Pc or laptop problems? We can help!

Scareware updates

2009-12-02T12:12:00.003-07:00

Here are some more scareware updates. These all look similar and act similar but they have different "names".

AntiAdd is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When this Trojan is installed it will download and install AntiAdd onto your computer and then configure it to start automatically. This same Trojan will also create numerous files in the on your computer with random filenames that are then detected as malware when AntiAdd scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program detects the files it created in the first place in order to trick you into thinking there are actual malware on your computer. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

The Trojan that installed AntiAdd will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase AntiAdd to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.

KeepCop is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When a user runs the Trojan it will download and install KeepCop onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when KeepCop scans your computer. The program, though, will then state it will not remove these files until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

The Trojan that installed KeepCop will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase KeepCop to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.

REAnti is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When this Trojan is installed it will download and install REAnti onto your computer and then configure it to start automatically. This same Trojan will also create numerous files in the on your computer with random filenames that are then detected as malware when REAnti scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program detects the files it created in the first place in order to trick you into thinking there are actual malware on your computer. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

The Trojan that installed REAnti will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase REAnti to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.

RESpyWare is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When this Trojan is installed it will download and install RESpyWare onto your computer and then configure it to start automatically. This same Trojan will also create numerous files in the on your computer with random filenames that are then detected as malware when RESpyWare scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program detects the files it created in the first place in order to trick you into thinking there are actual malware on your computer. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

The Trojan that installed RESpyWare will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase RESpyWare to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.

****thanks BleepingComputer.com!****

Scareware updates

2009-12-02T11:01:00.003-07:00

Additional screen shots and information on new scareware versions. Please keep in mind that these can result in serious damage to your computer as well as possible identity and banking information theft and even complete loss of control over yoru computer. If you see something similar to these pictures please call a professional as soon as possible!

Additional Guard is a rogue anti-spyware program that is promoted through the use of fake online scanner sites and misleading advertisements. When this program is installed it will be configured to start automatically. The installer will also create numerous files on your computer that will then be detected as malware by Additional Guard when it scans your computer.

While Additional Guard is running you will also see a constant barrage of fake security alerts and warnings appear on your desktop. These warnings will state that a virus has been detected or that active malware is sending data on the Internet. Just like the scan results, these fake security alerts are just another method where the program is trying to trick you into thinking that you have a security problem.

Without a doubt, Additional Guard is a scam designed to trick you into purchasing the program to remove fake infections. It goes without saying that you should not purchase this program and if you already have, we suggest you contact your credit card company to dispute the charges.

Antivir is a rogue anti-spyware program that is promoted through the use of fake online anti-malware scanners. When browsing the web you may see a pop-up that states your computer is infected and that you should run an online anti-malware program to scan your computer for infections. If you click on this pop-up you will be brought to a site that shows an advertisement that pretends to be an online anti-malware scanner. At the end of the advertisement, it will state that your computer is infected and that you should download and install Antivir to protect yourself.

When Antivir is installed it will be configured to start automatically when Windows starts. Once started it will scan your computer and list numerous infections on your computer, but will not allow you to remove them until you purchase the program. The reality is that the infections it finds are legitimate programs that should not be deleted as it may cause your computer to not run properly. Therefore, please do not purchase this program or act on any of the scan results that are show.

Eco AntiVirus 2010 is a rogue anti-spyware program that is promoted through the use of fake online anti-malware scanners. When browsing the web, you may be shown a pop-up that states that your computer has security problems and that you should click OK to run an online anti-malware scanner. When you click on the OK button, you will be brought to a page that shows an advertisement that pretends to be an online scanner, that when finished, states your computer has various infections and that you should download and install Eco Antivirus 2010 to protect your computer. It is important to remember when you see pop-ups like these, that they are advertisements and they have no way of knowing what is running on your computer.

Once Eco AntiVirus 2010 is installed on your computer, it will be configured to run automatically and scan your computer. When the scan has finished it will state that you have numerous infections, but will not allow you to remove them until you first purchase the program. These infections, though, are all fake and do not exist on your computer or are legitimate programs it is stating are infections. Therefore, please do not act on these scan results as you may be deleting valid Windows files.

This program will also install a Internet Explorer Browser Helper Object that will hijack Internet Explorer. This hijack will display messages when you browse the web that states that the particular page may be a phishing site or that your computer has a security problem. All of these alerts, like the scan results, are fake and should be ignored.

Personal Security is a rogue anti-spyware program from the same family as Cyber Security. This program is promoted through the use of malware that will install it on your computer without your permission. In order to protect itself, this program will automatically attempt to terminate security programs that may help to remove it. When installed, Personal Security will be configured to start automatically when Windows starts. Once started, it will scan your computer and display a variety of infections, but will state that it will not remove them unless you first purchase the program. In reality, the infections it finds are either fake or legitimate programs that if deleted could cause problems with the proper operation of Windows. Therefore, please do not act upon any of the files it states are infections.

Personal Security also employs numerous methods where it tries to trick you into thinking you are infected. The first method is the display of a Window that impersonates the legitimate Windows Security Center. The difference is that this fake version suggests you purchase Personal Security to protect yourself. The program will also display numerous security warnings on your computer stating that there is a security problem on the infected computer.

This program may also display a screen saver that pretends to be a Windows crash, or Blue Screen of Death, that states your computer is infected with the SPYWARE.MONSTER.FX_WILD_0x00000000 malware and that it crashed your computer. It then pretends to reboot your computer. Please remember that this is a screen saver and the crash and subsequent reboot are not real. Last, but not least, this program will hijack Internet Explorer so that it randomly displays a warning message when browsing the web.

Just like the scan results, all of these warnings messages are fake and are only being shown to scare you into thinking that there is a security problem on your computer. Therefore, please ignore these warnings.

Enterprise Suite is a rogue anti-spyware program that is promoted through the use of fake online scanner sites and misleading advertisements. When this program is installed it will be configured to start automatically. The installer will also create numerous files on your computer that will then be detected as malware by Enterprise Suite when it scans your computer.

This method of creating the files that will be detected by the same program is becoming more and more common with rogues. They do this to substantiate the existence of supposed malware files even on machines that are completely clean. Therefore, please do not believe any of the scan results presented by this program.

While Enterprise Suite is running you will also see a constant barrage of fake security alerts and warnings appear on your desktop. These warnings will state that a virus has been detected or that active malware is sending data on the Internet. Just like the scan results, these fake security alerts are just another method where the program is trying to trick you into thinking that you have a security problem.

****thanks BleepingComputer.com!****

Malware Targeting Twilight Fans

2009-11-30T10:49:00.003-07:00

PC Tools Malware Reseach Center announced that "Twilight" fans are now becoming targets of malware. the latest trick tempts movie fans by promising them they can watch the film for free, before installing malware on their computer.

Fans are being baited with a message that says they can watch the full movie "New Moon" online for free on websites, in chatrooms and on blogs. To make this scam more believeable, they are even including comments from supposed viewers which give the online viewing a raving review.

However, after clicking on the 'movie player', users are told to run a 'streamviewer' which installs malware on their computers. This is the second malware scam targeting Twilight New Moon in a week. Last week, PC Tools warned that malicious websites that claim to feature interviews with the author of the books, Stephanie Meyer, were ranking high in a number of search engines.

Instead of providing a video clip of Meyer, those visiting the site were directed to a window informing them they were infected with malware and then encouraged to download an antivirus solution to clean their PC.

Malware updates

2009-11-18T13:41:00.004-07:00

Wepromise to continue bringing you the latest updates on malware infections. Here is an update:

Enterprise Suite is a rogue anti-spyware program that is promoted through the use of fake online scanner sites and misleading advertisements. When this program is installed it will be configured to start automatically. The installer will also create numerous files on your computer that will then be detected as malware by Enterprise Suite when it scans your computer.

SecureKeeper is a rogue anti-spyware program from the Wini family. This rogue is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When a user runs the Trojan it will download and install SafeKeeper onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when SafeKeeper scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

Personal Protector is a rogue anti-spyware program that is promoted through fake online scanners and aggressive advertising. When installed, Personal Protector will be configured to start automatically. Once started it will scan your computer and state that there are a variety of infections on your computer, but will not remove them until you first purchase the program. In reality, these scan results are all fake or are legitimate programs being classified as infections. Therefore, please do not act upon any of the scan results that this program shows you as you may delete legitimate Windows files.

Control Center is a rogue computer optimization suite from the same family as Privacy Center. This program is promoted through the use of misleading web sites and fake online anti-malware scanners that state your computer has a problem. These sites will then prompt you to download and install Control Center to fix the problem on your computer. When the program is installed it will be configured to start automatically when Windows starts. Once running it will scan your computer and state that there are numerous problems with various components of Windows. If you try and see what these problems are, though, it will state that you need to purchase the program to see the results. In reality, the program is not finding any problems at all, but is just saying that they exist in order to trick you into purchasing the program.

****thanks BleepingComputer.com!****

Top Web Sites Are Spreading Malware

2009-11-13T12:46:00.004-07:00

The old addage of only going to well known websites has gone out the window! These days it seems it doesn't matter if you're looking at porn or recipes you will still probably wind up with some sort of malware or virus on your computer.

Seventy percent of the top 100 Web sites either hosted malicious content or contained a link designed to redirect site visitors to a malicious Web site during the second half of 2008, claims Websense's report State of Internet Security, Q3-Q4, 2008.

We have been educating our customers for over a year now and letting them know that their computers were being infected through malicious ADS placed on legitimate websites and now the security industry has finally caught up with us.

Ensuring that you maintain your antivirus software is simply not enough any more. Placing all your faith in antivirus software will leave you infecte with malware and spyware.

During July and August of this year, independent test lab and product analyst firm, NSS Labs conducted real-world tests of anti-virus and endpoint software suites against socially engineered, Web-based malware. And we know that's one of the most pressing, rapidly growing threats. Some counts have Web-based malware pegged as more than 50% of all malware delivered today.

The vendors tests included AVG, ESET, F-Secure, Kaspersky Labs, McAfee, Norman, Norton, Panda, and Trend Micro. The results were not very good. the lab conduced 17 days of 24x7 testing, with 59 separate test runs -- occurring every 8 hours. Each test used the most current version of the anti-malware application.

Trend Micro, only managed to stop 91 % of malware as the download to the test system was underway, as well as an additional 5.5% as it executed. That's a 96.5% success rate. The worst performer, according to NSS Lab's testing, ESET blocked only 65.4% of Web-based malware as it tried to download, and 2.5% as it tried to execute. That's a 67.9% success rate. All of the other vendors tested landed somewhere in between.

Scareware list update

2009-11-12T11:22:00.004-07:00

Here are some of the names and looks of recent scareware.

AntiMalware is a rogue application from the same family as Active Security. When this program is installed it will be configured to start automatically when you log into Windows. The installer will also attempt to uninstall anti-virus programs that it feels can potentially detect it and thus remove it. Though it displays the names of real infections, what AntiMalware is detecting does not actually exist on your computer. Therefore, do not be concerned by what the scan results of this program says.

AntiAID is a rogue anti-spyware program from the Wini family. This variant is slightly different than previous versions as the it has changed its graphical user interface, or GUI. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install AntiAID onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when AntiAID scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

SystemWarrior is a rogue anti-spyware program from the Wini family. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install SystemWarrior onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when SystemWarrior scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

The same Trojan will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase SystemWarrior to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

MaCatte Antivirus 2009 is a rogue anti-spyware program that display fake security alerts and scan results as a method to trick you into thinking you are infected. This program also attempts to emulate the legitimate McAfee anti-virus program by using a similar name and web site template. When installed, MaCatte Antivirus will be configured to start automatically when you boot up Windows. Once started, it will scan your computer and then display numerous infections, but will not remove them until you first purchase the program. The reality is that the scan results it shows are all fake and are only being shown to trick you into thinking you are infected so that you will then purchase the program. It goes without saying that you should not do this.

****thanks BleepingComputer.com!****

Scareware - list of new names

2009-10-31T11:37:00.004-06:00

We recently discovered a new resource to keep up with the new names all of the scareware are using. By scareware we mean the wonderful Antivirus 2009/2010 line of malware/spyware/viruses.

1. BlockWatcher is a rogue anti-spyware program that is promoted through the use of Trojans. These Trojans appear to be Flash updates or video codecs that are required to watch an online video. Once the Trojan is installed it will download and install BlockWatcher on to your computer. The installer will also create numerous files that will then be detected as malware when BlockWatcher scans your computer. When you try and remove the "infections" it finds in the scan results, BlockWatcher will state that you need to first purchase it before it will remove anything. This is a scam, because the "infections" that are found are harmless and cannot harm your computer.

2. Windows Enterprise Suite is a rogue that is advertised through the use of fake online anti-malware scanners. When visiting various sites you will be presented with a pop-up that states your computer is infected. If you click on the pop-up, you will be brought to a page that shows an advertisement pretending to be an online anti-malware scanner. When the advertisement is finished, it will state your computer is infected and that you should download and install Windows Enterprise Suite.When Windows Enterprise Suite is installed it will be configured to start automatically when you login to Windows. The installer will also create numerous files on your computer that will then be detected as malware when Windows Enterprise Suite scans your computer.

3. Desktop Defender 2010 is a rogue security program from the Contraviro family. When installed this program will be configured to start automatically when Windows starts and will then create fake malware files that will be detected during the program's scans. Desktop Defender 2010 will not, though, remove any files that it states are malware until you first purchase the program. DO NOT attempt to purchase or use this scareware to remove any of the "infections" because you will be sending your credit card to cyber criminals and the files in quesiton may be legitimate Windows files.

4. Volcano Security Suite is a rogue anti-spyware program from the Smart Virus Eliminator family. It advertised through the use of fake online scanner pages that show an advertisement pretending to be an anti-malware scanner. When the advertisement finishes it will state that your computer is infected and that you should download Volcano Security Suite to protect your computer. Once downloaded and installed, Volcano Security Suite will be configured to automatically scan your computer when Windows starts and will also create numerous harmless files throughout your computer.

5. Windows System Defender is a rogue anti-spyware program that uses fake malware files and false scan detections to trick you into thinking that your computer is infected. After being installed, Windows System Defender will be configured to start automatically when Windows boots. The installer will also create numerous files on your computer that will then be detected as malware when the program scans your computer. If you try to remove these supposed infections with Windows System Defender it will state that you first need to purchase the program before it will do so. DO NOT attempt to purchase this as you will be sending your credit card information to cyber criminals.

6. Conflicker.B Spam Trojan - Cyber criminals are becoming more inventive with their viruses and this is a prime example of that. This is seen with a new SPAM email that is being distributed that contains an attachment, that when run, lowers the security of Internet Explorer and installs the rogue anti-spyware program called Antivirus Pro 2010 on to your computer. This SPAM pretends to be an email from Microsoft where they state that a new version of Conficker has been released and that the included attachment, called install.zip, is a tool that can be used to scan and clean your computer of this infection. In reality this attachment is a Trojan that will harm the security of your computer. The current text of the SPAM message is:

Subject: Conflicker.B Infection Alert
Message:

Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

If you download the attachment and open the ZIP file, you will see a file called install.exe. When the install.exe file is run it will change your Internet Explorer security settings so that Internet Explorer will run files that are normally considered risky. It will also display a fake security warning in your taskbar that states Windows has detected an infection. The text of this warning is:

Your computer is infected!
Windows has detected spyware infection!
It is recomended to use special antispyware tools to pervent data loss.Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

Finally, the Trojan will download and install the rogue anti-spyware program called Antivirus Pro 2010 onto your computer, which will then state that you have numerous infections running on your computer. Please ignore any warnings that Antivirus Pro 2010 displays on your computer as they are all false and are only being shown to convince you to purchase the program.

****thanks BleepingComputer.com!****

Think Again If You Think Your Banking Info Is Safe!

2009-10-21T14:53:00.003-06:00

With scareware infections on the rise, more and more people are finding their private banking information has been compromised. With an estimated 485,000 different takes on the Antivirus scareware in just the first six months of 2009, the number of infected computers has grown as well.

More than half (54 per cent) or 11.9 million of the computers scanned by Panda Security, which contributed to APWG's report, were infected with some form of malware. Banking trojan infections detected by the group almost tripled (up 186 per cent) between Q4 2008 and Q2 2009.

Antivirus Scareware Shows Up In Google For Skype

2009-10-21T13:25:00.002-06:00

Well it's finally happened. The makers of the "Antivirus" strain of malware are now using Skype to to spread their crap.

Malicious links have been found on Google and Skype has joined the ranks of the malicious manipulated search results. Sean-Paul Correll, a security researcher a Panda Security, explains that under its latest guise, scareware scams appear as spam messages sent to personal Skype accounts.

The message appears to come from an account called "Online Notification" and claims to have discovered an "infection" on your computer. Once the link is clicked for "more information" the unsuspecting user is taken to a fake anti-virus scan which indicates the computer is infested with viruses and the program must be "purchased" to remove them.

Panda has detected one strain that completely disables applications on a compromised PC except the rogueware utility and IE. Once it's "purchased" the applications are re-enabled. Users that follow tainted search results on to a compromised website will be re-directed to the scareware.

Google has established a custom search page - www.anti-malvertising.com - designed to assist customers of ad networks to uncover possible attempts to distribute malware through advertising, a concern highlighted by the recent New York Times rogueware attack. Security researchers from the search engine have also become active participants in closed mailing lists discussing scareware and the wider cybercrime problem.

Fake Antivirus Software Has Far Reaching Implications

2009-10-17T14:48:00.003-06:00

We've been posting about the Antivirus 2009/2010 malware for some time now and we would like to give you an example of exactly what it does on the "back end". You, the user, experience computer slow down or the "blue screen of death", annoying pop ups telling you to buy the fake program, inability to access certain items or to get online. What you may not know is that by continuing to try and use the infected computer, you are not only causing more damage to your computer but you are helping to further the fraud that this program is designed to com mitt.

It was recently reported that Google is one of many sites hat are literally being "robbed" by this malware infection. There is a ring of these infected computers (also known as a botnet) and in layman's terms they are being remotely controlled and used to commit crimes on the internet.

The botnet relies on malware distributed through fake antivirus scams to take over more computers. Compromised PCs have their DNS settings secretly changed, an attack known as DNS poisoning. Thereafter, attempts to reach, say Google.com, on a compromised computer lead to a fake Google site that presents ads from which Google derives no benefit. When accessing one of these fake search pages, if you click on one of the links you are actually redirected to a third party website which is then given credit for your click.

A report release by the Anti-Phishing Working Group indicates an tremendous increase in the number of fake antivirus infected computers; a jump of 585% between January and June of 2009. "The Internet has never been more dangerous," said APWG Chairman David Jevans in a statement.

The report also indicates that cybercriminals have been using the LuckySploit cybercrime toolkit to compromise legitimate Web sites to infect the computers of Web site visitors.

In addition during the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs, part of computer security company Panda Security. Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year.

New Versions of Antispyware keep coming

2009-10-17T09:35:00.004-06:00

We have continued to see new "versions" of the antivirus malware/spyware infection and its creators are getting more and more creative. We removed a fake program called Cyber Security ANtivirus 2009 last night and here's a picture of it.

If you start seeing strange pop up's from a program you never installed and it says your computer has thousands of viruses then GIVE US A CALL! We offer same day service in most cases and our flat rates for removal are just $60 for in home service and only $40 if you drop it off with us.

We also perform general repairs such as replacing/installing hardware, software install and troubleshooting, email client set up, home wireless router set up and security, complete internal cleaning and maintenance, custom built computers.

PC Protection Center: They Are Getting Nastier

2009-10-01T12:04:00.003-06:00

We removed this nasty little bugger from a computer yesterday and the people behind these infections are getting even more creative!

Initially we were unable to even get in to safemode as it kept saying Windows hadn't been activated and that can't be done in safemode. Eventually we pulled the drive and ran scans with a different computer using the drive as a slave. The infection still persisted and so did our efforts. It was eventually removed 4 hours later. Remeber folks, $60 for in home service and just $40 if you drop it off. That customer is paying $40 which works out to be $10 an hour. Our flat rate pricing simply can't be beat!

Windows PC Defender; Just another Infection

2009-09-30T12:30:00.006-06:00

Yep, here's another one we have come across. This one likes actually wasn't too difficult to remove but it's an infection all the same. Here's what it looks like....

The thing to keep in mind about these infections is that you get them from the ads placed on LEGITMATE WEB SITES. These are not being spread by P2P file sharing or by looking at porn. Web sites display ads (they get $$$ to do that) and those ads get rotated. You may visit the same web page for five days and never access one of the infected ads. Load the web page when one of those ads come up and BOOM! The ad launches a small script which installs on your computer and that is how your computer becomes infected. We are offering our removal service at low flat rates. It's just $60 for in home service or $40 if you woudl like to drop your computer off.

XP Police Pro: Yet Another NASTY Infection

2009-09-28T13:01:00.005-06:00

We had the opportunity to clean "XP Police Pro" from the work computer of a local sign/graphic designer named TK. His wife had attempted to manually remove the infection for several days and had been able to get them back online but at a high price. It wound up taking our technician close to five hours to get the infection removed.

This infection was particularaly nasty because it complete disabled the ability to enter "Safe Mode" and the drive had to be physically removed and connected to another computer for the initial scans to be run. Here's what it looks like....

If you see something similar to this, or any of the other pictures we list in our blog, please do everyone a favor and turn off the computer. You need to contact a professional to get this completely removed. We are now offering in home service for just $60 and $40 if you drop it off.

Malicious Ads Show Up On Google

2009-09-24T20:32:00.002-06:00

We've been saying it for close to a year now and it's finally been seen on the holy grail of search engines, Google. Google allowed a scam ad to appear briefly atop search results on Tuesday for the term "Firefox."

The sponsored link purported to take Google (NSDQ: GOOG) searchers to the official Firefox Web site, but in fact took them to a different domain, firefox.mozilla-now.com, according to Sophos, a computer security company.

For months we have been trying to educate the public on how all of the malware and spyware are being spread through malicious ads placed on web pages. Now, it's finally being brought to light how many legitmate web sites are running these infected ads! It was brought to light that malicious ads have also been spotted this year at nytimes.com. eweek.com, mlb.com, and foxnews.com, among other Web sites and such incidents are becoming more common.

The way it works: you visit a legitimate web site which, in most cases today, displays advertisements. In most cases those advertisements net the site owner a profit when they are clicked on in however those clicks take you to another web site. This is being used to perpetuate the spread of the infamous Antivirus Malware/spyware. When you click on the ad, boom! Your computer becomes infected.

The other way it can work is this: the legitimate web sites rotate the ads so as to get more $$$ from advertisers. You may visit the web site 50 times and see a different ad every time. All it takes is one visit to that page when a malicious ad is in the rotation. As soon as the web page loads, BOOM! What is called in iframe opens and infects your computer. In most cases the visitor never see's the iframe (in layman's terms it's another web page which is designed to open on its own) or you may see it flash so fast that you barely see it.

ScanSafe, a security company, said on Wednesday that a large scale malvertising attack had hit popular Web sites, including drudgereport.com, horoscope.com and lyrics.com, over the weekend.

Folks, we've been saying it for MONTHS...........

Linux Botnet Could Be Behind the Antivirus Infections

2009-09-16T14:09:00.004-06:00

We've been saying it for some time and it's finally becoming more public. The number of Windows computers that are infected with the "Antivirus" strain of malware/spyware is increasing and it's NOT through any fault of the end users.

It was recently discovered that a cluster of Linux servers were not only serving up the legitimate websites hosted on them, but malware and spyware as well. Normal internet traffic is conducted over port 80; this is the industry standard. These servers were also using a connection over port 8080 to inject the malware and spyware in to the computer that was visiting the website. Because it's been found to be done in iframes, the visitor had no clue until the computer was already infected and they were seeing the pop ups for Antivirus 2010, Super Antivirus etc...

In essence, you could visit a completely legitimate website and wind up infected. This was the result of poorly secured Linux servers. So how does it work once you're infected? After infecting a computer, the program literally takes control and, in most cases, blocks the user from being able to make an internet connection through a web browser. You are flooded with fake pop up's telling you your computer is infected with thousands of viruses but that's only what it's doing on the surface.

After taking control of your internet connection the program starts using your computer to send out spam and phishing email, sniff ports on other computers to check for vulnerabilities in their firewalls, gather personal data such as banking and credit card info etc... It connects to the master server and starts taking directions from there and often times it's used to infect many more computers with the same nasty infection that it has.

This is a culmination of both poorly secured web servers and ill informed PC users. Together, we need to focus on stamping out these infections not just on the computers, but on the SERVERS as well. If we can kill this at the server level then the infection rate will decrease.

Windows 7 Free Trial

2009-09-02T13:33:00.002-06:00

I never thought I would see the day when Microsoft offered anything for FREE but here it is. They are making a 90 day trial of Windows 7 available to tech pro's FREE OF CHARGE.

I have to admit, with the obvious decimation of XP I am anxious to get my hands on a copy of Windows 7. I cleared off a hard drive just so I can see what it will be like to install! So a free 90 day trial may be just the thing to get someone like myself on board with the new OS. Lord knows I hear Vista complaints on a daily basis but I often find myself defending it, at least a little, becuase from a technical standpoint it is much better than any previous versions of Windows when it comes to troubleshooting. Hey, did you knwo that when you're making a wireless conneciton and you have to ente rthe network key you only have to enter it ONCE with Vista? Pure genius! LOL

Apparently there is a limit to this good thing and with only so many licenses available I better get mine quick!

PC Antispyware 2010: more bad news

2009-08-13T23:39:00.003-06:00

As I sit here writing this blog, I am remotely accessing a relatives computer and removing PC Antivirus 2010. They noticed it after they installed a very popular application called Google Earth. I'm sure most of us have heard of Google Earth and all I can say is BAD NEWS. I'll say exactly the same for Weatherbug. It's a bug alright! So here's a screen shot of the nasty little malware.

If you see something like this on your computer then your computer is infected. Don't pay the $300-$400 that the big companies demand for removing things like this! Affordable Computer Tech Solutions offers our service for as little as $60!

Antivirus System Pro Is Making Its Rounds

2009-07-27T12:43:00.004-06:00

Over this past weekend a family member was going to a website that she normally visits and usually has no problems with when BOOM! Antivirus System Pro starts popping up all over the place. Initially we tried running the task manager to just terminate the process but we then received a pop up indicating that the TASK MANAGER was infected and asked if we want to purchase this program now.

In a case such as this, it's best to not try and close any of the pop up windows, try to tell it no or anything else. Shut the computer down and go in to safemode. From safemode you can usually run the needed tools fairly easily and remove the infection within a couple of hours.

More From Antivirus Malware; Same Problems Just DIfferent Names

2009-07-20T12:52:00.012-06:00

Well, we have been covering the whole antivurs malware issue for some time but we wanted to update some of the information we haev found recently. There are new names, and new looks for the nasty little malware but the problems it can cause are still the same.

For those of you that are new, here's some basic background information. Back in 2008 computer tech's began seeing an influx of complaints centered around what appeared, to the untrained eye, to be legitimate antivirus programs. This was actually cleverly disguised malware and not a true antivirus program. So what is malware and how can it affect your computer?

Malware is a term used for malicious software programs which are in fact harmful to your computer. Malware includes spyware and adware programs, such as tracking cookies, which are used to monitor your surfing habits. Other things that may be included are much more dangerous and include keyloggers to steal personal information as you type, trojan horses, worms and even viruses.

A keylogger is just that; it's a program which records each keystroke on a keyboard and then sends the information to a remote user. The informatoin gathered may be things such as bank account or credit card numbers, passwords, social security numbers, date of birth or any other sensitive information that you may enter in a form on a website. A trojan (also known as a trojan horse) can potentially destroy your system as well as install the "back door" which the keylogger uses to transmit the data collected. These are normally used for identity theft.

A virus, or worm. replicates itself and may take control of your system. These types of malware are used to create what are clled botnets which send out huge amounts of either spam of phishing emails. Viruses usually attach to other programs, while worms are self-contained. Both can cause severe damage by eating up essential system resources, which may lead to your computer to run slow or even crash. Viruses and worms commonly use shared files and items like email address books to spread to other computers.

So now that we know what malware can do, how do we get infected? Initially when the antivirus malware issue came to light when the designers began literally hacking full websites and placing the code to launch the malware directly on these websites. There were hundreds of thousands of websites that were hacked and many of them were sites that server a legal, legitmate purpose and were well known. Once it was discovered that this was happening, website owners got wise they had the code removed and strengthened their security to prevent any further infection from spreading. How this woudl work is a person online would go to one of the infected websites, open the page, and immediately upon opening the page the malware would infect their computer.

The next, and still ongoing, way of infecting computers is through online advertising. Even big name websites place ads on their web pages to make money. Those ads get rotated and alternated to generate even more revenue for the site and in that the ads are constantly changing. The hackers spreading this malware are infecting ads so when the ad comes up on a webpage, if you are visiting the website at that particular time, your computer becomes infected. The issue with this is that it's basically hit and miss. You may successfully visit the same site several times but if it is running an infected ad then eventually your computer will become infected.

So now we would like to show you soe updated images; these are what you may see once your computer has become infected. It comes with many names and many variations on the look but the infection is always the same. First, here is an updated list of names for the malware.

Antivirus 2009/2010

Home Antivirus 2009/2010

AntiVirusPro

PC Security 2009

WiniFighter

Security Central

Smart Defender PRO

Windows Security Suite

Barracuda Antivirus

USAntiSpy

AntiMalwarePro

AntivirusBest

Contraviro

Malware Destructor 2009

Virus Remover Professional

Protection System

Wind Optimizer

Antivirus System Pro

XP Deluxe Protector

WinBlueSoft

Advanced Virus Remover

Presto TuneUp

Fast Antivirus 2009

Secure Antivirus Pro

Malware Catcher 2009

PCPrivacy Defender

Virus Shield 2009

CoreGuard Antivirus 2009

PCAntiMalware

Badware Protector

Advanced Spyware Detect

Extra Antivirus

AV AntiSpyware

WiniBlueSoft

Virus Shield 2009

Microsoft to Launch FREE Online Version of Office 2010

2009-07-13T12:39:00.003-06:00

I never thought I would live to see the day when Microsoft offered something for FREE.... No really, I mean it; it's going to be FREE!

Apparently they have decided to offer a browser based version of Office 2010 at no charge in order to keep up with all of the other free or low-cost desktop productivity tools available online. They plan to offer Word, Excel, PowerPoint and OneNote message pad.

Turn-about is fair play however so don't expect to have all the same capabilities as the desktop version. It's rumored that PowerPoint will not offer the same video editing tools as the standard desktop version. "If you use Office on your PC, you're going to want to take full advantage of what your PC can do," said Chris Capossela, senior VP for Microsoft's Business unit,. The Web apps on the other hand will offer some features that won't be found on the desktop versions, such as the ability to embed tags into documents and post them on blogs.

At its Worldwide Partner conference in New Orleans, Microsoft also revealed on Monday that Office 2010 has reached the technical preview stage, meaning the software is available for selected professionals to download and test. The company expects to ship a beta version in the second half of this calendar year.

Antivirus 2010 is making the rounds now

2009-07-09T20:14:00.004-06:00

That's right! The wonderful makers of Antivirus 2009/XP/Vista/360 have upgraded the malware to say it is now Antivirus 2010. These guys must really have nothing better to do but keep us PC tech's in business! Here are some screen shots we found and we received our first call regarding this "version" yesterday.

Conficker = Spyware Protect 2009!

2009-05-27T12:50:00.003-06:00

That's right! If you're seeing pop up's for Spyware Protect 2009 then it's highly likely that you have been infected with the infamous Conficker virus. In April 2009 it started showing up as part for the Conficker virus infection. It is configured to start as soon as the computer boots and in all reality it does look much like a legitimate program.

Spyware Protect 2009 is actually a rougue anti-malware program that uses fake security alerts and fake scan results to scare consumers in to "purchasing" it. Once your credit card informaiton is entered, it is then sent to hackers who can use it unscrupulously. Just as with Antivirus XP/Vista/2008/2009 and Antivirus 360"purchasing" it does nothing to protect your computer as all of the scan results are fake. It wil say you have hundreds of thousands of infections when in fact the only infection is the malware itself.

When this program is running you will also see a variety of security alerts on your computer. These alerts consist of ones stating that a remote host is attacking your computer, that you have a variety of infections, or that Windows has detected your computer is infected and that you should purchase Spyware Protect 2009.

Windows XP Support Is Available At A Price

2009-04-22T12:41:00.003-06:00

All you Windows XP users out there get your bank cards ready! Microsoft has finally stopped free technical support for the eight year old operating system Windows XP. It seems that they perceive no longer offering free support for the last good OS they released will be a money maker for them.

Microsoft is now charging for "per incident" XP technical support. We are currently working to find out what the exact cost for that support will be and will update this blog as soon as we are able to find out.

With the market for low cost computers heating up, and Linux rearing it's head again, Microsoft has decided to continue with direct OEM sales of XP Home for Ultra Low Cost Personal Computers (ULCPCs) so that they can preinstall Windows on these devices through the later of June 30, 2010 or one year after the general availability of the next version of the Windows operating system. It was announced that the extended XP support until 2014 but only for consumers willing to pay. non-security related updates will only be released to members of their premier program but security patches will be available to all customers until at no charge.

For free technical support, consumers that purchase a pre-fabricated PC with XP will want to contact the manufacturer if they experience any problems.

Windows 7 Doom and Gloom

2009-04-22T11:56:00.002-06:00

Information on Windows 7 that was recently released is forecasting even more trouble for Microsoft in the OS industry. As the leader in PC operating systems Microsoft seems to have potentially hit yet another brick wall with Windows 7.

It seems that the IT industry is looking at Windows 7 just as it did Windows Vista; with scepticism and a nasty taste in its mouth. XP users that were unable to upgrade to Vista will also be unable to upgrade to Windows 7 due to the same issues with drivers and system resources. Since Windows 7 is primarily based off of Vista, systems using the OS will need to be heavy on the memory as the same old resource hogs used in Vista are also present in Windows 7.

Companies looking to upgrade their computers will be looking at the bottom line when it comes to Windows 7 and that bottom line isn't any better than it was with Vista. Microsoft needs to figure out a way to get back the basic principles and requirements of XP while still providing the same features as Vista and Windows 7.

Windows PC's Being Turned to Junk Email Bots By Conficker

2009-04-13T15:19:00.003-06:00

After a disappointing "launch" on April 1, 2009, Conficker has finally started spreading and is now turning infected Windows PC's into junk mail robots, sending out an estimated 80,000 junk emails in 24 hours.

Kaspersky researcher Alex Gostev said in a message on Friday "Assuming that there are 5 million infected machines out there, the [Conficker] botnet could send out about 400 billion spam messages over a 24-hour period!"

The spam in question is pitching pharmaceuticals only now primarily for erectile dysfunction medications such as Viagra and Cialis, with message subject headings including "She will dream of you days and nights!" and "Hot life -- our help here. Ensure your potence [sic] today!"

Gostev also noted that almost every message contained a unique domain in the embedded link, a tactic spammers sometimes use to side-step anti-spam filters, which analyze the frequency which any one domain is used. "We detected the use of 40,542 third-level domains and 33 second-level domains," said Gostev. "They all belonged to spammers and the companies that ordered these mailings."

It has been noted that some Conficker bots have also downloaded and installed Spyware Protect 2009 which falls under the same guidelines as the infamous Antivirus XP, Antivirus 2008/2009, Antivirus Vista and Antivirus 360 (which we have previously reported on!). In the industry, these are known as "scareware" and attempt to dupe the end user into trying to purchase the software by reporting false scan results which often indicate the computer has thousands of infections.

It is obvious that with the spread of Conficker, we will also see a rise in the number of malware infected computers as well . Affordable Computer Tech Solutions has been cleaning the Antivirus series of malware from computers since 2008 and has developed a system to completely remove the malware, along with another other viruses, which is non-invasive and will not cause you to lose any of your personal files provided the infection hasn't spread to the point of no return.

If you feel your computer might be infected then our best advise is to shut it off and contact us to schedule service. We offer drop off, in home and in some cases even remote service. Drop off service is just $60, in home service is $80 and remote access (provided you can still get online) is only $40. Call (480) 273-5669 to schedule service.

StalkDaily Virus: Twitter Users Beware

2009-04-13T15:08:00.004-06:00

Twitter users beware; the StalkDaily Virus may soon be hitting you! It is being reported that Twitter does in fact have a virus and it sending out spoof tweets such as "Hey everyone, join www. StalkDaily. com. It's a site like Twitter but with pictures, videos, and so much more! :) "

This virus can be caught by visiting infected Twitter profile pages. Twitter claims to have closed the security loophole which was used to spread this infection but it remains to be seen how many profiles may still be currently infected. The best way to make sure the infection is removed is to ensure that the URL on your profile page is correct. CLearing temporary internet files/cache and cookies can also prevent you from being redirected to a bad (or infected) link.

Conficker Now Unleashed!

2009-04-11T13:35:00.005-06:00

After a disappointing show of force on the anticipated lauch date of April 1, 2009 the Conficker worm has begun widening the number of Web sites that it scanned for instructions, a new Conficker variant has emerged and appears to be preparing to spam and steal information.

Symantec representatives said the new Conficker/Downadup variant E is designed to update version .C rather than the first-generation A variant.

The new variant, designated Conficker.E, restores the use of the MS08-67 exploit, which was removed in the previous .C variant. It also includes new self-removal instructions that tell the worm to remove itself from an infected host on May 3. And it includes a slightly different list of Web sites from which to seek instructions.

It has been established that the update is arriving through the worm's peer-to-peer connectivity. It looks for the old .A variant and updates it with the improvements seen in version .C, which include better HTTP and P2P code, stronger defense mechanisms, and advanced anti-forensic techniques. Because P2P updating is slow compared with other methods, it may be several days before the impact of Conficker's changes become apparent.

Somewhere between 1 million and 2 million computers are believed to be actively infected with the malware, down from almost 9 million in January.

To protect yourself you want to ensure that your Windows operating system is up to date. Microsoft released a patch back in October 2008 to help prevent computers with Windows from becoming infected. You willalso want to make sure that you have some sort of antivirus software installed, keep it up to date, and run it daily.

Conficker C Launched on April 1st As Planned

2009-04-01T12:09:00.002-06:00

We previously reported on the anticipated APril 1 launch of the Conficker C botnet and it is now confirmed that it has in fact been launched. The effects have not quite been what was expected; not yet anyway.

It is unknown how many computers are actually infected but the estimate is upwards of ten million. Conficker C was programmed to launch at midnight April 1 and establish a link from the infected computers to command and control servers. It was supposed to have generated a list of 50,000 domain names and then select 500 to contact. Researches say this process has begun.

Infected computers have started reaching out as expected but so far nothing note worthy has happened as a result. "We have observed that Conficker is reaching out, but so far none of the servers they are trying to reach are serving any new malware or any new commands," said Toralv Dirro, a security strategist at McAfee Avert Labs, in Germany.

It is suspected that those in control of the Conficker C are biding their time and waiting for researchers and IT professionals to relax their guard. Most major antivirus manufacturers have released updates which will easily find and remove the Conficker C infection.

And we have a new name for the Antivirus XP/Vista/2008/2009/360!

2009-03-26T17:42:00.003-06:00

We just spoke with a gentleman that was having an issue with a pop up telling him his computer was "infected" and it's infected alright but not by any virus. WHat is the "new name" you may ask????? MS Antispyware 2009 is the winner. Here are some screen shots so you may see what it looks like.

April Fool's Day Worm Is On The Way; Could There Be Possible Ties to the Windows XP/Vista/2009/360 Infections?

2009-03-26T12:00:00.006-06:00

Reports that were just released have indicated that the third variant of Conficker C will be launched on April 1, 2009. Malware creators like using that day to launch their wares upon the world and this could be one of the most damaging attacks seen to date. It has grown more complicated, powerful and virulent. Conficker first bubbled up in late 2008 and began making headlines in January as known infections topped 9 million computers.

Microsoft has offered up a quarter million dollar bounty for the capture of the creator(s) of this worm an have been scrambling to find either a cure of the creator before the deadline arrives. April 1, 2009 is supposed to be the date when all currently infected computers will come under the control of one master machine. The infected machines may be used for Denial of Service attacks, stealing personal information, wipe out hard drives or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software. Could it be we are seeing Conficker C in the Antivirus 2009/XP/Vista/360 infections? Is it possible those machines were already infected?

Conficker C has been so elusive because it has an enormous number of URL's it uses to communicate with its headquarters. The first version of Conficker used just 250 addresses each day which security researchers and ICANN simply bought and/or disabled but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.

It has never been more important to make sure you are properly protecting your computer. Make sure you have adequate security software installed. Antivirus programs are wonderful but they don't catch everything. You should also install anti-malware software as well as anti-spyware protection. It is also recommended that you keep your Windows operating system up to date but to be honest, with all the holes, flaws and install issues Microsoft has been dealing with is that really going to protect you? Make sure that your antivirus software is up to date and actually running because this version of Conficker C can disable it.

Microsoft has offered a free online scanner to check for possible infections as well. That can be found at http://onecare.live.com/site/en-us/default.htm

New Worm Targets Home Routers and Cable Modems

2009-03-25T19:43:00.005-06:00

It is being reported today that a nasty new computer worm has infected 55 different types of home-based wireless routers and wireless cable modems. Known as "psyb0t" or Bluepill, this has infected DSL/cable modems, routers, Linux Mipsel, has an administration interface, sshd, or telnet in a DMZ, and employs a weak password. Once the malware takes hold, it locks legitimate users out of the device by blocking telnet, sshd, and web access. to include brands such as Linksys and Netgear. This is the first worm known to have infected residential routers and modems.

Psyb0t is armed with 6000 common usernames and 13,000 popular passwords and it tries to gain access to the home network by using various combinations. Since most home based routers and modems do not limit the number of failed attempts, these devices are an ideal target for infection. In addition, because these types of devices generally run 24 hours a day, they give psyb0t an unlimited amount of time to try to gain access.

To make matters worse, psyb0t is reportedly very hard to detect and most home users aren't aware they are even infected. Like most worms, it is designed to infect a system and then carry out orders given by the author; this is known as a botnet. APC Magazine is reporting that the botnet capability is no longer active now but at it's height, psyb0t was suspected of controlling 80,000 to 100,000 systems.

How can you tell if you are infected? By default ports 22, 23 and 80 are blocked by as part of this infection. If these ports are blocked, you should perform a hard reset on your device, change the administrative passwords, and update to the latest firmware. These steps will remove the rootkit and ensure that your device is not reinfected.

Great new screen shots! Want to see what the prompts for AntivirusXP/Vista/2009/360 look like?

2009-03-24T14:05:00.003-06:00

We have been trying to put together good screen shots of AntivirusXP 2009/2009, Vista Antivirus 2008 and now Antivirus 360 so that people will better know what they are looking for. Here you go....

IE8 Released Today : Will It Offer More Protection?

2009-03-19T19:52:00.003-06:00

Microsoft released Internet Explorer 8 at noon Eastern time today. Boasting new, user friendly features and more protection, this may well be worth looking in to; don't expect your ISP to support it quite yet though.

The browser has been downloaded tens of millions of times since it entered public testing mode a little more than a year ago, constituting one of Microsoft's largest beta tests ever. Improved security is one of IE8's most significant features. NSS Labs released an independent study early Thursday showing IE8 significantly besting Mozilla Firefox, Apple Safari, Google Chrome, and Opera in catching and blocking malware. With its SmartScreen filtering, IE8 Release Candidate 1 caught 69% of malware, while Firefox 3.07 caught only 30%.

As for security, IE8 is supposed to be offering more protection from the nasty malware that is going around right now (I.E. AntivirusXP/Vista/360 etc...). During beta testing one IE8 user in 40 got a malware block, while 1 million users per month were prevented from browsing to phishing sites. IE8 also contains a number of other security features, including an InPrivate Browsing mode that keeps no trail of browsing history and new features that prevents certain cross-site scripting attacks, click-jacking, and the installation of malicious ActiveX controls.

With every success there must also be failure and one hacker was able to hijack a machine running the IE8 release candidate and Windows 7 beta but competitive browsers were hacked as well during a contest at the CanSecWest security conference on Wednesday.

Of course there are all kinds of other bells and whistles included but we are focusing on the security portion of this. Hopefully it will slow down the spread of malware as it appears to be on the rise.

Remote service is now a reality! Got malware/spyware/viruses? We can help!

2009-03-16T15:23:00.002-06:00

Affordable Computer Tech Solutions is proud to announce that we are now offering REMOTE REPAIR as one of our service options! That's right! No worries about the barking dog, the house being a mess, company coming over. Sit in your PJ's as our technician access your computer from our office and removes all the malware, spyware and viruses that are plaguing your computer.

If you have internet access and a Paypal account then we can assist you. Our flat rate for malware, spyware and virus removal remotely is just $30. This also includes the installation of security software which will keep your computer protected long after our service is performed and that's at NO ADDITIONAL CHARGE! Don't live in Arizona? NO PROBLEM! With remote access our professional, experienced technicians can help anyone anywhere!

Of course if you are experiencing a hardware issue, or if you have no internet connection, then we still offer in home and drop off service. We are also still offering FREE email and phone technical support so if you think you may have a problem but you aren't sure then we can still help and it's FREE! Call us at (480) 273-5669 or email us at azfreetech @ yahoo.com anytime for assistance.

Microsoft Releases Three Updates for Eight Vulnerabilities ; Will These Stop The Antivirus XP/Vista/360 Outbreak??

2009-03-12T17:17:00.006-06:00

During "patch Tuesday" Microsoft released three patches for a total of eight vulnerabilities; one of which is "critical" and the other two are "important". The patches are to fix the following:

MS09-006 ("critical") resolves a vulnerability in the Windows kernel for systems using Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The flaw could allow remote code execution if a user views a maliciously crafted EMF or WMF image file. This addresses vulnerabilities by validating input passed from user mode through the kernel component of GDI, correcting the way that the kernel validates handles, and changing the way that the Windows kernel handles specially crafted invalid pointers.

MS09-007 ("important") addresses a vulnerability in the Secure Channel (SChannel) security package in Windows. If exploited, it could allow spoofing, provided the attacker gains access to an end-user authentication certificate. This is for systems using Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This addresses the vulnerability by modifying the way that the server parses key exchange data during the TLS handshake.

MS09-008 ("important") fixes vulnerabilities in the Windows DNS server and Windows WINS server. If exploited, these vulnerabilities could allow network traffic hijacking. This is for systems running Windows 2000 Server, Windows Server 2003, and Windows Server 2008. The security update addresses the vulnerabilities by correcting the way that Windows DNS servers cache and validate queries, and by modifying the way that Windows DNS servers and Windows WINS servers handle WPAD and ISATAP registration.

As of yet, Microsoft has not released a patch for the vulnerability discovered in Excel files which allow for malware to infect a computer through the Excel vulnerability. This may become more of an issue since it's tax season and more people are using Excel more frequently.

We are wondering if any of these updates will address the ways in which computers are currently being infected with the Antivirus XP/Vista/360 malware. The malware is being rapidly spread through corrupted/infected FLASH banner ads placed on websites and it sets up browser redirecting as well. We will be exploring this more by running some test computers and purposely visiting sites we know are infecting computers at this time. We will keep you posted!

Microsoft Announces Zero-Day Excel Exploit

2009-02-25T11:26:00.002-07:00

Tuesday Microsoft announced two Security Advisories, one regarding a zero-day Excel exploit and the other regarding a problem preventing the disabling of the Windows Autorun.

They are currently investigating reports of a vunerability in Microsoft Excel that could allow remote code execution if a user opens a file specifically created for this operation. Microsoft states " At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."

The Microsoft products that appear to be affected are: Microsoft Office 2000, Microsoft Office 2002, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac.

This malware has been dubbed as Trojan.Mdropper.AC. Make sure you keep those anti-malware programs up to date and scan often! Don't trust just any documents you get online either!

Updates on the Antivirus XP/Vista/2008/2009/360 malware CRITICAL

2009-02-21T12:00:00.010-07:00

We had a tech doing research for us on the Antivirus XP/Vista/2008/2009/360 malware issue and critical updates were found! As we have told you before it literally takes control of the infected computer and begins redirecting you when you try to get online. Those redirects are becoming more dangerous as they perfect the "spoof pages" and try to dupe you into "purchasing" the malware and hence sending your credit card information to HACKERS.

We came across a very informational site which you can find at HERE. We are going to give you a brief run down on the most interesting things we found on that blog.....

FAKE BOSD (Blue Screen of Death)! This was seen by the blogger and it's interesting because this really begins to shed light on exactly how far the makers of this malware are willing to go. Here's a screenshot for you and if possible try to read what 's on the screen. It's not your typical BSOD.....

Fake Windows start up screen! This was particularly interesting because it was noted that this, along with the previously mention fake BSOD were seen after the computer began restarting itself without warning. Please be sure to read the fine print at the bottom of this screen.

Just as a reminder, if you see strange pop-ups, are being redirected to strange websites when you try to get online, or if your computer is running slow, freezing up or acting odd then you should shut it down and contact a professional! Our most recent client continued trying to use the infected computer and in the end the drive had to be reformatted because the infection was just too severe. There are free tools available online but if you don't have the ability to get online than it's pretty pointless.

If you are gung-ho and want to take a stab at getting rid of it yourself then these are what we recommend:

1. COMBOFIX - this kills it's system processes and allows you to begin using the rest of the software needed to remove it much more quickly. You may need to rename the file before you install it on the computer! You can get full instructions on how to use this HERE

2. Next we run MALWAREBYTES to continue the cleaning process.

3. Finally we run SUPERANTISPYWARE to complete the process.

There are some other tools which you may wish to try but we have had the greatest success with those three listed. We have read about Spybot Search and Destroy working but we have used that in the past and it didn't do as good a job as the SuperAntiSPyware did. You can also try Ad Aware, it has been suggested that you remove the FOLDER for the malware and then reboot your computer but becuase it tends to infect/alter registry entries, we can't say this will in fact work but it may be worth a try.

You can do this by first starting in safemode (hit F8 repeatedly upon restart) going to start --> RUN and then type in C:\Program Files\ and then press the OK button. When the folder appears, if it says These files are hidden, click on the Show the contents of this folder option. When the C:\Program Files\ folder opens, look through the list of folders and when you find the folder named XPAntivirus left-click on it once so it becomes highlighted. Then hit the Delete button on your keyboard and when it asks if you are you want to delete the folder, click on the Yes button with your mouse. When the folder is deleted, reboot your computer back to normal mode.

AVG FALSE POSITIVES issues

2009-02-17T17:43:00.003-07:00

We decided to post the full log of the "threats" AVG supposedly found. Please bear in mind this is the version downloaded today, Feb 17, 2009 and the file name is avg_free_stf_eng_8_237a1428.exe (58.1mb). The database was never updated as it began flagging these files the minute it was installed. We had to suspend the running of Malwarebytes because every file it examined was flagged by AVG. These are examples of AVG giving FALSE POSITIVES:

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"

"Virus found Win32/Virut";"C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe";"Infected";"2/17/2009, 2:11:47 PM";"File";"C:\Program Files\AVG\AVG8\avgui.exe"

"Virus found Win32/Virut";"C:\WINDOWS\explorer.exe";"Object is in whitelist";"2/17/2009, 2:11:46 PM";"File";"C:\Program Files\AVG\AVG8\avgui.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\notepad.exe";"Object is in whitelist";"2/17/2009, 2:09:49 PM";"File";"C:\WINDOWS\explorer.exe"

"Virus found Win32/Virut";"C:\WINDOWS\explorer.exe";"Object is in whitelist";"2/17/2009, 2:09:04 PM";"File";"C:\Program Files\AVG\AVG8\avgui.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\inetwiz.exe";"Infected";"2/17/2009, 2:08:47 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\inetmgr.exe";"Infected";"2/17/2009, 2:08:45 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\inetin51.exe";"Infected";"2/17/2009, 2:08:43 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\imapi.exe";"Infected";"2/17/2009, 2:08:41 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\iissync.exe";"Infected";"2/17/2009, 2:08:38 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\iisrstas.exe";"Infected";"2/17/2009, 2:08:36 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\iisreset.exe";"Infected";"2/17/2009, 2:08:34 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\iexpress.exe";"Infected";"2/17/2009, 2:08:31 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\iexplore.exe";"Infected";"2/17/2009, 2:08:30 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\iedw.exe";"Infected";"2/17/2009, 2:08:28 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\ie4uinit.exe";"Infected";"2/17/2009, 2:08:26 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\icwtutor.exe";"Infected";"2/17/2009, 2:08:24 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\icwrmind.exe";"Infected";"2/17/2009, 2:08:22 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\icwconn2.exe";"Infected";"2/17/2009, 2:08:19 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\icwconn1.exe";"Infected";"2/17/2009, 2:08:18 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\hostname.exe";"Infected";"2/17/2009, 2:08:15 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\hh.exe";"Infected";"2/17/2009, 2:08:12 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\helpsvc.exe";"Infected";"2/17/2009, 2:08:11 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\helphost.exe";"Infected";"2/17/2009, 2:08:08 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\helpctr.exe";"Infected";"2/17/2009, 2:08:06 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\help.exe";"Infected";"2/17/2009, 2:08:03 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\grpconv.exe";"Infected";"2/17/2009, 2:07:59 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\gprslt.exe";"Infected";"2/17/2009, 2:07:56 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\getmac.exe";"Infected";"2/17/2009, 2:07:54 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fxssend.exe";"Infected";"2/17/2009, 2:07:51 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fxscover.exe";"Infected";"2/17/2009, 2:07:49 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fxsclnt.exe";"Infected";"2/17/2009, 2:07:47 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\ftp.exe";"Infected";"2/17/2009, 2:07:45 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fsutil.exe";"Infected";"2/17/2009, 2:07:43 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\freecell.exe";"Infected";"2/17/2009, 2:07:41 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fpremadm.exe";"Infected";"2/17/2009, 2:07:39 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\forcedos.exe";"Infected";"2/17/2009, 2:07:37 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fontview.exe";"Infected";"2/17/2009, 2:07:36 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fltmc.exe";"Infected";"2/17/2009, 2:07:34 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\flattemp.exe";"Infected";"2/17/2009, 2:07:32 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fixmapi.exe";"Infected";"2/17/2009, 2:07:31 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\finger.exe";"Infected";"2/17/2009, 2:07:29 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\findstr.exe";"Infected";"2/17/2009, 2:07:27 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\find.exe";"Infected";"2/17/2009, 2:07:25 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fc.exe";"Infected";"2/17/2009, 2:07:23 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\extrac32.exe";"Infected";"2/17/2009, 2:07:21 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\explorer.exe";"Infected";"2/17/2009, 2:07:19 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe";"Infected";"2/17/2009, 2:07:15 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\evntwin.exe";"Infected";"2/17/2009, 2:07:12 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\evntcmd.exe";"Infected";"2/17/2009, 2:07:10 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\eventvwr.exe";"Infected";"2/17/2009, 2:07:08 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\evcreate.exe";"Infected";"2/17/2009, 2:07:07 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\eudcedit.exe";"Infected";"2/17/2009, 2:07:05 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\esentutl.exe";"Infected";"2/17/2009, 2:07:03 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dxdiag.exe";"Infected";"2/17/2009, 2:07:00 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fxssvc.exe";"Infected";"2/17/2009, 2:06:57 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\evtrig.exe";"Infected";"2/17/2009, 2:06:55 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dwwin.exe";"Infected";"2/17/2009, 2:06:53 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dpnsvr.exe";"Infected";"2/17/2009, 2:06:51 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dvdupgrd.exe";"Infected";"2/17/2009, 2:06:49 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dumprep.exe";"Infected";"2/17/2009, 2:06:47 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\drwtsn32.exe";"Infected";"2/17/2009, 2:06:45 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\drvqry.exe";"Infected";"2/17/2009, 2:06:43 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dpvsetup.exe";"Infected";"2/17/2009, 2:06:41 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dplaysvr.exe";"Infected";"2/17/2009, 2:06:38 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\doskey.exe";"Infected";"2/17/2009, 2:06:37 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dmremote.exe";"Infected";"2/17/2009, 2:06:34 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dmadmin.exe";"Infected";"2/17/2009, 2:06:32 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dllhst3g.exe";"Infected";"2/17/2009, 2:06:30 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dllhost.exe";"Infected";"2/17/2009, 2:06:28 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\diskperf.exe";"Infected";"2/17/2009, 2:06:27 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\diskpart.exe";"Infected";"2/17/2009, 2:06:25 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\diantz.exe";"Infected";"2/17/2009, 2:06:22 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dialer.exe";"Infected";"2/17/2009, 2:06:21 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dfrgntfs.exe";"Infected";"2/17/2009, 2:06:18 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dfrgfat.exe";"Infected";"2/17/2009, 2:06:16 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\defrag.exe";"Infected";"2/17/2009, 2:06:14 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\ddeshare.exe";"Infected";"2/17/2009, 2:06:12 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\dcomcnfg.exe";"Infected";"2/17/2009, 2:06:11 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\davcdata.exe";"Infected";"2/17/2009, 2:06:08 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\ctfmon.exe";"Infected";"2/17/2009, 2:06:06 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cscript.exe";"Infected";"2/17/2009, 2:06:04 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cprofile.exe";"Infected";"2/17/2009, 2:06:02 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\convlog.exe";"Infected";"2/17/2009, 2:06:00 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\convert.exe";"Infected";"2/17/2009, 2:05:58 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\control.exe";"Infected";"2/17/2009, 2:05:55 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\conime.exe";"Infected";"2/17/2009, 2:05:54 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\conf.exe";"Infected";"2/17/2009, 2:05:52 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\comrereg.exe";"Infected";"2/17/2009, 2:05:50 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\comrepl.exe";"Infected";"2/17/2009, 2:05:48 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\compact.exe";"Infected";"2/17/2009, 2:05:46 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\comp.exe";"Infected";"2/17/2009, 2:05:44 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cmstp.exe";"Infected";"2/17/2009, 2:05:42 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cmmon32.exe";"Infected";"2/17/2009, 2:05:40 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cmdl32.exe";"Infected";"2/17/2009, 2:05:38 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cmd.exe";"Infected";"2/17/2009, 2:05:37 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\clipsrv.exe";"Infected";"2/17/2009, 2:05:35 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\clipbrd.exe";"Infected";"2/17/2009, 2:05:33 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cleanmgr.exe";"Infected";"2/17/2009, 2:05:32 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\ckcnv.exe";"Infected";"2/17/2009, 2:05:30 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cisvc.exe";"Infected";"2/17/2009, 2:05:29 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cipher.exe";"Infected";"2/17/2009, 2:05:27 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cb32.exe";"Infected";"2/17/2009, 2:05:22 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\calc.exe";"Infected";"2/17/2009, 2:05:20 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cacls.exe";"Infected";"2/17/2009, 2:05:19 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\bootvrfy.exe";"Infected";"2/17/2009, 2:05:14 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\bootok.exe";"Infected";"2/17/2009, 2:05:13 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\bootcfg.exe";"Infected";"2/17/2009, 2:05:11 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\blastcln.exe";"Infected";"2/17/2009, 2:05:10 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\bckgzm.exe";"Infected";"2/17/2009, 2:05:08 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\author.exe";"Infected";"2/17/2009, 2:05:05 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\auditusr.exe";"Infected";"2/17/2009, 2:05:04 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\attrib.exe";"Infected";"2/17/2009, 2:05:02 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\atmadm.exe";"Infected";"2/17/2009, 2:05:00 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\at.exe";"Infected";"2/17/2009, 2:04:59 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\asr_pfu.exe";"Infected";"2/17/2009, 2:04:58 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\asr_ldm.exe";"Infected";"2/17/2009, 2:04:56 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\asr_fmt.exe";"Infected";"2/17/2009, 2:04:55 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\arp.exe";"Infected";"2/17/2009, 2:04:52 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\alg.exe";"Infected";"2/17/2009, 2:04:49 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\ahui.exe";"Infected";"2/17/2009, 2:04:48 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\agentsvr.exe";"Infected";"2/17/2009, 2:04:45 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\admin.exe";"Infected";"2/17/2009, 2:04:42 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\nwscript.exe";"Infected";"2/17/2009, 2:04:39 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\mshta.exe";"Infected";"2/17/2009, 2:04:36 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\mshearts.exe";"Infected";"2/17/2009, 2:04:35 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\msg.exe";"Infected";"2/17/2009, 2:04:32 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\msdtc.exe";"Infected";"2/17/2009, 2:04:30 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\msconfig.exe";"Infected";"2/17/2009, 2:04:24 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\shadow.exe";"Infected";"2/17/2009, 2:04:21 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\sfc.exe";"Infected";"2/17/2009, 2:04:19 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\setup_wm.exe";"Infected";"2/17/2009, 2:04:18 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\oemig50.exe";"Infected";"2/17/2009, 2:04:15 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\hscupd.exe";"Infected";"2/17/2009, 2:04:10 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\hrtzzm.exe";"Infected";"2/17/2009, 2:04:08 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cidaemon.exe";"Infected";"2/17/2009, 2:04:06 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\chkrzm.exe";"Infected";"2/17/2009, 2:04:05 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\chkntfs.exe";"Infected";"2/17/2009, 2:04:04 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\chkdsk.exe";"Infected";"2/17/2009, 2:04:03 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\chgusr.exe";"Infected";"2/17/2009, 2:04:02 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\chgport.exe";"Infected";"2/17/2009, 2:04:01 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\chglogon.exe";"Infected";"2/17/2009, 2:03:59 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\charmap.exe";"Infected";"2/17/2009, 2:03:57 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\change.exe";"Infected";"2/17/2009, 2:03:56 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\cfgwiz.exe";"Infected";"2/17/2009, 2:03:54 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fpcount.exe";"Infected";"2/17/2009, 2:03:53 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fpadmcgi.exe";"Infected";"2/17/2009, 2:03:51 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fp98swin.exe";"Infected";"2/17/2009, 2:03:50 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\fp98sadm.exe";"Infected";"2/17/2009, 2:03:49 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\actmovie.exe";"Infected";"2/17/2009, 2:03:46 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\accwiz.exe";"Infected";"2/17/2009, 2:03:45 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Trojan horse SHeur2.LBY";"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EN7DQ1Q8\load[1].exe";"Infected";"2/17/2009, 2:03:39 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Trojan horse SHeur2.LBY";"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AXUAJQCG\load[1].exe";"Infected";"2/17/2009, 2:03:38 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found HTML/Framer";"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AOZXNG5I\contentcatalog[1].htm";"Infected";"2/17/2009, 2:03:37 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\Com\comrereg.exe";"Infected";"2/17/2009, 2:03:31 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\Com\comrepl.exe";"Infected";"2/17/2009, 2:03:30 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\usmt\migwiz_a.exe";"Infected";"2/17/2009, 2:03:16 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\usmt\migwiz.exe";"Infected";"2/17/2009, 2:03:14 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\usmt\migload.exe";"Infected";"2/17/2009, 2:03:13 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\bcmwlu00.exe";"Infected";"2/17/2009, 2:03:12 PM";"File";"C:\Program Files\AVG\AVG8\avgcsrvx.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\BCMWLTRY.EXE";"Infected";"2/17/2009, 2:03:11 PM";"File";"C:\Program Files\AVG\AVG8\avgcsrvx.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\spoolsv.exe";"Object is in whitelist";"2/17/2009, 2:03:06 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\spnpinst.exe";"Infected";"2/17/2009, 2:03:05 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\spiisupd.exe";"Infected";"2/17/2009, 2:03:03 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\spider.exe";"Infected";"2/17/2009, 2:02:59 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\sort.exe";"Object is in whitelist";"2/17/2009, 2:02:58 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\sol.exe";"Infected";"2/17/2009, 2:02:56 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\blastcln.exe";"Infected";"2/17/2009, 2:02:54 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\bcmwlu00.exe";"Infected";"2/17/2009, 2:02:52 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\BCMWLTRY.EXE";"Infected";"2/17/2009, 2:02:48 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

We ran a system restore and then installed Avast and there were absolutely NO infections at all. These were FALSE POSITIVES given off by AVG.

AVG Giving FALSE POSITIVES Once Again!

2009-02-17T17:16:00.003-07:00

We previously posted a message regarding an issue we were seeing with the AVG Free and we have since collected a lot more information! We have posted in the AVG forums but no one seems to care so we'll keep blogging as we get more info gathered.

Computer: Dell Inspiron 600m
OS: Windows XP Pro SP2 (fully licensed, used on 50 + computers and loaded from the original Windows CD)

We installed the OS on our clients laptop on Feb 15, 2009. We installed the drivers downloaded from the Dell website and then started in on the back up files. We had previously scanned the external drive for malware and viruses, nothing was found. We had scanned it with AVG which was installed on one of our desktop computers with the database from Feb 14, 2009.

We then proceeded to download AVG Free. It was retrieved from Download.com (where we always go for this download as Grisoft doesn't host their own download). The version that was available at that time was 8.0.233. We also downloaded and installed Malwarebytes from download.com as well. That was the full extent of our online surfing. We then ran Malwarebytes and all hell broke loose. Every file it touched, AVG indicated it was infected and removed it.

Here is an example of the files that were detected as "threats"....
Virus found Win32/Virut";"C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe";"Infected";"2/17/2009, 2:11:47 PM";"File";"C:\Program Files\AVG\AVG8\avgui.exe"

"Virus found Win32/Virut";"C:\WINDOWS\explorer.exe";"Object is in whitelist";"2/17/2009, 2:11:46 PM";"File";"C:\Program Files\AVG\AVG8\avgui.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\notepad.exe";"Object is in whitelist";"2/17/2009, 2:09:49 PM";"File";"C:\WINDOWS\explorer.exe"

"Virus found Win32/Virut";"C:\WINDOWS\explorer.exe";"Object is in whitelist";"2/17/2009, 2:09:04 PM";"File";"C:\Program Files\AVG\AVG8\avgui.exe"

"Virus found Win32/Virut";"C:\WINDOWS\system32\dllcache\inetwiz.exe";"Infected";"2/17/2009, 2:08:47 PM";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

Please not that the first file on that list is associated with AVG itself! We have since installed avg_free_stf_en_8_233a1415.exe (57.2mb) which was downloaded Feb 16, 2009 and is running on the work PC this message is being posted with; it works fine and we have run Malwarebytes and nothing has been detected by AVG at all.

Today we went back to the issue of the laptop and downloaded the version available today which is avg_free_stf_eng_8_237a1428.exe (58.1mb) and very obviously a DIFFERENT FILE form what we got yesterday. It once again began giving false positives and deleted uninfected Windows system files.

BIG Problems for AVG!

2009-02-16T15:10:00.004-07:00

It seems Grisoft, the maker of AVG, has another false positive issue that will need to be dealt with. Back in Nov 2008 it was announced that an update for their AVG was giving false positives and deleteing the user32.dll file from the Windows and hence rendering computers with Windows XP useless. We had a tech working on a laptop lastnight and after installing the latest version of AVG it was noted to be removing several of the critical Windows system files and hence the system was useless.

Our technician was also re-installing the same version of Windows XP on their own personal work computer and had the same results after installing the same version of AVG. We have posted a message in the AVG forums which can be viewed HERE and we encourage you to post your messages if you too are having this problem.

**More info**
After the AVG deletes the system files we noticed that we were being forced to login as if on a network, all administrative rights to install/move/delete files were removed and we even had a difficult time trying to fix this in safe mode. None of the know fixes would work, not even editing the registry itself!

Microsoft Sued For Vista to XP Downgrade Fee's

2009-02-13T18:01:00.003-07:00

It was just announced that a computer owner in Los Angeles, California has filed a lawsuit against software giant Microsoft in response to being charged to downgrade from the infamous Windows Vista to XP. Since the release of Vista, Microsoft has been plagued by complaints and dissatisfied customers due to the extreme amount of memory the operating system consumes as well as the issues that have arisen regarding issues with drivers.

Emma Alvarado is the brave soul taking on the market dominating entity and in court papers filed in U.S. District Court in Seattle she stated, "Microsoft has used its power to coerce OEMs, Internet access providers, and others into agreeing to restrictive and anti-competitive licensing terms for its Windows XP operating system in order to stifle competition in the market," according to Alvarado's complaint. "Microsoft did so in order to maintain, protect, and extend its market power in Vista has scorched many users and Alvarado's lawsuit is based on the fact that Microsoft has flooded the market with computers loaded with Vista that don't work properly and the user is left footing the bill to downgrade from Vista to the much more revered XP. The suite claims that one third of these computers purchased in the past two years have been downgraded due to degraded performance due to the resource sucking Vista.

Alvarado is seeking an unspecified amount in damages and is hoping to turn this in to a class-action lawsuit.

So what is spyware anyway? Protect your computer part 2

2009-02-12T10:35:00.005-07:00

This is the second part of protecting your computer.... Many of you have heard of spyware but you may not understand what it is, or how it can affect you as well as your computer so we thought we'd post some information and facts. Aladdin released a highly informative report which we will be quoting from and is probably one of the best articles we have seen on spyware.

The facts: (from the Aladdin report)

1. 90% of all Windows computers are infected with spyware
2. 80% of all home computers are infected with spyware
3. 88% of owners with infected computers don't know their computer is infected
4. only 24% of PC owners are educated on how how to handle spyware
5. 65% of PC users don't have up-to-date antivirus software

Those are the numbers and they are pretty scary! So what is spyware and how does it affect us? In today's day and age it is usually software that has been installed unknowing by the user, or potentially by an infected website, and it is used to gather personal information from your computer. While the application used to install it may be legal, it is usually installed without the user's knowledge or consent. Spyware applications monitor the users activities and can even hijack the default internet browser to shape the users internet experience as their vendors please. Once personal data is collected, it is then sent to a remote server and because of this, spyware has become a major security concern. So what exactly does it gather?

1. Private/personal information
2. Copyrighted or confidential information, passwords, bank account details, social security numbers, personal/business correspondence and credit card information
3. It can create irreparable system instability
4. It can damage or interfere with legitimate programs
5. It can open a "back door" on infected systems and cause your computer to be used for spam flooding or other malicious purposes without you ever knowing until your internet service provider shuts off your service
6. It can allow a spyware operator to completely take over your computer and make it a "zombie" used for the further spread of viruses, spyware and malware.

We have seen a tremendous jump in what is dubbed "the Cynical Anti-Spyware" spyware lately and it's calling itself Antivirus XP/Vista/2008/2009, Antivirux 360 and comes with many variations of these names as well. The spyware vendors are aware that people are concerned about issues security and they are disguising their spyware as legitimate programs, badgering the user to "purchase" the program with promises of virus removal and what not. The scariest part is that this feeds on the fear that the public has developed and exploits that fear. It provides a very false sense of security.

So that's today's lesson on spyware. We will be back with more soon!

Antivirus XP Pro 2009 same game, different name....

2009-02-07T16:58:00.002-07:00

We recently saw another morph of the infamous Antivirs XP\Vista\2008\2009 calling itself Antivirus XP Pro 2009; this one was a nightmare. The end user was complaining that he could not get any programs to load because this sucker was using such a high amount of memory, he was unable to get online without being redirected to their website and he had no access to his task manager.

We tried going in through safe mode with networking and this little booger had everything so tied up that we couldn't get it to function in safe mode; it had close to 100 instances of install.exe running! We wound up going in through just the main admin account on the computer, used a CD to drop in combofix, malwarebytes and SuperAntispyware but before we ran them, we renamed them. Combofix was "Fixme", Malwarebytes was "ThisBytes" and SuperAntiSPyware was "Supermomma". The renames worked but it still took a while. First we ran the Combofix and it finally loaded after about 15 minutes but from there it was all down hill.

After getting the admin account cleaned up, we went to switch to the other user account and it was password protected. Since the client never supplied us with the password we had to take our chances. Full functionality had been restored to the admin account at this point. The client called later and apparently it had only been removed from the admin account (hence why its best to do this in safe mode!) so we walked him through running the security software and he was able to get it cleared off his account as well but guess what? His wireless doesn't work now so most likely it had corrupted his wireless drivers......

IBM Releases their X-Force 2008 Trend and Risk Report

2009-02-04T13:38:00.004-07:00

We had the pleasure of gleaning the new report which was recently release by IBM and it confirms what we have been finding about the new spread of spyware and malware. Hackers are targeting legitimate websites to infect end users with spyware and malware to gather information for profit, not for destruction. In short, they want your banking and credit card information to make a fast buck at your expense. Traditionally hackers wanted to be malicious and destroy your computer but that is no longer the case!

The two largest categories of vulnerabilities for 2008 were web applications (at 55%) and software (about 20%). It has been shown that websites and web applications have become the Achilles heel for many businesses as there have been attacks on their customers which were launched through advertising on the websites; this was mainly in FLASH ads and now even PDF files. In addition vunerabilities have been increasing in SQL injections as well as other web applications such as ActiveX controls which many of these sites rely on. Vulnerabilities affecting Web Browsers is at an alarming rate and considering how many Windows PC owners leave themselves completely unprotected, it's no wonder why there has been such a drastic increase in identity theft and spyware\malware infected computers.

The report indicates that the majority of malware is Trojan and makes up 46% of the malware being spread right now. The most prevelant forms of these Trojans are the info-stealer's (30%), downloaders (24%) and droppers (10%) with an increase in the info-stealer's and droppers in the past year. To view the report you can go HERE

Antivirus 360 replacing Antivirus2009

2009-01-28T18:51:00.005-07:00

It has come to our attention that the AntivirusXP/Vista/2008/2009 has come up with a new name; Antivirus 360. We know that this malwarwe loves to morph it's name and it's look but it's still all the same. It's a nasty thing being spread via ads on the Internet and even big name, completely legitimate websites, are being used to spread it through their third party ads. Basically what this malware does is false scan results and aggressive advertising in order to promote itself. This rogue is advertised by the Vundo Trojan and is replacing the Antivirus 2009 rogue program that Vundo has been aggressively advertising. Here's a picture of the "control panel".

You will find that this redirects you when you try to get online and you will most likely be unable to connect to any website you wish to go to. DO NOT try to purchase this! Turn your computer off and give us a call, or email us. Our technicians are well versed in it's removal and we can have your computer restored back to its original states within just a few hours. For in home service we charge just $80 or if you want to drop it off it's only $60. This service includes the complete removal of this as well as any rootkits, trojans or other viruses it may have allowed through and we will also install security software to continue keeping your computer protected.

Protect your computer with these tips! Part 1

2009-01-28T14:06:00.003-07:00

Are you afraid of getting a virus, spyware or malware? Here are some tips on what can be done to better protect your computer!

1. Keep your antivirus up to date - we can't begin to stress how important this is! We routinely work on computers with out of date antivirus software or worse yet, none at all! The main line of defense that any computer has is its antivirus software. AVG (made by Grisoft) is the top program we recommend and the killer thing is that they offer a FREE edition! You can get it HERE.

2. Malware and spyware protection should also be installed - we say this becuase it's not just viruses that can damage your computer. Malware and spyware are making their way around the internet and if you haven't read or ducomentation on the wonderful Antivirus XP/Vista/2008/2009 then you should! These types of infections can do just as much damage as a virus and we recommend using Malwarebytes which you can get it HERE and for spyware removal we recommend SUPERAntiSpyware which you can get HERE

3. Once you get security software keep it up to date and run regular scans. You can have all the protection in the world but if it's out of date and you don't run it, it does you about as much good as using your little kitty for home security, instead of your great big guard dog!

Remote assistance on the way!

2009-01-26T14:52:00.001-07:00

Affordable Computer Tech Solutions woudl like to announce that we may soon be offering REMOTE ASSISTANCE! That's right, we may be offering remote assistance for virus/spyware/malware removal which means our prices will be lower.

We will be testing this and will post updates as soon as possible.

Web hosting providers hacked

2009-01-26T13:48:00.001-07:00

If you are currently a customer of Startlogic, Ipower, Dot5, Godaddy, Hostgator or Fasthosts you may have recently receivied an email indicating that your FTP, main account and/or email passwords were changed for security purposes. The reason behind this change? Each of these companies had a breach in their security and a trojan virus installed itself on their servers.

Insiders tell us that these companies are all currently working together to find out where the attack originated, how it was conducted and what can be done to prosecute the hacker(s). From what we have been told, the attack appears to be a Russian coded trojan virus which was delivered from an IP address originating in China. They have been able to locate nine IP addresses associated with this infection.

It is important to keep a few things in mind here. It is the account holders responsibility to maintain SECURE PASSWORDS; mary123, test123 and john123 are NOT SECURE. Using uppercase, lowercase, numbers and special characters is what IT professionals would recommend (if possible that is) and using non-dictionary words is always best. Maintain back up copies of all your files because it's not your hosting providers responsibility.

Downadup Worm Not Affecting US Yet

2009-01-25T14:24:00.002-07:00

Symantec is reporting that the infamous Downadup worm has hit China, Argentina, Taiwan, Brazil, India, Chile, and Russia but not The US. It has been determined that the area's hit hardest are the area's which have the highest rate of pirated software.

Pirated copies of Windows are unable to make all the updates and hence those systems are left wide open to the devastating effects of the worm. In most cases the users of pirated copies of Window turn off automatic updates to avoid detection of the stolen software.

Updating on a regular basis, using antivirus software and NOT using stolen copies of Windows will offer the most adequate proteciton as this worm makes its way in through a vunerability which Microsoft patched back in October. The peer-to-peer communities are now being hit so staying away from them for pirated copies of software is also advisable.

Segate releases second firmware update

2009-01-23T13:15:00.002-07:00

SEGATE announced the release of its second fix for a firmware problem that has caused some of their hard drives to stop working. This latest patch is supposed to correct a problem with the original "fix" which caused some 1-T Barracuda 7200.11 hard drives to stop working. The first firmware updated was released back on Jan 16, 2009. "We regret any inconvenience that the firmware issues have caused our customers," the company said in an e-mailed statement.

Segate has stated that very few of their customers have experienced problems with the update but their forums were flooded with complaints of the 1-TB Barracuda 7200.11 as well as the 500-GB Barracuda 7200.11 freezing up suddenly. They have acknowledged that this problem extends to other equipment such as the Barracuda ES.2 and the DiamondMax 22. Segate has indicated that users should not lose any data as a result of the firmware headaches but they are offering a free data recovery service for anyone affected that is unabel to retreive their files.

Think your Mac OS X is safe? Think again!

2009-01-23T11:33:00.006-07:00

Hot off the press! There is a trojan which is attacking Mac OS X; this just goes to show you hackers really have nothing better to do with their time and apparently the Mac isn't as impervious as people once thought.

The OSX.iWork trojan is being spread by pirated copies of iWork09. Mac owners are being warned that they need to purchase the software (not steal it) to keep their machines from becoming infected. The software can be purchased from a retailer and no activation code is needed. However, if you get the trial version online you will be required to purchase the activation key to access full features.

Downandup/Conficker worm infects 9 million PCs

2009-01-21T11:01:00.004-07:00

We reported in a previous post that the Downandup/Conficker worm infection was spreading rapidly and it is continuing its infectious spread as we write this article now! It is estimated that it has possibly infected upwards of 20 million computers by now. It's been found under the names of Downandup, Downadup, Kido!, or Conficker all which are the same thing and appears to be spreading through infected USB drives.

This picture shows you what it looks like when it gets a chance to install itself on your computer....

Look closely and you will see two entries for "Open folder to view files." The top entry is a fake and if you click on that, the virus will be installed on your computer. You will find that the fake selection is the default when you connect a drive. Once it gets installed, it spreads at an alarming rate in a separate flaw in Windows networking system (now patched, so be sure to run Windows Update!).

Removing this can be a nightmare because of the way it tricks the user in to installing it, bypassing the auto-install safeguards; not to mention the fact that it's constantly changing itself (using randomized elements) to make traditional, signature-based detection almost impossible. Running a standard anti-virus scan should take care of the infection on a computer but if it infects a computer in a network, you may be looking at having to clean any servers connected to the network first, and then every computer connected as well.

How do you avoid getting this? Turning off the auto play/run feature in Windows XP is the first thing to do. If you see something like the picture included with this post, close it and eject the disk or drive as it is infected; browse the drive manually instead. Last but not least, make sure your Windows is fully up to date.

Downadup worm infections soar

2009-01-17T17:11:00.002-07:00

As of yesterday it is being reported that the Downadup worm (also known as Conficker or Kido)has infected an estimated 8,976,038 computers worldwide and the infections appear to be speeding up.
The worm is being spread via a Microsoft vunerability which was addressed back in October. Microsoft is cited as saying "Either Security Update MS08-067 was not installed at all or was not installed on all the computers," a pair of security researchers who work at Microsoft said Tuesday. Microsoft is advising that if you do not already have the emergency update that you DOWNLOAD IT They are also offering a free Malicious Software Removal Tool HERE

What exactly does this worm do? It potentially exposes PC's to hijacking which in turn could cause a loss of personal informaiton such as user names, passwords and even banking information. This appears to be infecting networks (mostly businesses)and if one is cleaning up a mess, it should be started at the server and then every PC on the network will need to be fully cleaned. Make sure that your antivirus software is up-to-date and disable Autoplay *and* Autorun functionality if possible. Downadup spreads itself via Network Shares and Removable Storage Devices such as USB memory. Downadup also attempts to brute-force account passwords so make sure that your administrator accounts are secure and use strict passwords.

Downadup uses random extensions for some of its components so you'll need to scan all file types on the system once you have disinfected. Downadup disables connectivity to a large number of security sites, update channels, as well as Microsoft Updates. You should confirm that these connections are reestablished once the computer is clean.

Operating systems that are affected:
Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Professional X64 Edition
Windows XP Professional X64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 X64 Edition
Windows Server 2003 X64 Edition SP2
Windows Server 2003 with SP1 Itanium-based Systems
Windows Server 2003 with SP2 Itanium-based Systems

Almost every infected machine is using Windows XP as the operating system.

Antivirus XP/Vista/2008/2009 what is is and how to remove it

2009-01-03T11:51:00.014-07:00

You may have heard about the infamous Antivirvus XP/Vista/2008/2009. It's a wonderful piece of malware and it comes with far too many names for us to begin listing here. The main characteristic is that it get's installed without your knowledge or consent, and you begin seeing pop-up's in the system tray telling you are infected with thousands of viruses, purchase this now. The main thing to keep in mind when it comes to this software is that you do NOT need to purchase it. It is not going to do you any good to enter your credit card number as you will just be sending your information to hackers. This programs "scans" are fictitious and misleading. Here are some screen shots.

and....

These are tell tale signs you are infected and speaking from personal experience, you should be worried becuase this nifty little piece of malware can hijack your desktop, freeze up your computer, prevent you from being able to get online, redirect you if you are able to get online just to name a few things. So you say you are safe online? You don't visit the porn or poker sites, you just check your email, only go to well known websites and you don't share files so how did you get this? Here are some answers!

It is an unfortunate thing that today's internet isn't safe ANYWHERE that you go. This malware is being delivered to home PC's around the world through FLASH banner ads that have been hijacked (those flashing pop-ups's or ads that you see on websites) and even PDF files. For absolute, in depth information, on exactly how this is being spread you should read Trend Report Q4 2008. This article explains in full, rich, detail how FLASH, ActionScripting and PDF files have been transmitting this malware across the internet. you can find the article by using the following link: http://www.finjan.com/content.aspx?id=827 All IT professionals need to read this article...

So how do you get rid of this nasty little thing? If you have the ability to get online then you will want to get some simple to use, free tools. We have tried several methods and found that this is the ONLY way to completely remove every file associated with this malware infection.

1. Get Malwarebytes HERE - after installing, ensure it is updated and then run a COMPLETE SCAN. Delete any and all files that come back as infected.

2. Get SuperantiSpyware HERE - after installing ensure it is updated and run a COMPLETE SCAN. Delete any files that it finds.

3. Go HERE to view a complete guide on using combofix and therein are links to download the most current version. Make sure you follow the instructions and run it.

If you have become infected and need a local technician, please fee free to call us. Our low flat rate for removal in your home is $80 and if you drop it off with us it's just $60.

We are LGBT friendly!

Welcome!

2008-12-31T18:51:00.002-07:00

Affordable Computer Tech Solutions, based in Tempe Arizona, is now offering free technical support so we decided to creat a new blogg which we can update on a daily basis. We will be posting new virus/spyware/malware alerts as we get the information as well as tech tips and tricks when it comes to troubleshooting various things that are computer related.

If you need help, please contact us and let us know! We will be more than happy to have one of our technicians get in touch with you as soon as possible.

Pc or laptop problems? We can help!

Scareware updates

Scareware updates

Malware Targeting Twilight Fans

Malware updates

Top Web Sites Are Spreading Malware

Scareware list update

Scareware - list of new names

Think Again If You Think Your Banking Info Is Safe!

Antivirus Scareware Shows Up In Google For Skype

Fake Antivirus Software Has Far Reaching Implications

New Versions of Antispyware keep coming

PC Protection Center: They Are Getting Nastier

Windows PC Defender; Just another Infection

XP Police Pro: Yet Another NASTY Infection

Malicious Ads Show Up On Google

Linux Botnet Could Be Behind the Antivirus Infections

Windows 7 Free Trial

PC Antispyware 2010: more bad news

Antivirus System Pro Is Making Its Rounds

More From Antivirus Malware; Same Problems Just DIfferent Names

Microsoft to Launch FREE Online Version of Office 2010

Antivirus 2010 is making the rounds now

Conficker = Spyware Protect 2009!

Windows XP Support Is Available At A Price

Windows 7 Doom and Gloom

Windows PC's Being Turned to Junk Email Bots By Conficker

StalkDaily Virus: Twitter Users Beware

Conficker Now Unleashed!

Conficker C Launched on April 1st As Planned

And we have a new name for the Antivirus XP/Vista/2008/2009/360!

April Fool's Day Worm Is On The Way; Could There Be Possible Ties to the Windows XP/Vista/2009/360 Infections?

New Worm Targets Home Routers and Cable Modems

Great new screen shots! Want to see what the prompts for AntivirusXP/Vista/2009/360 look like?

IE8 Released Today : Will It Offer More Protection?

Remote service is now a reality! Got malware/spyware/viruses? We can help!

Microsoft Releases Three Updates for Eight Vulnerabilities ; Will These Stop The Antivirus XP/Vista/360 Outbreak??

Microsoft Announces Zero-Day Excel Exploit

Updates on the Antivirus XP/Vista/2008/2009/360 malware **CRITICAL**

AVG FALSE POSITIVES issues

AVG Giving FALSE POSITIVES Once Again!

BIG Problems for AVG!

Microsoft Sued For Vista to XP Downgrade Fee's

So what is spyware anyway? Protect your computer part 2

Antivirus XP Pro 2009 same game, different name....

IBM Releases their X-Force 2008 Trend and Risk Report

Antivirus 360 replacing Antivirus2009

Protect your computer with these tips! Part 1

Remote assistance on the way!

Web hosting providers hacked

Downadup Worm Not Affecting US Yet

Segate releases second firmware update

Think your Mac OS X is safe? Think again!

Downandup/Conficker worm infects 9 million PCs

Downadup worm infections soar

Antivirus XP/Vista/2008/2009 what is is and how to remove it

Welcome!

Updates on the Antivirus XP/Vista/2008/2009/360 malware CRITICAL