Tuesday, March 23, 2010

Various Spyware programs

Lately I've had several people be infected with various spyware programs. In fixing these issues, I've come across some steps that I want to document for my (and yours if you come across this blog) future use.

After using several anti-malware programs to clean the infected hard drive, I have come across that some additional steps needs to be taken. Below are my notes regarding this process.

Problem: Get the following error message: “This file does not have a program associated with it for performing this act.” Neither Word, nor any .exe program will open. Windows does not fully load (i.e. virus software, etc)

Step 1 in fixing the problem:
Open the registry editor. This can be slightly tricky because it will not open the old fashion way (Start – Run – Regedit – Ok). Below are three ways in which I have had some success in opening the registry editor.

1. Option 1
a. Press Start>Run and type cmd in the box and press OK.
b. At the command prompt type cd c:\windows and press return.
c. Type copy regedit.exe regedit.com and press return.
d. type regedit.cm and press return. You should now be in the registry editor.
On the menu bar click file and select export. Save the registry as registry.bak.
2. Option 2
a. Follow substeps in Option 1 except type “command” instead of “cmd” in substep a.
3. Option 3 (Vista & Win 7 only)
a. Right click on C:\Windows\regedit.exe
b. Left click on “Run as Administrator”

Step 2 in fixing the problem:
Editing the registry to correct the problem. Note: These steps came from this forum.
1. If Registry Editor opened successfully, navigate to the following key:
2. HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command.
3. Double-click the (Default) value in the right hand pane and delete the current value data,
and then type: "%1" %* exactly as shown including the quotes and asterisk
4. Navigate to HKEY_CLASSES_ROOT\.exe
5. In the right-hand pane, set (default) to “exefile”
6. Exit the Registry Editor.
7. Reboot
8. Verify that the programs will now open.

One more thing to check:
After this I usually double check the problem that I came across in my last blog post and verify that the Security Center is showing the correct firewall and anti-virus software. If not below are the steps to correct this problem.

1. Click the start button and search on the word "CMD" - "CMD.exe" should appear.
2. In the command window at the prompt type each line and press Enter:

net stop winmgmt
cd c:\windows\system32\wbem
ren repository repository.old
net start winmgmt

3. Restart the computer and check the result.

That should take care of it. Good luck!!!

Tuesday, August 11, 2009

Windows System Suite Removal

Today I came across another piece of spyware that is similar to "AntiVirus 2009" and "AntiVirus 360". It's called "Windows System Suite" and uses the Windows Defender icon as it's icon. The program, like the other two mention, makes the user believe that they are infected with dozens of spyware, viruses, and/or trojans and to pay this fee in order to remove the infected files.

I was able to remove the program by following the manual instructions from this website....http://www.2-spyware.com/remove-windows-system-suite.html. Like with the previous blog post, this one also encourages you to download a removal tool, however below that are the manual removal instructions. I prefer the manual removal method personally because often times the program they want you to download eventually costs you money to fix the problem.

Hope this helps!

UPDATE: While the instructions above were good, I continued to have problems with the computer. The command prompt wouldn't open, any virus protection software installed on the computer wouldn't open, Windows Defender wouldn't open, and other virus protection software would not install. I ran a McAfee Stinger to see if it had a virus (it did not), I ran Windows Updates to see if some hole needing patching (didn't fix problem), and I searched for hours on the Internet trying to find others who were having this problem (nothingwas found). The other strange thing is that the Windows Security Center (the thing that tells you if your Firewall, Windows Updates, & Virus Protection is on) was saying that the "Windows System Suite" was my antivirus protection. Was the stupid Windows System Suite still on this box? I dont think that it actually was. I think that the instructions that I followed did totally remove the malware program, however I was still having some problem.

After some time away, and talking with my boss, I tried a program he recommended (Malwarebytes) and also tried a program I remembered (Spybot - Search & Destroy). Both of these programs did actually open and ran fine. Both programs did find malware/spyware installed on the machine. Both programs did remove all found malware/spyware on the machine. However, it took running both of these programs to fully clean up the issues of programs not opening (ran both programs twice to make sure with a reboot in between - always a good idea).

NOTE: Unlike Virus Protection, it is a good idea to have multiple programs to fight malwware/spyware on your computer.

At this time I installed the AVG Anti-Virus program and ran it to check for viruses (none were found).

Even though the programs would now open, I still had problems with the Security Center showing multiple virus programs installed (both the AVG and the Windows System Suite). I could not figure it out, so again I took some time away from the box and finally figured out what terminolgy to use in my Internet search (more important than one might realize when searching) and came across how Windows stores the settings for the Security Center. Thanks to this forum post, which wasn't exactly my problem but close enough that it gave me the information that I needed, I found that when the following instructions were followed that my issues with multiple Virus protection showing up in Windows Security Center went away!!! :) YAY!!!

  1. Click the start button and search on the word "CMD" - "CMD.exe" should appear.
  2. In the command window at the prompt type each line and press Enter:

    net stop winmgmt
    cd c:\windows\system32\wbem
    ren repository repository.old
    net start winmgmt
  3. Then, please restart the computer and check the result.

MAN this issue was HARD, but thanks to my boss and some Internet searching I was able to fix the problem without totally rebuilding the machine. :)

Tuesday, February 17, 2009

AntiVirus 2009 or 360

Several people I know have had a version of the SpyWare "AntiVirus" on their computer. The two main types that I have encountered lately is "AntiVirus 2009" and "AntiVirus 360."

While several websites have methods to remove this program from your computer, there are some manual instructions also out there on how to do it. This website, http://www.xp-vista.com/spyware-removal/antivirus-360-antivirus360-removal-instructions, is one that I found that I was pretty impressed with the information on the page that I wanted.

Notice how the website encouraged you to download and install a piece of software in order to fully remove the program? However in addition to this, the website also gave manual instructions on uninstalling the software. I would recommend that you follow the manual instructions. Usually those will do the trick. If they don't, I would personally recommend trying the following three free programs instead of downloading their product. All of the programs are free to home users, and the combination of the three work remarkably well.

Windows Defender - Yes I know that it's a windows product but in my experience it works pretty good.
SpyBot Search & Destroy - will ask you to donate money, but you don't have to if you don't want to. Haven't used this too much, but know from other people that it's a quality product.
Ad-Aware - also has versions that you can purchase but the free home version is good enough for me, so it should be good enough for you.

These three programs are also good to keep on your computer and run from time to time. You mind find that you have other malicious software/files on your computer that need to be cleaned off.

Finally before you call the computer clean, I would strongly recommend that you run a virus scan on your computer. Better safe than sorry in my opinion.

Hope this helps keep your computer clean, safe, and free from malicious software/files.

Wednesday, December 31, 2008

Happy New Year

So far it's been a busy holiday season technology wise. I've been working working on various projects while I've been off from work and still have several projects that I still want to do. Hopefully I'll be able to get everything done, however even if I don't that's ok.

I wanted to post a quick blog before the new year. Here's to 2008. It was a year filled with mixed emotions. Some events were wonderful milestones in my family and other events were very sad with the passing of familly members. Here's also to 2009. May God continue to bless us as He so richly has this past year. The fact that we have our health, jobs, a roof over heads, family, and other blessings - we are so blessed to have what we do and I'm very thankful to our Heavenly Father for those blessings.

Hope everyone has a safe and sound new year.


Thursday, December 25, 2008

Merry Christmas!!

I'm going to try to get this in before midnight my time....

Merry Christmas!!


Thursday, December 18, 2008

Critical Windows Update


While it is amazing and unbelievable that I would actually be able to have time to blog twice in one week, the truth is I really don't. However I did want to take a moment and mention an important Windows update that came out yesterday.

As many of you might have seen in the popular press a huge security issue was found in all versions of Windows Internet Explorer that allowed hackers access to control your machine. Because of this issue Windows issued a fix yesterday (12/17/08) afternoon. This fix is downloadable and automatically installs on your computer if you run Windows Updates. If, however, you want to manually install the patch follow this link (http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx) and download the patch under the "Component" section that corresponds with the version of Internet Explorer and the operating system that you have on your computer. Once you have downloaded the patch, install the patch, and reboot your computer. Your computer should be updated and protected from this particular security threat.

The question arises, though, of how do I make sure that I have it installed on my computer? That is an excellent question, especially since hopefully you have Windows Updates run automatically (by the way if you do you still need to run Windows Updates manually so that you get the patch installed ASAP). To verify that you have the patch installed, open My Computer and go to C:\Windows. If you have a file that has the name "KB960714-IE7.log" then the patch has been installed on your computer and you are protected.

A second question arises of what if I don't use Internet Explorer as my web browser (aka the program that you use to get on the Internet)? I would still recommend that you run Windows updates since it's always wise to make sure that your computer is protected.

This probably will be my last blog before Christmas. I hope all of my readers (all two of you) have a wonderful Christmas. May you get everything that you hope for, but may you also take the opportunity to appreciate and give back some of the many blessing that you have. May God bless you and keep you. May His countenance shine upon you and give you peace.


Monday, December 15, 2008

HTTP works but HTTPS doesn't!!

I had an interesting problem with my personal laptop last week. Here is the specs on my, um I mean our, laptop.

Make: Dell
NIC: Dell wireless (didn't use the wired NIC)
ISP: Local Cable company

So here was my problem. After signing on my laptop, the laptop would proceed to connect to the wireless network in our house, it would then sign onto the IM service that I use, and then the rest of the programs would finish loading on my laptop. When everything got finished loading I would start to surf the Internet, because what else do you do with a computer at home right?!?! After about 3-5 minutes of being on the Internet, it would just suddenly stop working. I would get "Page can not be found" message and for the life of me could not get a website (even ones I had just visited).

So being the tech guy that I am I started looking into it, here is what I found....
1. I was still signed into my IM service, and it was still working properly.
2. I could PING and TRACERT to any website (even using the name of the website and not their IP address) with out any problems. The traffic was a little slow, but still a reasonable amount of time.
3. I could access HTTPS websites (bank, other financial institutions, secure hotmail, etc).
4. I could access my office desktop just fine for as long as I wanted (we use a Cisco VPN software to access the office PC from home).

While this was really throwing me for a loop. For all intensive purposes it should work (especially since IM was working and so were HTTPS websites). Thoughts about hackers attacking my laptop, viruses corrupting all of my data, keyloggers stealing my passwords all danced in my heads.

Trying not to freak out, I started to do some looking around on the Internet (to prevent all of the comments, I went to my office to do the research), while at the same time running a virus scan on my laptop (which didn't show anything). In my research I couldn't find anything. I did find others who were having the problems however no solutions. (thus me posting this blog). I did find some cases where people were having problems with ZoneAlarm (a firewall software) in which uninstalling and reinstalling fixed the problem. I also found where the problem existed with different Operating Sytems (98, ME, XP, Vista, Linux, etc). I also found forums that talked about this problem existing where users finally just had to totally reinstall Windows in order to fix it. Then I finally found a forum where I guy mentioned that sometimes three specific programs can cause this problem. These programs were ZoneAlarm, Norton Anti-virus, and Cisco VPN software.

Interestingly enough I had two of these three programs installed on my laptop. Also interestingly enough the next post was a guy bashing the post saying that it would not help 90% of the people out there. I really wish that I could find that forum to give the guy credit, however I closed that webpage and can't seem to find it again. Oh well.

So in trying to fix the problem I uninstalled the Cisco VPN software, but it only made my problem WORSE! Now instantly after logging into my laptop I could not get on the Internet. WHAT THE HECK!?!?!?! So I went into the registry and edited all of the instances of the software out of the registry and STILL nothing. Almost at my wits end I reinstalled the Cisco software and it STILL would only work for a few minutes. AUGH!!!

Anyway, making a long story short, eventually I was on-line enough to download several Windows Updates. Once those were installed the thing started working fine. I don't know if I was being attacked, or someone was using my laptop as a bounce in an attack, or I just needed to reboot a second time, or something else was going on. I just don't know. What I do know is that the laptop is working and I can move on to the next big issue in my life now. :S OH the joys of being a tech person.

Hope this helps someone out there. Best of luck!