Categories
News

How To Remove The Troubleshooter Malware That Generates Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

According to Myce, the security researchers from Malwarebytes have discovered a malware called Troubleshooter, which generates fake Blue Screen of Deaths (BSODs) and asks the user to buy Windows Defender Essentials (fake Windows Defender version) to clean the computer.

The malware inserts a BSOD image and disables the key combinations that permit the user to close the windows (e.g. ALT+F4) and asks for 25$ on Paypal, for buying the fake version of Win Defender.

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

How To Remove The Troubleshooter Malware That Generate Fake BSODs And Asks Users To Buy A Non Existent Windows Defender AV

A security researcher found out that if the user pays for the fake software, the website http://hitechnovation.com/thankyou.txt gets opened and the malware kills himself. If you get in this situation, just use the CTRL + O combination and navigate to the website yourself (without paying the ransom).

Apparently, this type of malware spreads with cracked software, so if you are a good samaritan and use only genuine software or open-source alternatives, you should be safe.

To remove this software completely, you need to reboot in safe mode, delete the Troubleshooter.exe file from %temp%, disable the csrvc service and scan your computer with Malwarebytes. More detailed instructions can be found on this Malwarebytes forum thread.

Categories
Editorials and informational articles Tutorials and how to guides

Perceptual Ad Blocker blocks ads by graphic elements, not by code

A few guys from Princeton and Stanford universities have worked together and create Perceptual Ad Blocker, a different piece of adblocking software, that detects ads by the graphical elements, the content dimensions and the sponsored words. The software does not hide the ads completely, but covers them and displays the “This is an ad” text.

As you may know, the classical adblocking software analyzes the source code of pages to identify the ads, while Perceptual Ad blocker does things in a different way. It has been initially released to block the annoying Facebook Ads, after the website has started to integrate the ads in the content better and better, and the classical ad blockers could not block them.

Another good thing about Perceptual Adblock is that it is not discovered by the websites, being an ideal solution for that kind of websites that do not offer the content if you do not whitelist them in your adblocker. It has been tested on 50 websites that usually detect adblockers, but it has been invisible.

For now, Perceptual Ad Blocker is just a proof of concept, available only for Google Chrome, as an extension. For more information, see this thread on the MMO-Champion forum.

https://i1.wp.com/i.imgur.com/iStxGZJ.jpg

Categories
News

Kaspersky’s RakhniDecryptor can now recover the files infected by the Jaff ransomware

As you may know, the ransomware is that type of malware that encrypts all your personal data and asks for a ransom, in order to get the decryption key.

This kind of internet infection has spread a lot lately, the WannaCry being the largest cyber attack from internet history. Fortunately, a lot of big companies, tech teams and security researchers worked together and stopped WannaCry, for now.

Well, this article brings good news to ransomware victims. The guys from Kaspersky have updated their RakhniDecryptor tool to version 1.21.2.1, bringing support for decrypting files infected by the Jaff ransomware. The researchers have discovered a weakness in the virus’ code and exploited it, being able to create a decrypting tool.

The Jaff ransomware is distributed with the help of Necurs botnet, the same botnet that distributed the Dridex Banking Trojan and the Locky ransomware, in the past.

The Jaff ransomware (found by antivirus software as Trojan-Ransom.Win32.Jaff) spreads via spam emails with infected PDF files that opens a Word file with a malicious macro script that downloads and executes the ransomware.

A few usage instructions, for Kaspersky’s RakhniDecryptor:

The Kaspersky RakhniDecryptor is a lightweight and portable decryption tool, capable of recovering data affected by different types of ransomware, and does not require advanced technical skills to decrypt the files.

  • You need to download the latest version of the RakhniDecryptor from here.
  • Extract the archive and run the RakhniDecryptor.exe on an infected system.
  • Use the Change parameters option to select the locations you want to scan.
  • Browse to the exact path of the infected files.
  • Next, the tool with recover the decryption password to unlock the files.

Due to the fact that I don’t have encrypted files on my hard drive, I could not create a full tutorial, but the tools is very easy to use.

Kaspersky's RakhniDecryptor can now recover the files infected by the Jaff ransomware

In order to keep your system safe from ransomware infections, I recommend you to read this article. It provides you 4 security tips that can save your business from ransomware. Or, if you manage to perform your regular tasks only with apps from the Microsoft Store, use Windows 10 S, which is 100% ransomware-proof.

Categories
Editorials and informational articles Security solutions and antivirus software

Bitdefender Home Scanner is a free tool for finding vulnerabilities in the local network

Bitdefender has create a new free tool called Home Scanner, a piece of software that scans the network for vulnerabilities and notifies the users about the vulnerable devices in the network. The application discovers all the devices connected to the local network and checks if those devices use weak passwords or outdated software, which create security flaws.

After the software scans the network, it generates a report, offering the suers security tips, in order to make the network secured. To search for weak passwords, the app tries to authenticate on devices using the common (default) passwords of the devices.

Bitdefender Home Scanner has been released on the 31st of May and can be downloaded for free, from the Bitdefender website .

A few instructions:

The software can be easily installed on the computer. It requires you to create a Bitdefender account, but this can be done fast and easy directly from the application, without requiring mail confirmation.

At first usage, the application asks the user to confirm which is the default network, the one which will be later scanned for vulnerabilities.

After the network confirmation, the app discovers and scans the network devices.

Unfortunately, in my test, the app did not find any vulnerabilities, so I do not know how the good are the security tips it provides.

If you want to uninstall the app, you first need to uninstall Bitdefender Home Scanner and the Bitdefender Agent. The uninstall process does not require restart.

Screenshots:

Bitdefender Home Scanner - aplicație care verifică securitatea rețelei locale

Bitdefender Home Scanner - aplicație care verifică securitatea rețelei locale

Bitdefender Home Scanner - aplicație care verifică securitatea rețelei locale

Bitdefender Home Scanner is a free tool for finding vulnerabilities in the local network

Bitdefender Home Scanner is a free tool for finding vulnerabilities in the local network

Bitdefender Home Scanner is a free tool for finding vulnerabilities in the local network

Bitdefender Home Scanner is a free tool for finding vulnerabilities in the local network

Bitdefender Home Scanner is a free tool for finding vulnerabilities in the local network

Personally, I find this software really useful when trying to create security audits.

Categories
News

Windows 10 S is 100% safe of malware and ransomware

As you may know, the WannaCry (WannaCrypt) was the largest cyberattack in history, but despite this, third party developers and big companies have worked together to stop it.

According to Microsoft’s results, the WannaCry virus did not infect Windows 10, due to the fact that automatically updates cannot be turned off, meaning that the system got patched in time.

But the Windows version that is 100% immune to malware, ransomware and viruses is Windows 10 S, the hardened Windows 10 variant that permits the users to install apps only from the Windows Store, nothing outside Microsoft’s ecosystem.

To quote Microsoft on this subject, “No known ransomware works against Windows 10 S”.

While this is a very good news for computers used in the business environment, it is a big disability to have a system one which you can install a limited number of applications.

Due to its lack of features and apps, Windows 10 S is targeted at users in full time education.

Me and my colleague Daniel have put together this article, called 4 things to do to keep your business safe from WannaCry-like internet infections, where we provide tested security advice and tips to protect your business and data against another ransomware attack similar to WannaCry or even worse.

Categories
Editorials and informational articles Hackers and hacks Security solutions and antivirus software Tutorials and how to guides

4 things to do to keep your business safe from WannaCry-like internet infections

The WannaCry cyber attack has created a lot of panic, due to the fact that it has infected computers from over 120 countries, being the largest ransomware infection in history.

As I work for an outsourcing IT company, I have noticed that people got very worried that such an attack can destroy their businesses and started to buy backup solutions and to invest more in computer security.

In this article I will give you 4 tips that will save your business from a future WannaCry-like computer virus infections.

Backup the fileserver, user data and the operating system:

The easiest way to backup user files is to create a special folder for each user on the fileserver and to back it up constatly, along with the entire server backup. This way, everything placed by the users in their folders are backed up.

From my experience, it is better to backup a single computer or server from the network, instead of backing up files from all the computers on the network. Without a good network infrastructure, this would make the network unresponsive.

In addition to this, another good habbit is to create full system backups of all the computers on the network, making an bootable image of the fresh operating system, with all the drivers installed, all the license keys added and drivers installed. This way, the reinstall process gets done very quick.

Another good habbit is to have a 2 TB or bigger external hard drive and to use it to perform offline backups for the server, when the automatic one fails.

Antivirus solutions and anti-ransomware software:

While there are a lot of free decent antivirus software, this is not enough in the business environment. We recommend that you buy an endpoint security antivirus, in order to benefit from extra security modules such as email scanning, certificate scanning, port blocking et cetera.

Despite the fact that we like using ESET EndPoint Security, Kaspersky, Bitdefender and Symantec have good security solutions as well.

Added to this, we recommend using an anti-ransomware software, such as CryptoGuard or RansomFree Cyberreason, which are two pieces of free software that close the encryption process, when the ransomware starts it.

For extra security, or for the paranoid users, we recommend Zemana, a secundary antimalware software that can run along other antivirus software, famous for its anti-ransomware protection.

Keep your operating systems up to date:

A good security practice is to use supported operating systems, like Windows 7, Windows 8.1 or Windows 10. While Windows Updates may make the system a bit unresponsive, it is a necessary evil, let’s say.

A good practice is to update the operating system daily, at the end of the working hours.

User training:

Yet another important thing to do is to train the users how to spot malicious emails, ignore the attachments and delete them. In most of the cases, the strange emails are either infected or phishing emails.

I know it’s difficult to keep the network and computers safe, but it’s even more difficult to recover the encrypted data.

Categories
Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware spreading stopped – Thanks to Microsoft and MalwareTech security firm

As a reminder, WannaCry Ransomware is a ransomware malware created to use some exploits harvested from NSA hack. The infection spread in over 70 countries.

Microsoft has patched this issue, so the users that run supported Windows versions, Windows 7, Windows 8.1 and Windows 10, are safe if they have all the system updates installed and Windows Defender enables.

But despite this, Microsoft has published an emergency update for all the Windows systems (except Vista), in order to block the WannaCry ransomware, flagged by Microsoft Ransom:Win32/WannaCrypt .

Download the update patch matching your operating system and architecture:

All you have to do in order to patch your system is to download the update and install.

On top of Microsoft’s work to update and secure operating systems which reached EOL (end of life), a cybersecurity researcher from MalwareTech handle has managed to stop the WannaCry infection from spreading.

The researcher has studied the code and found a kill switch, hardcoded by the creator of the code in case he wanted to stop it from spreading. The malware was designed to stop if it got response from an internet domain, so the MalwareTech company registered that domain since the attacker did not bother to buy that domain.

According to Bitdefender, the malware spread in 104 countries, infected 180.000 devices, and only 102 victims decided to pay the $300 Bitcoin ransom.

As a piece of advice, as I said in the previous article, you should download the right patch for your operating system, keep Windows Defender active and do not open malicious mails.

WannaCry Ransomware spreading stopped

 

Categories
Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware infection is the largest in history

Recently, the British National Health System (NHS) has become the victim of WannaCry ransomware (also known as WCry or WanaCryptor), a very lethal computer virus that encrypts all the data from the infected computers. While the first infected systems were in UK, the virus has spread in other countries as well.

The attack took place on Friday (yesterday) and affected 74 countries (including UK, US, China, Russia, Spain, Italy and Taiwan), including 16 NHS trusts in UK, being the biggest in the history.

The WannaCry ransomware is based on an exploit harvested from the EternalBlue tool used for hacking by NSA and leaked a few months ago by the hacker group Shadow Brokers. Once a computer is hacked, it explores a vulnerability in the SMB file sharing. The most vulnerable computers are the ones with older operating systems and since the encryption is done with RSA-2048, the files cannot be decrypted without the hacker’s key.

The problem is that a lot of computers from public institutions still use Windows XP, a system which is very vulnerable to hackers, since it does not receive any more updates.

The losses were bigger than financial, this causing surgeons to cancel operations, because everybody was locked out of the system. For more information, see this Liliputing article.

The good thing in this is that Microsoft has released an update patch for all the supported Windows systems – Windows 7, 8.1 and 10 and the May 2017 updates should keep the users safe from this, if they have Windows Defender enabled with up to date signature database.

Final words:

If you keep your Windows system up to date with the latest updates and keep Windows Defender updated and enabled, you are safe from this ransomware malware.

Unfortunately, this happened because government agencies like NSA or CIA keep vulnerabilities unknown for their own benefit.

Categories
Tutorials and how to guides

How to permanently uninstall OneDrive on Windows 10

So… You want to uninstall OneDrive because it is annoying as hell? As you may have noticed, when you open photos on your computer, the Set up OneDrive dialog will automatically open and that could be a little frustrating in time.

And if you do not need OneDrive at all, you should get rid of it for good. In this article we will show you how to completely and permanently uninstall OneDrive, so that it will not annoy you anymore.

This is an easy and straight forward guide, so it can be performed by people that lack IT skills.

How to permanently uninstall OneDrive on Windows 10

Let’s start. The first thing you have to do is open Settings. You can type settings in Cortana or use the key combination Windows + I.

uninstall OneDrive

Next, choose Apps and from the next menu, Apps & Features.

After that, type in onedrive, hit Enter and choose Microsoft OneDrive from the results.

Press uninstall, confirm it with “This app and its related info will be uninstalled” and choose Yes from the UAC window.

uninstall OneDrive

If you need to reinstall the application, you can either download it from the official website or from Windows Store.

Note: the same steps can be performed for uninstalling any unwanted software that came with your new Windows 10 computer or laptop.

That’s all. Enjoy!

Categories
Editorials and informational articles Reviews

Game Mode on Windows 10 Creators Update – Everything you need to know about this feature

As you may know, Microsoft has worked a lot at Game Mode, a new gaming feature introduced in Windows 10 Creators Update. Its goal is to improve the number of FPS in games and to provide a smoother experience while playing.

When enabled, the Game Mode feature assigns more hardware resources to both the CPU and the video card, for the apps running on foreground. Some games are placed by default in the whitelist, but apps can also be added manually, to be Game Mode-enabled.

Microsoft estimates that the performance will be enhanced with 2 to 5% of its capabilities, meaning that the older computers could really benefit from this feature. Enable the feature, you have to go to Settings > Gaming > Game Mode.

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

Game Bar is yet another option that permits the users to take screenshots, start screen and audio recordings using key combinations, options which can be adjusted easily.

To tweak the settings from Game Bar, choose: Settings > Gaming > Game Bar.

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

The Game DVR function permits the users to adjust the video/audio recordings settings. To access it, go to Settings > Gaming > Game DVR.

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

Cum funcționează noile setări de gaming introduse în Windows 10 Creators Update

Broadcasting enables the users to change a bunch of extra settings, ideal for the creation of videos that you want to broadcast live. To access it, go to Settings > Gaming > Broadcasting.

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

To add a game in the whitelist, to make it run with enhanced CPU and GPU performance, you need to press Windows + G while the game is open and then choose the option “Use Game Mode for this game”.

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

Game Mode on Windows 10 Creators Update - Everything you need to know about this feature

While it is not much, this new feature should be useful on systems with lower specs.