Earlier today a client called and said he had a virus or some spyware on his computer that could not be removed. The client was remote so I had to login to his computer to investigate. I used the typical tools such as Malwarebytes and Microsoft Security Essentials but the issue still existed. It seemed as if the computer had a proxy server configured but the proxy did not show underneath Internet Explorer connection settings or any of the other browsers. It didn’t happen all of the time but every now and then a pop up window would appear for the site GimmieAnswers.org and some other pop ups regarding “Daily Giveaway Contests” were also displaying. Below is more information on how the issue was resolved.
Yesterday I wrote an article about securing your /tmp and /var/tmp directories on a Linux server because I had found some files uploaded to the /tmp directory via the apache user. After locking down those directories I wanted to verify that there were no other issues on the server so I installed Rootkit Hunter and Rootcheck which are two applications that will assist you with verifying the integrity of your Linux server. Below is information on installing Rootkit Hunter and Rootcheck as well as information on how to use each of them effectively.
I had a virus on a machine in the shop today which is very similar to a few previous virus’s we wrote about called personal security and XP Antispyware. The removal process is pretty similar but I decided to write a new post detailing its removal. This virus gives a fake “windows” security alert and then suggests you run or download a product called Antivirus Soft. Of course the program is fake and they will steal your bank credentials and do all sorts of other nasty things to you if you decide to buy it. The interesting thing about this program is its always called some thing different so its a little tough to track down. Below I will outline what my particular virus was called and how I got rid of it , however chances are yours may be named something else so you may have to do a little trial and error with the task manager to figure it out.
A client of mine called me in a panic yesterday because a laptop he uses for work got infected with the Personal Security virus. Personal Security is a nasty virus, also sometimes called antispyware or malware, that takes over your computer and attempts to get you to purchase the software. The virus actually makes the end user think that it is legit software and they are only doing you a favor by protecting your computer however this is not the case. Below I describe things that the virus will do to blend in to Windows as well as a method I have discovered as one of the easier ways to remove it.