So you think you have a Virus?

I would imagine you’ve come here looking for help in removing said virus? Perfect, because that’s exactly what I intend to help you do! I get this question many times a week and through literally years of trial and error there are some tricks I’ve learned that I’m very happy to share.

Step 1: A good defense is the best offense (yes, I know that’s backwards). I’m hesitant to just throw out numbers without any backup, but its my guess that 99.999% of viruses are self induced. Meaning you did something stupid to get it in the first place. UPS doesn’t send emails out with tracking numbers in a Zip file, your bank won’t ask you for your account information and P2P networks are more filth ridden than “K” street. If you do have anti-virus, know what its called and what its logo looks like. I’ve seen websites pop-up boxes claiming to be your anti-virus program trick people into downloading a virus and actually installing it under the guise of being an “update for your anti-virus”. In summary, be wary, if your not sure about something, stop and find somebody who does know.

Step 2: Get a safety net. Anti-virus programs have sorely disappointed me for years now, which is why I don’t consider it protection. Your anti-virus is nothing but a safety net, if you make a mistake the hope is that your anti-virus will catch you before you hit the ground. But just like a trapeze artist, if you don’t keep your anti-virus in good working order your asking for tragedy. Make sure you know how to update your software and if its sitting down there blinking at you, pay attention. Now is a good time though to re-iterate step 1: If you have “AVG Anti-Virus Free” (my personal recommendation) and a box pops up called “AntiVirus 2010″ telling you there is an update, ignore it, its a trick to get you to do something stupid.

Step 3: Banish the demon. So you boldly ignored step one, lapsed on step 2 and now you’ve got some gremlin inside your computer running a muck. Let me give you some tricks to try to get ride of the thing. Obviously I can’t lay out step-by-step instructions, there are simply too many types of infections and no one way to go about removal. GENERALLY the first thing to do is download and install “Malwarebytes Anti-Malware“. The name is a mouthful, but the software is free, easy to use and has a very good success rate. Just install the program, make sure you update it fully and run a full scan. Typically a full scan takes an hour or more, so go make a sandwich. When its done, click on ‘Show Results’ to see what it found, and don’t forget to click ‘Remove Selected’ to actually remove the infections. Very likely, you’ll have to restart your computer to finish the removal. Even if Malwarebytes doesn’t tell you to, do it anyway and then run another full scan, rinse and repeat until nothing shows up when you do the scan. If the same things keep showing up then you’ll probably want to skip to step 4.

Sometimes though, installing and/or running Malwarebytes is tricky. Below are some things to try (in order of ease to execute) to get the program installed.

• Rename the installer and/or the program (mbam.exe) to iexplorer.exe and try it again.
• Log in to the computer with a different user and try again.
• Start the computer in safe-mode (without networking if you can) and try again.
• If you are comfy at a command prompt, safe-mode with command prompt can be handy since explorer.exe never gets executed and can often mean that the viruses core never gets loaded.
• For advanced users only, check HKLM>Software>Microsoft>Windows>Current Version>Run for suspicious entries, delete them, restart and try again.

Step 4: Psalm 23. If you’ve run Malwarebytes over and over only to have the same viruses pop up then really your best choice is to make a backup of your data, format your computer and start over. This was the hardest lesson to learn for me, I don’t like to give up on something but frankly, there comes a point where you have to pull out the big guns and drop a nuke on civilization to get rid of a problem. If you have me come over (professionally or as a friend) to remove a virus, I’m going to spend not much more than an hour trying to get Malwarebytes to install and run, and If a virus isn’t gone in two scans I’ll ask you to backup your data. Its not worth anybody’s time to screw around with.

So that’s it folks, my 4-step virus protection and elimination plan. The goal is to never get to step 3, but if your reading this you’re probably already at step 4. My condolences.

Until next week!

Greylisting

So one of my clients showed me some rejected mail she got when trying to send to a user whom she knew she had the right email address for.

The return mail was a “451 4.7.1 message delayed” error and had a link for http://greylisting.org. So I went to check it out thinking we were on some sort of deny list (IE, a blacklist).

Turns out, greylisting.org’s policy is to deay/block ALL incomming mail the first time from any source. They rely on the user trying a second time to allow the message through … I’m not making this up:

What happen is that each time a given mailbox receives an email from an unknown contact (ip), that mail is rejected with a “try again later”-message (This happens at the SMTP layer and is transparent to the end user). This, in the short run, means that all mail gets delayed at least until the sender tries again.

What the fuck? This is ludacris. If things keep going this direction then SMTP is due to become a proverbial paperweight, and we’ll go back to the days of faxes and carrier pidgens.

Furthermore, whoever came up with his “greylist” idea needs to be drug out into the street, shot in each join and told to walk to a hospital, where they’ll be rejected the first time and have to try again later.

May God have mercy on the soul of the internet.

Virus Hoopla thanks to Conficker and CBS News

“OMG! Did you hear about that April Fools Day anti virus, Conficker. Am I protected from that?” I’ve heard this question or something like it at least a dozen times today and my answer was the same every time. What have YOU done to protect yourself.

Let me start by saying from what I’ve seen, the conficker virus that was featured in a CBS news story today is no better or worse than the rest of the virus’ that have been around infecting computers for the past 5 years. For those who missed the news, conficker is a worm that will turn your computer into a zombie, doing more or less whatever its creator wants it to do, usually send out spam.

While I admit I am not a typical computer user, I don’t think its all to hard to avoid these problems with some simple common sense and a little thought about what you are doing and what you expect your computer to do in response. And before anybody makes any comment about Apple computers being “immune” to viruses, save your breath. You are not immune either so pay attention.

First, and this is so obvious I hate to put it to paper, but get an anti virus program. If you are a home user (IE, your computer is in your house) then you have some free options at your disposal. To keep things simple, I generally only recommend AVG Anti-Virus Free Edition. It is far and away the most popular of the free anti virus applications. It is a simple, but thorough anti virus application, exactly what you need in your home. And unless you still use Dial-Up Internet any modern broadband Internet uses a service called NAT and a network masquerading that keeps your computer hidden on the Internet like a firewall would.

If your a corporate user, chances are you already have anti-virus on your computer, and a full hardware firewall and if you don’t you should call your IT department to ask them what they are getting paid for. Don’t have a support department? Find a local consultant group (like Airtop) that can get you on track.

So that covers the first base, but is probably the least important part. The next portion of safe computing is all about you, and your computer habits. I don’t mean to say you have to be paranoid all the time, but pay attention to whats going on. One of the more mischievous tricks I’ve seen lately (related to the Vundo virus) creates a web site that mimics a scan of your computer (it’s basically a pre-recorded video) telling you that you have some number of viruses and should download their “free anti virus software” to get rid of them. In this case, the program it wants your to download IS THE VIRUS. If you just pause and think about what you are doing before you panic you likely will realize that on your own. You should get to know your anti virus program. Know what its called so that when a window pops up and claims you have a virus, you know if its legitimate or a farce.

While “think before you click” more or less covers everything I want to point out that there is one area of the dark underbelly of computing that nobody talks about but nearly everybody knows about. Peer to Peer sharing is a means of sharing data between multiple people anonymously and is synonymous with applications like Napster, Limewire, Bearshare and others. This is a lurking beast in the peer to peer system though. If you have one of these programs just un-install it. There is little you can do with it that’s legal anyway, and likely nothing you’ve done with it was such. But the bigger problem is that its full of more viruses than a Chicago alley of hookers and crack addicts. If you do a search for anything, you’ll notice that nearly immediately you get 5 or so results with names that match what you searched for (go ahead and try it, I’ll wait). I would venture to guess that every one of those initial results is a virus with a name that’s dynamically created to match your search results in the hope you download it. But even the results that take longer can, and often are, viruses that people have knowingly, or unknowingly downloaded and now are sharing out into the P2P networks. Coupled with the legal implications of using the P2P networks with the higher than normal chance of doing something dumb just make theses programs a cesspit that I personally want no part of.

If you think you already have a virus or you know you do I typically use the trial version of a tool called Malwarebytes Anti-Malware to do a full scan of the machine for anything and everything unwanted. As soon as the scan is done, and you’ve removed anything that was there, you still need to install an active anti virus program like I recommended above.

In summary, get anti virus software and think before you click. I remove viruses from clients computers on an almost daily basis and nearly every time they either didn’t have any software to protect them and/or they did something they realized was dumb when it was to late to go back. Finally, don’t let old ladies on CBS scare you away from using your computer. Its a machine like your car, take care of it and it’ll serve you reliably for a long time.

My basic Debian install

The first in what will hopefully be a series of articles disusing software choices, configurations and setup instructions to create a basic small business server in Linux. The plan, in the end is to have a server that can perform all the basic functionality that any small business might need. Things like email, file shares, disaster recovery, printer sharing and even a proxy server with logging. The most challenging part of the build will be making it transparent to the end-user that this isn’t a Windows domain.

Read more

Windows 7 – First Impressions

So a few days ago the Windows 7 beta went public. If you haven’t gone and dowloaded your copy I suggest you do it now even I’d you are not planning to install it right away. From what I hear there may be a limit to the number of keys microsoft is planning to give out.

I’ve installed it on both my laptop as a fresh install and on my media center of as an upgrade to vista ultimate. And at first glance it looks like miceosoft could box and ship it how it is, and they probably could. I am sure that a lot if the code is taken from vista and simply refined.

Read more

Remove a stuck print job in Windows

I have often recived a call, or gone out to a site where there is a print job stuck in the print que on the server that is holing up everything. You can try to cancel the job at the printer, or at the server. You’ve tried to restart the server and restart the printer but the print job just sits there staring at you the whole time. While not quite as bad as upsetting as the famed “PC LOAD LETTER” error it can still make you want to chuck your printer and/or computer off the roof.

So how do you purge the vexing print que? Its actually easier than you might think. It only takes three lines typed in to your command prompt (you can do it through the Windows GUI too, but its easier this way).

Read more

Blackberry Curve Titanium on its way

I know what your thinking. Kyle… why the hell are you buying a new phone when you’ve just lost your job. Well, if I didn’t have to, I wouldn’t. But I don’t actually own a cell phone, nor have I had to pay for service for quite some time. EDC owns the phone, and paid for the service and along with my termination, comes the termination of my benefits.

So why a blackberry curve? Quite simply because it was the cheapest phone I could get that would still allow me to send/receive email and do the general PDA functions that I’ve found are invaluable when your out on the road with different clients all day.

I should be getting the phone hopefully by the end of the week. I’ll have a new phone number, as it was the only way to get a free phone with a new plan. When I get the number I’ll let everybody know. If I miss you, just post a reply and I’ll give you a call/email.

Securing the WCG200 Router

When you are being chased by a lion, you do not have to out run the lion, you need only to out run the antelope in front of you.

I’m sure you’ve heard a joke similar to this at some point in your life, and I think its a good synonym to security (in all facets, not just computers). Your goal, when trying to secure something, is to make so the would-be thief, or hacker decide you are not the easiest target, and move on to an easier one.

Read more