When technical support stinks

Never trust technical support.

Someone I know was expecting an Email but never received it. She is the typical Internet home user. Surf the Internet, Skype and Emails.

She contacted Google [somehow] because she uses Gmail. Unsure what – if anything – they based the fact the Email hasn’t shown up that she had some type of Trojan. This would be the reason that an Email is blocking web based mail from arriving on her computer? [She is using their website – not Windows Live Mail or whatever.]

Next she contacted her ISP. She must have described the symptoms because they said she also had a Trojan on her system. Now except for bandwidth and traffic testing, unsure if they ever did get into the computer. [I didn’t mention who they are but they don’t have the brightest people working for them anyways. As a hint of who they are, they are quite large in Canada.]

Finally, she uses Avast free edition for her anti-virus. Now I am definitely not a fan of Avast. A few years back, a company I was working at used Avast Pro [centrally managed] version. Would you believe it couldn’t even detect that fake anti-virus software that was all the rage a few years ago when it reported hundreds of malware on a system without even scanning. [The Avast clients were up to date.]

Back to the story. She managed to contact them. I was told they accessed her computer and said her system was infected.

Get this: They wanted $199 to clean up the system. Why? The free version [she was told] may not clean up everything – unlike the paid version.

So basically what is the point of using their software when it won’t even detect all malware – let alone clean them?

So she called me over.

  • I ran Malwarebytes Anti-Malware and it detected nothing.
  • I ran Microsoft’s Autoruns to see if anything fishy is loading up and found nothing.
  • I looked at the Avast quarantine and was empty [you figured it would have found something].
  • I updated Avast to the latest version and ran a full system scan. Nothing.

There has been nothing funny going on with the system. No pop-up messages. No delays.

On the other hand, it is Avast. Maybe it doesn’t detect malware.

[Oh. I had suggested something else but she declined.]

[As well, I sent her an Email and she got it almost immediately.]

Computer tip: Resetting Internet Explorer

Either by malware or some crappy toolbar, something will take over your home page and/or search engine in Internet Explorer. Sometimes you feel that things aren’t quite normal but you don’t suspect malware or anything.

The following procedure will reset Internet explorer by removing certain settings. It will disable just about every add-on and toolbar. So you will need to enable the ones that are required such as Adobe Flash Player [listed as Shockwave Flash Object], maybe Java, etc.

Note: Once the reset begins, you can’t go back!

Note: Try the procedure below. If it doesn’t work, then try what is mentioned in the last paragraph. The reason I say this is that the last paragraph will do a more serious job and may be unnecessary in some cases.

  1. Click on the Tools menu in Internet Explorer.
  2. Scroll down to the bottom of that menu and click on Internet Options.
  3. Select the Advanced tab [last in the window].
  4. Click in the Reset… button at the bottom of the window.
  5. Click on Reset. Don’t check the box next to Delete personal settings in the window.
  6. When done, exit Internet Explorer and then open it up. You will have to change your home page and other settings. When asked, choose the express settings.

If this doesn’t work, follow the same procedure above except at #5, check the box next to Delete personal settings in the window. This does a more complete reset as if you used IE for the first time.

Computer Tip: Helping to protect Internet Explorer

Here are a couple tips to secure Internet Explorer on a stand-alone computer [could apply on a domain as well]. Both of these tips would help prevent having crap like MyWebSearch or Conduit “software” from taking over the browser.

The first tip is to disable the changing of the home page in Internet Explorer.

To apply to all users, use the following registry setting:

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]

On the other hand, if you just want to apply the setting to an individual user [usually on a multi-user computer], use the following setting:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

At any time, you can change the default home page by exiting Internet Explorer, change the settings to zero, go into Internet Explorer and change the home page, exit Internet Explorer and then change the setting back to one.

No reboot is required. Internet Explorer 7 or greater required. When enforced, the option to change is greyed out.
In the second tip, you can prevent changing the default search provider. While you can have more than one provider and can manually choose a different search provider for a particular search [unsure why someone would do that], most will stick with one and have a backup.

To apply to all users, use the following registry setting:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]

On the other hand, if you just want to apply the setting to an individual user [usually on a multi-user computer], use the following setting:

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]

Note: It doesn’t stop the option “Prevent programs from suggesting changes to my default search provider.”

No reboot is required. Internet Explorer 7 or greater required.

Why MyWebSearch is not considered malware it is considered by most as spyware. It obviously uses its own search engine and those who created it are getting paid by unethical people to place their links first. [Hmmm, does Google do that? Another story.] Conduit software isn’t malware either but it seems to get into any browser. It probably more nuisance-ware than anything else. But like MyWebSearch, few like it.

These and others can be preventable by reading what the installation update software is doing to your system. Don’t just click “Next” all the time. Even better, if given the option choose a custom installation [hopefully you do get a way to make sure this crap can be avoided.

As usual, you should test the changes first in a non-production environment [where applicable] first before applying. Also as usual, use at your own risk. Unsure how to use the registry settings or unfamiliar with the registry? Ask a professional.

A reminder to use strong passwords

Here we go again.

I know of someone who had their Email account hacked.

I was able to figure it out quite easily that something was fishy. One clue was that I rarely get Email from the individual. Another clue was that the message was generic in principal but sent to “undisclosed recipients”.

Anyways, a reminder that if you use weak passwords it will also eventually affect others that you know. For example:

  • The hackers know your password. They can now see if you used the same password on other sites such as Facebook, Skype, other Email accounts, etc.
  • The hackers could use your contacts in the hacked mail box and sell the contacts to others.
  • The hackers could use your contacts to send out their own spam, messages containing malware, etc.
  • The hackers could try and send out a fake message from you stating that you are [for example] stranded in a foreign country, lost your passport and wallet and need money]. I’ve seen this happen a number of times.
  • The hackers could attempt to extort money if they find information that could be bad for you or who you work for [proprietary information, illegal activities, etc.].
  • The hackers could use proprietary information found in your account and sell it.

Think of how your friends, co-workers or clients will feel if they clicked on something they should have or think of how unprofessional they will think you are if they received any of this crap.

Therefore, the next time you use a weak password, think of the consequences before you use it.

If you have problems keeping track of passwords, download software such as Keypass (http://keepass.info/download.html Windows with porting to iPads, iPhones, Androids, Blackberries, etc.) or Password Corral (http://www.cygnusproductions.com/downloads/downloads.asp Windows only). Most password software will encrypt the data [verify before using].

Keeping passwords in a book is dangerous [could lose it] or in an Excel or other document are unsecure.

Warning about the DNSChanger malware – July 9th deadline

Google is warning users whose computers are infected with the DNSChanger malware when they use its search engine. Users whose computers are found to be infected are provided a link to directions for removing the malware from their computers.

DNSChanger initially redirected users to sites with advertisements the attackers wanted them to view. Authorities [with the help of Microsoft and some other companies] seized the malicious servers and replaced them with their own, which redirect users to the proper sites, but the court order allowing them to operate those servers expires on July 9, 2012; any infected computers will not be able to reach the Internet after the servers cease to be active.

You can check by going to http://www.dns-ok.ca/  which is a website created by the main domain registrar for Canada. You should also run the same test prior to July 9th.

For your reference (for a very basic definition):  A DNS server is a server that resides on the Internet. Your Internet provider as well as independent companies or organizations will have them. The DNS server translates your request for a web site in your browser [i.e. www.wordpress.com] into an Internet Protocol [IP] address or in reverse. Think of an IP address as a street address. Each street address has to be unique. While your information requests jumps around from location to location seeking the destination, only the IP address is used.

Now if someone is hijacking the DNS server [via DNSChanger] that you are using [using malware], you would notice incorrect web sites requested, anti-virus disabled, pop-up windows and other issues.

Watch out for phishing scams by phone

This is a true story. A friend of mine was almost scammed.

If you get a phone call from someone claiming to be support staff from a company [generally Microsoft, your internet provider, etc.] and claiming that your system is infected – be extra cautious.

Note: If your system was infected for real, you probably would see your system a bit slow and/or pop-ups would be showing up.

The ‘support” person may ask you for your phone number, physical address and Email address.

Ask them to give you information only they could have such as your account number for your ISP [if your ISP is calling], your version of Windows [if Microsoft], your actual name [note: if they just give you your initial, then it’s not enough], etc.

Note: They should have most or all of this if they were a real support company.

The “support” person may also sounds like they are from another country with an accent [some say from  India or Pakistan] and/or the volume of the phone call is low and/or line noise.

They will ask you to connect to a web site [or maybe send you the link by Email] and download and install some software. They then will ask you to connect to your computer to “fix” the problem. The software may be a something called LogMeIn, Ammyy Admin or TeamViewer. All allow someone to access your computer remotely [but they need permission first]. The software is legitimate.

From then on it is downhill. They will poke around, transfer data [Email addresses, Email, etc.] off your computer, search for financial information, etc.

At one point they will say it will cost [something like] $199.99 to fix the problem. They you know you are being scammed for sure.

Here are a few things to look for:

  • If it is from your internet provider, ask them what is your account information [or anything they should know]. Some may also have your birthday on file.
  • Microsoft, Apple, Dell, Hewlett-Packard and others will never call you about an infection. Not their problem.
  • Neither will Symantec [Norton], McAfee, Kaspersky or others.
  • As mentioned above, if your system had multiple infections, wouldn’t you have noticed anything out of the ordinary?

If you don’t believe me…..

For the technical, close down the application. Go to <user profile>\appdata\local\temp and delete everything [note that not everything is removable and may be in use]. Obviously adjust the location for Windows XP users. This will at least kill the application from running.

If you feel that you are being hit by the scammers, hang up and shut down or disconnect your ISP’s modem.