Anyone can Pick Up Malware – Part 2

Sometimes, you can be your own worst enemy…

malwareA while back, I posted an article about how anybody could get a computer virus. It was telling, because the anybody was me. I ran afoul of a bad ad network somewhere and picked up something that caused me to, I thought, pick up a key logger. In the end, it turned out I was wrong, but I’ll get to that in a bit.

Instead I had picked up a couple other viruses, both of which came through a bad ad network and both of which, it turned out, were responsible for my spam situation. Unfortunately, NONE of the anti-virus products that I had on my machine – Webroot Secure Anywhere and MacScan, could remove the software, though it had no problems at all identifying the viruses on my Time Machine drive.

Based on this information, it was clear to me that the malware was 1) on my Mac, and 2) actively hiding from the real time scanner of one app and the manual scanners of both apps. To be blunt MacScan didn’t detect a thing. Webroot found everything, but only on my Time Machine drive, and couldn’t remove all of it.

I had a couple options at this point – 1) Rebuild the system (which involved blowing the drive, putting the OS back on and then reinstalling everything from scratch, and 2) Finding an anti-malware app that could remove everything. After trying Malwarebytes for Mac and having it fail miserably, I started looking for another Mac malware scanner and removal system.

What I found, was FixMeStick; but even THAT had issues. It works very well with Yosemite and earlier based Macs; but when I purchased it in January of 2016, it didn’t work with El Capitan based Macs, and my MacBook Pro runs El Capitan. Unfortunately for me, FixMeStick didn’t know about their inability to work with El Cap Macs when I bought the product. I helped them confirm the issue.

FixMeStick is an offline anti-malware scanner. You purchase a self-booting USB stick. You stick it in a USB port, boot from it, it scans your drive, finds the goo and removes it. Unfortunately, El Capitan’s default drive format makes use of journaling, and (up until about 2 days ago, as of this writing), FixMeStick couldn’t even READ a drive that was HSF+ Journaled/ Journaled, Case Sensitive. So it was effectively USELESS to me.

I checked in with them every three to four weeks, asking if they had resolved the issue. They would always say they were close, and that they would have an update to users and a release in about four to eight (4-8) weeks. Those deadlines were always missed, and I came very close to demanding a refund.

I’m going to jump to the end, here, as its going to make this a lot more valuable to everyone in the end…

In the end, they figured it out. Their product now works with El Cap formatted Macs, and the product found three bugs on my Mac and removed them… on the first scan after the issue was resolved… but not without some last minute drama – none of the bugs were the key logger that Webroot Secure Anywhere had identified (and I THOUGHT was the cause of my Google Apps (Gmail) account getting hacked). I thought there was a problem.

Thankfully, I was very wrong.

What I learned is that Webroot has a known issue with identifying false positives when their scanner scans your Time Machine drive. While Key Logger.Spector.Pro.r is a real problem, it isn’t when Webroot Secure Anywhere ONLY identifies it on your Time Machine drive and ONLY on your Time Machine drive.

According to Webroot, and I traded email with their tech support team this past weekend, what Secure Anywhere finds is a false positive on a info.plist file in a kext file that Gatekeeper uses to identify software that can run on your Mac without you having to constantly approve it; AND it ONLY identifies it in this kext file on your Time Machine drive. It’s well documented in their support forums.

So… after 9 months… not only am I virus free; but I never had a key logger, and I shouldn’t have anything or anyone else hijacking my Google Apps account (though thankfully, I actually haven’t had that happen for about four (4) months).

But as I said in November, anybody can get a computer virus. Just because you do, doesn’t (necessarily) mean you’ve been somewhere you shouldn’t nor does it (necessarily) mean that you’re careless. It just means that you picked up a bug. What you do need to do is pick up the right tool to get rid of it, and then make certain you have a real time scanner on your computer.

For me, this is FixMeStick and Webroot Secure Anywhere for Mac.

Related Posts:

Another Day… Another Virus (Backdoor.MAC.Elanor)

This one targets Mac systems. Heads up Apple users…!

As Macs and macOS become more and more mainstream, more and more virus and malware authors are going to be writing code that targets computers coming out of Cupertino. Case in point – a new piece of malware has been encountered in the wild, allowing attackers to hijack a Mac user’s machine.

backdoorThe new malware has been named Backdoor.MAC.Elanor by researchers at Bitdefender. The software installs a backdoor onto an infected Mac that provides full access to a Mac user’s data, and full control over their web cam. The malware has been traced to the installation of an app called Easy Doc Converter.app.

Easy Doc Converter is a fake file conversion app that is apparently available from reputable download sites across the internet. The app installs a component that provides remote, anonymous access of an infected system’s command and control center. Additional components allow attackers to view, edit, rename, delete, upload, download and archive/copy off files from infected systems. They also have elevated privileges that allow them to execute commands and scripts.

This particular bit of malware allows attackers to watch computer users at their workstations via the computer’s web cam. Attackers make use of an included tool called “wacaw” to capture stills and video from infected systems, according to Bitdefender.

Thankfully, the app isn’t digitally signed with an approved Apple security cert, so if you’ve got Gatekeeper enabled (and don’t disable it, trying to install Easy Doc Converter…) you won’t get infected.

As more and more malware targets Macs, you’d be hard pressed not to find and install a decent malware scanner for your Mac. Thankfully, Soft32 has more than one good AV scanner for Mac on the site, including BitDefender Antivirus for Mac 2016.

Since they’re the ones that broke the news on this new malware, they will likely also be the first with removal instructions should you find yourself infected. If you suspect this is the case, installing this app should be your first step.

If you find that you have Backdoor.MAC.Elanor, I’d appreciate hearing from you. Please leave a comment below in the Discussion area for this column and let us know where you found the Easy Doc Converter app and if you’ve been able to get rid of the malware.

Related Posts:

Speed up your browsing with Adguard Web Filter

The internet is said to be the next great operating system. With so many different web based applications available – Gmail, Office 365 and the like – keeping unneeded and unwanted ads out of the way isn’t easy. This is one of the reasons why I like Adguard Web Filter. It’s a Windows based internet tool.

Adguard Web Filter helps you remove online ads from the web pages your view.  Online ads always slow down the loading of web pages you need and may open ones you don’t. The biggest problem is when indecent ads damage your reputation at work or affect the wellbeing of your children.  Web ads are widely used for fraud, circulation of viruses and other types of malware. Ads often distort the appearance of web pages.

Adguard Web Filter removes these annoying ads, reduces the page loading time and saves your traffic. It works with all major browser, including Internet Explorer, Opera, Firefox, Chrome, and Safari. Adguard Web Filter blocks video ads, rich media and other non-standard types of ads, as well as standard ads. It prevents counters and tracking by ad networks. Adguard starts working right after installation, requires no additional configuration and is regularly updated.

Adguard Web Filter is an app that nearly everyone can benefit from. The app installs quickly and easily and the benefits are seen immediately. The removal of online ads is something that you don’t necessarily think about when the ads are gone, but immediately comes to mind when they blink and flash in front of you when they are left unchecked. Available at no charge, the application is something everyone should use to improve their browsing experience on their Windows PC.

download Adguard Web Filter

Related Posts:

Keep your computer safe from malware with Anvi Smart Defender

Keeping your PC safe while you run around the internet can be a full time job. It’s very easy to click here, there and everywhere and come away with some kind of ugly bug. It’s all too easy to have your personal information and even your identity stolen right out from under you. That’s why I like having applications like Anvi Smart Defender available to me. It’s a malware security package for Windows.

Anvi Smart Defender delivers powerful protection against malware – viruses, Trojans, adware, spyware, bots and other threats. With its Smart-Engine, it scans and detects threats on your PC quickly. It has a system optimization function that speeds up your PC; and provides a cloud scan feature that protects your PC more effectively while working with items stored remotely.

Anvi Smart Defender’s smart, active scanning engine is made up of Guards. Its Privacy Guard, Startup Guard, Process Guard, Behavior Guard, and Files Guard stop and block malware by actively monitoring your system and alerting you when it detects a threat. It will not interfere with active tasks and activities when it is scanning. It runs silently in the background. Whether you are surfing, shopping, charting, socializing, sharing or banking, Anvi Smart Defender’s guards protect your PC from malware more efficiently than other, traditional security software.

If you do bump into a file that’s infected with suspected malware, Anvi Smart Defender gives your PC Cloud-based malware identification. You can upload the suspicious file and get a cloud-security report.   Anvi Smart Defender discovers the newest threats first.

Anvi Smart Defender also helps protect your PC by providing traditional PC utilities to help keep it running efficiently. This way if something goes wrong, you know it must be malware related. Anvi Smart Defender includes System Optimize, Registry Fix, Privacy Cleaner, Memory Sweep, and Disk Defragment.

read full review | download Anvi Smart Defender

Related Posts:

Keep your PC safe with this industry leading malware tool – ESET NOD32 Antivirus

I had a friend of mine come to me and tell me of a malware infection he caught over the weekend. It happened because he was sent a piece of email, that he did NOT open; but the message hit his inbox and created a huge amount of havoc anyway. The virus got around his AV scanner.

Having the right AV scanner for your system is important, as my friend is likely going to have to completely blow his system and rebuild it from scratch. This is one of the reasons why I like ESET NOD32 Antivirus. It’s a professional malware prevention application for Windows.

ESET NOD32 Antivirus intercepts and eliminates viruses, worms, Trojans, spyware and other Internet threats with their proactive, heuristic technology. ESET NOD32 Antivirus protects you from known and emerging threats. It offers a simpler, more secure digital experience; and its accompanying Internet security training teaches you how to avoid cyber threats, scams and hackers to make your online experience even safer.

Its New, Enhanced Interface allows you to manage functionality efficiently with intuitive controls that includes access to Most Frequently Used Actions from all its screens. It also enables easier navigation of the advanced setup tree, including its customized, behavior-based HIPS to improve your PC’s security by specifying rules and permissions for the system registry and active processes and programs.

In today’s information-centric communities, ESET NOD32 Antivirus helps protect your data and your PC when you share files.  Not all computer threats come through the Internet. Removable Media Control protects you from potentially infected files exchanged through USB flash drives, CDs and DVDs. Its Cloud-Enhanced Whitelisting allows you to scan faster using its Cloud-Powered Reputation engine that compares your data to trusted files compiled in ESET’s Live Grid database of over 100 million ESET users.

Read full review | Download ESET NOD32 Antivirus

Related Posts:

Zemana AntiMalware

You’ll hear me say it over and over again – you simply can’t run a computer now-a-days without some kind of antivirus or security software running in the background.  You’re just asking for problems if you think you don’t need one…and if you get a virus, bug or worm, THEN what do you do??  This is why I’m thankful for applications like Zemana Anti-Malware. It’s a specialized malware scanner for Windows and it’s the kind that most people need.

Virus scanners are great a preventing infections, but on the off chance you do get one while you’ve got security software installed, then you have serious issues.  The bug is likely smarter than the software you have. It’s likely buried itself deeply within your operating system, and isn’t leaving without a fight. In many cases, the best thing you can do is to copy your data off (to an external drive, to the Cloud, etc.) and then blow your computer and rebuild it. It’s the safest and easiest way to insure you get rid of the infection.  It’s also hugely disruptive and a pain to do.

Zemana Anti-Malware is a second-tier malware scanner designed to rescue your computer from viruses, Trojans, rootkits, etc. that have infected your system despite all the security measures you have in place.  The best thing is that Zemana Anti-Malware can peacefully coexist with other security software on your computer. In the past, having multiple security programs installed on your PC often resulted in slow-downs, crashes, and, surprisingly, less security than running just the single security app.

read full review | download Zemana AntiMalware

Related Posts:

If it Ain’t Dirty, Don’t Clean it

Amid all the Holiday Hullaballoo, malware attacks can be nasty. However, beware where the warnings are coming from.

You must have a malware scanner on your computer – Mac, Windows or Linux – don’t compute without one. Period. You also need to heed the warning dialogs they display. If you’ve got a bug, or if it catches one before it infects you, do what it tells you in order to get rid of it. However, do yourself a favor, mind where the dialog boxes are coming from.

Case in point, last year, my wife got hit by a nasty piece of malware that totally hijacked her computer, down to the BIOS level, making it useful as nothing more than a door stop. I couldn’t even replace the hard drive. The infection had corrupted the laptop’s BIOS. In the end, I had to replace the PC; and the lesson from this is CLEAR – when you’re surfing the internet and you see a dialog box popup informing you that you may already be infected, or are infected with malware, make sure that the dialog box is coming from your malware scanner.

Unlike Soft32, some download sites have software that are infected with malware. Some sites permit popups and pop-unders that advertise malware scanners that aren’t malware scanners at all. They’re really nothing more than applications that steal your personal information, and hijack your PC unless you either pay to get rid of them, or pay a subscription fee. The popups or pop-unders I’m referencing look like legitimate system utility or malware scanner dialog boxes.

Don’t trust them; or any of the information they contain.

Be sure you know which malware scanner you use. Insure that THAT program’s name is listed in the title bar of the dialog box you’re reading. My wife thought she was protecting herself and her computer. In the end, she lost not only her PC, but some pictures and videos we’ll never get back.

I was recently talking to a family member who had a similar issue happen to them. They knew enough to call me and ask me about what they were seeing before they clicked the OK button on the dialog box. It’s a good thing they did. We were able to bypass the dialog box and save their PC and data.

In the end, you need to be mindful of the following:

  • The name of your malware scanner
  • That program’s name will appear in the title bar of any dialog box that displays on your computer.
  • Malware warning dialogs that come from your web browser can usually be considered as suspected, malware.
  • When in doubt, click the “X” button that closes the dialog.
  • Do NOT dismiss the dialog by using the OK or Cancel buttons on it.

Keep yourself safe. Become familiar with your malware scanner, allow it to update itself; and MOST of all, schedule regular scans, regardless of the time of day that they want to run. Better to suffer through a bit of performance lag than to lose all your data AND your PC.

If you want to download free antivirus and anti-spyware security software for Windows, pick one below…

Avast | AVG Antivirus | Microsoft Security Essentials

Related Posts:

Anti-Malware Programs Should be Free

Based on what’s available, you should never HAVE to pay for your anti-malware app.

I’ve been a freelance technology journalist for over 15 years. I’ve written for CMPnet, AOL/CompuServe, UBM TechWeb and for a number of print publications, including a local Chicago paper that is part of the SunTimes family. I’ve looked at a boat load of malware scanners over the years; and its clear, you have to have (and USE) one on your computer. You just do… Unfortunately, there’s really no way around it.

However, just because you have to have and use one, doesn’t mean that you have to pay for it. And you certainly don’t have to pay yearly subscription fees after your initial purchase. There are a number of scanners out there that are really very good, and are free.

Any and all of these are GREAT scanners, and more importantly, they’re all free, and don’t come with any kind of strings attached, such as subscription fees for updated AV definitions. I’ve used all of these at one point or another for both Windows and Mac, and highly recommend all of these. Most scan for viruses, worms, Trojans and the like, and may even help with phishing scams.

If you don’t feel comfortable with a free solution, or prefer the additional or advanced features of a pay or subscription based product, that’s fine. In the end, you just need to find one that seems to work the best for you…and then USE it. Let it run, regardless of WHEN it wants to run its scans. Let its definitions update. The utility can’t protect you if you don’t let it scan your PC and/or let its definitions update itself. Most modern PC’s have multi-core processors. Any performance hit you take is going to be minimal, and should be tolerable. Besides, any performance hit you take is well worth the benefit you receive.

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook