 Latest Malware Removal Guides
|
|
|
 Welcome!
Are you new to Bleeping Computer?
Bleeping Computer is a community devoted to providing free original content, consisting of computer help and tutorials, in such a way that the beginning computer user can understand. Getting started using our community is extremely easy! Just follow these easy steps below to start receiving the computer help you need:
Step 1: Create an account by clicking here. It's completely free with no hidden strings attached.
Step 2: If you are having a computer problem and need some computer help, ask us in our Discussion Boards. Once you register an account, you can quickly post a question by clicking on the New Topic button in the appropriate category and receive the computer help you need.
Step 3: If it is an easy to read and understand How-To or tutorial on a topic that you need help with, you can visit our Tutorial Section. Once you are there, just browse through the various tutorials till you find one that suits your needs.
Step 4: If your computer is running slow and you can not figure out why then you should visit our Startup Programs Database. You can use this database to help you lookup the programs that are running on your computer and find out if they should be allowed to.
Step 5: Are you infected with malware and can't get rid of the infections? The stop by our Malware Removal Guides section for a listing of some of the most common infections found today. If your computer is acting weird, and you think you may be infected, then maybe the Am I Infected? forum is the right place to determine if you are.
Step 6: Can not find the information, computer help, tutorial or How-To that fits your specific need? Then ask us to provide this information for you by leaving us Feedback with your request.
Once again, welcome and enjoy your stay!
|
|
|
 Today at the an event in San Francisco Apple CEO Steve Jobs unveiled the iPad. This is a tablet device weighing in at 1.5 pounds with a 9.7" LCD screen and a staggering 10 hour battery life.
The iPad contains full compatibility with existing iPhone apps as well as new apps that were designed specifically with the large screen of the iPad in mind. Some of the apps displayed were a few games, iBook for digital books, and the iWork work suite.
For more information see the live coverage at the link to Macworld.com below.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Jan 27 2010, 02:19 PM - 38 comments
|
Read: 2305 times -
View Comments
|
|
|
|
 Adobe posted a security bulletin where they outline critical vulnerabilities in Adobe Reader and Acrobat that could allow a remote user or malicious program to gain control over your computer. To protect yourself, it is strongly advised that you download and install the latest version of Adobe Reader and Acrobat immediately. The current version is version 9.3 and can be downloaded at the link below.
Even if you do not use PDFs, having these programs installed on your computer while browsing the web puts your computer at risk. While browsing the web, a malware distributor or hacker could use use this vulnerability and allow hackers or malware to have full control over your PC. They do this by using Javascript exploits or Iframes to automatically open specially crafted malicious PDF files in the vulnerable Adobe Reader without your permission. Once the malicious PDF is loaded by Adobe Reader or Acrobat, it will execute the commands integrated into the PDF on your computer without your knowledge or permission. These commands could further download other malware onto your computer without your knowledge that open backdoors or steal your information.
Therefore please update Adobe Reader and Acrobat now!
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Jan 12 2010, 08:12 PM - 7 comments
|
Read: 1630 times -
View Comments
|
|
|
|
Google has threatened late Tuesday to pull out of its operations in China after it said it had uncovered a massive cyber attack on its computers that originated there. Google said that it had found a “highly sophisticated and targeted attack on our corporate infrastructure originating from China.” As a result, the company said, it would no longer agree to censor its search engine in China and may exit the country altogether.
Source : http://www.nytimes.com/2010/01/13/world/as...beijing.html?hp
|
|
|
|
Add New Comment
|
|
Posted: By Romeo29 on Jan 12 2010, 08:06 PM - 11 comments
|
Read: 2165 times -
View Comments
|
|
|
|
 Sometimes an event takes place that really takes you aback. You work hard on trying to create a helpful site, you try and help friends who have an issue, and then you run into a person who is so hostile and antagonistic that you just have to take a step back and ask yourself ,Why?
This is a long read, but I found it so baffling after all the work sUBs, the developer of ComboFix, puts into his program that I wanted to share it with the rest of you. It should also be mentioned that the indented blue text are snippets of email that sUBs or I sent. The red indented text is from the blog post, that was removed, of the copyright infringer. Out of politeness and privacy, which I would expect someone else to respect, I have not quoted any of the infringer's emails. It all started on December 14th when sUBs, the developer of ComboFix apprised me that someone wrote a blog entry stating that: "The author of Combofix yanked it offline due to some bug that can cause computers not to boot. In its place is a link to a disclaimer. The last version available was released on 12/11/09. The latest copy we had here onsite was from 11/24/09. I’ve uploaded that version here. I never had the problem of a system not booting due to Combofix and keeping it offline while there are still computers infected with spyware seems a bit irresponible. I guess I’ll have to start mirroring it here in case they decide to take it offline again." We were baffled. Here sUBs is working his butt off on a solution to a problem that can cause a computer to become a brick, and this jerk is calling him irresponsible for pulling the program so that he can protect users from this bug. Since sUBs was so busy working on the bug, he wrote something up and asked me to contact the author and deal with it. So I sent this guy an email containing the message sUBs requested that reads: Though I appreciate the fact that you find ComboFix to be useful enough to want to host it yourself, it was taken down for a reason. Please remove your hosted copy of ComboFix immediately.
You state on your blog:
"I never had the problem of a system not booting due to Combofix and keeping it offline while there are still computers infected with spyware seems a bit irresponible."
Do you think that as the developer of ComboFix, and having devoted years of my life to creating and updating it, that I take the program down without intense consideration and regret? I think, as the developer, I know when a bug is important to prompt me to take ComboFix, while I fix it, so that I can protect users from having their systems become unbootable. To me it is more irresponsible for someone to host a file when it has been publicly stated by the developer that it has a serious bug, then to stop the program from being available. If you wish to use the file for yourself that is fine, but it is inappropriate to host it for others to use.
Thank you very much.
sUBs sUBs didn't care about the blog post. All he wanted was for this person to remove the download so that it would not be distributed and harm anyone, let alone the fact that it is copyrighted and being distributed without permission. I get an email back basically stating that we should allow the download and "buyer beware". He then tries to make an analogy about whether I would drive a car if there was a recall. Then states that he spent half his morning looking for CF because one of his clients had an infection. Finally he states as a compromise he would remove the blog posting, which he did, but leave the file on his web site for personal use, which he did. First of all, if you can't fix an infection without ComboFix then I suggest you should really start learning some of the other tools that can be found on the web. There are many tools that would allow you to remove almost any infection if you learned how to use them. ComboFix just makes the job immensely easier, but to leave it available with a serious bug because it makes our life easier is ridiculous. Basically, this person wanted to sacrifice other people's computers so that his life would be easier. What really galled me was the fact that he had the nerve to make a compromise. This is not his file. He did not create it. It is copyrighted to sUBs and if he does not give you permission, it is simple as that. Get it off your server! So sUBs sent him another email that gives his opinion as to why it was removed, whether a car would be driven, and ultimately states: This is a copyrighted work and I do not want anyone hosting my file for distribution illegally. If you choose to host it for your personal use, then that is your prerogative as long as the URL is not publicly available. I see that the file is still available at this URL:
http://www.leinss.com/files/ComboFix.exe
As this is a publicly available URL, i ask you to move the file elsewhere on the site that is not visible and known to others, so that you continue using it personally. Well, this morning the file was still there with no response. So sUBs asked me to act as his agent and file a DMCA infringement notice to this person and his ISP. This is where I started dealing with this person, and let me tell you, it is not a pleasure. I feel bad for anyone who has to deal with this guy on a day-to-day basis. So I send him and his ISP this infringement notice with the following email: Attached is a DMCA Copyright Violation notice for the copyrighted material that you are hosting without permission. This copyrighted content is located at:
http://www.leinss.com/files/ComboFix.exe
I ask that this content be removed immediately as you were not given permission to host this content.
Thank you for your prompt attention to this matter.
Lawrence Abrams
Bleeping Computer, LLC.
http://www.bleepingcomputer.com If the guy is not going to behave with polite discourse, then we have to use a heavy hand. A couple of hours later I get an email from the guy stating that he removed the file and is going to post my DMCA Infringement Notice on his site. That does not bother me, but he posted it with my legitimate email, which is required for these notices, and I didn't want that to get picked up by SPAM bots. So I whipped up a new version of the notice, with my email redacted and asked him to host it instead. I also tried to reason with the guy stating that: Would you react in a similar manner if Microsoft knew you were hosting a file of theirs? Would you tell them they are wrong and even though they are the copyright holder you will do as you wish? I got back a few scathing emails about how Microsoft is not the same as a file with a bunch of batch files, etc, etc. If it is just a bunch of batch files, maybe this blogger should go and write his own tool. Let's see how he feels when people start disregarding how he wants it distributed. Surprisingly, though, he did put up the version of the notice without my email, which I do appreciate. Thanks! I find out a few hours later, though, that he has banned my IP address from viewing his blog. Go figure. What I find so confusing, is that here is a person who obviously needs ComboFix, yet he was so willing to piss off the author enough that it may make author wonder, why bother? Not only that, but this person thought it was his god given right to do whatever he wanted with someone else's work, even though that work was copyrighted and he had no permission to distribute it. This is obviously someone who does not care about others wishes and only cares about making his life easier. I deal with content thieves all day and it is a huge time waster for me. There are those who do it by mistake, but when told that they are taking copyrighted material, promptly remove it. Then you have those who even after being told, don't give a damn, and continue doing so; well they are a breed unto themselves. From all the comments on our site and on Facebook about ComboFix not being available, I can see that 99.99% of you truly appreciate the work that sUBs does on this program and understand why it was pulled. Yes, its frustrating to lose this tool because it makes our lives easier, but at the same time we do not want to turn our friends, familys, clients, and let alone our own, computers into a glorified brick. Many people who have little technical knowledge use ComboFix because they are told to, not heeding the warnings, and then if they fit the right criteria and hit the bug, no longer have a working computer. Some of these people do not have friends who are technically adept enough to reinstall their computer. Some of these people do not have enough money to hire a technician. So it is important for any program that we suggest work properly and without risk to the user. In my personal opinion doing anything but that, would be irresponsible. |
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Dec 15 2009, 10:38 PM - 88 comments
|
Read: 18621 times -
View Comments
|
|
|
|
|
 On December 11th, 2009 the FBI released a press release titled Pop-Up Security Warnings Pose Threats. In this press release they state:
"The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software that looks authentic."
As new rogues are released almost daily, and we stay on top with them with the guides, this is not news to us. Rogues have become an epidemic in the malware scene and they do not seem to be slowing down. In fact the Wini family of rogues releases a new one almost every other day. This is further illustrated in a Kaspersky an article by Vyacheslav Zakorzhevsky called Rogue antivirus: a growing problem that states "Such programs are extremely widespread and are increasingly used by cybercriminals. Whereas Kaspersky Lab detected about 3,000 rogue antivirus programs in the first half of 2008, more than 20,000 samples were identified in the first half of 2009.". Unfortunately, the developers of Rogue software are typically located in countries that do not have a strong policy on cyber crime and thus there is little that can be done about it. The reason these rogues are created in the first place is because they generate huge amounts of revenue. These rogues are promoted through through affiliate programs where affiliates get paid a certain amount of dollars, some as high as $30, every time the rogue is installed on a computer. As most of these rogue companies do not care how the affiliates get the program installed, many of the affiliates will use any means at their disposal to get these programs installed on a computer. This includes using malware to silently install them or fake online anti-malware scanners to trick a user into thinking they are infected. These huge profits are shown in the FBI press release where it states "The FBI estimates scareware has cost victims more than $150 million.". This is further corroborated in an article written by Brian Krebs titled Massive Profits Fueling Rogue Antivirus Market where we learn that some of the top rogue affiliate earners have made over 200 thousand dollars in 15 days. With profits such as this, it make perfect sense why these types of malware are so prolific and why they are here to stay.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Dec 15 2009, 07:04 PM - 3 comments
|
Read: 3275 times -
View Comments
|
|
|
|
According to a report by MessageLabs(PDF), 87.7% of all e-mails sent in 2009 were spam. This is despite several high-profile takedowns of prolific spam-spewing ISP's in late 2008 and in August of this year.
The report blames this on personal computers which have been compromised by malicious software, thus becoming a part of a "botnet" used to send spam.
These "zombified" computers account for 83.4% of all 107 billion spam messages sent each day. The cutwail botnet alone sent 8.5 trillion messages between April and November.
|
|
|
|
Add New Comment
|
|
Posted: By Amazing Andrew on Dec 08 2009, 02:00 PM - 7 comments
|
Read: 3076 times -
View Comments
|
|
|
|
 The Malwarebytes', or MBAM, team announced today that IOBit, a software developer located in China, has been purposely stealing their malware definitions and incorporating it into their Security 360 product. As IOBit has been marketing their new security product strongly lately, this accusation could make their Security 360 product short lived.
It started with the MBAM team discovering a forum thread at the IOBit forum with a user questioning the scan results from their new Security 360 product. The scan result is:
Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501
The definition classification of Don't.Steal.Our.Software.A. is the exact same one that Malwarebytes' uses in their virus definitions for various MBAM serial code generators. The MBAM staff found it strange that IOBit would detect MBAM keygens and at the same time use the classification that they themselves made up. This led them to become suspicious and to dig deeper into the IOBit virus definitions. What they discovered was that this was not a unique incident and that there were other definitions that were copied directly from their database as well.
To finally confirm that they were indeed stealing their definitions, MBAM created a definition for a fake and nonexistent Rogue program called Rogue.AVCleanSweepPro and created fake and harmless test files to go along with this test. This is not a real infection and was made up by the Malwarebytes' development team in order to catch IOBit in the act. Therefore, the only place this definition should exist is in the Malwarebytes program definitions. Within two weeks, though, IOBit was flagging this same infection under almost the exact same names. So let's recap. A company makes up a program and two weeks later it appears in another company's program? Seems pretty obvious that they are stealing their definitions.
Malwarebytes` has also stated that they have discovered that IOBit may have stolen definitions from other competitors databases as well. At this time we do not who these other competitors are and what was stolen. This is not the first time that malware definitions have been stolen from competitors, but no matter how you look at it, this is a criminal act as the virus definitions are the intellectual property of the creators.
After the announcement, there has been a strong community outcry on the purported behavior of IOBit as seen by the Malwarebytes's announcement topic listed below. As IOBit is located in China, there has not been much of a response back from them as of yet. The only thing we have seen are threads being deleted from the IOBit forums when the subject is broached, and just recently, and new thread created by a IOBit staff member that is supposed to be used to post questions about the accusations by Malwarebytes'.
We will continue to cover this and provide any updates as we get them.
|
|
|
|
Add New Comment
|
|
Posted: By Lawrence Abrams on Nov 02 2009, 11:17 PM - 24 comments
|
Read: 8632 times -
View Comments
|
|
|
|
|
Most Recent Posts
|
 Most Recent Tutorials
|
|
|
Have a computer problem and would like to ask us for help? To learn how to ask your question Click Here!
Do you have popups, spyware, or other malware infecting your computer? If so, Start Here!
Are you having trouble using this site? Then you should visit the New User Orientation Center!
BleepingComputer.com
Link: