Computer Repair

Protection against Cryptolocker malware

Nick Shaw over at www.foolishIT.com has released some software called CryptoPrevent.  The software makes use global policies to add blocks in place that prevent Cryptolocker and many other malware applications from executing.  In some situations this could block legit applications but CryptoPrevent also has an automatic white list generator that allows existing programs in those locations its blocking to still run properly.  For more information on CryptoPrevent please visit http://www.foolishit.com/vb6-projects/cryptoprevent/

CryptoPrevent

Daphne – which process is creating this mystery window?

So you have a window on your desktop and you can’t figure out what process it belongs to?   Well the easiest thing to do is if the window is moveable you can open task manager and sort processes by CPU usage.  Once you do that simply drag the window around really fast like a maniac and that will cause the process to have additional CPU usage enough to see on task manager.

Lets talk about a tool for those situations when dragging the window around isn’t an option or doesn’t work.  There is a program called Daphne that you can download from http://portableapps.com/apps/utilities/daphne_portable which will allow you to drag the little asterisk to the window you would like to identify.  Daphne will highlight the process for the window you have marked in the list of processes.  Daphne has some other useful features such as being able to set a window to stay on top or adjust its transparency but its main usefulness is being able to quickly identify a windows process.

Having additional users is actually safer these days.

With the number of ransomware infections constantly growing it’s become a good idea to create an additional administrator just in case.  Many of these randomware infections are infecting user specific registry locations and if you have an additional user already created you can still login with that 2nd user.   If you do not have a 2nd user then things can get complicated.  Most of these randomware infections have begun using various tricks to stop safemode from working.  There are times when safemode with command prompt still works but thats getting more and more rare these days.

If you find yourself infected and you do not have a 2nd user created you’ll probably have to resort to a boot disc of some sort.  From what I have seen most of the time the virus infection resides at C:\Users\usernamehere\AppData\Local\Temp and the startup method ranges from a simple user startmenu startup to the user shell registry entry at hkey_users\userhere\software\microsoft\windows nt\currentversion\winlogon\shell.

Useful Android Apps

Well nothing really new to speak of so lets talk about applications that I find useful for computer repair.

  1. SplashTop Remote – This is my most valuable tool because it makes it so everything on my computer can be controlled from my phone/tablet.
  2. Trillian Pro – Keep in touch with all your friends in one spot that syncs conversations
  3. Evernote – because you never know when you want to make a note of a situation you find.
  4. ES File Explorer – File sharing, FTP, etc
  5. FolderSync – Custom sync application, I use it with my ftp server.
  6. Firefox Browser – For the plugins!
  7. Square – Easily accept credit card payments
  8. Speed Test – test a connections speed.
  9. TracePing – Very useful traceroute/polling utility.  Its almost as good as having ping plotter with you.
  10. FEAT VPN – Easy to use VPN application.   I mostly use this to connect to my router at home for various inner network tasks.

I am sure there are other useful tools out there but Splashtop spoils me by giving me access to all my windows utilities.

LastActivityView list of users recent actions

LastActivityView is a system created to record many events and individual actions on a computer in a log file. The application gathers information from different sources, Windows, and shows it in a table, permitting you to keep track of how you use a specific computer.

Events that LastActivityView records:

  • Creating a restore point
  • Installing software
  • Stopping and starting the Windows Installer
  • Windows BSOD
  • Folders, viewed in Explorer
  • Running Windows Open / Save
  • Emergency shutdown
  • Restart, shutdown, hibernate, log in, log out
  • Running Applications Access to files and folders
  • Connect / disconnect the LAN
  • Application crashes

You can save the log files to csv, xml or html format, or copy them to the clipboard for pasting into Excel or other papers. LastActivityView calls for no installation and can be run from a flash drive. Information is gathered from the Windows registry, log files, emergency minidumps, and other similar sources. Supports a variety of command-line choices, enabling you to operate the program from the script files. You can download LastActivityView at http://www.nirsoft.net/utils/computer_activity_view.html

Google Chrome Default Extension Malware

So recently I was cleaning up some computers and I removed the default extension malware or maybe this one was called default tab, I can’t recall. Anyway the strange this about this variation is it kept coming back by itself. There was no malware left on the computer yet it just kept coming back. I decided to go ahead and try the plugin folder to see if maybe there was a dll file there as plugins don’t show up as extensions in Google Chrome. Unfortunately I could find no plugins and while I tried to look around for the method I was unable to make an official determination.

I know that while this method is sneaky uninstalling and removing the applications directory and the user settings directly and reinstalling Google Chrome definitely gets rid of it. Don’t forget to back up any bookmarks and such for your client as losing bookmarks is one way to really make a client angry. If anyone knows the method this default extension was using to keep coming back let me know as I am pretty interested in knowing how it works.

Using TDSSKiller? Time to reconsider.

If you are a computer technician and you are still using TDSSKiller as your primary rootkit detection method then you need to change your methods immediately. For months TDSSKiller has gone down hill dramatically and is probably the least effective tool I have at this point. Now don’t get me wrong TDSSKiller is a very fast scan and there is nothing wrong with including it in your procedures. All I am saying is to depend on it is currently a very bad idea. Some day in the future TDSSKiller may improve but for now do not depend on it!

Another program technicians are still recommending is Microsoft Security Essentials. Unfortunately Microsoft Security Essentials has fallen pretty hard in the last year and I honestly see no reason to use it over Avast or another antivirus solution. As computer repair technicians it is our responsibility to keep up with the best methods and to know when its time to change our policies. Don’t be that technician that sits there and sticks to some premade list with no adaptation. If you do that you are no better than the technicians at (insert large company chain here).

You should always be keeping up with the latest threats. Listen to what other technicians are talking about. For example if malware is wiping out safeboot entries then include that as one of the first steps in your procedures. Redirect viruses are so popular these days that it is literally the first thing I check for. I find that keyword “SEO” will almost always have redirects regardless of what ad/click network the virus is using so that’s one of the first things I try to test for redirection.

Why online computer repair?

Loading up the laptop or computer and dropping it down at a store was actually normal many years ago.  Technology has changed and now many pc problems are software associated.  This means typical issues consist of error messages in Windows, upgrading issues, printer problems and of course the most common problem is malware and failing updates.  That’s exactly what Computer Repair Tech specializes in.  All those software associated issues that are not hardware failures.  We do receive phone calls about equipment failures since well.  This could be anything from a failing bad hard drive, power supply, motherboard, etc.  These components get heavy usage and its just a matter of time before they fail. Don’t worry at Computer Repair Tech we can assist you in troubleshooting those products as well, but regrettably we can’t fix them over the phone.  We merely tell you what the failure might be on your computer and make some suggestions as to how you can get the issue resolved.

So why should you choose Computer Repair Tech for your IT service needs?  Well there are numerous reasons.  We employ only U.S. residents unlike the majority of our competitors that outsource their tech support to overseas locations.  At Computer Repair Tech we believe in providing quality customer service and that means never outsourcing overseas.  We keep all our reviews on a third party website that we do not have any control of.  If you are interested in trying out our online computer repair services then visit: http://www.computerrepairtech.com/computer-repair-services.html.

Error_removing_old_image_file can’t install google chrome extension

I noticed this error message while I was working on a clients computer today. I saw many people asking about how to resolve it but no answers were posted. After a little testing on the clients computer I discovered that this is related to permission issues in windows. I believe its related to permissions in the user appdata directory specifically. You need to have full control and modify capabilities. In this customers case they had:

USERNAME (PC-NAME\USERNAME) (this user had correct permissions)
Administrators (PC-NAME\Administrators) correct permissions here too)

HOWEVER they also had:
Users (PC-NAME\Users) (this user shouldn’t even be in this area as far as I know and it didn’t have full control or modify permissions, once this user was removed everything started working again)

Now playing with permissions can be confusing at times so if you need us to help you resolve this issue we can do so for a discounted price of $15.00 USD.

Password Management Software: LastPass

LastPass is a password management program that takes all the effort out of remembering your username and passwords. It’s probably the most popular password management software out right now. It’s difficult to find that balance between good secure passwords and passwords that you can remember. This is where LastPass comes in, just pick a good master password and lastpass will securely remember your username and passwords for everything. LastPass also supports google authenticator which makes it the most secure password management software I know of.

With LastPass your password database is decrypted locally on your computer and is kept in the cloud encrypted with 256-bit AES. Your passwords are available via browser extensions or by logging into LastPass’s website. No one knows what your passwords are not even LastPass as the master password you made is the key to decrypting the saved passwords.

LastPass also has automatic login form submission, password generator, and automatically fill out forms based on info you have setup. As soon as you’ve got LastPass setup you’ll never ever have do deal with forgetting or creating secure passwords. LastPass is available for Windows, OS X, Linux, Android, iOS, BlackBerry, Windows Mobile, and more.LastPass has browser extensions for Internet Explorer, Chrome, Firefox, Opera, and Safari. Check out LastPass at https://lastpass.com/index.php