News from the Virus Front

Periodically, we like to post information on viruses we are seeing in our customer’s system.

Some good news is that overall computers infected with viruses have declined.

However, there some areas of concern:
1) Ransom Viruses

These are viruses which want you to pay money to someone to correct problems created by the virus. More recently, these viruses have encrypted data files and leave behind contact information to obtain a key to de-encrypt the files.

At one point what we were seeing was doc, xls, pdf, and jpg files being encrypted. They would also go out and encrypt such files on network drives and/or remote drives. Programs which might copy files offsite would eventually copy up the change/encrypted files and replace non-encrypted offsite files rendering them encrypted and unusable. The viruses didn’t seem to bother music files or database type files.

Lately, we’ve seen a vicious variation of this virus which encrypted even database files and underlying Microsoft security settings. This virus also went out to the remote backup drive and reformatted in such a way that data could not be retrieved even in a clean room dismantling the drive.

Dealing with the threat of such a virus means changing the way backups are handled since backups are the best way to restore data.

  • Periodically, perform a manual backup only when you can attach and then detach a remote drive. Put the remote drive physically aside until the next supervised backup.
  • If this impractical, consider having two backup drives and rotate a second one into the equation while keeping the other drive detached and in a physically secure area (offsite or in a fire box).
    • Restoration would be to an earlier point in time but at least it will be possible.
  • If you have an offsite backup, take your computer off the Internet (so encrypted files can’t be copied up to it) and then download your files from the offsite to another computer.

Be prepared to reinstall your operating system (OS), programs, and then restore data to this pristine environment.

Anti-virus software To be sure, this could help but all viruses tend to get by the AV Systems. That’s because while we’re sleeping over here, the bad guys in Eastern Europe tweaking tomorrows release.

Bottom line is that you’re better with an AV software than without one but it’s not full proof.

2) Scammers
Three or four times a week we get calls from customers telling about letting people into their systems and then being sold (or were trying to be sold) some dubious cleanup service. These calls seem to be increasing in number lately.

There are variations on how they contact you.

  • They might hijack a website and a “warning” pops us from something that seem legitimate. Along with the warning is an 800 number to call. Making the call starts the process.
  • We’ve also seen them use Google Ads to impersonate very real companies with real sounding names for “technical support.” Prominent is an 800 number. Again, making the call starts the process.
  • We’ve had reports from customers receiving telephone calls identifying themselves as “Microsoft” and informing you of a problem. In this case, the scammers have called you.

No matter which contact method they use, the scammers want to access your system and you do have to grant them specific permission to do so.

Once in your system, the scammers will show you the “Event Viewer” which is always going to return “errors” since you don’t use all the available services.

  • Then they will offer to clean you up for anywhere from $199 to $299.
  • In most cases, these people just try to take the money and run and no harm is done when you say “no” but we do advise that you bring the computer in for us to check to make sure they haven’t left some backdoor into you.

There has been a growing number of cases where we’ve seen the scammers do something malicious usually after their service is turned down.

This usually involves setting up a high level Windows system login password which can only be changed by entering the password. Of course, they don’t give you the password.

The repair option then is to take the data out and reinstall the operating system and put the data back in.

Bottom line advise is DO NOT LET STRANGERS ACCESS YOUR SYSTEM REMOTELY and IT Support people are very hard to simply telephone. Any phone number given is probably bogus.

3) Potentially Unwanted Programs (PUPS)
We’re seeing a growing number of computers each week “infected” with PUPS.

PUPS have no malicious code so they are ignored by the Anti Virus Software.

This is because some people want the PUPS.

Usually, the PUPS are associated with “deal-making.” Rebates, coupons, ebates etc. are firmly in this world.

  • The “deal making” aspect of the PUPS could include visiting websites that “troll the Internet” for bargains.
  • They can be helpful but they don’t stop working once you’ve found your deal.
  • Typically, you’ll continue to see pop ups during your regular browsing often for the same items you were shopping for in the first place.
  • This happens because the PUP is a browser search engine that essentially redirects you to sites where the people that made the PUP have a deal. When their search engine delivers you up, they can bill that website. Needless to say, those search engines tend to be limited in scope and could impact your ability to get where you want to go on the Internet. I’ve seen in some cases, they can get you to your email site but when you issue the command to go where attachments are stored, the PUP search engine doesn’t know how to get there and you can’t get to your attachments at all.

PUPS are also associated with “freebie” downloads. Mostly these are video/audio editing software that is “free.” However, they’ll squirrel the PUP in with the “free software” and can make money if that PUP delivers you up to a website.

Sometimes, they’ll also package other “free software” with the freebie download. These are often marginally productive products that will tell you that you X number of issues, they’ll fix these but for the rest, they want you to pay around $40. If you have one of these “free software packages” they’re going to pop up usually at start up.

Common types of this “free software” are:

  • Various Registry Cleaners
  • Some type of promise to “optimize” your PC
  • A form of backup software

You need to get rid of them. Bring your machine is so we can remove them and/or neutralize them. Even though they aren’t causing any problems, they are wasting resources and helping to obsolete your machine.

Bottom line is that NOTHING IS FREE. There is always a payload or overhead and behind it all is some way to make money.

Leave A Comment...