So you thought that only computers could be infected by Malware? You thought wrong. According to the http://www.pcworld.com/article/248880/massive_android_malware_op_may_have_infected_5_million_users.html website, 13 apps that are available on the Android Market have been shown to be infected with Malware. The article indicates that as many as 5 million users have downloaded at least one of the apps that contain the software that attempts to retrieve user information. Symantec has titled the Malware “Android.Counterclank” and as of 3 PM ET Friday, January 27, many were still available.
Previously, those that tried to spread Malware on the Market would take a valid app, add in their own hidden code to gather information from the user, and the repost on the Market – referred to as “rebundled apps”. Symantec security experts indicate that the Malware apps available do not appear to be from real publishers, either. If you would like to see those infected apps on the Market, you can check out this website - http://www.symantec.com/connect/fr/blogs/androidcounterclank-found-official-android-market.
So how do you protect yourself? First off, it is best to wait until an app has been out for a while, as most apps that are infected or cause red flags to be raised happen soon after they are released. This doesn’t always mean that you will be safe, as the Malware reported in the above article have been on the Market for about a month and just recently were discovered as having the Malware. Another way you can stay protected is only download apps that you know are safe, such as those from reputable publishers.
Other users are also a good bet – read the reviews, as those with low reviews can sometimes indicate something that just isn’t right. You can also do some investigation before downloading an app and go with your gut instinct – if something doesn’t feel right about something you are downloading or going to install, it may be best to search for something else. There are plenty of apps out there that are similar to others, so you might be better off finding something that does what you want but doesn’t throw up those red flags.
Do you want to know more ways to protect yourself and your Smartphone? Contact us about our Philadelphia Area Mobility Solutions. You can also find out how to protect your computer network by having Trigon complete an IT Health Check to be sure your systems are clean and protected.
As an Engineer providing IT Support
and IT Services for a Philadelphia Area Managed Services
company I have seen an increase in support calls related to the "System Center Security" Malware Defense/Virus in the past few weeks. Often times we are able to remove the virus quickly and without too much trouble, but there have been a few cases where the person using the PC did not realize what it was and then either executed it by clicking "Scan Now" or simply by clicking the "X" to close it in the window. By doing either one of these the virus is launched and the infection begins. Almost immediately it will take over your PC and render it useless.
What does it do? and How did it get into my PC?
Malware Defense is a fake anti-spyware program that is downloaded and installed via exploits in Internet Explorer, Java and Flash. The program will automatically begin to perform a scan and report that you are infected by a variety of Trojans and malware. Sometimes, it will even flag legitimate programs or system files as spyware, malware of Trojan. It will redirect your Internet Explorer settings (through a Proxy Server) as well as disable any existing anti-virus or anti-spyware software previously installed. It even goes so far as to try and get you to purchase it so that it can remove the infections for you. Ultimately, it is a scam that is trying to get a hold of a valid credit card and in the process can bring your system to a halt.
How Do I remove it?
First of all, if you get the pop-up that you have an infection and it's not your current active Anti-Virus software DON'T CLICK ANYTHING! Even if you click on the "X" to close it; it will start to execute the program. The best bet would be stop and contact your IT Support Company for immediate support for this issue. If you don't have a dedicated IT Solutions Provider you can follow these steps to remove it on your own:
Step 1: Stop the Process
Go to your "Task Manager". There are several ways to get there:
1. Control + ALT + Delete and select "Task Manager"
2. Right Click on your system tool bar and select "Task Manager"
Once you open the Task Manager click on the "Applications" Tab.
Select the Application that is running the rogue software and click on "End Task".
Step 2: Disable "Internet Proxy Settings" in your Internet Explorer Settings.
Part of the infection will enable Proxy Settings for Internet Explorer which will effectively prohibit you from going to any legitimate websites.
Open Internet Explorer - Go to: "Tools" then Internet Options
Click on the "Connections" Tab.
Under "Proxy Server" uncheck the box "Use a proxy server for your LAN"
Press "OK" to close this screen and then "OK" again to close the Internet Options screen.
We will now be able to get out to the internet and download the application to remove the rogue application.
Note* - You many need to continue to end the application via Task Manager until you have successfully installed and performed a scan using Malware Bytes.
Step 3: Download and install "Malware Bytes"
Go to this link to download Malware Bytes:
This link is for the Free Version of this application. Once downloaded; click to install.
Once you have successfully installed Malware Bytes click to open the program. Below is the default screen that it will open to:
Select "Perform full scan" and let it scan your PC. Be patient; this may take up to an hour to complete.
As the system is scanning it will show you a progress screen that includes the file directory, number of files and how many total infected objects have been found. As shown below:
Once the scan is complete the following pop-up will appear:
Click on "OK" to then go to the next screen where you will be able to remove the infections found on the PC.
Select the Files under "Vendor" and then click on "Remove Selected". Malware Bytes will now remove the files and place them into Quarantine. Upon removal of the files it may require a reboot of the PC. Please be sure to allow the PC to reboot as needed to complete the action of removing the infected files.
Upon reboot your system should now be free of the "Malware Defense" malware. If for some reason that the infection did not remove then you will need to perform additional steps to remove the executable file that is causing the application to run.
In Part Two of IT Health Check Solutions: "How Do I remove the Security Center Malware Defense Virus?" I will explain how to manually remove the file.
The best defense against this type of infection is to make sure that your PC is up to date (Windows Updates, Java and Flash updates) and that your Anti-virus software is up to date with current definitions and that you also have an active Spyware or Malware software running. (Malware Bytes registered version)
For more information contact Trigon Technology to consult you on IT Strategy Solutions and Disaster Recovery Solutions for ways to help prevent this type of infection from affecting your office PC's and Laptops.
I think that I have now written on this particular subject more times than I probably should have, but, working for an IT Support Company, I can't seem to stress it enough how important it is to keep your PC up to date. In recent weeks there was a coordinated attack launched at Google and other major search engines that was designed to seek out the exploits of non-up-to-date systems and launch a Malware under the guise of a "System Security Tool" that warns you that you have an infection and that you need to "Click Here" to start a scan. Well, as most of us know well by now that by "Clicking Here" you launch the infection and begin the process of turning your system into an advanced paper weight. But, did you know that by clicking the "X" to close the window you are also launching the infection? This is why it is so important that in the event that this type of message pops up on your screen that you do not touch anything if you are not sure of how to deal with it. It's best to consult with your IT department or Managed Services company if your office PC gets one of these types of infections. If it is your home PC, well then hopefully you know how to combat it or otherwise you may end up like a friend of mine who recently had to spend $100.00 and 4.5 hours on the phone with McAfee trying to resolve it. It is becoming all too clear that if your system is not up to date then you are at risk. This includes Microsoft OS patches, Application patches and 3rd party vendor patches (Java and Adobe Flash especially). One of the major exploits is through out-of-date Java and Flash. Don't ignore the messages from your system tray that says that Java or Flash updates are available. I know that sometimes it can be annoying to have to stop and run the update, but think how much worse it will be when you have to stop to combat the infection that could end up taking your system down for the count. Often times a customer will ask "Why didn't my Anti-Virus catch this?" and unfortunately Anti-Virus does not catch 100% of viruses or malware; as new viruses and malware are sometimes coming out faster than the antivirus companies can keep up. So, don't ignore your patches and updates because they are the best defense against these types of infections.
If you'd like to hear more on this subject, or learn more about IT Security and what Trigon can do for you, contact us at solutions@TrigonIT.com or by telephone at 1-888-494-TRIGON.
IT Support | Malware keeps on a coming and coming strong. It seems that there are new versions of the Anti-virus virus coming out more and more... The latest I have seen is the Anti-Virus Security Tool, where it mimics some brand name Anti-Virus, and displays as a pop-up asking for you to complete a system security scan... Very much like the anti-virus virus' that have been plaguing us for some time now. I was almost recently fooled by the system security tool virus myself. I awoke one morning to find one of my PC's with a message from McAfee Security Tool saying that it needs to perform a scan. The interesting thing here is that I wasn't running McAfee on that PC. Fortunately, I caught myself before launching any attack against my PC, but I can imagine how many have already fallen victim to it. The lesson learned here is that you need to be sure to know what Anti-Virus you are running on your PC! If something pops up looking like a security message for virus infection or some other type of security tool and it's not the Anti-virus software that you are running on your PC; DON'T Click it! Unfortunately, though, if you are even seeing this, it has already infiltrated your system to the point that will require some intervention... In my case, I had to manually stop the processes, run HijackThis (A free Trend Micro tool) and delete the rogue registry key entries to get the "Security pop up" to stop, otherwise it will continue to auto-execute until you do something about it! So, be careful with what you click through and never click on any pop up related to a Security or Anti-Virus notice for a piece of software that is not truly on your PC!