Ducktoes Spyware Blog

There’s no way a tech can remove and clean up all the spyware on a badly infected machine in just a couple of hours. So, if you remove the spyware on-site, you end up having to charge a lot to remove a little. It’s better to take the machine “to the lab,” and run and apply all your removal and clean up strategies. Since then you can also do other things, like write your blog, or change out someone’s video card, while you are running everything, you can afford to charge for just a couple of hours of labor, while you work on the computer for 12 or 15 or more. Also the client doesn’t end up paying a huge amount to have spyware removed. Once you have the computer “at the lab”, do your magic. If you want suggestions on what to do follow my anti-spyware guide and then speed up your client’s computer while you’re at it, by following the suggestions here on the Ducktoes Tutorial.

The only difficulty is with clients who don’t want you to remove their infected computer. Then you have to do the best job you can within a short amount of time. I recommend installing Spyware Doctor and run it. Click the below ad.

Yesterday I received an e-mail purportedly from Hallmark cards telling me a friend had sent me an e-card. I immediately knew it was fake but was surprised that it led not directly to a phish (phoney) website but to a trojan download. So don’t click the link; it’s not from a friend but a cyber-criminal.

I cut and pasted the e-mail here in italics. (Notice the error in the subject line, “send” instead of “sent.”. Often fraudulent e-mails have misspellings or display poor English.)

From: “Hallmark Cards” Subject: You have a card send from a friend!
Date: Mon, 5 May 2008 03:18:53 +1000
Hello ,
A friend has sent you a Hallmark Ecard
Click here to view your Ecard .
If you would like to return an Ecard to him simply go to http://ecards.msn.co.uk/
MSN
in association with
Hallmark Cards
Your privacy is our priority. Click the “Privacy and Security” link at the bottom of any page on http://ecards.msn.co.uk/ to see our privacy policy.

The link to view the e-card immediately initiated a download of the malware trojan horse . So beware an e-card from a unspecified or generic friend. I suspected something was amiss because the misspelling of “send” instead of “sent,” an unlikely error for a major retailer like Hallmark. Also it didn’t say which friend had sent it, which e-card e-mails usually do.

Click here to see what Hallmark says about these fraudulent e-cards.

I knew it was a phish (fraudulent) and wanted to report it to Phishtank so that is why I clicked the the link. However, instead of taking me to a phoney website, it started downloading the spyware immediately. To click the link, I deliberately used a Mac as a precaution. Macs are not susceptible to most spyware. Afterward, I ran my Mac virus software anyway. But I thought I would warn you. I still don’t know how to report it to Phishtank. I wrote to them but they didn’t write back. Sigh. Another unrequited relationship for Ms. Ducktoes.

Zapchast Trojan is the trojan. It is the most dangerous kind. It allows the criminal to take control of your computer. Click here for removal instructions. They are difficult, I warn you.

Now Ms. Ducktoes wants you to be a get all your ducks in a row and make sure your anti-virus software is working, or if you’re too much of a newbie to understand or know what you’re doing yet, get a friend or co-worker to help you. And to train you. Or hire a techie to check it and train. Ignorance is not bliss when it comes to computers.

1. Make sure your anti-virus is downloading updates regularly and running scans automatically and that if it is a paid subscription, that you have paid on time. Don’t be without working anti-virus software for one nano-second. It is like tossing your computer out a second story window. The result’s not pretty. If you are fond of your computer or what is on it, take charge.

Also a reader of this blog who really knows his stuff has recommended Avira for an excellent anti-virus software. Here’s the link. I used it on a client’s computer and it worked well. It found and removed viruses and didn’t use up all the computer’s resources. That’s called having a small footprint. And it’s free for personal, home use. Don’t put it off. Here’s a link to his comments (you’ll have to scroll down).

2. Also use a different browser besides Internet Explorer. Use Firefox or Opera.

3. And after you have done all that, get anti-spyware too. Click here to see how to do that.

Anti-virus, anti-spyware, Firefox or Opera, and you’ve protected your computer, your wallet, your identity.

For more information click here.

For you techies among my readers, always make sure the client has working and up-to-date anti-virus and anti-spyware. Do this check as part of your routine. Tell them where they are amiss and install both if necessary. I recommend both manual anti-spyware such as Spybot and Ad-aware SE and one that runs in real time. The best are Spyware Doctor or Spy Sweeper but Windows Defender is better than nothing. Read the next post on this blog for more hints for techies.

As always Ducktoes to the rescue!! If you live in the Calgary area give us a shout or even if you don’t.

Ta ta for now.

I don’t know if you noticed but this blog has been hacked. Instead of relevant Google adsense ads about spyware and viruses and computer-related services, unwanted prescription drug, credit, ringtone ads were being displayed. They still are if you go to some of my individual posts. So someone has interfered with the ads and redirected them to their own. For their own mercenary gain, obviously. I don’t know why they don’t write their own blog and put prescription ads on it, instead of on mine. To fix it, I asked for Google’s help and also Wordpress forum support. I also tried to upgrade the Wordpress blog to 2.5, which is more secure, but made a mess of and had to backtrack and use a backup. I learned how to input the backup text into the MyPhp server, which was interesting once I figured it out. Anyway the comment feed and other feeds don’t work yet, so I may have to hire a php specialist to help me. Maybe Google did do something because last Friday night the bad ads were replaced with the normal ads, and now are only hiding out on a back page or two.

Polly is one of my favorite clients. Whenever I go to her house or office she serves the tastiest gourmet coffee and chocolates. And she is appreciative, worrying aloud that I’ll be snapped up by an offer I can’t refuse, as her last computer tech was, and no longer be available to fix her computers. No computer dummy herself, she’s a whiz at databases and spreadsheets. She made a spreadsheet that tells how many days until her nieces’, nephews’ and friends’ birthdays. Her gardening database lists all her favorite seeds, where to buy them, and when and where in her yard to plant them.

This week I showed her the Task Manager and she became excited. Pleased at her interest, I showed her how to hold down the ctrl-alt-del keys simultaneously and after Task Manager came up what was available on each tab. “On the applications tab,” I told her, “all the software programs that are running, such as Word or Internet Explorer are listed. On the Processes tab, the processes running in the background are displayed.”

Polly sniffed. “I was hoping for a program that makes a to do list,” she said.

“This is better than a to do list,” I said. “If your Word program freezes you can force Word to quit, so you don’t have to turn off the whole computer. You just press ctrl-alt- del and select the program and voila, Word quits.”

Polly raised an eyebrow. She went into the kitchen and came back with the coffee pot. She poured more into my cup. “That’s why I hire you,” she said. “You really like the stupid, boring stuff that makes computers work.”

The next week when I went to her office to install a new computer, she showed me her new To Do List spreadsheet she’d made. But when her old computer froze she pressed ctrl-alt-del and forced quit Internet Explorer. “I do learn from you,” she said. “But all that stuff still bores me silly.”

As far as spyware is concerned, sometimes you have to go into Task Manager processes and stop a few of the bad processes to allow the anti-spyware and anti-virus software to work effectively. To learn what processes are legitimate and what are caused by spyware, go to this website. Or else restart the computer and go into Safe Mode and run the anti-spyware from there.

And I don’t mean music, although operatic music is wonderful too. I mean Opera, the browser. A reader of this blog (Italian, I think) said it was the safest browser out there. So I’m going to check it out. You can too. Click here to download it.

I still love Firefox. And highly recommend it. It may not be as safe as Opera but it is safer than Internet Explorer.

Are you still using Internet Explorer? Then Ms. Ducktoes will have to be severe with you!! You are courting disaster. Switch to a safer browser. NOW!!

Download Firefox below today!!!

Six people have come to this site in the last two days looking for help with Win32 Bho.je. Another reader told me that Spybot cured the same malware on his computer after Spybot’s March 26 update which included the “browser helper object” in its definitions. I’d love to hear what the specific symptoms of this trojan are like on your computer. It would be great if you’d tell me about your experience. Thanks so much. And try downloading Spy bot and see if it gets rid of your Win32 BHO.je. We need to find something that works for people. I got rid of it on an infected computer but used several anti-spyware and am not sure of which one finally did it.

This is a sidetrack. Lots of people ask me how they can start a blog. It really is quite easy. But if you feel daunted by the set up process, I can make it easy for you. Of course I designed and maintain this blog Ducktoes Spyware Blog. I use Wordpress. And I also designed this blog on Typepad: David Trigueiro’s Idaho.

Yes, I’m a also web designer besides being a spyware zapper and computer tech. I can put Google ads on your blog too, if you’d like to earn some money from your writing. So if you want a blog, e-mail me. It doesn’t matter where you are geographically. Get your webfeet wet, today!!

This week I’m fixing an old Toshiba laptop that was loaded with spyware. It had all these spyware:

1. Adware BHO Generic
2. Win32 Trojan PSW Sinowal
3. Win32 clowsd
4. Alexa Related
5. Microsoft Windows Security Center Virus Override
6. Microsoft Windows Security Center Firewall Override
7. Microsoft Windows Security Center SP2 Update Override
8. Microsoft Security Center _disabled
9. PWS LDPinch IE
10. SC Keylogger
11. Smitfraud - C.generic
12. Win32. Alphabet.ap
13. Win32. BHO.je

The laptop actually had more than this but I didn’t write them down before I got rid of them. I used these three anti-spyware applications to get rid of the spyware: Ad-aware SE Personal, Spybot, and Spyware Doctor (my new favorite anti-spyware, although it’s not free.)

The fascinating spyware I love to hate, is one that places a program in the Startup. Everytime I tried to run AVG anti-virus, the spyware would start this:

HKLM\…\Run:[KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

And immediately a system dump would begin with a blue screen of death and, I’d have to restart the computer without being able to run a virus scan.

The client and I decided to reinstall the operating system since she didn’t need anything on her harddrive. It’s an old laptop she uses for e-mail only. But normally I would have run all my anti-spyware tools, anti-virus (I prefer AVG), plus rootkit tools (see my rootkit post.) I like to get rid of spyware without reformatting, as most computer repair services do. They immediately reformat!!! Not Ducktoes. Ducktoes does anti-spy without data-fry!! So businesses and people can lose their spyware but keep their data. That’s what Ducktoes specializes in.

If you really want to learn about Internet Security, including viruses and spyware, there is a free course you can sign-up for on About.com that has lessons and quizzes, so you can read the material and then see how much you have learned. Here’s the link.