FREQUENTLY ASKED QUESTIONS
Viruses, Spyware and Firewalls
| Q. | How do I remove the 'DNSChanger' infection from my computer? |
|
| A. |
For those who have not heard about the 'DNSChanger'
Trojan, this was a prevalent piece of malware
that infiltrated systems and changed their
DNS settings to point to fictitious DNS
servers owned by a criminal gang, this would
then allow the gang to redirect systems to
malicious, malware ridden addresses. Although
the criminal network has been shutdown, many
thousands of computers are still infected with
the malware: A simple way to check to see if you have been infected by the 'DNSChanger' malware is to check in 'Device Manager'. 01. Click 'Start' 02. Right-click 'Computer' or 'My Computer' and select 'Properties' 03. For XP based system click the 'Hardware' tab 04. Now Click 'Device Manager' 05. Click the 'View' option and select 'Show Hidden Devices' 06. Now click on the + symbol next to 'Non Plug and Play Drivers' 07. Look for the components listed in red below. 08. If found right-click each in turn and select 'Disable' and 'Confirm'. 09. Close the 'Device Manager' _VOIDd.sys ESQULserv.sys gaopdxserv.sys gxvxcserv.sys H8SRTd.sys MSIVXserv.sys msqpdxserv.sys ndisprot.sys seneka seneka.sys TDSS???.sys (the three ??? characters will vary) TDSSserv.sys UACd.sys Another very easy way to check for and remove this Trojan from a system is to use the application 'Malwarebytes Antimalware', just download/install, then update and scan. This application can be found in my software section. You will also need to check your Local Area Network connection and clear your DNS cache: 01. First click 'Start' and then select 'Control Panel' 02. Click 'Network & Sharing Center' or 'View Network Status & Tasks' or simply 'Network Connections' 03. In Windows Vista/7 click 'Change Adapter Settings' 04. Right-click and select 'Properties' for your active LAN connection 05. Double-click the 'Internet Protocol (TCP/IP)' entry (Version 4) 06. Make sure 'Obtain DNS server address automatically' is selected 07. Finally click 'OK' and 'OK' again and close the dialogue 08. Now click start and enter 'cmd' or locate 'Run' and enter 'cmd' 09. In the command windows type ipconfig /flushdns 10. Close the command window and restart your computer NOTE: One last thing to check, and although it is unlikely to have been compromised, you might also want to verify your hardware router's DNS settings, especially if you have left the device's default credentials unchanged from the factory defaults. |
|
| Q. | Can I protect myself from dodgy websites without having to install expensive, filtering software? |
|
| A. |
Absolutely, Norton have introduced an excellent,
free service that allows you to stop most if not
all dodgy websites without the need to install
any software. It is based around a DNS service, so although there is no software to install or manage, you will need to edit the DNS settings in your router to one of the options below, the great thing about this approach is that it will protect ALL connecting device to your router, wired or wirelessly: Option 1 - To block Malware, Phishing/Scam sites and Web proxies: Prefferred DNS 198.153.192.40 Alternate DNS 198.153.194.40 Option 2 - To block the above and also Pornography Prefferred DNS 198.153.192.50 Alternate DNS 198.153.194.50 Option 3 - To block all the above and Non-family friendly sites Prefferred DNS 198.153.192.60 Alternate DNS 198.153.194.60 Access to your router is normally through an IP Address on your local network; with often used addresses being: 192.168.0.1 192.168.1.1 192.168.1.254 You will then be asked for a user name and password to access your router, locate the relevant DNS settings page and just replace and current DNS entries with the entries above. |
|
| Q. | Is Windows Defender the only protection I need to install on my system? |
|
| A. |
Absolutely not, Windows Defender has no active
component, this makes it completely ineffective
in capturing many forms of mal-ware, it is a
very poor choice for protecting your system. Your system
will be at significant risk if
you don't install the correct mal-ware protection. Microsoft's Security Essentials is a much better application for mal-ware protection, it has an active component that constantly monitors your system for mal-ware and it's free. It's a light-weight program that does not hog system resources like many other security applications do. As an alternative to Microsoft's offering, you may want to consider AVG, not as light-weight, but it does offer good protection also. For a link to these applications visit my Anti-Virus software page. |
|
| Q. | What is the application 'Conduit Engine'? |
|
| A. |
Conduit Engine is regularly classified as
spy-ware due to the way the application
effectively tracks your internet searches and
passes this resultant information on to third
party companies. It is often installed along side a toolbar, and even though some toolbar installers inform you of this within their license agreement, many do not, and so 'Conduit Engine' is frequently installed without the users permission. There should be no need for 'Conduit Engine' to be on your system and I highly recommend you uninstall it, to maintain your privacy. |
|
| Q. | Where can I install/use Microsoft's Security Essentials? | |
| A. |
Microsoft's Security Essentials was initially
designed for Home use, but more recently
(October 2010) Microsoft have permitted it's use
within small businesses. Microsoft have defined a small business as an organisation with up to 10 PCs, so you are only allowed to install it on 10 systems; any more and you are in breach of your licensing. Microsoft's Security Essentials is not licensed for use within any government organisation or academic establishment at this time. |
|
| Q. | What free Anti-virus applications are there and which one do you recommend? | |
| A. |
There are many free, anti-virus applications
available, and there are many rouge anti-virus
applications, so it is good to be aware of which
anti-virus programs you can trust. The following lists the foremost free anti-virus programs you will come across; they are in the order in which I recommend them with 1 being the most effective and 4 being the least effective: 1. Microsoft Security Essentials 2. AVG Free Edition 3. Avast! Free Antivirus 4. Avira AntiVir Personal Edition I have personally tested the above list and have found that 'Microsoft Security Essentials' seems to do the best job in my experience. See my Anti-virus page within my Software section for more details. |
|
| Q. | How many security programs should I install? | |
| A. |
The quick answer is 1. The basic rule of thumb is you should only ever install one occurrence of each type of protection, E.G. One Firewall product, One Anti-virus product and One Anti-spyware product. If you try to install say 'AVG' (Free Edition) and 'Microsoft Security Essentials' together on the same computer, the two anti-virus products will most likely slow down your system significantly and may actually end up reducing your protection rather than increasing it. Some security applications have all the protection you need in one product, like 'AVG Internet Security' (see my Anti-virus page for details), others like AVG Free Edition just provide anti-virus and anti-spyware protection, thus you would also have to install some kind of Firewall software. |
|
| Q. | I have just purchased AVG 8.5 Internet Security, but it's not automatically upgrading to the latest version? | |
| A. | The product must go
through two or three smaller updates before it
is able to be upgraded to the latest version.
So keep updating and, as necessary, restart your
system until you see an 'Upgrade' message on the
right-hand side of AVG's main screen (see below):
Just click on the message to start the upgrade
process, and the newer version will be
downloaded and installed. |
|
| Q. | Is the toolbar 'MyWebSearch' safe? | |
| A. |
This product is part of the 'Fun Web Products'
suite of utilities, and although some people do
not class this product as unsafe, it does use
cookies to track usage, thus it should to be
classified as 'Spyware' or at the very
least 'Adware'. The product is also known to
slow down internet access. If you are happy about both these issues then by all means continue to use the product, otherwise I would advise you to uninstall it! |
|
| Q. | I have just installed the latest version of AVG 9 (Free Edition), but I am now having issues with accessing websites, the browser just seems to stall? | |
| A. |
This is a new problem with ZoneAlarm (free
edition) and AVG 9 (free edition). So I have to
assume you also have ZoneAlarm installed. The
problem seems to surround the 'Link Scanner'
part of AVG 9, but it seems that ZoneAlarm is to
blame not AVG. Until ZoneAlarm is updated, you have a couple of choices: 1. Remove ZoneAlarm and install another firewall product (See my Firewall page within my Software section, I recommend the 'Comodo' product as a great alternative) 2. Turn off the 'Link Scanner active Surf Shield' part of AVG (Not everyone has found this sorts the issue though) 3. Remove AVG 9 and install another Anti-virus product (See my Anti-Virus page within my Software section, I recommend the 'Microsoft Security Essentials' product as a great alternative) |
|
| Q. | I have recently downloaded and installed a tool called 'Total Security' to help in my fight against Spyware etc, I have run a scan and found all sorts of malware, what do I do? | |
| A. |
'Total Security' is a rouge
application and is Malware in its own right. You
need to uninstall this insidious bit of software
as soon as possible. Unfortunately, this is easier said then done...first you will need to terminate the process called 'tsc.exe'. If you are unable to use the standard Windows 'Task Manager' to do this, you will have to download a third party tool instead - see link below: http://www.brothersoft.com/kill-process-70928.html Now visit my Anti-spyware section within my software area for some authentic anti-spyware tools that should help you remove 'Total Security'. Some people find it easier to use a 'System Restore' to return their system back to a time before they installed 'Total Security', but be careful as this will remove all subsequent changes to your system also! |
|
| Q. | I have been told that there is a nasty email virus currently doing the rounds that will, if opened, delete my entire hard drive. The email subject is 'Postcard from Hallmark', how do I protect myself from this virus? | |
| A. | First and foremost you can
relax, because this is a Hoax. There is no such
email virus that deletes your entire hard drive. Many hoax emails purport all sorts of dire consequences if you receive a specific rouge email that is doing the rounds; the truth is these emails are just another form of SPAM, designed to scare and concern users into informing others, and in doing so perpetuate the SPAM. This type of SPAM tactic is very effective and often generates literally millions of unnecessary emails from concerned people falsely informing others of impending doom. My advice is simple, if you get any notification of a nasty virus/email, then use the link below to quickly investigate it's validity. Use the site's search facility to find key words about the virus...in this case you would enter 'Hallmark'. You may be surprised to learn that pretty much all of them are Hoaxes. http://www.hoax-slayer.com/ |
|
| Q. | I have a problem with AVG 8.0, the update manager is saying 'Invalid update control CTF file' and AVG refuses to update, whats gone wrong ? | |
| A. | I have found two solutions to
this issue: The first solution is to simply reinstalled a new version of AVG, just download the latest version from the AVG site and install it over the top of the existing AVG installation. The Second solution is a little more involved, as you need to locate the CTF files and delete them, they are located at: For Windows XP: C:\Documents and Settings \ All Users \ Application Data \ Avg8 \ update \ download For Windows Vista: C:\ProgramData \ avg8 \ update \ download Only delete the two .ctf files (avginfoavi.ctf & avginfowin.ctf), leave all other files as they are! If you can't locate these folders you will need to enable 'show hidden files' in Windows Explorer: From the 'Tools' menu item select 'Folder Options', click the 'View' tab and then select the 'show hidden files and folders' option from the list. |
|
| Q. | I think I may have some spyware on my computer, I keep getting warnings over a program called 'Prevalence Reporter' ? | |
| A. | Don't panic, 'Prevalence Reporter' is a legitimate program and part of the anti-virus program 'AVG 8.0'. It won't stop AVG protecting you if you stop/block 'Prevalance Reporter' but you won't get the rather nice addition of AVG tagging the results of web searches with which internet sites are safe and which sites contain potentially harmful code. | |
| Q. | My version of Windows Defender is not updating anymore, every time I try to check for updates the program just errors ? | |
| A. | Windows Defender's update
site can sometimes become unavailable, so its
worth waiting 24 hours to see if the problem
goes away. On rare occasions it just needs the
system to be restarted. But if you are
still getting the error 'The program cant check
for / download / install definition updates',
followed by an error code, then it could be
because Windows Defender has become corrupt in
some way. I simply recommend that you download a
new copy of Windows Defender and re-install. Visit my Anti-spyware page for a direct link to the Windows Defender site. |
|
| Q. | I have an issue with AVG 8.0, within the 'Overview' page the Update manager says 'A.Bin File Missing' ? | |
| A. | This is a global issue with
AVG as of 17th August 2008, so you are not the
only one with this fault. I found that
downloading the vary latest version of AVG and
performing a 'Repair' solved the problem. Visit my Anti-virus page for a direct link to the AVG free download site. |
|
| Q. | When I try to update by McAfee Anti-virus software, I get the following error "Failed to initialise Common Updater subsystem. Make sure the McAfee Framework Service is running, McAfee Common Framework returned error ffffffdf @ 3", what does this mean ? | |
| A. | The DLL (dynamic linked library) file "ole32", is required by
windows and is used by a large number of applications when
performing OLE (Object Linking & Embedding) operations. It
basically allows objects created in one application to be
embedded into objects created by a different application, so
if it becomes corrupt, in the registry, things stop working. To
re-register "ole32.dll" First click the 'Start' button and then click the 'Run' menu option. Enter the following text in the box and click OK. Regsvr32.exe %Windir%\System32\Ole32.dll |
|
| Q. | What is a Keylogger ? | |
| A. | This is the name given
to software that monitors and logs the actual key-presses a
user makes on a computer. They are most often associated with
spyware, but are sometimes used by
parents to monitor their children's activities on-line.
Mostly they are unwanted
bits of software that can be very difficult to remove
from a system. If you are worried that your system may have a Keylogger installed then make sure you install an up-to-date anti-spyware package on your PC and perform a complete scan, or alternatively look for a dedicated Keylogger removal program. |
|
| Q. | Why, when I try to access my Internet Explorer settings, do I get the error message "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator" ? | |
| A. | This is normally because you have 'Spybot - search & destroy' installed. There is a setting in Spybot that stops access to Internet Explorer's settings, it's called 'Lock IE control panel against opening from within IE", it will either be found within 'Immunize' or within 'Tools' and IE Tweaks, just untick the option and you should gain access to your options again ! | |
| Q. | Why, after updating my current version of 'ZoneAlarm', do many of my applications no longer have access to the internet, when they were OK before the update ? | |
| A. | This is a issue with
Zonealarm, sometimes on upgrading, it gets the list of
allowed/trusted programs confused, this leads to exactly the
issue you are experiencing. The solution is straight forward. First check that the programs in question are definitely being allowed access to the outside world, (I.E. In Zonealarm check the appropriate access boxes are ticked for each application not working). If all the relevant boxes are checked and things are still playing up then, uninstall Zonealarm, and then reinstall it, but this time, when it asks you, 'Do you want to keep your current settings?' say NO. This will, amongst other things, delete the list of allowed programs and allow you to start again, with Zonealarm prompting you for each application that needs access rights. |
|
| Q. | I have an old hard drive I wish to sell/give away/get rid of, will all my private files be deleted by re-formatting it ? | |
| A. | NO, by
reformatting your hard drive you are only deleting the links
to the files, but not the files themselves. It may look empty
when you ask windows to list the contents of the drive, but
there are clever programs out there that will be able to get
back a huge percentage of the data you thought was gone! There are only two ways that you can be sure your data is destroyed. The first option is harsh, but effective, and that is to physically destroy the hard drive. The second option (the one I recommend) is to use a proper 'Hard Drive Erasing' program that writes many random packets of data to the hard drive, thus scrabbling the contents of your drive for good. |
|
| Q. | I do a lot of cutting and pasting of sensitive data in on-line forms, is this a safe thing to do ? | |
| A. | We probably all do this more than we think!
For instance, how many times have
you cut and paste a password from one field to another, so as
to make the password verify a bit quicker ! The answer to this
question is Yes, but only if your
Internet Explorer is setup correctly. I say this because the default
settings in Internet Explorer make this simple activity
dangerous, and an unscrupulous website running a script can copy the
contents of your clipboard before you know it. But,
if the correct security option is checked, then there is no
problem. It can be found in: Tools, Internet Options, Security tab, In the Internet Zone, select Custom Level. Look for the option 'Allow paste operations via scripting' and click Disable. Now you are safe ! |
|
| Q. | A dialogue box called "seeve" appears every time I start up my computer and now does not allow my pc to shut down. How can I remove it? | |
| A. | Seeve is a process associate
with media-motors.net. It will display popups and other types
of ads. It is classified as spyware and needs to be removed.
Install and run Microsoft's 'Antispyware' program to remove.
You may still need to manually edit & remove the following
registry key: HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run\ Seeve |
|
| Q. | Can a Mobile phone really catch a Virus ? | |
| A. | If you had asked me this question
a few years ago I would have said definitely not. But now that
mobile phones are getting more complex and are now more like PDAs than phones the answer is actually Yes. But it is
important to get things into perspective, only the very latest
'Smart Phones' could be effected by these viruses, and even
then the number of viruses that effect phones is very tiny, so
the threat is very small indeed! Besides these forms of viruses only tend to use the phone as a means-to-an-end, in that they wait for you to synchronise your phone to your computer and then try to infect your PC, often with little success. |
|
| Q. | How do I protect myself against instant message (IM) viruses ? | |
| A. | This is becoming a big issue,
and so some precautions should be taken. They are very
similar to the steps you would take to protect yourself
against e-mail viruses. Never open or download files from people you don't know Keep you windows updated with security patches and fixes Use up-to-date version of your instant message software Make sure your anti-virus software is fully up-to-date Make sure your anti-spyware software is fully up-to-date |
|
| Q. | After installing the beta version of Microsoft's Antispyware, my firewall and my internet connection have stopped working, what's gone wrong ? | |
| A. | Microsoft's Antispyware is
still a beta release program. A 'Beta' release means that
it's a piece of software that is still under final
development. What this means is that there is still a chance
that the program will not work properly and the issue above is
just such an example of this. Simply, Microsoft's antispyware
program has accidentally removed registry entries that parts
of Windows needs to work properly. All is not lost, these entries which belong to the 'Winsock Service' can be repaired by using the following procedure: First click the 'Start' button and the click the 'Run' menu option. Enter 'cmd' in the box and click OK. Next enter 'netsh winsock reset' (Press Enter). Close the DOS window and Restart the computer. Your Firewall/Internet connection should now be repaired ! |
|
| Q. | When I open an email that should have an attachment, I just get the message: "OE removed access to the following unsafe attachments in your mail:", where is the attachment ? | |
| A. | Before you download any attachments, some precautions should be taken: Make sure your anti-virus software is fully up-to-date ! Make sure the email address is from a known or expected source Look carefully at the subject line and make sure it makes sense. Make sure the name of the attachment is sensible/meaningful (eg. Not just 'My Details', 'Message' or 'Document') Finally check the file extension is valid (Not .scr .vbs or .bat) To stop Outlook Express blocking attachments go to the menu item TOOLS, then OPTIONS. Now select the 'Security' Tab, and un-tick the option labelled "Do not allow attachments to be saved or opened that could potentially be a virus", finish by clicking OK. Now when you open your email, all the attachments should be available, just re-tick the box to block unsafe attachments again. |
|
 |
||
