Sunday, 17 November 2013

A bit about CryptoLocker and how to protect yourself from its effects

Such is the newsworthiness of CryptoLocker that even the mainstream news media has, just recently, been publicising the bleak consequences associated with a victim's pc getting infected with the this virus/ransom-ware. For users of Windows-based computers there is genuine cause for concern. However for most - including those who have up-to-date internet security software - it's unlikely that you'd be unfortunate enough to get infected. However there is still a risk. And, although anti-virus software will clean the infection from your computer, the damage that CryptoLocker inflicts to your documents, images and videos is potentially costly. I say that because it's reversible but only after a victim has handed over a big (~£200) chunk of money to the extortionists behind this piece of malware. So prevention and precaution are, by far, the best options.Here are my top tips for protecting yourself from getting into that situation of having to pay a ransom to criminals to get your data 'unlocked':1. Ensure your antivirus/antimalware software is working properly and is up-to-date. 2. Be very cautious about opening any unsolicited emails, especially those with attachments or links.3. Make sure that any data you value is backed up to CD or DVD or to a drive or device that's not left permanently connected to your computer.Additionally I've used and recommend the use of CryptoPrevent which works by applying changes to your system which make it harder for CryptoLocker to establish itself on your pc. There are free and subscription versions with the subscription version auto-updating itself.

Sunday, 25 August 2013

What is vGrabber and how do I get rid of it?

What is it? vGrabber is best described as a browser hijacker and/or malware (malicious software)

How is it spread? It's typically promoted via browser pop-ups which entice the viewer to install it. It's also known to be piggy-back installed along with other free software.

What happens if it gets installed on my machine? Once installed it will most likely do the following: add the vGrabber Toolbar to your browser, change your browser's homepage and default search engine to Furthermore you’ll notice the appearance of random pop-up adverts and you'll be spontaneously redirected to a whole bunch of rather unsavoury websites featuring misleading content. Some of what you see will be fairly standard, some of it will be adult oriented. There'll also be more invitations to install apps that are likely to contain more malware. So, understandably, vGrabber is not something to ignore or to think of as harmless.

So lets look at how to get rid of vGrabber...

1. Uninstall the vGrabber toolbar and, if there, any of the other items you see in this screenshot using Control Panel -> Add/Remove Programs (Windows XP) or Control Panel -> Uninstall a program (Windows Vista, Windows 7 and Windows 8).

2. The vGrabber toolbar can be uninstalled like any other browser add-on or extension. The uninstall process differs slightly depending on which browser you are using. I've provided the steps for the most commonly used browsers as follows...

Internet Explorer

Click the Start menu.
Select Control Panel.
Click Uninstall a program under Programs. (Or click Programs and Features.)
Right-click the relevant toolbar and select Uninstall.


Click the Firefox button (or Tools menu) at the top of the browser window.
Select Add-ons.
Select Extensions.
Click the Disable or Remove button for the relevant toolbar.


Click the Chrome menu  (or wrench icon) at the top of the browser window.
Select Settings.
Select Extensions.
Find the vGrabber and/or search conduit toolbar and click the Remove button .

3. Use a malware removal tool to perform scan of your pc. Malwarebytes antimalware and Hitman Pro are both good for carrying out this task. I've also just tried Junkware Removal Tool which, based on my own testing, also seems to be effective at clearing vGrabber as well as a bunch of other similar junk from an infected pc.

That should do the trick. But let me know if you've followed these steps and haven't been able to get rid of vGrabber. I'll be interested to know in case I need to update these instructions.

Thursday, 18 July 2013

Make sure your computer's keeping its cool

Laptop keeping its cool?
To be clear I'm not suggesting your laptop should take a dip to cool off!

I've seen heat and fan noise issues affecting several of my clients now and thought it'd be helpful to share my thoughts and some recommendations on this topic of laptop/desktop cooling problems, the most common causes and what can be done about them.

Excess heat's much more prevalent with laptops because, by their very nature, they've got a lot of components packed tightly into a relatively small enclosure and consequently, heat dissipation is a bigger challenge. However under normal circumstances that heat dissipates effectively enough to maintain a 'healthy' internal ambient temperature. With desktop computers there's typically a lot more space within the outer casing for a larger volume of air to flow around and keep things cool. So heat build-up isn't normally such an issue. That said, desktops do still need to be attended to. So read on. 

There are a couple of factors which will directly impact the normal cooling process; I see and deal with both quite frequently. The first is a physical issue and is the build-up of a layer of household dust and fluff within the computer's cooling/ventilation system. In most computers there's an active cooling system which is driven by a small, thermostatically controlled fan. i.e. the fan only spins up when the internal temperature rises above a pre-determined threshold, prompting a need for more cooling. It's also possible that the fan has a variable speed which increases when further higher heat thresholds are reached/exceeded. You're most likely aware of this fan from both the noise it generates and the plume of warm exhaust air it pushes out across the desk when running at full speed.

The next factor typically arises if you're hosting a lot of software or apps on your computer. By having lots of apps running in the background you're giving the computer's CPU a heavy workload to manage before you even start to browse the web or type that email. Malware is another possible and most unwelcome contributor to your computer's background workload. This heavy workload, in turn, results in the CPU generating more heat which results in a need for more cooling, hence the cooling system is more frequently called upon to keep the temperature down.

So if your computer's internal fan is constantly on and its drone is apparent it's possible that one or more of the above factors is contributing to that situation. The question is: what can be done to address that?
Air vents on the underside of a laptop should,
ideally, be clean and free of dust and fluff as above.

For the dust/fluff build-up aspect, with the computer powered off, just take a look at the inlet/outlet vents around your computer's casing to see if there's any sign of an accumulation of dust hindering air flow. Any that's there can normally be cleared using a clean paint brush. For a desktop computer that's tucked away under a table or desk it's worth making the effort to pull it out to gain access to the back. That's normally where the main cooling fan is located and there's probably a vent or perforated section to the case where the fan draws in or blows out air. Just check that the vents are not blocked or obstructed by dust or anything else. Clean any accumulated dust off with a paint brush. For a more serious build-up of dust it may be appropriate to disassemble the computer to enable a more complete and thorough clean. But caution is needed if going there. If unsure seek help from a trained technician.

For the malware aspect, it makes perfect sense to have good internet security software that's actively scanning for and preventing infections at all times. For those who are happy to go with the subscription-free option I'd say Avast Free is probably the best one currently available. For the subscription based products Kaspersky Internet Security is generally highly regarded for its very good detection rate.

In Windows 8 the Control Panel entry (highlighted
in yellow) to access and remove apps looks like this.
For the software clutter aspect take a good look at what's installed and remove anything that's not needed or essential. Note. If you're unsure about what's a valid candidate for removal best err on the side of caution and leave it be. To see a list of what's installed go to the Control Panel and then,depending on which version of Windows on your computer go to Add/Remove Programs (Windows XP), Programs & Features (Windows Vista & Windows 7) or Programs (Windows 8). As a general guideline anything from Microsoft, your computer's vendor or your internet security app is best left alone. All others are potential candidates for removal. Again, if unsure about doing this seek help.

Wednesday, 10 July 2013

Some things to consider when contemplating a SSD upgrade

If you’re thinking of getting a Solid State Drive (SSD) for your desktop or laptop computer the chances are you're looking for a performance boost. Either way here are a few things to consider before proceeding. 

A SSD is a type of computer storage device that has no moving parts. In fact an SSD is a bit like the memory card used in a digital camera but bigger and faster. The lack of moving parts and architecture of the SSD allows data to be transferred to and from it at very high rates. Consequently that delivers a big performance boost to most modern desktop or laptop computers which is the main reason they’re so appealing.

Many who’ve been interested in an SSD upgrade since they first appeared on the scene have the perception that it’s prohibitively expensive and, therefore, are unwilling to go there. You may also feel that a 128Gb or 256Gb capacity is insufficient for all programs and files. Whatever your concerns, I’ll do my best to address them.


SSD prices have been dropping steadily for a couple of years now but have stabilised. At the time of writing it's possible to buy a Samsung 840 series 250Gb SSD for under £140 which is a great product at a very reasonable price. For most 250Gb of storage in a laptop or desktop is plenty. However for those who need more space £270 will buy the larger 500Gb SSD from the same range. The smaller 120Gb drive comes in at just under £80. it's also worth considering the alternatives discussed later on in this article.

Performance Expectations

If you’re thinking about upgrading your current desktop or laptop with a SSD here’s what you should expect to see from the first reboot. Startup will be a lot faster. Programs and files will launch or load faster, and your search results will also turn up faster. This short video provides a demonstration of the kind of performance difference I've seen in real world situations. Furthermore in an upgraded laptop it’s likely that, when not connected to the mains, battery life will show an improvement. The reason for this is because the power consumption of an SSD is much lower than that of a mechanical HDD. It's also likely there'll be a reduction in noise levels as a SSD is completely silent.

However, to be clear, having a SSD on your system will not improve all aspects of it's performance. For example the speed at which your pc’s browser renders web pages is more likely to be limited by internet connection speed and, perhaps, graphics performance. Similarly tasks which are dependant upon the speed of the computer’s CPU such as rendering a video will continue to be limited by the speed of the CPU. In short the SSD upgrade will address what is most likely the computer’s biggest bottle-neck. However it won’t miraculously transform the computer into something it isn't.

OS & App Migration

If you’re getting a SSD with a brand new computer you may want to skip this section and move on to the next. This section is for those who are upgrading a computer with a mechanical HDD to a SSD. 

A key part of the migration process is the transfer of your current operating system and all installed applications. For most the path of least resistance involves imaging or cloning the contents of the existing HDD and replicating that image straight over to the SSD. With that in mind it's desirable to be able to have both HDD and SSD connected while running some drive imaging program.

In some cases SSD vendors include a kit with their SSD. But if not they're available to buy separately. The migration kit is likely to contain a CD and a cable or adapter to facilitate the temporary connection of the SSD to the computer via USB for the duration of the cloning process. Once that’s done, the SSD is mounted inside the computer and, in most cases, that’s in place of the existing HDD. However it is perfectly feasible to have a system which makes use of both a SSD and a HDD where there is physical space within the computer to do so.

Laptop users who need the extra storage space may have the option to replace their laptop’s DVD drive with a compatible caddy within which the SSD/HDD is mounted. This allows the user to retain the existing HDD and add the SSD. This approach enables the benefits of SSD performance plus the benefit of the storage capacity of a HDD to host larger volumes of data. In this configuration it’s normally the case that the SSD hosts the operating system and all apps and the HDD contains user data to exploit the benefits of both devices.

For those without the luxury of enough internal space for multiple drives cloud storage may be the best available compromise. Cloud storage delivers a whole bunch of other benefits aside but I’ll save that detail for another article.

It’s worth noting that cloning a system from HDD to SSD can, in some cases, give rise to compatibility issues. I’ve, personally, not encountered any in the migrations I’ve done thus far but have been advised that it is possible. With that in mind the ideal World approach is to install the OS and all apps from scratch which can be a lengthy process, especially if, for whatever reason, the installation media is no longer available. Having installed the OS and all apps I’d most likely use a utility like Windows Easy Transfer or an equivalent to backup and transfer all user data and configuration settings.

Installation & Warranty

If you know how to install a HDD into your desktop PC, installing a SSD is very similar; in fact it’s practically the same. However, there are a few things to note when installing a SSD.

Laptops are all built differently and while most make it easy to gain access to the internal HDD there are some which will be more complex, requiring more time and effort in disassembly/reassembly to install a SSD.

For desktop computers access is normally quite easy. So installation may even, in some

cases, be a tool free experience. However it’s worth checking how an SSD is going to be mounted inside the computer’s drive bay. I say this because a SSD is physically much smaller than the default sized desktop HDD. In this case it’ll probably be best to use what’s known as a mounting kit within which the SSD sits. The outer edges of the kit then sit snugly within normal sized HDD bay.

Also important to remember when installing a SSD is to check and, if necessary, modify the computer’s BIOS configuration so that the SATA setting is at AHCI rather than IDE. It may alternatively be called SATA Mode Selection or SATA Mode. Each system will name it differently but you’ll easily find it with a little exploring around the BIOS. Performing this step ensures that you get maximum performance from your SSD.

If your desktop or laptop is still under warranty and you’re concerned about voiding the warranty it’s worth contacting the vendor to seek advice. They may provide a retro-fit service whereby they’ll replace your computer’s HDD with an SSD while retaining the warranty.

It’s normal to expect a SSD to come with a multi-year warranty. However it’s undesirable to be in a situation where the warranty process is needed. So it’s advisable to choose a SSD that’s got a good reputation. User reviews are a good source of product quality and/or follow-up service provided by the vendor. Additionally for Windows 7 users it’s advisable to follow these tips from Microsoft to ensure you maximise the chances of getting a long lifespan with speedy performance out of your SSD.

Saturday, 18 May 2013

How to overcome the Excel error: There was a problem sending the command to the program.

I was asked to help a client who'd unexpectedly lost the ability to open Excel documents sent to him as email attachments or by directly double-clicking documents he'd previously created. The above error was the response he was seeing when attempting to open Excel docs.

There was no obvious explanation for the issue which had just started to happen recently. Nothing had, apparently, changed in the Windows 7 Starter Edition on his Samsung netbook. The Office version in this case was 2007.

A bit of time invested in searching the web revealed this to be a fairly widespread issue affecting multiple versions of both Word and Excel. Thankfully those searches also turned up a bunch of different possible solutions and workarounds posted in various forums and blogs.

I'm not planning to include all possible solutions in this article because there are lots to choose from. However the following is the one which worked for me and is associated with Dynamic Data Exchange (DDE). To implement it follow these steps:

1. Within Excel click on the big Office button in the top left corner.
2. From the menu that opens click on the Excel Options button.

3. On the Excel Options screen click on Advanced. Then scroll down to the General section and deslect (remove the tick) adjacent to the Ignore other applications that use Dynamic Data Exchange (DDE) setting.

At this time I don't really understand why this setting needs changing from it's default in order to regain the ability to open Excel documents. I'm also unsure what impact may arise from implementing this change. However for my client this appears to be an acceptable workaround with apparently no loss of functionality.

I plan to update this article again as and when I manage to discover the proper resolution to this issue, meaning: I can have DDE enabled and open Excel docs without seeing the above error. Or if there's anyone out there who's already gained that understanding and is feeling generous enough to share the detail with me please post a comment.

Tuesday, 14 May 2013

Add a one-click shutdown tile to your Windows 8 Start screen to make it simpler to shut down

It takes too many actions to shut down a Windows 8 pc/laptop; more than it took in previous editions of Windows and for no good reason that I can see. But on the plus side it's easy to add a one-click tile to the Start screen which takes care of that problem very nicely. The following instructions will take you through the steps to create your own Start screen shutdown tile...

1. Click the Desktop tile or press Windows + D to get to the desktop
2. With the mouse cursor over an empty space on the desktop right-click and select new > shortcut.
3. Type shutdown /p in the location box then click Next, then click Finish
4. Optionally right click on the shortcut and choose the Change Icon button to select a more meaningful icon if that helps make it more relevant.
5. Right-click on the newly created shortcut and choose the Pin To Start option. Job done!

Wednesday, 24 April 2013

A scam email I received earlier today

I had the following email - minus the black blobs - waiting for me when I checked in earlier this morning.

It was from a friend, had no malicious attachments, and so hadn't been consigned to trash or the spam folder.

The content wasn't what I'd expect from that friend so that helped to confirm that it wasn't an email they'd consciously sent me. I made contact and, sure enough, they were fully unaware of the fact that the message had been sent from their personal email account to multiple recipients from their address book.

The implications of this are that the email account had been hacked and/or their computer (an Apple Mac) was infected with some virus or trojan. My advice was to assume the worst; both to be correct and act accordingly. I also advised them to contact everyone who will have received a copy of the email advising them of the situation and to delete the email without reading since the link it contains will, no doubt, be a fast-track to further woes.

For the email account the quick fix is an immediate change of password, preferably using a strong one which at least meets their service provider's recommendations.

Their response, when I suggested the possibility of a virus infection on the Mac, was surprising. They'd been led to believe that "Mac's don't get virus infections" which, apparently, came from the sales assistant. I set them straight on that piece of misinformation and advised they assume the worst and get it checked out even if it is unlikely to be the case. I think they're planning a return visit to the shop within the next few days and will, I suspect, provide some relevant customer feedback.

Intego, Kaspersky and Symantec all offer highly rated security solutions designed to keep your Mac as clean and pure inside as it looks outside. Intego's VirusBarrier 6 offers protection for 2 Macs about £70, Kaspersky's One product will run you about £25 and the Symantec product is about £30 for 2 Macs. All three offer comprehensive anti-malware protection.

If these are too pricey, Sophos and ClamXav are available for free. If you're new to anti-virus software (and most Mac users are) you might want to try a free option to learn more about what's available to you.

Sunday, 24 March 2013

If it seems too good to be true...

As the old saying goes, “if it sounds too good to be true, then it usually is.” Nowhere are these words of wisdom more applicable than on Facebook!

Very few words can capture one’s attention more than the word ‘FREE.’ You would think that the constant use and overuse by marketers worldwide would eventually wear the word out, but it's not the case. Just seeing the word on a page, in an online advertisement, or hearing it on the television or the radio is enough to grab the average person's attention.

Facebook scammers and spammers have enjoyed great success with the lure of false promises. At any given moment, you don’t have to look very hard to find Free iPads, iPhones, Computers, etc. -Including iPad Giveway and other ‘Giveaway’ Pages. The pics I've posted here are examples of a couple of these I've seen over the past day alone.

The whole premise that a new Iphone or Ipad can't be sold and has to be given away because the factory seal on the packaging has been broken is, frankly, unbelievable given the high value and desirability of these items.

The Apple name and logo have been used in the title of the Facebook page to make the offer appear legitimate and, perhaps, associated with Apple Inc. However take a look under the surface at the About info for any of these pages and you'll see there's little or no detail of who's behind the offers, and it's certainly not Apple Inc.

99% of the time, the end game encountered by unsuspecting users is either a survey scam or a marketing gimmick where you have to complete several ‘special’, ‘reward’ or ‘bonus’ offers to qualify for the promotion. These offers often cost real money, and we have yet to hear of a case where the participant actually received anything after jumping through all of the hoops.

I clicked on the links in the above pages just to test my theory which took me through to a web site where, before I could even see specific details of the offer, I was challenged to provide my name, email address and "any other relevant information" whatever that might be. So anyone clicking through just to check the details of the free offer doesn't even get the option to choose whether or not to subscribe. Seems like a very hard sell to me which, if the offer was genuine and above board, really wouldn't be necessary.

So my advice to you here is: avoid these like the plague!

Finally... I'm big enough to admit my mistakes. So if I'm wrong about any of these Facebook Ipad/Iphone giveaway offers I'll happily eat humble pie in this blog. However I'll need to see hard evidence from someone I know and trust to convince me.

Saturday, 23 March 2013

A simple fix for most WiFi signal strength problems

I'm often hearing from friends and clients who struggle with WiFi signal strength problems in their home or office. However there's always a solution to it and based on my own experience it's normally a trivial one. Here's some food for thought when approaching the task of deciding on the most appropriate solution.

Most of the time a WiFi repeater will provide an inexpensive solution to the problem. A wireless repeater will take an existing signal from a wireless router or access point and rebroadcast it to create a second network with an apparently seamless connection between the two networks. Those outside of the primary network will be able to connect through the new "repeated" network. Wireless repeaters are commonly used to improve signal range and strength within homes and small offices.

Generally speaking WiFi repeaters work best when positioned in an elevated setting within the room or space their WiFi signal is to be broadcast. That's because an elevated setting typically has fewer physical obstructions. However that elevated setting's not always easy to achieve in a home/office unless there's a high shelf or storage unit upon which the repeater can be placed. Furthermore this can also give rise to a problem of having an unsightly trailing power lead which is often undesirable in a home setting.

There's a popular preference for the wall-mounted type WiFi repeater. And it's understandable because they're compact and less obtrusive. Bear in mind though that they're often handicapped because they're likely do be plugged into a wall socket way down at shin level, and possibly obscured behind furniture and therefore not ideally situated to deliver optimum performance. For this reason they can deliver disappointing results.

The alternative to the plug-in adapter type repeater is the free standing type device such as the one pictured here. It'll have an external power adapter and most of these free-standing repeaters come with a wall-mounting kit. The device's external antennas are adjustable and help improve its WiFi signal strength.

In most situations either of the above products will do what's needed and I'm happy to recommend either. However I'd say the free-standing one is most likely to give the best/strongest signal, hence would be my first choice. Mine is sat on top of a book case and is out of sight but gives out a strong signal from up there.

Saturday, 16 February 2013

How to check that a web site is safe to visit

Links to web sites present themselves to us in a myriad different ways. That link in a Facebook post that'll show us a funny video; an email from an acquaintance containing a link to an amazing special offer; a message posted in a newsgroup or forum containing a link to a valuable piece of information; the list is endless. Most of the time these links do exactly what is expected. However there are folks out there hoping to trick us into visiting some web page or launch a piece of code that'll attempt to perform some unexpected and probably harmful action. But, hey, I've got internet security software so I'm protected against this kind of thing, right? Not necessarily. It's not guaranteed that your internet security app, even when fully up-to-date, will 'know' about that new piece of malware and, therefore, may not be able to block it. So the best advice is  if you really want to proceed then do so with caution. Thankfully there are some resources out there that'll help. Here are a couple of sites the purpose of which is to check the safety of a web site when given the site's address.

McAfee's Site Advisor - It's not necessary to install the free download in order to use this resource. Instead I suggest you go ahead and enter the site's URL into the  text box in the right sidebar under the heading of View a Site Report (see image on right) and you'll see either a green (safe) or red (unsafe) at the beginning of the report. If you're interested to know more SiteAdvisor goes on to provide a lot more detail.

Norton’s SafeWeb (see screenshot below) works in a similar way to the McAfee site. When displaying a site’s threat report it contains user community input in the form of reviews and ratings in the right sidebar. The actual Norton review starts with the green (safe), orange (caution advised), red (unsafe) or grey (unknown) icon, followed by the threat report, that includes the results of 17 different malware tests. For certain sites, Norton’s SafeWeb also reports information of e-commerce safety (whether the site encrypts transactions and has a privacy policy).

In summary it makes perfect sense to use one or other of these sites to check out a web site if you're at all unsure about its safety.

Tuesday, 12 February 2013

Problems downloading attachments in hotmail? I’ve seen this and have fixed it. Read on to find out how I did it.

I was invited to assist a client who was struggling to overcome a newly evolved problem on her Windows 7 laptop. The issue is understood to have appeared following the removal of Google Chrome from the system. Specifically the user was no longer able to download email attachments from her hotmail account. All attempts to do so resulted in the appearance of the following pop-up message along the lower edge of the Internet Explorer 9 browser window. The wording in the dialog box reads… Do you want to save  Get attachment_aspx?file= xxxxxxxxxxxx with a dropdown menu giving options to save or save as. Clicking on either button or the ‘x’ resulted in no response. Yup… zombified!
One suggested solution I discovered involved either enabling or disabling the browser’s Silverlight add-on. Alas that step did nothing to help. Another suggestion I came across was to make sure that the program and file associations were set back to refer to IE rather than Chrome. This revealed that some associations were set incorrectly but updating them didn’t help. In the end updating the browser to IE10 nailed it for me. However I also updated the old style hotmail interface to the Outlook one at the same time; it may have played a part.
My hope is that one or more of these suggested solutions helps others searching for a fix to the same or a similar issue.

Wednesday, 30 January 2013

Old school fraud masquerading as something official

2012-12-27 12.09.20
If you're here looking for a solution to the Your Computer Has Been Locked banner screen then this article should give some general pointers and info. Please comment if you have something constructive to add or found this article to be helpful.

This is a new twist in the type of malware infection that’s on the loose at the moment. Everything about this rogue app is designed to intimidate its unsuspecting victims (there have been many) into believing that there’s something official about the basis for his or her pc being locked. However it’s nothing more than theft, fraud, crime or whatever seems most appropriate to describe this kind of low-life activity.
In this example the computer has been well and truly hijacked and with no apparent way of getting rid of the on-screen message or regaining control of the infected pc. Furthermore the victim is being asked to send a payment of 100GBP to buy the release. Alas the needed solution will not be found by making the payment. Instead it’ll result in the criminals behind this fraud getting credit card and, most likely, other valuable personal information with which to attempt to commit further crimes.
The solution here is to find the most appropriate way to clear the infection from the pc without having to completely wipe the system with a reinstall of Windows. So we turn to using one or possibly more anti-malware apps.
The above pc, running Windows Vista, had to be restarted into safe mode to enable the necessary control to be regained. Having got this far it was then possible to use SurfRight’s HitMan Pro to perform a scan of the infected pc. Multiple infected files in various locations on the hard drive were discovered and cleaned. Further infected files were detected during a subsequent scan using MalwareBytes Antimalware scanner.
Perhaps not all of those infected files were associated with the ransomware but, of course, all needed to be removed for obvious reasons.
Following this disinfection the pc could be restarted normally with no apparent damage to the Windows operating system, user data or the installed apps. A lucky escape? Not so easy to discover is what information may have been harvested from the infected pc. So follow-up actions include resetting passwords on all important accounts. e.g. online banking and shopping. The other priority follow-up was to invest in better internet security software. Kaspersky and BitDefender are the vendors of what is considered to be the best currently available.
It’s priggish to say this, I know, but prevention is always better than cure!

Friday, 18 January 2013

A few words on recovery media

Most, if not all, new PCs that come with a pre-installed Windows OS normally provide a facility to create what is known as recovery media. Recovery media is normally a set of DVDs or perhaps a flash drive containing a default installation of the Windows OS and optionally any apps that came pre-installed on the system. The recovery media is very useful if the PC is affected by a hard drive failure or severe virus or malware infection and there's no other form of disc image backup from which to restore. Recovery media is also useful for quickly wiping all personal data from a PC if it's to be given or sold to a new owner. It could also be used to reinstate a known good working OS if the system becomes unusable for some other reason.So if you've not already got a set of recovery media for your PC do go ahead and create a set as soon as possible because other methods of recovery are likely to be time-consuming and/or more expensive.

Instructions for how to create the recovery media are typically provided and, based on my experience, there's a wizard-driven process for the creation of a set of recovery media. This page on the HP site describes the creation process using either DVDs or a flash drive.

If you've acquired a system from a previous owner and the recovery media isn't included you may find that you're blocked from creating the recovery media because a set has already previously been created. A restriction is in place - certainly on HP PCs - which limits the number of times recovery media can be created to just one. If you're in that situation and need to overcome the block then completing the following steps will work...

1. Delete the hidden file named RMCStatus.bin from the following two places:

  • c:\Program Files(x86)\Hewlett-Packard\Recovery Manager\
  • - the root of a drive d:\ (or whatever drive letter is assigned to the RECOVERY partition)

2. Remove the hidden file Rebecca.dat from C:\Windows\System32\

Note. I've tested the above on a Windows 7 HP laptop and it worked just fine.

I also understand that it's possible  use a product like Partition Magic which has, amongst its other capabilities, a recovery media creation tool which could be your get-out-of-jail card in the absence of all other options.

And finally please bear in mind that the above guide must be used in conjunction with - not in place of - whatever process you already have in place for backup of your data.

Thursday, 17 January 2013

The Microsoft phone scam continues to plague us in 2013

If you receive an unsolicited phone call from a security 'expert' from Microsoft (and possibly other vendors) offering to fix your PC - it's a scam. It's been doing the rounds for several years now and is obviously deceiving some into parting with money. Otherwise it would have gone away by now. Here's how to avoid the 'Microsoft phone scam', and what to do if you fear you have fallen victim to it.

Here's how the scam works...

The scammer calls you and asks for you by name. He/she will say they are a computer security expert from Microsoft (or another legitimate tech company). The 'security expert' is direct and polite, but quite forceful. They'll say that your PC or laptop has been infected with malware, and that they can help you solve the problem. What happens now depends on the particular strain of scam with which you have been targeted.

Some scammers will request that you to give them remote access to your PC or laptop, and then use the access to harness your personal data. Others will instruct you to download some piece of software which contains malware that will automate the task of harvesting your personal data. Another variant of the scam involves the scammer simply asking for a payment in return for a lifetime of 'protection' from the malware they allege is on your machine.

The bottom line: no bona fide IT security specialist is ever going to call you in this way. For one thing, they can't tell that your PC is infected. The scammer is calling you simply because they've harvested your name and number from a phone book, or some other marketing list to which your details have been added at some point in the past. The scammer knows nothing about you or whether you've even got a home computer - it's nothing more than a trawler trip. However the scammer fully expects to catch the unsuspecting and unsure off-guard which is the only reason he/she is doing it. It's not personal, but, like any crime, it makes you the victim and is ultimately harmful to you on many levels.

The Microsoft phone scam: my advice if you're called by one of these scammers...

1. Just put the phone down. Don't react to the call. In fact your best response is to say nothing at all.

2. If they do manage to engage you in conversation, don't provide any personal information. This is a good advice for any unsolicited call. And certainly never reveal credit card or bank details.

3. Don't allow any unknown caller to guide you to a webpage, or instruct you to change a setting on your PC or download software.

4. If you feel motivated to report the call to the police (yes it is a crime after all) you can attempt to get the caller's details. Having some information can only help the police track the criminal.

5. If you have revealed any information to the scammer e.g. username/password info change those passwords and, if possible, the revealed usernames. It's also worth running a scan with up-to-date security software. Also ensure that your firewall is active 

The Microsoft phone scam: what to do if you have been caught out by this

1. Don't give yourself a hard time over this. It's a successful scam and has been - and continues to be - used to successfully trick many. 

2. As already mentioned change all the personal data that you can change. There's lots of data you simply can't change because it's fixed e.g. date of birth. But you can usually change your passwords and usernames. It can cause a lot of grief to change but you can create a new email and then start using that separate email account for linking to your online accounts for banking, shopping, etc. 

3. Contact your bank to explain what happened and ask them what they can do to help.

4. Ensure you use up-to-date security software to scan and, if necessary, cleanse your PC of any virus or malware. And if the scammer did get you to do something to your PC using Windows' built-in System Restore facility to roll back the settings is a good step to take. Here's an article that describes how to use system restore in Windows 7.

5. Do tell the police, especially if you've lost money. It's worth checking whether your credit card company or contents insurance will cover the loss.