Business Phone
760-644-2006
 
Category Archives:

Recovering from Infection

Updating to Windows 10

A Cautionary Tale

When I first met Rick the evidence was clear. His computer networking was down. His 2009 Dell All-In-One computer could not access the Internet nor his small Local Area Network. Rick told me everything had been OK until a couple of days ago. Up until then he was running Windows 7 on his computer and had full Internet access.

Win.10.Upgrade.Offer  How about a computer upgrade? Rick thought, “Why not”? Maybe this will refresh my PC. His Dell computer had been a great machine. It was reliable and it had plenty of power for the tasks he had for it. At the upgrade point a  couple of days ago the internet was operating fine. So he accepted the offer and began the download. Windows 10 downloaded and installed. Then his computer restarted. The new operating system came up and everything looked good.

 He first noticed a problem when he tried to go back to the web. No pages would load leaving him with the annoying Page Not Available message. At this point Rick called for help and I got his call.

Why did this happen? As most of you know, the Windows 10 free upgrade is in the news and can pop up on your Windows computer running a legitimate copy of Windows 7 or 8. Most people who take advantage of this offer have no problem. Some have the inconvenience of a program that needs to be upgraded to work with Windows 10. There is one problem consistently reported since Windows 10 was released for Technical Preview. That problem is with failure of Internet and network connections under certain circumstances. To read the full thread on this issue please click the following link to Microsoft Answers.

Here is the cautionary portion of this post. Forensic investigation of Rick’s computer revealed rampant adware and malware infections. Infected elements were found in his Internet Browsers along with Trojan infections in his windows registry and a Rouge Antivirus installed alongside his highly rated, legitimate Antivirus program. The legitimate Antivirus even had some of its registry entries modified by the Rogue Antivirus program.

Now Rick had been aware that his Windows 7 computer was slowing down. But he was unsure which programs were causing his problem and which he should remove. His computer had been operating in spite of its infected payload. Most of the rogue activity was hidden but some problems could not be ignored. Because he sensed something was wrong, Rick employed an online service to “tune up” his computer. According to Rick they were ineffective at improving the performance and “kept trying to sell me additional services”. The online service personnel had installed numerous tuneup and monitoring tools on Rick’s computer. With all those and after 11 hours on the phone working with them, they had failed to detect and remove the malware that infected his computer.

In conclusion, it is necessary to make sure your computer is free of the various forms of malware infection before upgrading to Windows 10. The goal of most of these types of infection is to remain hidden from computer users. A compromised computer is more valuable to adware and botnets while it is infected and responding to them. The major indication of an infection may be that your computer just seems slower and sometimes locks-up. You may also see frequent pop-up ads in your browsers.

We have yet to find the “Swiss Army Knife” for computer protection. There are a number of good Antivirus, Anti-malware and Anti-intrusion tools. However, once the computer is deeply infected no one tool has been sufficient to remove all  the intruders.  We have found several good tools that can work together to remove deeply rooted infections. Prevention is also very important. Take care to screen all free offers and free applications that compete for your attention. Look carefully at programs bundled with other programs that you may want. If it is not necessary, do not accept it. You may have to uncheck a program installation “bundled” with a program that you do want.

Here are links to some tools we have found effective at removal and protection:

 

http://www.malwarebytes.org/lp/lp4/?gclid=CLLVwOj4xLwCFQ-DfgodEyUAVA

 

https://www.malwarebytes.org/antiexploit/

 

http://thisisudax.org/

 

http://www.bleepingcomputer.com/download/publisher/xplode/

 

  • RSS feed