The Noisy Virus

Mark Berry February 24, 2016

Mom called. She had done an Internet search using Internet Explorer 11 and wound up with this in her browser:

Noisy virus 1

More...

Crypto Viruses: the Online Stickup

Mark Berry November 19, 2014

You may have heard of a resurgence of the CyptoLocker/CryptoWall ransmomware viruses.  These make me nervous because they can actually encrypt the files on your drive, making them unreadable and unusable.  The crooks then demand that you pay $500 – $1500 to recover your files. If you see a screen like this, your computer has probably been infected:

Crypto Virus 1 Crypto Virus 2

More...

PowerShell Script to Run a Program Once

Mark Berry November 18, 2014

I want to deploy CryptoPrevent Portable using the MaxFocus RMM tool. CryptoPrevent sets up software restriction policies to keep programs from running in certain locations. However, it doesn’t actually install a program or service, so it’s hard to know if it’s already been set up. (Thanks to Jake Paternoster for confirming that in a comment on this post.)

More...

MaxFocus Script to Check for CryptoWall Infection

Mark Berry November 14, 2014

The CryptoWall ransomware virus is getting a lot of attention lately but this is one angle I haven’t seen covered:  how to get an alert in the MaxFocus (formerly GFI) dashboard if a machine is infected. The sooner you know, the sooner you can work on restoring a current backup.

Here’s a standalone PowerShell script that checks a few file and registry locations for evidence of CryptoWall and raises an error if found.

More...

Block User Folder Executables

Mark Berry October 14, 2013

One suggestion for blocking the Cryptolocker ransomware virus is to prevent execution of *.exe files in the %AppData% folder and its subfolders. I wanted to make the restriction a little more generic (to cover mutations of this virus and others) and discovered these issues under Windows 7:

More...

Lenovo System Update UNCServer.exe

Mark Berry June 11, 2013

I had a moment of panic this morning when I discovered UNCServer.exe running on my Windows 7 workstation. I thought it was a VNC server, which could allow external control of my PC. Do I have a virus? I immediately unplugged my network cable and started researching.

More...

Phony AT&T Bill

Mark Berry August 2, 2012

Got a pretty realistic-looking AT&T billing notice this morning. So how to tell it’s phony? Well beside the fact that I’ve never had a $634 phone bill, all you have to do (if you’re using Outlook) is hover the mouse over various links in the email and you’ll see that they do not point to AT&T sites.

Don’t click on the links, and don’t right-click to download pictures.

Phony AT&T Bill 1

More...

Phony AT&T Bill

Mark Berry August 2, 2012

Got a pretty realistic-looking AT&T billing notice this morning. So how to tell it’s phony? Well beside the fact that I’ve never had a $634 phone bill, all you have to do (if you’re using Outlook) is hover the mouse over various links in the email and you’ll see that they do not point to AT&T sites.

Don’t click on the links, and don’t right-click to download pictures.

Phony AT&T Bill 1

More...

Getting through Malware Monday

Mark Berry July 7, 2012

A government-supported workaround to the 2007 DNSChanger virus will expire on Monday, July 9, 2012.

To see if your computer is infected, visit www.dns-ok.us.

If you are infected, run a removal tool. There is a list here: www.dcwg.org/fix.

To read more about DNSChanger, see this PCWorld article.

More...

New USPS Shipment Virus Email

Mark Berry April 19, 2012

Here’s a new variation on the airline ticket virus email that I reported on last November. An email supposedly from the United States Postal Service says that I have a parcel waiting in Kansas City, and tells me to open the attached file:

USPS Virus 1

Don’t open the attachment! It’s a virus.

Virus Confirmation

There are several grammatical errors in the email which should make one suspicious. Plus I doubt that the USPS would send an email with zip file attachments. In fact, the USPS has a prominent warning about these emails on their home page that links to this PDF document:

USPS Virus 2

As usual, the icon for the extracted file is disguised to look like a document (in this case PDF), but if you turn off “Hide extensions of known file types” in Windows Explorer > Tools > Folder Options > View, you’ll see that it is actually an executable (.exe) file:

USPS Virus 5

Fortunately, a day and a half after receiving the email, 27 of 42 anti-virus engines are detecting the attachment as a virus, according to VirusTotal:

USPS Virus 3

Microsoft Security Essentials, updated 4/19/2012, catches this one:

USPS Virus 4

Microsoft Security Essentials is free for home use and for small businesses with up to 10 PCs.

More...

About

Welcome to MCB Systems!

MCB Systems is a San Diego-based provider of software and information technology services.

Our software services include customization and programming to make software work for you.

Our proactive I.T. services help businesses control costs by providing a fixed monthly bill for routine I.T. services.

We take a consulting approach that listens first and provides solutions tailored to your business.

Contact MCB Systems today to discuss your technology needs!

Copyright © 2017 MCB Systems. All rights reserved.
Terms of Use - Privacy Policy
Created in WordPress using the Afterburner theme by RocketTheme.