Tag Archives: Trend Micro

Life in the Trenches – Never Assume Anything When it Comes to Computer Security

Guest writer, Mister Reiner, takes us through his experience of being the “on call tech” for a friend. There are some good lessons here.

image A friend of mine called me in a panic last week about a Windows home computer problem. His browser was hijacked with some type of “virus” that constantly redirected him to anti-virus/spyware sites, and he wanted some help to remove it from his computer. He’s a pretty smart guy, but he’s not a computer guy.

“Are you using anti-virus software?” I asked.

“Of course,” he answered, “What do you think I am, stupid?”

“No.You know I don’t think you’re stupid. Is it up to date?”

“Yes,” he responded impatiently.

“Do me a favor. Open up Internet Explorer, go to the menu and select Windows Update.”

“You’ve got to be kidding me.”

“No, I’m not kidding you. Just do it.”

After quite a bit of silence, I started to think we were disconnected. “You still there?” I asked.

“Just a sec,” he responded. “Ah… I think I have a problem here. It says I have 71 critical updates. Let me call you back.”

He called me back a few minutes later and told me that even after all the patches were applied, he was still having problems with browser redirection. I gave him instructions on how to download and run a free product called “HouseCall” from Trend Micro.

Sure enough, his computer was infected with a Trojan. We selected the removal option, restarted his computer and the Trojan was gone.

There are a few takeaways from this experience that are worth mentioning.

First, as many of you know, anti-virus software doesn’t catch everything. My friend is using Symantec Endpoint Protection and in this situation, it failed to detect the Trojan that infected his computer.

If you think your computer is infected with something that your anti-virus software didn’t catch, you’ll have to download and try several different anti-spyware programs to see what each can detect. Each anti-spyware program works differently, and some are better at detecting certain types of malware than others.

Second, never assume that the Automatic Windows Update feature is working properly. You should periodically go to the Windows Update website to make sure that it’s not detecting any updates that should have been applied by the Automatic Windows Update feature.

And lastly, removing malware only removes the malware. You never know what type of additional software gets installed, or what type of configuration changes malware makes while on your computer.

It may change security settings, install undesirable browser or operating system add-ons, swap out legitimate utility software with Trojanized versions, or install an undetectable sleeper Trojan that will awaken sometime in the future to install some other malware.

I always reformat the hard drive. Some people consider this extreme, but I disagree. You can never be certain of anything when it comes to dealing with malware.

I went over to my friend’s house that evening to help him backup his data, reformat his hard drive, reinstall the operating system and reinstall all the software. He thanked me on the way out the door and apologized for being short with me over the phone. I told him that it wasn’t a big deal and if he ever needed help again, to give me a call.

Mister Reiner is a computer professional with over 20 years of experience, and a Bachelor of Science degree in Computer Science. He is author of a new eBook – OWNED: Why hacking continues to be a problem.

Drop by Mister Reiner’s WordPress site – you’ll be glad you did.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, Guest Writers, Internet Safety, Malware Removal, Software, System Security, trojans, Viruses, Windows Tips and Tools

Festi Botnet Joins the Big 5

image Symantec’s MessageLabs Intelligence, has just reported that the Cutwail, Bagle, Grum, and Rustock botnets, have been joined by a new botnet – Festi, which now accounts for 3-6% of the daily global spam.

As a percentage this doesn’t sound like an impressive number, but translated into actual spam volume; 1.5 to 3 billion spam e-mails per day globally – that’s impressive. Like all successful botnets Festi continues to grow by adding additional infected (botnetted) machines, to its network.

According to MessageLabs,  Festi is responsible for at least some of the annoying “male enhancement” spam we are all so familiar with.

image

For information on botnets and how to determine if your machine has been compromised, the following articles should be helpful:

Tech Thoughts: 2 Free Port Checkers – CurrPorts and Process and Port Analyzer

Tech Thoughts: Catch the Bad Bots with Free RUBotted from Trend Micro

PCWorld – Monitor Botnet Threats Your Antivirus Can’t See

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Festi Botnet Joins the Big 5

Filed under bots, Don't Get Hacked, downloads, Email, Freeware, Internet Security Alerts, MessageLabs, Software, Symantec, System Security, Windows Tips and Tools

Uninstalling and Installing AntiVirus Software…

Antivirus software are complex programs designed to identify, neutralize or eliminate malicious content that invade your computer. Many people over a period of time will change from one brand of antivirus software to another. Antivirus software is big business and today there are many flavors and options available.

For example; there are (3)-three “FREE (for personal use)” reputable antivirus packages that are widely recognized (see below). I prefer any one of these over the major brand antivirus software packages due they are light on system resources, and are not bloated. As a matter of fact, I cannot remember ever having a commercial (paid for) version of an antivirus program on any of my computers at home.

avast

antivir

avg

The points of this article is to educate you to the fact that there are FREE antivirus software options available and that follow-up research may be required to “completely” uninstall (remove) antivirus software from your system in the event you desire to install another antivirus program.

Antivirus software, when running on your system, is hooked into many areas (i.e. registry, file system, resident memory, etc…) and uninstalling it can leave debris behind that can cause other systemic issues.

Antiviruses are like viruses; they can be hard to get rid of… To prove my point, I researched (9)-nine antivirus programs and found that every one of them had supplemental removal instructions or tools, in addition to following the typical Add/Remove console process found in Windows.

I have listed the sites below for convenience and reference. During this research I also found that locating this information was often buried deep in their sites and was not readily accessible.

Antivirus Programs – Uninstall Information & Links

Norton Removal Tool – The Norton Removal Tool uninstalls all Norton 2009/2008/2007/2006/2005/2004/2003 products, Norton 360 and Norton SystemWorks 12.0 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

McAfee Consumer Products Removal tool (MCPR.exe) – uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

Avast! uninstall utility – Sometimes it’s not possible to uninstall avast! the standard way – using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility aswClear.

Avira AntiVir – Normally the Avira Registry Cleaner removes all entries that were created by AntiVir. In this way, it prepares your system for the installation of a new AntiVir version.

BitDefender Uninstall Tool – There are two methods of uninstalling BitDefender from your computer: using the system tools and using the special uninstall tool provided by BitDefender.

Kaspersky’s Antivirus Removal Tool – Some errors might occur when deleting Kaspersky Anti-Virus product via Start > Control Panel > Add\Remove Programs. As a result the program will not be uninstalled or will be partially uninstalled. The removal tool is required to remove a variety of their products.

F-Secure Internet Security (and antivirus) – Should you decide to uninstall, F-Secure does not provide its own uninstaller. You must use the Microsoft uninstaller found in Add and Remove Programs within the Command Console. After a reboot we found no Registry files, but we did find several program and log files in an F-Secure directory tree on the root drive.

Trend Micro Antivirus – Trend Micro Support to remove Trend Antivirus plus AntiSpyware from my computer?

AVG – Open the directory with AVG Free Edition installed in and run the SETUP.EXE file or download the current installation file of AVG Free Edition from here and run it to start installation process. A window with following options will be displayed during the installation process: Add/Remove Components, Repair installation or Uninstall.

This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.

Why not pay a visit to Rick’s site at What’s On My PC.

6 Comments

Filed under Anti-Malware Tools, Free Security Programs, Freeware, Software, Uninstall Managers, Uninstall Tools, Utilities, Windows Tips and Tools

Uninstalling and Installing AntiVirus Software…

This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.

Why not pay a visit to Rick’s site at What’s On My PC.

Antivirus software are complex programs designed to identify, neutralize or eliminate malicious content that invade your computer.  Many people over a period of time will change from one brand of antivirus software to another.  Antivirus software is big business and today there are many flavors and options available.

For example; There are (3)-three “FREE (for personal use)” reputable antivirus packages that are widely recognized (see below).  I prefer any one of these over the major brand antivirus software packages due they are light on system resources, and are not bloated.   As a matter of fact, I cannot remember ever having a commercial (paid for) version of an antivirus program on any of my computers at home.

Avast

Avira AntiVir

AVG

The points of this article is to educate you to the fact that there are FREE antivirus software options available and that follow-up research may be required to “completely” uninstall (remove) antivirus software from your system in the event you desire to install another antivirus program.

Antivirus software, when running on your system, is hooked into many areas (i.e. registry, file system, resident memory, etc…) and uninstalling it can leave debris behind that can cause other systemic issues.  Antiviruses are like viruses; they can be hard to get rid of…  To prove my point, I researched (9)-nine antivirus programs and found that every one of them had supplemental removal instructions or tools, in addition to following the typical Add/Remove console process found in Windows. I have listed the sites below for convenience and reference.  During this research I also found that locating this information was often buried deep in their sites and was not readily accessible.

Antivirus Programs
Uninstall Information & Links

Norton Removal Tool – The Norton Removal Tool uninstalls all Norton 2009/2008/2007/2006/2005/2004/2003 products, Norton 360 and Norton SystemWorks 12.0 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

McAfee Consumer Products Removal tool (MCPR.exe) – uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

Avast! uninstall utility – Sometimes it´s not possible to uninstall avast! the standard way – using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility aswClear.

Avira AntiVir -Normally the Avira Registry Cleaner removes all entries that were created by AntiVir. In this way, it prepares your system for the installation of a new AntiVir version.

BitDefender Uninstall Tool – There are two methods of uninstalling BitDefender from your computer: using the system tools and using the special uninstall tool provided by BitDefender.

Kaspersky’s Antivirus Removal Tool – Some errors might occur when deleting Kaspersky Anti-Virus product via Start > Control Panel > Add\Remove Programs. As a result the program will not be uninstalled or will be partially uninstalled.  The removal tool is required to remove a variety of their products.

F-Secure Internet Security (and antivirus) – Should you decide to uninstall, F-Secure does not provide its own uninstaller. You must use the Microsoft uninstaller found in Add and Remove Programs within the Command Console. After a reboot we found no Registry files, but we did find several program and log files in an F-Secure directory tree on the root drive.

Trend Micro Antivirus –  Trend Micro Support to remove Trend Antivirus plus AntiSpyware from my computer?

AVG – Open the directory with AVG Free Edition installed in and run the SETUP.EXE file or download the current installation file of AVG Free Edition from here and run it to start installation process. A window with following options will be displayed during the installation process: Add/Remove Components, Repair installation or Uninstall

4 Comments

Filed under Anti-Malware Tools, Antivirus Applications, Don't Get Hacked, Free Security Programs, Freeware, Interconnectivity, Secure File Deletion, Software, Spyware - Adware Protection, System Utilities, trojans, Viruses, worms

Caution – Trend Micro’s HouseCall Spoofed

The Internet is increasingly like the Wild West – at least the Wild West we’re use to seeing portrayed in the movies.

The strong, fast with a six shooter, secure tough hombres (read – informed), survive; while the weak, the insecure and the unarmed, (read – uninformed), get their butts kicked. Once again we have a situation where this scenario is likely to play out.

In the last six months or so, I have focused primarily on Internet security issues on this Blog, with a particular emphasis on the massive number of rogue security applications flooding the web.

Since not all security scanners are equal, or 100% effective, I have recommended, in a number of articles, that online scanners are a viable alternative to installed malware scanners as a double check to ensure computer systems are free of malware infections. One of the scanners I have always recommended is, Trend Micro’s HouseCall.

Cyber-criminals, not satisfied with exploiting installable malware scanners, are now trying to exploit Trend Micro’s free online scanner HouseCall. The uninformed Internet user is, once again, the primary target of these cyber-criminals.

According to  Trend Micro, a surfer using a search engine such as Google, with a search string such as, “free online virus scan by Trend Micro”, can end up on a spoofed version of  HouseCall by clicking the link returned by Google. Not surprisingly, the spoofed site informs users their computers are infected with malware, and then teases them to purchase a fake anti-virus application in order to remove the fake threat.

Regular visitors to this site are aware of the substantial threat posed by rogue security application. For more information on this issue, checkout “ Rogue Security Software on the Rise – What You Need to Know Now!” on this site.

Trend Micro advises all users to go to their website home page directly for product information and services, instead of clicking on links to individual pages brought up by search engines. This advice should, in fact, be followed for all searches.

5 Comments

Filed under Don't Get Hacked, Interconnectivity, internet scams, Malware Advisories, Online Safety, Online Spyware/Virus Scanners, Rogue Software, Safe Surfing, Spyware - Adware Protection, System Security

Catch the Bad Bots with Free RUBotted from Trend Micro

Bots, an abbreviation of “robots”, are good. Then again, Bots are bad. So which one of those statements is correct? In fact, both are correct – there are good Bots, and there are bad Bots.

Technology, in most cases, is neutral – it’s how we implement technology that establishes its value, and impacts any ethical questions that surrounds its use.

Good Bots include special software such as search engine spiders used by companies like Google, Yahoo and others to find links and content on the Internet. The Internet would not be, and could not be, the Internet we have come to know, and depend on, without these specialized Bots.

Bad or malicious Bots, in contrast, are designed to infiltrate computer systems with the objective of “herding”, or consolidating, systems into so called “Botnets”, whose primary aim is to create a network of compromised computers such as the infamous Storm Botnet (a P2P network), which according to many experts had the power of a supercomputer.

The power of the Storm Botnet was such, that it was responsible for 20 per cent of all spam email sent in the first quarter of 2008.

Many security experts believe that Botnets are responsible for approximately 75 per cent of all spam currently in circulation. Heavily promoted products on all of these Botnets tend to be male enlargement drugs, replica watches and sexually explicit material.

The strategy employed by the owners of these Botnets is particular ingenious, since there’s a strategic crossover with the products being promoted by all five of these Botnets.

Frighteningly it is accurate to say that these Botnets are getting increasingly larger every day. According to the U.S. Federal Bureau of Investigation, there are at least 1 million Botnetted computers in the U.S.

Worse, some security firms estimate that currently there are as many as 10 million Botnetted machines worldwide. In fact, some researchers believe that this may just be the part of the iceberg we can see above the waterline.

Not surprisingly such large numbers of infected machines have produced some of the most powerful networked computer systems in the world. It seems sensible to predict, that malware and phishing attacks from these Botnets can be expected to increase in frequency.

For your own benefit, it’s obviously important to keep your computer from becoming infected and becoming a part of this problem. Perhaps it’s less obvious that we all share a responsibly to help protect other computer users on the Internet from becoming infected.

The way to do that is to ensure that you are part of the solution; not part of the problem created by running an unsecured machine, (which means installing as many levels of protection as possible), or by engaging in unsafe surfing practices.

To help you keep your computer from being herded into a Botnet, Trend Micro has released a beta of RUBotted, a small program that watches for incoming Bot related traffic, which is worth considering adding to your security toolbox.

Fast facts:

Trend Micro RUBotted (Beta) is a small program that runs on your computer, watching for Bot related activities. RUBotted intelligently monitors your computer’s system behavior for activities that are potentially harmful to both your computer and other people’s computers.

RUBotted monitors for remote command and control (C&C) commands sent from a Bot-herder to control your computer. Additionally, RUBotted watches for an array of potentially malicious Bot-related activities, including mass mailing – a common activity performed by a Bot-infected computer.

RUBotted co-exists with your existing AV software, providing advanced Bot specific behavior monitoring. RUBotted does not rely on frequent, network intensive updates to ensure your computer’s continued protection.

Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

Operating System requirements:

Windows 2000 Professional (Latest Service Pack Installed)

Windows XP Professional or Home Edition (Latest Service Pack Installed)

Windows 2003 Server (Latest Service Pack Installed)

Windows Vista (32 Bit with Latest Service Pack Installed)

Note from Trend Micro: RUBotted cannot protect computers running Panda Internet Security 2008.

Download at: Trend Micro

26 Comments

Filed under Anti-Malware Tools, bots, Don't Get Hacked, Free Security Programs, Freeware, Geek Software and Tools, Interconnectivity, Online Safety, Software, Spyware - Adware Protection, System File Protection, System Security, Windows Tips and Tools

Free Botnet Protection – Trend Micro’s RUBotted

It is becoming increasingly clear that at the current rate of growth in malware in circulation and under development, computer operating systems and applications will continue to be compromised at an ever increasing rate.

According to Panda Labs, Panda Security’s laboratory for detecting and analyzing malware, it has received and analyzed an average of more than 3,000 new strains of malware every day, over the course of the last year. In their view, this represents a malware epidemic. It would be difficult to argue with that assessment.

In terms of percentages, according to Panda, the number of new examples of malware appearing in 2007 increased 800% with respect to 2006 which, in turn, witnessed an increase of 172% over the previous year.

With the increase in user participation on MySpace, FaceBook, and other social networking sites, the installation of malware, based on social engineering, seems poised for a major increase in activity.

Essentially then, it’s up to individuals to keep up as best they can; which means installing as many levels of protection as possible.

Trend Micro has released a beta of RUBotted, a small program that watches for incoming bot related traffic which is worth considering adding to your security toolbox.

From TrendSecure

Trend Micro RUBotted (Beta) is a small program that runs on your computer, watching for bot related activities. RUBotted intelligently monitors your computer’s system behavior for activities that are potentially harmful to both your computer and other people’s computers.

RUBotted monitors for remote command and control (C&C) commands sent from a bot-herder to control your computer. Additionally, RUBotted watches for an array of potentially malicious bot-related activities, including mass mailing – a common activity performed by a bot-infected computer.

RUBotted co-exists with your existing AV software, providing advanced bot specific behavior monitoring. RUBotted does not rely on frequent, network intensive updates to ensure your computer’s continued protection.

Operating Systems:

Windows 2000 Professional (Latest Service Pack Installed)

Windows XP Professional or Home Edition (Latest Service Pack Installed)

Windows 2003 Server (Latest Service Pack Installed)

Windows Vista (32 Bit with Latest Service Pack Installed)

Download at: Trend Micro

For another view describing how we got to be in danger from Botnets read TechPaul’s – Modern Nightmare

10 Comments

Filed under Anti-Malware Tools, Beta Software, Free Security Programs, Freeware, Geek Software and Tools, Interconnectivity, Internet Safety Tools, Online Safety, Spyware - Adware Protection, System Security, Windows Tips and Tools

Stop the Bot! – Protect Your Computer Free- Install RUBotted

It is becoming increasingly clear that at the current rate of growth in malware in circulation and under development, computer operating systems and applications will continue to be compromised at an ever increasing rate.

According to Panda Labs, Panda Security’s laboratory for detecting and analyzing malware, it has received and analyzed an average of more than 3,000 new strains of malware every day, over the course of the last year. In their view, this represents a malware epidemic. It would be difficult to argue with that assessment.

In terms of percentages, according to Panda, the number of new examples of malware appearing in 2007 increased 800% with respect to 2006 which, in turn, witnessed an increase of 172% over the previous year.

With the increase in user participation on MySpace, FaceBook, and other social networking sites, the installation of malware, based on social engineering, seems poised for a major increase in activity.

Essentially then, it’s up to individuals to keep up as best they can; which means installing as many levels of protection as possible.

Trend Micro has released a beta of RUBotted, a small program that watches for incoming bot related traffic which is worth considering adding to your security toolbox.

From TrendSecure

Trend Micro RUBotted (Beta) is a small program that runs on your computer, watching for bot related activities. RUBotted intelligently monitors your computer’s system behavior for activities that are potentially harmful to both your computer and other people’s computers.

RUBotted monitors for remote command and control (C&C) commands sent from a bot-herder to control your computer. Additionally, RUBotted watches for an array of potentially malicious bot-related activities, including mass mailing – a common activity performed by a bot-infected computer.

RUBotted co-exists with your existing AV software, providing advanced bot specific behavior monitoring. RUBotted does not rely on frequent, network intensive updates to ensure your computer’s continued protection.

Operating Systems:

· Windows 2000 Professional (Latest Service Pack Installed)

· Windows XP Professional or Home Edition (Latest Service Pack Installed)

· Windows 2003 Server (Latest Service Pack Installed)

· Windows Vista (32 Bit with Latest Service Pack Installed)

Download at: Trend Micro

Share this post :

1 Comment

Filed under Anti-Malware Tools, Beta Software, Freeware, Interconnectivity, Internet Safety, Internet Safety Tools, Online Safety, Phishing, Safe Surfing, Software, System Security, System Utilities, Utilities, Windows Tips and Tools