Fake anti-virus alert!

Posted on March 30, 2011 by Jonathan M. Rosen

This week we are seeing a new fake anti-virus program that is interfering with computers everywhere. This fake anti-virus program imitates the Windows Security Center and goes by the name “System Security 2011”, “XP Internet Security 2012”, “Malware Protection”, “System Fix” and other variations. Generally, a new variation is released each week.

It starts with a web page that pops up and warns that your computer is infected. If you following the warnings and continue, it will install fake anti-virus software on your computer that will block operation of everything until its removed. This can also include hiding all of the desktop icons and menu items. Both the Windows Task Manager and Explorer will be blocked from running.

But if the initial fake warning screen is closed, nothing further will happen.

The initial web page and subsequent program will display a realistic scanning message but its also a fake, creating a false report of problems. When finished, it will prompt you to visit their web-site to buy the software.

Dubbed LizaMoon (because LizaMoon.com/ur.php was the first web-site that was linked to this fake anti-virus) the unknown creators of the  fake anti-virus software have found a way to substitute their web-site domain name when visiting legitimate web-sites.  What they have done is targeted web hosting systems that use the Microsoft SQL server software.

According to the web-site imdb.com, Liza Moon is listed as a digital artist involved with the 1984 movie Tron, which was recently released as a 2011 re-make. The creators of the fake anti-virus may have picked this name after reading more about the movie, since the theme of the movie is about people injecting themselves into a computer.

Using a software trick called “SQL injection”, they get a legitimate web-site to store a link to their web-site in the database. When a user visits a legitimate site that has been compromised, they instantly get re-directed to one of the many sites storing the fake anti-virus software and receive the fake warning messages. As soon as the fake anti-virus appears, it is crucial to close out all open windows in Internet Explorer to stop the fake software from installing.

The software creates a fake scan report with fake threats, and recommends going to a web-site to buy software to remove these fake threats.

There is no option in add/remove programs to remove this fake anti-virus software.  Later versions of this virus add an option to uninstall but it will only display warning messages and will not remove the fake software. It will also prevent any anti-virus software from scanning or removing it from your computer. Later versions of this virus will also hide all desktop icons and start menu programs, in addition to disabling Windows task manager. Closing any of the messages will trigger a system shutdown.

Once you have installed the fake anti-virus software, contact our office immediately so we can take steps to remove it. Since many legitimate anti-virus programs will not recognize this new fake anti-virus, we have to identify and close the fake anti-virus program and delete the files. After the fake anti-virus is stopped, we have additional tools to remove the registry settings and restore access to programs.

For an example of a fake anti-virus, Microsoft has a page describing one at: fake anti-virus information from Microsoft. Also, WebSense.com has provided excellent technical details and explanations of how the LizaMoon fake anti-virus works.

Posted in Computers, Services, Software | Tagged , , | Leave a comment

FAQ: Routers and Firewalls

Posted on March 28, 2011 by Jonathan M. Rosen

What is a router or firewall? Which do I need?

The short answer: All routers are firewalls.

A router is a device that allows an Internet connection to be shared by more than one computer. Without a router, a cable modem or DSL modem can only be connected to and used by a single computer.  Typically, a router will have one connection to the Internet and four connections for computers, along with an optional wireless antenna.

Network Address Translation (NAT) is a feature that began being used in routers in 1998 and enabled inexpensive routers to provide complete firewall security. Prior to the creation of NAT, routers and firewalls were separate and expensive devices.

NAT automatically prevents all outside computers from accessing computers attached to the router while permitting computers attached to the router access to the Internet and e-mail.

Routers are available with Stateful Packet Inspection, which adds additional features to prevent software attacks against the router. However, the type of software attacks that an SPI router protects against (such as Denial-of-Service, SynFlood and Ping-of-Death) typically occur at Internet Service Providers rather than offices with private computer networks, so an SPI-equipped router is rarely, if ever, necessary for a home or office.

Posted in Computers, FAQ, Hardware | Tagged , , | Leave a comment

22nd anniversary

Posted on March 28, 2011 by Jonathan M. Rosen

Monday, March 28th is the 22nd anniversary of the founding of the business.

Looking back, we’ve done over $3.6 million dollars in computer sales and service, servicing over 1200 businesses and individuals. We have performed 25,000 hours of on-site service and assembled and sold over 500 new computers. In our office alone, we have serviced over 2500 computers, including laptops and desktops.

When the business was first started, we pledged to only provide service, letting our customers shop for computers while we provided on-site service. During that time, we forged partnerships with many computer resellers and retailers that were unable to provide on-site service. Later on in the 1990’s, we began adding hardware and software sales to our services. Over the next fifteen years, we sold a combined $1 million in hardware and software.

In 2001, we also added web hosting and site design at the request of many clients. More recently, we began offering flat-rate computer repair in our office starting in 2006, and then added remote control services in 2007.

Some of these newer services are really just a refinement and return of services we offered in the 1980’s. Back then, we had over 100 clients using pcAnywhere on dial-up modems for remote support, and we frequently brought back business computers to our office for repair.

The remote service business ended with the introduction of Windows 95, which couldn’t be supported over a dial-up line.  The remote control service business finally returned in 2007, when free LogMeIn remote control software and widespread use of high speed Internet connections made remote control possible again. Over the next three years time, we installed LogMeIn on 1500 computers and we continue to add new LogMeIn users every day.

The off-site repair part of business really took off with the widespread adoption of home computers using Windows XP. Many of the home users came to us from the offices we serviced, and as a result we created an entire service business around the idea of providing comprehensive, flat-rate service for any computer brought to our office.

There never seems to be an end to the service and support needs of computer users, and over the coming years we look forward to continually innovating services to support our clients.

Posted in Computers, Hardware, Services, Software | Tagged | Leave a comment

FAQ: Avoiding and Eliminating Spam E-mail

Posted on March 28, 2011 by Jonathan M. Rosen

If you are struggling with too much spam e-mail, here’s what you can do to reduce and prevent spam:

If you are using Microsoft Outlook or Outlook Express, try using Cloudmark SpamNet software to prevent and remove spam e-mail. SpamNet installs as an integrated feature for Outlook. Visit Cloudmark.com for a free evaluation.

Starting with Microsoft Outlook 2003, Outlook includes a simple spam detection feature, although it is not as effective as Cloudmark.

Avoid publishing your e-mail address in Facebook or on other sites; it will get copied by computers that scan web pages for e-mail addresses.

Posted in FAQ | Tagged , , , , | Leave a comment

FAQ: Avoiding Web Browser Problems

Posted on March 28, 2011 by Jonathan M. Rosen

Most new viruses and spyware target flaws in Microsoft Internet Explorer; here’s what you can do to avoid them:

Microsoft regularly issues free fixes and updates for their software. Take advantage of this by using the Windows Update feature built into every version of Windows. You will need a high speed Internet connection to download the updates, since they can be very large. We always install all available Windows and Internet Explorer updates when we service a computer.

Surf carefully and avoid advertisements while browsing the web that warn your computer is infected. These are commonly fake messages meant to trick you into installing fake software.

There are other Internet browsers that can be installed in Windows. FireFox, Google Chrome, Apple Safari and other browsers can be used to display web pages on the Internet.

Since most viruses and other malware target security problems that have been discovered in software, the best defense is to promptly install software updates, since these free software updates are created to repair and resolve security problems.

Posted in FAQ | Tagged , , , , , , , | Leave a comment

FAQ: How Long Does it Take to Repair a Computer?

Posted on March 28, 2011 by Jonathan M. Rosen

Probably the most frequent question we get asked is “When will my computer be ready?”

When we repair a computer, we follow a check-list approach. Our check-list for problems has more than twenty different tasks, as suggested by authorities focused on computer repair in Lake Worth, Fl.

Using a check-list ensures we find and fix every common problem, rather than relying on symptoms to identify only a few problems. However, a check-list approach is more time consuming; following a check-list ensures the best results but not the fastest results.

For very fast computers with few problems, they may complete our entire checklist in 1-2 days. For computers with viruses and multiple problems, 3-5 days may be required. Every computer is different and requires a different amount of time to repair. We do not have any method or system for predicting what problems a computer has and how long they will take to repair.

There are many variables that effect the time required to complete a computer, including: amount of RAM, processor speed, hard drive size, number of files and types of problems. Each of these variables have an effect on the time to repair, making it impossible to predict how long each repair step takes or when it will finish.

Often, we get calls asking if we have started work on a computer. Our large service bench area ensures that almost every computer begins service when it arrives.

After cleaning and examining the computer for visible problems, we start testing the memory and hard drive. Hard drive testing alone can take 20 minutes to 2 hours when there are no errors, but it can take 12 to 72 hours when a hard drive has errors requiring repeated retries for recovery. The hard drive testing software we use will retry any bad spots on the hard drive up to 1000 times. While these repeated attempts help to recover all data, they considerably increase the time required to repair a computer.

After the hardware testing is complete, we begin virus scans and software updates. Frequently, we find computers are lacking software updates from Microsoft because the user did not want to wait for the updates to download and install. This can result in updates requiring up to 4 hours or more for installation, especially when Windows Service Pack files are required.

Virus scans are also especially time consuming, because they require checking every file on the computer for problems. Once a virus is found, we may repeat the scan, or change to a different scanning tool that is specifically targeted to a virus. These scans can require 1-3 hours and can be repeated multiple times when necessary.

Since we use a comprehensive, check-list approach to repairs, our goal is to thoroughly check and fix all problems, saving all data and preserving the configuration of the computer. To reach this goal, we need time to complete each step in order. While skipping steps could speed up the process, it also leaves problems unrepaired and will cause the computer to be returned for follow-up service.

When a computer absolutely needs to be ready for pickup at a specific time, we ask that you tell us in advance when you want it picked up. In those cases, we’ll perform a limited service to solve hardware problems first. We’ll recommend returning the computer for the comprehensive service at a later time when we can complete all steps.

Since our technician may be servicing up to 20 computers per day, we ask that you avoid calling us for status updates. These calls are disruptive, requiring our technician to stop work on all systems while the paperwork is pulled, reviewed and discussed. While the ten minutes per day for each call seem minor, they add up to a significant disruption to our service process and only delay the completion of service.

When a computer repair is finished, we provide a comprehensive report listing all of the services completed and all of the problems found and fixed. Remember, our flat-rate service ensures that no matter how long it takes for us to finish the repair, the service charge does not change.

Posted in Computers, FAQ, Services | Tagged , | Leave a comment

Using power lines for home Internet

Posted on March 25, 2011 by Jonathan M. Rosen

We frequently get calls from people having problems trying to connect computers to the Internet with wireless technology in their home. While laptops have built-in wireless antennas, desktop/tower computers require the installation of an internal PCI card for a wireless connection, or a USB connected antenna. Not only does this require installation of a card, but also software and wireless security configuration is necessary.

Netgear powerline Ethernet adapter

Netgear PowerLine Ethernet network adapter

When a PC is in a basement or second floor and far from the antenna, even a wireless card may not get a strong enough signal to yield a fast Internet connection. Also, some non-PC devices like the Microsoft XBox lack a wireless connection and are designed to use an Ethernet connection instead, and if you want to have Internet connection and protect your privacy, using tools as VPN service like ελληνικα καναλι which are perfect for this.

For all of these situations, the better solution is using a fritzbox kit. These kits allow any computer with an Ethernet jack to connect to the Internet connection using the electrical outlet (power line) in your home or office.

Each kit consists of two boxes; one for the computer and one for the router. Each box plugs into the power outlet and provides either one or four Ethernet connections. The PowerLine kits communicate with each other over the electrical wiring in the house, providing a fast 85mbps or 200mbps connection.

There are other advantages to the PowerLine kits from Netgear:

  • Available in 85mbps or faster 200mbps versions for improved performance.
  • Zero software configuration needed; simply plug and connect.
  • Solve the wireless distance problem in large houses or basements.
  • Available in 1-port and 4-port models.
  • Perfect for older homes with plaster and lathe walls that block wireless signals.
  • Easily relocated; simply unplug to move it, no software changes needed.
  • Works with any device that has an Ethernet connection, including laptops, desktops, towers, Xbox, etc.

Contact us to for current pricing and ordering a Netgear PowerLine kit.

Posted in Computers | Tagged , , , , | Leave a comment

Finding the hidden router killer SMTP virus

Posted on March 24, 2011 by Jonathan M. Rosen

Throughout 2010, we discovered computers that would have Internet connection problems but not report any viruses when scanned. Users would report that their computer had started running slowly and would frequently fail to connect the Internet. In offices with many computers, all of the computers would have problems connecting to the Internet.

Frequently, these symptoms led to router replacement but the problems would return unresolved. Scanning the computers with different anti-virus programs yielded no culprit; no viruses were found.

Taking a different approach, we diagnosed the source of this problem using a simple Windows tool and procedure:

Click: Windows Start button.
Choose: Run
Type: CMD (and press Enter or click OK)
Type: netstat (and press Enter)
Type: exit (when finished viewing the results of NetStat)

The Windows NetStat command will show a list of all active network connections. On a normal computer, this list will run to 10-20 items. Examination of the foreign addresses should show the addresses of known computers or web sites that are in use.

On a station with the SMTP router killer virus, the list of connections will scroll for pages, displaying hundreds of foreign web-sites, typically from Russia and Asia. When this happens, it reveals that there is an SMTP virus program running.

Examining this problem further, we discovered that the SMTP virus would appear as a normal Windows e-mail program to the anti-virus software, and anti-virus programs would ignore the fact that the SMTP virus was making hundreds of connections to remote mail servers. Since the SMTP virus operated the same way a regular e-mail program works, this activity wouldn’t raise an alarm.

We also discovered that the SMTP virus would create a huge number of connections, sometimes connecting to up to 300 remote computers. This torrent of activity would overload the router and stop all Internet activity, or cause the router to lockup and stop operating because of the excessive number of connections. Resetting or replacing the router would only cure the problem for minutes, until the router failed from the traffic overload.

We solved the problem by identifying the specific program files that were generating the excessive SMTP traffic and deleting those files. If you suspect you have the symptoms of an SMTP virus, simply follow the steps above on every computer to look for unusual or excessive activity caused by this virus.

Posted in Computers | Tagged , , | Leave a comment

FAQ: Stuck in stand-by with a dark screen?

Posted on March 22, 2011 by Jonathan M. Rosen

Many times we have clients that call us with computers that are unable to start Windows, or stop at a black screen. They try repeatedly to shutdown and startup the computer and then bring it to us for service. As if we sprinkled magic pixie dust, the computers spring back to life and work properly again. While this could all be explained by wizards, pixie dust and co-incidences, the technical truth is that capacitors inside the computer stay charged and keep the computer on, long after it has shutdown.

In fact, not only do the capacitors inside the computer power supply hold a charge, the power supply also provides a low current of power even when the computer is off and all of the fans aren’t spinning. Many computer motherboards have a small green light on the motherboard next to the RAM memory, indicating that the memory is energized when lit. This light serves as a reminder and a warning that there is electrical energy present that could damage a component.

This residual energy can be removed by discharging the capacitors in the power supply and motherboard. This simply involves turning off the power switch on the rear of the computer, and then pressing the front power switch to release the stored energy. If the computer doesn’t have a rear power switch on the power supply, then the power cord will need to be removed. Once the switch is pressed, the fans will briefly spin and the lights inside will go off. Only then is it safe to unplug or insert components inside the computer.

This power off method also duplicates the process of disconnecting a computer and driving it to our office, since the time spent disconnected will allow the capacitors to discharge slowly, allowing the computer to magically work again when it is re-connected.

This power-off procedure is also necessary when a computer is stuck in low power standby mode. When a computer is stuck in standby mode, it will display a power light but the monitor will stay dark. Disconnecting the power and pressing the power switch will force the computer to end standby mode and return to normal power-on operation.

Posted in Computers, FAQ, Hardware | Tagged , , , | 2 Comments

Do you have a spare computer?

Posted on March 22, 2011 by Jonathan M. Rosen

One of the most frequently overlooked issues is the spare computer. We recommend every office has a working spare computer that can either be setup and running or swapped into action when needed. The best time to get a spare computer is during an upgrade, where extra computers are being removed. We can test and rebuild an unused computer to make a working spare.

Posted in Computers, Hardware | Tagged | Leave a comment