This week there is a uncontrollable sql injection attack that is infecting millions URLs across the internet. This worm/virus (Lizamoon) is a scare ware attack which tries to scare the user into thinking that they are infected with a virus and tries to coax the person to download a fake anti-virus product to clean the virus. This tactic is not new and you should NOT download, run or purchase the antivirus software.
It will seem that you are infected by the mailware and it even shows your computer being scanned. Again, this IS NOT true. It’s all part of the scare tactic for you to buy the fake antivirus software.
If you are browsing the internet and come across this tactic, it’s easy enough to stop by simply closing your browser. The Lizamoon infection occurs if you actually continue to download, install and then purchase the software.
Here is the first image that you will see if you’ve visited a site that is infected. First you will be redirected to the Lizamoon site and then you will see this image:
Also, here is a great video of how the attack plays out. Thanks to WebSense for this video:
Most of the antivirus products (as of today) do not detect the Lizamoon SQL injection attack if you have not updated your antivirus software yet. Make sure you verify that your antivirus software is up to date and is not running in trial mode.
After years of removing viruses and software trojans from computers, I’ve found a really easy way to remove Root Kits from computers. First, you may ask, “What is a Root Kit?” Well, a Rootkit is software or a program that is designed to hide itself or obscure the fact that the system has been compromised. Rootkits typically replace vital system executable that may be used to hide the files that the attacker has installed. RootKits usually evade the antivirus programs that are installed to protect the system. So… they are usually not detected. Rootkits today usually get to systems via mailware and install themselves as drivers or kernel modules. A successfully installed rootkit allows the unauthorized user to maintain access to the computer as an administrator so having one installed is a real security threat as they usually include a “Back door” to give the attacker access whenever they want.
Backup your computer before running antivirus software. Always backup your important data before trying to clean a virus infected computer. Backup your data to a CD, DVD or USB drive. This is necessary because removing a virus with antivirus software can deteriorate the computer’s ability to function correctly and you may have to reinstall.
Steps to remove a rootkit
These steps are an overview. Each step is outlined below in detail.
First, you need to obtain sav32cli.exe and the the latest virus identity IDE files. It is very important that every time you run this program, you download a new version of the software IDE’s.
Burn the files to a CD
Boot your computer into safemode with command prompt
Put in CD
Change to the CD by typing CD <drive letter>. You change the <drive letter> to the letter of your CD drive
type in SAV32CLI -P=C:\SCANLOG.TXT and let the program scan your computer. This may take hours to complete.
Reboot and view the Log file on your computer at C:\SCANLOG.TXT. this file will tell you what virus/root kit you had on your computer and if it cleaned it.
Your computer should now be cleaned up. You should now review your installed antivirus and firewall software you have installed and determine if it is up to date and functioning properly.
Obtain sav32cli.exe and IDE’s
To get sav32cli.exe software and IDE’s use this link to the sophos savewcli.exe program and this link to obtain the IDE files.
Burn the software to CD
Burn the sav32cli.exe and the extracted IDE files to the root of a CD and close the CD.
How to get into safemode
To successfully remove a rootkit, you must boot up into safemode. Here is how:
Restart your computer
Once your computer starts booting up, you will hear a beep. Immediately after this beep, press the F8 key continually over and over until you get to the Advanced Options menu.
Select “Windows in Safe Mode with Command Prompt” and press enter
If it asks for credentials, put in your administrator username and password (if it asks).
You should now be in safemode.
Now that you’re in safemode, you need to insert your sophos sav32cli disk. and change to your CD drive letter. This drive may be on the drive D, E, F, and so on. Every computer is different so you may need to experiment until you find the drive with the software on it. Once you change to a drive letter, simply type in DIR to list out the files in the directlry. Once you find the drive with the files on it, then type in SAV32CLI -P=C:\SCANLOG.TXT and let it scan.
Once it is done, then reboot and remove the CD.
Now review the log file scanlog.txt in the root of your C: drive. If it found a rootkit, it should have removed it and logged in this file.
Ok. So, you should be cleaned up and it’s time to review your security software. You should determine if you have antivirus software and if it is running properly. If this is a daunting task for you, please be patient and take your time. It’s very important that your antivirus software is up to date and running properly. The typical scenario we run into is people having the antivirus software installed that came with their computer but the “free trial” ran out and they are no longer protected. If this is the case. I’d recommend either purchasing the product already installed or uninstalling it and installing one of the recommended antivirus products on our home page. If your computer is over a year old, then you really should get the latest antivirus software to protect you from the latest threats.
I hope this information helps in your quest to clean your virus infection up. Please post comments and questions below and we will try to help resolve your issues.
Do you suspect that you have a virus? Many signs are obvious and many are simply symptoms that you may not immediately detect. Either way, you should take action immediately if you suspect that you’re computer is infected. Acting right away can give you better protection from the virus if you have one. The instructions below should be run on your computer if you remotely suspect that you have a virus. Even if you don’t think you’re infected, it may not be a bad idea to run them anyway to ensure that your computer is clean and free of virus infections.
The signs of a virus:
Slow or sluggish computer: This sign typically happens in spikes and may be immediately evident because most virus writers don’t throttle their software
Program errors and apparent failures of applications
Unknown pop-up’s and advertisements: These sometimes show up even if you’re not surfing the web
RPC Errors and a countdown
Can’t get to antivirus websites or major sites like C-Net or Microsoft
If any of these symptoms are evident on your computer, you may have a virus or malware and you should immediately scan your computer. Follow the steps below to help determine if you have a virus and how to easily clean it to restore your computer to the speed it should be at.
How to Remove a Virus
Check your antivirus software and run a virus scan. This IS NOT a determination that you may have a virus. Many new infections can circumvent your antivirus software and hide from it.
Install and scan the following scanning program to detect and clean up the problem. You need to install this program and then boot into safe mode to do the scanning. Booting up in safe-mode only runs the minimum programs to get the operating system running. Nothing else will run or load up which will include the virus or infection.
Install (but don’t run) SpywareDoctor. This program has won MANY awards and works very well. You can get it here: SpywareDoctor.
Now that the program is installed, reboot your computer and boot into safe mode. You boot into safe-mode by pressing F8 when the computer is booting. The best way to do this is to keep pressing F8 when the computer is starting up and you will get a boot prompt. You select “Safe Mode” and let the computer start up.
Now that you’re in Safe Mode, run the malware scanner to determine if you have a virus and take appropriate action.
Now that your computer is no longer infected, reboot your computer. Your infections should be gone and you can enjoy your computer again. If you still have infections, please read other posts and entries on this blog. You may get other ideas.
If you see this message below, then you may have “Alpha Antivirus Software” or “Personal Firewall Software” installed on your computer.
Fake Scare Tactic from Alpha Antivirus Software
This malicious software is “Fake Antivirus Software” (or “Scareware”) that you MUST remove. DO NOT under any circumstances purchase the product. They are thief’s and you do not want to give them your credit card. To learn more, see our post on Alpha Antivirus Software for more details
Follow these steps to remove the warning: “Warning! Visiting this site may harm your computer!”
Open your “Task Manager” by pressing Ctrl+Shif+Esc all at once. This will bring you to the running processes on your computer.
Locate Netfilter.exe and select it.
Click on “End Process” button at the bottom of the process list.
You will see a pop-up asking if you want to end the process. You need to say “Yes” or “End Process” to remove this virus software.
Now, you can download Spyware Doctor to completely remove this bogus antivirus software.
Download Spyware Doctor by clicking on the image below.
Alpha Antivirus is another one of those “Fake Security Software” applications that uses fradulent or fake security alerts to trick you into thinking that your computer is infected. This is another product from the same online anti-virus scams like the “Personal Antivirus For Free” product found earlier this year. It get’s installed by social engineering tactics that trick you into thinking that you have a virus or trojan. Once you’re fooled and you install the software, it will list a variety of infections on your computer (that are not real) and the software will prompt you to pay for their full version to remove the infections. This is all a scam to trick you into paying for software that you don’t need. Also, if you pay for the software, you’re actually giving your credit card number to internet thiefs as well. Alpha Antivirus will also block your real antivirus program from functioning correctly along with blocking access to the “Real” antivirus software companies on the web. This is how they trap you into paying for their software.
Follow the instructions below to remove Alpha Antivirus and clean up your system from this virus infection.
How to Remove Alpha Antivirus:
Alpha Antivirus Screenshot
How to automatically remove Alpha Antivirus Software:
If you want to automatically remove the software, you can download this product which is guaranteed to remove Alpha Antivirus. Click on the FREE SCAN button below to get the removal software.
If you see this warning box below, then this is the Alpha Antivirus software trying to trick you into thinking you’re doing something wrong. Well, in their minds, if you successfully remove Alpha Antivirus, they will not get your money and credit card information. If you get this warning, then click on this link to fix this problem!
Fake Scare Tactic from Alpha Antivirus Software
How to manually remove Alpha Antivirus Software (Not Recommended):
You must kill the processes that are running. The processes are called Alpha.exe and NetFilter.exe. You access your processes by pressing Ctrl+Shift+Esc. Then highlight them and click on End Process
Then delete the following files from your computer:
To fully protect your computer from this type of infection happening again, you may want to consider purchasing the full professional version of Malwarebytes that has realtime protection. Click on the banner below:
Recently Panda Security has released the first “Cloud Based” antivirus software at a very affordable price… It’s free! This product uses new technology called a “Collective Intelligence” Cloud. The unique approach uses information from all machines around the world that are running their software and collects information about threats. It then instantly protects the rest of them when it discovers new threats. This approach is a community based mailware protection lab and it’s an intersting approach along with being very effective. Does it come with a catch? Not really but it’s designed for slower computers or machines that you want to conserve memory on. When PC Magazine tested the software in their labs, Panda Cloud Antivirus did catch 99.4 percent of all threats. That’s really good!
The approach of cloud based virus protection does come with a cost. It doesn’t block file access when you download a program before it scans it. This is because the program scans new files in the background. With this approach, If you download a program and run it right away, you do run the risk of getting infected. A user can also white-list programs that panda has flagged as malicious and run the program. This would allow you to infect yourself. This is a risk for novice computer users or someone that really wants a program but doesn’t understand that they will get infected if they use this feature.
Simple Interface for Panda Cloud Antivirus
It’s also not the fastest antivirus software out there. This may be because of the cloud based technology. If you’re looking for speed, this may not be the one for you. It also failed to disable some infections and it does not clean up all registry entries made by viruses. Harmless junk that was left over from an infection. Excess registry entries can slow down a computer. This product did score very high on it’s impressive ability to detect mailware.
Panda Cloud Antivirus Pros:
Small and quick install
Very, Very easy interface
Faster on slow machines
Great for gamers because it uses less memory
Only uses 17MB of memory
Supports Windows XP and Vista
It’s FREE!
Panda Cloud Antivirus Cons:
Still in Beta… But, wasn’t Google for 5+ years?
Doesn’t clean up well after itself
Not supported on Windows 7… Yet!
It’s only an Anti-Virus product.
Ineffective against rootkits
Conclusion:
For it’s price (Free), it is a really good anti-virus product. But, you only get anti-virus with this one. We really recommend a full featured product that contains Anti-Virus, Firewall, Security, Backup and Restore along with Browser and Email protection. The product that really shines with all these features is Symantec Notron 360. If you are considering trying the cloud based anti-virus software, then at least understand that you will not be fully protecting your computer against all threats. Be careful out there!
There are thousands of down-loadable software applications that carry trojans and viruses that can cause your computer to become infected. Symantec calls these applications “Misleading Applications”. These types of applications disguise themselves as anti-virus and firewall applications along with many other free down-loadable games and tools. This type of virus attacks are rogue software and anti-virus applications that cause pop-ups and balloons indicating that you may be infected and they want you to download their software to clean your computer. These unexpected pop-ups are typically the last indication that you have been infected. These types of infections use social engineering to talk you into buying their anti-virus software.
How this type of infection takes place
They distribute themselves via search based advertising of free software, pirated software, blogs, adult content, email, banner ads and via browser exploits. Many of the “Free Software” sites are littered with these virus infected programs. When an unexpected user is online surfing the web, they use the above methods to distribute trojans and viruses that cause false pop-up warnings about virus infections and coax the user to click on the application to scan their computer. Once the trojan claims that it has scanned the computer and it has found a virus (which is another false claim), they indicate that the problem can’t be fixed unless you pay for the full version of the program. This social engineering trick causes the end user to give their personal information to scammers which puts them at greater risk. Also, once the application is installed on their computer, it is typically very difficult to remove the unwanted software. The application pop-ups (anti-virus, firewall or security) that take place is typically the last part of the chain of events. Once you see one of these pop-ups, you’ve already been infected and the program is running in memory.
Examples of Fake Anti-Virus Software
Antivirus Doktor 2009
Fake Anti-virus Software - Antivirus Doktor 2009
Antivirus System Pro
Fake Anti-virus Software - Antivirus System Pro
Google Tips Infection
Another way to detect if you’re infected is if you see a “Google Tips” banner on Google indicating that you have an unregistered version of Anti-virus 2009 or similar type of anti-virus software in the Google Tip.
Google Tips Virus Infection
What To Do
You MUST be proactive and secure your PC before a virus infection takes place. This is typically not the case and we’ve found that most people looking for anti-virus software are the ones that are already infected by these rouge applications. Follow these simple steps before it’s too late.
Make sure your computer is setup to download and install security updates on a regular schedule. Microsoft releases their updates on a monthly basis. This is every second Tuesday of every month. Microsoft also releases what’s called “Out Of Band” security updates as well. These out of band updates are updates for their software that are considered a major update.
Make sure all your third party software applications are up to date as well. Install these updates when they are released. Vulnerable applications like Adobe Reader, Flash Player and Active-X are common programs that are taken over.
Think before you click on any suspicious links on web pages, blogs and even in emails.
Check your anti-virus software on a weekly or monthly basis to make sure it is functioning properly.
Conclusion
Be very careful and make sure your proactive about your virus protection. If it’s too late, then take action now and install one of the major programs listed above under the “What to do” section.
There are hundreds or even thousands of new viruses being created every day. That’s why anti-virus software updates itself on a daily basis. The best antivirus software will update itself multiple times a day. Even though daily updates occur, there is always a slight possibility that you could get infected. No matter how careful you are, it is possible. I even got infected by a virus a few weeks ago and the recovery process was interesting, difficult and innovative. The typical home user may not have been able to recover on their own from the type of infection I had.
Here is my Virus story…
On a typical evening, I sat down at the computer and decided to do some work . I first checked my email and then was going to do some testing on some antivirus and firewall software. After some emails came in, I got an error on my machine and didn’t really read it very well (mistake). It was an error in my Anti-virus and Firewall software caused by an infected email that made my antivirus software crash. At the time, I said to myself, Ok, I now need to reboot. I received a phone call and after the 30 minute phone call I hung up and went back to work… Not realizing that I never rebooted… I started surfing the internet looking for some Anti-virus software to test (Ironic). I found a free AV and proceeded to download it. After the download (and around 2:00 am) I noticed that the AV product I was using was no longer running and my computer was VERY slow and was getting browser errors in both Firefox and IE. I decided to reboot to fix the problem. My computer booted up and then this error came up: “Failure security options logon process has failed to create the security options dialog” and I there was no login box available. After a few reboots, with the same error, I decided to use my laptop to search for the error. To my surprise, there was many searches for this error but no real fix. I did find many posts about two anti-virus products being installed or problems with Norton Anti-virus. Neither of which I had. I even got the error when booting into safe mode. So… I tried to log into the machine remotely. I even got the error then. But… the console of the problem machine did come up with a login prompt to switch users as it was locked by default when a remote session starts. Since I always setup a local admin account ,I tried to log in locally. IT WORKED! I then uninstalled my anti-virus software and rebooted. The machine came up without errors and I could login successfully. I re-installed my anti-virus software, updated it and then ran a FULL SCAN of the computer. It found 4 virus threats that it removed. One was in the “Free” antivirus software I downloaded (so be careful).
So, what should you do to protect yourself before you get infected by a virus?
First, make sure you create a local account on your computer that has Administrator rights. This Technet article will show you how to create a local admin account. Don’t use this account. Keep it as a fail safe account.
Become familiar with your anti-virus software and make sure you have the vendors login and password information along with your activation codes.
Make sure your Security Software has the following: Anti-virus protection, Anti-Spyware protection, good email protection, a two way firewall (to stop outbound traffic that is not authorized) and peer to peer protection.
Check your status of your Antivirus and Firewall software software.
Purchase your antivirus security software from one of the top vendors on the internet. We have a list of antivirus firewall software on our main page.
Backup your documents and files to an external disk or online backup service so you have documents available in case of a failure you can’t recover from.
Setup “Restore Points” and create a restore point on a regular basis and (ALWAYS) before you install software. Using restore points are an easy way to recover from a mistake, poorly written software or a virus.
If you have a similar problem, write down the error you receive and then use another computer to search for the error. Usually, these errors are common and easily fixable.
By the way, I’m no longer using the AV software that crashed. It was installed for testing purposes and also not recommended on this site either.
Believe it or not, searching for celebrities has a high risk for infecting your computer with a virus. The odds are 1 in 5 according to McAfee Security. The leading celebrity that holds these odds are Jessica Biel. Brad Pitt previously held this honor. In general, searching for celebrities online poses a much greater risk of being infected by mailware.
Cybercriminals know what you’re interested in and they latch onto popular celebrities to encourage the download of their software. Once this is done, you’re done!!
McAfee’s SiteAdvisor technology compiled the list by searching the internet for celebrity names and how many sites had high risk of being infected. Below is a table of McAfee’s top 15 risky celebrities
Trend Micro has been in the anti-virus, spam and security software field since before the internet started. Their software is one of the top 3 industry standard anti-virus software developers on the planet. They offer software for the home, small business and enterprise. We have used Trend Micro Anti-Virus for years and have been very satisfied with the protection, support and updates we’ve received from them. Here are a few of the products and their options:
Trend Micro Security Products
Trend Micro Internet Security Pro: provides the most comprehensive, easy-to-use protection for your personal data so you can shop, bank, or browse the internet with confidence.
Shop, bank, and invest online with peace of mind
Smart features tailored to your activities
Optimized PC performance with powerful tools
Surf the web with confidence
Maximum security available
Online freedom with security
Keep your protection current with automatic updates
Prevent unauthorized users from changing your critical applications, without impacting your PC’s performance
Pause security updates or scans when you give presentations, watch movies, or play games
Automatically prevent suspicious software on USB devices from opening
Helps you to easily manage all the devices connected to your home network
Easily customizable parental controls to protect your children against inappropriate content
Get a complete and customizable snapshot of security activities on your computer
For the serious internet user that requires rock solid security. Protects up to 3 PC’s for only $69. Your BEST VALUE
This week there is a uncontrollable sql injection attack that is infecting millions URLs across the internet. This worm/virus (Lizamoon) is a scare ware attack which tries to scare the user into thinking that they are infected with a virus and tries to coax the person to download a fake anti-virus product to clean the virus. This tactic is not new and you should NOT download, run or purchase the antivirus software.
After years of removing viruses and software trojans from computers, I’ve found a really easy way to remove Root Kits from computers. First, you may ask, “What is a Root Kit?” Well, a Rootkit is software or a program that is designed to hide itself or obscure the fact that the system has been compromised. Rootkits typically replace vital system executable that may be used to hide the files that the attacker has installed. RootKits usually evade the antivirus programs that are installed to protect the system. So… they are usually not detected. Rootkits today usually get to systems via mailware and install themselves as drivers or kernel modules. A successfully installed rootkit allows the unauthorized user to maintain access to the computer as an administrator so having one installed is a real security threat as they usually include a “Back door” to give the attacker access whenever they want.
Do you suspect that you have a virus? Many signs are obvious and many are simply symptoms that you may not immediately detect. Either way, you should take action immediately if you suspect that you’re computer is infected. Acting right away can give you better protection from the virus if you have one. The instructions below should be run on your computer if you remotely suspect that you have a virus. Even if you don’t think you’re infected, it may not be a bad idea to run them anyway to ensure that your computer is clean and free of virus infections.
Recently Panda Security has released the first “Cloud Based” antivirus software at a very affordable price… It’s free! This product uses new technology called a “Collective Intelligence” Cloud. The unique approach uses information from all machines around the world that are running their software and collects information about threats. It then instantly protects the rest of them when it discovers new threats. This approach is a community based mailware protection lab and it’s an intersting approach along with being very effective. Does it come with a catch? Not really but it’s designed for slower computers or machines that you want to conserve memory on. When PC Magazine tested the software in their labs, Panda Cloud Antivirus did catch 99.4 percent of all threats. That’s really good!
