Ask Me - THRComputer Solutions

There is a worm spreading quickly though Facebook called Koobface.  Like most worms, it seems innocent enough.  It appears to come as a message from a friend with a subject line about a new video or something similar.  When opened and the video is clicked to play, a message appears that says the newest version of Flash Player is not installed, but needs to be.

However, the file that is actually downloaded is not a new version of Flash Player, but malware.  When the link on the fake Flash site is clicked, it downloads malware called tinyproxy.exe.  This file loads to a proxy server called Security Accounts Manager.  The server will run next time the computer is rebooted, loading and listening to traffic on TCP port 9090 and all outgoing HTTP traffic.  In doing this, it tries to obtain sensitive data from your computer, including credit card numbers.  Koobface also sends infected users to bogus search engines sites when he or she tries to connect to Google, Yahoo, MSN, or Live.com.

Facebook is telling users who have been affected that they should run an anti-virus program and change their Facebook password immediately.  Anti-virus and security leader McAfee has warned users that while Facebook is working on the problem, there are many variants of Koobface and that “the situation is likely to get worse before it gets better.”

While it is not known how many of the 120 million Facebook users have been affected by the virus, Facebook is also pro-actively resetting some passwords, then sending users emails notifying them of the possibility of a virus. 

As always, it is best to avoid any messages with downloads or attachments unless it is know that it came from a trusted source.

Today I came across an interesting program called Ultimate Cleaner.  I had a customer who was complaining that they get getting popup notices that their computer was infected with trojan.looksky and they needed to download a protection program to remove the infection.  When I got to the house I immediately noticed that it looked like one of those cheesy fake alerts.  Their background was changed to red (to indicate an emergency situation) and had a notice that the computer was having problems.

McAffee was installed on the computer but the subscription had expired which was probably the reason that they got infected with Ultimate Cleaner.  We loaded Spy Sweeper with Antivirus protection on the computer and started the scan process.  Spy Sweeper indicated that the computer had Trojan-Ace-X which has the ability to download program to the computer, Troj/Pmwdl-Gen (Virus) and of course Ultimate Cleaner (this appear to be a rogue spyware removal program).  It took a couple of scans on the computer to clean the infection off until the infection went away.

Something to keep in mind is if you have a computer setup for your children, it is a good idea to make sure the computer is running correctly.  I got a laugh when one of the children stated that “they remember seeing a notice about their McAffee being expired”.  Just like a typical teenager, he failed to tell his parents to renew the subscription.  Keeping your computer running properly by having Anti-Virus, Spyware and Firewall protection will save you a lot of time and money in the long run.

Yes I do sell Spy Sweeper, but I do because it simply works!

WinAntiSpyware 2007 seems to be another malware program making it way.  This program appears to be a rogue spyware removal program.  Some folks who has installed it are not complaining of constant popups on their computer.  This is just another example of why you want to be sure you know the programs that you are installing on your computer.  For Spyware and Virus protection, we recommend that you install Webroot Spy Sweeper.  Spy Sweeper is a trusted spyware removal program that is even more powerful now with it’s anti-virus protection.

Get the protection you need from tools such as WinAntiSpyware 2007 and others just like it.   

We have been seeing a lot of computers infected with Trojan Looksky.  This malware seems to have the ability to download files to your computer and installs a rootkit.  We have been doing a little research and have noticed a lot of complaints about Trojan Looksky and it seems that people are complaining that they are getting a lot of pop-ups advertising an anti-virus program that is known to distribute malware.  People are also complaining that an Icon is being placed on their background telling them that their desktop needs to be restored, the add/remove programs seems to be also disabled by Trojan Looksky and clicking on web links doesn’t always bring them to where they expected. 

To project against trojan infection like the Trojan Looksky, we recommend that you always have an active malware protection program.  We typically recommend to our users that they install Webroot Spy Sweeper with anti-virus protection on their computer.  The software does a great job of shielding your computer from these malware threats.

If you would like to protect against malware like Trojan Looksky, then we recommend you get this program.