your chosen search engine (Bing, Google, or whoever), it uses Conduit’s search engine which delivers adverts and tracks your internet searches (and maybe other internet use).

Search Protect is software that makes it very difficult (virtually impossible) to change your search provider back to Google, Bing, or whoever you choose.

Foxit, I assume, generate income from the installations or use of these unwanted programs.  If they didn’t get income from them, why would they add them to their installation package?

These sneaky add-ins are getting more and more difficult to uninstall, and I’m seeing many more of them.  Always take time when installing software or updating software to make sure you un-tick (un-check) the additional software “offers”, even if they seem tempting.  The key is, if you dodn’t go looking for that software, don’t install it.

I will uninstall Foxit Reader from all my PCs and use an alternative (when I find one).

Again, these ‘infections’ can be difficult to remove.  Contact me if you would like me to remove them for you.

Cryptolocker – a new virus that can destroy your files, even your backups, unless you pay them $/€/£300

This ransomware, called Cryptolocker, encrypts the files on your hard disk and any memory stick, external hard disk, or other storage device attached to your computer. This may include any online storage that you’re connected to. It then flashes up a warning saying your files have been encrypted and you can’t decrypt them unless you pay $300 / €300 / £300 for them to give you the decryption key. They give you a maximum of 36 hours to pay, or they destroy the key, and your files are lost forever.

A virus that extorts money from you is called ransomware.

This is a variant of the Metropolitan Police, FBI, and other types of ransomware that I have cleaned up for many clients. This one cannot be cleaned up though. Once your files have been encrypted, no-one can decrypt them without the correct decryption key.

It comes in usually through an email that have a link to a website or an attachment that you might click. It may appear to be from a friend, a bank, or anyone else. It wouldn’t surprise me if this link will be put on hacked Facebook accounts soon too. Once you click it, it executes a file and you’re infected. You pay up, or you lose your files.

If you reached this page by clicking a link on Facebook or in an email then you could have just infected yourself. You haven’t, but it’s that easy! Never click links in emails, or on Facebook or anywhere else! Go to your web browser and type in the www. name of the page you’re looking for, or google for it.

Antivirus won’t prevent infection (most of the time) because by clicking the link you run the software and most antivirus vendors don’t have protection against this yet. Let me make this clear, antivirus cannot clean this infection; it cannot decrypt your files without the decryption key! You can only get the decryption key from the scammers, and only within 36 hours of infection.

Your backups won’t help you if the backup device is connected when you get infected; they will encrypt the backups too.

Advice:

  • Never click links in emails
  • Have good backups, but don’t keep your backup device attached all the time. Only attach the backup device when you actually need to do a backup. Ask me about backup solutions.
  • Although it doesn’t help yet, have a good antivirus to prevent infection. Ask me about the one I recommend, it’s £20 one-off payment (no annual fees)

Java Update doing naughty things again – Trojan

In this post, I will explain how Java Updater tries to install unwanted software on your computer, what could happen if it does, and what simple steps you should take to prevent it.

Java is installed on most people’s computers; it’s a programming language that is required on many websites and some software.  It’s also a target for hackers, so you need to keep it up to date.  Unfortunately, when you update Java, it tries to install software you don’t want too.

In September, I explained on Facebook (CBits on Facebook – please Like) that Java Update would install some McAfee software which slows down the computer and would then bug users to buy the full version.

Now, Java Update is trying to install the Ask Toolbar.  The Ask Toolbar takes over your computer’s web search functions and instead of getting the useful results you expect from companies like Google and Bing, you get sent to MyWebSearch results which are primarily adverts for which Ask gets paid.  It’s very hard to tell which results are adverts, and which are the proper results that you’re looking for.

Worse still, if you make the mistake of installing the Ask Toolbar, it is hidden from the “remove software” option in Control Panel for the next 10 minutes.  The only possible reason for this behaviour is to stop people from removing the unwanted software.

In my opinion, if software you install or update also changes a different function of of your computer, then it’s a trojan; a type of virus.

So, what can you do?  Well, look out for the Java Update icon in the bottom right of your screen.  When you get it, take time to update it properly without the Ask Toolbar.

When you run the Java Updater, look out for the tick-box next to “Install the Ask Toolbar and make Ask my default search Provider”.  Untick that box, then click Next, and follow the rest of the instructions.

If you’ve installed Ask Toolbar by mistake, you can probably uninstall it (after 10 minutes) from the Add/Remove Software function in Control Panel.  If you need help or advice, please let me know.

Many people who get things like this on their computer also have other things that need clearing off and sorting out.  If you want the best experience from your computer, you can find information on my tune-up services here.  The Express Tune-up can be done remotely (via the internet), so contact me now, and within the hour you could have a faster, better computer.