Do I have the AceDeceiver Malware?

Most – if not all – iPhone users, can relax…

AceDeceiver-Malware

There’s but a great deal of hub-bub over the latest revelation that non-jailbroken iPhones can be breached with a man in the middle attack (MitM) that comes to iDevices via flaws in Apples DRM system, FairPlay.

Apple’s FairPlay DRM (digital rights management) system insures that only authorized users can get access to purchased content (apps, music, movies, etc.) through a given AppleID. However, this MitM attack allows hackers to install malware on iOS devices without a user’s knowledge or consent, bypassing Apple security measures.

According to PaloAlto Networks,“In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by the victim.”

While this has previously been used just to pirate iDevice apps in the past, this is the first time this particular attack has been used to install and spread malware.  Victims first download a Windows program called Aisi Helper which is supposed to provide jailbreaking, system back up and device management and cleaning services.  Once installed, it installs malicious apps to any and all iDevices that are ever connected to the PC.

From that point forward, the malicious app redirects App Store requests to a malicious store, where your AppleID and password WILL be phished.  So, what does this mean for YOU, the iPhone user right now?

Honestly, not much; and there are two really big reasons why:

  1. Currently, this effects users in China
    … and that’s about it right now. So unless, you’re an iPhone user, in China, at least for the moment, you’re safe.
  2. This is currently a Windows only Attack
    So, if you’re a Mac, you’ve got nothing to worry about. It all starts on the desktop, as I noted above.  If you’re using a Windows PC, then be vigilant; but again, unless you’re a Windows user that actually uses a Chinese localized version of Windows (and actually resides IN China), then you don’t’ have anything to worry about.
  3. If you’re OTA Only
    …Then don’t sweat it at all. If you NEVER connect your iPhone to a Windows machine, like…EVER… then you’re perfectly safe.  Apple’s on device security measures have already covered for this, and you have nothing to worry about.

So, what can you do to protect yourself, if you’ve been to China recently, use a Windows PC, and think maybe you might-could, possibly be infected??  That’s really easy.

  1. Don’t Jailbreak your iPhone
    I know, I know, I know… I said earlier that this attack hit NON-jailbroken iDevices. The whole thing starts, though on the desktop through the program Aisi Helper. While you may not be interested in its jailbreaking services, it can be used to backup, and clean cruft from your iDevice.Here’s a piece of advice – the only thing you need to use to back up your iDevice is iTunes. Period. If you don’t connect to iTunes on your computer through a USB cable and are OTA only, then use iCloud to back up your device. If you think you need to reset your, iDevice, then use only Apple provided tools (iTunes or the Reset functionality in your iDevice’s Settings).  Using third party tools for any of this is just an invitation to trouble
  2. Uninstall the Desktop Software
    If you have Aisi Helper on your PC, uninstall it. Period.  Don’t ever install any third party tool to backup, clean, or manage content on your iDevice, unless you REALLY trust the developer. And then, it’s really, REALLY risky.
  3. Run a Virus Scan
    After its gone, run a full virus scan with the tool of your choice, and then  make sure you quarantine and then remove any threats that are found.

This development is interesting, and monitoring for it on your iDevice and outside of China (where it’s the only place this is currently a threat) isn’t a bad idea.  However, at this point, for everyone else, this isn’t too big of a deal.  The biggest thing you have to keep in mind though, is that jailbreaking your iDevice is risky, no matter how much you might hate Apple’s walled garden.

While you may not be able to do everything you might want to do with your iDevice in terms of customization and side loading applications, with the threat of malware that steals your personal information that can lead to identity theft, the cool factor and the value in breaking free largely lose their appeal.

What do you think? Is jailbreaking still a thing?  Does it really offer you the options you’re looking for?  Is it too risky?  Do you have a jailbroken iDevice?  Why don’t you meet me in the discussion area below, and let me know?

Related Posts:

Ransomware. Taking your Data Hostage

Yeah… Speaking of malware…

Introduction
With all of the email problems I’ve been having over the past month or so, I’ve had my hands full. I’m nearly certain that I’ve got some kind of malware. Removing it, has been a real chore; but at least I don’t have any ransomware. Yeah. That would really suck.

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay a ransom through an online payment system in order to regain access to their data or system. Some ransomware encrypts files. Other ransomware blocks communications.

cryptolocker-ransomware-trojan-bitcoin-payment-page

No matter which way you look at it; you don’t have access to your data. Depending on how valuable that data is to you or to your organization, that can be a problem.

One of the most popular pieces of ransomware is CryptoWall or CryptoLocker – same thing. CryptoWall is a Microsoft Windows based Trojan horse. A computer that is infected with this virus has its hard drive encrypted, with the RSA decryption key held by a third party.

When infected, the virus payload installs itself in the user’s profile folder and then adds a key to the registry that causes it to run on startup. It then attempts to contact one of several, designated command servers where it retrieves a 2048bit RSA key pair. The command server sends the public key to the infected computer.

The virus then encrypts the user’s files across all local and mapped network drives with the public key and logs each encrypted file in a registry key. The process only effects files with a specific extension type – usually those belonging to Microsoft Office, OpenDocument, JPEG, GIF, BMP, etc.

Once encrypted, the virus then displays a ransom message that includes a countdown clock. If a ransom of $400USD or €400 in the form of a pre-paid cash voucher – like a MoneyPak or an equivalent amount of BitCoin. If the ransom isn’t paid within the specified timeframe, your decryption key gets deleted, and then there’s no way to decrypt your data. Once paid, the user is able to download a decryption program, preloaded with the decryption key, that unlocks the files.

However, some victims have claimed that even though they have paid the ransom, their files were not decrypted.

Now, there are three ways to get rid of CryptoWall/ CryptoLocker once you get it. Some of them are easy, others are not. Let’ run them down so you know what the options are.

  1. Pay the Ransom
  2. Restore from a Non-Infected Backup
  3. Use an Appropriate Mitigation Method
  4. Call it Quits and Restart from Scratch

Pay the Ransom
Many security experts have said that with a 2048bit encryption key, using some kind of brute force attack to get the decryption key was nearly impossible. Previous versions of the Trojan horse used 1024bit keys and while that may have been crackable – in at least one case, it was – doing so, was not easy and took a great deal of time. That method also required the use of tools and skills that most consumers don’t have, can’t afford, and wouldn’t know how to use.

While removing the Trojan from an infected PC is possible, especially in its early encryption stages (depending on the amount of data in question, encryption can take quite a while), the nature of the infection is that it works in the background. Many users don’t know or see that anything bad is happening. In cases like this, many security experts initially agreed that the only way to recover files was to pay the ransom. Users can usually expect to receive their decryption key within 24 hours.

However, given the dishonest nature of the individuals behind the Trojan horse infection, the 24 hour waiting period and the fact that some people don’t always receive their decryption keys without the call for additional payments, this is a risky removal method. Its certainly not guaranteed. They got your money once. Its very likely that if you don’t get your decryption keys early in the 24 hour period that you will get asked to make additional payments.

It has been estimated by Symantec that up to 3% of all infected victims pay the ransom. Its also been estimated that ransomware operators have collected upwards of over $3.0M USD. So, while you may get your data back with this, paying the ransom doesn’t always get your life’s memories back; and it could end up costing you more than was originally asked for.

Regardless of how much you may pay, if this is the case, you’re going to want to make a back up of your decrypted data and then blow your hard drive and reinstall Windows and all your applications from scratch. You’re also going to want to invest in a malware scanner and some kind of backup plan after that.

Whether its online or offline, it doesn’t matter. The key is starting from a known clean slate and then making certain you don’t get hit again.

Restore from a Non-Infected Backup
Even if your PC and all of your data becomes completely encrypted, if you have your computer’s restore DVD’s AND you have a back up of your data before it became infected (and that drive isn’t always connected to your PC), then you’re more than half way home.

In this case, you can just go tell the malware creator to go pound sand.

However, this may take just a bit of work on your part. You’re going to have to do a few thins to make certain you can safely get to your data.

Check the Status of your Backup
If your backup is done on line, through services like Carbonite or Backblaze, you should be ok.

If you’re using a backup drive that’s connected to your PC all the time, its likely infected and encrypted. However, if you’ve backed data up AFTER you got infected, its likely encrypted and should be considered bad. Do NOT use that data.

If its not always connected to your PC, do NOT connect it to your infected PC. CryptoWall/ CryptoLocker will encrypt it. Check the status of the backup from ANOTHER, uninfected PC and check the last backup date and perform a malware scan on it. Once verified clean, that’s the state of the data you’re going to get back.

If you’ve got all of your data on a cloud service drive, you’re in even better shape., as its likely NOT encrypted. Those services should be set to scan all the data that comes into their data centers and should prevent infections like CryptoWall or CryptoLocker from infecting them. You just need to restore your PC (see below) and then log back into your cloud service and resync your data.

Restore Your PC
After you have the back up drive for your PC identified and set aside, you’re going to need to restore your PC back to factory fresh status. You’re going to need to do this no matter what you do (pay the ransom, restore from a non0infected backup or use a mitigation tool. Once compromised, its not good to continue to use a Windows installation that’s been infected by such a serious piece of malware.

If you have something like a Surface Pro or other tablet/ convertible device do NOT restore from the device’s recovery partition. There’s no way to know that it hasn’t also become infected as well.

In that case, you’re going to need to download the recovery image on a separate computer and then burn that image to a DVD, also from that separate computer. Do that and set it aside

If you have a PC that has a set of restore DVD’s grab those now. Place the restore DVD (either the one you just made for your Surface or other similar device or the ones that come from your PC manufacturer) into either your PC’s DVD drive, or into a USB DVD drive connected to your computer.

You’ll need to set your UEFI or BIOS to boot from the DVD drive. Use that DVD to restore your computer. Once it finishes, and you can reinstall your backup software and a suitable malware scanner. After you’ve updated all of the appropriate malware definitions and performed a malware scan on your newly configured PC, THEN connect your backup drive to your PC.

Perform a second malware scan on your backup drive before the restore. Its better to be safe than sorry.

Once verified clean again, you can restore your data; and you should be good to go.

Use an Appropriate Mitigation Method
You should know up front that this is by far, the riskiest option of all. Its not easy, and you’re not guaranteed to be successful.

If you don’t have your data on some kind of cloud sync service, backed up to a drive that was connected to your PC BEFORE you got infected with CryptoWall/ CryptoLocker, and you aren’t using an online backup tool and you MUST get all of your data back, then you can try to use an appropriate mitigation method.

Now… this is where things get a bit sticky. If you’re not comfortable working with and modifying the Windows Registry, installing and updating hardware drivers or other low level components, then stop. It might be a good idea to take your infected computer to a trusted, reputable repair shop and let them handle it.

They’ll likely keep it for a few days. They may charge you $150 – $250 bucks to get rid of the virus; but you’ll likely get your computer back, with some to most of your data, without having to pay a huge sum to some crook.

In a nutshell, here are the steps you’ll need to perform:

  • Boot to Safe Mode
    In Windows 7, XP and Vista, you’ll need to restart or turn on your PC and quickly and continuously press F8 until you see the Advanced Boot Options screen. From here, you’ll have 30 seconds to use the up/down arrows to choose the “Safe Mode with Networking” option from the list and press the Enter Key.

In Windows 8/ 10, its best to start with the computer already on and sitting at the Windows Logon Screen.

Press and Hold the Shift key, and then click Restart. On the resulting screen select Troubleshoot – Advanced Options – Startup Settings, and then Restart. When your computer becomes active, select Enable Safe mode with Networking.

Let your PC boot into Safe Mode. Your PC should be up and running in Safe Mode. You should be logged in (do so if you aren’t) and you should have access to the Internet.

  • Download a Malware Removal App
    Open up a browser window and download SpyHunter or other spyware/ malware removal app. Purchase a licensed copy if you need to. Use it to remove CryptoLocker/ CryptoWall from your PC. Use that app to remove all of the malicious files that belong to the ransomware and complete the CryptoWall/ CryptoLocker removal.
  • Salvage your Data
    If this works, get your data off your computer and store it on a known clean drive. Then, refer back to the section above where I tell you how to rebuild your PC from scratch.Rebuild your PC from scratch.If you don’t get everything – and that’s possible, even with a good malware removal too – you don’t want to be on a PC that’s had ransomware on it. Rebuild your PC and then put your data back on it.

If that doesn’t work, or if your version of CryptoWall/ CryptoLocker prevents you from booting to Safe Mode with Networking, then you can try something else. However, if this doesn’t work, your options become limited.

  1. Boot into Safe Mode with Command Prompt
    In Windows 7/ XP/ Vista, restart or turn on your PC and tap F8 multiple times until you see the Advanced Boot Options window. Use the up and down arrows to move down to Safe Mode with Command Prompt and press Enter.In Windows 8/ 10, at the Windows login screen, press and hold the Shift key and then click Restart. On the resulting screen select Troubleshoot – Advanced Options – Startup Settings, and then Restart. When your computer becomes active, select Enable Safe Mode with Command Prompt in the Startup Settings Window.
  2. Restore your System Files and Settings with System Restore
    Once the Command Prompt window is available, you should be logged into your computer and the Command Prompt window should have you logged in to C:\Windows\system32Type – cd restore – and press the Enter keyType – rstrui.exe – and press the Enter key

    When System Restore comes up, click the Next button and then select a restore point that is PRIOR to you getting infected with CryptoWall/ CryptoLocker. After that, click the Next button again.

    A warning dialog will display, notifying you that System Restore can’t be interrupted. Click the Yes button and let System Restore run and complete.

  3. Remove the Virus Files
    After System Restore completes, you can reboot your PC. After that, you can download Spy Hunter or other spyware/ malware removal app. Use it to get rid of the malware files
  4. Attempt to Salvage your DataYou need to understand that using a mitigation method does NOT remove any encryption from your data. It just removes the malware. If you data is encrypted, you can try to use Windows’ Previous Versions feature to restore any files that may have been encrypted.To do that, find the file in question and right click it. Choose Properties from the context menu that appears. When the Properties dialog appears, look for the Previous Versions tab and look for a restore point for your file. Choose a date before you got infected, and follow the process.

    However, you need to understand that this method is ONLY effected after System Restore completes and the ransomware is removed. Ransomware often deletes Shadow Volume Copies and this method may fail to work.

Call it Quits and Restart from Scratch
Ransomware is a very SERIOUS piece of malware. If you get it and you end up with your data encrypted, depending on how adventurous or wealthy you are, you can try one of the methods that I’ve listed above, or you can cut your losses and call it a day.

In other words, you can simply resign yourself to the fact that your data is gone and you can rebuild your PC, again, using one of the rebuild methods I noted, above.

Depending on how much you trust the drive you’ve got, you may want to just go and buy a new hard drive for your computer, put it in, and then rebuild your PC from scratch, again, using one of the rebuild methods I noted, above.

There are a few advantages to this. While it consigns your files to a permanent rubbish bin, its likely a much safer way to go, especially if you catch it early in the encryption process.

Conclusion
Ransomware is a huge problem in many countries around the world, especially in the United States. Malware is EVERYWHERE on the internet, and you can get it from visiting dubious websites and even through ads that display in a browser window. You can get malware from email, from infected files and just about anywhere else on the internet.

While you’re clean, the best thing for you to do is to make a backup of all of your data. You can use a backup program, a cloud data service like Dropbox, Google Drive orOneDrive and the like. You can also use online backup programs like Carbonite or Backblaze. Whatever you do, though. Make a backup of your data.

If you do find that you get infected with ransomware, again, you have very limited options. You can:

  1. Pay the Ransom
  2. Restore from a Non-Infected Backup
  3. Use an Appropriate Mitigation Method
  4. Call it Quits and Restart from Scratch

There’s a price to each of these, either in cold hard cash, or in time. Unfortunately, despite any of these methods, you’re likely going to experience some data loss, unless you have a recent, uninfected backup. So the rule here, as always should be to back up early and often.

But again, if you do get infected, the best thing to do as quickly as you can, is to get off the internet, remove the malware, rebuild your system and then restore your data. How you pull this together is up to you, but it isn’t easy, and it can often create other problems that you didn’t initially anticipate.

Related Posts:

Anyone Can Pick Up Malware

The past few weeks have been hellacious at Casa de la Spera…

I’ve been in computing since 1984. I have written more than I can remember without actually reviewing the stuff I’ve written. This includes seven years of columns on CompuServe’s Computing Pro forum as well as approximately 10,000 tips for Windows (95, 98, 98SE, NT, ME, 2000, and Windows 7), Internet Explorer, Office (95/97/2000/2007) and Windows-based Hardware, for WUGNET (The Windows User’s Group Network). I’ve written COUNTLESS software reviews for both Mac and Windows platforms; and I was nominated for Microsoft MVP for Windows Mobile at least twice between 2004 and 2007.

Yeah… I’m giving you the resume more for ME than for anyone else right now.

malwareOver the past few weeks, I’ve been dealing with some hacked email accounts over here; and quite honestly, it’s been very aggravating.

It started during the middle of October. I started seeing bounce notices hit my account, and I wasn’t certain why. Not all of them, or the delivery delay notices I got had the body of the original email with them. Some did. When I was able to look at what that was, it was clear that my Google Apps based email account had been compromised.

I immediately changed my password.

However, that didn’t resolve everything.

Gmail has a few different tools to help you protect your account if you think it’s been compromised, including signing out all web sessions. I did that and then changed my password – AGAIN – and signed back in. However, by that time, the damage had been done and Google had suspended my SMTP permissions. I couldn’t send any email. According to Google, I had sent over 5000 emails in the course of a 24 hour period.

At that point, I also noticed that my contact list had been increased by over 1500 entries, as well. Many of these were simply a strange looking address and nothing more. For example:

Atrix6969@don’t-stop.fr
fruit83@bandaid.co
sukey.pangu@legoland.co.uk

Many of the entries had either just the full email address as the contact name or firstname<dot>lastname as the contact name. Those were easy to spot and eliminate, though I had to go through my contact list at least 3-4 times. I didn’t get all of them, and somehow, they got repopulated (with different entries) a couple times. (I’m still pulling crap out of my contacts list…)

After upgrading my Google Apps instance from a grandfathered, less than 50 member free edition to a paid subscription, AND speaking with Google on this for over an hour, I submitted a ticket to get the account reinstated. It took them about two hours, but they put me back in business, and I was able to file a couple of articles with Soft32.

Things quieted down for about a week, and then it kicked in again, though this time, I was able to go through the process again, very quickly and then cut things off before I had sent 5000 emails. This went on – this back and forth – for about another week or so, then things just stopped.

Last weekend (the weekend of 2015-11-08), it started up again, and I got more bounce notices and some forwards back from a couple of people that my account had been hacked again.

That’s when I enabled two factor authentication on my Google Apps account and domain. Two factor authentication is where access to an online account requires not only the account user name and password, but also a validation token or code, usually sent to a mobile or smartphone. The validation token can also be sent via an authentication app.

At this point, I think I have control of the account again.

The bigger problems that remain –

  1. How was the account compromised more than once?
  2. How was it compromised after implementing a 13+ character (multi-chase, letters, numbers, and special character) password?
  3. What significance did the 1500+ additional address book entries play?
  4. Was there any hidden XML payload associated with any of the additional address book entries?
  5. When I deleted them, did I get them all?
  6. Would that even make a difference
  7. Did I pick up a key logger?

Yeah…

A key logger…

The answer at this point is, I don’t know. I’ve ordered a FixMeStick; and while that arrived and scans a mac running OS X 10.11, it currently can’t read a Mac boot drive running El Capitan.

In fact, the boot drive isn’t even visible to the FixMeStick. Thankfully, the vendor is aware of the issue and they’re working on a resolution. FixMeStick owners will have their sticks updated automatically once the solution is published.

My other saving grace is that Time Machine apparently doesn’t have the same security measures placed on its drive as the boot drive on a Mac running the OS. FixMeStick has scanned my Time Machine backup drive and hasn’t found any malware.

The big point that everyone needs to understand, however, is that anyone and everyone can get malware from just about anywhere on the internet. Ad networks are a huge problem. Malware can flow through those and can infect your computer even from a site you know and trust. Products like FixMeStick are helpful ; but you’ve got to be careful, especially right now.

Both Windows 10 and OS X 10.11 El Capitan are new operating systems. Existing anti-malware products may not work correctly on these operating systems as of this writing. They may need some updates.

You may also have issues with anti-malware products that run while your computer is running from its boot drive. It’s very possible that malware on your PC may hide from your scanner – no matter how good it is – and it either may not be detected, or may not be removable.

Unfortunately, this isn’t like the 1990’s. Getting malware today can be devastating and life altering, if not life ruining. Phishing attacks and other data breaches can lead to identity theft, and some of the damage related to it, may be difficult to come back from.

The lessons learned here should be multi-fold:

  1. Mind where you surf
  2. Have some kind of malware scanner running, regardless of platform, and keep its definitions current
  3. Invest in some sort of offline, self-booting anti-malware solution so that stubborn threats can be removed without being activated

Related Posts:

Repair and maintain your Windows PC with Windows Repair

icon1348083463If there’s one thing that I have learned over the years its that keeping your Windows PC running without issues can be complicated.  These machines can do a lot and its not always easy to fix the problems once they’ve occurred. Sometimes, its easier to just blow the box and start over.  Unfortunately, that’s not always possible. Sometimes the existence of important data, or specific peripheral drivers, other add-ons or reasons prevent you from taking that route. Its at this point that having comprehensive tools like Windows Repair, a fix-it and maintenance utility for Windows – can make the difference.

I’ve written well over 3000 individual tips for Windows covering Windows XP to Windows 7 over a 15 year period, and between us…Windows can be complicated. Fixing issues or problems with the OS, let along getting past a virus or other malware, can be challenging at times. In many cases, my recommendation is to save yourself some time, get your data off the machine, and then simply blow the machine and start from scratch. However, that isn’t always an option.

Reinstalling ANY operating system, whether you want to or not, regardless of experience level can take a long time; and it doesn’t always go smoothly. Sometimes, things don’t come back the way you think they will.  Tweaking.com’s Windows Repair is meant for situations like this, and I’m really glad its there. The application is an all in one repair tool that should help you fix many of the bigger Windows problems, including registry errors and file permission errors.

WR-07

Windows Repair is a good app, with a good beginning. It can do a lot of things to help repair Windows, but it isn’t a universal cure.  The app is still very young and needs to mature. It needs to be able to determine what the problem is and then either fix it, or offer ways to resolve the issue.

Most of the big problems that afflict Windows, aside from malware attacks, are driver and registry issues.  While Windows Repair can fix some registry issues, the Registry is a complicated animal. Modifying it doesn’t always provide the results you think or hope it will.

Driver issues are another huge problem. While you hope that drivers for peripherals work as intended, the world of Windows drivers can be a huge mess.  Not all of them are created equally, and in many cases, they don’t work and play well with other drivers.  While Windows Repair may not be able to resolve these issues, it would be nice if it could ID the potential conflicts and then provide download links to the latest versions of all drivers involved. If that doesn’t resolve the issue(s), then informing users that the drivers are known to conflict, or indicating that it will inform others of the potential conflict could be a huge help.  It would also be nice if the app used your PC’s currently installed malware software to scan and remove malware, especially if your’re using MS Security Essentials on Windows 7 or MS Defender in Windows 8.x.

download Windows Repair

Related Posts:

Should I Remove It ?

Get rid of unwanted add-on-ware with this awesome Windows tool.

imagesWhen I use my computer, I have specific goals in mind. I usually don’t have too much time to must play around. I require peak performance from my rig, and when I don’t get it, there are really just a few things that are the likely cause, malware being one of them. With malware so prevalent in today’s computing world, it’s a good thing that there are apps like Should I Remove It available. It’s a malware scanner and removal tool for Windows that just might be able to keep your PC at peak performance.

With computer programs today relying on advertisements to pay many of their bills, every app install can bring unwanted application extensions and components on to your hard drive. This is where Should I Remove It comes in.

SIRI-01

With Should I Remove It, you don’t have to worry about what you should remove or keep. The app identifies and removes bloatware and trialware along with crippled versions of commercial software on a new computer in the hope that some will upgrade to paid editions.

Should I Remove It is a decent uninstaller, but aside from its ratings and removal percentage information, it doesn’t offer much value. The app does a decent job of removing software, but you’re completely dependent upon the information the app and its vendor provides for accuracy.

download Should I Remove It

Related Posts:

FreeFixer

Keep your PC malware free with this cool Windows utility.

freefixer-01-535x535When you get malware, you have just a couple of real world possibilities: live with it, rebuild your PC, or try to remove the malware. Living with it often is something people try to do but don’t succeed at. At some point, you simply can’t take it any more. Rebuilding your PC often resolves the issues, but there’s the potential of substantial data loss. Removing the malware is often the best choice, but choosing the right tool is often difficult. When I bump into problems, I like to give FreeFixer a shot. It’s a free anti-malware tool for Windows.

FreeFixer is a general purpose removal tool. It can help you to delete adware, spyware, Trojans, viruses and worms from your computer. FreeFixer works by scanning a large number of file locations where unwanted software is known to leave traces. This includes Program Files, Startup, your browser’s plug-ins, your home page setting, etc.

FFR-03

FreeFixer doesn’t necessarily know what is unwanted. Instead, it presents the scan result and it’s up to you decide if something should be removed or should be restored to their default values. Deleting the wrong file could be problematic, so you need to err on the side of caution.

If you’re unsure on what to delete, you can check additional information at FreeFixer’s web site for each item in the scan result. You can for example see what other users chose to do with the same files they found. You can also save log file of your scan result and consult the volunteers in one of the FreeFixer helper forums. However, if you’re not sure, the best thing to do, is nothing at all.

While FreeFixer’s price is right, its methods of removing malware clearly are not. While it may be worth a shot for the more advanced user, there are clearly other tools available that can provide better identification of known malware and offer to remove them as well. In this more modern age of anti-malware and security software, the hit or miss, user decides whether to remove or not methods employed here are much too primitive. Use a different app.

download FreeFixer

Related Posts:

Free your PC from ransomware with Anvi Rescue Disk

img1FileRebuilding your PC after a malware infection is a total pain in the butt. Its time consuming, troublesome and occasionally problematic. Ransomware has been making the rounds worldwide, and short of forking over the required cash, there’s little you can do to save your PC from a complete rebuild once infected.  Ridding your system of this malware is difficult. It’s well written and in most cases even activates even in Safe Mode. It’s for this reason that I really like Anvi Rescue Disk. It’s a must have Windows utility.

ARD-03

Anvi Rescue Disk helps users remove ransomware infections. If your computer is locked up due to a ransomware infection, and won’t even boot into safe mode, then Anvi Rescue Disk may be able to save your computer.  In many Eastern and Western European nations, users have seen law enforcement logos displayed on their screens with messages saying that their  browsing habits have broken the law and they must now pay a fine in order to be able to continue using their PC’s.  While this type of malware is extremely difficult to get rid of, Anvisoft seems to have finally found a way to combat this problem.

Using the software is simple.  You download, burn a CD/DVD, restart your PC using the burned CD/DVD, scan and clean.  A simple restart after that, and your PC should be ransomware free.   However, a word of caution – both the problem and the cure are very new and likely to undergo a lot of tweaking in the immediate future. If you get infected more than once, you will likely need to rerun the tool or may need to wait for an update.

download Anvi Rescue Disk

Related Posts:

Speed up your browsing with Adguard Web Filter

The internet is said to be the next great operating system. With so many different web based applications available – Gmail, Office 365 and the like – keeping unneeded and unwanted ads out of the way isn’t easy. This is one of the reasons why I like Adguard Web Filter. It’s a Windows based internet tool.

Adguard Web Filter helps you remove online ads from the web pages your view.  Online ads always slow down the loading of web pages you need and may open ones you don’t. The biggest problem is when indecent ads damage your reputation at work or affect the wellbeing of your children.  Web ads are widely used for fraud, circulation of viruses and other types of malware. Ads often distort the appearance of web pages.

Adguard Web Filter removes these annoying ads, reduces the page loading time and saves your traffic. It works with all major browser, including Internet Explorer, Opera, Firefox, Chrome, and Safari. Adguard Web Filter blocks video ads, rich media and other non-standard types of ads, as well as standard ads. It prevents counters and tracking by ad networks. Adguard starts working right after installation, requires no additional configuration and is regularly updated.

Adguard Web Filter is an app that nearly everyone can benefit from. The app installs quickly and easily and the benefits are seen immediately. The removal of online ads is something that you don’t necessarily think about when the ads are gone, but immediately comes to mind when they blink and flash in front of you when they are left unchecked. Available at no charge, the application is something everyone should use to improve their browsing experience on their Windows PC.

download Adguard Web Filter

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook