Winlogon Error at Windows Startup

This week I had a computer that was loaded with malware. While I was working on the problem, I had to restart the computer. Upon restarting the computer, the first thing that appears is a pop-up box about winlogon.exe with the error message: 'The instruction at '(some address)' referenced memory at '(some address)'. The memory could not be "read". Click on OK to terminate the program. Click on CANCEL to debug the program.' Of course I did not write the addresses because that was irrelevant. What stood out to me was the fact the word "read" was in quotes.

The options were to click OK or CANCEL. When you click OK, Windows immediately restarts. However, if you just move the pop-up box out of the way, I was able to sign in no problem.

Many of the answers I was finding were saying bad memory. I knew it wasn't bad memory. I knew it was malware. I ran Malware Bytes, it cleaned the computer up, and the error never came back. This particular computer was loaded with close to 500 Vundo trojans but not much else.

This computer was a business compuer and required an interactive logon, that is the logon that requires you to type the username in instead of selecting the user by an icon. If you need to get to the interactive logon window, just hold down CTRL+ALT and then quickly press DELETE twice.

Posted by Wade Burchette at 9:07 AM - Categories: Computer Repair Notes | Malware

Scareware on the Rise

Scareware, malicious software that attempts to scare you into paying a fee, is the latest fad. The authors of this malware are becoming more brazen. The latest fake antivirus programs may now claim that your identity has been stolen or compromised. Most likely, this is nothing more than a hoax. There are many things you should be aware of when it comes to computer security.

Read more...

Posted by Wade Burchette at 8:22 PM - Categories: General | Malware | Security

A New Type of Botnet

Cyber criminals are always adapting. It seems like they are always two steps ahead of any protection. While there are a few amateurs out there, many cyber criminals are organized and very good. They have learned to exploit the biggest security weakness: people. They also have the time and resources to probe for every little security hole in a software. Operating systems are amazingly complex; it is impossible with today's technology to find and secure every weakness. No system is immune, despite what the ads or zealots say.

The newest trick of the cyber criminal is to control his botnet using unsuspecting victims social networking accounts, such Facebook and Twitter. This new trick makes it harder to track a cyber criminal and even harder to shut down his botnet.

Read more...

Posted by Wade Burchette at 9:30 PM - Categories: Malware | Security

A New Kind of Ransom Malicious Software

There is a new kind of malware in the wild. Ransomware is a type of malware (malicious software) that does something to your computer for ransom. In the past, this ransomware encrypted files on your hard drive. The only way to recover these files is to pay the ransom or retrieve it from a backup. Of course, encrypting files is no easy task. That is why this is not common. Well, a new form of ransomware is not as complex as previous ransomware.

This new type of ransomware displays an annoying banner at the bottom of your browser. This banner has an advertisement to a pornographic site and an image for that site. (Don't worry, the reference link does not have any porn images.) The idea is to hold your browser for ransom until you send a SMS text message to someone in Russia. The tactic is very similar to scareware, software that tries to scare you into giving someone money. Scareware is usually done by a fake antivirus program. This ransomware basically hijacks your browser until you give up some money.

It is always important to be on guard against malware. Even Macs are vulnerable to viruses and malware. Many websites that plant malware on your computer are now checking to see if the computer is Windows or Mac. Dubious porn websites are a major source of malware. Malware programs are also often planted on social networking user pages. Never assume you are safe.

References:
http://www.symantec.com/connect/blogs/browsers-and-ransoms

Posted by Wade Burchette at 2:38 PM - Categories: Malware | Security

One Annoying Rootkit

On July 19, I had the joy (used sarcastically) of removing one annoying rootkit. With this particular rootkit, I could only work in safe mode. The problem with that is that Microsoft's rootkit revealer program does not work in safe mode. So I had to painstakingly find the find outside of Windows. Malware Bytes was unable to find it. The antivirus software installed, not named to protect myself, kept coming up with firewall warnings asking me if I wanted to block a file from communicating with the internet, but it never once identified it as malware. So the hunt was on.

Read more...

Posted by Wade Burchette at 4:00 PM - Categories: Computer Repair Notes | Malware

What Could Possibly Go Wrong When I Click Here?

Social networking sites are commonly loaded with malicious software because most people do not think anything bad can happen when they click on something within the website.

Read more...

Posted by Wade Burchette at 9:09 AM - Categories: Malware | Security