Thursday, January 25, 2018

A Tale of Two iPhones

My client had dropped his iPhone 5s and proceeded to crack the touch screen. In fact, the screen looked like it was repeatedly hit with a hammer. The destruction resulted in a barely responsive screen. The client had critical information on the phone which was not backed up. So, begins the tale of the 2 IPhones, I was able to unlock the broken iPhone after much playing around with the touchscreen to apply the passcode.

Then I installed iTunes on the client’s computer and used that program to back up the data on the broken phone.  Luckily, the client had a spare, barely used iPhone 5s because these were the company issued phones. So, I swapped the sim cards between the two phones. Thus, the client’s phone number was transferred to a working phone.

Then I erased all the prior data on the replacement phone by resetting the phone back to the factory defaults. Then I had to upgrade the IOS (iPhone operating system) from IOS 8.4 to 11.2, so that the broken iPhone and the replacement phone are on the same version of IOS to enable the data transfer. Now for the last and critical step; I connected the new phone up to iTunes,  rubbed a rabbit’s foot and started the data restoration. The restoration worked and the client walked away with a near mint iPhone 5s with all of his data intact.

Sunday, October 30, 2016

 Ransomware Story -

The owner of a plumbing and heating company opened what he thought was a safe email about a Fedex tracking number. The email turned out a ransomware scam. Thus, within a nanosecond all of data files were encrypted. The attached external backup drive was also encrypted.
The thieves had a message that the owner had to pay a ransom in bitcoin to get access to an encryption key, So, after, I calmed the owner down, I did the following:

A) Removed the ransomware virus using the program, Malwarebytes.
B) Recovered hidden copies of the encrypted files using ShadowExplorer. 

This program, ShadowExplorer, allows you to browse and potentially restore the Shadow Copies created by the Windows Vista / 7 / 8 Volume Shadow Copy Service.
So, the files were restored and the owner didn't have to pay a ransom.

Wednesday, May 25, 2016

 Ransomware - What is it? (Updated)

Ransomware is a type of malware that prevents a computer user from using their computer or from accessing the data stored on their computer. To regain access to their data, the user is forced to pay a ransom for a decryption key. The ransom fee is typically demanded in electronic currency or bitcoins.The ransomware infection can usually be removed without paying up, by  using a decent anti-virus program or malware removal program. However, regaining access to your data is not so simple.

Locky is a ransomware program that was recently released. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a payment demand screen that prompts you to send a bitcoin payment to an untracable internet address. You will be given a time frame of a week to make the payment, else the payment amount will increase.

This infection is typically spread through emails which appear to be from people that you know. These emails will contain a zip attachment that when opened would infect the computer.  The attachments are sometimes disguised as a PDF file. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

Please be aware that currently, there is no tool to that will successfully decrypt the encrypted files.

Bitdefender, an anti-malware and virus protection company, recently released a crypto-ransomware utility that will protect against the CBT-Locker, Locky and TeslaCrypt ransomware infections. Click on this link; to download the utility. After downloading, install the program on your Windows computer.

A good backup program, preferably via redundant methods, including a cloud backup is the preferred solution. After removal of the ransomware program, a restoration of your backup data files will result in a minimal amount of down time. This latest round of malware attacks shows how important having a good,reliable backup is.

Wednesday, October 23, 2013

CryptoLocker Ransomware & WhatsApp Scam - What Are They?


CryptoLocker Ransomware & WhatsApp Scam - What Are They?

Ransomware is the generic term for a malicious virus that will typically render your computer inoperable and ask you to pay a fee or ransom to regain control. These threats can usually be removed without paying up, by  using a decent anti-virus program or malware removal program.

CryptoLocker is different. Your computer and software keep on working, but your personal files, such as documents, spreadsheets and images, are encrypted.

CryptoLocker is a ransomware program that was released around the beginning of September 2013. This program will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 to 96 hours to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files.

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

Please be aware that currently, there is no tool to that will successfully decrypt the locked up files. The virus can be removed and the files may be recovered from an unaffected backup, if available, or by utilizing the Windows built-in utility of restoring a shadow copy of a file.

The WhatsApp Scam starts with an email looking like this -

It says that you have received a voicemail and suggests that you download a small application to listen to it. It tricks the user into thinking that this is related to the legitimate IM application, WhatsApp. After it installs, it disables your computer and demands a payment to return the computer's functionality. It can also attack a smartphone such as the Android phones. The virus can be removed from your computer but it will take several hours.

These two latest malware scams show the importance of maintaining a good computer security program and having an up-to-date backup of your critical information, preferably offsite.

Wednesday, August 7, 2013

FBI Virus

A client called and said that he has the FBI virus on his computer. He was just on the internet when his computer is locked with a blue screen supposedly from the FBI. The screen spoke of a legal violation and demand for immediate payment by a MoneyPak purchased from Walmart or CVS.  This is obviously a "ransomware" scam. The sender of this scam hopes that by scaring the computer user and locking the computer, they will be the recipient of a ransom payment.

I booted the computer up with Hiren's Boot CD This allowed the computer to bypass the hard drive and boot solely from the CD. Once booted in a graphical GUI environment. I was able to reach the  internet, download the latest version of Malwarebytes (one of the better malware and spyware removal tools) and remove the virus.

The computer was back to normal after a 2-3 hour scan and the client was a happy camper.

Monday, August 29, 2011


Have you ever thought how to download video and audio from flash players on internet sites like Youtube, Google Video, MySpace, DailyMotion, Metacafe, Break, Blog sites of your friends with embedded audio and video content and so on?
So, JCopia does it all. It captures flash video / audio / stream from any website to your computer as files. Just play your media online and watch as JCopia 4.7.10022 saves any clip / music / movie to your computer.
 Click on this link for your free trial -Capture flash video and audio from any website to your computer

Wednesday, May 21, 2008

Microsoft & Macs - Friends or Foe?

I recently had to fix a client's installation of Microsoft Office 2008 for the Mac which decided to act up. Why did it act up, you say. Aren't Macs supposed to be a superior platform to Windows. At least , that's what all the Mac vs. PC tv commercials claim. The actor representing the Mac is so cool-looking compared to the dumpty looking guy representing the PC.

Well, here's what happened. We successfully installed Office 2008 and it was working fine until the fatal event. The Mac, having a very polite operating system, OSX 10.5 Leopard, asked if it could install an update to Office 2008. Well, the client agreed to the upgrade of Service Pack 1 (SP1) and soon found herself well along that "path to upgrade hell". Immediately after the upgrade (remember the concept of upgrade is supposed to result in a better application. Hence, the terminology of upgrade, not downgrade is used) the Office Setup Assistant showed up every time you clicked on an application. Again, it was very polite. It asked if the user wanted to learn more via the Internet or register the software. After you click next, the Autoupdater shows up and asks if you wish to check for an update (didn't we just do that?). After closing that box, setup assistant starts up again (Oh, its deja vu' all over again). We were also treated to the SBOD (Spinning Beachball of Death). This is somewhat similar to the Windows BSOD but doesn't look as threatening and is much colorful. Good manners must be an integral part of the Leopard OS.

As this behavior was putting a severe crimp in using the Office Applications so I tried a few fixes.
Fix #1 - After performing a google search, and learning that this is a widespread problem, I deleted the plist files in the Microsoft folder. They were -

/Library/Preferences/Microsoft/Office 2008/Microsoft Office 2008 Settings.plist
/Applications/Microsoft Office 2008/Office/OfficePID.plist

After starting Word 2008 again, the Office application asked for the product ID and then the Setup Assisant started its repetitive nature again. Oh, well.

Fix #2 - I uninstalled Office 2008 via the Remove Office tool and dragged the remainder of the Microsoft folder to the Trash. After a restart and re-installation of Office, the applications began to behave normally, well...sort of. Word had a few error messages and when Entourage was launched, it stated that this version of Entourage was incompatible with the Entourage identity found. Apparently, the service pack 1 update changed the Entourage files just enough to make it incompatible with the original installation. On to the next fix.

Fix #3 - Use the Office Remove Tool again. Drag the Microsoft folder to the Trash. Search for any remaining Office 2008ft Plist entries and delete if found. Then delete the Entourage 2008 identity file at /Documents/Microsoft User Data/Office 2008 Identities/your identity. Restart the computer and do another installation of Office 2008. Keep fingers crossed. Complete installation and see if the applications work. Everything looks ok. Entourage starts and requests a new identity. An archive of the Entourage data is imported from a flash drive (Remember that mandate - Keep a Backup of your critical data handy and in muliple locations) and after a final check ---We do a happy dance.

So, it would appear the Office 2008 SP1 is not quite ready for primetime and updates should be set to manual control. Talk to you later.