In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

• Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
• CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
• Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

• Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
• Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

How to make a computer faster: 4 ways to speed up your PC

By following a few simple guidelines, you can maintain your computer, help increase your PC speed, and help keep it running smoothly. This article discusses how to use the tools installed on your computer, plus a few safe and free downloads, to help make your computer faster, maintain your computer efficiently, and help safeguard your privacy when you’re online.

Note: Some of the tools mentioned in this article require you to be logged on as an administrator. If you aren’t logged on as an administrator, you can only change settings that apply to your user account.

1. Remove spyware, and help protect your computer from viruses

Spyware collects personal information without letting you know and without asking for permission. From the websites you visit to user names and passwords, spyware can put you and your confidential information at risk. In addition to privacy concerns, spyware can hamper your computer’s performance. To combat spyware, you might want to consider using Malwarebytes. This scan is a free service that helps check for and remove viruses. You should also download Microsoft Security Essentials for free to help guard your system in the future from viruses, spyware, adware, and other malicious software (also known as malware). Microsoft Security Essentials acts as a spyware removal tool and includes automatic updates to help keep your system protected from emerging threats.

2. Free up disk space

The Disk Cleanup tool helps you to free up space on your hard disk to improve the performance of your computer. The tool identifies files that you can safely delete and then enables you to choose whether you want to delete some or all of the identified files.

Use Disk Cleanup to:

– Remove temporary Internet files.
– Delete downloaded program files, such as Microsoft ActiveX controls and Java applets.
– Empty the Recycle Bin.
– Remove Windows temporary files, such as error reports.
– Delete optional Windows components that you don’t use.
– Delete installed programs that you no longer use.
– Remove unused restore points and shadow copies from System Restore.

Tip: Typically, temporary Internet files take the most amount of space because the browser caches each page you visit for faster access later.

To use Disk Cleanup:

Windows 7 users

1. Click Start, click All Programs, click Accessories, click System Tools, and then click Disk Cleanup. If several drives are available, you might be prompted to specify which drive you want to clean.

2. When Disk Cleanup has calculated how much space you can free up, in the Disk Cleanup for dialog box, scroll through the content of the Files to delete list.

3.  Clear the check boxes for files that you don’t want to delete, and then click OK.

4.  When prompted to confirm that you want to delete the specified files, click Yes.

After a few minutes, the process completes and the Disk Cleanup dialog box closes, leaving your computer cleaner, performing better, and potentially increasing your PC speed.  For more options, such as cleaning up System Restore and Shadow copy files, under Description, click Clean up system files, and then click the More Options tab.

Windows Vista users

1. In the Start menu, click All Programs, click Accessories, click System Tools, and then click Disk Cleanup.

2. In the Disk Cleanup Options dialog box, choose whether you want to clean up your own files only or all of the files on the computer.

3. If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

4. Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

5. When you finish selecting the files you want to delete, click OK, and then, to confirm the operation, click Delete files. Disk Cleanup then removes all unnecessary files from your computer. This may take a few minutes.

The More Options tab is available when you choose to clean files from all users on the computer.

Windows XP users

1.  Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup. If several drives are available, you might be prompted to specify which drive you want to clean.

2.  In the Disk Cleanup for dialog box, scroll through the content of the Files to delete list.

3.  Clear the check boxes for files that you don’t want to delete, and then click OK.

4.  When prompted to confirm that you want to delete the specified files, click Yes.

After a few minutes, the process completes and the Disk Cleanup dialog box closes, leaving your computer cleaner and potentially performing better.

3. Speed up access to data

Disk fragmentation slows the overall performance of your system. When files are fragmented, the computer must search the hard disk as a file is opened (to piece it back together). The response time can be significantly longer.

Disk Defragmenter (sometimes shortened to Defrag by users) is a Windows utility that consolidates fragmented files and folders on your computer’s hard disk so that each occupies a single space on the disk. With your files stored neatly end to end, without fragmentation, reading and writing to the disk speeds up.

When to run Disk Defragmenter
In addition to running Disk Defragmenter at regular intervals (weekly is optimal), there are other times you should run it, too, such as when:

– You add a large number of files.
– Your free disk space totals 15 percent or less.
– You install new programs or a new version of the Windows operating system.

To use Disk Defragmenter:

Windows 7 users

1. Click Start, click All Programs, click Accessories, click System Tools, and then click Disk Defragmenter.

2. In the Disk Defragmenter dialog box, click the drives that you want to defragment, and then click the Analyze disk button. After the disk is analyzed, a dialog box appears, letting you know whether you should defragment the analyzed drives.

Tip: You should analyze a volume before defragmenting it to get an estimate of how long the defragmentation process will take.

3.  To defragment the selected drive or drives, click the Defragment disk button. In the Current status area, under the Progress column, you can monitor the process as it happens. After the defragmentation is complete, Disk Defragmenter displays the results.

4.  To display detailed information about the defragmented disk or partition, click View Report.

5.  To close the View Report dialog box, click Close.

6.  You can also schedule the Disk Defragmenter to run automatically. (Your computer might even be set up this way by default.) Under Schedule, it reads Scheduled defragmentation is turned on and then displays the time of day and frequency of defragmentation. If you want to turn off automatic defragmentation or to change the time or frequency, click Configure schedule (or Turn on Schedule, if it is not currently configured to run automatically). Change the settings, and then click OK.

7.  To close the Disk Defragmenter utility, on the title bar of the window, click the Close button.

Windows Vista users

1.  Open Disk Defragmenter: Click the Start button, click All Programs, click Accessories, click System Tools, and then click Disk Defragmenter. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

2.  In the Disk Defragmenter dialog box, click the drives that you want to defragment and then click the Analyze diskbutton. After the disk is analyzed, a dialog box appears letting you know whether you should defragment the analyzed drives.

Tip: You should analyze a volume before defragmenting it to get an estimate of how long the defragmentation process will take.

3.  To defragment the selected drive or drives, click the Defragment disk button. In the Current status area, under the Progress column, you can monitor the process as it happens. After the defragmentation is complete, Disk Defragmenter displays the results.

4.  To display detailed information about the defragmented disk or partition, click View Report.

5.  To close the View Report dialog box, click Close.

6.  You can also schedule the Disk Defragmenter to run automatically. (Your computer might be set up this way by default.) Click Modify schedule….

7.  In the Disk Defragmenter: Modify Schedule dialog box, choose how often, which day, and at what time of day you want defragmentation to occur, and then click OK.

8.  Click OK again.

Windows XP users

1.  Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Defragmenter.

2.  In the Disk Defragmenter dialog box, click the drives that you want to defragment and then click the Analyze button. After the disk is analyzed, a dialog box appears, letting you know whether you should defragment the analyzed drives.

Tip: You should analyze a volume before defragmenting it to get an estimate of how long the defragmentation process will take.

3.  To defragment the selected drive or drives, click the Defragment button. Note:In Windows Vista, there is no graphical user interface to demonstrate the progress—but your hard drive is still being defragmented.  After the defragmentation is complete, Disk Defragmenter displays the results.

4.  To display detailed information about the defragmented disk or partition, click View Report.

5.  To close the View Report dialog box, click Close.

6.  To close the Disk Defragmenter utility, on the title bar of the window, click the Close button.

Running Disk Cleanup and Disk Defragmenter on a regular basis is a proven way to help keep your computer running quickly and efficiently. If you’d like to learn how to schedule these tools and others to run automatically, please read Speed up your PC: Automate your computer maintenance schedule.

4. Detect and repair disk errors

In addition to running Disk Cleanup and Disk Defragmenter to optimize the performance of your computer, you can check the integrity of the files stored on your hard disk by running the Error Checking utility.

As you use your hard drive, it can develop bad sectors. Bad sectors slow down hard disk performance and sometimes make data writing (such as file saving) difficult or even impossible. The Error Checking utility scans the hard drive for bad sectors and scans for file system errors to see whether certain files or folders are misplaced.

If you use your computer daily, you should run this utility once a week to help prevent data loss.

Run the Error Checking utility:

1.  Close all open files.

2.  Click Start, and then click Computer.

3.  In the Computer window (My Computer in Windows XP), right-click the hard disk you want to search for bad sectors, and then click Properties.

4.  In the Properties dialog box, click the Tools tab.

5.  Click the Check Now button.

6.  In the Check Disk dialog box (called Error-checking in Windows 7), select the Scan for and attempt recovery of bad sectors check box, and then click Start.

7.  If bad sectors are found, choose to fix them.

Tip: Only select the “Automatically fix file system errors” check box if you think that your disk contains bad sectors.

To see the original article in its entirety click here.

What Is Rogue Anti-virus Software?

It is almost unheard of in this day and age to be online without using anti-spyware and anti-virus software to safeguard your computer against viruses and other malicious code. It’s not surprising to see the prevalence of rogue anti-virus software.

Also called scareware, or rogue security software, or smitfraud, this type of software is also most commonly defined as malware—it is designed specifically to damage or disrupt your computer system. In this case, not only is the software going to disrupt your system, it’s going to try and trick you into making an unsecure credit card purchase.
Rogue anti-virus programs usually appears in the form of a fake Windows warning on your computer system that reads something like, you have a specific number of viruses on your computer (usually in the hundreds) and that this software has detected those viruses. To get rid of these viruses, you’re prompted to buy the full-version of the antivirus software (which is really rogue antivirus software).

The good news is that you probably do not have a computer that is infested with hundreds of viruses as the rouge software claims. The bad news is that the rogue antivirus software itself is on your computer and you must remove it. Removal is hindered as rouge software can lock the control panel and the the Add/Remove Programs function to prevent you from removing it easily.

Other things that may be disrupted by the rogue software include being unable to visit reputable and valid anti-virus and malware Web sites, being able to install legitimate antivirus software and also being unable to access your desktop.

The rogue software wants to stop users from removing the program and proceeding with the purchase instead. It’s important to remember that by purchasing the “claimed full version to remove the viruses” you will be submitting your personal information to unscrupulous persons and may also end up being a victim of credit card or identity theft.

Common names of rogue antivirus software include; AntiVirus (2007, 2008, and 2009), MS-Antispyware, XP AntiVirus (2007, 2008, and 2009), Home Antivirus 2009, SpyWareGuard, Malware Cleaner, Extra Antivirus, AV AntiSpyware, SpywareProtect2009, WinPC Defender as well as many other names.

How Does a Computer Get Infected with Rogue Antivirus Programs?
The reason these rogue anti-virus programs are successful (for the malicious coders) is because the warning screens very closely resemble legitimate Windows warning screens, plus the rouge software program names closely resemble or sound like legitimate antivirus programs.

When you load an infected Web site you might see a warning screen pop up and think that it is a legitimate Windows warning. Users unknowingly are tricked into downloading the software because they believe the warning to be a legitimate Windows messages.

You might also be on a Web site trying to view a video and a screen may pop-up telling you that you need to download a codec to view the file. The window prompting you to download the codec looks legitimate, however you are not going to download a codec—instead you will receive one of the many rogue antivirus software programs.

In April of this year, it was also reported that systems that had been previously infected with Conficker, found this worm had began installing rogue antivirus programs on infected machines. In the early cases this turned out to be a rogue application called SpywareProtect2009. Kaspersky researchers reported this was a typical rogue program that offered to clean the computer for $49.95.

Lastly, if you use file sharing networks you also risk downloading a rogue antivirus as it can be easily hidden inside a legitimate program—that you may or may not be legitimately downloading.
How to Spot Rogue Antivirus Warnings

For the most part, you need to look at the windows that are popping up and the name of the program being shown. If you know the program name of the antivirus and spyware software you use, then seeing a different name in the warning window is the first clue. Also, Windows itself doesn’t warn you of a virus. Legitimate warnings on your system would come from the anti-virus program you have installed, not a random Windows operating system style pop-up window. A great resource for learning how to spot these malicious programs through fake warning messages can be found on bleepingcomputer.com. This page lists the text of some of the more common false warning screens, including the following:

Malware Cleaner: Trojan detected! A piece of malicious code was found in your system that can replicate itself if no action is taken. Click here to have your system cleaned by Malware Cleaner.

AV AntiSpyware: Spyware Alert! Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of AV AntiSpyware and remove spyware threats from your PC.
How Do I Get Rid of Rogue Antivirus Programs?

It can be a difficult task to get rogue anti-virus programs off your computer. To complicate the matter, there are many variations of this malicious program and not all variants can be removed in the same way. This is not something that novice computer users may be able to deal with on their own.

Also, due to the popularity of these infections and people searching for answers on how to remove the program a number of scam programs also exist that lead users to believe it will remove the infection. Yes, these programs that claim to rid your system of Antivirus 2009 (or whichever variant you have been infected with) will scan your system and then prompt you for a credit card number so you can download a full version to remove the infection. Sound familiar? It should. This is a vicious cycle that users can unwittingly become trapped in.

Still, the good news is that in many instances you can get rid of the rouge antivirus program without wiping and formatting your hard drive. If you are already infected and you cannot access legitimate security related Web sites, you will need to download the following programs from a second computer and burn them to CD to run on the infected computer.

WARNING: Before running any of the following programs, you should turn off System Restore (you won’t be able to use System Restore as this deletes all restore points). If you don’t turn it off, the programs may not be able to access those system files to clean them. If you are infected the System Restore is not going to return you to an earlier uninfected date anyway. You can turn it back on after you have successfully removed the rouge antivirus program.

The quickest way, and first thing to try is to download Malwarebytes Anti-Malware to get rid of the rogue antivirus. On it’s own this will usually rid your computer of the problem. If Malwarebytes didn’t have the desired results, or you simply want to do a total and complete system clean, you will want to use a combination of CCleaner, Malwarebytes, Asquared, and SpyBot Search and Destroy. These programs all offer freeware versions.

NOTE: In some cases, the rogue anti-virus may block one or more of these legitimate programs. If this is the case, you will need to open the folder where you installed the program on your hard drive and rename the executable file (.exe) to anything other than the program’s name. (e.g. rename mbam.exe to aaa.exe).

Once you have run all the programs, be sure to go back and run CCleaner a final time to get rid of dead registry links from having the rouge antivirus removed. Continue to run the registry option of this program until no problems are found.

Here are additional removal resources:
bleepingcomputer.com: How to remove Extra Antivirus
bleepingcomputer.com: How to uninstall and remove AV AntiSpyware
bleepingcomputer.com: How to uninstall and remove WiniBlueSoft
bleepingcomputer.com: How to uninstall and remove HomeAntivirus 2009
bleepingcomputer.com: How to uninstall and remove Antivirus 2009 (Antivirus 09)
bleepingcomputer.com: How to uninstall and remove PAntispyware09
bleepingcomputer.com: How to uninstall and remove Virus Sweeper
bleepingcomputer.com: How to uninstall and remove WinPC Antivirus
Kaspersky Technical Support and Knowledge Base: How to disinfect rogue spyware

DID YOU KNOW…
In December 2008 it was reported that a Google sponsored link pointed to a malicious Web site where users were redirected to a spoofed CNET Download.com site with offers to download a “spyware free” copy of Winrar. This file included the rogue antivirus program “AntiSpyware2008” (Source)