Archive for Computer virus

How to tell if your Computer has a Virus

How to tell if your computer has a virus

Sometimes computers do strange things that ring alarm bells and the next thing is that you’re running virus scans and demanding everyone come clean about their browsing habits. Fortunately, not all weird occurrences are caused by viruses – sometimes your computer is simply overloaded, overheating or in desperate need of a reboot.

Here are some tell-tale signs of a malware attack:-

1. Bizarre error messages

Look for messages popping up from nowhere that make no sense, are poorly worded or plain gibberish – especially if they’re about a program you don’t even have. Take note of anti-virus warnings too, check the warning is from YOUR anti-virus software and also that it looks like it should.

If a message pops up that isn’t quite right, don’t click. Not even to clear or cancel the message. Close the browser or shut down the computer instead, then run a full scan.

2. Suddenly deactivated anti-virus/malware protection

Certain viruses are programmed to take out the antivirus/antimalware security systems first, leaving you open to infection (this is why we advise our customers to always have all the system tray icons visible on the taskbar, on the bottom right-hand side). If you reboot and your protections aren’t back doing their job, you may be under attack. Attempt to start the anti-virus manually.

3. Social media messages you didn’t send

Are your friends replying to messages you never wrote? Your login details might have been hacked and your friends are now being tricked into giving up personal information or worse. Change your password immediately, and advise your friends of the hack.

4. Web browser acting up

Perhaps you’ve noticed your homepage has changed, it’s using an odd search engine or opening/redirecting to unwanted sites. If your browser has gone rogue, it could be a virus or malware, usually one intended to steal your personal or financial details.

Skip the online banking and email until your scans come up clear and everything is working normally again.

5. Sluggish performance

If your computer speed has dropped, boot up takes longer and even moving the mouse has become a chore, it’s a sign that something is wrong – but not necessarily a virus. Run your anti-virus scan and if that resolves it, great. If not, your computer possibly needs a tune-up or quickie repair.

6. Constant computer activity

You’re off the computer but the hard drive is going, the fans are whirring, and the network lights are constantly flashing? Viruses and malware use your computer resources, sometimes even more than you do. Take note now of what’s normal, and what’s not.

Got a virus? Give us a call at 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

CCleaner program hacked

Popular Ccleaner program hacked

 

Many people use the free CCleaner program which is used for computer maintenance and file cleanup and it is so popular that millions of downloads take place very week.

Unfortunately Piriform, the company which makes the program, has announced that one of the program versions downloaded by millions of users over a four-week period, had been hacked and has been used to install what is called a ‘back-door Trojan’ virus on people’s systems.

The versions which are affected are CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows – which were downloadable between 15th August and 22nd September.

The hack allowed the program to cause the download of further unwanted software, possibly including keyloggers and ransomware and initial investigations show that that the program was hacked at the company, before being released to the public using their normal download servers.

Information relating to the infected computer may also have been sent to the hackers servers during this period.

CCleaner users with the above versions should immediately uninstall the program and download the latest version as soon as possible. Although the company states that only the above versions are affected, we recommend uninstalling any version downloaded between those dates before reinstalling, just in case investigations later show that more versions were affected.

We also recommend that if you have the one of the versions mentioned above, you should take the usual common sense precautions such as full scanning of your computer with a good security product, as well as keeping an eye on your bank statements, etc.

This incident is not only potentially serious for users it is also embarrassing for the parent company that now owns Piriform – the antivirus security company Avast. Although further investigations are taking place to find out how this happened, many people may now lose confidence in the CCleaner product.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

NHS Cyber Attack – how to build up your protection

Malware terms

Here is some more information about the NHS cyber-attack that started on Friday.

The Ransomware variant is called WanCrypt0r and 81,000 infections were reported in the first 12 hours. It has not only targeted the NHS but has also gone for Banks, Telecoms and Utilities worldwide.

It has been established that the criminals are exploiting a known vulnerability in Windows (MS17-010)  which has already been patched, but those computers which do not have up to date Windows Updates are still vulnerable.

We have warned customers before about the Ransomware threat and the extent of this attack means that we should all consider increasing our defences, especially businesses but also homes, as Ransomware can be spread via emails.

As there is no way to guarantee 100% protection against threats, we have to make it as difficult as possible for the threat to take hold and how much you decide to do depends on the level of risk you wish to take.

1. Ensure that Windows Updates is kept up to date

Windows Updates contain security fixes (amongst other things) and computers that have not been kept up to date are vulnerable, as in the case in this attack. Admittedly Windows 10 gives you little choice when it comes to Updates (you have to have them) but if you are using any previous version of Windows – make sure that Updates are kept up to date.

If you are still using Windows XP or Vista, you shouldn’t be. These versions of Windows no longer get Windows Updates.

Update:
Microsoft have now issued a patch for XP and Vista. Go to this web page to download the patch if you are still using XP and Vista (demand is high so it may take more than one try). Please note – this patches this vulnerability only so you should still move away from these unsupported operating systems.

2. Make sure that you have a good antivirus product that is kept up to date

Good security products give a better degree of protection but they have to be kept up to date, with active subscriptions. Free antivirus is better than nothing but does not give protection that is as comprehensive as paid versions.

3.    Install extra protection.

Usually, you should not have more than one security product installed on your computer at any one time, but there is a product called Malwarebytes, which can be installed as well as your existing antivirus. This increases your protection especially from Ransomware, if you install the premium version.

4.    Consider your backup situation

If a computer is infected, the virus goes across a network and it is possible that any connected storage will also get infected – this includes cloud storage such as Dropbox. Having said that, Dropbox state that within 30 days of the event they can restore your files (here) and you can subscribe to extend the 30 days to 1 year if you choose. If you are using any other Cloud storage, check with them to see if they have a similar service.

It is vital that your important files are backed up and a copy kept separate from your computer. In the event of an infection, you can at least relax a little that your important data has not been encrypted.

5.    Consider downtime – system backups

When a computer has Ransomware, if you have backups of important files you will not need to pay the criminals. It is likely that the computer will need to be wiped clean and Windows reinstalled, which takes time.

There is software available that can take a copy of your whole computer, which could be used to reinstall the whole system in much less time than a full reinstall. A copy once every 2 or 3 months would allow you to get back up and running in much less time.

As mentioned earlier, many viruses are spread through emails, so never click on links in emails and do not open attachments unless you know that they are genuine emails – if in doubt call the sender.

If you would like help with any of the above, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Mac Computers and Viruses – Truth versus Myth

Compromised app containing a virus

We have lost count of the number of times that we’ve heard the phrase “Macs don’t get viruses” or “I’ve never had protection on my Mac”. Whilst this may have been true in the past it isn’t as cut and dried today and the Mac OSX operating system actually can be vulnerable, so protection is worth seriously considering especially in a work or business situation.

More difficult to exploit

The Mac is based on the UNIX operating system (as is Linux) which is more difficult to exploit as it is built on a sandbox-type principle, where malicious code cannot usually get as far as it might get in a non-UNIX based system.  Also, Apple has built in a certain degree of malware prevention in the Mac, for example their ‘Gatekeeper’ software actually blocks apps that have been downloaded from the internet (i.e. anywhere other than the Apple Store) that do not have a Developer ID supplied by Apple certifying that they are safe to use.

Unfortunately, in spite of this robustness the Mac is now becoming a victim of its own success because its increasing popularity means that cybercriminals are paying more attention to it – and finding ways of making money from you even if you are a Mac user. It’s not just that popularity – Macs are usually much more expensive to buy, so the cybercriminals may believe that Mac users are attractive targets.

Not impossible to exploit

For example, a popular Mac DVD-ripping and Video Conversion app called ‘Handbrake’ was recently compromised, by criminals hacking the software company download server and inserting malicious code into the app download. When this download was installed on a Mac, it also installed a ‘backdoor’ (a means of bypassing security). The user then was asked for their administrator password, which was passed over the internet in plain text so that the criminals could access any part of the system from that point.

By successfully avoiding having to use the ‘direct attack’ approach, this allowed important information such as password keychains and browser data to be extracted and passed to the crooks.

This compromise has now been corrected and the infected code was from a download between 2nd and 6th May 2017. If you have installed Handbrake version 1.0.7, check the SHA1 checksum of the file by opening a Terminal, typing in shasum and dragging the installation file into the Terminal Window.

If the checksum is 0935a43ca90c6c419a49e4f8f1d75e68cd70b274 then the file is malicious.

To disinfect it remove the Launch Agent plist file fr.handbrake.activity_agent.plist, and the activity_agent.app file located in ~/Library/RenderFiles/. Reboot then change your passwords.

In the past year or so a Ransomware-type malware was discovered for the Mac, so this isn’t the first time that there has been a potential issue.

Even though the Mac is more robust and secure than its main competitor, it is by no means invulnerable to malicious code and it is a risk to think otherwise. You may feel that the risk is small enough to continue to use your Mac as you always have, but at least consider the pros and cons first – as well as being very careful about where you get your apps from.

If you would like help in securing your Mac, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Controlling Windows 10 Autoplay Settings

Autoplay settings in Windows 10

‘Autoplay’ in Windows was originally designed to automatically open removable media that you have plugged into your computer, such as CD/DVD or USB media – it was meant to speed things up for you, but it has had a checkered history.

In the old days, putting in a CD/DVD or USB media with Autoplay switched on was a good way of passing viruses from one computer to another, as viruses were automatically executed when the media was opened for you. This is why good security programs today either automatically scan removable media when inserted, or ask you to allow it to do so, but some programs are better than others and some may not stop a virus from executing itself in time.

Later versions of Windows switched Autoplay off by default and Windows 10 asks you what you want to do, when removable media is inserted. However we do see customers that switch it back on, for ease of use but this does pose a risk.

Even today, it is recommended that Autoplay is switched off. You can do this by going to Settings > Devices and select ‘Autoplay’ on the list on the left. Toggle the Autoplay switch to ‘Off’, Autoplay will be disabled and you will not see the pop-up window again. This allows you or your security software to scan the removable media before opening.

Alternatively, or you just find that annoying, the next safest thing is set Autoplay to ask you what to do every time media is inserted, rather than automatically opening it. In Windows 10 you can actually select different actions for different media, for example you can set memory cards to import photos from your camera (which is unlikely to be infected). The settings for this are in the same section as described above, and you go to the ‘Choose a default’ for each media showing in the list.

There is also even greater control of individual media by going to the ‘Autoplay’ setting in Control Panel, where you can choose a default for many more options such as Pictures, Video, Audio etc. that may be present on your removable media.

Rather than just automatically opening media, the final thing that you can do is to set Autoplay to open the media in File Explorer – but as some viruses reside in an area of removable media that is read when opening its file list, this is not that much better than automatic opening. We would recommend scanning all removable media before opening it in File Explorer.

Every day people are using the same USB drive in their home and office/business computers, or putting removable media into their computers that has been used in a friend or relative’s system. This means that the weakest point is the danger point for compromising the security of your computer – so the friend/relative that may not have a good security program, or a compromised office computer are routes to computer infection.

The last thing you want is to have your computer disinfected, so it pays to reduce the risk where possible.

If you would like help in securing your computer or believe that your computer may be infected, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Is Anti-Virus Enough These Days?

Is Anti-virus protection enough these days?

Not too long ago, everyone was warned about computer viruses and ‘Anti-Virus’ became the in-word when it came to computers, because the last thing you wanted was for someone to cause damage using a virus program.

Since then, criminals have jumped on board the malicious software scene and big money can be obtained from data – especially yours.

Increasingly the media are telling us that there are more threats than basic viruses now, things like ‘Ransomware’ (a malicious program which encrypts your files so that you cannot access them again without payment), software aimed at stealing your credit card and identity data, telephone scams using remote software, plus others.

Protection – what can you do?

Clearly, if you want to go on the internet you do need anti-virus protection but unfortunately, protection from free programs is not enough these days. Yes they are definitely better than nothing, but you have to ask yourself if big corporations such as Yahoo and TalkTalk can get hacked, maybe minimal protection compared to paid-for protection, is not the way to go.

A good paid-for security suite is the minimum these days and even then, you have to be careful about what websites you visit, emails you open and what you download.

The One Anti-Virus Rule

Traditionally, the rule has been that you must only have one anti-virus program running at any one time on your computer. To have two anti-virus programs was definitely not recommended, as they compete with each other and at the very least slowed your computer to a crawl, if not actually corrupting your data. We have come across many computer systems with two or more anti-virus programs which have caused problems. That was up till now.

There is now a product called Malwarebytes, which has been designed to actually run alongside your traditional anti-virus program, without causing the problems as before. It compliments your current protection by looking for the ransomware / malware-type of threat and assists in the protection of your system by concentrating on the non-traditional danger to your computer, without causing problems having two protection programs.

As it is a paid-for product it runs in real time, bolstering the protection of your system. As the threats particularly of Ransomware are becoming a problem, especially for businesses, it is recommended to seriously think about adding to the scope of your protection.

Ultimately, no protection system is guaranteed 100% effective as they are always catching up with the “bad guys”, but it is worth considering whether or not one protection program is enough these days, bearing in mind online banking and other day-to-day internet use that involves sensitive personal and financial information.

If you do decide to go down the additional protection route, we can supply Malwarebytes at below retail prices, so if interested give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Free Antivirus – is it letting you down?

Free antivirus - is it good enough?

One of the best ways to avoid a computer virus is by using common sense, but that doesn’t mean you’ll be safe from attack. Even the most careful user can find themselves infected in an instant and spreading the virus faster than a sneeze in flu season. It’s why antivirus software is still the first package we install on all systems – because you never know when you’ll be attacked. But should you choose free or paid antivirus?

Advertising in the program

Much like a free mobile app making its fortune with in-app purchases, the free antivirus software will push for payment. Expect popup boxes pestering you to sign up to the paid version with some free options also trying to change your browser home page and default search engine, an inconvenience you may be stuck with. Paid options are more respectful and largely invisible unless they’ve detected a problem.

Effectiveness of free antivirus

It’s fair to expect your antivirus to detect malware, and testing showed that in a head-to-head battle free and paid are about equal at catching known infections – although some are better than others as you would expect. Unfortunately,  free antivirus generally needs to have recorded a virus into its virus lists before it can detect it. Paid antivirus is more likely to identify and stop a new virus because it also bases the detection on suspicious behaviour, the source and its attributes, a far more effective method of detection.

Features in free versions

Free antivirus programs are usually created from the paid version, taking out everything except the bare minimum. In your free version, it is unlikely that you will have all the advanced features like spam filters, firewalls, parental controls and secure web browsing. Some paid antivirus will also update your other software packages, forming a more secure protection against attacks. For example, you might view a malicious image file that takes advantage of an exploit in your PDF software so anything that reminds you to update your PDF program is a good thing. Unfortunately, hackers have advanced beyond simple tactics and it’s not just about avoiding email attachments anymore.

Support

Free antivirus options are the most popular choice because they’re… free. Obviously.  This also means there’s generally little or no support available. If there’s a problem or conflict, you may find yourself without protection until it can be resolved. Paid antivirus options usually include telephone support, ready to help with problems ranging from installation to system diagnostics.

Ease of use and flexibility

Depending on what you use your computer for, this may be an important concern. Free antivirus options are easy to install and use, but are very limited in their flexibility. They come as-is, meaning you can’t pick and choose what it monitors or how it reacts. For example, users occasionally find it necessary to disable ALL protections in order to install or play a network game. Paid versions are more likely to allow you to adapt the way the antivirus runs, switching features on and off as required e.g. many paid antivirus programs have a ‘gaming mode’ available, which restricts interference by the antivirus product.

Free antivirus is fine for very basic protection or those with an older PC. In these cases, something is always better than nothing. But we generally recommend that you go with a paid antivirus to defend you from the new attacks that are released daily, and to ensure you’ve got solid protection that will make a real difference to your digital safety.

If you want to upgrade to a paid antivirus, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Potentially Unwanted Programs

Too many toolbars are PUPs

Everyone has heard of the term ‘computer virus’ and many people have also heard of the term ‘malware’. Unfortunately there is a less well-known term – a Potentially Unwanted Program (PUP).

This is software that may be clogging up your computer, yet is not classed as a virus or malware. They can cause problems when they are downloaded and installed, but what makes a PUP different is that when you install one, you are giving consent for the installation.

PUPs typically use up large amounts of system resources because they are running in the background and generally slow down your computer – sometimes drastically. From changing your search provider for no reason, adding toolbars to your internet browser or giving you pop-up adverts, PUPs can be annoying and troublesome. They are also easy to get.

Newer strains are information gatherers, providing data about your browsing habits and other information which is valuable to someone and the information is sent out for data collection purposes. Some are used to spread actual malware. Not all are as bad as this, but they all share an unwelcome trait – you are probably better off without them.

How do you get them?

Sometimes they piggy back onto other downloads, such as from software websites where there are bright green ‘Start Download’ buttons everywhere. You click on the button expecting one piece of free software and end up getting something else entirely or something in addition to what you expected.

It’s not just dodgy toolbars or free software designers either. Some big names bundle well-meaning PUPs in their downloads, for example Adobe Reader can give you the option to download an on-demand virus scanning program unless you spot it on the webpage, or a Java download asking if you want to install a toolbar, change your search engine or other setting when installing the program.

The more dodgy variety of PUP relies on you not wanting to read through the long licensing blurb displayed on the screen (the EULA). By clicking on the ‘Accept’ button, you are effectively giving them permission to install and in the case of the dodgy variety, protection from any legal action.

The question is that it’s easy to click away and miss something – you do need to watch what you click on.

Why do you get them?

“Free” software makers make money from them – for example, every toolbar installed earns them money.

Companies that give you the option to download them in addition to their own product, may also make money promoting the additional software.

PUPs are also friendly with each other, so when you get one it may bring along some of its PUP friends as well, to make some more money on the side.

Won’t my anti-virus program catch them?

Not necessarily. The issue is that technically, a PUP can be legal software in spite of the way it is used and some antivirus vendors choose to be strict about detecting them, whilst others are not so strict. Even if it is not switched on by default, many antivirus programs have a setting to configure the antivirus to look for PUPs, so it’s worth checking yours.

The important thing is to be watchful, especially when downloading and installing programs.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

Beware the Google Chrome Font Scam

Google Chrome font scam

If you are using the popular Google Chrome browser and open a website that has text that looks wrong, and then see a pop-up window saying that a font is missing that needs to be downloaded, do not download it – it is a scam being used by hackers!

Needless to say that this is not a genuine message from Chrome and reports are coming in that websites that are infected with this malware are causing text in their webpage to display incorrectly, with visitors using Chrome to see the above window saying that a font was not found and that the ‘Chrome Font Pack’ needs to be downloaded to see the web page properly.

This is a scam and if you download the “Font Pack” you will actually download malicious software. It is believed that the download is monitoring software designed to snoop on your computer – although some cases of ransomware have been using it to encrypt your personal files.

The problem is that this pop-up window looks legitimate and already users in the UK are being caught out with this.

So if you see this font message appear on a webpage, leave the website immediately and whatever you do, don’t download the software!

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone

How can I tell if my computer is infected?

Virus infection

One of the common questions we are asked, is how to tell if a computer is infected? Some computer viruses are getting ‘clever’ by deliberately making themselves as stealthy as possible, so that they can do their work without you ever knowing.

Luckily, most of them can still be spotted, if you know where to look or what to look for – especially if there is a combination of symptoms.

Computer is running slow?

The general rule is that computers tend to get a bit slower over time just in normal use, so you need to be careful here. The more that computers are used and the older the technology in them, the more likely it is that the computer will take a little longer to do things than when it was new.

If however, your computer gets slower in a short period of time, that is a possible indication that something is amiss.

Where has my search engine gone?!

You switch your computer on, you want to do an internet search and suddenly Google, Bing or whatever search engine you normally use, is no longer there.

Although some people can inadvertently change the search engine in their internet browser, the majority of cases we see are that the search has been changed without your permission. This is classic computer malware behaviour (malicious software).

Unfortunately in many cases it isn’t a simple task to get rid of them by changing the setting back to what it should be, because they tend to reinsert themselves.

Pop-ups, pop-ups and more pop-ups!

If you are getting pop-up windows appearing, particularly advert-style ones, then again this is a classic symptom that you may be infected.

These annoying windows can appear even though you may have switched off pop-up windows in your internet browser and are usually scam-type infections, trying to convince you to spend money on computer programs and the like.

New icons on your desktop

Quite often we see icons on customer desktops that the customer has no recollection installing – particularly for so-called optimisation or driver update programs.

Many free downloads contain links to other software that is downloaded at the same time and whilst this extra software may not be classed as a virus in itself, they are classed as ‘Potentially Unwanted Programs’ and are automatically removed when professional technicians disinfect a computer. They were installed without your express permission, are hoaxes or simply don’t really do what they say that they do.

If you suspect that your computer is infected, give us a call on 01455 209505 and we can check your computer for you.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone