(before F-Secure, he was using Avast! antivirus. Oh, how far Avast has fallen…. It used to be my favorite)

Not knowing what to do for sure, he called The Restore Store. Before calling me, he called the ISP, since they were the ones providing the A/V that detected it. They said he was hosed and it was serious. I concurred.

I had read a lengthy article a while ago about the nature of this virus, Sinowal, aka mebroot.

F-Secure wasn’t offering to remove the MBR virus, only indicating that it was there. I did some research and, after doing a thorough backup, began to apply the tools commonly used to deal with this virus.

The problem was, nothing was detecting it. F-Secure was adamant it was there, but “official” sinowal hunting mbr scanning tools were saying everything was fine.

Was it a false positive? Doubtful, F-Secure is a good outfit, but still…

I booted to a recovery console and used “fixboot” and “fixmbr” to no avail. Thinking it was a false positive even more.

Growing frustrated I disabled F-Secure and installed Avira. Avira immediately hit on it and I now had corroboration.  Avira did not offer to remove it.

Since Microsoft Security Essentials is my favorite A/V at the moment I removed Avira and installed that. A quick scan by MSE revealed sinowal as well.

Good!

And, MSE offered to remove it. BONUS!

I removed the sucker and uninstalled MSE. I rebooted the machine and F-Secure, which was still there, did not indicate the virus was back.

I am now proceeding to do a thorough hard drive scan to make sure the drive is sound, as it is an older machine. Then, I will “nuke and pave” and do a clean install of windows. I have my DBAN cd out, ready to go. Probably not necessary, I may not use it…

I think I’ll be putting on MSE, the customer can put on F-Secure if he wishes, but for me MSE earned it’s keep again today.

Side note: I had the pleasure of removing Norton 360 along with a truckload of viruses that were on a system today, restoring the simple ability of accessing the internet. I’ve also had the pleasure of removing various abominations from McAfee this week as well.

The feel of the system after simply removing McAfee is analogous to driving a small truck after just having been towing an overloaded trailer with it. It feels light, sporty, responsive, like a whole new machine ready to spring into action with the slightest touch… It’s exhilirating. Almost a high for me. Am I becoming addicted to removing norton and mcafee? Hmmm…..

So, the “chief” of this public department was installing microsoft office on this new computer, which I had taken great pains to get prepared for them as much as possible. They had special software that ran the database for their department, transferred all reports, updates, put in the old HD in case I missed something, delivered, set up, so on, so on.

But, they hadn’t provided THEIR copy of ms office, and hey, how hard can it be. The ever resourceful “chief” of this department eagerly volunteered to install it himself, once he dug it out of wherever it was that they couldn’t find at the time I was building it.

So I get a call today while I was out, and returned his call when I got back. He was attempting to install “office” but something didn’t look right. When I called him back, he said “hey, I put in the key it asked for and it seems to be taking off” “Ok, no problem, if you get stuck just give me a call” “Ok, I’ll do that.”

Fast forward 30 minutes. He calls, and says he finished installing “office”, but now office isn’t showing up anywhere and it’s now asking him to register windows. I’m stunned, so I head over.

As it turns out, the shiny holographic disk he was using to install “office” was actually the shiny holographic disk for “windows” and he had just wiped out his freshly set up computer. Ouch!

Luckily he didn’t format anything. I had him up and running again in about 1.5 hours, but as the disk was sp2 there will be some updating to do.

When he realized what he had done, he adamantly proclaimed that I will be doing everything 100% from now on, and not him. We both lol’d.

At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.

Nearly every digital copier built since 2002 contains a hard drive – like the one on your personal computer – storing an image of every document copied, scanned, or emailed by the machine.

In the process, it’s turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.

If you’re in the identity theft business it seems this would be a pot of gold.

Read the rest here.

And more here.

Still more here.

What are the most commonly used registry launchpoints then? We wanted to find out so we picked a collection of several thousand samples of malware and checked which launchpoints they were using. The results are presented in the diagram below. It should be noted that some of the samples used multiple launchpoints.

Read the rest here:

The presence of rogue anti-virus products, also known as scareware, on a Microsoft Windows computer is often just the most visible symptom of a more serious and insidious system-wide infection. To understand why, it helps to take a peek inside some of the more popular rogue anti-virus distribution networks that are paying people to peddle scareware alongside far more invasive threats.

Read the rest of this here.

Household names all, but their capacity pales to that of the biggest cloud on the planet, the network of computers controlled by the Conficker computer worm. Conficker controls 6.4 million computer systems in 230 countries, more than 18 million CPUs and 28 terabits per second of bandwidth, said Rodney Joffe, senior vice president and senior technologist at the infrastructure services firm Neustar.

Read the rest here.

I was “horrified” to say the least.  These people are supposed to be competent??!?

So, I replied with THIS:

I have to ask, don’t be offended – how much did McAfee pay you to say their software was worth more than the $0.50 CD it’s written on? I routinely fix computers by removing the atrocity that is all things McAfee. McAfee has been worthless since I first had the misfortune of encountering it in 1999….

Norton is only slightly better than McAfee because the entry level Antivirus doesn’t immediately mess up systems. However, the Internet Security product and 360 product are horrible, I have personally fixed mysterious network issues and poor system performance on more systems than I can remember – by simply removing it.

The computing professionals that are in the trenches day to day know first hand that Norton and McAfee “security” products look good on paper but don’t stack up when the rubber hits the road.

To which THEY replied:

Thanks for the e-mail, I’ve shared it with the editorial team.

Best wishes,

Stephanie Small
Research Director
WindowsSecrets.com
Editor@WindowsSecrets.com

So, since I have the same exact discussion nearly every day, I went onto CNET and posted THIS as a review for Norton Internet Security 2010.  I plan to do this more often, until they reply, as per this post.

I am a computing professional. I repair them, build them, network them, and virus removal is my specialty. I have personally FIXED many many computers by REMOVING NORTON INTERNET SECURITY 2010 and earlier. Norton Internet Security (and 360) is WORTHLESS JUNK. Your system might be protected at first, but after a few mon…ths the hackers will figure it out and you will have only a false sense of security.Norton 2009 worked well until the middle of the year, then it was laughably worthless – I was fixing 4 or 5 computers AT ONCE all with Norton 2009 and all with really bad malware infections.

People pay good money for this junk, and then pay me to fix their computers – by removing viruses this software DOES NOT STOP. I also charge them to remove the junk norton software because when it breaks, it breaks your network connection.

I’ve had people bring in their computers because their ISP told them their network card was broken. No, they had norton 2010 and it was broken. I removed Norton, fixed the network stack, removed the viruses (malware) and they were good to go. SHAMEFUL.

Microsoft Security Essentials is FREE and it works better than this junk. I am telling everyone I know this information.

I tell people that MSE is free, works better and WON’T break their computers, and they look at me stunned. THEY DIDN’T KNOW they could have good protection for FREE. They know now, and now you do too.

The rogue security software (fake antivirus like Antivirus 360 or Internet Security 2010) is a rampant problem. You can get these rogues no matter what, some (or most) CANNOT be stopped.

If there is a burden on the user to be careful, AS WELL AS a certain amount of chance, why pay for security when you can be in the same boat and NOT break your computer, for free?

I had a customer call me today and complain that the Microsoft Security Essentials icon was missing.  After talking with them for a minute, he mentioned he had “Malware Professional 5.0″ installed.  Huh?

He informed me that he paid $30 for it, and came across it from Priform CCleaner’s website.  I don’t know about that, but I do know that Malware Professional 5.0 is a rogue.

My guess is that MP5 killed MSE.  Also, it was not on the Add/Remove programs list either.

I informed the customer as such and encouraged him to dispute the charge and get a different CC# on that account.

Yikes.

Feb 22, 2010 | 05:20 PM

By Kelly Jackson Higgins
DarkReading

Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks.

Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank’s fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah.

Card skimming has been on the rise during the past year, with most attackers rigging or replacing merchant card readers with their own sniffer devices or ATM machines. The devices typically include a scanner, transmitter, camera, and, most recently, Bluetooth- or wireless-enabled links that shoot the stolen data back to the bad guys.

Read the whole article here.

Rather than targeting Web and email servers, attackers these days are prone to going after enterprises from the inside out, compromising end user systems and then using them to access confidential data, according to a Web traffic analysis report by security-as-a-service provider Zscaler.

Based on a recent study of traffic passing through its global network,  Zscaler’s “State of the Web — Q4 2009″ report also notes trends including issues with botnets, corporate Internet access policies, and the use of the Internet Explorer 6 browser. Officially being released on Tuesday, the study analyzes Web traffic volumes covering several thousand Web transactions per second and hundreds of billions of Web transactions.

Zscaler found attackers were prone to embedding JavaScript or malicious iframes to pull content from an attacker’s server, whereupon the content is rendered in a user’s browser, said Mike Geide, senior security researcher at Zscaler, in an interview on Monday.

Read the whole article here.