Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Virus In My E-mail?

“A friend told me my e-mail had infected their computer.”

It is never any fun to take the blame for something you didn’t do. But that’s what happened to a recent client of mine. The call started out easy enough. When I asked “how can I help you today?”, they told me they wanted me to “remove the virus from (their) computer.”

I asked a few more questions; such as, were they running an antivirus, and what was causing them to think they were infected? (You might think it unlikely that there are people — in this day and age — who are not running an antivirus program.. but, sadly, there still are. If that be you, or you have let the “subscription” expire, please, click here!)

The client informed me that not only did they have an up-to-date antivirus but the scan was coming up clean, and that they had used the online scanner, Housecall, and it had come up clean as well.
Hmmm…
Bizarre behavior? Machine slow? Missing files? Garbled files? Odd Error messages? None.
Hmmm…

So what made this person think their machine had a virus?
Their reply, “A friend told me my e-mail had infected their computer.”

My client was very relieved to learn that not only was their machine free from viruses [Yes, I did some further checking] but that they had not even sent the infected e-mail in the first place!

What had happened was that their e-mail address had been “spoofed“. The infected e-mail in the friend’s Inbox only looked like it came from my caller, but had actually come from somewhere else.
Address spoofing is a hacker’s method of changing the code in the header of the e-mail so that it displays a (legitimate) e-mail address, but one different from the actual sender… very much as if you wrote a make-believe return address on an envelope you mailed.

Spammers and Phishers use this technique to hide the real origin (to make it seem as if the e-mail really did come from BofA, for example), and some types of malware use it to propagate and spread themselves. It was this latter use of spoofing which triggered my client’s call.
Someone (a friend or relative, most likely) – who had my client’s e-mail address in their address book — has been infected with a worm. This worm scanned the infected computer for anything resembling an e-mail address, collected them, and then mailed itself to those addresses. The recipient, thinking the poisoned e-mail came from a trusted Sender, opened the e-mail (and probably clicked on the attachment, or link). In short, my client was not infected, but someone they know is.
If you find yourself in a situation like my client, or if you get “Delivery Failure” notices for e-mails you did not send, your address may be being spoofed.

Tip of the day: Sadly, there is not a lot you can do to stop ’spoofed’ e-mails from appearing in your Inbox, but you can take preventative steps to keep from being victimized by them. (And, tell all your friends and relations they should check their antivirus…)
First of all, simply understand that what appears in the Sender box may not be the true point of origin, and exercise the appropriate caution. I have mentioned before, and repeat here, that you should not click on links you receive in e-mail. and spoofing is why. Instead, Copy the URL (the link) and Paste it into address bar of your web browser.
And if you are not expecting Uncle Joe to send you an e-mail with an attachment, ask him if he did, in fact, send you such an e-mail before you open it. And do the same for institutions, like BofA or Pay Pal: if you suspect an email reporting to come from your bank, call them and ask about it.
And, of course, have a up-to-date antivirus installed and have it set to scan your e-mail. Do not rely only on the antivirus which your ISP or e-mail service provides. Again, I refer you to the link to my prior article (I mentioned above) if you need some help or advice in this area, or need to download a free antivirus program.

Today’s free link: If you are in the market for a car, selling a car, or simply need to know the value of your vehicle, the Kelley Blue Book is the definitive place to look and is the industry standard. KBB online will give you real prices/values for new and used vehicles, offers advice for buying and selling, and has a Perfect Car Finder search engine.

Copyright 2007-9 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

December 9, 2009 Posted by | antivirus, computers, e-mail | , , , , , , , , , , | 4 Comments

How To Cure A Malware Infection

3 Easy Methods

What do you do when your PC is displaying all the signs of having been infected and/or hacked but your antivirus and anti-spyware scan reports come back clean.. or fail to remove the infection?

This was the case for a fella who called me for advice recently. He had done things ‘right’ — and by that I mean he has a firewall, he keeps his antivirus definitions up to date, sick and he runs a couple of anti-spyware applications — but suspected his machine had been hacked anyway.

He couldn’t do things he was used to doing (like deleting a file) and his machine was “really slow.” But according to his scanners, his machine is in perfect shape!
He was right, btw, he was infected.

Tip of the day: If you should find yourself in a similar situation there are several steps you can take to help resolve your questions and (hopefully) fix your machine without taking the drastic step of wiping your hard drive, formatting, and reinstalling Windows.

The first step is to use a scanner that isn’t installed on your machine. Here’s two ways to do that: one, if your antivirus allows it (and most of them do these days), follow its instructions and make an antivirus recovery disk. This is a bootable disk that scans your system before Windows loads.

[note: for a quick method to create an AV disc, keep reading..]

To use one, put it in your CD tray and restart your machine. A plain-text sentence will appear* telling you to “press any key to boot from CD…” When you see it, hit your spacebar or, well, any other key, and then follow the instructions. When it’s finished, remove the CD and restart your machine again. (* If you don’t get a “press any key” prompt, you need to set the boot order in your BIOS. For instructions, click here.)
[note: you may also use a properly prepared USB thumb drive. Click here to read my article on how to do that.]

A second method is to use an online scanner. I have a list, with links, of several good online scans on my website, here. (My reco is Housecall) Quite a few of the online scanning tools will try to sell you their full application, but you’re under no obligation to buy. The big advantage to these two methods lies in the fact that they have not been compromised, or altered, and the files and scanners on your machine may be– the modification being done by the virus or hacker specifically to thwart your removal attempts.
[note: most modern malware blocks access to these sites. If that happens, do the repair found here, Can’t Download? Reset IE, and then try.]

Another thing to do is scroll down to my “Today’s free download” and download HiJack This!. Run it and dump the result into a .txt file (there’s instructions for this) and then register on one of the HiJack This! forums (there’s instructions for this too) and post your results there. Before too long, an expert anti-malwareologist [don’t bother looking: I just now made that word up] will have looked over the intricacies, and will post their analysis and instructions. These folks are really, really good at what they do, and you can trust their answers. These volunteers get a big tip of my hat.

Hopefully these efforts will be rewarded with a rejuvenation of your machine, and you will be back in business again.  If not, you have my sympathy. You may have a rootkit and then your best solution is to re-format your hard drive and reinstall everything, or enlist the aid of a professional. There’s no shame in that last — the modern versions of viruses and worms are devilishly difficult to remove.

Today’s free downloads:
HijackThis™ is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis does not clean infections, but creates a report, or log file, with the results of the scan. A large community of users participates in online forums, where experts help interpret the scan results to clean up infected computers.

Avira AntiVir Rescue System This is a small download that, when launched, will create a self-contained anti-virus disc with the latest definitions. All you have to do is insert a blank CD. (You may have to go to an un-infected machine to do this..) It will boot even if your machine won’t load Windows. Avira gets a big tip of my hat for offering this free tool, too!

Today’s recommended reading: How to Protect Your Child on the Internet

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

January 27, 2009 Posted by | advice, anti-spyware, antivirus, computers, how to, PC, rootkits, software, tech, troubleshooting | , , , , , , , , , , , , , , , , , , , | 6 Comments

Do You Need AV on a Mac?

I get asked that from time to time. But usually, I’m not asked, I’m told. “I don’t need all that *crud*. I’m on a Mac.”
Usually, but not always, there’s a certain tone the speaker adopts when uttering that Standard Line (read, “dogma”) that conveys a smug superiority.. but, hey, everyone’s entitled to a little.. uh, delusion or two in my book. Keeps life interesting.

Basis in fact: There are some reasons for this don’t-need-an-antivirus belief system. One is, Apple itself has promoted the idea. Another is, there were hardly any (and at some points in history, no, zero, zip, nada) viruses / trojans / worms / etc. written to exploit the Mac OS. And even now, they’re considered “rare”.

Cyber-criminals (aka “hackers”) knew that less than 5% of computers were Macs, and essentially none of the “pots of gold” (database servers) were running the Mac OS.. so why write a attack program? (Apple products have been proven quite “hackable” – iTunes, QuickTime, Safari actually rank quite high on the list. See, Firefox More Secure? Tops ‘Most Vulnerable’ List) Answer– There’s basically nothing to attack with it.

Then and now: But, that was before Vista; and, the “I’m a Mac” series of television commercials. Now, instead of approximately 1-in-20 PC’s being Macs, it’s more like 1-in-10. Now, the idea of a all-Mac botnet has some merit (and a true Mac fan will tell you, all the Windows PC’s have already been taken!). An all-Mac botnet wouldn’t be all that big.. but the new numbers mean it’d be big enough for some uses…

So, sure enough, some enterprising criminal wrote a backdoor worm and glued it to a copy of iWork ’09 and posted it to several of the torrent sites, knowing that Mac-using folks who don’t like paying for things would download and install it.
Voilà, we got us an all-Mac botnet.
[note: this has happened before, to Mac+LimeWire² users; see, Firms discover Trojan horse targeted at Mac OS X]

Someone has named this worm “iServices.A”, which is much more rational and.. nicer (ahem) than what I might have named it. This worm allows the hacker to do pretty much what he wants with the infected machine, which so far appears to be sending boatloads of spam to specific URL’s, in what is called a “denial of service” attack (the flood of messages overloads the server, and causes it to ‘crash’/shutdown)(see, Our Modern Nightmare – Zombie Attack)

Me? I have consistently advised installing an AV, no matter what platform/OS you’re running, just as I consistently advise making backup copies of your files, (yes, I have been accused of being a bit of a “belt-and-suspenders” man) for one very simple reason — what is the cost if you do, versus what is the (potential) cost if you don’t?
Plus.. it’s simple math: the more popular Macs get, the more they’ll be targeted.

Feel free to disagree, but you won’t get me to change my mind. My Tiger machine has antivirus onboard.. though I don’t know why I bothered, I never turn the thing on.

Today’s free link(s):
* Brian Krebs has an absolutely great article detailing this worm, and I leave it to him to make what may be the most important point on the subject–
“Leaving aside (hopefully) the question of whether Mac users need anti-virus, I’ve tried to impress upon readers the importance of avoiding risky behaviors online that could jeopardize the security of their systems. The reality is that installing programs downloaded from P2P networks is about the most insecure practice a computer user can engage in,¹ regardless of the operating system in use.

This is why I think it’s important to call out this Trojan. Yes, it infects Macs, and that’s something we don’t see very often. But it’s also a teachable moment to remind readers that no security software is going to protect the user who is intent on installing software that may be tainted with malware, as long as that user is willing to ignore any advice (or alerts) to the contrary.

I highly recommend you read the whole article, Pirated iWork Software Infects Macs With Trojan Horse. Once you do, I think you’ll understand why he’s on my Blogroll.

* Blogroll member Bill Mullins posted an article that takes a look at the P2P “phenomenon” that I also highly recommend, Peer to Peer File Sharing – Evaluate the Risks – Consider the Trade-Offs

* And this article is a very good answer to the question, Is Mac still the safer bet?

¹ emphasis, mine.
² A very popular BitTorrent-style peer-to-peer program.

* One last thought.. anyone care to guess what percentage of people’s machines that I look at in my “real job” have LimeWire installed?

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

January 25, 2009 Posted by | advice, antivirus, Apple, computers, cyber crime, hackers, News, security, tech | , , , , , , , , , , , , , , , , , , , , , | 2 Comments