How And Where To Report Cyber Crime

How And Where To Report Cyber Crime

REPORT CYBER CRIME

Internet Crime Complaint Center (IC3)
http://ic3.gov/
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3’s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes. read more >> http://ic3.gov/

Federal Trade Commission (USA) Complaint Input Form
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
If you believe you have been the victim of identity theft, you may use the form below to send a complaint to the Federal Trade Commission (FTC). The information you provide is up to you. However, if you don’t provide your name or other information, it may be impossible for us to refer, respond to, or investigate your complaint or request. To learn how we use the information you provide, please read our Privacy Policy.

Federal Bureau of Investigation – Cyber Investigations – Cybercrime
http://www.fbi.gov/cyberinvest/cyberhome.htm

Computer Crime & Intellectual Property Section
http://www.cybercrime.gov/

WiredSafety.Org
http://www.wiredsafety.org/911/
Our Cyber911 Help tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement…

ReportCybercrime.Com (Private)
http://www.reportcybercrime.com/
Also, through our interactive forum you can get opinion of specialist attorneys and lawyers. Each lawyer in practice will give his opinion on matters, which are raised in the forum. You Can post queries view answers from experts and improve upon your knowledge base…

How to Report Cybercrime
http://www.katiesplace.org/report_cybercrime.html
WiredSafety’s Cyber911 Emergency tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement.

Take a Bite Out of Cyber Crime
ByteCrime.Org
http://www.bytecrime.org/

Advertisements
Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , . Comments Off on How And Where To Report Cyber Crime

Forensics: “Unknown Flash Movie Virus”

(((FORENSICS~BUILD)))

Forensics: “Unknown Flash Movie Virus”

For a friend….

ESTIMATE: Embedded Flash Movie Malware Payload
NOTE: Possible Network Attack Associated – Botnet/Botmaster
SEE: Common Types of Network Attacks – TechNet – Microsoft
http://technet.microsoft.com/en-us/library/cc959354.aspx
(According to payload that executed, spoofed PC Identity apparent, unsuccessful)

DEVICE: Windows Vista HP (Home Premium) SP2 (Service Pack 2, Fully Patched) / IE9 (Internet Explorer Version 9) – on Home Network / Microsoft Security Essentials installed/running.

SYMPTOMOLOGY:
Viewing Flash Movie in embedded webpage player. Best description from user was sudden turbulence of browser and disconnection and system crashings and then the WGA (Windows Genuine Advantage) panel pop up on restart identifying PC as an illegitimate copy of Windows was running. Connectivity was not further possible.

SUSPENDED FORENSICS:
A full payload forensics was suspended citing any in-the-wild attack or proof-of-concept – and is not being posted publicly. Operating System was reinstalled to Factory Fresh – wiping the disk – now fully patched to current operation.
HISTORY: New virus first to infect Macromedia Flash (January 8, 2002)
http://news.cnet.com/New-virus-first-to-infect-Macromedia-Flash/2100-1023_3-803829.html

SYNOPSIS:
Apparently malware payload (not just a virus) executed on Windows Vista HP SP2 / IE9 while viewing flash movie in an embedded player at website. This was the only affected computer on a Home Network with other computers unaffected. Other peripherals and router were not affected. This may constitute as specific targeting of the IP via Network Attack. It seems possible a botnet infection was unsuccessful as connectivity was destroyed, yet the operating system was spoofed and identified as now a pirated copy of Windows via WGA technologies apparently. There were no ransomware activities observed http://en.wikipedia.org/wiki/Ransomware_(malware) …thus the spoofing of the Windows OS (operating system) itself as now a pirate copy indicates the WGA notification window/panel was valid and not a fake shell as some ransomware scam. Note it is possible it was simply a targeted payload to simply destroy the system from further use as the intended malware malicious intent.

DIAGNOSIS:
Apparent multi-malware payload executed through infected flash movie possibly originating from Apple/Mac computer as possibly an iFrame Movie.

iFrame (video format)
http://en.wikipedia.org/wiki/IFrame_(video_format)

Universally and historically Apple/Mac users are in ‘caveman’ days as not using antimalware. Recently things have changed, as infections have increased dramatically in infancy for this operating system. Linux even more so, their users are now told it is “polite” to use antivirus to protect uploading or exchanging any Windows infecting files from a Linux computer that do not affect Linux – but will infect Windows PCs. Newer Community guidelines. Years ago…..

Microsoft JPEG Vulnerability and the Six New Content Security Requirements
http://whitepapers.silicon.com/0,39024759,60129423p-39000575q,00.htm
In November 2004, a critical Microsoft security vulnerability (MS04-028) was discovered which could allow attackers to embed malicious code inside JPEG image files. Until that time, JPEG image files were considered immune to attack. To effectively deal with this vulnerability, security and IT professionals need to incorporate six new and critical content security requirements into their networks.

…..so that this is the idea with an infected flash movie. Simply visiting a website with the infected picture (JPEG) would infect the unprotected PC. Same with infected flash files is apparent here as source of infection.

NOTE…. Was a novice user and is believed there were possible additional clicks not mentioned possible that caused the malware payload execution.

REMEDY:
With a multi-malware payload as opposed to just a virus, the operating system was reinstalled / restored to Factory Fresh condition – wiping the disk first of all data. A much higher quality paid subscription antimalware product was installed and absolutely recommended! Note that Microsoft Security Essentials was the installed and active protection on the PC…. HOWEVER:

Is Microsoft Security Essentials adequate protection?
http://bluecollarpc.us/2013/04/21/is-microsoft-security-essentials-adequate-protection/
Review: Microsoft Security Essentials
http://www.expertreviews.co.uk/software/1295698/microsoft-security-essentials
Microsoft Security Essentials bombs AV-TEST, loses certification
http://www.geek.com/articles/geek-pick/microsoft-security-essentials-bombs-av-test-loses-certification-20121129/
Microsoft Security Essentials Fails Tests, Loses Antivirus Certificate
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft Security Essentials fails AV-TEST again
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft fights back on antivirus certification fail, claims malware tests …
http://www.zdnet.com/microsoft-fights-back-on-antivirus-certification-fail-claims-malware-tests-arent-realistic-7000009998/

PLEASE REVIEW THE FOLLOWING INFORMATION AND RECOMMENDATIONS….

How to Fix a Flash Virus | eHow.com
http://www.ehow.com/how_5998536_fix-flash-virus.html

Adobe Flash
http://en.wikipedia.org/wiki/Adobe_Flash

SWF (ShockWave Flash)
http://en.wikipedia.org/wiki/SWF

What Is a Flash Cookie?
http://www.ehow.com/info_10020896_flash-cookie.html

Can Flash Extensions Be Harmful?
http://www.ehow.com/info_12229878_can-flash-extensions-harmful.html

How to Check & Uninstall Flash Cookies
http://www.ehow.com/how_5943906_check-uninstall-flash-cookies.html

How to Clear Macromedia Flash Shared Objects
http://www.ehow.com/how_6182429_clear-macromedia-flash-shared-objects.html

Website Storage Settings panel
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Visit the Adobe Flash Player Settings Manager http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html

It is recommended to be aggressive here and deny all actually, especially noting that nefarious hackers break into microphones and webcams to spy. If having trouble after choosing to block all from being stored on computer go back and make adjustments. Any ‘faster’ use of allowing storage is antiquated and ancient as pertaining to 56K Dial Up years and years ago – as the vast majority have switched to broadband/dsl where available – not quite everywhere though (rural etc).

WEBMASTER BLUECOLLARPC.US
http://bluecollarpc.us/

The BlueCollarPC.US (and former domain extensions) has always been a free Community Help Site and here is a mock severe billing if able to work from an official PC Repair Shop…… LOL

————

JOB BILL / TICKET #001

# Bench Charge………………….$75.00

# Forensics Basic / Suspended…….$25.00
(Normally $150.00 with full reporting)
Discounted!

# Reinstall Factory Fresh Windows…$50.00
…Discounted !

# Fully Patched and Reinstalled
softwares, 18 hours (Vista SP2)….$100.00

TOTAL ……..$250.00

Welcome all, archived blog installed

Welcome all, archived blog installed….. We have imported our archived blog posts from our original BlueCollarPC @ WordPress security blog. This is located at https://bluecollarpcwebs.wordpress.com/

We will keep the free version and continue to post to it, as has been linked for years. I am the original webmaster of the BlueCollarPC .Net and .Org and lastly .US . The BlueCollarPC .Net originally began about year 2005 as a help and information site dealing with spyware as main course. There were many video help tutorials for download in several formats. This became a huge site trafficking about 2,700 to 3,000 Visitors monthly, and tolled in at just over 6 million by 2009. Those kinds of numbers are usually seen at small business sites, but I had just a simple personal website !

Being able to help that many people who found our site as a primary or a main additional site for help and instruction in PC security and malware removal outweighed any personal pride or egotism in hits counters. That is what it was launched for, genuine informed help – not a personality contest. It was humbling to see those kinds of numbers though.

Push come to shove, our site was attacked and there were several behind the scenes personal attacks against myself and equipment – attempts at destroying computers and mobile computer. These attacks were sophisticated dreaded botnet payload attacks and another as attempting circumventing Vista technology and destruction. So, my site theme being “BlueCollarPC” as a spyware removal  site originally, now was upgraded to a full blown malware removal help and instruction site – all malware with heavy concentration into botnet detection and removal and restoration of damaged systems and I graduated through this all into Amateur Forensics (Computer Forensics). What did not kill us makes us stronger, and so it goes. All but the BlueCollarPC .US were closed with this new full malware removal site including information and help against all malware now as viruses, worms, trojans, rootkits, adware, spyware, botnets and bootkits. etc etc etc.

At the end of the decade (2000 to 2010) and into the new one, things seemed to be a ghost town at many help destinations as groups, forums, and lists, others. It seemed the whole “XP Generation” of  the “XP Years” (Windows XP) had graduated and learned it all or enough to carry them through. Of course I invested into a Vista PC which was the actual crown jewel of the decade in security software – unprecedented as an operating system itself being the best security software available. To this day Windows Users are unaware that viruses could not run on Vista and neither the dreaded rootkit malware. UAC User Account Control was just one of these new security technologies in Vista. First hand, no lie, two or three times I saw a virus execute to install on my Vista (drive by hit – bad website, tried to install scareware fake antivirus programs). Sure enough and word for word from Microsoft – “viruses are not able to write to the disk in Vista”. They the payloads were in Temporary Internet Files. All I had to do was close the browser with the settings I had clicked to “Delete All Temporary Internet Files” etc. I also use and ran CCleaner offering a little more clean up. That was it. The virus was gone ! I then scanned with high quality antimalware to prove it. Zero infection. The point  was, or joke, you did not even need antivirus with Vista – like “you’re kidding, you actually purchased antivirus for Vista ? What for ? ” Seeing is believing.

Windows 7 was the first time in history an operating system (Windows, Linux, Apple/Mac etc) was actually downgraded security wise. Users screamed about UAC. The security world kind of went with – what idiots, sorry to say. This did not make sense. It did not make sense worst, that Microsoft themselves accomadated them. LOL. You get what you pay for. They seemed to love no intrusion whatsoever on having a good time on the Net – utterly regardless of the dangers. It was like handing drunk teenagers the keys to the sports car. We all know how that ended. Many never made it home.

Enter Windows 8 with the new anti-rootkit / anti-bootkit technologies – the ‘secure boot’ Windows 8. Windows 8 is a gigantic leap forward from XP as blocking rootkits/bootkits from running before antimalware programs are able to boot to begin detecting malware attempting to run in the session. With XP, we all know if a rootkit was suspected it meant reinstalling Windows as the ONLY cure. The trouble was most anti-rootkit softwares were crap at detecting them and even worst at attempting to remove them. Enter Windows 8 new security technologies. THOSE DAYS are over with forever. Just before Windows 8 hit the streets there was hint at they could crack this. But as well there is new anti-malware softwares that can “cold boot” to detect this. Somewhat as being able to scan the system without even starting the computer and as it does start up. Bye bye, covered anyway.

Well back to re-launching BlueCollarPC.US – now in the WordPress format rather than the traditional website. Kind of all in one – blog and content, links. Spread the word – “We are back !” (StarTrekkies – Romulans and Enterprise Captain Picard in the Neutral Zone Confontation over Borg encroachments).

From our alternate back up website at https://sites.google.com/site/pcsecurityhelper/

Welcome to the BlueCollarPC Security Helper!
SPECIAL NOTE: Our Main Domain BlueCollarPC.US is being closed June 2012.
For the record….. I began the BlueCollarPC Computing Security Community Website in 2005 at the original .Net website. I believe at that time, the .Com website was actually a PC Repair Shop which I was not connected with. Towards the end of 2009, the BlueCollarPC .Net created by me had enjoyed just over 6 Million Vistors/Users! – are proud to have been a part of it all and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find.

Question: Windows 7 Computer won’t start, keeps rebooting, help?

Question: Windows 7 Computer won’t start, keeps rebooting, help?

This is an actual help question at Yahoo Answers > Security that I found as somewhat towards rare, somwhat, that I fielded in attempt to help. Perhaps you may see something additional ?

USER QUESTION….
Windows 7 Computer won’t start, keeps rebooting, help?
http://answers.yahoo.com/question/index?qid=20120626135518AAuS8tK
The other day I was using my Toshiba Satellite L655, when suddenly it froze on me, as I tried to reboot it, it would just show a black screen. Now, I figured out that it was my Master Booter repair that had been corrupted. I have been trying to use a system repair disk, but when I use it, it comes up with country select, then I click next. After that it comes up with System recovery options, choose operating system, but it is frozen on the screen, when another box appears and is System Recovery options: Searching for Windows installations… and it is stuck from there. I can NOT get into Safe Mode on my computer, it just takes me back to reboot loop that i’m stuck in. Please help! (I don’t know much about computers so please put into simple terms, thanks)

MY ANSWER / antibotnet yahoo handle by bluecollarpc…….

You are talking a highly technical area as the MBR being fumped. (Master Boot Record). Though you say keep it simple, this is a highly technical area needing at least an Advanced User to professional to diagnose and fix. However, apparently you are aware enough to have seen or detected something and perceive the general area of trouble. The BSoD (blue screen of death) is one event. The black screen generally appears when critical and fatal corruption has occurred and other than the normal black screen appearing like when you boot into Safe Mode with Options.

If there has been irreperable damage and corruption to the system and a Black Screen appears – it will generally have a one or two liner explantion that something is totally screwed like especially something ending as SysConfig not found or similar. UNLESS you are seeing a one or two line explantion on a Black Screen and can not use the computer then it is probably not any fatal error requiring the Windows system to be reinstalled via CD Recovery Disk. So that means still a chance at a fix.

I recommend you continue in the efforts you began as reinstalling Windows as you apparently have already initiated and review online information and help about this task. If you are convinced you are performing the reinstallation process properly then this is going to wipe the disk and reinstall Windows to Factory Fresh. I own two Toshibas and they have excellent CD Recovery Disks that work flawlessly. You should NOT be running into problems with these – should be two disks either included at purchase or made from Toshiba utilities in the PC added free to make these.

As the PC has virtually become unusable – I would take the hail mary approach of attempting the drastic – wipe the entire disk and reinstall. Myself, at the point you say you are in, I would not even bother with some fix/repair option. I would go with wipe the disk and reinstall. It may be the only chance you have at getting the computer back the way you describe the situation you are in.

POSSIBLE DIAGNOSIS….
It sounds like perhaps the problem is that your computer has been infected with a rootkit/bootkit. These are about the ONLY malwares that affect the MBR area. Of course with these the ONLY cure is generally to reinstall windows after wiping the disk (completely erasing everything on the computer – windows and personal softwares and files installed). The CD Emergency Repair Disks will do that automatically and malware does not prevent this. The other repair option is an attempt to fix just an area that may have been corrupted or mistaken file deletion without wiping the disk at all – which saves all the softwares and files you have installed or created – personal files as audio and video clips, pictures, documents etc.

POSSIBLE SOLUTION….. This area is the exact new security solutions being released in Windows 8 – the new anti-rootkit anti-bootkit technologies which prevent these malwares from start up in the boot sector. There are TWO possible solutions as these two antimalware USB CD Drive products. One is the full antimalware product from well known and well awarded Emsisoft Antimalware products and FREE. The other is from Microsoft. These are first placed on a USB Drive (about 15 bucks and NOT a usb media stick – the USB DRIVE – same price) with at least 2Gigs space get 4 if you can. These will BOOT cold cokced against these very malwares (rootkit/bootkit) to quarantine them from starting up in the boot sector before the actual system is booting up. Traditional antimalware does NOT protect in this manner – but after the system start up is occurring. Make the USB Drive and stick it in and cold cok boot it with fingers crossed that this is indeed the problem experienced. If so, these should remedy this and will return the PC to normal – malware free.

Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/eek/
Your emergency kit for infected PCs! Detects and removes Malware > 5 million known dangers. World class dual-scan-engine. 100% portable – perfect for USB sticks.
HiJackFree and BlitzBlank included.
Emsisoft BlitzBlank
BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, registry entries and drivers at boot time before Windows and all other programs are loaded.
Self made Emergency USB stick – Expand the content of the Emsisoft Emergency Kit to an USB stick and make your own universal tool to scan and clean infected PCs.  

==========
Microsoft Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper

NOW CALLED WINDOWS DEFENDER OFFLINE http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Note “beta” means it is actually still a test version with ability of feedbacks from the community for any bugs found they need to correct. It then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712
SEE
Bootkits
http://en.wikipedia.org/wiki/Bootkit#bootkit

Ask HTG: Reading Blue Screen of Death Codes
http://www.howtogeek.com/97093/ask-htg-reading-blue-screen-codes-cleaning-your-computer-and-getting-started-with-scripting/?utm_source=newsletter&utm_medium=email&utm_campaign=081111
Generally IRQL errors are hardware or driver related. We’d suggest
checking to see if any drivers have been updated recently and either
roll them back to the old driver or see if an even newer driver is
available (the vendor may have released a driver to fix the crashes). If
that doesn’t help you’ll find BlueScreenView, a crash dump analyzer,
rather helpful. We have a guide to using BlueScreenView to help get you
started……

BlueScreenView v1.40 – View BSOD (blue screen) crash information stored in dump files.
Copyright (c) 2009 – 2011 Nir Sofer
http://www.nirsoft.net/utils/blue_screen_view.html
SOURCES
https://sites.google.com/site/pcsecurityhelper/malware-removal-center
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
https://bluecollarpcwebs.wordpress.com/2011/11/18/unbelievable-windows-8-boot-security-cracked-already-before-released-bootkit-malware/
http://en.wikipedia.org/wiki/Bootkit#bootkit

How To Use HiJackThis to find Malware infection Part One

How To Use HiJackThis to find Malware infection Part One

HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17

RUNNING A HJT LOG ANALYSIS PART ONE

There is always this need to review this magic utility – how to use it responsibly and SAFELY.

( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )

If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.

HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.

IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH

If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.

This may delete the executable file and possibly a “run” registry key, etc.

It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.
 
In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.

That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.

Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.

PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File

Webmaster:
Malware Removal / Amateur Forensics
Membership/Join List:
Free Malware Removal Help / A Community Website Since 2005

Typical Question – How did I get infected with trojan and virus

Typical Question – How did I get infected with trojan and virus…

http://answers.yahoo.com/question/index?qid=20110923202712AAmHzZF
(I am antibotnet Yahoo ID as webmaster www.bluecollarpc.us)

It

may help a little with orientation with the behavior of malware. A trojan takes control and wants to do something and will rifle actions to get it done. A crash may occur because it is not normal expected behavior of the healthy system as is giving control command in an underhanded way as brute force. Trojans have evolved greatly and they have security software disabling trojans which disable free products and some shareware products as well. There are now Downloader Trojans that install more and more malware as the rootkit usually does. There are backdoor trojans that affect connectivity and control vital areas.

The crash you mention probably did occur from the trojan infection and spyware does this too as opposed to a computer virus or worm. AVG did indicate a trojan infection found.

Viruses take over files to spread themselves. Some are specifically created to destroy computer files, systems, or drive itself. Newer ones have been crafted to steal passwords.

Your problem seems to be you are using the free AVG version which will NOT protect the computer because Real Time Protection is only activated in paid subscription antivirus and antispware products. If you had AVG paid antivirus – it would have blocked the trojan infection from occurring. NOTE today there are many newer and sophisticated trojans that simple antivirus no longer detects all. Antispyware will detect many of these and particularly ones used in spyware installations.

These can happen anywhere on the world wide web at any infected website whether hacked or intentionally a malicious content website. This is called a “drive by infection” meaning the unprotected computer will get infected just by visiting a bad website. This can include and is not limited to virus, trojan, spyware, and botnet infections. You MUST have Real Time Protection activated or there is NO protection.

The free home version scanners are called stand alone on demand scanning as “reactive” protection. Paid subscription security softwares have all this plus the “proactive” Real Time Protection processes (heuristics) that block all infections from occurring in the first place. All that gets past this is generally embedded malware in some software download that can be found by scanning the package FIRST before clicking to install OR will detect it trying to execute when the installer package is double clicked to execute the installation.

Threatfire is great as just the Real Time Protection processes protection themselves for both ativirus and antispwyare catagory threats. You can add that and scan regularly with AVG free. http://www.threatfire.com/
You forgot antispware with Real Time Protection – get free from Microsoft, Windows Defender to add to this package….. http://www.microsoft.com/athome/security/spyware/software/default.mspx

There are only two or three known antivirus and antispwyare programs in the world that have offered free Real Time Protection products, and fortunately they are far from dog programs. They have won several prestigious awards that the big companies have such as the VB100 Award and West Coast Certification to name a couple. I would pick one and install it immediately and keep AVG off to the side as a secondary stand alone scanner.

Microsoft Security Essentials
http://www.microsoft.com/security_essentials/

Comodo Free Anti Virus
http://antivirus.comodo.com/

ALSO
Spyware Terminator
(Antispyware and antivirus. Real time protection added ! )
http://www.spywareterminator.com/
* Fast spyware scanning
* 100% real-time protection
* HIPS protection
* Antivirus protection
* Multilanguage Support

Source(s):

http://bluecollarpc.us/Threats_FAQs.html

BSoD Blue Screen Of Death Helpers

BSoD Blue Screen Of Death Helpers

A typical event and answer….
http://answers.yahoo.com/question/index?qid=20110923213652AA4NDOF

QUOTED

….. (I am antibotnet yahoo id)

It would help everything if you noticed any name of anything and go to BleepingComputer.com. I hear you and understand you understand that you knew better than to keep using the computer without taking the few minutes to create an Emergency CD Repair disk to reinstall Windows to factory fresh after wiping the disk (erase all on it). Generally with the BSoD (Blue Screen Of Death) means you have to reinstall Windows unless you are really savvy with security.

You could try accessing the Windows Registry to delete malware entries manually. Fish through system32 and unknown program installations. HiJackFree can help with these things even though you may not yet be that advanced http://www.hijackfree.com/en/ …..We are talking start up processes items (executables and others) unfamiliar and autorun entries (if worm involved) Active X items as unknowns…. HiJackFree can help simply as it lists all these – what is actually loaded and running in your pc – in each section when you install it and use it anytime.

TRY USB DRIVE PORTABLE ANTIMALWARES…. You will need a USB Drive (sometimes called a thumb drive) and these look just like a USB Media stick but make SURE it is a DRIVE to operate these. They will NOT work on a USB Media stick (same price). About 12 to 22 USD (US Dollars) depending on size. A 2Gigabyte size is plenty of room for these and usually the smallest ones and they sell up to 8 gigs and higher. (These also store files like the usb media stick).

Emsisoft Emergency Kit Scanner (best detections)
http://www.emsisoft.com/en/software/eek/
The Emsisoft Emergency Kit contains a collection of programs that can be used without a software installation to scan and clean infected computers for malware.

ClamWin Portable (Antivirus, more) [FREE]
http://portableapps.com/apps/utilities/clamwin_portable
Antivirus to go…. ClamWin Portable is the popular ClamWin antivirus packaged as a portable app, so you can take your antivirus with you to scan files on the go. You can place it on your USB flash drive, iPod, portable hard drive or a CD and use it on any computer, without leaving any personal information behind.
NEWS: ClamWin Portable 0.97.1 (anti-virus) Released | PortableApps.com …
ClamWin Portable 0.97.1 (anti-virus) Released. Submitted by John T. Haller on June 17, 2011 – 7:46pm. logo ClamWin Portable 0.97.1 has been released. …
http://portableapps.com/news/2011-06-17_-_clamwin_portable_0.97.1_released

Microsoft

Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper
Note “beta” means it is actually still a test version with ability of feedbacks from the community for any bugs found they need to correct. It then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712

SUPERAntiSpyware

Portable Scanner (Antispyware) [FREE]
http://www.superantispyware.com/portablescanner.html
Follow the instructions below to download the SUPERAntiSpyware Portable Scanner. The scanner features our complete scanning and removal engine and will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. The scanner contains the latest definitions so you DO NOT need Internet Access on the infected system to scan.

Source(s):

http://bluecollarpc.us/Help_Center.html
http://portableapps.com/

%d bloggers like this: