Tag Archives: malware

Why is my Computer so @!#?%^&* Slow? – Part III

Computer Security, Technical Tips,

This is the third article in this series. In case you missed them, here’s the first and second.

Malware

Malware, or malicious software, can be defined as a program designed to harm your computer or grant unauthorized access to it. One of the possible reasons for your computer being slow is malware running in it. In fact I’d dare say, if your computer is running at normal speed and it slows down all of a sudden, most likely it’s due to a malware infection. Conversely, not all malware slow computers down. At least not noticeably. In any case it holds true that one of the signs of an infected computer is sluggish performance. Probably the worst cause of a computer slowdown is malware, because not only will your computer be slow, but it won’t be totally under your control anymore! What to do? Naturally the computer needs to be disinfected. I’m assuming you have an anti-malware solution in place. Run a full scan. If nothing is found but you still suspect your computer is infected. you can try free online scanners such as Panda’s, Trend Micro’s, BitDefender’s, Kaspersky’s, Microsoft’s, Eset’s, to name a few. These can sometimes detect what your installed antivirus missed. Note that depending on the nature and severity of the infection, the malware might block access to security companies’ websites to prevent detection and removal. So if the above links don’t work, that’s probably the reason why. Once all the normal basic routines are unsuccessful in removing a resilient infection, it’s time to contact an expert to get the computer cleaned up. This is when the handling enters the realm of advanced manual malware removal techniques. Look for my soon-to-be-released article on how to best prevent getting infected in the first place and what is the best product to achieve that. Due to how relevant it is, that will be the next article to be published, and after that I’ll continue with the rest of this computer slowness series. Update 7/29/09: Here it is.

Who Profits from Malware Attacks?

Computer Security

Every now and then I’ve heard the conspiracy theory that Antivirus vendors are the ones behind the creation of malware, for they are the obvious ones to profit from its existence.  That theory misses the mark – by far.

Not necessarily known to everybody believing or supporting that theory, is a whole sub-culture connected to the creation of viruses, worms, and other types of malware. Cyber-crime, cyber-gangs, cyber-mafia! terms coined in recent years to describe said sub-culture. What are they? who are they? where are they? what do they do?

Very simply put, cyber-crime refers to crimes perpetrated through the use of a computer. There is people who dedicate themselves to discover exploits that allow unauthorized access to a computer or its data for criminal purposes, there is people who sell kits that allow cyber-criminals to create malware for the same purpose. There is people who sell the information so unlawfully obtained, or the ability to target a computer network or a website and render it useless (cyber-mafia). And the grouping of said people  in an organized crime fashion is a cyber-gang.

Where are they? based on general consensus from security companies such as Trend Micro, Panda Security, Symantec and others, there is a big portion of it in Eastern Europe and China. Based on an analysis of the geographical source of most of the attempts to write spam type comments in my blog or hijack attempts towards it, I’m going to have to agree with that assessment.

The purpose of this article is not to alarm anybody, but more to raise awareness on the nature of the bad hats behind your potential computer infection. This is a trend in the rise, and one that is not likely to fade away any time soon.

My advice? have a good antivirus solution installed, develop good internet surfing and emailing habits, and always stay alert at signs and symptoms of an infected computer. And of course if everything else fails, ask an expert for help.

That was a fun rootkit

Computer Security, Technical Tips,

 A young friend of mine asked me recently for help with his computer as it was behaving strangely, with Google search results coming out weird, unable to access certain websites, antivirus wouldn’t update, and so on. I immediately assumed the system was compromised, and guessed it was a rootkit.

Set out to uncover it, I used one of Mark Russinovich’s (that sellout that works for Microsoft now – just kidding! hope you can set Windows 7 right from the beginning!) wonderful tools, and in a few minutes the evidence of the existence of a rootkit popped up in plain view. Having identified the enemy, now it was just a matter of coosing the right tool to destroy it. Had to use two of them actually – this rootkit was very resilient, trying to get around its removal with various clever techniques.

But in the end I was able to remove it and voila! antivirus was able to update itself, no more denied website access, Google searches coming out the way they should.

Since the current day trend defining characteristic of malware is stealthness, rootkits are becoming more and more popular. More computers are infected than their unsuspecting users think.

is your computer infected? contact me and find out.

Conficker/downadup/kido worm – detection and removal tools

Computer Security, Technical Tips, , , , , , ,

Being as it is that one of this worm’s characteristics is to block access to security websites, this post is to help circumvent this problem. If your computer is infected or you suspect is infected, here’s a number of free detection and removal tools that deal with this infection. Click on the appropriate link to download to your computer. Double click on the file and follow the instructions:

BitDefender Single PC Removal Tool: Removes Downadup from a single PC

McAfee Detection Tool: It can detect if any of your computers is infected in a network

Symantec Removal Tool: Symantec’s W32.Downadup/conficker removal tool

Sophos’ Network Removal Tool: Sophos’ Conficker clean-up tool to remove Conficker from an infected network

Sophos’ Standalone Removal Tool: Sophos’ Conficker clean-up tool to remove Conficker from one or more single computers

Contact me if you need help using any of these utilities.

Your computer is not infected? Really?

Technical Tips, ,

People who think they are immune to virus infections because they don’t see a skull and two bones pop up in the middle of their screen or something obvious like that always amuse me. In this case, ignorance is a curse and not bliss. “I don’t need antivirus, I don’t have one installed, I browse the internet and have never had any infection problems.” REALLY?

Let me give you some facts. Scratch that. Let me tell you a little story:

In the beginning of computer and viruses history, one of  the main purposes behind creating and spreading viruses was RECOGNITION. To create a virus and see how far it could spread, or how much damage it could make, and let everybody know about it. It is to that historical age that skulls and bones popping up in your screen belong.

As time went on and by the end of the millennium, a new purpose had emerged: to make a profit out of computer infections. With that change in purpose, it became obvious that a new characteristic would accompany that purpose: STEALTHINESS. In present day, that is the signature of an attack. And it’s working! see how some people believe they’re immune to attacks?

To compound the felony, the rate with which viruses and other malicious software (or malware) are being created has and continues to grow exponentially, thus growing faster than the anti-virus companies can update their ability to detect new malware. So EVEN with anti-malware software installed and kept up-to-date, you are still at risk of getting infected. One out of every 5 computers with installed antivirus protection is infected.

Is YOUR computer infected? Contact me and find out now.