Most computer users will have their own experience or know someone who has experienced rogue software being installed onto their system. Although it comes in many forms, rogueware is often referred to as fake antivirus software which is a kind of program that tricks its way onto your computer and pretends to be a real antivirus application. It then runs what is essentially a simulation that tells you your machine is infected with viruses, trojans, worms and other scary programs, and you need to buy their software to remove the problems. This is of course a lie and the issues are fabricated by the fake program to scare you into buying it. There are also similar fakes around that tell you the hard drive is dying and you need to pay a fee to “recover” your files.

Quite often a fake antivirus interferes with current security software and disables Windows functions to try and stop you from disabling its process. It will usually prevent you from running any EXE files such as web browsers, security scanners, Task Manager, Regedit, Command Prompt and just about any other executable. Basically it locks down your PC just enough to make it virtually unusable while also protecting itself from deletion.

The thing about fake antivirus software is it’s mostly non destructive meaning your files aren’t at risk like they would be with a virus or worm which destroys data. Instead they essentially cripple the computer and nag you into paying (which does nothing apart from allow you to stop the fake program) or until you find a way to kill the program and clean up the system. Of course, there are other types of rogue and malicious software around, ransomware being similar but even more aggressive locking you out of Windows completely until you pay a fee.
(more…)

Kon-Boot is probably the best tool to bypass Windows login restriction because it allows you to access Windows by logging in to any user account without you knowing the actual password. There is no need to crack or reset the user’s password which is a great time saver and also doesn’t trigger user suspicion. There are two versions of Kon-Boot which is free and paid. The free version of Kon-Boot is actually an older version that comes with an ISO image to burn to disc and IMG file for floppy. Advanced users would know that it’s possible to create a bootable live USB drive from an ISO image file but unfortunately it won’t work for Kon-Boot.

If you open the Kon-Boot ISO file with a supported archiver such as 7-Zip or PowerArchiver, you will see a [BOOT] folder with a file called Bootable_1.44M.img. This would mean that the author of Kon-Boot created a bootable CD ISO image from a bootable floppy. So in order to create a bootable Kon Boot USB, the trick is to use the floppy image instead of the ISO file. Here are 6 different ways to create a Kon Boot USB and hopefully one of the methods below will work for you.
(more…)

It is a well known fact that Kaspersky has always been one of the best, if not the best antivirus software. However, one of the gripes that I have against Kaspersky is the first update normally takes a very long time to complete. That is because Kaspersky don’t use a web installer that downloads only the latest files, nor regularly push out an updated installer that contains the latest virus definitions. Their geo-located servers can definitely help to speed up the transfer for users at some parts of the world but unfortunately not for users located in Malaysia.

In our latest test with Kaspersky 2015 products, the first update downloaded a total of 48.97MB and the detailed update report shows an average of 37.25KBps download speed that’s taken 24 minutes to complete. If you need to install Kaspersky on a few computers, a lot of Internet bandwidth and time will be wasted on the first update. A solution to this problem is to create a local update mirror by downloading the virus definition database and storing it in a shared folder. Then, configure Kaspersky to use the shared folder as the update source. The painfully long update process will complete in just a minute or less.

Here are the steps to create a Kaspersky update server mirror that will also work for Kaspersky Anti-Virus, Internet Security and Total Security 2015.
(more…)

A program that seemed legitimate may be a threat even if it looks safe. For example, if someone sends you a program via email that displays a cute or funny animation upon running, it is possible that the program is already doing something bad to your computer in background such as stealing your passwords/files, installing a keylogger, activating your webcam and etc without your knowledge. This is made possible by simply binding a malware to run in background with another legitimate program that runs in foreground.

Although antivirus software and online AV multi-engine scanners does a great job in detecting binded malware, there is always a time frame of being fully undetected when it is newly crypted. So how do you know if a file is really safe or not? Analyzing malware and what it does requires a great deal of knowledge in computers and usage of advanced tools.

An easier way for anyone to analyze a file’s behavior is by uploading them to the free online sandbox services for automated analysis and review the detailed and yet easy to understand report. Here are are a list of online file analyzers that can be used for free.
(more…)

One of the most common ways to transfer a virus from one computer to another in more recent years has been through infecting files on a USB flash drive because of its portability and the ease at which threats can be passed between machines. A common way to infect a USB device is through the Autorun function present in Windows although Microsoft took steps to eliminate this threat by default, so now a USB flash drive autorun.inf file shouldn’t launch when the drive is inserted.

There are still many other types of threat that can get onto your flash drive though, and plugging it into a computer that is infected with a virus such as JambanMu or MaxTrox can infect a USB flash drive and bind itself to the executables. There are various other methods to protect a USB drive from becoming infected by a virus, one of which is to enable an option in your Windows registry that can turn on a software write protect option to prevent anything being written to the drive while it’s attached to your computer.

You could also buy a device which comes with a write-protect switch built in, and this is a good idea if you plan to buy a new stick that will spend a lot of time connected to other computers, but is obviously not an option for your current devices. There is another way that you can help prevent a virus from infecting your USB flash drive which is by filling up the empty space so that it will be full and there will be no space left for the virus to write itself to the drive.
(more…)

How do you know if the attachment file you received by email or downloaded from an unknown website is safe to run and not infected by virus? You would probably rely on the antivirus installed on your computer to tell you if it’s safe or not but the fact is, antivirus software is never perfect in detecting and preventing all viruses which is why a bootable rescue disk is made available to clean up the mess when malware takes over the computer. Since every antivirus technology is different, logically scanning a suspicious file that you’ve just downloaded from an unknown site with multiple antivirus would offer a higher detection rate. However, you cannot normally install multiple antivirus software on your computer or else there would be conflicts causing your computer to crawl. A solution to this problem is to use a web based online multi antivirus engine scanner.

Basically an online multi-engine antivirus scanner is an online service that anyone can upload files to and have them scanned with many different types of antivirus software. All you need to do is visit the website, browse the file that you want to scan, click a button to start uploading and wait for the scan to run. Within seconds or minutes depending on the server load and speed, the detection results are then displayed on your web browser for you to decide if it is infected or not.

Here are 5 public + 2 private online services that allows you to scan suspicious files with multiple antivirus engines for free.
(more…)

While it might be fine for most users, letting your antivirus package update itself every few minutes isn’t great if you have a very small limit on your internet connection or it’s not very fast and constant updates are eating up your bandwidth, such as when using a mobile dongle on your laptop for example. It’s also true that if you disable the updates or have computers that are constantly offline and not connected to the internet for long periods or at all, the virus definitions will get badly outdated in no time and your computer becomes more vulnerable.

Also, the situation could be that you can’t get on the internet during or after a malware attack to update the antivirus signatures. They need to be as up to date as possible to have the best chance of removing the threats. Of course, if your computer is severely infected, you may have to resort to an Antivirus rescue CD from your favorite security company.

Fortunately for most of us, many of the antivirus companies provide offline virus definition signatures so you can download them from another computer and then manually install the updates on computers with a limited or no internet connection at all.
(more…)

With the invention of USB flash drives and hard drives, the Autorun feature has been the target of attack from viruses, Trojans and other malicious software. This is because of the ease at which the Autorun.inf can be replaced and then pointed to start a malicious executable, and begin the infection as soon as the device is inserted into a machine. The ease at which these viruses can then travel from system to system with the aid of the unwitting user poses a major security risk. It would come as no surprise to anyone that Autorun based threats have been one of the most common forms of infection over recent years.

Windows 7 and 8 have Autorun disabled by default for all devices except CD/DVD media although the slightly different Autoplay function can still be used on USB devices. Other versions of Windows received a hotfix patch from Microsoft to behave in a similar way some time ago. Even if your own machine might be invulnerable to the Autorun virus threats, it doesn’t automatically mean other peoples PC’s are as well, especially if they are running a pure Windows 7 operating system. Even if you have disabled autorun options yourself, it is possible for registry software or tweaking programs to change the setting without your knowledge.
(more…)

Most of us have security software such as an antivirus, antimalware, firewall or Host Intrusion Prevention System (HIPS) installed to help protect our computer against known or unknown malware. Malicious software can be very sneaky, getting onto your computer when you least expect it and stay hidden until the security software finally detects it. By then, the damage has already been done since the virus has been active and you wouldn’t know what information has been stolen from your computer.

The question is, how do you know if the antivirus or antimalware installed is actually protecting your computer? The program would probably state that your computer is protected or the protection is enabled but how can you be sure that it is really working and confirm if the antivirus or its virus definition hasn’t been tampered with? Searching for a real virus from the Internet and downloading it to your computer just to test if your antivirus can detect it may not be the best option because you’re risking your computer being infected by it if you’re not careful.

Here we have 6 ways how you can safely test your antivirus to see if the real time protection is truly enabled and working to protect your computer against viruses.
(more…)

Most users with some experience of dealing with malware will have heard of the tool Trend Micro HijackThis. During the Windows XP era, the HiJackThis tool was most frequently being suggested to use for producing a detailed log file for analysis by experts from malware removal forums. If there are any anomalies detected on your computer via the log, you can easily be advised what to select for removal. After Trend Micro acquired HiJackThis, it’s unfortunate that it was never updated to fully work on Windows 7 as there are more checkpoints on newer Windows operating systems for malware to reside in.

The problem with HijackThis has always been that it’s not a tool for the inexperienced user because it doesn’t differentiate between malicious entries and those legitimately put there by software, so users have to rely on expert advice or risk making the computer worse by trying themselves. If you are the impatient type and want to quickly get some results about your log file without waiting for someone else to reply to you, here are 5 ways to automatically analyze the HiJackThis log file and quickly receive recommendations on what to fix.

Do note that the results and recommendations generated by these log analyzers are not always 100% accurate and are intended to be used for reference purposes so you can find out more information about suspect entries. Of course, you can try all 5 services to get more accurate results.
(more…)

A botnet is a network consisting of hacked computers that are infected by malware and can be controlled by the botnet owner without the computer owner’s knowledge. They bots can be used to launch DDoS attacks that causes a website to go offline, sending spam messages, driving fake traffic, clicking advertisements and many more depending on the creativity of the botnet owner. Normally the user won’t even notice that their computer is a zombie bot being controlled because the malware is programmed to stay infected as long as possible bypassing both known antivirus or firewall software and does not damage or change any part of the operating system that may trigger the owner’s attention.

Some of the ways for an Internet user to get infected by malware turning their computer into a zombie bot is by downloading unknown files, visiting hacked websites and running email attachments blindly. Most of the time a computer infected by a bot malware will not find anything suspicious because it is very light on the system other than taking up the Internet bandwidth. Some bots can even run an invisible speedtest to determine the full speed so that it only uses up half of the bandwidth to avoid any suspicion by the owner.

Detecting infection associated with bots using antivirus and firewall is ineffective because they are normally made fully undetected through obfuscation before they are spread. A more effective way to detect bot infection is by analyzing the computer’s behavior and here are 6 tools that does that.
(more…)

Many years ago, it was common to find an online scanner offered by an antivirus company for free which can be used to scan your computer directly from your web browser. As we may think an online antivirus scanner that runs from a web browser does not need to download and install a program, it actually still requires to download an add-on that stays installed and enabled on the browser until it is manually removed by the user.

Most of the online antivirus scanners do not have the ability to remove or clean any found viruses as it is merely used to detect if there is any active malware on the computer. Although the online scanners are very useful for a quick scan and also to get a second opinion since it doesn’t interfere with the antivirus installed on the system, they aren’t very popular and the number of online scanners has dropped drastically from around 60 to only 3 today.

Here are the 3 remaining online antivirus scanners that works with the current web browsers. Do note we are only looking at online scanners that work within a browser window and not the many others that need you to download a custom frontend or require any form of separate installation.
(more…)

Deciding if a file is infected or safe from a VirusTotal scan result can be frustrating when half of the antivirus shows that it is infected while the other half shows that it is clean.

You can try analyzing the half detected file using an online sandbox service such as ThreatExpert but the report only shows the program’s behavior when it’s started and doesn’t tell you what it does when an option is enabled or when a button on the program is clicked.

This is when the sandbox software such as Sandboxie comes to play by allowing you to run any programs on your computer whether they are safe or infected and yet any changes still won’t affect your computer.

Although Sandboxie is mainly used to keep your computer safe by running programs in an isolated space, it can also be used to analyze the program’s behavior.
(more…)

Kaspersky Internet Security and Anti-Virus are highly popular and well respected commercial security products and a recommended choice if you prefer more functions and protection than a free antivirus program offers. We’ve also previously shown you how to get a year’s license for Kaspersky Antivirus 2013 completely free. A major issue with most security software has always been they rarely uninstall themselves cleanly from your computer and can also have issues on installation as well because they need to hook deep into your system.

Kaspersky Antivirus and Internet Security products have commonly suffered with an error during the setup process which prevents install and asks for a reboot to continue. After restarting, the problem remains:

Installation interrupted

Installation ended prematurely because of an error.

Although it isn’t as prevalent as a few years back, people still encounter the error and obviously making sure you succeed in getting your paid protection working is important. Here we show you a selection of solutions we have found to get around this error and allow your Kaspersky product to continue its installation. This applies to all versions of Kaspersky Internet Security and Antivirus, and possibly PURE.
(more…)

A sandbox simply means a way of running a program in an environment which separates it from the host operating system. There are several ways of sandboxing a program. One is to use virtual machine software like VirtualBox which runs programs in a virtual operating system. Another way is to temporarily virtualize your real operating system so any changes made to it are discarded after a reboot. You can also portablize programs to isolate any changes they make from the host system.

Another easy option is to sandbox a program on demand so only that program is isolated leaving the rest of your system unaffected. Then you can simply empty the sandbox when you are finished to flush the contents of it away. Apart from being isolated from any potential harm caused by the sandboxed software, it’s also an excellent try before you install option to keep your system clean from unwanted file and registry changes.

Here we list 4 free applications that can sandbox programs you want to isolate from your main operating system. Sadly, the popular Avast Free Antivirus used to have a dedicated sandbox option but it’s now only available in paid versions of the software. All the programs below were tested in Windows 7 and 10 64-bit.
(more…)