Print
E-mail
Worms, Like Conficker, Could Infect Your Computer And Steal From You
The Helpful Neighbor
By Ray Wilson, For The Bulletin
Question: “I have recently purchased a new laptop with Vista Home Premium installed. Is the ‘run command’ available on this system?” Answer: Yes! It is there! Right click on the desktop, click Personalization, in the lower left corner, click Task Bar and Menu, click Start Menu, click Customize, scroll down until you come to Printers, click Run Command, OK your way out and restart the computer. Click Start and you will see it right across from All Programs.
This week, we start with Malware. Not just ordinary Malware, but downright nasty programming that can actually take over your computer. A common tactic is to prevent the infected computer from getting to the Web sites of the security companies. These Web blocks prevent you from getting help to clear out the blockage. The biggest problem facing us today is — what else? — the “Conficker Worm” and its companions. Whoever is controlling this infection is leaving nothing to our imagination. We knew its controllers would not be satisfied unless their worm, et al, could support itself. It now installs a rogue application named “SpywareProtect2009” on infected computers. Acting like a good guy, this rogue offers to clear the PC of infections for $49.95. And how do they get the money? From your credit card! If that is not a double-edged sword, I have never seen one.
It has been recently updated, and part of the update is its demise after May 3. However, how long after May 3 was not mentioned — just a little more shrewdness.
To date, Conficker, with its friends and relatives, has infected at least 12 million computers, the most dangerous and destructive Internet Transmitted Disease ever. In all I have read of this worm, it is being referred to as an actual being. All credit and discredit is being awarded to it. Let’s not lose sight of the fact that some warm-blooded humanoids are writing, producing and directing this whole sordid affair. It is their message; the worm is the messenger.
My associate drew my attention to a 13-page horror story told by one man and his plight with this worm. The biggest problem is the erratic behavior there is always something else to try to get rid of it. This is the absolute worst infection that I have ever witnessed. Now here is a kissin’ cousin, “Mebroot.” Born around December 2007, it hides deep in the operating system using a well-known technique to stay in hiding (Rootkit?). When it hits, it goes for the jugular — Master Boot Record (MBR). This is the first code a computer looks for when booting the operating system. It is using a very sophisticated system to remain in hiding. If a hacker has control of the MBR, your whole system is at their disposal. I have conjectured that a System Restore Point could take you back to a previous time before the infection. But with the behavior of this ITD, that may not be possible. I thought that perhaps PREVX 3.0, which specializes in Rootkit removal, would help, but the general consensus of opinion is prevention! Hey! Do you have a good firewall and anti-virus? (Remember — only one of each.) Do you have a full backup? Do you have a system disk? Do you have a lot of time and patience? If you answer “no” to any one of these questions, you could be vulnerable and may be set up for a full System Reinstall. Not a very happy alternative.
The Internet has caused a lot of honest people to enfold criminal activity. People have lost their employment by attempting to enhance their bank accounts at their employers’ expense. The next move is to join the ranks of those who are using the Web as a personal “piggy bank.” People will do anything for money, especially for their survival and the survival of their family. However, I would rather not be a benefactor.
We must be aware of the operation of our computers and be tuned in should any, even the slightest, changes become evident. You may not get the Conficker itself, but you could have Bots implanted in your machine. Anything of this consequence should be removed posthaste. How can this infection, or any infection, be removed? Finding and getting rid of an ITD is a very trying experience — try this and try that! There is no pat answer or solution. It all depends on what type of infection has wormed its way in. Unless you are sure of what you are doing, it is best to seek knowledgeable help.
The Saga of XP continues! Microsoft, in the kindness of their pea-pickin hearts, will allow OEMs to sell new PCs for six months after the official launch of Windows 7 (a date that MS calls “General Availability”) with the XP Professional operating system. To qualify, the machines must include media for Vista Business or Vista Ultimate, the two editions that provide downgrade rights. Downgrade means simply, “Manufacturers can replace the current operating system with an older edition without having to purchase another license. Any advertising by the OEMs must “feature the Windows system version that is pre-installed on the system. Example: ‘Microsoft Windows XP Professional [available through downgrade rights from Windows Vista Business]’ would meet the requirement.” Though a copy of Vista will be included, the Vista logo may not be used. I told you they had a heart! They just can’t make up their cotton-pickin’ minds! XP is still alive! And this is no April Fools’ joke! But, it only lasts through April 2010. (Yawn!)
So, there you are! You have all of the necessary safety and security programs. You are set for automatic updates and, right in the middle of a solitaire game, a message pops up asking you if you want to reboot now or wait until later. You click later and, in 10 minutes, it is back again as you put the red queen on the black king. You surely cannot stop now. So, what to do? Go to the command line and enter “net stop wuauserv” (no quotes). The next time you restart, it will reset. You have won your solitaire game and can get on with your life.
Remember the time you wanted to express a command only to get the message “you have to have administrator privilege”? If you are working through the command line, click run, in the run box type “cmd” (no quotes) then click Ctrl+Shift+Enter. The black command box will appear designating you as administrator, with the blinking cursor awaiting your next command.
Microsoft Services: Have you ventured into this area yet? It does take a bit of time and concentration, but it pays off in the long run. Adjusting what services are necessary and how they should be set can have a definite decrease in startup time. This will not be a drastic decrease since there are many other abnormalities that are involved. Go to www.blackviper.com and choose from XP, Vista or Windows 7 services lists. Then navigate to Control Panel, Administrative Tools and click Services. Click Standard for a full view.
Malware: I have had several inquiries as to the derivation of this word. It is part of “MALicious” and “softWARE.” Microsoft has a very good program for seeking “Malware” titled “Malicious Software Remover.” It is unique in that it never updates but, during its use, you will get a message that a new version is available. You get that at the same place you get it now — Microsoft downloads, or put it in your search engine. Even though this is a Microsoft product, it is free and it works!
April is paint-up, cleanup and fix-up month. So, get a can of black, ripple finish, spray paint and take your PC in the backyard and spruce it up. Or maybe just leave it where it is and wipe it down with a damp cloth. That may do for the outside — but what about the inside? If you have had your computer six months or more, there is an accumulation of dust on the vanes of the cooling fans that can slow them down and cause your machine to heat up. That and static electricity can ignominiously shut your machine down and — no doubt — at the worst time. This can be the most valuable 15 minutes you will ever spend to protect your computer. An e-mail to RJWhelpful4u@aol.com with the subject dust will get you a copy of the full instructions.
Are you also wondering what in the world Twitter is? Here is the way Wiki tells it: “Twitter is a free social networking and micro-blogging service that enables its users to send and read other users’ updates known as tweets. Tweets are text-based posts of up to 140 characters in length which are displayed on the user’s profile page and delivered to other users who have subscribed to them (known as followers). Senders can restrict delivery to those in their circle of friends or, by default, allow anybody to access them. Users can send and receive tweets via the Twitter Web site, or applications such as Tweetie, Twitterrific, Twitterfon, TweetDeck and feedalizr. The service is free to use over the Internet.” I know you are just enthralled with this information. Now, now! What ever happened to chat rooms?
Twitter in trouble: At 2 a.m. one morning, four accounts were created on Twitter that began spreading a worm. The worm was named “StalkDaily” and who else but a 17-year-old created it, and Michael Mooney accepted full responsibility. It caused a general mess and, when it was all over, they had deleted almost 10,000 “tweets” that could have continued to spread the worm. So, what was his reward? He was hired by a software company … TRUE!
While I have your attention, I have come across some more interesting news of a worm that can cause serious problems with homebound modems and routers. Granted, some routers are equipped with ITD repellents but not fully efficient. More on this as it develops. Do you feel all creepy and oozie hearing about all of these worms? Remember, I am only the messenger.
Office 2007: Her it comes! Service Pack 2 will be out next week.
Patches: Did you get the patches last Tuesday? Just in case, check to see that you received all 10 covering 23 vulnerabilities.
Background: It has been a while since this problem was broached. It was brought to my attention by a question from a reader who was having intermittent problems. In fact, there were times when the machine would stop for several minutes and mysteriously re-start and keep running. This is not something that can be diagnosed without a good bit of investigation. After a while, and with the information gathered, I took a shot at background interference. Sure enough, there were four programs set for automatic update and one on constant surveillance. I had them run The Ultimate Troubleshooter (TUT), which picked out the rascals that were messing things up. There are other reasons for this behavior, but background interference is the most logical.
Old PC: Do you have an old PC just lying around catching dust? You could be sitting on a few bucks. Check out eBay to see what used computers comparable to yours are bringing. Until next time, stay well and hold good thoughts.
Ray Wilson was raised in Upper Darby and has lived in Chester County since 1973. He has over 48 years experience in computing and he has been testing virus and Spyware programs for the last five years. His “The Helpful Neighbor” column will appear once a week in The Bulletin. He can be reached at RJWhelpful4u@aol.com.
This week, we start with Malware. Not just ordinary Malware, but downright nasty programming that can actually take over your computer. A common tactic is to prevent the infected computer from getting to the Web sites of the security companies. These Web blocks prevent you from getting help to clear out the blockage. The biggest problem facing us today is — what else? — the “Conficker Worm” and its companions. Whoever is controlling this infection is leaving nothing to our imagination. We knew its controllers would not be satisfied unless their worm, et al, could support itself. It now installs a rogue application named “SpywareProtect2009” on infected computers. Acting like a good guy, this rogue offers to clear the PC of infections for $49.95. And how do they get the money? From your credit card! If that is not a double-edged sword, I have never seen one.
It has been recently updated, and part of the update is its demise after May 3. However, how long after May 3 was not mentioned — just a little more shrewdness.
To date, Conficker, with its friends and relatives, has infected at least 12 million computers, the most dangerous and destructive Internet Transmitted Disease ever. In all I have read of this worm, it is being referred to as an actual being. All credit and discredit is being awarded to it. Let’s not lose sight of the fact that some warm-blooded humanoids are writing, producing and directing this whole sordid affair. It is their message; the worm is the messenger.
My associate drew my attention to a 13-page horror story told by one man and his plight with this worm. The biggest problem is the erratic behavior there is always something else to try to get rid of it. This is the absolute worst infection that I have ever witnessed. Now here is a kissin’ cousin, “Mebroot.” Born around December 2007, it hides deep in the operating system using a well-known technique to stay in hiding (Rootkit?). When it hits, it goes for the jugular — Master Boot Record (MBR). This is the first code a computer looks for when booting the operating system. It is using a very sophisticated system to remain in hiding. If a hacker has control of the MBR, your whole system is at their disposal. I have conjectured that a System Restore Point could take you back to a previous time before the infection. But with the behavior of this ITD, that may not be possible. I thought that perhaps PREVX 3.0, which specializes in Rootkit removal, would help, but the general consensus of opinion is prevention! Hey! Do you have a good firewall and anti-virus? (Remember — only one of each.) Do you have a full backup? Do you have a system disk? Do you have a lot of time and patience? If you answer “no” to any one of these questions, you could be vulnerable and may be set up for a full System Reinstall. Not a very happy alternative.
The Internet has caused a lot of honest people to enfold criminal activity. People have lost their employment by attempting to enhance their bank accounts at their employers’ expense. The next move is to join the ranks of those who are using the Web as a personal “piggy bank.” People will do anything for money, especially for their survival and the survival of their family. However, I would rather not be a benefactor.
We must be aware of the operation of our computers and be tuned in should any, even the slightest, changes become evident. You may not get the Conficker itself, but you could have Bots implanted in your machine. Anything of this consequence should be removed posthaste. How can this infection, or any infection, be removed? Finding and getting rid of an ITD is a very trying experience — try this and try that! There is no pat answer or solution. It all depends on what type of infection has wormed its way in. Unless you are sure of what you are doing, it is best to seek knowledgeable help.
The Saga of XP continues! Microsoft, in the kindness of their pea-pickin hearts, will allow OEMs to sell new PCs for six months after the official launch of Windows 7 (a date that MS calls “General Availability”) with the XP Professional operating system. To qualify, the machines must include media for Vista Business or Vista Ultimate, the two editions that provide downgrade rights. Downgrade means simply, “Manufacturers can replace the current operating system with an older edition without having to purchase another license. Any advertising by the OEMs must “feature the Windows system version that is pre-installed on the system. Example: ‘Microsoft Windows XP Professional [available through downgrade rights from Windows Vista Business]’ would meet the requirement.” Though a copy of Vista will be included, the Vista logo may not be used. I told you they had a heart! They just can’t make up their cotton-pickin’ minds! XP is still alive! And this is no April Fools’ joke! But, it only lasts through April 2010. (Yawn!)
So, there you are! You have all of the necessary safety and security programs. You are set for automatic updates and, right in the middle of a solitaire game, a message pops up asking you if you want to reboot now or wait until later. You click later and, in 10 minutes, it is back again as you put the red queen on the black king. You surely cannot stop now. So, what to do? Go to the command line and enter “net stop wuauserv” (no quotes). The next time you restart, it will reset. You have won your solitaire game and can get on with your life.
Remember the time you wanted to express a command only to get the message “you have to have administrator privilege”? If you are working through the command line, click run, in the run box type “cmd” (no quotes) then click Ctrl+Shift+Enter. The black command box will appear designating you as administrator, with the blinking cursor awaiting your next command.
Microsoft Services: Have you ventured into this area yet? It does take a bit of time and concentration, but it pays off in the long run. Adjusting what services are necessary and how they should be set can have a definite decrease in startup time. This will not be a drastic decrease since there are many other abnormalities that are involved. Go to www.blackviper.com and choose from XP, Vista or Windows 7 services lists. Then navigate to Control Panel, Administrative Tools and click Services. Click Standard for a full view.
Malware: I have had several inquiries as to the derivation of this word. It is part of “MALicious” and “softWARE.” Microsoft has a very good program for seeking “Malware” titled “Malicious Software Remover.” It is unique in that it never updates but, during its use, you will get a message that a new version is available. You get that at the same place you get it now — Microsoft downloads, or put it in your search engine. Even though this is a Microsoft product, it is free and it works!
April is paint-up, cleanup and fix-up month. So, get a can of black, ripple finish, spray paint and take your PC in the backyard and spruce it up. Or maybe just leave it where it is and wipe it down with a damp cloth. That may do for the outside — but what about the inside? If you have had your computer six months or more, there is an accumulation of dust on the vanes of the cooling fans that can slow them down and cause your machine to heat up. That and static electricity can ignominiously shut your machine down and — no doubt — at the worst time. This can be the most valuable 15 minutes you will ever spend to protect your computer. An e-mail to RJWhelpful4u@aol.com with the subject dust will get you a copy of the full instructions.
Are you also wondering what in the world Twitter is? Here is the way Wiki tells it: “Twitter is a free social networking and micro-blogging service that enables its users to send and read other users’ updates known as tweets. Tweets are text-based posts of up to 140 characters in length which are displayed on the user’s profile page and delivered to other users who have subscribed to them (known as followers). Senders can restrict delivery to those in their circle of friends or, by default, allow anybody to access them. Users can send and receive tweets via the Twitter Web site, or applications such as Tweetie, Twitterrific, Twitterfon, TweetDeck and feedalizr. The service is free to use over the Internet.” I know you are just enthralled with this information. Now, now! What ever happened to chat rooms?
Twitter in trouble: At 2 a.m. one morning, four accounts were created on Twitter that began spreading a worm. The worm was named “StalkDaily” and who else but a 17-year-old created it, and Michael Mooney accepted full responsibility. It caused a general mess and, when it was all over, they had deleted almost 10,000 “tweets” that could have continued to spread the worm. So, what was his reward? He was hired by a software company … TRUE!
While I have your attention, I have come across some more interesting news of a worm that can cause serious problems with homebound modems and routers. Granted, some routers are equipped with ITD repellents but not fully efficient. More on this as it develops. Do you feel all creepy and oozie hearing about all of these worms? Remember, I am only the messenger.
Office 2007: Her it comes! Service Pack 2 will be out next week.
Patches: Did you get the patches last Tuesday? Just in case, check to see that you received all 10 covering 23 vulnerabilities.
Background: It has been a while since this problem was broached. It was brought to my attention by a question from a reader who was having intermittent problems. In fact, there were times when the machine would stop for several minutes and mysteriously re-start and keep running. This is not something that can be diagnosed without a good bit of investigation. After a while, and with the information gathered, I took a shot at background interference. Sure enough, there were four programs set for automatic update and one on constant surveillance. I had them run The Ultimate Troubleshooter (TUT), which picked out the rascals that were messing things up. There are other reasons for this behavior, but background interference is the most logical.
Old PC: Do you have an old PC just lying around catching dust? You could be sitting on a few bucks. Check out eBay to see what used computers comparable to yours are bringing. Until next time, stay well and hold good thoughts.
Ray Wilson was raised in Upper Darby and has lived in Chester County since 1973. He has over 48 years experience in computing and he has been testing virus and Spyware programs for the last five years. His “The Helpful Neighbor” column will appear once a week in The Bulletin. He can be reached at RJWhelpful4u@aol.com.
 |
||
| The Apologists For Thugs And Dictators |
Reader Comments
The following are comments from the readers. In no way do they represent the view of thebulletin.us.
You must register with a valid email to post comments. Only your Member ID will be posted with the comments.
Registered users sign in here: |
Become a Registered User |
