A-Tec Computer

Home    -    Repair    -    Malware Removal    -    Windows 11    -    Contact    -    About Me    -    My Location    -    Computer Tips

 

 

 
 

Scams Are Everywhere

Almost everything out there these days relies on some sort of scam or trick to get you to take some sort of action or call a phone number.  DON'T DO IT!!  Call me instead and I can ease your mind and help you get the warning off of your screen.  If you fall for the trick, you will be interacting with a person trained in conning people out of their money.

Below are two examples of warnings that are designed to scare you enough to call the phone number. Don't do this. You can also fall victim to creative email scams.  More about this below.

.
 

What if you get an email from Best Buy's Geek Squad that looks like an invoice for services or a plan that you owe money?  Are you going to call the phone number or reply so you can get it all straightened out?  Better think carefully and act slowly.  Sharpen up your BS filter because it's most likely a scam.

Here's what can happen with ANY scam where something happens (fake warning, concerning email, bank alert, phone scam).  They call you or you are tricked into calling them. You follow instructions and let an "official tech person" help you with whatever issue they are scaring you with.  When he gets on your computer, he installs hidden remote desktop software that allows him access at anytime, he then changes or adds a login password and then he wants your credit card for services.  By then, you get spooked and realize it's a scam and you hang up.  The next time your computer is shut down and restarted, it's locked out wanting a password.  You look at your call history, call the number back and this time he wants you to go get money cards from Walgreens.

Someone has been in your computer and might have locked you out.  Please don't try to solve this on your own because even after you pay potentially hundreds, you will still be locked out.  It's a simple trick but if you don't know how it works and how to remove it, it's not so simple.

Look out... this is not a Windows graphic.  The remote "tech" is doing some funny business.


Then comes this...

And then this...

The above screens can be what the "tech person" scammer brings up from your own computer in order to hide activity and then lock you out with a password.  You SHOULD pull the plug at this point but even then, the remote software is likely already on your machine and someone could regain access the next time you turn it on.  This can all be fixed but do not turn your computer on until it is.  Let me know everything that happened so I can be sure we are thorough in reversing what the scammer did.
 

Phone Calls From "Microsoft"

Another fake.  Microsoft doesn't call anyone and they do not have your phone number.  Another attempt to trick the user into letting someone into their system who will want to charge money to "fix" it.  It's a simple confidence scam where the scammer gains access to the owner's machine with their permission and once connected, they change your password so that once your computer is turned off and restarted, you can't get back in.  They do it right in front of your eyes but you won't know what it is until it's too late.


Phishing

By now, this should be a no-brainer.  Do not ever, ever give anyone your personal information over the phone or even put it in a web site unless you are absolutely certain the call is legit (meaning YOU initiated the call to a number YOU had) or the web site is legit (eg. www.amazon.com).


CryptoLocker, CTB-Locker, et al.

Not common currently but these get on your system when you interact with an email attachment and attempting to view a zipped PDF.  CryptoLocker and other data-encrypting malware are the worst ones I've seen.  These actually destroy your personal data like pictures and documents and offer to restore them after you pay a high ransom (hundreds) which may or may not work.

The user gets tricked into running the installer by way of an Internet script-based tripwire loaded from an ad or more often from an enticing email attachment pretending to have a report from FedEx, UPS, USPS, PayPal, your ISP, the IRS, etc..  The installer file is activated, the single-file launcher application is placed in a hidden directory and the single-line instruction is added to the registry.  Then it runs from inside and begins to encrypt certain file types.  Encryption means your files are locked.  The files this one goes after are your important personal data like office documents and pictures.  Sometimes the files are encrypted and then your antivirus detects and removes the program.  If this happens, you won't get an announcement or a way to pay ransom.

Protection:
Suspect all attached zip files and emailed web links.  A zip file attached to your email is the danger signal.  Don't fall for the trick.

Suspect every email.  Don't be a "clicker".  Suspect emails that look like they are from legitimate businesses such as the Better Business Bureau, credit card companies and airlines.  These companies do not send out emails with zip attachmentsDelete any emails like I have described.

What if you already have it?

If you get CryptoLocker or CTB-Locker and your files are worth the ransom it is requesting, the malware files(s) and associated registry entries holding part of the encryption key must not be removed until after the ransom has been paid and your files are decrypted.  There are people who have reportedly paid the ransom and have had at least some of their data successfully unlocked.

Again... once tricked, the only way to regain access to locked data is to pay the ransom as instructed by the malware's splash screen:

Data Protection.  An important general safeguard is keeping your data backed up and protecting it with the right method.  I have a section about backing up data on my Computer Tips page but unless you know how CryptoLocker works and take extra precautions, your backed up data may not be safe from it.  From what I have read from IT professionals and those who have experimented with this rattlesnake, the encryption path follows drive letters and encrypts common personal data files it finds on that path.  Meaning if you use an external backup drive and it is connected to your computer using an assigned a drive letter or you have manually created a network share on another computer and mapped it using a drive letter, CryptoLocker can find the drive or shared folder and encrypt the data THERE as well.

To check if your external data is vulnerable, go to Computer (My Computer) and if your backup destination sits on the same page as your C: drive and has a drive letter (e.g. E:, F:) or is mapped with a drive letter, your data is not safe.

Here's an important thing to remember... if you have an automated backup program and it runs after your local files are encrypted, those backup files can be replaced with encrypted versions.  So if you get CryptoLocker, immediately remove the connected destination drive you use for backups or disable your cloud-based backup until your computer is clean.

My recommendation is to use more secure data backup and storage options which include using Network Attached Storage (NAS) instead of a USB or firewire-connected external drive.  If you have mapped network shares that are on host servers, remove the drive-letter maps and use UNC shortcuts (\\%host computer%\%network share%) instead.  Of course burning your data to a recordable CD or DVD is safe, albeit outdated and cumbersome, just be sure to remove the disk from the tray if it is not finalized and closed by your disk-burning software.

My personal NAS choice is a Synology DS213j which is a dual-disk unit already configured for RAID 1 (mirrored).  The NAS is connected to your router by Ethernet cable and is accessible by approved computers on your network.  Note that these units do not normally come with hard drives - you typically add those yourself.  The total cost of a NAS storage system is the enclosure plus the drives.

If you have a USB drive you are using for backups and replacing it is not feasible, physically disconnect it from your computer when it is not being accessed during backups.
 

 


 


 

Expert Removal:

My malware removal technique is unique and was developed and perfected during countless and successful removals for customers.  It begins with identifying the family of the active malware and proceeds from there where I take actions in a certain order based on the malware type and damages present.  After my manual removal/repair, I perform system scans to be sure all remnants, hidden and dormant files from the present and past infections are gone and obscure settings are restored.

Removal attempts by random methods can make the problem worse.  As long as no one has tried to remove an infection with the wrong method, my expert removal and damage reversal technique never fails - I know how malware enters, where it goes, how it operates, where its trigger files reside, how to remove it, and how to reverse its damages.

Kitchen-sink approaches using random automated cleaners to remove malware can be destructive and will rarely detect and repair all the varied damages/changes that malware can do to Windows systems.  The Windows utility called System Restore should not be used against malware.  Invasive cures like ComboFix and SmitFraud Removal are rarely necessary - their use has unnecessary risks and they are not often successful on today's modern malware.

Again - removal attempts performed by the inexperienced can make the problem much worse and can make the repair process more difficult, time-consuming, and sometimes even prohibitive.

If you take your computer to most repair centers for malware/virus removal, the common solution is to reinstall Windows. This will be a costly service and will definitely remove the infection but it will also remove everything else - you will needlessly lose your user-installed programs and customization settings. They will also charge extra to back up your irreplaceable user data.

Reinstalling Windows is rarely necessary as a solution for viruses and malware.  My removal method is effective, safe, thorough and complete.  After I remove the malware and reverse the damages, I then check, tweak and tune the system to make it run faster than it did before the infection.

  A word of warning: I've seen machines that had irreparable damage after home virus removal attempts were performed.  You are taking your chances trying System Restore and some automated cleaners.

I understand the temptation, but please realize the risks of using blind, shotgun tactics.  I get great results manually removing fresh malware infections and have found that most malware-related damages that cannot be repaired easily by me are usually the results of actions having been taken beforehand by someone inexperienced trying to remove the malware.

Windows' System Restore used as a malware cure can cause instruction conflicts and errors which could bring blue screens or even cause the system to not load Windows.  This can be considered as part of the malware trap - either by design or by accident.  System Restore takes only certain settings back to an earlier date and does NOT remove the actual malware or root-kit files.  If part of the damage was to your userinit file and also to its associated registry instruction, running System Restore without repairing the userinit file first will prevent the user from logging into Windows.

The worst examples of botched attempts were caused by applications the owners ran which left their machines in a state with their network controllers not being able to obtain IP addresses automatically and not resolving DNS names.  This was not because of proxy server settings, corrupt DNS caches, or altered hosts files - this was actual damage to and deletion of files and instructions associated with the TCP/IP stack or Windows' DNS-related services and is sometimes not repairable.

Another critical situation involves the malware type that hides desktop files and the shortcuts that appear in the Programs list.  Doing the wrong thing with this one can cause these seemingly missing items to be permanently deleted. 

I can quickly get your computer back like it was if it is left alone.

At the first sign of malware, do not do a System Restore to an earlier date or throw automated removal programs at it.  Call A-Tec.  A computer infected with malware as described above if brought immediately to me, can be completely repaired without a reformat/reinstall.
 

Removal Fees:

The price I charge for malware removal is included in the house call or drop-off rate.  On a reasonably-fast machine, the removal, damage detection/reversal, 2nd opinion scanning procedure and system tune-up will last about 1-1½ hours and if scheduled and brought to my shop, it can usually be done for the basic drop-off fee usually while you wait.  Of course malware can be removed onsite at your residence or business for the applicable one-hour house-call rate.

Some machines when stacked with CPU-taxing applications run painfully slow - thus slowing down the repair/scanning process considerably.  An additional fee of $30 per half hour may apply to onsite malware repair on very slow machines.  If your machine was really slow before the infection, the removal process will be slow as well.  You'll already know if you own such a machine and you may want to consider a Windows reinstall as the best solution.


Future Protection:

Since I am very familiar with the mechanics of malware and know how these things operate, I also know how they are best prevented.  After my malware removal process, I will explain how the malware got on your system, uninstall the anti-virus that didn't work, and will install my favorite user-friendly, lean-running anti-virus application at no additional charge.

 

 
     

Copyright 2023 A-Tec Computer