Viruses are the man made software coding that attacks your system or application softwares. They are hazardous for your computer system and eventually to the stored data. Even they can steal your personal information like password and credit card information. So virus removal is important to maintain privacy of personal information and keep system working in smooth condition.
Virus removal softwares are available in two modes, the first one is the independent or third party software and other is online scanner. Both differ considerably in their function. The former Virus removal software work as a preventive measures, while the other one gives offensive approach.
Virus removal software are of different category. Let's get familiar with tested and certified list.
McAfee Family Protection
If you want to get comprehensive and economical PC security then don't waste your time. Get the 1-Year Subscription for 3PCs @ $39.99(USD). You will get the below commitment:
Ban objectionable Websites --Objectionable websites will get filtered so that you are safeguarded from obscene contents.
Decide correct YouTube Videos for kids--Unique key word filtering technology will allow only selected videos.
Schedule time table for kids online--You can schedule timetable for kids so that they don't make misuse of Internet.
Let your family enjoy instant messaging-- It will monitors and records instant message conversations and restrain you from improper dialogue or conversations with strangers.
Online Virus scan tools are too available which can scan and remove viruses on the spot so that you can enjoy healthy computer. These virus removal tools needs to be executed from suitable web browser.
Avira AntiVir Personal for Windows
Above online Virus removal tool provides an easy-to-use interface and pre-configured scan tasks. Hence it will quickly scan your most important drives and folders. You can perform scanning of individual files and folders with the right-click option in Explorer or on the desktop. Alternatively files can be dragged and dropped into the AntiVir virus removal console for quick scanning.
Avira AntiVir Personal online Virus removal tool can be used in Safe Mode. Hence a very effective if the window is not able to boot in normal mode.
Showing posts with label antivirus. Show all posts
Showing posts with label antivirus. Show all posts
Tuesday, December 22, 2009
Friday, May 1, 2009
GameSpy Arcade spyware
GameSpy Arcade is a game program that is used to find players, maps and servers when playing many well-known multiplayer Internet games. It also secretly installs the spyware WebHancer, an executable program that tracks and records a user's actions across the web and reportedly overwrites some vital system files, especially where the user's Internet relation is concerned.
Recommendation for GameSpy Arcade :
It is highly recommended that you do a scan to remove the bundled spyware.
See Also
antivirus windows
malicious spyware removal
Recommendation for GameSpy Arcade :
It is highly recommended that you do a scan to remove the bundled spyware.
See Also
antivirus windows
malicious spyware removal
Wednesday, April 15, 2009
What is a virus signature and how it is used
Signatures
A virus signature is any series of bits that can be used to accurately identify the presence of a particular virus in a given file or range of memory.
Once we get a section of a virus, the type of the virus (worm, rootkit, simple infector, etc.) should be determined. Only after that step, a signature can be extracted from the binary code. In many cases (e.g. EXE infectors, COM infectors, polymorphic viruses.) this will be possible and enough to notice the virus in the future. However, in recent viruses which are much more complex (e.g. metamorphic viruses) other techniques are required.
Despite all this, and although many believe that signatures were used only in antivirus software of the 80’s, 90’s, and that they are no longer used, this is totally untrue. The truth is that signatures still play a fundamental role in the various virus detection algorithms used by current antivirus products. Let’s see a typical example 0f a signature. Suppose the following sequence of bits (in hexadecimal) corresponds to a signature for a virus called Doctor Evil:
A6 7C FD 1B 45 82 90 1D 7F 3C 8A OF 96 18 A4 D3 5F FF 0F 1D
One question that you’re probably doing is: How is a signature chosen for a given virus?
The answer is not simple. It depends mainly on the type of virus. For instance, if the virus is a simple EXE file infector, we just need to look for a sequence of bytes (as the one shown above) within the binary code of the virus. We must select a signature which is long enough to generate as fewest false positives as possible. For instance, choosing the following signature:
A4 B7 11 01
is probably not a good idea. This is due to the short length of the signature. Such a short sequence of bits is likely to be present in other executable programs that are actually not infected. That is why the length should be considerably long (more than 50 bytes). The additional problem is what signature to choose, because for an arbitrary virus we could find plenty of potential signatures. Nevertheless, not always the longest is the best… at least not in the case of signatures…!
People at IBM invented an excellent technique based on Markov models. I studied for several hours the contents of their article which is neither something extremely complex to understand, nor something simple. After that, I created a trigram generator and an automatic signature extractor in C#. For a given virus, this tool can automatically extract the signature with less likelihood of false positives. I could extract signatures for thousands 0f viruses within a few hours by using a virtual machine and the tool I developed. I was delighted to see hundreds 0f wicked programs working hard to contaminate my virtual machine. All the infected files were isolated and then analyzed by the tool in order to extract valid signatures. Finally, the tool stored all the signatures in a MySQL database.
I will describe the tool with more detail in a forthcoming article. I strongly recommend you to read the excellent article from IBM to get started.
Generic Emulation
It is relatively easy to detect the presence of a simple infector within an infected file. We only need to analyze certain areas of the file for known signatures. Even so, things get more complicated when the virus changes its form on each infection (polymorphism), or if it encrypts/compresses itself on each infection. The task gets even harder when these mechanisms are combined several times, even recursively. In these cases, the signatures must be carefully extracted from the clean (uncompressed/decrypted, etc.) image of the evil program.
To detect this type of complex viruses, the technique used is known as generic emulation. This technique (among others) was patented by the firm Symantec. Carey Nachenberg is known as the primary inventor and a chief architect in Symantec’s antivirus labs.
The idea is simple and efficient: in order to scan a program, its execution is emulated during a quantity of C instructions. All memory pages altered by instructions involved in the emulation process are analyzed. This has sense, since those instructions could be part 0f a decryption/decompression routine, etc., which is reconstructing the original virus and is precisely there, where we must search for known signatures.
Thus, unlike what many believe, signatures are still being used to detect these complex threats. The special support from emulation gives time for the virus to reconstruct itself in memory.
Optimizations
At this point, you may be wondering how antivirus products scan a file so fast even when they have to search for thousands of signatures. There are several answers and you will find the majority of them on Symantec patents. For instance, Norton Antivirus uses signatures beginning only with a subset of all the possible bytes. This trick allows a super-fast search because knowing the possible prefixes it is possible to cut the search space considerably. The bytes are selected according to their frequency of use in 80×86 machine code. Besides, not all files are actually emulated.
Related Search
antivirus technical support
top 10 virus removal
virus removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
A virus signature is any series of bits that can be used to accurately identify the presence of a particular virus in a given file or range of memory.
Once we get a section of a virus, the type of the virus (worm, rootkit, simple infector, etc.) should be determined. Only after that step, a signature can be extracted from the binary code. In many cases (e.g. EXE infectors, COM infectors, polymorphic viruses.) this will be possible and enough to notice the virus in the future. However, in recent viruses which are much more complex (e.g. metamorphic viruses) other techniques are required.
Despite all this, and although many believe that signatures were used only in antivirus software of the 80’s, 90’s, and that they are no longer used, this is totally untrue. The truth is that signatures still play a fundamental role in the various virus detection algorithms used by current antivirus products. Let’s see a typical example 0f a signature. Suppose the following sequence of bits (in hexadecimal) corresponds to a signature for a virus called Doctor Evil:
A6 7C FD 1B 45 82 90 1D 7F 3C 8A OF 96 18 A4 D3 5F FF 0F 1D
One question that you’re probably doing is: How is a signature chosen for a given virus?
The answer is not simple. It depends mainly on the type of virus. For instance, if the virus is a simple EXE file infector, we just need to look for a sequence of bytes (as the one shown above) within the binary code of the virus. We must select a signature which is long enough to generate as fewest false positives as possible. For instance, choosing the following signature:
A4 B7 11 01
is probably not a good idea. This is due to the short length of the signature. Such a short sequence of bits is likely to be present in other executable programs that are actually not infected. That is why the length should be considerably long (more than 50 bytes). The additional problem is what signature to choose, because for an arbitrary virus we could find plenty of potential signatures. Nevertheless, not always the longest is the best… at least not in the case of signatures…!
People at IBM invented an excellent technique based on Markov models. I studied for several hours the contents of their article which is neither something extremely complex to understand, nor something simple. After that, I created a trigram generator and an automatic signature extractor in C#. For a given virus, this tool can automatically extract the signature with less likelihood of false positives. I could extract signatures for thousands 0f viruses within a few hours by using a virtual machine and the tool I developed. I was delighted to see hundreds 0f wicked programs working hard to contaminate my virtual machine. All the infected files were isolated and then analyzed by the tool in order to extract valid signatures. Finally, the tool stored all the signatures in a MySQL database.
I will describe the tool with more detail in a forthcoming article. I strongly recommend you to read the excellent article from IBM to get started.
Generic Emulation
It is relatively easy to detect the presence of a simple infector within an infected file. We only need to analyze certain areas of the file for known signatures. Even so, things get more complicated when the virus changes its form on each infection (polymorphism), or if it encrypts/compresses itself on each infection. The task gets even harder when these mechanisms are combined several times, even recursively. In these cases, the signatures must be carefully extracted from the clean (uncompressed/decrypted, etc.) image of the evil program.
To detect this type of complex viruses, the technique used is known as generic emulation. This technique (among others) was patented by the firm Symantec. Carey Nachenberg is known as the primary inventor and a chief architect in Symantec’s antivirus labs.
The idea is simple and efficient: in order to scan a program, its execution is emulated during a quantity of C instructions. All memory pages altered by instructions involved in the emulation process are analyzed. This has sense, since those instructions could be part 0f a decryption/decompression routine, etc., which is reconstructing the original virus and is precisely there, where we must search for known signatures.
Thus, unlike what many believe, signatures are still being used to detect these complex threats. The special support from emulation gives time for the virus to reconstruct itself in memory.
Optimizations
At this point, you may be wondering how antivirus products scan a file so fast even when they have to search for thousands of signatures. There are several answers and you will find the majority of them on Symantec patents. For instance, Norton Antivirus uses signatures beginning only with a subset of all the possible bytes. This trick allows a super-fast search because knowing the possible prefixes it is possible to cut the search space considerably. The bytes are selected according to their frequency of use in 80×86 machine code. Besides, not all files are actually emulated.
Related Search
antivirus technical support
top 10 virus removal
virus removal software
Password-Manipulating Virus Spreading
How To Secure Yourself Against Conficker Worm
Monday, April 13, 2009
Conficker also installs fake antivirus software
Programmers have discovered another characteristic of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software.
The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for US$49.9500, according to the Trend Micro blog.
The infection alerts repeatedly appear and experts are worried that people may be clicking on them and paying for the software just to be rid of the annoying messages, thereby handing thieves their credit card information.
The fake antivirus program also attempts to install a Trojan downloader that is programmed to download new versions of Spyware Protect 2009, according to Kasperky Lab's blog. However, the domain the Trojan downloader was being accessed from has been shut down, the blog said.
The fake antivirus feature further bolsters the speculation that the motivation behind the worm is to make money and not a desire to disrupt computer or network operations.
Researchers were still analyzing new component code of the worm that began being spread via peer-to-peer and being downloaded off domains that host the Waledec worm on Wednesday but were finding the task difficult because the instructions are encrypted.
The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords. The worm disables security software and blocks access to security Web sites.
Despite all the news the worm has made, many computers still remain unpatched, Sophos said. Of the number of people who have used Sophos' free endpoint assessment test to check the security risk of a network since the beginning of the year, 11.00 percent did not have the Microsoft patch installed, according to Graham Cluley's blog at Sophos.
For the month of March, 10 percent of all of the people who used the Sophos assessment tool were missing the patch, he said. The company did not divulge exactly how many people had used the tool and Cluley said the statistics cannot be extrapolated to represent the number of unpatched systems on the Internet.
In an indication of infection rates, IBM's Internet Security Systems group released statistics that show that the number of unique IPs infected with Conficker.C is increasing slightly.
Based on infections seen through monitoring devices in its IBM ISS' Managed Security Services, the number has grown from just over 64,000 on April 2 to more than 71,000 on April 8, according to the unit's Frequency X blog.
"We've seen around 11 percent more unique IPs in the past few days in comparison to a week ago," the blog said, also adding that the number doesn't necessarily indicate the scope of worldwide Conficker infection.
Nearly 60.00 percent of the infections monitored by IBM ISS are in Asia, followed by 18 percent each in Europe and South America, and 4 percent in North America, the statistics show. By country, China leads with 16.6 percent, followed by Brazil at 10.800 percent, Russia at 10.200 percent and Korea at 4.600 percent, according to ISS.
Related Search
The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for US$49.9500, according to the Trend Micro blog.
The infection alerts repeatedly appear and experts are worried that people may be clicking on them and paying for the software just to be rid of the annoying messages, thereby handing thieves their credit card information.
The fake antivirus program also attempts to install a Trojan downloader that is programmed to download new versions of Spyware Protect 2009, according to Kasperky Lab's blog. However, the domain the Trojan downloader was being accessed from has been shut down, the blog said.
The fake antivirus feature further bolsters the speculation that the motivation behind the worm is to make money and not a desire to disrupt computer or network operations.
Researchers were still analyzing new component code of the worm that began being spread via peer-to-peer and being downloaded off domains that host the Waledec worm on Wednesday but were finding the task difficult because the instructions are encrypted.
The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords. The worm disables security software and blocks access to security Web sites.
Despite all the news the worm has made, many computers still remain unpatched, Sophos said. Of the number of people who have used Sophos' free endpoint assessment test to check the security risk of a network since the beginning of the year, 11.00 percent did not have the Microsoft patch installed, according to Graham Cluley's blog at Sophos.
For the month of March, 10 percent of all of the people who used the Sophos assessment tool were missing the patch, he said. The company did not divulge exactly how many people had used the tool and Cluley said the statistics cannot be extrapolated to represent the number of unpatched systems on the Internet.
In an indication of infection rates, IBM's Internet Security Systems group released statistics that show that the number of unique IPs infected with Conficker.C is increasing slightly.
Based on infections seen through monitoring devices in its IBM ISS' Managed Security Services, the number has grown from just over 64,000 on April 2 to more than 71,000 on April 8, according to the unit's Frequency X blog.
"We've seen around 11 percent more unique IPs in the past few days in comparison to a week ago," the blog said, also adding that the number doesn't necessarily indicate the scope of worldwide Conficker infection.
Nearly 60.00 percent of the infections monitored by IBM ISS are in Asia, followed by 18 percent each in Europe and South America, and 4 percent in North America, the statistics show. By country, China leads with 16.6 percent, followed by Brazil at 10.800 percent, Russia at 10.200 percent and Korea at 4.600 percent, according to ISS.
Related Search
Tuesday, April 7, 2009
How To Protect Yourself from Phishing and Internet Fraud
Phishy Emails. The most common form of phishing is emails pretending to be from a, bank, organization, or government agency. The sender asks to "confirm" your personal information for some reason: an order for something has been placed in your name, or your information has been vanished because of a computer problem. Another method phishers use is to say they''re from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft! In one case, a phisher claimed to be from a state lottery commission and requested people''s banking information to deposit their "winnings" in their accounts.
links within emails that ask for your personal information. Fraudsters use these links to attract people to phony Web sites that looks just like the real sites of the company, organization, or agency they''re impersonating. If you follow the instructions and enter your personal information on the Web site, you''ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).
Pharming: In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you''re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
pop-up screen. Sometimes a phisher will direct you to a real company''s, organization''s, or agency''s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies and organizations don''t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
Use anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer - which is especially important if you have a broadband connection because your computer is open to the Internet whenever it''s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to www.onguardonline.gov and www.staysafeonline.org to learn more about how to keep your computer secure.
Beware of email attachments if you''re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
Act immediately if you''ve been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a "fraud alert" on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission''s ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4337, TDD 202-326-2501.
Report phishing, whether you''re a victim or not. Tell the company or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies through NCL''s Fraud Center, www.fraud.org. The information you provide helps to stop identity theft.
Related Search
spyware removal
links within emails that ask for your personal information. Fraudsters use these links to attract people to phony Web sites that looks just like the real sites of the company, organization, or agency they''re impersonating. If you follow the instructions and enter your personal information on the Web site, you''ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).
Pharming: In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you''re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
pop-up screen. Sometimes a phisher will direct you to a real company''s, organization''s, or agency''s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies and organizations don''t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
Use anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer - which is especially important if you have a broadband connection because your computer is open to the Internet whenever it''s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to www.onguardonline.gov and www.staysafeonline.org to learn more about how to keep your computer secure.
Beware of email attachments if you''re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
Act immediately if you''ve been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a "fraud alert" on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission''s ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4337, TDD 202-326-2501.
Report phishing, whether you''re a victim or not. Tell the company or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies through NCL''s Fraud Center, www.fraud.org. The information you provide helps to stop identity theft.
Related Search
spyware removal
Thursday, March 26, 2009
Software labs warn of ATM virus that steals money from bank accounts
Russia's leading computer security labs have warned of a new computer virus which infects ATM to steal money from bank accounts of their users.
Two leading anti-virus software producers 'Doctor Web' and 'Kaspersky Lab' claimed to have discovered a new computer virus, in the networks of several bank ATMs.
"This is a malicious programme intended to infect and survive in ATMs. It is possible that new software will appear, aimed at illegitimately using banking information and removing funds," an official of the Kaspersky Lab was quoted as saying by news agency.
He said the virus is a Trojan which is able to infect the popular American Diebold brand of ATMs, used in Russia and Ukraine. Judging by the programming code used, there is a high probability that the programmer comes from one of the former Soviet republics, he added.
The computer security professionals say the number of infected ATMs is minimal but individual bank cardholders will not be able to detect whether an ATM is infected or not.
Related Search
antivirus software installation setup support
Computer Virus Removal
Remote Virus Scan and Removal
How To Catch A Computer Virus
Two leading anti-virus software producers 'Doctor Web' and 'Kaspersky Lab' claimed to have discovered a new computer virus, in the networks of several bank ATMs.
"This is a malicious programme intended to infect and survive in ATMs. It is possible that new software will appear, aimed at illegitimately using banking information and removing funds," an official of the Kaspersky Lab was quoted as saying by news agency.
He said the virus is a Trojan which is able to infect the popular American Diebold brand of ATMs, used in Russia and Ukraine. Judging by the programming code used, there is a high probability that the programmer comes from one of the former Soviet republics, he added.
The computer security professionals say the number of infected ATMs is minimal but individual bank cardholders will not be able to detect whether an ATM is infected or not.
Related Search
antivirus software installation setup support
Computer Virus Removal
Remote Virus Scan and Removal
How To Catch A Computer Virus
Friday, March 13, 2009
Tips to identify fake anti-virus software scams
This topic is about a sting that's growing very fast and that you really need to be alert of: how fake virus removal software and spyware removal software is being used by scammers and identity thieves in many cunning ways.
Scammers, identity thieves and hackers have grown more complicated. Today, some cyber-criminals are selling -- or giving away -- software that supposedly fights viruses, spyware and malware.
In fact, their "rogue software" often doesn't work, or actually infects your computer with the dodgy programs it is supposed to protect against!
In this issue, we tell you how to differentiate between useless -- or even malicious -- security software and the real deal. And we'll explain why you need to be cautious about closing or deleting these alerts, even when you know they're fake.
Fake Virus Scam Tactics
Fake virus alerts are usually generated by a Trojan -- a program that takes control of your computer -- after you open an email attachment, click on a pop-up advertisement or visit a particular website. (Adult sites are special favorites.)
If you run programs that provide file-sharing information -- including some instant messenger (IM) applications -- your computer might be remotely accessed by scammers, hackers and identity thieves.
Sometimes, the Trojan creates "false positive" readings, making you think viruses and spyware have infected your computer, even though nothing has. In other cases, scam software actually implants malicious code into your computer, especially if you request a "free virus scan."
In other words, some peddlers of fake anti-virus software actually design the viruses, spyware and malware that their software is supposed to detect!
What to Look For Rogue Spyware
• Rogue anti-virus/spyware programs often generate more "alerts" than the software made by reputable companies.
• You may be bombarded with pop-ups, even when you're not online.
• High-pressure sales copy will try to convince you to buy RIGHT NOW!
• If you've been infected, your computer may dramatically slow down.
• Other signs of infection include: new desktop icons; new wallpaper, or having your default homepage redirected to another site.
Fake Anti Virus Prevention Tips
1. Keep your computer updated with the latest anti-virus and anti-spyware software, and be sure to use a good firewall.
2. Never open an email attachment unless you are POSITIVE about the source.
3. Do NOT click on any pop-up that advertises anti-virus or anti-spyware software, especially a program promising to provide every feature known to mankind. (Also remember: the fakes often mimic well-known brands such as Grisoft AVG, Norton and McAfee.)
4. If a virus alert appears on your screen, do NOT touch it. Don't use your mouse to get rid of or scan for viruses, and DON'T use your mouse to close the window. Instead, hit control + alt + delete to view a list of programs currently running. Delete the "rogue" from the list of running programs, and call your computer maker's phone or online tech support service to learn if you can safely use your computer.
5. Do not download freeware or shareware unless you know it's from a reputable source.
6. Avoid questionable websites. Some sites may automatically download malicious software onto your computer.
7. Reset your current security settings to a higher level.
8. Although fake software may closely resemble the real thing, it's rarely an exact match. Look for suspicious discrepancies.
If your computer is infected by rogue software, stop work and don't keep using the computer. This may further damage your machine and provide identity thieves with more information about you.
Related Search
Spyware Master Sentenced
Computer Virus Removal
How To Catch A Computer Virus
How To Protect Your Computer From Online Attacks
Scammers, identity thieves and hackers have grown more complicated. Today, some cyber-criminals are selling -- or giving away -- software that supposedly fights viruses, spyware and malware.
In fact, their "rogue software" often doesn't work, or actually infects your computer with the dodgy programs it is supposed to protect against!
In this issue, we tell you how to differentiate between useless -- or even malicious -- security software and the real deal. And we'll explain why you need to be cautious about closing or deleting these alerts, even when you know they're fake.
Fake Virus Scam Tactics
Fake virus alerts are usually generated by a Trojan -- a program that takes control of your computer -- after you open an email attachment, click on a pop-up advertisement or visit a particular website. (Adult sites are special favorites.)
If you run programs that provide file-sharing information -- including some instant messenger (IM) applications -- your computer might be remotely accessed by scammers, hackers and identity thieves.
Sometimes, the Trojan creates "false positive" readings, making you think viruses and spyware have infected your computer, even though nothing has. In other cases, scam software actually implants malicious code into your computer, especially if you request a "free virus scan."
In other words, some peddlers of fake anti-virus software actually design the viruses, spyware and malware that their software is supposed to detect!
What to Look For Rogue Spyware
• Rogue anti-virus/spyware programs often generate more "alerts" than the software made by reputable companies.
• You may be bombarded with pop-ups, even when you're not online.
• High-pressure sales copy will try to convince you to buy RIGHT NOW!
• If you've been infected, your computer may dramatically slow down.
• Other signs of infection include: new desktop icons; new wallpaper, or having your default homepage redirected to another site.
Fake Anti Virus Prevention Tips
1. Keep your computer updated with the latest anti-virus and anti-spyware software, and be sure to use a good firewall.
2. Never open an email attachment unless you are POSITIVE about the source.
3. Do NOT click on any pop-up that advertises anti-virus or anti-spyware software, especially a program promising to provide every feature known to mankind. (Also remember: the fakes often mimic well-known brands such as Grisoft AVG, Norton and McAfee.)
4. If a virus alert appears on your screen, do NOT touch it. Don't use your mouse to get rid of or scan for viruses, and DON'T use your mouse to close the window. Instead, hit control + alt + delete to view a list of programs currently running. Delete the "rogue" from the list of running programs, and call your computer maker's phone or online tech support service to learn if you can safely use your computer.
5. Do not download freeware or shareware unless you know it's from a reputable source.
6. Avoid questionable websites. Some sites may automatically download malicious software onto your computer.
7. Reset your current security settings to a higher level.
8. Although fake software may closely resemble the real thing, it's rarely an exact match. Look for suspicious discrepancies.
If your computer is infected by rogue software, stop work and don't keep using the computer. This may further damage your machine and provide identity thieves with more information about you.
Related Search
Spyware Master Sentenced
Computer Virus Removal
How To Catch A Computer Virus
How To Protect Your Computer From Online Attacks
Tuesday, February 17, 2009
Fake Antivirus XP pops-up
Have we reached the slogan when targeted advertising would equal evasive malware campaigns pushed through third-party ad networks, to a geolocated set of visitors only? Could be. During the weekend, rogue antivirus XP pop-ups were served to visitors of Cleveland.com, according to visitors’ complaints which I also managed to verify.
Investigating further reveals that the very same ad network that was used to serve similar Antivirus 2009 pop-ups at AllRecipes.com in November, appears to have been the one (tacoda.net) that cybercriminals once again used in Cleveland.com’s case.
With efficiency-centered ad networks in terms of allowing publishers faster access to their networks, every cybercriminal, no matter the ad network in question, can easily become a publisher - the basics of malvertising whose key advantage from the cybecriminal’s perspective remains the opportunity to target high trafficked web sites which aren’t susceptible to common exploitation tactics.
What ad networks should set as a priority is establishing a more transparent process about what measures — if any — have they undertaken to verify that the publisher’s sites aren’t disseminating malware or client-side exploits. For instance, plain simple cross-checking (for starters) of the rogue security software domains that appeared at Cleveland.com against Google’s Safebrowsing database, indicates that they’re already marked as harmful.
Related Searches
antivirus software help and installation support
remote virus scan and removal
Free anti-spyware
Windows vista help
Investigating further reveals that the very same ad network that was used to serve similar Antivirus 2009 pop-ups at AllRecipes.com in November, appears to have been the one (tacoda.net) that cybercriminals once again used in Cleveland.com’s case.
With efficiency-centered ad networks in terms of allowing publishers faster access to their networks, every cybercriminal, no matter the ad network in question, can easily become a publisher - the basics of malvertising whose key advantage from the cybecriminal’s perspective remains the opportunity to target high trafficked web sites which aren’t susceptible to common exploitation tactics.
What ad networks should set as a priority is establishing a more transparent process about what measures — if any — have they undertaken to verify that the publisher’s sites aren’t disseminating malware or client-side exploits. For instance, plain simple cross-checking (for starters) of the rogue security software domains that appeared at Cleveland.com against Google’s Safebrowsing database, indicates that they’re already marked as harmful.
Related Searches
antivirus software help and installation support
remote virus scan and removal
Free anti-spyware
Windows vista help
Subscribe to:
Posts (Atom)