Once again, those pesky malware creators are trying to cause problems. Here’s the original message:

Dear Microsoft Customer,

Starting 17/06/2010 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

This message also comes with an attachment. Delete it. The attachment has a few nasty things in it, to include the Fake Antivirus software that’s been going around.

Again, just delete the message and move on.
Justin

Over the past few weeks, we’ve ignored a lot of the competition – big and small “box” stores, but this is one of those things that we just have to comment on.

Staples has recently been touting a “Free Tuneup”. Well, we’re here to share exactly what this means…

The free tuneup by Staples means that they have a quick look-see at your computer. It also mean they don’t actually fix anything that they find…. That happened to a customer of a Protocol16 partner company in NY.

Our partner had a customer that decided to take advantage of the “free tuneup”. Oddly, when she went to retrieve her computer, she got told that she had a huge amount of viruses and that her computer wasn’t worth fixing. Read here about the customer experience.

On top of that customer experience, Staples specifically says what they do:

We’ll boost the speed and performance of your PC by removing trial ware, adjusting key settings that may be slowing it down, and disk defragmentation and cleanup. When done in store, a PC Tune up also includes removal of dust and dirt buildup. Source (note: click “Details” under the Free Tuneup Heading).

That say’s a lot about how things go with them. They specifically say that they’ll look at your computer, but they won’t do anything other than a “defrag” and removal of “Dust and dirt buildup”. WOW – now that’s SERVICE! Sorry, if we take the time to bring your computer in and you have a virus or something nasty, we typically try to work it into the price for you. Windows crashing a lot? We’ll solve that issue, remove any malware/spyware/virus issues and we’ll solve your failed Windows Updates without trying to sell you a new computer.

Give us a call and see what Protocol16 can do for you…
Justin

In a huge blunder more than a week ago, McAfee caused computers in many corporations, including Intel, to reboot and reboot…and reboot. The computers are stuck in a reboot loop after McAfee’s Enterprise software decided to mark a specific Windows file as a virus.

While this story was started the day this happened, we were too busy fixing the problem for many customers. On top of that, nearly all of our customers converted to VIPRE Antivirus, due to the continuing problems McAfee has caused.

In fact, this is a direct quote from one of my personal friends that still works for a certain part of the government:

Concerning the M1 virus (Mc Afee’s update), we had approximately 2,300 machines adversely affected by it and the majority of our 270′s requiring extensive intervention or reimage.  So yes, we got hit.

That’s right, even the government had problems with McAfee! It’s time to switch from a program that has problems to one that doesn’t. VIPRE has only had one problem since I’d started touting it as the Antivirus Package to use. That happened a few days ago – it required rebooting the computer and updating the virus definitions (the “thumbprint” of viruses) – that’s it. Not a “hosed” Windows install, no constant rebooting computers, no slowness, etc.

Slow computers, annoying downloads, even though you tell it not to? Yea, we thought so… So far, out of all the customers we’ve switched over, only one has had unique problems, and that’s due to a scheduling issue on the overnight virus scan. Contact Protocol16 to switch to VIPRE for less.
Justin

Hot on the heels of a similar email, this one comes with the following text:

SMTP and POP3 servers for justin@protocol16.com mailbox are changed. Please carefully read the attached instructions before updating settings.

This comes attached with a nice file that looks like a PDF, but is actually a front for 2 scripts (we call them “payloads” in the industry) that download some nasty stuff.

Stay away from this file, delete it and just move on. This file is so new that most anti-virus packages are not catching it yet. If in doubt, feel free to call.
Justin

One of our most-asked questions was “how did I get infected” – well, any number of ways, but most likely from an Ad on a website.

Well, CNET has broken that answer down a little more than we have. In their recent Malware story, they analyze networks that serve ads, like Yahoo, Google, MySpace, etc. What they found is that YieldManager (aka: Yahoo), has the most nasty ad network – causing the most infections.

A very interesting read for anyone that doesn’t know how they got infected.
Justin

I received an email the other day that made me roll my eyes and hit the delete button, but it seems that there are far more people that received the same email as I did.

Basically, the email states that Facebook has reset your password and that you need to open a file to view the new password. If you did this, you seriously need to shut down your computer, get it professionally cleaned and change all your passwords on any type of account you logged into online, to include banks, email, Facebook/MySpace, etc. Likewise, if you open the attachment and used a credit card anytime afterwards, CANCEL the card immediately.

The attachment effectively installs several programs to turn your computer into a revolving door of non-privacy. It will spit out your username and password info, your credit card info, etc – all as you type it. It also looks for saved passwords and other juicy stuff saved on the computer.

This has been so widespread that CNN has a video up on it’s site detailing this exact situation.

Some important things to remember:

• If you didn’t know about an attachment before it came in, DON’T open it, even if it’s from a family member or friend.
• If some service such as a bank, Facebook, Google, etc. asks you to reply and verify account information, don’t.
• If any type of service says “Here’s your new password” and lists a link or file, don’t click it.

What to do if you get infected, by almost anything:

1. Don’t panic, but rather, pay attention to what the screen says, make a quick mental note.
2. Shut down the computer by holding down the power key. Yes, this is generally considered “bad”, but it’s quicker than messing with Control-Alt-Delete and attempting to “End Task” on anything nasty.
3. Write down everything you can about the issue. What website you were on, what you clicked on, if you even clicked, what the screen said when you realized that you had an infection, etc. Stating “I have a virus” is far different than “I saw Antivirus 2010 install and say I was infected with 300 viruses then Pornography started popping up”. It really helps the next step…
4. Contact your favorite computer repair company. Even it it’s not Protocol16, most repair companies should be able to resolve most virus issues these days. I would not recommend using Craigslist or other sites to find the cheapest person possible. Many times, you get what you pay for, and sometimes then, you pay for that person to do nothing. But, with the information you wrote down (remember the above example?), your computer repair company should be able to give you an estimate over the phone, or in person, on how long and how much it will cost to clean your computer.

Now the more information you provide about your infection to the computer repair company, the better the quote you’ll get on fixing the issue. Please keep in mind that some virus issues can take hours, others can take minutes to fix. There is also a difference between someone just “fixing” a problem as opposed to “fixing” and attempting to take preventative measures to lessen the possibility of future infections.

Personally, I adjust my level of protection to the individual. If you’re very comfortable with computers and this is your first issue and you know what you did wrong, I’ll probably only do a few things to your computer that you won’t even notice. If this is your 3rd visit to Protocol16 due to virus issues, we’re going to adjust a few things and take things to the next level.

I could continue writing on this topic all day, but I won’t. Stay safe on the net and, as always, if you have any questions, please let us know.
Justin

NOTE: Even after all the attention this situation is getting, the emails are still going out. Please be careful. I had this waiting in my mailbox Saturday morning:

Hey justin ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team.

A Unique Take on Infections - Image From SunBelt Software (VIPRE Antivirus)

While on calls in Beaverton or elsewhere, I always get the dreaded “How’d I get infected?” question. Unfortunately, it’s too broad of a question to answer the right way.

The reason I say this is that there could be hundreds of programs installed, each with their own security problems, windows updates missing, Antivirus and anti-spyware programs missing or not updated, firewalls turned off, etc.

Then, we have the “Adobe Affect”. I call it this as a lot of security researchers feel that the majority of attacks will come from Adobe this year. On top of this, there is a huge amount of vulnerabilities in the Adobe Software already. Unfortunately, the software company is typically slow to release security patches as well, so Zero-day flaws, are slow to be fixed.

Today, Sunbelt Software, the writers of VIPRE Antivirus, notified their followers, via their blog, of a flaw that allows attackers to get into your computer after the Adobe Updater Runs. That’s right ladies and gents, the simple fact of updating Adobe to patch security issues can now infect your computer. How to stop this issue? First, reboot if you see that Abode has updated.

It’s sad to see such software cause infections. Adobe Flash and Reader are some of the most popular programs installed on computers today. Well, it’s not sad – I should say that it’s disheartening. Adobe has a huge target on their back, just like Microsoft. Sadly, Adobe doesn’t really seem to be taking the issues head on, like Microsoft does with their anti-spyware, IE page blocking, etc.

So, the moral of the story is – don’t trust any software to be perfect. The more software that is installed, the bigger the target you have on your back. Keep your computer updated and for peets sake – STOP running in Admin mode with UAC turned off!
Justin

So, with the advent of all the video floating around the web, there is a new scam floating around as well. It specifically attempts to attack Flash, which is installed on roughly 90% of all the home computers online. As the screen shot points out, the attacking website may get you to “Fix” or install a plugin to get the video to work. Sneaky stuff.

Why am I hitting on the whole Spyware/Virus issue lately? Because this is the number one thing we’re seeing right now. More specifically: Fake Antivirus software that attempts to get your credit card information, shows you Pornography, etc.

As always, if you have questions, please let us know.
Justin

There is a new type of infection happening that even has some of the best anti-virus companies stumped. Recently, it was found that Virus and Malware writers are getting more sneaky on how they infect you.

They are specifically targeting Google users. Recently, it was found that you could get infected simply by looking through Google Images. On top of this, other sites only infect you if you come from Google. This means, if you type the web address directly, you don’t get infected.

Very sneaky stuff indeed. This makes it harder to clean the infection, as the website owner usually goes directly to the website to check the problem directly.

Be careful out there, it’s getting more dangerous.
Justin

Over the last few days, we’ve had a rash of calls from home based customers, which we call “Residential”. One of the first questions that people typically as is: “Do you work with regular people at home?” or something similar.

The answer: YES. Protocol16 works with both business and residential customers. While we cater to the business side of things, with all their servers, workstations and more – we do service residential customers with the same customer service as the business side.