Marcin - aka RubbeR DuckY, the developer of Malwarebytes' Anti-Malware is a known person in the Anti-Malware field and is already developing malware removal tools and other tools for quite a while now.
Examples are AboutBuster (CWS.AboutBlank removal), E2TakeOut (E2Give/PTech removal), Qoofix (Qoologic removal), RogueRemover (Rogue Antispyware/Antivirus removal), StartUpLite (startupmanager), RegASSASSIN (deletes locked registry keys) and FileASSASSIN (deletes locked files)
And now his latest project: Malwarebytes' Anti-Malware
I've been betatesting Malwarebytes' Anti-Malware for a while and I am still very impressed with its detection and removal.
It detects and removes malware in general, which means it detects worms, trojans, rootkits, dialers, spyware...
* Support for Windows 2000, XP, and Vista.
* Light speed quick scanning.
* Ability to perform full scans for all drives.
* Malwarebytes' Anti-Malware Protection Module. (requires registration)
* Database updates released at least once every two days.
* Quarantine to hold threats and restore them at your convenience.
* Ignore list for both the scanner and Protection Module.
* Settings to enhance your Malwarebytes' Anti-Malware performance.
* A small list of extra utilities to help remove malware manually.
* Multi-lingual support. (English, Albanian, Dutch, French, German, Hungarian, Italian, Portuguese, Serbian, Slovenian, Spanish, Swedish.)
* Works together with other anti-malware utilities.
* Command line support for quick scanning.
* Context menu integration to scan files on demand.
For more info and download: http://www.malwarebytes.org/mbam.php
And for online support, visit their forum: http://www.malwarebytes.org/forums/
Wednesday, February 27, 2008
Wednesday, February 20, 2008
I am active at several different forums where people ask for help with malware removal. They start with posting a HijackThislog or other logs and then we give "step-by-step" instructions what to remove and how to remove it.
Malware is one of the most common reasons why a computer becomes slow and unstable - However, many people do believe that every computer problem is a malware related problem, so they post their logs and ask for help.
In 40% of the cases, there's no malware present, so we have to look somewhere else what is causing these problems...
In most cases, it's like searching for a needle in a haystack - but after a while, it's becoming obvious what is causing these problems if you're dealing with them everyday. And such example is McAfee.
Not sure what happened with latest McAfee, but many people are having A LOT of problems with it. The most common problem I notice with McAfee is a severly slowed down system. I did the test, installed McAfee Security Suite (1024MB memory) and after reboot, my system was crawling!!
That's why, If people are complaining about a slow computer/slow internet - if there are no traces of malware present and they do have McAfee installed, then the first step I ask is to uninstall McAfee and replace it with another Antivirus/Security Suite. 90% success!
But the slow down issue is not the only problem that McAfee may cause. Other problems I've noticed with McAfee as well are:
* Programs freezing
* Explorer crashing
* Internet Explorer crashing
* Outlook crashing
* Only able to boot in Windows Safe mode
* ..... you name it.
McAfee already made its own incompatibility list and I am sure it's still missing a lot of Products there. It's normal that you shouldn't have more than 1 Antivirus/Firewall installed, because they are not compatible with eachother, even though they are disabled. But if it's up to McAfee, people should uninstall the most commonly used Antispywarescanners as well, such as Ad-Aware and Spybot S&D. Hence, they even recommend to uninstall SpywareBlaster. Huh?
And even though you uninstalled them all.... the problem remains....
In general, if there are no traces of malware present and McAfee is installed - uninstall McAfee first and see if that solves your problem (whatever problem you are having). Believe me, in most cases, it is the solution!
In some cases, it's hard to convince people that McAfee is responsible for the problems they are having, they just won't believe it since it worked fine in the past. Reference here. The guy believed he had a terrible Virus causing all these problems and couldn't believe it was his McAfee causing all these problems. I already explained to him a couple of times that I was pretty sure his McAfee was the cause, it took me 2 pages to convince him... and he still wouldn't believe.. until he decided to uninstall it after all as a test. And guess what? :)
Ofcourse, there are also a lot of computers where McAfee runs smoothly - where there are no issues at all - but unfortunately, nowaday posts at forums show that McAfee just won't run properly on a lot of systems. That's why, if you want to use McAfee, use the trial first before you decide to purchase McAfee.
There are some other Security Products that may cause similar issues as McAfee, such as Norton Internet Security, Zonealarm, but I'll rant about that later :)
Friday, February 15, 2008
Many people will recognise this "issue" in XP after being infected with latest Vundo/Virtumonde variant.
This one decides to change the Local Disk icon into a red cross - the "Windows delete icon".
What happened here is, an extra key "DriveIcons" was created under the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer key in the registry. The DriveIcons key is not a default key in Windows XP. This one is only created if you want to change your Drive Icons.
An export of the key shows this:
Windows Registry Editor Version 5.00
In this case, it was set to the "Windows delete icon" (IconFile=shell32.dll,131)
To fix it, all you have to do is to delete the DriveIcons key in the registry.
To do this with a regfix:
Open notepad and copy and paste next in it:
(don't forget to copy and paste REGEDIT4)
Save this as fixicon.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Thursday, February 14, 2008
People who are using Vista are already familiar with the embedded Instant Search box via the Start Menu.
Basically, you can run almost every application from there. Just type the name of the exe in the Search Box and hit enter.
If UAC is enabled, you'll get an extra warning first, where you have to allow the application to run.
If you want to run the application with administrator rights, then type the name of the application in the Instant Search box, but instead of enter, use CTRL-SHIFT-ENTER
The only, although important issue I see here is the fact that the embedded box is called Search, but you can actually run applications from it.
A user gets infected...
UAC was not enabled in the first place.
Even in case if UAC was enabled - malware may disable it again.
User follows some online instructions where it is explained what files to delete.
Starts Taskmanager to end the badfile.exe process in case if it's running.
Then via the start > types the badfile.exe in the embedded Search Box and hits enter...
Whoops! It's running again and downloads everything again that was deleted previously (this in case if it's a bundled installer)
Yes, the Search Feature has much improved in Vista, but imho, as it says: "Search", it should search only, not execute if you hit enter.
Wednesday, February 13, 2008
I am still wondering why so many people use Registry Cleaners and System Tweaking Tools while they don't even understand what the Windows Registry is, and/or don't understand Windows basics.
"Fix errors now!" and "Make your Windows fast again!", that's how all these tools are advertised.
People download and install it - click the "Fix it all" - Button (since many of these tools have such button available) and then notice that suddenly some programs won't work anymore, errors appear and in worst case, their Windows won't boot anymore...
Yes, I've seen it all... and many still won't believe that this may be a result of these tweaking tools, because after all, they are "supposed" to improve system performance, prevent errors and make a system more stable. Huh?
In most cases, people don't have any problems in the first place - but want to use these tools anyway.
I have to admit that there are some good "tweaking tools" around as well, but you shouldn't use these if you don't have basic knowledge about the registry and Windows in general. Only delete keys if you're certain that they can be deleted. Disable services if you're certain that you don't need them, let it set policies if you understand what they do etc..
Registry Cleaning won't really improve system speed anyway. Even though there are a lot of orphaned keys/values present, you won't notice a difference in system speed. The only difference you'll notice is when you actually search in your registry - but how many people do this?
On the contrary, as a matter of fact, if you "clean" the registry frequently, it actually becomes more fragmented after a while - and *that may* result in slower system performance, although you won't notice much difference.
I rather prefer to have a lot of orphaned keys in the registry, instead of keys/values that were deleted by a registry cleaner, which were not supposed to be deleted in the first place. And that's the risk of these Registry Cleaners, because many list keys/values as orphaned or unneeded while they are actually needed.
After all, a broken registry is a broken Windows.
The same goes for tweaking tools. Tools where you can select to disable certain services and add certain policies. The "Fix it all" button is also available in most cases, or an option where you can check/select several settings - and the more settings present, the more people believe that checking/selecting them all will result in a superfast computer...
Oh yes, check them all .... and complain aftwards:
* "Help! I'm having problems with Windows updates/Automatic Updates!"
Yes, because you disabled BITS, you disabled Automatic updates, or you have set some restrictive policies related with Windows update
"Help! My add/remove programs list is empty!"
Yes, because some Registry Cleaners unfortunately delete the Uninstall key in the registry - reference here. Only new programs installed will be listed there... (See picture above)
And so many more... Check out this thread for more opinions.
So, don't use them if you don't understand these tools.
After all, Don't fix when it ain't broken!
1. Make sure you have an Antivirus, Firewall and Antispyware scanner installed.
If not present, here are some I recommend:
Make sure you DON'T download and install any scanner present on this list. These scanners are blacklisted because of their questionable reputation.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.
I also suggest to perform an online virusscan once in a while. Because what one virusscanner can't find another one maybe can. You'll find some good Online scanners Here.
2. Make sure your Windows is ALWAYS up to date!
An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://www.update.microsoft.com to download and install the latest updates.
Effective July 11/October 11, 2006, Windows 98, Windows 98 Second Edition, Windows Me, Windows XP SP1 and SP1a will transition to a non-supported status. Read here for more info:
So make sure you update!
Also read the article Unpatched Windows PCs fall to hackers in under 5 minutes.
Also, not only your Windows should be up to date, but also the programs you are using. This since many programs may contain Security leaks. To find out if your programs are up to date, run the Secunia Software Inspector.
3. Stay away from illegal/questionable sites.
This is one of the main causes why a computer gets infected. Visiting cracksites/warezsites - and other questionable/illegal sites is ALWAYS a risk. Even a single click on the site can be responsible for installing a huge amount of malware. Don't think: "I have a good Antivirus and Firewall installed, they will protect me" - because that's not true... and even before you know it, your Antivirus and Firewall may already be disabled because malware already found its way on your system.
Also, if your computer is infected, you are responsible for infecting a lot of other computers as well + sensitive data may be known. That's a big risk you are taking, just because you don't want to purchase software or don't want to use a free alternative. Read this article: http://miekiemoes.blogspot.com/2008/06/neverending-story.html
4. Be careful with mail attachements!
Malware spreads via email as well, especially email attachements.
The most common ones are emails telling you that your computer is infected where you'll find the removal tool in the attachement, emails telling you that your password has changed which you'll find in the attachement, mails with productcodes in the attachement from software you purchased (while you didn't), attachements with so called Security updates etc etc...
Don't trust these mails, don't even open them but remove them immediately instead!
It may also happen you receive a mail from someone you know, but with a questionable attachement present and strange contents in the mail. In this case, this person - or someone else who has your address in his/her addressbook - is infected with malware (worm/spambot) and sends these mails without being aware of it.
Don't click links in emails from someone you don't know, because these links can redirect you to sites where malware gets downloaded and installed.
Mailwasher is a free and great Anti-spam tool which gives you the option to view your mails on the server, sort them and delete the spam mails and other suspicious mails directly from the server without them downloading to your mailbox.
For people who get dozens of spams daily, read this great article where it explains spam and how to deal with it: I hate Spam
5. When surfing...
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.
* Be careful when watching online videos, especially when they ask you to install a certain codec to watch the video. By default, your mediaplayer should already have the necessary codecs installed to watch online videos. In case you're prompted to install an additional codec while trying to watch a movie online, it may be a false alert and this so called codec may install malware. More info here and here.
* Don't install plugins (ActiveX) if you're not certain what it is or why you need it.
A great program is SpywareBlaster. SpywareBlaster doesn`t scan and clean for malware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
How to use SpywareBlaster
The MVP Hosts File is a great addition to block bad sites. This is accomplished by blocking these sites through the hosts file.
Install Internet Explorer 9 or another alternative browser like Firefox or Opera for more secure surfing. (However, keep in mind, as long as you don't stay away from illegal/questionable sites, no browser will be secure enough)
6. Watch what you download!
If you want to install certain software, always go to the developer's site to download the software from. Then you can be sure you're downloading and installing the right software.
Beware of the fact that certain software (especially freeware) may contain/bundled with extra software including spyware/adware. So only install it when you're sure they are OK.
Read here for more tips about safe downloading.
To find out if what you download is ok and get more information about the intentions of software and other bundled components such as spyware/adware which may be present, use EULAlyzer. EULAlyzer scans the End user license agreements (EULAs) most software should show during install and provides a detailed listing of potentially interesting words and phrases, discovers if the software you're about to install displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, or much much more.
The use of P2P Programs like Kazaa (which is bundled with adware/spyware btw), Limewire, Torrentsites, Emule, Bearshare... is always a risk, because you can never be sure what you exactly download. It isn't always what it looks like. Important to know is that many P2P Programs are also bundled with unwanted software (spyware/adware). To find out which ones are safe to use and which ones are infected, take a look here.
Also read this article about the risks of using P2P Programs.
7. More info....
... and tips how to protect your Pc, Protect yourself and Protect your Family:
* Microsoft - Security at Home
* Top Ten excuses why people don't want to secure their computer and why they are wrong - by Budfred
* How did I get infected in the first place - by TonyKlein
* Prevent Re-infection
* Simple and easy ways to keep your computer safe and secure on the Internet
There are several reasons why your computer can be slow. Especially when it happens suddenly, then it can be slow because of malware (spyware, adware, trojans, viruses..) present. However, it's not always malware causing this.
Installing new software which may not be compatible with other software present already, a fragmented drive, uncontrolled applications, lack of maintenance, a full disk etc etc.. cause a serious system slowdown.
A lot of programs running in the background may cause a system slowdown as well, as they will steal away trace amounts of memory and processing time as your computer runs.
It is also a fact that older computers run slower than new computers. Unfortunately there isn't much you can change about this.
So, when your computer is slow, use next troubleshooting checklist to improve Computer Performance:
1. What are the Specifications of your computer, especially RAM (128MB, 256MB, 512MB, more...?)
To find out, rightclick My Computer and choose Properties > General tab.
If less than 512MB, pay attention to what software you install (memory requirement and processing time) and make sure you don't let them all starting up with windows. The more programs that start up with windows, the more resources they need > result > slow computer.
Every computer needs Security software installed (Antivirus+Firewall) and should start up with Windows/run in the background.
This is called the Real Time protection. In case you are having 512MB or less, choose an Antivirus and Firewall that doesn't require that much memory and processing time. So don't install "heavy" programs like Norton, Panda, McAfee, TrendMicro... in such cases. Because even though 512MB is enough to run them smoothly, keep in mind that there may be other programs installed/running in the background which require a lot from your processor as well.
So be selective here and check the system requirements first before you download and install them.
Even though you have more than 512MB ram and you have one of above Security Suites installed, test if it causes the slowdown by temporary uninstalling it (disconnect from the internet in a meanwhile) and see if that improves system speed. If so, then reconsider another Antivirus/Security Suite. Look here for the ones I recommend.
I am especially talking about Norton (Norton Internet Security), McAfee Security Suite and Zonealarm because they are known to cause a serious slowdown on some systems. Zonealarm mainly causes a startup delay.
This is the same for other software. Desktop enhancement tools, for example Window Blinds, XP Visual Styles, DesktopX.. may also slow down your system.
Also take a look here: What Really Slows Windows Down.
Don't let several programs start up with Windows if you don't need them right away. Many programs add a key in the registry automatically during install to let it start up with Windows. So once Windows has loaded, these programs stay running in the background without you really needing them. You can always start these programs manually via Start > All Programs when you need them. However, it is still important that your Antivirus and Firewall stays enabled and starts up with Windows.
All the rest is optional and it's up to you to decide which programs you think are useful to start up with Windows or not.
To disable some programs from starting up with windows, go to start > run and type: "msconfig" (without the quotes). Select the tab "Startup" and uncheck what you don't want to start up with Windows. You can always enable them afterwards again by selecting them.
If you don't know some programs listed there or unsure if they are needed or not, leave them enabled, or use RubberDucky's StartUpLite.
This will display all unnecessary startupentries - so actually, everything it displays there is not necessary to start up with Windows.
The choice is up to you whether you need some to start up with Windows (in that case, select "No action" for them) - but you can always start them manually via start > all programs.
(Do not choose the "Remove" checkboxes, because this will delete it from the Registry - only select the "Remove" checkboxes if you are sure you don't want to enable them again in the future)
2. Don't install more than one Antivirus and Firewall with Realtime Protection enabled.
This is a common mistake many users make. They think that having more than one Antivirus and Firewall installed will protect them in a better way. It won't.. On the contrary..
Rather than giving you extra protection, it will seriously decrease reliability and effectiveness ! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also, if more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. It happens quite a lot that a system won't even boot properly because of more than one Antivirus and Firewall installed.
When having general computer problems and you have more than one AV/Firewall installed, this can be the main cause of your problems.
Concerning Antispywarescanners, it's ok for you to install more than one.However, it's not advised that you let them all start up with Windows, running as a Real Time scanner. Only keep one running in the background and disable the rest, because AntispywareScanners are also resource hogs. They are actually all doing the same, so it's really not needed to have more of them running in the background. After all, you do not use more than one different vacuum cleaner either to clean your carpet with.
Just let the Antispyware scanner(s) scan once in a while on demand.
3. Clean forgotten programs
Many users install Software and leave it installed without ever using it. They only use it a few times and never use it again because it's not exactly what they were looking for or not necessary anymore. In this case, uninstall them if you won't use them again.
In case you have software trials installed, keep in mind that most trials only work for a certain period of time. Once the trial expires, if you're not planning to purchase it, there is really no need to keep it installed, even running in the background/using extra disc space. So uninstall them.
To uninstall programs, go to start > controlpanel > software > add/remove programs and select what programs you want to uninstall. Make sure you reboot afterwards!
4. Clean unused files from your system
Deleting unused files allows Windows to run faster by freeing up valuable hard disk space.. These unused files are especially Temporary Files, URL history, cookies, Autocomplete form history, files present in Recycle bin...
Easy steps to do this manually:
1) Clean Cache and Cookies in IE:
* Close all instances of Outlook Express and Internet Explorer.
* Go to Control Panel > Internet Options > General tab
* Under Browsing History, click "Delete". This should open a new Window.
* Click "Delete Files", "Delete cookies" and "Delete history"
2) Clean Cache and Cookies in Firefox (In case Firefox installed):
* Go to Tools > Options.
* Click Privacy in the menu..
* Click the Clear now button below.. A new window will popup what to clear.
* Select all and click the Clear button again.
* Click OK to close the Options window.
3) Clean other Temporary files + Recycle bin:
* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Click ok to remove them
There are some free programs doing this automatically for you. Some of them I recommend are:
* ATF Cleaner
Check your Cache size in Internet Explorer to see if it has the recommended size. If the Cache size is set too low or too high, it can cause slower performance. You can check the Cache Size under Tools > Internet Options > General Tab > Temporary Internet Files > Settings (button) > "Amount of disk space to use". Ideal would be between 50MB - 100MB.
If you have XP, and you have System Restore enabled (recommended), it won't hurt to delete all previous System Restore Points except for the latest one.
This because System restore points may use a lot of disk space as well.
To delete all restore points except the latest one, rightclick your drive (C:\ for example) and select "properties".
Click the "Disk Cleanup". Click the "more options" tab and select "Clean up" in the System Restore dialog box.
Sidenote.. I do not recommend Registry Cleaners. This because some may rather damage than cleaning/fixing your registry.
Only use it if you have basic knowledge about the registry and know if a certain key/value is safe to be removed or not. Cleaning the registry won't really improve system performance anyway even though there are a lot of orphaned keys. If registry cleaning was really required, then Microsoft would have added this option already imho.
So use at your own risk. After all, a corrupted registry is a corrupted Windows.
Also, many people use tools to "tweak" Windows in order to improve system performance without really understanding what they are doing. Other people may instead manually tweak Windows settings such as disabling services, modifying the registry etc.
When doing this, it is important to be careful and fully understand the settings you are changing. Otherwise, this tweaking may not improve system performance, but actually cause future problems.
Just don't fix when it ain't broken.
5. Defragment Your Computer.
A fragmented drive causes a slow system.
Easy steps to defragment your drive:
1. open My Computer.
2. Rightclick on the drive you want to defragment and select "Properties".
3. Click on the Tools tab.
4. Select Defragment Now....
If all above steps were performed and you're still having the same problems - then check the IDE channels to see if they are running in PIO or DMA mode.
To do this, go to start > run and type: devmgmt.msc in order to open the Device Manager.
Doubleclick IDE ATA/ATAPI-Controllers > rightclick the Primary IDE Channel > Properties > Advanced Settings tab
In the Transfer Mode dropdown list - it should be set to "DMA if available"
Read here and here for more info.
The PC Pitstop Full Tests runs some tests on your computer and displays the results afterwards + tips how to fix certain problems.
For more detailed info how to Restore Your Computer's Performance (XP), read here.
In case above steps didn't work to improve speed/system performance, then you are most probably dealing with a Hardware or Malware issue.
Many people already asked me where "miekiemoes" stands for. This is a dutch dialect for Mickey Mouse. People already call me like that since I was 5 years old or so. This because my realname is Mieke, I'm not tall and "fast as a mouse"
(although I am not that fast anymore :) )
So that's why I started to use this name on the internet as well.
My main interests are my dogs and the internet.
I have 3 American Staffordshires. I used to breed them but unfortunately I don't have the time and space for that anymore.
And my other interest: The Internet.
In 2002, I bought my first computer and I still remember the first day I had my computer - I had to call my brother how to shut this thing off. :)
I really didn't know anything about computers - but that changed very soon....
I love to learn, so that's why I started to learn basics about Windows. Then I wanted to learn more about websites/webdesign - made some websites, learned how to use flash etc..
After a while I was bored with this, so I wanted to learn something new - and that's how it all started - what I am doing now.
At the time, when I was still into webdesign and flash, I registered at some forums to ask for help. I've noticed that there were a lot of subforums present related with Windows Security, and everyday A LOT of new posts were added there. I wondered why these subforums were so popular, so I started to read these posts and it came to my attention that most Windows related issues were a result of malware present.
So I wanted to know/learn all about this, because it was a real pest then and still is a real pest nowadays.
So I started to follow these posts, reading the instructions/solutions, trying to understand them and asking questions.
After a while, when I saw a similar issue somewhere else, I could help these people as well since I've learned a lot in a meanwhile.
But I always wanted to learn more and more and more.... and that's why I registered at several other Security Related forums to gain as much info as I could.
I started to help people there as well and even started to teach people who wanted to become a "malware fighter".
In a meanwhile I also started with my own small Dutch Security related forum where I guide people with malware removal. I also created some hidden forums there where "Helpers" could share their expertise and thoughts.
Now we are 3 years later and I am still doing the same. I gained a lot more info, learned a lot about Windows in general, the Registry, malware, random troubleshooting etc..
Microsoft also awarded me for my online contribution so since April 2006 I became a Microsoft MVP - Consumer Security.
I've also deleted my old forum (it was a phpbb forum) and have started with a new forum and new forumsoftware (MyBB) - more secure and more options present.
You can find my forum here: Mivercon Security Forum
So for support, you can always ask your questions there. It's a Dutch forum - but we also give English support
I finally decided to start my own Blog.
Even though I am not a "writer" - there are so many things I want to share with others.
Still don't know how this works yet - as I said, this is my first blog - so in the beginning it will be a matter of tinkering with the settings here, add posts, delete them again, test settings (oh yes, I love to test)..
So what can you expect here?
Ehm... well, I still have to figure that out myself.
But you can expect some tutorials and articles I've written in the past, Windows/Security related and ofcourse some new tutorials + thoughts.
Oh well, we'll see how this evolves. :)