Tag Archives: Virus Removal

Tech Support Scams be Aware

Tags : 

fake calls from microsoftTech support scams are nothing new, but they are on the rise, as fraudsters become more cunning and savvy in their attempts to extort money from unsuspecting consumers.

Major Service Company’s DO NOT CALL:

The most common tactic technical support scammers use is calling potential victims and claiming to be representatives of reputable, well-known companies such as Microsoft, Google or Antivirus Companies.

Often they claim to have discovered a serious issue on your computer, such as a virus, and will use scare tactics to get you to allow them to access your system remotely. Scammers install bogus software to fix the non-existent issue and charge you for it, while others will use the remote access to gather your personal information.

Legitimate remote support companies will never contact you unless you’ve requested help.

There is no way for them to know if there is actually a problem with your computer, so you should always be suspicious of unsolicited calls.

If you think you might have been the victim of a technical support scam, take immediate action to minimize your losses and protect yourself. You should contact the local authorities to file a report, and file an official complaint on the Federal Trade Commission’s (FTC) website.

If you gave any payment information, contact your bank or credit card company immediately to report the transaction as fraudulent. It’s also a good idea to change all of the passwords on your computer, especially if you granted the alleged technician remote access to your system.

If you need an additional help give us a call at (561) 216-1061


Computer Virus CryptoLocker

Tags : 

CryptoLocker associating with the Trojan.Cryptolocker Trojan horse that encrypts files on the compromised computer and then prompts the user to purchase a password in order to decrypt them.

trojan cryptolockerHow is CryptoLocker Malware Installed

CryptoLocker uses social engineering techniques to trick the user into running it. More specifically, the victim receives an email with a password-protected ZIP file purporting to be from a logistics company.

The CryptoLocker Trojan runs when the user opens the attached ZIP file using password included in the message or attempts to open the PDF it contains. CryptoLocker takes advantage of Windows’ default behavior of hiding the extension from file names to disguise the real .EXE extension of the malicious file.

As soon as the Computer User runs infected file, the Trojan goes into memory resident on the computer and does the following actions:

Saves itself to a folder in the user’s profile
Adds a key to the registry to make sure it runs every time the computer starts up.
Spawns two processes of itself: One is the main process, whereas the other aims to protect the main process against termination.

File encryption

The Trojan generates a random symmetric key for each file it encrypts, and encrypts the file’s content with the AES algorithm, using that key. Then, it encrypts the random key using an asymmetric public-private key encryption algorithm (RSA) and keys of over 1024 bits (we’ve seen samples that used 2048-bit keys), and adds it to the encrypted file. This way, the Trojan makes sure that only the owner of the private RSA key can obtain the random key used to encrypt the file. Also, as the computer files are overwritten, it is impossible to retrieve them using forensic methods.

When the CryptoLocker Trojan finishes encrypting every file that meets the aforementioned conditions, it displays the following message asking the user to make a ransom payment, with a time limit to send the payment before the private key kept by the malware writer is destroyed.

How to avoid CryptoLocker

  • Being particularly wary of emails from senders you don’t know, especially those with attached files.
  • We’d like to remind you of the importance of having a backup system in place for your critical files. This will help mitigate the damage caused not only by malware infections, but hardware problems or any other incidents as well.
  • If you become infected and don’t have a backup copy of your files, our recommendation is not to pay the ransom. That’s NEVER a good solution, as it turns the malware into a highly profitable business model and will contribute to the flourishing of this type of attack.

Information Source: Panda Security