When Microsoft first revealed Windows 8, complaints started rolling in almost immediately. The lack of the traditional Start Menu and the fact that Windows would no longer be booting directly to the Windows desktop were just a couple examples of the many complaints that continue to trickle in regarding the new OS.

Rumor has it that Windows 8.1, codenamed Blue, will possibly offer preferences that will enable booting directly to the Windows 8 desktop and the ability to bring back the Windows Start Menu. On April 14th, MicrosoftPortal.net blogged about how the twinui.dll file found in the leaked Windows Blue Build 9364 contains code that controls whether the computer will boot directly to the desktop. As previous builds of Windows Blue did not contain this option, it’s pretty clear that Microsoft may be giving in to customer complaints and are working to fix them.

Screenshot from http://microsoftportal.net/windows-blue/2037-windows-blue-pozvolit-otklyuchit-startovyy-ekran.html

As we all know, Microsoft is unpredictable when it comes to making changes. These are just rumors at this point, so we can’t count on these fixes to actually happen. We won’t know until 8.1 is released in August 2013. If you can’t wait for the Windows Blue, programs like Start8 from Stardock may be your answer. Start8 allows users to tweak the Windows 8 experience to more closely mimic that of Windows 7 and XP. You can boot straight to the desktop, skip the new (and sometimes confusing) tiled start menu and bring back the start button.

Windows 8 has some great new features that make it more secure and easier to troubleshoot than previous versions. Bringing back the Start Menu and the ability to boot directly to the desktop will (in my opinion) make Windows 8 the best Microsoft OS yet!

For those of us working in the IT industry, we get used to removing viruses and malware from plenty of machines on a regular basis. Malware is a huge problem that seems to only be getting worse. Part of the problem is a lack of education for the end users. It’s easy for the less tech savvy to get tricked into downloading a piece of software that disguises itself as legitimate piece of software (Java, Flash, Adobe etc.) While browsing the internet, users can also get tricked or scared into downloading and installing “Fake AV” programs that look legit, most times copying the GUI (graphical user interface) of popular Anti-Virus programs (AVG, Norton, Microsoft Security Essentials, ESET etc.) by thinking that their computers are infected.

I can understand how confusing all of this is for end users. Being bombarded with ads and scams online constantly can be overwhelming for the casual computer user. Luckily, places like New River Computing able to help folks clean their machines and equip them with software to thwart off these attacks by using good, reputable AV programs, such as VIPRE and Malwarebytes, and using managed service software to keep machines patches and up-to-date. We also recommend users operate under a “user account” instead of an “admin account”.

Having a good AV program installed is certainly important, as well as being mindful of pop-ups and shifty websites. But, one thing AV software can’t protect a computer from is a fake Microsoft technical support phone call scam. These types of scams have been going on for several years but, seem to be increasing in popularity. Criminals are finding that, while more and more people are becoming educated on how to avoid scams on the computer, they are succeeding in scamming people over the phone in to downloading malicious software. Having someone call your house and act like a Microsoft Representative, telling you that your machine is infected and at risk can be pretty alarming.  The purpose of these calls is to get an easy $299 (or whatever amount they choose) by scaring you into thinking there’s something really wrong with your computer and that they can fix it for you.

Fortunately, the methods used by some of these criminals to dupe users were recently captured by Jerome Segura, a senior security researcher at anti-malware company Malwarebytes. The video demonstrates the kinds of tactics used by these scammers to trick users into allowing them to remote in to your machine and take it over. Segura played along with the caller and recorded the entire interaction in a YouTube video. These scams usually start off with the alleged Microsoft representative asking you to turn on your computer to perform some checks for errors. They essentially ask you to open different applications which aren’t typically known by regular users, then tell you that the files you are looking at are malicious viruses and spyware. Usually, these are just event log files and/or temp files—neither of which pose any threat to your computers’ security.

I highly recommend watching this video. Pay attention to what the scammers asks Jerome to do and notice how strange the callers are act when he asks questions. And also, just for the record, Microsoft will NEVER call a user to let them know that their machine is infected…NEVER! That’s not how they operate. To avoid being the next victim, don’t ever take a phone call from someone who claims to be from Microsoft tell you that your machine has a problem. And also, make sure that your computer is up-to-date, remove unwanted software and also use a good anti-virus solution.

Stay safe and be skeptical!

I remember when I received my first “internet capable” computer; it was a long time ago on my birthday in July. If you know anything about July in the southeast, you know it’s typically hot, humid and sticky. This weather is far too miserable to spend any real time outside. And until receiving my first computer, there was no reason to hide inside during the summer, other than to catch a brief reprieve from the heat and bask in AC. But that all changed the day the Internets came to my house. In fact, not only did the Internet fairy come to my house, it came to my own ROOM! I felt like Steve Jobs, who was once quoted as saying, “I’m very excited about having the Internet in my den.” And I agree: One of coolest things ever!

I had a great time learning how to navigate the new and endless amount of information at my fingertips. Thanks to AOL I had means of connecting to the web back then. I remember how awesome it was to get email and hear “You’ve Got Mail!” out of my little desktop speakers. I also remember how insanely slow the connection was and the amount of time it took to download ANYTHING!!! The end of the world didn’t seem nearly as scary as it did when a landline telephone call would boot me offline and stifle all of my patiently awaited downloads-in-progress. At 56k max download speeds, it took a long time to download anything larger than a text document. The bigger the file, the longer it took, and the greater the chances that someone would call and muddle it all up!

Ah, those were the good ol’ days: when the Internet was fresh and new and MTV still played music videos. But that was a long time ago. With blazing fast Internet connection speeds available now to most people in major parts of the world, dial-up Internet and AOL seems like a thing of the distant past. But wait…could it be…is AOL still around? Are there STILL people out there that readily pay AOL a regular subscription fee to connect to the Internet? Well contrary to popular opinion it’s true. Not only is it true, is seems that AOL still has some meat left on its bone in the “AOL Connect” market. Unfortunately, in this case, any meat left on the bone is too much.

Recently, AOL posted its fourth quarter financial results and it was a shock to find out that they are still earning most of their money from subscribers who are still, for whatever reason, actually paying to connect to the Internet using AOL. Worse, some people pay for AOL services while paying someone else for Internet. Do people not realize that they can just get an Internet connection bundled with their cable or phone service provider? Or do they simply love the outdated, glitch and slow AOL browser/toolbar combo, plastered with ads and worthless celebrity gossip headlines? Apparently some people purposefully choose AOL, or they don’t realize contemporary avenues for more sophisticated accessibility.

Amazingly, according to the financial news site Business Insider, AOL Connect subscribers are still one of the biggest reasons AOL is staying profitable. They reported that in the fourth quarter, the company earned $176.7 million from its “Membership Group,” which is more than company’s overall $133.1 million profit. I find this shameful. AOL makes a pretty underhanded and dishonest move by misleading their customers into thinking that the company holds the magical key to the Internet. In no small way, AOL is blatantly lying to customers and stealing their money.

There are longtime AOL customers that I’ve spoken with over the past few years that still think that AOL exclusively allows online access, web browsing and email. I thought that this population was very small, with only a few pockets of people scattered throughout the U.S. But I was wrong – there are many more AOL subscribers out there than I initially thought. Fortunately the tides are slowly turning. People are becoming more technologically savvy each day by learning that Internet service isn’t nearly as complex and fixed by primary providers. Furthermore, the masses are learning that AOL isn’t the only email service that exists and that there are much better email services nowadays to choose from.

Don’t get me wrong; most of us recognize that AOL was useful (and fantastic!) in its heyday. But those days are gone for the better. Lucky other areas of the AOL corporation seems to be slowly growing since those “old school” subscribers aren’t going to stick around and line their stockholders’ pockets forever. If they don’t get it together and start focusing on new and honest ways of generating revenue, then the useful existence of AOL as a whole could be a thing of the past entirely…just like MTV.

Hansen Ball, Jeff Wynn, and Karen Loferski get ready to cut the ribbon!

Our guests included NRC clients, representatives of the Montgomery County Chamber of Commerce, fellow Corporate Research Center tenants, local IT professionals, friends and family. We appreciate the support of all those who attended and are thankful for such a great turnout.

CEO Jeff Wynn gives a speech after cutting the ribbon.

As part of the celebration, CEO Jeff Wynn gave a brief speech recognizing members or the NRC team, our clients, and family members and all those who have NRC grow as a company.

Thanks to everybody who joined us to celebrate. We had a full house!

Guests enjoyed refreshments and the chance to socialize and network after the formal ribbon cutting took place.

If you want see more photos from the ribbon cutting celebration, check out the New River Computing Facebook page!

This is how our work room looked on Monday after a weekend of setup and cleanup.

The right-hand side of our main work room as it appeared on Monday.

The left-hand side of our main work room as it appeared on Monday.

And this is what the main work room looked like on Friday evening (you don’t even want to see what it looked like Friday morning).

The right-side of our main work room as it appeared on Friday evening.

The left-hand side of our main work room as it appeared on Friday evening.

We’re not the only ones who are happy with our new office. We also had some visitors come by on Monday to admire the new workspace from the outside windows!

One of the two deer that came by to check out the new office on Monday.

We’re excited to be working in our new office space and are confident that the new working environment will help us continue to better serve our clients. Thanks for your support!

The Q&A covers the beginnings of NRC, the company’s commitment to serving the community, and the keys to the business’ success. Wynn and Ball also discuss what they enjoy most about NRC and operating a business in the New River Valley of Virginia.

You can check out the full article at The Roanoke Times online.

Here are the most recent malware infection trends for various Windows operating systems according to the Microsoft Security Research team.

Still running Windows XP SP3 in your environment? If so, be aware that end of support for Windows XP SP3 is April 8, 2014. If you are still using Internet Explorer 6, you haven’t been receiving security updates for your browser for quite some time.  It’s very important that you start planning out a migration strategy to move your systems to Windows 7 or Windows 8 within the next year. In the meantime, if you are running Windows XP with IE6, it’s critical that you upgrade to a version that is currently supported. You can download IE8 for XP here.

For those of you not familiar with exactly what Ransomware is/does, here’s the current Wikipedia definition:

“Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of Ransomware encrypt files on the system’s hard drive, while some may simply lock the system and display messages intended to coax the user into paying.”

Over the past 6 months, New River Computing has been getting more and more phone calls from businesses who’ve been attacked by some form of Ransomware Virus. While desperately trying to find a solution, most of these businesses (many in other states, North Carolina, Atlanta Georgia, and even one business from Kalamazoo Michigan who called in yesterday) searched the web for answers and stumbled across an old blog post that we released on the subject back in April 2012: http://newrivercomputing.com/blog/computer-virus-outbreak-alerts/latest-ransomware-anti-child-porn-spam-protection/.

How would you react if you were attacked by Ransomware? Do you have a backup plan? Do you have a backup machine or server in place? What would you do if someone gained access to your computer or server, encrypted all your photos, business files, financial documents and other hard (if not impossible) to replace files and then demand a ransom for their return?

In a perfect world, all you would have to do is restore your machine from a recent backup. But, since this isn’t a perfect world, and a lot of people don’t keep recent backups. Some people don’t even back up at all. If you fall in to the “not in a perfect world” category, don’t panic just yet if you’ve been a victim of Ransomware. If you have recent backups, you can stop reading here and just go restore your machine using your most recent image. If not, well then, roll up your sleeves, keep reading and get ready for some work! This might not be easy…

Here’s a detailed list of steps and tools that I’ve put together based on the most up-to-date research from industry leading security companies on the subject of remediating Ransomware:

***Be warned: there’s no guarantee that any/all these methods will work. Every Ransomware attack situation is different and there are many different variants. These steps are meant to be used as a last resort before giving up and reformatting a machine. ***

Remove Ransomware with HitmanPro Kickstart

You can use HitmanPro Kickstart to bypass the Ransomware infection and access your computer to scan it for malware.

1. We will need to create a HitmanPro Kickstart USB flash drive,so while you are using a “clean” (non-infected) computer, download HitmanPro.
2. Insert your USB flash drive into your computer and follow the instructions from the below video:

3. After you create the HitmanPro Kickstart USB flash drive, insert this USB drive into the infected machine and start your computer.
4. Once the computer starts, repeatedly tap the F11 key (on some machines its F10 or F2), which should bring up the Boot Menu, from there you can select to boot from your USB. If your machine doesn’t support booting from USB, you can download the HMP ISO files here and burn a CD that you can boot from.
   Next, you’ll need to perform a system scan with HitmanPro as see in the below video:

5. After HitmanPro Kickstart has completed its task, you should be able to boot in Windows normal mode, from there you’ll need to perform additional system scans with Malwarebytes Anti-Malware , Super Anti-Spyware Online Scanner and VIPRE Rescue Scanner to make sure there are no additional malware files on your machine.

Kaspersky WindowsUnlocker to fight ransom malware

Kaspersky WindowsUnlocker utility is designed to disinfect registries of all Operating systems on your Computer.

Start Computer from Kaspersky Rescue Disk with Kaspersky WindowsUnlocker

1. First download the Kaspersky Rescue Disk with WindowsUnlocker ISO image from Kaspersky Lab Server to your Computer and burn it to CD/DVD.

2. After successful creation of Kaspersky Rescue disk 10, insert the disk into CD/DVD Rom drive and boot your machine from it.

3. A message appears on press any key to enter the menu, press any key – start up wizard loads with graphical user interface select English or other language.

4. Select graphic mode and press Enter, End User license agreement appears on screen agree it to by pressing C key on your keyboard.

Linux OS now starts and detects the devices and OS installed on your system.

Launching Kaspersky WindowsUnlocker

Once you’ve booted Rescue disk in graphic mode, click on Start button located at the left bottom corner and select Kaspersky WindowsUnlocker item.

More steps and information can be found here if needed.

Use the Dr.WEB search tool for unlock codes found here.

Using the Sophos Ransomware Decrypter Tool

Before You Begin:

• You will need at least one original file and an encrypted counterpart, they must be identical in file size and known to have been originally the exact same file.
• The tool should be ran as a user with Administrative rights.
• The requested un-encrypted file must be larger than 4KB.

When the tool has checked the provided encrypted and unencrypted file, the scan that follows should then be able to restore the discovered encrypted files in the specified scan location and below.

What To Do:

1. Download the Sophos Ransomware Decrypter Tool:
   http://downloads.sophos.com/misc/RansomDecrypter.zip
2. Extract the contents of the Zip file into a folder of your choice.
   A file called RansomDecrypter.exe will be extracted.
3. Launch the application RansomDecrypter.exe, read and accept the End-User License Agreement.
4. Click Start Scan, this will prompt you to locate a copy of an un-encrypted file that is larger than 4KB. Once the file has been located and selected click Open.
   Note: The file you choose must also have an encrypted counterpart for the scan to be able to run.
5. The next prompt will ask for a copy of the same file selected previously but in an encrypted state, this file will normally follow the format of locked-<original filename>.<random 4 character extension>. Once located, click Open once again.
6. If successful, another prompt will appear, click OK.
7. Select a location where you would like the tool to scan for encrypted files, if you are unsure where the files are, you should start with the C: drive under My Computer.
   Note: The tool will intentionally skip locations where the malware does not encrypt files.
8. On completion a summary will appear stating how many files were scanned and how many were unlocked. A log file with the results is also created in the same location as the tool as RansomDecrypter-1.0.0.3-YYYY-MM-DD_HH_MM.txt.

How did I get this Ransomware?

The Ransomware virus gets into systems through various security holes and vulnerabilities found when users visit infected websites or download infected files and emails. If you ignore Windows updates and 3^rd party software updates for software such as Adobe, Flash and Java then you will be much more vulnerable to attack.

Ransomware appears to be a strong moneymaker for online criminals. So don’t expect it to go away any time soon. Be careful, keep your software patched and your Anti-Virus definitions up to date.

Have fun, be safe, and stay informed. Happy surfing!

Some versions unlawfully use looks, colors, trademarks and icons of well-known AV software companies (Symantec, AVG, Microsoft Security Essentials, Kaspersky and McAfee are just a few examples) to help sucker users into downloading, installing, and ultimately “purchasing” the bogus software. Part of the reason that rogue security programs continue to be successful is that they are very convincing.  Microsoft reports that over 4,173,491 United States users were infected with some variant of Rogue AV during the 1^st and 2^nd quarter of 2012.

Do you think you could tell the difference between a real security program and a rogue security program if it popped up on your computer screen? If you are up for it, take the Microsoft Malware Protection Center’s “Real Vs. Rogue” challenge by clicking here.

It’s an interactive quiz that uses images of actual rogue security software to test whether you can tell the difference between authentic antivirus software and rogue security software.
Go ahead! It’s fun!

Microsoft also has a fantastic series of Security, privacy, and online safety how-to videos that that are perfect for educating computer users on common threats found on the Internet today.

Thanks to Tim Rains for originally sharing this information on the Microsoft TechNet blog.

Recently, there has been an Internet Explorer (zero-day) remote code execution vulnerability found being exploited in the wild which affects IE 8, as well as IE 6 & 7. Current exploitation is limited but it’s almost certain that a reliable exploit will soon find its way into at least one (if not all) of the many popular exploit kits being used by online criminals.

Microsoft Security Advisory (2794220 )

IE 9 & 10 are not vulnerable, so Windows 7 and 8 users are safe. However, users of the old (and almost obsolete) operating system Windows XP, need to take action since IE 9 & 10 are not supported. If you’re still using XP, it would be wise to install an additional browser such as Mozilla Firefox or Google Chrome. But, if that isn’t an option, Microsoft has a Fix it tool available.

For more details, head on over to Microsoft’s Security Research & Defense blog: Microsoft “Fix it” available for Internet Explorer 6, 7, and 8 . Hopefully this vulnerability will be patched tomorrow (January 8^th) during Microsoft’s regularly scheduled update cycle.