Our most frequently asked questions.
How do I know if my computer is infected with a virus?
If you feel that you may be the victim of a Virus or Spyware infection you are far from being alone. According to a survey conducted by the non-profit Internet Safety and Online Security Council (ISOC), more than 80 percent of windows based personal computers that are actively connected to the internet today, either are currently infected or have been been infected in the past by at least one of the following forms of uninvited software; Viruses, Spyware, Adware, Rootkits, Worms, Trojan Horses or Malware.
Your system could already be infected- Left untreated this software can at minimum severely adversely affect your system performance and at worst threaten all personal information stored anywhere on your local computer or any other computer that happens to be on the same network as the infected system. If you notice suspicious computer behavior such as; very slow system performance, unusual numbers of pop-up windows appearing at random while browsing the Internet, or you are randomly redirected to websites that you have not been searching for then there is a very good chance that your computer is already infected.
Sometimes it is easy to tell and other times you may not have a clue. It really depends on the intent of what you were infected with. Here are some common things to look for. It doesn't mean you have an infection because there may be other things causing similar issues. When in doubt, scan the drive anyway.
Poor System Performance- Your system takes much longer than it should to start-up or perform routine operations.
System Lock-Ups- Virus and Spyware infections can cause your system to ‘hang’ or become un-responsive while performing routine operations.
Browser Redirection- URL redirection is very common with many types of Spyware and Malware. Your Internet browser may seem to have a mind of its own, landing on sites that you never searched for.Excessive number of pop-up windows appearing at random while surfing the Internet.
Pop-Up Windows- Another very common tactic is the use of pop-up windows. These pop-ups are usually either an advertisement for some product or service, or in some cases literally dozens or even hundreds of windows are opened all at once. This is done with the intention being to overload the system resources and cause a system crash or failure.
Fake Virus Alerts- These fake Virus alerts are widespread. How it works: Once infected, you are informed that your system has ‘hundreds’ or ‘thousands’ of active infections and you are redirected to a website which insists that you pay for and download their specific software package to remove the infections.
Key Loggers- This type of program collects every keystroke you make and then transmits that information to the creator of it.
What can be done in each situation depends on the level of infection and type of infection. At a minimum we can do the following.
Comprehensive System Scan- If you suspect your system has become unwittingly compromised by keylogging software, we can scan and remove any such software that may be capturing your computer usage.
Anti-Virus Software Installation- We can also help safeguard your system by recommending/installing security software and operating system settings to prevent future software from being installed on your system without your express consent. A full scan of your computer would be conducted and all infections removed.
Complete System Security Update- For all Windows based computer systems we will ensure that all of the Microsoft security updates are downloaded and installed properly. We will also optimize your browser and firewall settings for heightened protection, and create a new limited access user account to surf the internet from. This account would not have the same access as an administrator level account has to your system.
In the event that the infection could not be removed by software or if by the proccess of removal your system becomes unstable and crashes, a complete reinstallation would be needed.
Do you remove adware?
If you are experiencing annoying pop-up advertisements that are interfering with your ability to use your computer or browse the Internet we can help.
If your computer has unsolicited popup windows appearing while you surf the Internet or advertisements that appear randomly while you are using your computer we can remove these annoying advertisements as long as doing so does not violate any terms of service agreements that you may have engaged in.
We will scan your entire system for any adware or trialware that you may have installed at one time and let you decide if you would rather keep it on your system or have us remove it.
We will completely remove any spyware that may be masquerading as adware that we detect currently on your system.
Complete System Security Update- For all Windows based computer systems we will ensure that all of the Microsoft security updates are downloaded and installed properly. We will also optimize your browser and firewall settings for heightened protection.
We are here to help - Our computer repair rates are competively priced!
My computer wont turn on. What should I do?
- Check to be sure that all power switches are in the on position. Check the back of the computer case. Many times there will be a power switch on the back of the computer near the location where the power cable attaches to the computer. Be sure that it is in the correct position.
- Check to see that the voltage switch is set correctly. In the U.S. it should be set to 110v/115v. You will find the voltage switch located on the power supply, which is normally located on the back of the computer also near the power cord.
- Make sure that the power cord to the computer is plugged securely into the back of the computer.
- For laptops make sure that the transformer is plugged into the laptop securely.
- Trace the power cord from the computer back to the receptacle in the power strip or wall and make sure that the receptacle is actually ‘hot’. You can test this by taking a known working appliance such as a lamp and testing the actual receptacle that the computer is plugged into to make sure that it is actually working.
- If you see a power light or other L.E.D.’s on the computer case lighting up but the monitor is not showing a display then you may not have power to the monitor or the video cable may have become disconnected.
- Make sure that the power cable to the monitor is firmly plugged into the back of the monitor.
- Trace the power cable from the monitor back to the receptacle and be sure that it is connected to a live outlet.
- Check to see if the monitor video cable is secured to the back of the monitor and that the other end is securely attached to the video port on the computer.
- Still no luck? Try unplugging and re-plugging all cables. Remove all cables from the computer including power, monitor, mouse, keyboard, printer, network, and any other attached devices. Make sure that you know where the cables go back again! If not, label them.
- Now re-plug all the cords and cables and try powering up again.
- Now you should be able to turn your computer on. If it fails to start up properly, you may have a bad power supply, motherboard or other component failure.
- You should take your computer to a reliable repair shop and have them look at it.
I am having an issue with Software X. What can I do?
If one of the software applications that you use on a regular basis suddenly generates an error message and will not allow you to continue you can try this simple guide to correcting the issue. Use this guide at your own risk. You should have a general understanding of how to install and uninstall applications and programs on your system if you plan to use this guide. If you aren’t sure what you are doing, please take it to a reliable repair shop before using these procedures. Walterson Technology is not responsible for any data loss or other damage that may occur from using the following procedures.
Remember, Walterson Technology cannot be held responsible for any problems that may result from the use of this checklist. If you are unsure of what you are doing please take your computer to a reliable repair shop.
- If you are experiencing a problem with a software application that was recently working properly, but now generates an error message when you try to use it; the first thing to do is retrace your steps.
- Have you installed any new software on your system between the last time you were able to successfully use the broken application and now?
- If so, there may be a conflict between the old software and the new software that you have installed. Consult the documentation that accompanied the new software and the formally working software to see if there is any mention of restrictions or conflicts. Also, verify that your computer hardware meets the minimum requirements for the application(s). You can find this information listed on the software installation guide(s) or packaging.
- If you cannot think of any new software that has been installed or that might be causing a problem then uninstalling and reinstalling the program might correct the issue. If you feel that no new software has been installed and you wish to uninstall and reinstall then skip to step 9 otherwise continue to step 5.
- Uninstalling any new program(s) that have been installed recently may free up your application to start working again. If you would like to try doing this be sure that you have at least a basic understanding of how to install and unistall software applications on your system before continuing.
- Proceed to uninstalling the suspect application(s) - being very sure to use the proper uninstallation procedure. If you are not familiar with the steps used to uninstall programs and applications from your system do not try these procedures.
- After uninstalling each new application that you suspect may have been causing an issue; completely power your system down and wait at least 2 minutes before powering back up.
- If after uninstalling any new software applications installed recently, and you have made sure to reboot your system, you are still getting an error with the problematic software; you can try uninstalling and reinstalling the application itself - But WAIT, read on.
- Before you uninstall your application make sure that you have the installation disk and guide that will be needed to reinstall your software. Read the installation guide carefully! Verify that all the installation disks are present and that you have the proper license key to perform a re-installation after you have uninstalled the application. Failure to do verify these facts can lead to a situation where your software cannot be reinstalled.
- Ok now, if are sure that you feel comfortable knowing that you have everything you will need to reinstall the software, you can go ahead and uninstall your application now.
- If you are not familiar with the process that is required to uninstall software on your system then you shouldn’t even be trying to use this guide.
- After the uninstall is complete – power the system all the way down. Do not use restart. Do a complete system shutdown and wait at least 2 minutes before you power the system back up.
- You can now attempt to reinstall your application and hopefully your software will be working once again.
What is Phishing and what does it look like?
Phishing email messages are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data. A few clues can help you spot fraudulent email messages or links within them.
Microsoft has a great page to help you become aware of phishing and how to look for clues. Click on the link below.
What is a Bot-Net?
The term "bot" is short for robot and "net" is short for network. Criminals distribute malicious software, also known as malware, that can turn your computer into a bot, also known as a zombie. When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.
Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.
Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals. It is a big business. Some bot-nets are created for the sole purpose of being sold to individuals who need a bot-net to do their dirty work. Others use their bot-net to steal credit card numbers and other personal information for use in other illegal activities. The more zombie PC's on a bot-net the more it is worth in terms of payload gathering and in terms of resale value.
What is a trojan?
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system in some way. The term is derived from the Trojan Horse story in Greek Mythology.
It is a destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses onto the computer.
The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
A Trojan may allow a hacker remote access to a target computer system. Once a Trojan has been installed on a target computer system, a hacker may have access to the computer remotely and perform various operations, limited by user privileges on the target computer system and the design of the Trojan .
Operations that could be performed by a hacker on a target computer system include:
- Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
- Data theft (e.g. retrieving passwords or credit card information)
- Installation of software, including third-party malware
- Downloading or uploading of files on the user's computer
- Modification or deletion of files
- Keystroke logging
- Watching the user's screen
- Crashing the computer
- Anonymizing internet viewing
Trojan horses in this way require interaction with a hacker to fulfill their purpose, though the hacker need not be the individual responsible for distributing the Trojan horse. It is possible for individual hackers to scan computers on a network using a port scanner in the hope of finding one with a malicious Trojan horse installed, which the hacker can then use to control the target computer.
A recent innovation in Trojan horse code takes advantage of a security flaw in older versions of IE explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide internet usage. The hacker is able to view internet sites while the tracking cookies, internet history, and any IP logging are maintained on the host computer. The host computer may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Newer generations of the Trojan horse tend to "cover" their tracks more efficiently. Several versions of Slavebot have been widely circulated in the US and Europe and are the most widely distributed examples of this type of Trojan horse.
Waht is Adware?
Adware are applications that automatically play, display or download advertisements to a computer. These are also known as Advertisement-supported software. The advertisements may be displayed at all times or only when the software is being run. Adware can also download and run Spyware which are built to invade the privacy of the user. Because of this, adware is mostly considered as malicious software. Most adware is developed to support the developer’s development costs. A certain program may be offered free of charge or for a reduced cost, and the revenue generated by the advertisements shown by the adware could provide compensation for the developer. This type of adware will check which websites the user visits and display advertisements pertaining to the user’s preferences. Some may be used to prompt the user to purchase a license to a particular program. Other adware may claim that it will remove all the advertisements if the user purchases the full version of the application. Adware can sometimes be viewed as annoyances or distractions by the user; hence they would attempt to remove it. Some examples of programs that are considered as adware are:
- Advanced search engines
- Weather and news update applications
- Computer games
- Peer-to-peer file sharing programs
- Desktop themes
- Smiley packages for email and instant messaging
- Applications that claim to boost the efficiency of a computer
When downloading adware, users are presented with a license agreement that has a statement regarding advertisements that the user must agree to. However, as most users do not properly read license agreements they are annoyed by the number of advertisements displayed by the program. Some adware is also shareware, which explains the need for the developer to include advertisement support. However, as sharing out shareware is the responsibility of the users, the developer could not be held totally responsible for distributing adware. As adware could download and install spyware, most antivirus applications consider adware as malicious software as well. However, the user is given the choice of whether to remove adware or not. In most cases, the adware application may contain a useful program that the user might need. There have been a few lawsuits where developers of adware sued antivirus developers for blocking the installation of their programs. WeatherBug is one such program. A very common example of a current adware program is from Play Sushi. In order to play the sushi games for free the user installs a program that shows intext ads on websites. While the program is easy to remove via the add remove programs many people were unaware they even installed such a product. However if you read the Play Sushi website it does state clearly that you agree to install the software in order to play the games. Coutesy of www.removevirus.org
What is Malware?
Malware is the short form of Malicious Software, which refers to a group of dangerous software that engages in activities that are hostile and intrusive. It is used to commit cyber crimes, to harm large networks as part of terrorist acts, or just to cause general havoc. Malware can be forced on users aggressively, or users can be tricked into downloading and installing them, or they can automatically propagate throughout every computer they come into contact with. Therefore malware has become one of the most prevalent threats to computer security. Types of Malware Malware broadly describes a large group of software. These can be categorized into the following groups:
- Viruses – Viruses are malicious software that are designed to self-replicate and automatically propagate to every computer or device that they come into contact with, and to perform various other harmful tasks such as deleting/corrupting files, using up memory and hard disk space or taking control of the computer. These are the most widespread type of malware and have been around for the longest time as well.
- Worms – Worms utilize security loopholes in computer systems and breach them. Then they enter the computer and perform their malicious activities while replicating themselves rapidly. Worms completely destroy the security of a system, and then head out throughout whatever the network the computer is connected to, infecting all other computer connected to that network. The same process is carried out at every host the worm infects, ensuring extremely rapid propagation of the worm throughout cyberspace.
- Spyware – Spyware is malicious software aimed at compromising the user’s privacy. These programs install themselves unobtrusively, mostly piggybacking on legitimate software applications. They gather information about the user’s activities such as keystrokes and web browsing habits and report them back to the developer of the spyware application. Some spyware may also download and install other malicious software programs as well.
- Rootkits – Rootkits are a type of malicious program that is meant to provide backdoor access to those who attack computer systems. The rootkit must be installed manually by the attacker by obtaining access to the administrative account of the computer and this is normally done by using social engineering methods. Once the rootkit has been installed (it replaces some system files), the attacker can access the super administrator account of the system via a remote location. Rootkits are also used to effectively hide the installation of other malicious software such as viruses and spyware.
- Trojans – Trojans, though considered as a type of virus, cannot be included in that category as Trojans do not have the ability to self-replicate. They use the method of tricking users into believing that it is a useful program (hence its name, like the fabled ‘Trojan horse’ from Greek mythology) to get themselves installed on the system. Once installed, the Trojan will download and install other malicious software such as viruses and spyware.
- Rogue security software – This is one of the most notorious types of malicious software as they pretend to be anti-malware, but actually are a type of malware. These programs get installed using various social engineering methods and via Trojans. Once installed, they will pretend to perform system scans and report that the system is heavily infected. However, there is no true infection. The aim of all this is to get the user to purchase a ‘full’ version of the rogue security software in order to ‘properly’ clean the system. As these are fake applications, none of their versions are capable of scanning or cleaning any system, however.
There are many anti-malware applications available that can respond to specific malware threats. These provide scanners for viruses, spyware, Trojans, worms and rootkits and block their entry to the system at all times. If, by chance, a malicious program enters the system, anti-malware applications have built-in scanners that can root out the malware and effectively remove it. The best way to protect your system from malware is to install a reputed anti-malware application and keep it updated with the latest malicious software definitions. Coutesy of www.removevirus.org
What is a Computer Virus?
A computer virus is a program that has no useful application, it has merely been developed to copy itself and infect computers and peripheral computer devices. Other dangerous software such as spyware and adware are not viruses as they cannot reproduce automatically. Many go unnoticed by the user as they perform their activities. The first virus was developed as far back as the early 1970s. Since then, viruses have been developed extensively to infect systems running on commercial operating systems such as Microsoft Windows and Apple Mac OS. Sometimes the damage caused by a particular virus could be so high that the whole computer will have to be formatted. In this way, dangerous and more potent viruses such as Chernobyl have caused damage worth of millions of dollars by harming whole networks of computers. Types of Viruses
- Viruses have been categorized in to a number of groups based on their methods of propagation and what they do when they infect a computer. These types are:
- Nonresident viruses – These viruses contain two main parts, the finder module and the replication module. The virus lies dormant in the computer as the finder module seeks out files that the virus can infect and the replication module infects those files with a copy of the virus.
- Resident viruses – These have a replication module similar to nonresident viruses, however, they do not have a finder module. The virus loads itself on to the memory of the computer when the operating system performs some action, e.g. when a file is executed. Once the virus is loaded on to the memory, the replication module checks files to see whether they can be infected with the virus, and infects them with a copy of the virus.
- Boot Sector viruses – This type of virus hides in the boot sector of storage disks and loads itself as the operating system whenever the boot sector is accessed. When floppy disks were popular, this type of virus was used to infect a large number of computers by infecting the boot sectors of floppy disks which were used as boot disks. Nowadays boot sector viruses are rare.
- Directory viruses – These viruses make a change to the directory structure of the computer. It moves original files to another location and replaces them with virus files with the same names as the original files. Whenever the user tries to execute the original files, they are actually executing the virus.
- Macro viruses – These viruses infect macro-enabled applications such as Microsoft Word, Excel and Access. They can be run as macros and infect other documents once the document containing the macro virus is opened. Normally they do not harm the computer, but change text and images of documents in an annoying manner.
- Polymorphic viruses – Polymorphic viruses encrypt themselves using a different algorithms and encryption keys every time they infect a system. This makes them harder to find for antivirus applications.
- Companion viruses – These viruses accompany legitimate programs, and replicate themselves whenever the legitimate program is run. Therefore there will be virus files accompanying the files of the legitimate program in its folder.
The best way to avoid virus infections is to keep a frequently updated installation of a reputed antivirus software application installed on your computer. If you do not have such an installation and feel that your computer may have been infected with a virus, immediately use a web-based repair service or download a scanner of a reputed virus guard program and scan your computer. If all else fails, you may have to format your hard disk and reinstall your operating system to completely removed the virus. In addition to security software you should also keep your web browser,operating system and applications like Java up to date. This will help to ensure thatany security holes that have been fixed are applied to your computer. Social Networking sites such as facebook, myspace, youtube, twitter are all great places to visit and connect with others. Because of their popularity they also have criminals targetting them. Be sure to avoid links from others that you do not trust. E-mail: Many viruses are sent via e-mail. To avoid scams and viruses you should not open up any attachments in e-mails or click on links in the e-mail unless you trust the sender. Even if the e-mail is from a friend you should think twice about opening a link unless you trust the website they are sending you to. When in doubt play it safe and always ensure your security software is up to date. Coutesy of www.removevirus.org
What is Spyware?
Spyware is a type of malicious software that is installed on a computer to monitor the user’s activities and report them back to the spyware developer. This is in direct violation of the user’s privacy, and is banned by international law. Therefore spyware is considered as a dangerous form of software and steps should be taken to remove it from any computer it is found on. However, spyware can be hard to detect and remove, as they tend to keep a low profile while gathering user data. Normally, spyware gathers information on the user’s habits such as internet browsing activities or spyware can come in the form of keystroke loggers which store all the user’s keystrokes and report them back to the spyware developer. Some spyware installs more malicious software, redirects web browsers and also changes system settings without the user’s permission. Spyware cannot self-replicate like viruses or worms, rather, they must be manually or automatically installed on each individual computer that they infect. They do not attempt to infect other computers on their own. Therefore, spyware uses 3 main methods to get installed on user system:
- Piggybacking on other software – Usually a spyware program will get downloaded and installed along with other useful applications such as utility programs. Adware is also known to harbor spyware. Although the desired program does no harm in this instance, the spyware that came along with it does.
- By tricking the user – The spyware developer uses social engineering techniques to convince the user that some spyware program is useful. The user then voluntarily downloads and installs the spyware on their system.
- Aggressive methods – Some spyware, once installed on a user’s system, will redirect the user’s web browser by using browser helper objects to dangerous websites which will install more spyware programs on the user’s computer. Other spyware will use a Trojan virus that gets installed along with ActiveX components, video codecs or the like which will then download and install the spyware without the user’s permission.
The best way to remove spyware is to use anti-spyware applications which have sprung up with the widespread propagation of spyware among computer users. These anti-spyware applications are designed to offer live protection from spyware and to scan the computer regularly and remove any spyware that is found. Keeping one of these programs installed and well-updated is the best way to avoid your privacy from being compromised by spyware. However, there are a group of malicious software known as ‘rogue anti-spyware’ that pretend to be anti-spyware applications, however they are not real anti-spyware and are simply aimed at swindling money from users. Coutesy of www.removevirus.org
What is Rouge Security Software?
Rogue Security Software is a type of malicious software that pretend to be legitimate system security programs to trick the user in to making some form of payment. These programs propagate through the internet using a variety of techniques, such as:
- Social Engineering – users are tricked into installing the software, as it pretends to come from a legitimate source.
- Trojan viruses – these viruses enter the user’s computer along with other fake applications such as browser plug-ins, video/audio codec packs, free online malware scanners or e-mail attachments. Once they have entered the system, they automatically download and install the rogue security software.
- SEO poisoning techniques – Search Engine Optimization (SEO) is used to utilize the algorithms and functions used by popular web search engines in order to push a certain website up in search result rankings. These methods are also used by rogue software vendors, who place their URLs at the top of the search results for important queries such as recent news events. When the users click on these URLs, the browser will be redirected to a page that pushes a trial version of the rogue software onto the computer.
Once a rogue security software program has established itself on a user’s system, it will normally load itself as a service and run all the time. It will also generate fake security warnings that the user’s system is under threat in various ways. The rogue program will also disable any system utilities such as Task Manager, Registry Editor and System Restore that could be used to uninstall them, as well as completely disabling any legitimate security software that the user has already installed on the computer. The rogue software may also create actual malware on the computer and point them out to the user as threats, or create harmless files and point them out as threats, or simply point out useful and harmless system files as threats. It will perform these actions in the most attention-grabbing way, utilizing all the system resources such as taskbar pop-ups, desktop scan etc. The culmination of all this activity occurs when the rogue security software application requests some sort of monetary payment to be made by the user. Usually, this is done by claiming that the currently installed ‘trial’ version of the rogue software is incapable of removing the previously detected false ‘threats’, and so the user should pay for a license to the ‘full’ version of the software. Other methods include promoting another rogue application that can apparently ‘do the job better’ or ‘perform housekeeping tasks on the system’. Another gimmick is to claim that if the user buys the ‘full’ version, the vendor will donate a small sum to some charitable cause such as environmental protection. However, none of the statements made by the rogue security software program are true at any point. If the user, by any chance, finds a copy of a rogue security software application installed on their system, they should take immediate measures to remove it. This can be done in a number of ways:
- Manually – stop the application’s running processes, unregister its DLLs, delete its files and folders, and remove its registry entries. This will completely remove the rogue software from the system, but should be done with caution as any mistake could result in the operating system being damaged.
- By using web-based repair services.
- By using legitimate antivirus software.
There are many malware-specific removal guides available on the internet which can guide the user through the process of removing any malware from their system. If a user is tricked in to actually purchasing a license to a rogue security software application, they should immediately take measures to freeze the transaction. As the main method of payment online would be through credit cards, the user should immediately contact the credit card provider and ask them to freeze the transaction through which the rogue security software vendor was payed. The credit card provider should also be asked to flag that transaction as fraudulent and to monitor any similar transactions in the future. The best way to stay safe from Rogue Security Software is to be on the lookout for these applications and have a good antivirus program installed on your computer. Coutesy of www.removevirus.org
What is a Rootkit?
Rootkits are programs that are used to hide the fact that a system’s security has been compromised. Rootkits must be inserted manually by an attacker and will normally replace system files and executables. The rootit will then hide the fact that the attacker has modified files and folders and any other malicious software that the attacker has installed. Rootkits may also provide a backdoor login to the system which will allow attackers to login to the system when a particular login combination is entered. The first rootkits were developed for Unix systems to allow users to maintain administrative, or root access to a system. If the user could replace some of the system’s login files, they could maintain access to the system. In order to install the rootkit, the attacker must first compromise the physical security of the system in some way. Common rootkits are used to hide processes, files, blocks of memory, network connections or Windows registry entries from other programs that the system administrator may use to detect those files, for example, from antivirus software. The backdoor entrance generated by the rootkit allows the attacker to connect to the system and control it at any time. For example, a typical rootkit may be one that generates and maintains a command line interface with administrative privileges as soon as an attacker connects to a certain port of the computer. Dangerous tools such as tools for denial-of-service attacks, sniffers and keyloggers which could greatly compromise the integrity and privacy of the user. Virus developers have also made extensive use of rootkits to hide virus applications from the user and from antivirus programs. The hiding capabilities of rootkits may also be used to hide attempted break-ins to the computer, utility programs and system tampering. Types of rootkits
- Hardware/Firmware rootkits – These rootkits manifest themselves on hardware such as ROMs or in devices which use firmware such as embedded devices. They can allow attackers to access devices such as credit card machines, ATMs and cause monetary losses.
- Hypervisor level rootkit – This type of rootkit is designed as a hypervisor to the computer, and any operating system is loaded as a guest on a virtual machine. Thus all hardware calls made by the original operating system are handed to the hypervisor rootkit, making it very easy for it to hide attacks and to allow backdoor access.
- Boot loader level rootkits – Boot loader rootkits, also known as Bootkits, replace boot sector files and load at startup. This allows the attacker to control the operating system of the computer and extract details of all the user’s actions.
- Kernel level rootkits – These rootkits replace files from the kernel of the operating system itself, allowing almost unlimited access to attackers. It may also replace kernel-level device drivers, allowing an unprecedented level of device control for the attacker as well.
- Library level rootkits – These replace patches, hooks and system calls of the operating system, so that the library functions of the operating system can be controlled by the attacker.
- Application level rootkits – Application level rootkits replace user application files and run along with that application, modifying its behavior.
Rootkit detection can be normally done by antivirus programs that provide rootkit detection. However, once a rootkit is found, there is no sure-fire way to remove it except by backing up all files and formatting the computer. Even though many antivirus programs provide rootkit removal for inexperienced users, system administrators tend to simply format their hard disks whenever a rootkit is detected. Coutesy of www.removevirus.org
What is Spam?
What is Vishing?
Vishing is widely known to be a criminal practice used in various social engineering activities in order to gather private information from the general public while engaged in a phone conversation. This type of criminal activity is usually done over the phone using services facilitated by voice over IP technologies (VoIP) that make it hard to track the source of the number that is calling. This term is composed out of a mixture of “voice” and “phishing” due to the fact that it is actually very similar to email phishing while being done over the phone line. While in the situation of being targeted for a vishing attack, it is recommended to manifest caution and tranquility while being careful not to provide any private information. It is recommended to request the incident number of any private information request and then hang up while calling the official number of the institution or service that the vishing attacker was trying to impersonate in order to verify the nature of the situation. It is widely known that switched landline telephone lines are closely monitored for vishing attacks with the use of automatic detection mechanisms such as anomalies in phone conversations (for example the repeated calls initiated by a closely related set of phone numbers towards call centers). However, when it comes to voice over IP there are many ways in which an attacker could hide his identity and caller origin, reason why this type of attack has proven to be extremely hard to prevent or track. Due to the fact that vishing is very difficult to monitor and trace by legal authorities it is recommended to act caution whenever you are in the situation of giving away social or private information such as credit card numbers, birth dates, social security numbers or other similar information that should not be required to be disclosed over the phone line. As a result, whenever the situation applies, simply refuse to divulge any such information. Take extra caution whenever any organization calls asking for a donation or if you ever get offered a lower credit card rate from a phone call. The same goes for any friend asking for money on a social networking site. Coutesy of www.removevirus.org
What is Pharming?
Pharming is a digital attack method used by malicious Internet users in order to redirect the traffic of a legitimate website towards a misleading one with the purpose of tricking web surfers into divulging credentials such as usernames, passwords and private information that would be otherwise required to be inserted in the original version of the website. This type of attack is usually conducted using maliciously modified hosts file that permits local DNS manipulations or via exploits that benefit from certain vulnerabilities and allow DNS injections in order to facilitate this type of attack. Due to the fact that DNS servers are computers responsible for translating human-readable domain names into their respective IP addresses, any manipulation of such entries can result in critical effects for a wide range of Internet users. Due to the fact that antivirus software and anti-spyware software cannot protect against pharming attacks, more complex security measures are used in order to prevent this type of attack from impacting the security and privacy of individual computers or large scale corporate networks. As malicious domain name resolution attacks implemented on large scale DNS server nodes are hard to establish, pharming attacks have proven more efficient and successful near the end-points of the Internet security chain, respectively on desktop computers that receive poor administration and scarce security maintenance. For this reason, the simple modification of a local hosts file conducted by malicious software that has been previously installed on the computer may result in a fraudulent copy of a website being displayed every time the user tries to access it. Due to the fact that pharming attacks can lead to loss of private data and privacy it is recommended to always act caution when visiting websites that provide access to private email, private banking or social security information due to the fact that digital criminals using pharming attacks will most often look for this type of information at first since it can provide access to further private data. Coutesy of www.removevirus.org