Last week was fun in the IT (information technology) world. Not because of any real damage by conficker - but because of the absolute media over-hype of something they don't have a clue about. I had a couple of customers call me - and the conversations were short: "Rex, do we need to worry?" - "No Bob you don't." - "Ok - thanks Rex."

absolute media over-hype of something they don't have a clue about.

None of my normal customers were affected by Conficker - and I have over 500 clients. Why?  Mainly because they follow my Simple Rules for Computing. That means you do the following:

1. You have a good backup of your data files (my docs, etc)
   
2. Behind a NAT router
3. Use OpenDNS on your network
   
4. Follow common-sense and don't open every email attachment sent
5. Don't install software that you don't absolutely trust
6. Keep your computer patched (see links below)
   
7. Lastly - run anti-virus such as AVG

Notice I put anti-virus last on the list? That's because anti-virus programs don't stop the majority of complex viruses, trojans, and worms these days. Your anti-virus today is much like an alarm system - it warns you once something is already on your system. Think about it this way - if the anti-virus programs really were that good - we wouldn't need to worry about anything right?

Here are the bullet points about Conficker:

• If you are running Auto-Updates on your computer - you were patched in October 2007 and have nothing to worry about.
• If you are behind a NAT router (Linksys, DLink, Netgear, etc), then you can only get the worm through attachment, malicious website, or possibly a USB drive.
• Conficker has infected quite a few machines in the US.
• It is a very complex worm and is designed to change itself frequently.
• If you are infected, Microsoft has a removal tool - but I recommend the usual backup, wipe your machine, reinstall Windows so that you can trust your machine again.
  

--------------------
What was the deal about April 1st?
--------------------

There was code in the worm that indicated it would do something on April 1st. Nobody knows for sure yet, but many guess that it would download another set of instructions. That's it.

If you weren't already infected, you had nothing to worry about. Period.


------------------
Helpful Links
------------------

Vista Updates
http://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsvista.mspx

XP Updates
http://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsxp.mspx

Labels: conficker, security, spyware and malware

When it rains it pours. This post follows-up to this one.

Getting Rid of Antivirus 2009 - Antivirus 2008
http://www.smartergeek.com/blog/2008/12/antivirus-2009-is-actually-spyware-or.asp

------------------
From Email
------------------

im so aggravated at this thing all i do is check my yahoo mail and talk to my niece on yahoo messenger

----------------------

My Response
----------------------

As I told you yesterday via email and on the phone, I will be glad to help you fix it. I realize that you just want to check your email; however, when other people use the computer, typically they will do more than just check email. If something unintentional happens, then your email checking suffers the consequences.

We can put some systems in place to help prevent this sort of thing from happening in the future. However, I can't change the behavior of the people using the computer - except to warn you of the consequences.

Myspace.com itself is not evil (in a tech sense). It has great social networking value. What happens though is that malicious content gets inadvertently posted on someone's profile page.

People (teenagers and adults) add anything and everything that looks silly to their profile pages, and then Myspace users just click at any "jumping monkey" on the screen. That's where the problem lies - in the behavior of users.

*85% of Myspace users are 18 yrs or older.

source: http://www.web-strategist.com/blog/2008/01/09/social-network-stats-facebook-myspace-reunion-jan-2008/

Fortunately for me, that sort of behavior keeps me in business even though I am an evangelist for responsible behavior. As people screw up their computers, I get paid to fix them and warn them.

Please review the following links:

Why did I get infected in the first place?
http://www.smartergeek.com/blog/2008/07/why-did-i-get-infected-in-first-place.asp

Layered Security Basics
http://www.smartergeek.com/blog/2008/03/layered-security-basics.asp

Labels: myspace, spyware and malware

--------------------------
From an Email:

i have a question to ask you , my computer keep popping up anti-virus 2009 and saying i have two virus trying to get in but i've checked everything and and run  every update and they all say i'm protected but that anti-virus 2009 want quit popping up so what do i do please help
---------------------------

Antivirus 2009 is actually spyware (or malware) running on your computer. It is not a "virus" really, but rather tries to get you to purchase the premium version. It's a scam. It will tell you that your computer is infected whether it's true or not. Of course, it doesn't protect you from anything.

If you click on it, it will typically try to redirect you to antivirus-premium.com, webscannertools.com or one of several other websites that are fradulent and malicious. Many of these sites have exploitative code that is capable of doing more harm to your system, especially if you use Internet Explorer.

Antivirus 2009 gets on your system the same way that it's previous versions did - Antivirus 2008, System Antivirus 2008, Ultimate Antivirus 2008, XP Antivirus 2008, etc. They arrive via trojans such as Zlob or Vundo, which typically come in through bad video codecs or other installed software that was not safe.

Important: DO NOT INSTALL any software that you don't absolutely trust. If in doubt, contact me.

----------
How to Get Rid of It
----------

You have to be careful when using software to get rid of malware. Many times software that advertises itself as helpful is really spyware also!

Download the following programs:

(1) CleanUp by Steven Gould
http://www.stevengould.org/index.php?option=com_content&task=view&id=29&Itemid=72

Install and run it to remove all temp files.

(2) Next, download and install MBAM

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

1. Download, install it and update it.
2. Then run the quick scan - this can take some time.
3. When the scan is complete, clock OK to close the message box.
4. At the main screen, click "Show Results".
5. Then click "Remove Selected".
6. Close the log and restart your computer.

 When you are finished with the scan and have removed the files, restart your computer. Make sure you are running the latest version of AVG with updates installed. I'd suggest running a full system scan.

UPDATE:
This saga continues here: http://www.smartergeek.com/blog/2008/12/myspace-and-antivirus-2009.asp

Labels: spyware and malware