2014/07/30

Ransomware scam that claims to be the POLICE. How to remove it?

What is?
This computer fraud, known as "RANSOMWERE", is a new type of malware that spreads like a virus or worm. 
It locks the computer displaying a notice on the screen, and then, taking advantage of the fear of people and claiming to be a POLICE department (or FBI, or CIA, etc..), it requires the payment of a fine (but it would be better to call it "ransom") to unlock the user's computer.
The malware relies on the user's fear, accusing him of having committed illegal activities, such as downloading material protected by copyright like software or music, or be viewed and downloaded child pornography, and requires the payment of a fine (normally € 100,00) to remedy the alleged wrongdoing. 
Typical screen of Virus "Police"
A typical example of this malware displays a screen that reproduces the header of the Police (logo or emblem) and usually shows the IP address of the user's computer. In some cases even show the user's photo taken with the webcam of his own PC or notebook. 
It also requires the payment of a fine through fake websites (legal) specialized in making payments online without credit card or debit card, such as www.ukash.com or www.paysafecard.com (in whose pages a message indicates the existence of this type of scam). 
This malware, due to the payment system used, it is also known as "ukash virus" (but the ukash site has nothing to do with the creator of the virus). 
When the malware is active you can not exit the screen even with the keyboard shortcut CTRL + ALT + DELETE, and you are unable to freely use your PC. 

As you take? 
As with many other virus infection the possibility are: 
  • pure and simple navigation of  compromised websites, 
  • receiving emails with infected attachments or links to infected sites, 
  • exchange of infected USB sticks, 
  • installing cracked software, 
  • etc. 


Who does it affect? 
Windows systems are the first to be affected, but now even the Apple MAC OS X are targeted by Ramsomware, fortunately in this case the solution is simple, just do a reset of the SAFARI browser. 

Even Smatphone and Android tablets are attacked by ramsomwere
ESET has discovered a dangerous new type of malware (Android / Simplocker.A) that is able to encrypt the data / files in your SD card expansion of Android devices and then asks for a "ransom" for decryption. 
[Source] ESET Blog 
Android-Trojan.Koler.A

Android-Trojan.Koler.A is a type of Ramsomware that attacks Smartphone and Tablet Android. Use GPS to understand where is the victim and simulate local authorities more plausible. Android-Trojan.Koler.A is not dangerous, because it do not completely block the device, but only in the foreground holding a browser window with a threatening message. Bogdan Botezatu of Bitdefender says that you can manually uninstall the malware with the standard procedure, stating - "but only if the application icon is in the first row. Otherwise you would not have the time necessary to drag the icon to uninstall." 
[Source] ARSTECNICA 

The Blog Malware do not need Coffee illustrates in detail the technique of propagation and the operation of this type of Ramsomware. 
[Source] Malware do not need Coffee: Police Locker land on Android Devices 

How to prevent "ransomware" infection? 
The best way is to keep updating the software on your PC: Use Windows Update to the operating system, carry out security updates of the browser, email client and the main software used as Adobre Reader, OpenOffice, Microsoft Office, etc.. 
Also it is good to install a good antivirus (even free) and keep constantly updated virus signatures. 

The variants that encrypt the data: 
Who has the PC infected with variant Tojan-Ransom-digit .Win32.Rannoh which crypt some files so that they can not be legitimately opened and edited, it can groped to recover them using special software developed by Kaspersky. It is RannohDecryptor.exe and is a tool that attempts to decrypt the files affected by this variant of ransomware. 

A new ransomware Trojan.ArchiveLock.20 (Dr.Web) affects primarily corporate networks by infecting the system and remaining invisible. Once activated remotely, malware and figure with WinRAR compresses several files through passwords and then shows a screen (which blocks the interface) with instructions to recover your data in exchange for money. In addition, the ransomware can delete any backup in the system. 
Trojan.ArchiveLock.20 (Dr.Web) 

But how to remove the "Police-themed" virus 
Depends on the model, some are easy to eliminate other more resistant. Later in this article I have included some information on how to eradicate the most stubborn variants. 
Specific Antivirus and Ransomware removal tools 
The anti-malware software HitmanPro.Kickstart has a specific form against the Police Ransomware. And 'possible to create a bootable USB stick with HitmanPro.Kickstart and use it to disinfect your PC. 
Even the software house PANDA security (anti-virus manufacturer) has developed a specific tool for the "Police Virus" is called PANDA RescueDISK. It 'a file with the extension. ISO (that is the image of a CD) and must be burned to a CD and booted at boot windows. 
This type of ransomware is also known as Trojan.Win32.Urausy and can be identified and eliminated, for example through Microsoft Security Essential
The Antivirus software company BitDefender, has created a special free Removal Tool (See: "How to remove ransomware infection FBI"). 
TrendMicro has released a free removal tool designed to detect and remove malicious software like ransomware: TrendMicro AntiRansomware Tool 3.0 

On 02.15.2013 Europol has vanquished the band of cyber criminals who had designed (at least) a type of malware RAMSOMWARE (with several variations). Source: Europol. Unfortunately, there are new sophisticated variations. 


PERSONAL EXPERIENCE:
Unfortunately, in the case that I have personally verified the malware has NOT been detected neither by 2 active anti-virus nor virus scanner and subsequently downloaded even by a couple of scans conducted via the Internet. This is symptomatic of the lack of preparedness of many antivirus towards this new type of scam. However, the malware variant that I faced, was not very insidious and it was very simple to remove it manually, here are the instructions: 

[Method 1 - By working Safe Mode] 
Start Windows in "safe mode" (press F8 when the PC) and click with the mouse on START (or START or the Windows icon) at the bottom left of the task bar. 
When you open the drop down menu vertical click "All Programs.
Look for the folder "Startup" and, once detected, click with the mouse on the corresponding icon that will display the list of programs configured to start automatically whenever the computer. 
Select the files that have names "strange" as sequences of characters and numbers 
(in the specific case was fir0.exe or WBT0.D
, And remove them by pressing the "DELETE" or "DEL". 
Select with the mouse the "Recycle Bin" on the desktop and click with the right button when the dialog at the bin, select "empty trash" to permanently remove the malware from your PC. 
reboot the PC. 

[Method 2 - With safe mode running] 
An alternative method to easily remove the executable file from the automatic can be to use CCLEANER (if already installed) and select the "Tools" menu, then "Start" and then deleting the row that contains the executable in order to exclude the next boot. 
In the event that not enough simply removing the file you can switch to a more radical action using the "Restore System Configuration" in Windows XP, Vista and Seven. In this case, just go back a few days when you think your PC is not infected yet. 

N.B. Of course, to eliminate "physically" the virus must also delete the file responsible for the malfunction (making sure to write down the full path) and not only limited to the sole exception of the file from autorun malware is otherwise idle but still this disc fixed! 
I have also read most tenacious of variants that are activated already in "safe mode", however they have not yet addressed these variants can only suggest the methods they would adopt (already used for other viruses) and shown in this study: 

[Method 3 - With safe mode running] 
Download CCleaner and Malwarebytes and copy them to a USB stick to be inserted in the PC started. 

Start your PC in 'PROVISIONAL MODE WITH COMMAND PROMPT "by holding down the F8 key in the ignition phase. 
Once at the Command Prompt, press CTRL + ALT + DEL to start Task Manager
Insert the USB stick with the software already loaded. 
Go to File - New Activity Run .... Locate the USB memory and install both programs 
Install CCleaner and run it to perform a thorough cleaning of the system files. Then proceed to scan your registry and repair of items found. In Tools - Start off ALL entries. 
Install and Launch Malwarebytes (also from New Activity Run ... and looking in the Program Files path) and perform a full scan. At the end restart your PC. 
Once you have removed the threat the desktop returns to normal and you can make a "clean-up" more in-depth. 
Disable the System Restore (XP) / Protection System (Vista, 7, 8) and delete all restore points created previously - Step essential to prevent the virus manages to recur in what is present in some file recovery 
Locate the folder for temporary files: 
XP - C: \ Documents and Settings \ <username> \ Local Settings \ Temp 
Vista, 7, 8 - C: \ Users \ <username> \ AppData \ Local \ Temp 
... and delete ALL files present 
Empty the trash immediately 
Run CCleaner again (Cleaning Files and Registry) 
Run Malwarebytes again - Full Scan 
restart 
Run CCleaner again click "Tools - Start" and reactivate the items you want, then reboot. 
Now the PC is  clean! 

As already indicated, there are many variants of this malware. For example, I recently met with the variant of the virus that displays a screen with the logo of the "Police State", like this: 

In this specific case the file was auto-start "ctfmon.lnk" (files with the extension. Lnk are shortcuts or links to other files and facilitate the opening or running). It pointed to the executable file "C: \ windows \ system32 \ rundll32.exe" which sent him running the malware. In this case it was probably a variant of "Trojan.Win32.FakeGdf" and side effects were (task bar unusable and some system services turned off). Even after the automatic removal since there have been problems in the repair of certain services (in particular Windows Update). The use of Malwarebytes Anti-Malware has allowed us to discover and automatically remove additional services "malware" that were installed always start automatically. Another anti-virus software to use with variants "resistant" is definitely Combofix. Typically, the name of the file in "autostart" is a random numeric name (for example, in another case it was 0.751225951242083.exe.lnk name at least suspect!). 

PS: if you can not solve by following these directions leave me a comment indicating more problems. 

© ALL RIGHTS RESERVED

2014/04/24

How to print together multiple documents and file (PDF, DOC, XLS, DWG) or photo (JPG, BMP, PNG)?

Do you need to automatically print multiple documents in a folder without opening them?

On Windows 98, XP, VISTA natively there is no function like that, so you need to use a third-party software.
Print Conductor is an utility that I tried! It works very well and it's free!



You must download and install the application, then you create the list of files to be sequentially printed by selecting the files with the dialog box "Open File", or dragging them with drag and drop, or by automatic scanning of a specific folder. You can also choose different folders or files of different types from those available.



Print Conductor supports 26 different types of documents, here they are: 
  • Adobe ® PDF files, 
  • Microsoft ® Word DOC and DOCX documents, 
  • Microsoft ® Excel XLS and XLSX spreadsheets, 
  • Microsoft ® PowerPoint PPT and PPTX presentations, 
  • Microsoft ® Visio VSD drawings, Publisher PUB files, 
  • Autodesk AutoCAD ® DXF and DWG drawings, 
  • OpenOffice ODT documents, 
  • JPEG, TIFF, GIF, PNG, PCX, TGA, DCX and BMP images, 
  • XPS, SVG, TXT, WRI, RTF and HTML files.

Print Conductor can print documents on any printer:
  • local printer,
  • network printer,
  • virtual printer.

Also you can change the configuration of the printer selection before starting the printing process.

WARNING: The only condition you must abide is that on your PC, you must have already installed all the applications you normally use to open the same documents that you would like to print automatically. 
So for example, to print CAD files (DXF or DWG), you must have installed Autocad, to print Word or Excel files you must have a suite of Office installed, to print PDF files you must have Adobe Reader pre-installed, and so on.

The free version of Print Conductor has no limitation of use., but  insert a page of advertising in the print queue of your printer. Commercial version don't print advertising pages.

Print Conductor works well on 32-bit and 64-bit versions of Microsoft Windows XP, Windows Vista, Windows 7, 8 and 8.1. 
Microsoft Windows Server 2003, 2008 and 2012 are supported, too. 

[Link features] Print Conductor features
[Download] Print Conductor

If you have Windows 7 or later you can use this convenient feature natively in the operating system. Just open the folder containing the file to be printed and select those that interest you. To select multiple files with the mouse at the same time hold down the SHIFT key if they are contiguous instead if there are NOT contiguous hold the CTRL key. Immediately after you click on it with the right mouse button and select the item Print in the context menu. The important thing is that all the files must to be of the same type and NOT to be mixed (only PDF, only WORD, only EXCEL, etc..) The only downside is that the files are sent to print directly to the default printer, and then you can not choose your printer from the menu. With this method, normally you can select up to 15 files contemporary to print. 

An alternative method, with Windows Seven, is to search for the printer on "Devices and Printers" in the Start menu. Click with the right mouse button on the selected printer, then select "See what's printing" in the context menu. 
When appears the "queues" window of the printer, that you have chosen, you can drag and drop the files to print. 
Then another dialog box will appear asking if you want to "print multiple files at once." 
By clicking on 'Yes' all the files will be opened and printed in their entirety, with the default settings. With this method it is possible to mix different types of files! This method does NOT have limits on the number of files to be printed simultaneously.

PERSONAL EXPERIENCE: 
Print Conductor is intuitive to use and effective, I like it very much!
© ALL RIGHTS RESERVED

2014/03/17

NAS4Free: the heir of FreeNAS 0.7, an Open Source Network Disk

NAS4Free version 9.2.1 is a free distribution of FreeBSD 9 that has been optimized to provide a service of Network Attached Storage (NAS) or external network drive. It is a software distribution that can be installed on your obsolete computers and turns them into storage disks with redundancy and security features often available only on paid and high-end products!
NAS4Free logo

I have already reviewed a previous version of FreeNAS (exactly the versions 0.7.x and previous in FreeNAS - How to create a network drive free), but since then there has been a fork of the project by the new partner / sponsor iXsystems, which has brought several changes, so now there are two types of products: 

a) FreeNAS 9.1.1 - which is a new project, always open source, completely renovated and improved both in graphic and in functionality and that is managed by iXsystems which bought the brand FreeNAS in 2011. 

b) NAS4Free 9.2.1 - the direct heir of the old FreeNAS version 0.7, which has been renamed and is developed and maintained by a team of volunteers and also Open Source.

NAS4Free volume manager


NAS4Free 9.2.1 supports data sharing systems: Windows, Apple, and UNIX / LINUX

Hard disks and volumes can be managed with:
  • ZFS v.28 (RAIDZ, RAIDZ2, RAIDZ3), 
  • Software RAID (0,1,5) or mix (1+0,1+1, ecc…), 
  • disk encryption (with adapter hardware acceleration if available),
  • Filesystem ZFS v.28, UFS, Ext2/3, FAT, NTFS, 
  • Partition (MBR andGPT)
  • iSCSI (initiator), 


Supports the following network protocols:
  • SMB/CIFS (samba3, samba2, samba) 4.1.5, 
  • AFP (Netatalk), 
  • NFS, 
  • FTP (ProFTPD), 
  • TFTP (tftp-hpa), 
  • RSYNC (client / server), 
  • Unison, 
  • SCP (SSH)
  • iSCSI (target), 


The Extra Services available are:
  • UPnP server (FUPPES), 
  • BitTorent client (transmission)
  • iTunes/DAAP server (Firefly),
  • Webserver (Lighttpd),
  • Network Bandwidth measure (IPERF),


About Networking:
  • 802.1q vlan tagging,
  • Wireless,
  • link aggregation,
  • Wake On Lan,
  • Bridge
  • CARP (Common Address Redundancy Protocol)
  • HAST (Highly Available Storage)


About monitoring::
  • S.M.A.R.T (smartmontools)
  •  E-mail notification
  • SNMPSyslog
  • UPS (NUT) 

Everything is configurable through its web interface.

NAS4Free 9.2.1 can be installed on Compact Flash memory / USB / SSD and HDD, or it can be started on LIVE CD and can use a small USB key to store the configuration data. Also exists in two versions: 
  • 32bit, with which you will be able to use the hardware with MAX 4 GB of RAM
  • 64bit, with which you can install and use more than 4GB of RAM

Despite having improved compatibility with newer hardware (thanks to an upgrade of the operating system) remains compatible hardware "obsolete" and therefore suitable for use on a PC also "very old" for their re-use. Here is the list of compatible hardware supported
The user interface (GUI) has undergone a makeover but remains very similar to the previous version. 
Among the goodies available, there is also the possibility of installing an LCD panel that displays in real time the most important information, and that is managed through the service LCDproc.

NAS4Free 9.2.1 adds support for SMB3, the ability for FreeNAS to be a Windows Domain Controller, and advanced features like server-side copy support in Windows 2012 and later.

[Source:] NAS4Free

PERSONAL EXPERIENCE :
I recently upgraded an older PC (already used as FreeNAS ) and consists of an Intel Pentium III with about 704 MB of RAM, reformatting and passing from the old to the new FreeNAS 0.69 NAS4Free 9.1. Because I thought that the hardware of this particular PC was NOT suitable for use as Zettabyte File System ( ZFS), due to the limited RAM and processor 32-bit inappropriate, I decided to fall back on a simple RAID 1 volume mounted on two SATA disks and shared with the service through Windows CIFS / Samba. Everything works great !
Also on this NAS4Free also use the service RSYNC client to synchronize the contents of a folder on disk to another PC version of FreeNAS 0.69 ( so for now not yet updated ) .

For some years now I'm running some old converted PC , here's the list :
n.2 - FreeNAS 0.69.2 PC - Intel Pentium 3
n.1 - FreeNAS 0.7.2 PC - Intel Pentium 3
n.1 - NAS4Free 9.1 PC - Intel Pentium 3 (*** Updated ***)
n.1 - FreeNAS 8.3.1 PC - Intel Pentium 4 (*** new project created by the fork ! ***)
Until now ... I was very pleased with their behavior !

One of the features I like the most in these products ( FreeNAS and NAS4Free ) is the ability to upgrade the firmware ( or the whole operating system software ) without having to reformat the whole thing!
Another feature important to me , is the presence of both an editor of an internal file manager, which eventually delete or modify files and folders that you do not have permissions to the share level .
NAS4Free has developed very good diagnostic functions and LOG disks , and the system.

Now some advice about the options in the BIOS of the PC:
If you can enable BIOS to automatically start the PC every day at a set time , so if you miss the current PC would restart by itself at the latest the next day!
Select the option that indicates hardware failures other than the keyboard , or "ALL, but keyboard" , so you can run the PC without having to connect a keyboard .
Disable the cache VIDEO or otherwise any kind of cache memory that subtracts the main RAM , since in any case there would benefit significantly to the functioning of the operating system.
Update of 03/09/2013 : Occasionally you have to upgrade the operating system of yours NAS devices in order to fix bugs and possibly take advantage of the new features implemented. So I proceeded to upgrade to one of the 5 NAS systems that use. In particular, I updated the software on the NAS already mounted NAS4Free 9.1.0.1 (revision 531) NAS4Free to version 9.1.0.1 (revision 847) using the function updates the firmware. I did not expect any particular problems in upgradin , in fact everything went well , very fast!

© ALL RIGHTS RESERVED



How would you like it to be improved on this article? 
Leave me a comment with your thoughts or requests!

If you find this article useful please click on the button "G +1" in the bottom of the post before the "Comments" section!
Yandex.Metrica