Antivirus 2010 on the horizon…and how we’ll help destroy it!

I just put up a new site in anticipation of the latest nuisance that I only recently came into contact with: “Antivirus 2010.”  You can view the new site at removeantivirus2010.com, but be aware that it’s pre-release at the moment, which is why I haven’t done any SEO or cross-linking for it yet beyond this post.

Antivirus 2010 is the successor to the infamous beasts “Antivirus 2009″ and “XP Antivirus 2008.”  The scammers behind these fake security programs have literally raked in hundreds of millions of dollars, and I’m quite sick of seeing them on our customers’ computers.  The major problem with removing these kinds of beasties lies in their inner workings: they use rootkit tactics inside kernel-mode drivers loaded very early in the boot process to hide themselves from any and all anti-virus and anti-spyware solutions on the market.  The loaded driver’s name always starts with the capitalized string “TDSS” and the older versions use “TDSSserv.sys” as the name.  The ultimate problem is that there is no simple way to delete this driver because of the security manipulation done by this virus: the service registry key permissions are typically null, automatically meaning everything in Windows is denied access to it and successfully hiding it from programs like AutoRuns, StartupList, MSConfig, and HijackThis; furthermore, the virus hooks numerous key NT kernel system calls and “edits itself out of the list” whenever a directory listing or process list is requested by any program on the system, such as Task Manager, Windows Explorer, and even whatever antivirus solution you use.

Worst of all, it locks your system down like this even in safe mode, and its early boot loading means boot-time scanning solutions such as Avast’s can’t get rid of it either.  It’s a truly clever little booger, immune from all your favorite security software.

Spybot can’t get it, nor Ad-Aware or Malwarebytes.  We can get it all gone, but traditionally you had to call a very highly skilled and expensive local technician to get this stuff removed, because a clean boot environment is required as well as somewhat complicated knowledge about the inner workings of Windows and how viruses tend to slip up in the process of securing their presence on your system.  Antivirus 2010 makes almost no mistakes, so you’re currently stuck either getting that expensive local tech or reinstalling.

Until now.

I’m currently writing software that will give Tritech access to a 100% clean environment remotely–free from viruses and spyware, which enables us to perform these horribly difficult virus removals remotely.  The details will remain a secret, but suffice it to say that there are precisely zero computer service providers in the industry today that can perform this kind of service right now: the kind of custom software needed poses a significant barrier to entry, and the alternatives are so much easier and safer to rely on.

It’s revolutionary.  Plain and simple.  No one else we’ve found does anything like it.  We’ve checked.  Regardless of whether you need to remove Antivirus 2010, remove Antivirus 360, remove Antivirus 2009, remove SecurityCenter 2009, or remove any other disgusting infection, we’re rolling out a campaign that can get it done, regardless of your location.  You don’t have to find a local tech and you don’t have to pay out the yin-yang.

Imagine getting this done wherever you are in the world, even if you’re in a hotel in Germany, and paying as little as $30 to have it done.  Geek Squad charges a minimum of $199 (I really hate that whole “$999.99 can be advertised as under $1,000″ pricing scheme! GRR!!!) to do this in-store, and they don’t even offer over-the-internet virus and spyware removal.  PlumChoice charges nearly $90 just to hop on their “SmartPlan,” and they can’t do what we do without an on-site appointment either. iYogi…well, if you think you’ll get this kind of quality and experience at their pricing level, you deserve what you get…they’re like a version of Dell’s Indian tech support that you actually pay money for, and you shouldn’t be supporting the iYogi Craigslist spammers anyway.

Bottom line: only Tritech Computer Solutions in Siler City, North Carolina, USA can remove difficult infections of viruses and spyware over the Internet.  No one else does this, period.

(Edit: a commenter objected to this statement, indicating that it implies other remote computer service providers are ill-equipped to handle difficult virus infections.  The distinction lies in the fact that no one that we have looked at currently does anything like what we’re rolling out; they certainly COULD do it, but they don’t; that’s why it says “no one else does this” instead of “no one else is capable of doing this.”  What we’re rolling out is unique, and fills a niche currently worked around by hiring a local technician…which sort of negates the purpose of “remote computer support” in the first place.  See comments on this post for more information.)

The only bad news is that this is still a work in progress.  I’ll update this post when that changes, as well as post a new one.  We’re looking to have this support platform completely up and running within about two weeks; more testing is necessary before release to ensure maximum reliability, but when this service of ours officially opens for business, it’s going to completely pull the rug out from under all of our competitors, and we can literally say that NO ONE ELSE does it.  We’re truly one of a kind in this industry.

Antivirus 2009

One of these days, I’ll find the guy who writes this stuff and leave his rotting carcass in a ditch.

How is it that people get more of these fake security programs than even actual viruses?

I’m becoming an expert at getting rid of stuff that’s just nagware, not even a real virus, and it’s getting quite old.  If I hunt the guy down that’s making the money off this thing (and I’m sure it can be done) perhaps I can spend my time helping customers with real issues instead of removing this trash from machines!

*sigh*

Anyone want to help me track down and de-fund the guy behind this stuff?

The worst kind of computer virus to catch…

Today I ran into two very troublesome situations.  One was a failing hard drive on a long-time client’s laptop, chock full of important information, but luckily the failure was gradual enough to cause serious speed issues and force them to call me before the whole thing could become a toaster.  The other was a far more difficult scenario: another returning client who uses the computer to run his business had somehow managed to pick up the worst class of computer virus I can think of: an executable-infecting virus.

You see, what these horribly nasty viruses do to your computer renders them essentially incapable of being repaired and returning to “like it never happened” functionality.  In case you don’t know, an “executable” is a term for the actual file that your icons run to start the program of your choice.  Essentially, they are the program.  A virus that infects executables will insert the virus code into the actual program file that you run to start software…including Windows itself.  I’ve only seen two infections before today that involved this class of virus, and the first one completely latched into everything, forcing a total wipe and reinstall.  The second one was not quite as “zealous” and didn’t infect things as readily, so I was able to recover that system from pending doom.  Today, however, is the second time I have encountered this type of infection to a point that I was incapable of repairing it.  My clients can tell you that I don’t play around on the computer: I know what I’m doing and I boast extremely high success rates where other “technicians” fail miserably.  I’d estimate that out of a random sample of 50 jobs, I have to do some sort of Windows reinstall on only about 1-2 of them.

Despite having six years of all-day-every-day experience tirelessly working to find every imaginable way to repair every computer problem under the sun without “major surgery” like reinstalling Windows, today I had to give in to the reinstallation machine that I so dreadfully despise, but I don’t regret doing so.

You must come to understand that even Windows itself is composed of hundreds of executable files.  They are often hidden behind the scenes and carry names such as “winlogon.exe” and “svchost.exe” and “ctfmon.exe” and “userinit.exe” and “logonui.exe,” and none of these should really ring a bell in your mind because you’re not supposed to know that they’re floating back there.  However, every single one of these files can be infected with a virus like this one.

Let’s put it this way: when you boot your computer, Windows loads a bunch of drivers, this thing called the HAL, and the NT kernel.  Basically, a bunch of really critical core stuff that makes everything else in the machine tick.  Once the pretty blue background pops up, however, those executables start firing off one by one.  svchost.exe starts in the background numerous times so that your sound card, automatic updates, Internet connectivity, and other system services can start working.  When you log in, logonui.exe runs, and then userinit.exe kicks in as well.  The ever-popular explorer.exe loads and shows you your icons and Start menu.  Any software you have installed may have startup items, such as the Adobe Reader Speed Launcher (reader_sl.exe) or the various America Online core services.

To bring all that irrelevant-sounding blah-blah-blah into perspective, nearly every single thing that runs in the list above gets infected with this kind of virus almost immediately once your machine is compromised. That means that Windows becomes a living virus.  The system is infected everywhere.  You can’t even boot halfway without running the virus itself, which then reinfects anything you may have cleaned.  Got Adobe Creative Suite?  They’re probably all toast–infected with the virus.  Hearts?  Infected.  Solitaire?  Infected.  Norton 360?  Infected.

I hope that this admittedly lengthy explanation brings you to appreciate the skills of a good computer technician (as well as the skills of the virus authors, who we’d all probably love to strangle one day), and the true importance of practicing good security habits when using your computer.  When I originally wrote the spyware and viruses page on the company website, my intent was to help you jump-start your computer security knowledge (and break some of the misinformation that exists today), and I hope you’ll read it now if you haven’t done so already.

I need to add this detail to said page, but I will dispense it here so that it will be clear: once your computer is compromised, you have NO SECURITY AT ALL!!! Modern viruses use rootkit-like technologies to hide themselves from virus scanners and bypass security measures such as software firewalls.  If you are compromised, security software is essentially rendered useless. Prevention should be your goal, not mitigation after compromise.  Don’t click on anything or say “yes” to anything unless you are 120% certain that it is legitimate.  Get Mozilla Firefox to avoid the plethora of security holes in Internet Explorer.  Take the time to find out what can get you in deep doo-doo when browsing the Internet (“free porn” searches are the biggest culprit, though many wouldn’t admit it–see that “.exe” at the end of the file name?!  It’s amazing how easy it is to infect a computer when the user is desperately looking for free porn and will download and run anything to get it.)  Most importantly, if your computer seems to be slower than usual, or pausing more frequently than is normal in your daily experience, do not hesitate to call a verifiably experienced computer technician to diagnose the problem.  If your water heater sprung a tiny water leak, would you hesitate to call a plumber, or would you try to patch it up until the pressure caused the leaking part to explode?

I can’t even begin to explain how frustrating it is to walk into a loyal client’s house to discover that the problem actually started months ago, and became disastrous because they chose to “live with it” and let it grow and compound rather than call me up and ask for a little bit of free assistance.  (Any computer business worth their salt will take five minutes to talk to you at no charge.  It’s called “customer service” and it gets left out a lot with many large businesses these days.)  When I perform computer services, it is a very personal matter for me, because the results of my work (short- and long-term) define what people think of me and my skills, and I can’t do my job for someone properly if they don’t tell me that there’s a problem.

If you take anything away from reading this post, (A) learn how to avoid danger on the Internet in the first place, and (B) don’t hesitate to call an expert when things may be getting beyond your control.

XP Antivirus 2008 and XP SecurityCenter

I swear, if I ever find the person who created these two fake antivirus programs, I will personally beat the tar out of him.  I went to two totally different small business clients today, both of whom had picked up XP Antivirus 2008 and one of which also managed to get XP SecurityCenter and SmitFraud, all at once.  What an annoyance this thing is becoming!

Let me be very explicitly clear: unless you know for a fact that a security product is a legitimate product from a company that operates on the up-and-up, such as avast! antivirus, you MUST NOT DOWNLOAD AND INSTALL IT.  There are literally hundreds of fake security solutions out there today, and they have been growing almost exponentially.  Before XP Antivirus 2008, it was WinAntiVirus 2006 and 2007, and other crummy little beasts like SpySheriff.  Where previously we would see fake or low-quality “registry cleaners” and “cookie washers” finding their way onto peoples’ computers under the guise of “boosting performance” and “fixing errors in the system configuration,” now we see these stupid fake security programs cropping up practically everywhere a Windows PC exists, and it’s maddening to have as many clients as Tritech does and still see a significant percentage of them end up with what I call “nagware” on their machines, despite not using Internet Explorer and generally staying infection-free for months or even years.  Despite my own best efforts to educate my clientele (because user education is the only true way to improve computer security, no software can its place), I am still receiving reports of these horrid little nuisances to this day.

The psychology of how these things work is very interesting.  Basically, computers have taken an ever-increasing prevalence in our lives since the Internet became accessible to home users en masse in the mid-90’s.  Computer security threats have become mainstream news items, and you can’t open one single PC magazine without seeing a plethora of ads for poor-quality (but nevertheless legitimate and somewhat effective) security software plastered all over the place.  With the amazing growth in identity theft awareness, the public’s perception of “what’s out there” must be no less than a step away from complete paranoia!

That’s where the fake security software comes in.  Playing on the conditioning of the common user to seek solutions in SOFTWARE to all of these immense and overwhelming threats, these products end up on computers after such trivial searches on major search engines as “free anti virus” or “free spyware cleaner” or “free trojan remover.”  Combining our fear of identity theft, hackers, scammers, spammers, fraudsters, and lotteries in Zimbabwe with the post-2000 “I want it all and I want it now” instant-gratification mentality, these products are a perfect storm to extort our hard-earned dollars through promises of “threat removal.”

You see, when you install one of these scummy programs on your PC (often by accident or by trickery), you’re greeted with warnings about the status of your computer.  I’ve seen pop-up balloons by the clock with messages that “Windows has detected spyware infection!  You should download the latest antispyware updates to fix them.  Click here to install antispyware!” (that’s not precise but it gets the point across), when in fact there is no such infection other than the software itself.  The “XP Antivirus” series likes to pop up a “scanning window” that shows “viruses” it “found” along with an explanation of why they’re dangerous, along with a fake “threat level” as well.  I called B.S. on the whole thing 100% for certain today, when it listed a virus about which it stated “this virus corrupts your system BIOS.”  If the machine had a virus that actually damaged the BIOS code, the machine wouldn’t boot!  If they meant the “CMOS RAM” instead (a misnomer but still the generally accepted term for where the BIOS stores its settings), the computer might complain a lot on boot, but otherwise would automatically reconfigure itself to sane defaults and boot right on up anyway.  But I digress.

The fake security programs ultimately will attempt to convince you that you have some kind of threat to your security on your computer that is quite serious, and then attempt to get you to pay up for the software or the repairs.  It’s such a simple modus operandi, but insanely clever.  Please don’t be fooled by promises of increased security.  If you’ve already been infected with this garbage and you’re in our service areas in North Carolina, you can check out our spyware and virus advice page or contact us to get it wiped out.  Otherwise, find a reputable independent technician or local computer service shop in your area to take care of it.  (Avoid major chains such as Geek Squad like the plague, because it’s hard to know what the skill level of the technician will be and their prices are usually quite ludicrous.)

As always, you can contact me directly if you have questions or feedback about this article.