Botnets: Everything Afraid To Ask Answered

Botnets: Everything Afraid To Ask Answered ….

This is a really good article covering about all the bases:

HTG Explains: What is a Botnet?
Botnets are networks made up of remote-controlled computers, or “bots.” These computers have been infected with malware that allows them to be remotely controlled. Some botnets consist of hundreds of thousands — or even millions — of computers. ….
http://www.howtogeek.com/183812/htg-explains-what-is-a-botnet/

Q: Computer trouble please help – MyPC backup

Fw: Yahoo! Answers: Your answer has been chosen as the best answer

http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/3260

Q: COMPUTER TROUBLE PLEASE HELP?
http://answers.yahoo.com/question/index?qid=20130722185843AA2oMp9
ok so ever since this MyPC backup thing has been on my computer my computer has been messing up lately iv been getting ads on every website that i have been on and this hasnt happened before it all started when the pc thing came and its been making me really angry and i downloaded adobe flash player so i could watch videos and it says i downloaded it and then it says you need adobe flash player to watch this video and i downloaded the latest one and then ads just come up everywhere like now on yahoo there are alot of ads just popping up all over my computer and on youtube and on every website please help me i dont know what to
do
http://answers.yahoo.com/question/index?qid=20130722185843AA2oMp9

MY ANSWER AS ANTIBOTNET YAHOO ID

Best Answer – Chosen by Asker
You will probably be shocked to find it that it is malware itself…
MyPC Backup.exe Description
http://www.enigmasoftware.com/mypcbackupexe-removal/
MyPC Backup.exe is a dangerous executable file, which is related to malware, specifically adware programs. MyPC Backup.exe can cause data loss on an affected computer system or even damage the whole PC. MyPC Backup.exe is installed on the infected computer  without the PC user’s permission and knowledge. MyPC Backup.exe makes the targeted computer vulnerable to other security threats. MyPC Backup.exe can steal valuable confidential information and information about the browsing history of the victim. MyPC Backup.exe may change search results in any legitimate search engine with web addresses of sponsored websites and and divert victims to these doubtful websites. MyPC Backup.exe may also replace the homepage and default search egnine with the suspicious URL. MyPC Backup.exe repeatedly displays numerous bogus alerts/ warning messages on the screen of the corrupted PC about a variety of security threats and even advertise rogue security programs in order to remove supposed malware infections.
Type: Malware

Because you were able to install and run this it means you do not have quality antimalware (antivirus plus antispyware) installed on the computer or it would have immediately quarantined it to keep it from running and spying on you and running adware.

TYPE INTO SEARCH ENGINE…. “MyPC backup adware malware” and you will see valid reports fom known legitimate security sites reporting it as malwar as well as other sites such as security forums etc were other users have same problems.

RECOMMENDED you immediately install quality antimalware program and perform a full scan of the computer and remove all threats found in results. Becasue “MyPC backup” is rated as a high risk malware it may even block you from installing antimalware. The way around that is to either set the computer into Safe Mode With Networking and try installing and then perform scans. In Safe Mode only the few neccessary Windows processes load and nothing else which as well stops malware from running and allows for it to be removed. There is also the portable antimalware you can install on a USB Drive (not USB media stick – DRIVE – that is same price). You then run the antimalware from that to remove malware. SAFE MODE …. TURN OFF PC OR HIT RESTART. AS IT IS STARTING UP – KEEP TAPPING THE F-8 KEY TOP OF KEYBOARD. The PC will produce the black screen with options and choose Safe Mode. Do what you need to do – install scan, remove – and simply Restart the PC and will automatically start up in Normal Mode as regular use.

Check Threats and what they are here… http://bluecollarpc.us/threats-faqs/
Check all kinds of good well known and trusted antimalware products here …
http://bluecollarpc.us/help-center/
There are the many Genuine Freeware home versions of antivirus and antispyware but they do not have Real Time Protection (Sometimes called HIPS) activated like the full pay program which is about 40-50 USD (US Dollars) yearly. However there are just a couple free ones with Real Time Protection activated like pay products if money is issue. Real Time Protection (heuristics) blocks all malware from installing on the computer in the first place 24/7 – always running.
Malware is the term for all threats as virus, worm, trojan, adware, spyware, rootkit etc. Antivirus blocks/deletes viruses, worms, rootkits and most trojans. Antispyware blocks/deletes adware, spyware, keyloggers, dialers, etc and many other trojans antivirus misses. Spyware itself can have in its payload (malware package installed) – keyloggers which record all keystrokes on the keyboard. It can perform snapshots of your computer screen – what you are looking at. It can copy make copies of your files (photos, media, documents, etc) and altogether all things it is recording is broadcasted out to cyber criminals owning it which in turn generally go right to trying to perform an IDTheft from gathered stolen data from the PC including even financial stuff like logging into pay bills or buy stuff with cards etc any like passwords and pin numbers stored on the computer or recorded by keyloggers when signing in.

TRY ….
30 day fully working free Eset Antimalware (about best in world)
Free 30-day Trial of ESET NOD32 Antivirus 6
http://www.eset.com/us/download/home/detail/family/2/?trl=ea
After 30 days it will stop working. You can buy it or then uninstall it after 30 days.

ALSO Emergency tries if things are blocked….
MalAware 1.0 http://www.emsisoft.com/en/software/malaware/
Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/eek/

FULL PROTECTION FREE ONES:
http://antivirus.comodo.com/
http://www.microsoft.com/security_essentials/

Source(s):
http://www.enigmasoftware.com/mypcbackupexe-removal/
http://en.wikipedia.org/wiki/ESET_NOD32
http://www.betterantivirus.com/nod32-and-virus-news/archives/1456-December-2009-ESET-antivirus-scoops-59th-VB100-Award.html
http://www.microsoft.com/security_essentials/
http://antivirus.comodo.com/

— On Tue, 7/23/13, Yahoo! Answers <answers-alert@…> wrote:

> From: Yahoo! Answers <answers-alert@…>
> Subject: Yahoo! Answers: Your answer has been chosen as the best answer
> To: antibotnet@…
> Date: Tuesday, July 23, 2013, 12:54 PM
>
> Take me to
> Yahoo! Answers. I want to answer more questions!
> Hey,
> AntiBotnet, look what you got!
> Congratulations,
> you’ve got a best answer and 10 extra points!
> Your answer to the following question really hit the spot and has been chosen as the best answer:
> COMPUTER TROUBLE PLEASE HELP?
> Go ahead, do your
> victory dance. Celebrate a little. Brag a little.
> Then come back and answer a few more questions!
> Thanks for sharing what you know and
> making someone’s day.

trimmed!

Q: I have a Zeus Trojan called w32.infostealer.zeus?

Fw: Yahoo! Answers: Your answer has been chosen as the best answer

http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/3256

Q: I have a Zeus Trojan?
http://answers.yahoo.com/question/index?qid=20130722220727AAJJY0U
I have recently bought the game “Kerbal Space Program”, a somewhat popular game
where you have to build rockets to get to other celestial bodies. Well, many
people play it, and they don’t seem to have any viruses; it’s even on Steam.
Anyhow, my antivirus program (Webroot SecureAnywhere) detected a trojan in the
KSP (Kerbal Space Program) file. The virus was called “w32.infostealer.zeus”. My
antivirus program hastily deleted it, and did a reassurance scan to assure that
the trojan was completely gone. It apparently was, so I resumed what I was doing
before I had received the alert. That happened several days ago, and a few
minutes ago, I had received a second alert saying “Warning! Webroot
SecureAnywhere has detected a trojan! ‘w32.infostealer.zeus'”. The file location
was the KSP game patch file. How can I get rid of this trojan? I hear that it is
very dangerous. Please help!
http://answers.yahoo.com/question/index?qid=20130722220727AAJJY0U

MY ANSWER AS ANTIBOTNET YAHOO ID

Best Answer – Chosen by Voters

You have a world class top security program Webroot, which began as one of the
best antispyware programs world wide and towards the end of this past decade
combined with world class Sophos Antivirus which is big business/corporate
enterprise level protection and with Webroot is the only home user version of
it.

Just as a self replicating worm, this may be running an extra variant or even a
couple. With the self replicating worm it generally always takes two or more
scans and reboots to get all of it – and poof gone finally. I would not believe
you need anything more than the high quality security software you have
installed. No one may believe Webroot can not get rid of infostealer or the
infamous Zeus bot infection.

Try scanning and rebooting until you get no more warnings maybe the third time
is charm. painful aggravation and disruption.

You may want to put the computer into Safe Mode with Webroot fully updated and
THEN perform a full scan. Computer off or hit Restart. As the computer is
starting up keep tapping the F-8 key top keyboard. Black screen will appear with
diagnostic modes and choose Safe Mode. This only allows basic start up of
Windows processes and malware start up processes are not able to run. It is used
most times for security scans and safe removals unless trouble shooting other
start up software problems.

IF RUNNING WINDOWS 8…. you may want to install this ditty, works fine on
mine…
How to Make the F8 Key Work for Safe Mode in Windows 8
Booting into safe mode became non-trivial in Windows 8, especially if you were
accustomed to the old F8 shortcut. Here is how to get F8 working again.
Note: we aren’t necessary recommending that everybody make this change – we
are just showing that it is still an option. You can alternatively use some of
the new Windows 8 features to fix your computer instead. ….
http://www.howtogeek.com/164001/how-to-make-the-f8-key-work-for-safe-mode-in-windows-8/?utm_source=newsletter&utm_medium=email&utm_campaign=270513

The .zeus part of info stealer seems designating one variant rather than
indicating the Zeus infection. Info stealer is dangerous. Apparently if this is
the infection it is acting kind of as a trojan downloader or rootkit type
infection which is able to download more malware. It does not seem likely
Webroot can miss that evenm as a “backdoor” infection” . I read a little on it
and seems possible the associated website has had an infection which then when
the installed program does a kind of “call home’ it is a new infection and
possibly, possibly bypasssing detection as the program has been given permission
as a safe program as opposed to a PUP.

ADVANCED,,,
install … (it will show exactly what is running in start up and a heck of a
lot more….
Emsisoft HiJackFree (Genuine Freeware)
http://www.emsisoft.com/en/software/hijackfree/

SUPER ADVANCED… (if comfortable and knowledgable working with the Windows
Registry, have a look)
How to Remove an Infostealer Gampass Virus
http://www.ehow.com/how_6298658_remove-infostealer-gampass-virus.html

Source(s):
http://www.2-spyware.com/remove-infostealer-virus.html
http://en.wikipedia.org/wiki/Sophos
http://research.sunbelt-software.com/search.aspx?q=w32.infostealer.zeus&cx=015333630007296075731%3awpp8lbclop0&cof=FORID%3a11
http://search.eset.com/esetsite/index?page=answers&type=search&locale=en_US&option=none&question_box=w32.infostealer.zeus

— On Mon, 7/29/13, Yahoo! Answers <answers-alert@…> wrote:

> From: Yahoo! Answers <answers-alert@…>
> Subject: Yahoo! Answers: Your answer has been chosen as the best answer
> To: antibotnet@…
> Date: Monday, July 29, 2013, 1:24 AM
> Hey,
> AntiBotnet, look what you got!
> Congratulations,
> you’ve got a best answer and 10 extra points!
> Your answer to the following
> question really hit the spot and has been chosen as the best
> answer:
> I have a Zeus Trojan?
> Go ahead, do your
> victory dance. Celebrate a little. Brag a little.
> Then come back and answer a few more questions!
> Thanks for sharing what you know and
> making someone’s day.

trimmed!

BlueCollarPC Passes 8 million vistors

Welcome all, our BlueCollarPC.US (formerly BlueCollarPC.Net) passes the 8 Million Visitors mark!

Our original domain, the BlueCollarPC.Net, had just passed the 6 Million Visitors mark from 2005 until we moved to our present home – the BlueCollarPC.US in 2010. Originally, we started as a spyware information and free removal Commuity Help site in 2005. As malware became even more sophisticated, trojans trojans trojans, botnet infections were increasing and becoming more sophisticated as well.

In response, we simply expanded our site to be the full blown malware information and free removal Community Help Site. The term malware means simply all the catagory threats – both antivirus and antispyware catagories. Traditionally, viruses and worms and most trojans, and then rootkits added, were detected by traditional antivirus. Adware and then various and many spyware pacakages were then in the antispyware catagory of threats and detected, blocked, and removed by same – antispyware products.

So we then transferred our domain to the now BlueCollarPC.US for the new decade with a full emphasis in removal help of botnet infections – the new worst feared infection (massive payloads) surpassing rootkits. The greatest feared malware – rootkits – were unable to run on Windows Vista, but were always a dreaded infection for Windows XP. Now with Windows 8 and the new Secure Boot technology, rootkits are not able to start up and run on Win8. So the great botnet plague is now the worst feared enemy for the community of computer users and including all from Small Business all the way through Corporates etc. These are intensive massive payloads that need much removal diagnosis and help. There is generally always several areas of damage needing repair and resetting. They can even bypass traditional antimalware products if not up on their game – they walk through in seconds like it was not even there!

 

FROM OUR ABOUT PAGE….. HELP http://bluecollarpc.us/sample-page/

Webmaster of the BlueCollarPC.US
Former webmaster of BlueCollarPC.Net / BlueCollarPC.Org and BlueCollarPC.Webs.Com. We have moved to www.BlueCollarPC.US for the new decade 2010 ongoing. Data Processor Certificate 1970  (IBM029,Univac026 – Sperry Rand Univac 9200/9300 Series COBAL). Novice to Advanced User to Amatuer Computer Forensics on Windows PC. Advanced Linux User also now.
Location: USA

Welcome to the BlueCollarPC ……    A Community Help Website

BlueCollarPC.US Launched June 14 2010 Personal Website for General Audiences with Computing Safety and Malware Removal Help and Information as main theme which includes memberships available for live help – at our Groups and Forums. Formerly Webmaster of BlueCollarPC.Net from 2005 -2009 (over 6 million Visitors) and back up BlueCollarPC.Org [closed]

Welcome to the www.BlueCollarPC.US We Thank You for choosing us as your additional Computing Security destination !

For the record….. I began the BlueCollarPC Computing Security Community Website in 2005 at the original .Net website. I believe at that time, the .Com website was actually a PC Repair Shop which I was not connected with. Towards the end of 2009, the BlueCollarPC .Net created by me had enjoyed just over 6 Million Vistors/Users! – and are proud to have helped and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find.

 

How And Where To Report Cyber Crime
REPORT CYBER CRIME 


Internet Crime Complaint Center (IC3)

http://ic3.gov/
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3′s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes. read more >> http://ic3.gov/

Federal Trade Commission (USA) Complaint Input Form
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
If you believe you have been the victim of identity theft, you may use the form below to send a complaint to the Federal Trade Commission (FTC). The information you provide is up to you. However, if you don’t provide your name or other information, it may be impossible for us to refer, respond to, or investigate your complaint or request. To learn how we use the information you provide, please read our Privacy Policy.

Federal Bureau of Investigation – Cyber Investigations – Cybercrime
http://www.fbi.gov/cyberinvest/cyberhome.htm

Computer Crime & Intellectual Property Section
http://www.cybercrime.gov/

WiredSafety.Org
http://www.wiredsafety.org/911/
Our Cyber911 Help tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement…

ReportCybercrime.Com (Private)
http://www.reportcybercrime.com/
Also, through our interactive forum you can get opinion of specialist attorneys and lawyers. Each lawyer in practice will give his opinion on matters, which are raised in the forum. You Can post queries view answers from experts and improve upon your knowledge base…

How to Report Cybercrime
http://www.katiesplace.org/report_cybercrime.html
WiredSafety’s Cyber911 Emergency tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement.

Take a Bite Out of Cyber Crime
ByteCrime.Org
http://www.bytecrime.org/

Security product vendors
Links to developers and vendors of computer and network security products and services…
http://www.virusbtn.com/resources/links/index?ven

AEC (Trustport)
AVG (formerly Grisoft)
Agnitum (Outpost)
AhnLab (V3Net)
Aladdin (eSafe)
Alwil Software (avast!)
ArcaBit (ArcaVir)
Authentium (Command)
Avira (AntiVir)
BitDefender (formerly Softwin)
Bullguard
CA (Corporate)
CA (Home user)
Central Command (Vexira)
Check Point (ZoneAlarm)
ClamAV (open source)
Comodo (BOClean)
Cybersoft (VFind/VTSK)
Doctor Web
ESET (Nod32)
Ewido
F-Secure
Filseclab (Twister)
Fortinet
Frisk Software (F-PROT)
G DATA (AVK)
Ggreat
HAURI (ViRobot)
IBM ISS (Proventia)
Ikarus
Intego (Mac specialist)
Iolo
K7 Computing
Kaspersky Lab
Kingsoft
Lavasoft (AdAware)
McAfee, Inc. (formerly Network Associates)
MicroWorld Software (eScan)
Microsoft (Forefront)
Microsoft (OneCare)
Moon Secure (open source AV for Windows project)
New Technology Wave Inc. (VirusChaser)
Norman Data Defense Systems
PC Tools (Spyware Doctor)
Panda Software
Per Systems
Proland Software (Protector Plus)
ProtectMac (Mac specialist)
Quick Heal Technologies
Rising
SecureMac (MacScan)
Sophos
SpyBot – Search & Destroy
Sunbelt Software (CounterSpy, Vipre)
Symantec Corporation (Norton)
Trend Micro Inc.
VirusBlokAda (VBA32)
VirusBuster Ltd.
Webroot (Spy Sweeper)
eEye Digital Security (Blink)

Forensics: “Unknown Flash Movie Virus”

(((FORENSICS~BUILD)))

Forensics: “Unknown Flash Movie Virus”

For a friend….

ESTIMATE: Embedded Flash Movie Malware Payload
NOTE: Possible Network Attack Associated – Botnet/Botmaster
SEE: Common Types of Network Attacks – TechNet – Microsoft
http://technet.microsoft.com/en-us/library/cc959354.aspx
(According to payload that executed, spoofed PC Identity apparent, unsuccessful)

DEVICE: Windows Vista HP (Home Premium) SP2 (Service Pack 2, Fully Patched) / IE9 (Internet Explorer Version 9) – on Home Network / Microsoft Security Essentials installed/running.

SYMPTOMOLOGY:
Viewing Flash Movie in embedded webpage player. Best description from user was sudden turbulence of browser and disconnection and system crashings and then the WGA (Windows Genuine Advantage) panel pop up on restart identifying PC as an illegitimate copy of Windows was running. Connectivity was not further possible.

SUSPENDED FORENSICS:
A full payload forensics was suspended citing any in-the-wild attack or proof-of-concept – and is not being posted publicly. Operating System was reinstalled to Factory Fresh – wiping the disk – now fully patched to current operation.
HISTORY: New virus first to infect Macromedia Flash (January 8, 2002)
http://news.cnet.com/New-virus-first-to-infect-Macromedia-Flash/2100-1023_3-803829.html

SYNOPSIS:
Apparently malware payload (not just a virus) executed on Windows Vista HP SP2 / IE9 while viewing flash movie in an embedded player at website. This was the only affected computer on a Home Network with other computers unaffected. Other peripherals and router were not affected. This may constitute as specific targeting of the IP via Network Attack. It seems possible a botnet infection was unsuccessful as connectivity was destroyed, yet the operating system was spoofed and identified as now a pirated copy of Windows via WGA technologies apparently. There were no ransomware activities observed http://en.wikipedia.org/wiki/Ransomware_(malware) …thus the spoofing of the Windows OS (operating system) itself as now a pirate copy indicates the WGA notification window/panel was valid and not a fake shell as some ransomware scam. Note it is possible it was simply a targeted payload to simply destroy the system from further use as the intended malware malicious intent.

DIAGNOSIS:
Apparent multi-malware payload executed through infected flash movie possibly originating from Apple/Mac computer as possibly an iFrame Movie.

iFrame (video format)
http://en.wikipedia.org/wiki/IFrame_(video_format)

Universally and historically Apple/Mac users are in ‘caveman’ days as not using antimalware. Recently things have changed, as infections have increased dramatically in infancy for this operating system. Linux even more so, their users are now told it is “polite” to use antivirus to protect uploading or exchanging any Windows infecting files from a Linux computer that do not affect Linux – but will infect Windows PCs. Newer Community guidelines. Years ago…..

Microsoft JPEG Vulnerability and the Six New Content Security Requirements
http://whitepapers.silicon.com/0,39024759,60129423p-39000575q,00.htm
In November 2004, a critical Microsoft security vulnerability (MS04-028) was discovered which could allow attackers to embed malicious code inside JPEG image files. Until that time, JPEG image files were considered immune to attack. To effectively deal with this vulnerability, security and IT professionals need to incorporate six new and critical content security requirements into their networks.

…..so that this is the idea with an infected flash movie. Simply visiting a website with the infected picture (JPEG) would infect the unprotected PC. Same with infected flash files is apparent here as source of infection.

NOTE…. Was a novice user and is believed there were possible additional clicks not mentioned possible that caused the malware payload execution.

REMEDY:
With a multi-malware payload as opposed to just a virus, the operating system was reinstalled / restored to Factory Fresh condition – wiping the disk first of all data. A much higher quality paid subscription antimalware product was installed and absolutely recommended! Note that Microsoft Security Essentials was the installed and active protection on the PC…. HOWEVER:

Is Microsoft Security Essentials adequate protection?
http://bluecollarpc.us/2013/04/21/is-microsoft-security-essentials-adequate-protection/
Review: Microsoft Security Essentials
http://www.expertreviews.co.uk/software/1295698/microsoft-security-essentials
Microsoft Security Essentials bombs AV-TEST, loses certification
http://www.geek.com/articles/geek-pick/microsoft-security-essentials-bombs-av-test-loses-certification-20121129/
Microsoft Security Essentials Fails Tests, Loses Antivirus Certificate
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft Security Essentials fails AV-TEST again
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft fights back on antivirus certification fail, claims malware tests …
http://www.zdnet.com/microsoft-fights-back-on-antivirus-certification-fail-claims-malware-tests-arent-realistic-7000009998/

PLEASE REVIEW THE FOLLOWING INFORMATION AND RECOMMENDATIONS….

How to Fix a Flash Virus | eHow.com
http://www.ehow.com/how_5998536_fix-flash-virus.html

Adobe Flash
http://en.wikipedia.org/wiki/Adobe_Flash

SWF (ShockWave Flash)
http://en.wikipedia.org/wiki/SWF

What Is a Flash Cookie?
http://www.ehow.com/info_10020896_flash-cookie.html

Can Flash Extensions Be Harmful?
http://www.ehow.com/info_12229878_can-flash-extensions-harmful.html

How to Check & Uninstall Flash Cookies
http://www.ehow.com/how_5943906_check-uninstall-flash-cookies.html

How to Clear Macromedia Flash Shared Objects
http://www.ehow.com/how_6182429_clear-macromedia-flash-shared-objects.html

Website Storage Settings panel
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Visit the Adobe Flash Player Settings Manager http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html

It is recommended to be aggressive here and deny all actually, especially noting that nefarious hackers break into microphones and webcams to spy. If having trouble after choosing to block all from being stored on computer go back and make adjustments. Any ‘faster’ use of allowing storage is antiquated and ancient as pertaining to 56K Dial Up years and years ago – as the vast majority have switched to broadband/dsl where available – not quite everywhere though (rural etc).

WEBMASTER BLUECOLLARPC.US
http://bluecollarpc.us/

The BlueCollarPC.US (and former domain extensions) has always been a free Community Help Site and here is a mock severe billing if able to work from an official PC Repair Shop…… LOL

————

JOB BILL / TICKET #001

# Bench Charge………………….$75.00

# Forensics Basic / Suspended…….$25.00
(Normally $150.00 with full reporting)
Discounted!

# Reinstall Factory Fresh Windows…$50.00
…Discounted !

# Fully Patched and Reinstalled
softwares, 18 hours (Vista SP2)….$100.00

TOTAL ……..$250.00

Welcome all, archived blog installed

Welcome all, archived blog installed….. We have imported our archived blog posts from our original BlueCollarPC @ WordPress security blog. This is located at https://bluecollarpcwebs.wordpress.com/

We will keep the free version and continue to post to it, as has been linked for years. I am the original webmaster of the BlueCollarPC .Net and .Org and lastly .US . The BlueCollarPC .Net originally began about year 2005 as a help and information site dealing with spyware as main course. There were many video help tutorials for download in several formats. This became a huge site trafficking about 2,700 to 3,000 Visitors monthly, and tolled in at just over 6 million by 2009. Those kinds of numbers are usually seen at small business sites, but I had just a simple personal website !

Being able to help that many people who found our site as a primary or a main additional site for help and instruction in PC security and malware removal outweighed any personal pride or egotism in hits counters. That is what it was launched for, genuine informed help – not a personality contest. It was humbling to see those kinds of numbers though.

Push come to shove, our site was attacked and there were several behind the scenes personal attacks against myself and equipment – attempts at destroying computers and mobile computer. These attacks were sophisticated dreaded botnet payload attacks and another as attempting circumventing Vista technology and destruction. So, my site theme being “BlueCollarPC” as a spyware removal  site originally, now was upgraded to a full blown malware removal help and instruction site – all malware with heavy concentration into botnet detection and removal and restoration of damaged systems and I graduated through this all into Amateur Forensics (Computer Forensics). What did not kill us makes us stronger, and so it goes. All but the BlueCollarPC .US were closed with this new full malware removal site including information and help against all malware now as viruses, worms, trojans, rootkits, adware, spyware, botnets and bootkits. etc etc etc.

At the end of the decade (2000 to 2010) and into the new one, things seemed to be a ghost town at many help destinations as groups, forums, and lists, others. It seemed the whole “XP Generation” of  the “XP Years” (Windows XP) had graduated and learned it all or enough to carry them through. Of course I invested into a Vista PC which was the actual crown jewel of the decade in security software – unprecedented as an operating system itself being the best security software available. To this day Windows Users are unaware that viruses could not run on Vista and neither the dreaded rootkit malware. UAC User Account Control was just one of these new security technologies in Vista. First hand, no lie, two or three times I saw a virus execute to install on my Vista (drive by hit – bad website, tried to install scareware fake antivirus programs). Sure enough and word for word from Microsoft – “viruses are not able to write to the disk in Vista”. They the payloads were in Temporary Internet Files. All I had to do was close the browser with the settings I had clicked to “Delete All Temporary Internet Files” etc. I also use and ran CCleaner offering a little more clean up. That was it. The virus was gone ! I then scanned with high quality antimalware to prove it. Zero infection. The point  was, or joke, you did not even need antivirus with Vista – like “you’re kidding, you actually purchased antivirus for Vista ? What for ? ” Seeing is believing.

Windows 7 was the first time in history an operating system (Windows, Linux, Apple/Mac etc) was actually downgraded security wise. Users screamed about UAC. The security world kind of went with – what idiots, sorry to say. This did not make sense. It did not make sense worst, that Microsoft themselves accomadated them. LOL. You get what you pay for. They seemed to love no intrusion whatsoever on having a good time on the Net – utterly regardless of the dangers. It was like handing drunk teenagers the keys to the sports car. We all know how that ended. Many never made it home.

Enter Windows 8 with the new anti-rootkit / anti-bootkit technologies – the ‘secure boot’ Windows 8. Windows 8 is a gigantic leap forward from XP as blocking rootkits/bootkits from running before antimalware programs are able to boot to begin detecting malware attempting to run in the session. With XP, we all know if a rootkit was suspected it meant reinstalling Windows as the ONLY cure. The trouble was most anti-rootkit softwares were crap at detecting them and even worst at attempting to remove them. Enter Windows 8 new security technologies. THOSE DAYS are over with forever. Just before Windows 8 hit the streets there was hint at they could crack this. But as well there is new anti-malware softwares that can “cold boot” to detect this. Somewhat as being able to scan the system without even starting the computer and as it does start up. Bye bye, covered anyway.

Well back to re-launching BlueCollarPC.US – now in the WordPress format rather than the traditional website. Kind of all in one – blog and content, links. Spread the word – “We are back !” (StarTrekkies – Romulans and Enterprise Captain Picard in the Neutral Zone Confontation over Borg encroachments).

From our alternate back up website at https://sites.google.com/site/pcsecurityhelper/

Welcome to the BlueCollarPC Security Helper!
SPECIAL NOTE: Our Main Domain BlueCollarPC.US is being closed June 2012.
For the record….. I began the BlueCollarPC Computing Security Community Website in 2005 at the original .Net website. I believe at that time, the .Com website was actually a PC Repair Shop which I was not connected with. Towards the end of 2009, the BlueCollarPC .Net created by me had enjoyed just over 6 Million Vistors/Users! – are proud to have been a part of it all and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find.

Question: Windows 7 Computer won’t start, keeps rebooting, help?

Question: Windows 7 Computer won’t start, keeps rebooting, help?

This is an actual help question at Yahoo Answers > Security that I found as somewhat towards rare, somwhat, that I fielded in attempt to help. Perhaps you may see something additional ?

USER QUESTION….
Windows 7 Computer won’t start, keeps rebooting, help?
http://answers.yahoo.com/question/index?qid=20120626135518AAuS8tK
The other day I was using my Toshiba Satellite L655, when suddenly it froze on me, as I tried to reboot it, it would just show a black screen. Now, I figured out that it was my Master Booter repair that had been corrupted. I have been trying to use a system repair disk, but when I use it, it comes up with country select, then I click next. After that it comes up with System recovery options, choose operating system, but it is frozen on the screen, when another box appears and is System Recovery options: Searching for Windows installations… and it is stuck from there. I can NOT get into Safe Mode on my computer, it just takes me back to reboot loop that i’m stuck in. Please help! (I don’t know much about computers so please put into simple terms, thanks)

MY ANSWER / antibotnet yahoo handle by bluecollarpc…….

You are talking a highly technical area as the MBR being fumped. (Master Boot Record). Though you say keep it simple, this is a highly technical area needing at least an Advanced User to professional to diagnose and fix. However, apparently you are aware enough to have seen or detected something and perceive the general area of trouble. The BSoD (blue screen of death) is one event. The black screen generally appears when critical and fatal corruption has occurred and other than the normal black screen appearing like when you boot into Safe Mode with Options.

If there has been irreperable damage and corruption to the system and a Black Screen appears – it will generally have a one or two liner explantion that something is totally screwed like especially something ending as SysConfig not found or similar. UNLESS you are seeing a one or two line explantion on a Black Screen and can not use the computer then it is probably not any fatal error requiring the Windows system to be reinstalled via CD Recovery Disk. So that means still a chance at a fix.

I recommend you continue in the efforts you began as reinstalling Windows as you apparently have already initiated and review online information and help about this task. If you are convinced you are performing the reinstallation process properly then this is going to wipe the disk and reinstall Windows to Factory Fresh. I own two Toshibas and they have excellent CD Recovery Disks that work flawlessly. You should NOT be running into problems with these – should be two disks either included at purchase or made from Toshiba utilities in the PC added free to make these.

As the PC has virtually become unusable – I would take the hail mary approach of attempting the drastic – wipe the entire disk and reinstall. Myself, at the point you say you are in, I would not even bother with some fix/repair option. I would go with wipe the disk and reinstall. It may be the only chance you have at getting the computer back the way you describe the situation you are in.

POSSIBLE DIAGNOSIS….
It sounds like perhaps the problem is that your computer has been infected with a rootkit/bootkit. These are about the ONLY malwares that affect the MBR area. Of course with these the ONLY cure is generally to reinstall windows after wiping the disk (completely erasing everything on the computer – windows and personal softwares and files installed). The CD Emergency Repair Disks will do that automatically and malware does not prevent this. The other repair option is an attempt to fix just an area that may have been corrupted or mistaken file deletion without wiping the disk at all – which saves all the softwares and files you have installed or created – personal files as audio and video clips, pictures, documents etc.

POSSIBLE SOLUTION….. This area is the exact new security solutions being released in Windows 8 – the new anti-rootkit anti-bootkit technologies which prevent these malwares from start up in the boot sector. There are TWO possible solutions as these two antimalware USB CD Drive products. One is the full antimalware product from well known and well awarded Emsisoft Antimalware products and FREE. The other is from Microsoft. These are first placed on a USB Drive (about 15 bucks and NOT a usb media stick – the USB DRIVE – same price) with at least 2Gigs space get 4 if you can. These will BOOT cold cokced against these very malwares (rootkit/bootkit) to quarantine them from starting up in the boot sector before the actual system is booting up. Traditional antimalware does NOT protect in this manner – but after the system start up is occurring. Make the USB Drive and stick it in and cold cok boot it with fingers crossed that this is indeed the problem experienced. If so, these should remedy this and will return the PC to normal – malware free.

Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/eek/
Your emergency kit for infected PCs! Detects and removes Malware > 5 million known dangers. World class dual-scan-engine. 100% portable – perfect for USB sticks.
HiJackFree and BlitzBlank included.
Emsisoft BlitzBlank
BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, registry entries and drivers at boot time before Windows and all other programs are loaded.
Self made Emergency USB stick – Expand the content of the Emsisoft Emergency Kit to an USB stick and make your own universal tool to scan and clean infected PCs.  

==========
Microsoft Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper

NOW CALLED WINDOWS DEFENDER OFFLINE http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Note “beta” means it is actually still a test version with ability of feedbacks from the community for any bugs found they need to correct. It then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712
SEE
Bootkits
http://en.wikipedia.org/wiki/Bootkit#bootkit

Ask HTG: Reading Blue Screen of Death Codes
http://www.howtogeek.com/97093/ask-htg-reading-blue-screen-codes-cleaning-your-computer-and-getting-started-with-scripting/?utm_source=newsletter&utm_medium=email&utm_campaign=081111
Generally IRQL errors are hardware or driver related. We’d suggest
checking to see if any drivers have been updated recently and either
roll them back to the old driver or see if an even newer driver is
available (the vendor may have released a driver to fix the crashes). If
that doesn’t help you’ll find BlueScreenView, a crash dump analyzer,
rather helpful. We have a guide to using BlueScreenView to help get you
started……

BlueScreenView v1.40 – View BSOD (blue screen) crash information stored in dump files.
Copyright (c) 2009 – 2011 Nir Sofer
http://www.nirsoft.net/utils/blue_screen_view.html
SOURCES
https://sites.google.com/site/pcsecurityhelper/malware-removal-center
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
https://bluecollarpcwebs.wordpress.com/2011/11/18/unbelievable-windows-8-boot-security-cracked-already-before-released-bootkit-malware/
http://en.wikipedia.org/wiki/Bootkit#bootkit

%d bloggers like this: