Major malware issue with recent Lenovo computers

If you are using or you know anyone using a Lenovo laptop bought within the last year, Lenovo has installed something called SuperFish. According to experts it is an encrypted form of adware. The software dumps ads and probably gathers personal information.

Until the situation is fixed, don’t use your Lenovo laptop for anything like using a bank web site or work related.

Uninstalling the software is not enough. You also need to remove a certificate.

Even that may not be enough.

If you have a Lenovo laptop, contact them for support…. And good luck.

[Updated: 2015/02/21]: After researchers went deeper into SuperFish this week, they found that it insert ads into random web pages and also tampers with computer security in such a way that an attacker could actually spy on all web browser traffic on the computer.

SuperFish allows attackers to see all the communications that’s supposed to be confidential such as banking transactions, passwords, emails, and instant messages.

[Updated: 2015/02/24]: The SuperFish CEO has denied that there software contains malware. Uh huh.

Meanwhile, researchers now saying at least 12 other products – including some used for parental control – are using the same developer’s kit.

Finally, Lenovo says it has created a package to properly remove SuperFish from the system.

Bypass the corporate update services

Don’t ask me when you would need it, but every once in a blue moon you may need to bypass your companies corporate setup for Windows Updates [the one that says that the Windows Updates are centrally managed].

I had that case recently but for not the regular reasons. Anyways the registry fix below would be good probably just for at most 90 minutes [the maximum time most group policies are applied is every 90 minutes]:

Windows Registry Editor Version 5.00

;
; Restart Windows Update service after running this
;

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoWindowsUpdate”=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
“DisableWindowsUpdateAccess”=dword:00000000

As the comment notes, restart the Windows Update services after applying. A reminder to leave blank lines in the appropriate places.

Reminder: Use at your own risk. Test before using.

Deja vu: Microsoft pulls 2 updates

Seems some things don’t change. Microsoft quickly [within 24 hours], pulled 2 updates released yesterday.

KB3013455 [MS15-010] has been pulled because of font corruption. This affects clients and servers.

KB3001652 has been pulled as systems hang during installation. To apply this hotfix, you must have Microsoft Visual Studio 2010 installed. So, it won’t apply to many. This one is still in the download section and the knowledge base page is still live.

Stay tuned for when replacements will be updates.

[Update 2015/02/11:] That was fast. KB3001652 is back with a revised version.

[Update 2015/02/12:] You are not going to believe this. Another patch issue. This time it is KB2920732 for PowerPoint 2013. after updating, many Office 2013 users are being confronted with a bunch of error messages and then nothing. PowerPoint will simply not start.

[Update 2015/02/12:] Seems the KB3013455 issue only affects Windows Vista with SP2, Windows Server 2008 with SP2 and Windows Server 2003 with SP3.

[Update 2015/02/13:] And the “hits” keep on coming. With Internet Explorer, there are up to 4 updates needed. If you allow Windows Update [or via WSUS] to install them, you will just see one. Otherwise you will see 2 or 3 [as one may or may not be needed]. Very weird.

Anyways, one of the ‘hidden” updates, KB3023607 is causing problems. It was designed to do away with Transport Security Layer (TLS) 3.0 but instead breaks Cisco’s AnyConnect VPN application. For a workaround [which may work] you will probably need to drop the compatibility. Close the Cisco AnyConnect Window and the icon in the taskbar. Right click VPNUI.EXE and VPNAGENT.EXE in “C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client” and select Properties. Click on the Compatibility tab and drop the level to a previous version of Windows.

Cisco has opened a priority case with Microsoft to fix the issue.

[Update: 2015/02/16:] OK. Microsoft claims the issue affects only Windows 8.1 and Windows Server 2012 R2 [which Cisco wouldn’t support anyways]. They released a “fix it” [ KB3023607 ] which will give a temporary fix by placing the executables in question in compatibility mode.

Microsoft claims that there is no issue with other supported version of Windows. I use the Cisco AnyConnect client for work. I received a message that a service related to the Cisco AnyConnect  client didn’t start but after doing it myself, I was able to connect with no issues. Could be just a coincidence. I’m using Windows 7 64-bit Enterprise.

An update for the PowerPoint 2013 issue has been release late in the day. See KB2956149.

Still no revised updates for the KB3013455 issue.

 

How to (hopefully) cure Cryptolocker

Cryptolocker is probably one of the major flavors of ransomware out there. You may notice it if at least one of the below is true:

  • Any file [i.e. more than one and different types] you open says it may be corrupt.
  • Anywhere there is an encrypted file, one or more notices are in the same folder where the file is.
  • Your web browser(s) default to where the web site to pay the “fee”.
  • You get a notice like below.

ransom1

Ransomware is where a computer you unintentionally click on an application you downloaded or a link and the software loads some malware onto your computer. Unlike the typical malware, ransomware will encrypt most of the typical data files [any documents that are associated generally with Microsoft Office, Outlook .PST files, PDFs, etc.]. It will then notified you that it did so and force you to pay a fee [usually $200 or more, most of the time using Bitcoins]. You generally have a time limit such as 3 or 4 days. After that your data is “history”.

There are a number of ways to combat ransomware but they depend on the type of ransomware.

If you have nothing “special” on the computer, the least amount of headaches would be to reformat and install Windows. You would probably end up doing this anyway.

You can pay the fee but it doesn’t mean they won’t come back.

You can try one of many tools at your disposal. Those tools include [and will work in various degrees of success]:

There is also the DecrypCryptoLocker which will allow you to upload a file [take something non-sensitive] and the site will send you a decryption key and an application to run to unlock your computer.

Even after you clean your computer of any malware, you are better off backing up your data, wipe the hard disk and re-install Windows. The ransomware may have still made your computer vulnerable to future attacks.

Early versions of ransomware actually left behind where you could find the decryption key. Newer versions have since fixed that. As well, sometimes the application that triggers the encryption may only begin after hours. So you may not see the issue until the following day [or after a weekend] and by that time, you lost hours if you decide to pay or not.

In December 2013 , Dell SecureWorks estimated that CryptoLocker has managed to infect 250,000 victims.

 

Smoking in a movie could affect movie’s rating

Seems we have another censorship push going on.

An Ontario [Canada] group is calling on the provincial film regulation board to include smoking as a part of how the board classifies films. In fact, if they got their wish, any film with smoking in it would get an “18” rating. This means if under 18, you must be accompanied by an adult.

An exception to the rule, according to the group, would be if there is some historical significance. In the movie The Imitation Game, set mostly during World War II, you would see people smoke in that era. This would get an exception to the rule as it was common then to smoke. The movie received a “14” rating in most of Canada, and as slow as “8” in Switzerland.

The group says that celebrities give an impression to their fans that what they do is OK. Maybe. But you don’t hear too many stories of people crashing into cars because they said their favorite celebrity just did it recently.

So if Benedict Cumberbatch or Keira Knightley smoke in that movie, it is OK. But not OK if the movie was set two years ago. They are still celebrities and by the group’s thinking, the only difference between the two is when the movie was set.

In India, regulations stipulate that if there is a smoking scene, a notice must be placed in the film warning of smoking. Hmmm. A nice way to kill the movie.

Wondering if [right wing] groups like this will further push to ban smoking in public such as walking on the street. There is less of a difference between the two.

In Canada, each province has their own film regulation board. So a movie that is “18” in Ontario could be a “14” in Quebec.

As a matter of fact, I don’t think Quebec’s board would even bother with smoking as part of its classification system. The board is probably the most liberal in North America. Remember the Tom Cruise/Nicole Kidman movie Eyes Wide Shut? For the rest of Canada it received an “18” rating for the North American film version. In Quebec, it was given a “14” rating for the European film version – the one that had more nudity.

Does this mean an adult [soft] porn movie and a movie that features some smoking should both get a “18” rating?

Oh even the web site IMDB has a parental guide for smoking as well as the usual issues such as alcohol, nudity, violence, etc.

Finally, in many new movies, if there is smoking in the movie, at the end of the credits, the movies now will show a disclaimer that no actor endorsed any of the cigarette brands depicted in the movie. Sheesh.

Microsoft drops Windows RT – buyers beware

Microsoft has officially pulled probably the last tablet designed for Windows RT [made by Nokia which they bough that part].

If you remember [or maybe not], Windows RT debuted with Windows 8 but was not the OS that people expected. Unlike the Pro edition which could run Windows 8 [desktop and laptop] applications, Windows RT could not and relied on developers to build Windows RT based applications….. But they didn’t build many and the OS suffered.

With the latest preview build of Windows 10 released, Microsoft also killed off any future of Windows 8.

Microsoft said that they will release an update to Windows RT that will have some features of Windows 10 but they didn’t mention which. Outside of security updates and firmware, it would be the last update to be released for Windows RT.

The last of the Windows RT tablets are still in some stores. Expect the prices to drop, but be warned not to expect much support for them.

Windows Server “Next” delayed until 2016

Microsoft has delayed the release of the server version of Windows 10 [probably Windows Server 2016] until sometime in the spring of 2016. No official reason has been given as yet.

Some have guessed a number of reasons which may be a valid reason including:

  • Extend the gap between the end of support for Windows Server 2003 and the release date of the new server version [push Windows Server 2003 to upgrade to Windows Server 2012 R2].
  • Too many bugs and issues still haven’t been resolved on the server side.
  • Microsoft’s ongoing strategy to try to convince more users to move to the cloud, since Microsoft is continuing with its mission to roll out new features for the cloud first.
  • A new server release just 2 years since Windows Server 2012 R2 is too fast.

 

Follow

Get every new post delivered to your Inbox.

Join 81 other followers