Had to nuke my Win 10 machine

This is why I don't like forced updates.  The latest version from MS caused my Win 10 box to go into a endless reboot.  I would turn it on, get to the logon screen and15 seconds or so the screen will go black, then blue, then reboots.  I went to the DELL tools when it started up and did a hardware check and it was all good.  Safe mode wouldn't tell me what the problem was, all it showed was 'hardware' failed according to the software.  Rather than working on what driver (if I could even find what was causing the issue) was at fault it was faster for me to restore the machine to its original state.  One of the normal tasks I had was backing up my data so that wasn't going to be a major issue for me (I thought).

I forced the system to go back to the original Win 8.1 installation and then went through the process of updating that.  I have made the decision that going Win 10 isn't happening on that machine.  It took me a few days to get things up-to-date and patched.  Removing McAfee was a bit of a pain as even when I said to remove it I was told I didn't have the authority (I was using the admin account).  McAfee did have a tool to do a complete removal and that worked.  So far the machine is running very well, no reboots!

The only issue I had was restoring my email (Thunderbird).  My latest backup of the mail folder didn't work, but, as I had multiple backups I could go back to an older backup.  All my other documents, videos and pictures restored without a problem.

Lesson learned is that I will now have checkpoints to restore back to in the case a future update messes up the system.  I turned it off thinking I wouldn't ever use it and I could use the disk space for other things.

Software and Tools - Antivirus

The next thing on the list of things to do is a good antivirus package after you install your favourite browser and before you start serious web surfing.  Again, this is a personal preference and it all depends on what you want, need and are willing to pay for.  There are those who say it is all snake oil and useless.  They are welcome to their opinion and in my not so humble opinion it is needed.  It is another level of defense for you that will stop the known nasty software out there.  Why make it easy for hackers to take over your system and use your bandwidth to take down sites, steal your identity?  Will it be 100% effective, maybe not, but if they want to get into my system they will need to work on it and not have an open door.

There are a number of sites that do reviews and I have a list five sites I know.  There are a lot more, but, I don't know them, their methodology and if they got paid to do the reviews. 

• AV Test org
• Consumer Affairs
• PC Advisor
• PC MAG 
• PC World

For myself I was looking for an package that works in

• Windows (I still have a machine left running Windows 10)
• Android for our tablets via the Google Play store.
• Android phone.  This is a low end model with limited resources.
• Linux.

I found one common package that works very well in Windows and Android, but, right now my distro does not offer the Linux version of that product.  It does not slow down my machines, especially the low end phone and did catch crap that tried to get installed when someone sent me an email.  Avast works well enough, has a free version that does most of what I want and need.  The version does show ads, but, they are small and unobtrusive for me and don't slow my systems down.  For Linux I am looking at ClamAV as that is available in the distro of Linux I am using.  UBUNTU community has a good small page of various packages you can check out.

The Android screens looks like the following:

The Windows screens looks like the following:

Please remember, just because you are running an antivirus program you can surf wherever you want, click on anything, install anything and open questionable emails.  Nothing is 100% and safe surfing and email practices are required.  Antivirus software just gives you another level of defense.  You also should be keeping your software up to date and making regular backups (a future blog).

Possible ad-malware attempt

For the last several days my Android tablet was opening windows at random.  At first I thought it was me, but, yesterday the following happened and the tablet was sitting on the table untouched:

• Multiple search windows open;
• Over 12 tabs opened in the browser going to a number of sites with the same prefix.  I won't name it as I don't want them to get the ad revenue;
• My BANKING app was opened up.  I don't have auto-sign-in there so no damage done.  I checked the bank account from my Linux machine and no activity to my account (yay!);
• Multiple apps opened up.  Again these had ads so I suspect they were trying to maximize their ad revenues.  Either that or they wanted someone to pay a lot of ad money for spam clicks;

I know what the last app I installed so I suspected that app as they are ad supported.  After I removed the app and let the machine sit for 24 hours I had no more random windows opened so I may have guessed correctly.

I also run AVAST on the machine and I scanned everything and it was clean.  I know if it is very new the scanner may not detect it, but, I wanted to make as sure as possible I wasn't infected with a known virus.

I also sent Google a feedback that the app may have ad-malware and see if there is anything that they could see and do.  May not be much, but, at least I wanted to make them aware of the issue.

My guess for next gen malware encryption

I am going to make a bet that the next generation of file encryption malware is going to be a lost nastier.  Your best defence is:

• Backups.  Keep multiple backups and not connected to any network after your backups are done.  Don't just do backups, test them!  Too many times someone approaches me saying they need help as they tried to restore files from backups and they don't work;
• Up-to-date software.  When patches comes out for your operating system and applications install them ASAP.  Most of the time those patches are due to holes and the hackers are already using them.  It does not matter what O/S you use, Windows, Linux, OS/X all need to be up-to-date;
• Home routers.  Keep them up-to-date also.  Sometimes your ISP will patch their routers, ASK them to keep their hardware up-to-date;
• Good anti-virus software and keep them up-to-date;
• Do and not opening up attachments from emails that you didn't ask for is also a good step;
• Good web surfing habits.  Sometimes a site will pop-up 'You need to update or install this program to view'.  Don't trust any site doing this.  Most of the time it is for Flash and people think 'Oh, I am out-of-date again' and click install.  NEVER DO THAT, go directly to the source of the program and check.  If it is out-of-date install from the maker directly and not from a web site.

Unfortunately the writers of these nasty programs won't stop there.  They have been using ad-malware and then getting into legit sites serving ads and try to infect you when you view their "ads" and try to bypass asking your permission to install.

Right now when your system is infected and your files are encrypted some people recommended to turn back the system clock so time does not expire. Right now that works, but, I suspect not for very long.  The writers of these programs know that "trick" and I suspect they are working on how to counter that.  I see them saving the system clock information and the network time information at time of infection.  With that they know exactly when they installed on your system.  They also can determine the basic time differential between your system and the network.  If they then compare that information the next time it runs the program may just nuke your files if the date on system clock is less than their time-stamp.  Also, if they are really nasty they will also nuke the files if they cannot make a connection to the network to verify the time.  When they can make a connection they will use the time differential to see if you played with the system clock.  I would also be willing to bet that they will advertise what they did and why so that fact will spread around that playing with your system clock or unplugging from the network will nuke your files.  I don't know if (or when) that will happen, but, it will make your backups much more important as the only way to restore your system is to do a total wipe and restore.

Another campaign with virus/trojan laden emails

For the last couple of days I have been receiving a number of emails with file attachments.  They are from people I don't know and claiming I have unpaid invoices or they are coming from me with file attachments.  It doesn't matter, when I get email from unknown people with attachments I never open them.  When they are from me I know exactly every note I send myself and I don't open something I don't remember sending.  I checked a number of sites with the note information and found that they are full of nasty programs that will take over your computer.

Notes:

• If you get email with an attachment from someone you don't know never indulge your curiosity by reading the file, delete the email, empty the trash.
• If you get email from someone you know, but, are not expecting contact them first and verify that they actually sent the email.  Don't use any links inside, use your own contact list.  If they didn't send it, delete immediately and empty the trash.
• If you get email that claims to be you and you don't remember sending it, delete immediately and empty the trash.

 

My ISP flagged them as SPAM.

Example text of their claiming you owe them money.  Actually trojan laden attachment.