DoctorLaptop Windows Alert 13SEP17

PDATE

Immediately Patch Windows 0-Day Flaw That’s Being Used to Spread Spyware (Summary)

Windows 0-Day Flaw

Get ready to install a fairly large batch of security patches onto your Windows computers.

Affected Microsoft products include:
Internet Explorer
Microsoft Edge
Microsoft Windows
.NET Framework
Skype for Business and Lync
Microsoft Exchange Server
Microsoft Office, Services and Web Apps
Adobe Flash Player

Also included in new updates is a patch for

How to Check For and Install Updates in Windows 10, 8.1, 8, 7, Vista

In Windows 10, Windows Update is found within Settings.

First, tap or click on the Start menu, followed by Settings. Once there, choose Update & security, followed by Windows Update on the left. Check for new Windows 10 updates by tapping or clicking on the Check for updates button. In Windows 10, downloading and installing updates is automatic and will happen immediately after checking or, with some updates, at a time when you’re not using your computer.

In Windows 8, Windows 7, and Windows Vista, the best way to access Windows Update is to open Control Panel and then choose Windows Update. Tap or click Check for updates to check for new, uninstalled updates. Installation sometimes happens automatically or may need to be done by you via the Install updates button, depending on what version of Windows you’re using and how you have Windows Update configured.

Hey, Naythan. Went straight from your post to check on my W10 updates and it was downloading the new update.. However it failed to install. ‘Actualizacion acumulativa para windows 10 version 1703 basados en 64 (KB4038788) failed to install on 14/09/17. As far as I know I am not on a metred connection so I fail to understand why it did not install. Everything went well with the download and the P/C did shut down to enable installation. Previous installs no problem. Any ideas please amigo.

Naythan Harris A common prob. You can do this, Direct Download KB4038788 Offline Installer, link at bottom of this page https://www.digitalriser.com/download-kb4038788-windows…

But…?

Hmmm went through all that and it said the update was not applicable to my computer. Guess I downloaded the wrong thing. I cliked windows update…

Naythan Harris Then you may be missing the prerequisite update(s) that must be installed 1st. If it were me, I would go to Power Options/Advanced Setting and turn off Fast Start. Now restart , don’t be alarmed if the first few restarts are slow, the comp is organizing and installing downloaded updates and you may have some catching up to do if Fast Start was on. Manually check for updates after the 4th restart. Fast Start uses the Hibernate service to shorten the powerup time by saving the active settings of the current session, but by doing so blocks the full shutdown/restart cycle that installing some updates requires. Fast Start is a poorly implemented function and I disable it on most Win 10 machines I work on, as most Win 10 problems revolve around the updating process.

Advertisements

Ransomware Update – The Threat Continues, by DoctorLaptop

Ransomware Update – The Threat Continues, by DoctorLaptop
Despite what you may have heard about a solution found to stop the recent ransomware attacks the threat is not gone. Be sure you have protected your computers. A new wave of attacks has begun and we should expect several more waves of attacks in coming months. The new attacks don’t only encrypt your data like classic ransomware. Instead some hijack your system and run hacker programs hidden in the background while your computer is on. This is known in tech jargon as turning your computer into a “bot”. As a result your computer gets slow and all your data and info are exposed. Hackers use armies of bots to accomplish hacking schemes that require massive numbers of computers focused on a task, such as doing “denial of service attacks” and “mining” crypto-currency. Read this article for an explanation in easy to understand terms.  Contact me if you need help or have questions. Email: doctorlaptop@protonmail.com or Mobile 675 993 069 (after 11am please).
https://www.yahoo.com/tech/another-large-scale-cyberattack-underway-experts-194944965.html

DOCTORLAPTOP’S TIPS #61

DoctorLaptop’s Tips #61
Ransomware has returned as an active threat after an 18 month period
where it was not very common. This is due to the recent release of  U.S. NSA
hacking tools. In the last wave of ransomware I advised the installation of
Hitman Alert. If you still have it keep it updated, and be glad you took my
advice and got it while it was free. New copies are no longer free. Here is
what you need to know to protect your computers.
1. Ransomware usually arrives in an email attachment and installs when you
open the attachment. New hacking techniques make it possible for these
booby-trapped emails to appear as if they were sent by someone on your
Contacts list! Do not open any attachments, even from contacts, unless you
are expecting an attachment. Ransomware can also come from other sources like
poisoned websites or infected network connections. Spanish internet service provider Telefonica had servers targeted with ransomware this week.
2. Keep your Windows fully updated. There are no forced Windows 10 upgrades
to worry about anymore. If Windows Updater does not run after a half hour wait then it is probably corrupt, a common problem with Windows 7/8.1. This can be repaired with the proper tools.
3. Only download software from sites with a good reputation. Many sites that
offer free downloads will infect your computer. I suggest using these safe sites:
4. Use a good antivirus and keep it updated. Free, reliable options are
explained on this site, including safe download links.
5. Use a ransomware blocker unless you use BitDefender antivirus, which has
one built in. I suggest using this free one, it will run beside your antivirus without
problems and requires no user actions unless you are attacked. If it detects ransomware it will pop up a window with instructions to complete the removal process. If it asks for permission to update do so. Read the info on the download page to understand how it works, explained in easy to understand language:
6. If you get infected with ransomware, force computer off by using the power button and bring it to me or a true professional repair facility immediately. I can probably remove it and save everything if you get it to me in under 24hrs. Time is of the essence! Do not let untrained techs attempt a recovery or you risk losing all your data and necessitating a full system re-install. This is not a job for amateurs.
7. To remove an unwanted antivirus is now a 2 step process. Windows instructions: First, uninstall in the usual way by going to Control Panel>Programs and Features, then choose the program and click Uninstall. Restart computer. Second, go to one of the download sites mentioned above and use the site’s search-box by entering
“the name of your antivirus + uninstall tool” and click search. Find the appropriate tool, download it. Find the downloaded file, usually in your Downloads Folder, right click it and choose Run As Administrator. Then follow the prompts. Then restart computer. Now run CCleaner and use the Registry function to remove any left over files.
Contact: doctorlaptop @ protonmail.com Mobile: 675 993 069 (no calls before 11am)

06Dec15 – DoctorLaptop’s News

The End of Flash Player

For many years Adobe Flash facilitated slick graphics and animation on games, websites and applications, but it has grown old and is being retired. Of course, Flash has been plagued with various stability and security issues, which is why developers grew to hate the technology. So now it’s time to say goodbye to Adobe Flash, and welcome Adobe Animate. However, on closer examination we find the new replacement, Adobe Animate, very similar to the old Flash, and still prone to security breeches. Adobe has officially announced that “over a third of all content created in Flash Professional today uses HTML5,” so the company is acknowledging the shift in formats with the new name. Animate just looks like an update to the Flash Professional software. It will still support Adobe Flash (SWF) and AIR formats, along with other animation and video formats, including HTML5 canvas, 4K and WebGL output.

Free Windows 10 Security Settings Control Tool

Win 10 security feature settings are distributed in many different places making it a huge chore to turn off all those you don’t want running. This tool places all the settings in one easy to navigate screen making this chore much easier.

W10Privacy is without doubt one of the most comprehensive privacy-focused tweaking tools for Microsoft’s Windows 10 operating system. Recent updates introduced new tweaks and support for changes introduced in the November 2015 update of Windows 10. The program creates a system restore point on start, and displays tweaks in tabs named privacy, telemetry or OneDrive that reveal their focus and are color-coded for easier access. Green preferences are recommended and have no side-effects usually, while yellow and red tweaks need to be checked out individually before they are applied as they may have side-effects and may even affect the system negatively. Read more and get the program for free at: http://www.winprivacy.de/english-home/

Love Chrome Browser But Hate The Targeted Ads, Data Collectors and Trackers? Want A Fast Browser For Secure Daily On-Line Purchases/Banking? Then EPIC Browser Is For You!

I have been testing out the new version of the EPIC WEB BROWSER, and am quite pleased. Very secure and free, the way the internet was supposed to be. It is Chrome with all the bad Google data tracker stuff removed and several premium security features added in. “One-click to surf via Epic’s encrypted proxy” to hide your IP address and to encrypt your browsing. It also serves as a USA based VPN. Your searches are private in Epic. When you visit any of the world’s leading search engines in Epic, your searches are automatically routed via proxy to prevent search engines from saving your searches by your IP address. This provides privacy protection against network snoops like your employer, your ISP (internet service provider), and governments. Please note that while installing Chrome plugins is possible, these may leak your actual IP address; for stronger IP protection, either don’t install any plugins or set them to “click-to-play” in Epic’s settings.

Visit the Epic website for more info:

https://www.epicbrowser.com/

New Ransomware Steals Your Passwords Before Encrypting All Your Files

Introducing the new upgrade to the World’s worst Exploit Kit – Angler, which lets hackers develop and conduct their own “drive-by attacks” (tech talk for “when a website infects you”) on visitors’ computers with relative ease. Often these traps are hidden in pictures in adverts on an infected website, and you don’t even need to click on them to be infected, simply visiting the site can activate them. So now many poorly-secured websites, or those selling advertizing space to unscrupulous clients, are targeting Windows users with a new “Cocktail” of malware that steals users’ passwords before locking them out from their machines for ransom.

Here’s How the New Threat Works:

Once the Angler exploit kit finds a vulnerable application, such as Adobe Flash, in a visitor’s computer, the kit delivers it’s malicious payloads, according to a blog post published by Heimdal Security. The First Payload infects the victim’s PC with a widely used data thief exploit known as Pony that systematically harvests all login usernames and passwords stored on the infected system and then sends them to servers controlled by hackers. This allows attackers to obtain working logins for a number of websites, e-commerce sites, and even corporate applications, from which the hackers could steal more data. The Second Payload drops the widely-used CryptoWall 4.0 ransomware that locks user files until the ransom is paid.

The campaign is “extensive” and originates from a secure hosting environment located in Ukraine, the researchers say. Over 100 web pages in Denmark have been “injected with the malicious scripts…” Ransomware attacks hit thousands of Internet users every week, and costs them a total of $18 Million in losses, according to the FBI. Moreover, a recent report dated back to last month suggested that the Cryptowall family alone has managed to raise over $325 Million in revenue in the past year alone.

Once your system gets affected by Cryptowall 4.0, unfortunately, there’s not much you can do, as the encryption the ransomware uses is very strong.

So, the only options you are left with are:

-Format your hard drive, re-install system and restore your data from the backup.

-Pay the Ransom money for the decryption key. 300-1500 euros (in Bitcoin e-money only) is typical.

However, I don’t advise anyone to pay ransom as it doesn’t guarantee that you will actually receive the decryption keys. These are criminals after all, and besides, it only encourages them.

Where Does It Come From?

Most malware and viruses are introduced by clicking on links usually contained in spam emails, or by opening attachments from unknown sources. So, DO NOT CLICK on any suspicious link provided in the emails and attachments from unknown sources.

How Can I Avoid It?

Simple answer: The easiest to use program that provides any real degree of protection from this threat is Hitman Pro Alert with Cryptoguard. This easy to install program recently went thru a transitional updating, and while there were some stability problems earlier this year and I recommended avoiding it, it is once again stable and reliable. But it is no longer free. Get it here: http://www.surfright.nl/en/cryptoguard

Malwarebytes Anti-malware (MBAM) claims their “pro” version can offer some protection against Cryptowall, yet I have worked on PCs running MBAM that were still infected with Cryptowall. They all had failed to get this additional tool Malwarebytes Anti-Exploit (MBAE). So while MBAM remains a great malware removal tool and anti-virus, I would not consider it a Cryptowall blocker unless you are running both MBAM + MBAE.

Detailed answer (Danger! Geek-speak ahead): The best defensive strategy is a comprehensive approach…make sure you are running an updated anti-virus and anti-malware product, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, update all vulnerable software and routinely backup your data. You should also rely on behavior detection programs (also called heuristics)rather then simple anti-virus definition (signature) detection software only. Most of the major anti-virus programs now incorporate this feature, but you need to activate it. Look in your anti-virus program’s settings for HEURISTIC ANALYSIS, and turn it on. Heuristics can detect when malware is in the act of modifying/encrypting files rather than just detecting the malicious files.

For example, Emsisoft Anti-Malware uses advanced behavior blocking analysis which is extremely difficult to penetrate…it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. Emsisoft also has the ability to detect unknown zero-day attacks without signatures. ESET Antivirus and Smart Security uses Exploit Blocker which is designed to fortify applications that are often exploited, such as web browsers, PDF readers, email clients or MS Office components.

Ransomware Prevention Tools:

Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it’s one of the most neglected areas.

Related Resources:

Note: Some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can hamper the effectiveness of Return-oriented programming (ROP) and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. (source, http://www.bleepingcomputer.com)

 

 

 

 

 

08Nov15, pt2 – New Ransomware Warning

A new version of ransomware, meaner and harder to recover from, has been released on the public.  At this time you cannot depend on any software, like Hitman Pro Alert, to protect you. Backups are required to fully recover from this type of attack.

Read the full article here:

http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/

Windows 10 Update 04Aug15- A New Scam and Undoing Win 10 Upgrade

Be aware, after upgrading your Windows 7 or Windows 8.1 systems to Windows 10, you do have 30-days to “downgrade” your PC back to the previous version of Windows.

To start the downgrade, make sure you’re plugged in — the downgrade can take several hours — and log into an admin account. From the Start Menu, click or tap “Settings” then “Update & security.” Choose the “Recovery” option, and then select “Go back to Windows 7” or “Go back to Windows 8.1.” Click “Get started”. You’ll have to give a reason why you want to downgrade. Click “Next” twice and the rollback will begin.

********************************************************************

 New Windows 10 scam will encrypt your files for ransom

A cautionary tale in being patient, and not skipping the line.

Just days after Microsoft released its latest operating system, hackers have begun targeting soon-to-be Windows 10 users with an emerging kind of malware.

Cisco security researchers are warning users against opening email attachments purporting to be from the software giant. The “ransomware” malware, which encrypts files until a ransom is paid, is being sent as part of an email spam campaign. The emails claims it’s attachment includes an installer that allows users to get the new operating system sooner. Once a user downloads and opens the attached executable file, the malware payload opens, encrypting data on the affected computer, and locking the owner out.

If you do get this infection you need professional servicing immediately, time is of the essence if you want to save your data and avoid a full re-install of your operating system.  Read more here:  http://www.zdnet.com/article/windows-10-scam-email-will-encrypt-your-files-for-ransom/

malware-upload-jpg.jpg

DoctorLaptop’s Tips and News – 25July15

Note: I now have wifi again and can check my email in a timely manner.

Windows-vulnerability-patch-update
In the wake of a critical Remote Code Execution vulnerability in all versions of Windows, Microsoft has just issued an emergency fix.

Yes, it’s time to patch your Windows operating system against an alarming security hole that could allow remote attackers to run malicious code on your computer, thereby taking “complete control of the affected system.” Since Microsoft has conveniently failed to name the specific update needed, you are expected to “fully update” your Windows to get the patch.
*********************************************************************************************
 
Apple Mac OS X Vulnerability Allow Attacker to Hack your Computer
A security researcher has discovered a critical vulnerability in the latest version of Apple’s OS X Yosemite that could allow anyone to obtain unrestricted root user privileges with the help of code that fits in a tweet.
The privilege-escalation vulnerability initially reported on Tuesday by German researcher Stefan Esser, could be exploited to circumvent security protections and gain full control of Mac computers.
The most worrying part is that this critical vulnerability is yet to be fixed by Apple in the latest release of its operating system.
BEWARE: this next quote is in Geek-speak

This is dangerous,” Esser explained in a blog post, “because it allows hackers to open or create arbitrary files owned by the root user anywhere in the file system. Furthermore, the opened log file is never closed and, therefore, its file descriptor is leaked into processes spawned by SUID binaries. This means child processes of SUID root processes can write to arbitrary files owned by the root user anywhere in the filesystem.”

Basic translation: If exploited, this allows an attacker to easily gain privilege escalation in Yosemite to hijack your Mac computer and take control of your system.

************************************************************************************************
How to Delete an Un-deletable File or Folder
In the case of a folder you may need to open the folder and manually delete all the contained files one at a time. If that goes ok then go back to the now empty folder and delete should work. If this fails, or you can not delete the files in the folder there are several geeky ways to remove the folder/files. I will spare you the details because there are tools to do this for you.
With IObitUnlocker, a free program, you wouldn’t be annoyed any more by messages like “Cannot delete file”, “Access is denied”, “undeleted files”, “The file is in use by another program or user”, or “There has been a sharing violation!” This is a powerful tool designed to fix such kind of problems, by terminating all related processes that prevent you from deleting or accessing files / folders that you need to remove.  It is an easy-to-use tool, which helps you delete the files or folders by dragging and dropping or just clicking the add button to select your objective files / folders. Get it from the official IOBIT site here: