Internet Explorer Zero-day vulnerability – time to change

Posted on April 28, 2014 by quill

Microsoft’s Internet Explorer Web browser has been exposed to have a vulnerability that hackers have been exploiting — before Microsoft has had a chance to respond with a patch. (this is the meaning of the term Zero Day, a hole that is open for exploitation before it is recognized and remediated).

www.symantec.com/connect/blogs/emerging-threat-microsoft-internet-explorer-zero-day-cve-2014-1776-remote-code-execution-vulne

The details of the vulnerability aren’t very important, more important is the fact that there is nothing protecting you if you accidentally visit a website poisoned with the code to leverage the vulnerability of the Internet Explorer browser.

A commentator on Canada.com helpfully suggests that computer users should avoid going to such pages: “you, as a browser of the internet, have to actually choose to go to a malicious web page. Don’t make that choice and you’ll be fine.”

o.canada.com/technology/internet/microsoft-works-to-patch-latest-hole-in-web-security

Hello? I am sure that malware writers are not going to advertise on the page that “this is a launch pad” for the exploit.  The exploit can be launched by a drive-by download from a booby trapped website, no click needed. I help people every day who are fooled into going to web links on pages, popups and web advertisements that then install whatever the author wants. So saying “just don’t go there” isn’t very helpful.

The correct response is to not use Internet Explorer.  Ever again.

Mac owners went through Internet Explorer withdrawal several years ago and survived quite well, now it is time for Windows users to do the same…Especially if you are running XP, because your OS and Internet Explorer have been orphaned by Microsoft and they have no obligation to release any security patches for you, even in the face of known vulnerabilities.

Delete your Internet Explorer shortcuts and set your Default Web Browser to be Firefox. Download the latest Firefox for your particular operating system here.  At the same time, install the NoScript extension to Firefox, which will prevent websites from running Javascript, Java, or automatically playing media files such as Flash (all of these have been used as vectors for malware and trojan horses).

Get NoScript here addons.mozilla.org/en-US/firefox/addon/noscript/

(unfortunately the NoScript home page itself does have advertising on it for potentially unwanted programs (PUPs) so I don’t recommend it.)

Since NoScript blocks all scripts from running, it will make some sites that you want to go to look different or not work well.  The solution to this is to look at the yellow bar that NoScript puts on your browser (or click on the S icon), informing you which web domains are trying to run scripts when you visit the page.  You then have the choice of which domains you will permit scripts to run, and you can permit one time only, or permit a trusted site to run scripts permanently.  It’s useful to know that when you visit your favorite sites, what other advertisers and tracking sites are active in the background, so you can selectively block them.

The general rule is, permit the site you know you are visiting (say, ford.ca) and block outside sites (google-analytics.com, doubleclick.net, admt.com and anything else that may be riding along).  If the site requires some content from a different server, you’ll notice something is missing on the page, and you can grant permission to the server that’s needed to make it work.

One thing you will enjoy is a lack of ads and popups on the sites you visit.

Similarly, if a YouTube or Flash video doesn’t run, you can grant permission temporarily for that item or permanently.

More info on NoScript  krebsonsecurity.com/tag/noscript/
Video from CNet www.youtube.com/watch?v=GzBqnLgOzwM

Google Chrome does have some tools for blocking scripts as well, but they are harder to get to and harder to control as you are browsing.  One would think that Google doesn’t want you to block Google ads and tracking.  There are third party script blockers which I have not tested, so can’t vouch for: httpswitchboard, ScriptSafe, ScriptBlock – you can find them at the Google Webstore https://chrome.google.com/webstore/

One thing about Chrome I don’t like is how search redirectors and other malware can reinstall themselves via an Enterprise Policy – this means you can kill it as many times as you like, and like a zombie it keeps coming back.  Deleting the policy means digging into Microsoft’s hidden folders and deleting files with names like fk24jfhlwba83nfdkaldnb
Here are two links with details for removal:
www.technipages.com/google-chrome-solve-this-extension-is-managed-and-cannot-be-removed-or-disabled
malwaretips.com/blogs/installed-enterprise-policy-removal/

Posted in Computer Questions and Answers, Security, Viruses and malware | Tagged , , , , , , , , , , , | 1 Comment

Q. What is a NAS drive and how would I use it?

Posted on March 19, 2014 by quill

NAS stands for Network Attached Storage.  It means any stand-alone hard drive or storage unit that is connected to an Ethernet network, and can be shared by the devices on that network.

This is distinct from a USB or Firewire or eSATA hard drive that you plug into a computer, which would be called direct-attached.  A NAS drive contains a tiny fileserver computer that shares the storage space of its hard drive(s) out to the network.  It is similar to using a server computer for file sharing, but without the power, space, expense and complexity requirements of setting up a file server.

The two main purposes for a NAS drive are to

  • Make backups from any of the computers on the network, and
  • Share files and media libraries between two or more computers or media devices

In addition, some NAS drives, depending on their internal software capabilities can

  • stream media files to smart TVs and media players,
  • host libraries of photos, music and movies,
  • host web, ftp and mail servers,
  • store video from networked security cameras,
  • upload files to cloud (internet) based storage for offsite backup and more.

NAS drives usually have their own hard drives built in, anywhere from one to four (or more drives in larger commercial units).  Some NAS units have USB or eSATA ports to chain additional hard drives externally. Note: Some internet routers also have USB ports for attaching a shared hard drive, so that they can function as an entry level NAS – the low powered processors in routers mean that shared drive performance can be quite slow, however, and there are additional security concerns.

NAS performance is dependent on the speed of the network, the speed of the hard drives, and the power of the internal processor inside the NAS.  For networking, it is a real advantage to have Gigabit Ethernet capability throughout the system, which means not only the NAS unit, but the routers, switches, cabling and computer Ethernet interfaces all have to be  Gigabit (1000BaseT) compatible. A NAS can function on a 10/100 BaseT Ethernet network, but file transfer performance will be limited.

A NAS is actually a small computer running file server software (typically Linux or Unix based), it runs on a quite low powered processor (CPU) compared to a regular computer, and the performance of the NAS varies with how powerful its internal CPU is and how much memory it has. Increased CPU power and drive capacity are the things that you are buying with increasing price.

NAS units that have more than one hard drive can be set up to do a Redundant Array of Drives (RAID) for additional security against drive failure.  RAID 1 (mirroring) uses two drives, and mirrors whatever is written to the main drive immediately to a second drive. RAID 5, 6 and 10 are other ways of using 4 or more hard drives to provide higher performance. The point of a RAID is that every hard drive will fail at some point, and with redundancy of a RAID your data can survive the failure of any one hard drive. Once you have a failure, you need to replace the drive ASAP and rebuild the array, because if you have a second drive fail, chances are all of your data will be lost.

RAID 0 is an anomaly, it divides or ‘stripes’ the data between two drives for higher speed, but has no redundancy and thus is at a higher risk of failure.  RAID 0 should not be used on drives that are intended as backups.

One thing that we look for in a NAS unit is the maturity of the software that runs it. Our favorite brands are QNAP and Synology for small to medium sized NAS units, because they have a mature software environment and have proven their reliability. They offer good support for both Windows and Mac OSX environments.  When we start looking at business- and enterprise-class NAS units, then the price and the options open up more. Lenovo/EMC, Western Digital Sentinel series and others deserve some consideration alongside the larger QNAP and Synology units.

There are many different models of each of these brands, so the correct model can be chosen for your requirements. Some of the models have external expansion chassis available, so you can grow the NAS from four disks up to as high as 15 disks if required.

One question we get a lot is whether one drive can be taken out of a NAS unit for offsite storage.  This is an extraordinarily bad idea.  When you remove a member of a RAID set, you degrade the RAID, and it has to spend often hours reconstituting the RAID structure on the replacement drive. During this period, you are at risk of total RAID data loss if there is a power failure or a drive failure, and the performance of the NAS unit as a networked drive will be severely compromised.  The second reason for not routinely removing and reinserting drives is that the physical SATA connector is not rated for very many insertions – in fact the service life of the SATA connection  on the drive and the backplane of the NAS unit is, according to the SATA spec, only 50 insertions. Keep in mind that if the SATA connector inside the NAS unit breaks, you are royally hooped until you can get a replacement unit.

www.wdc.com/en/products/resources/drivecompatibility/

If you want offsite storage, my strong recommendation is to choose a NAS unit with an external USB or eSATA port and software support for backing up the data you need to the external drive.  Then unplug that drive and carry it offsite for security, swapping in a second offsite drive for backing up the next evening. Yes, I realize that you are limited in offsite backup to the capacity of the external drive, but you can get drives that are reasonably portable with up to 10 TB of storage.  If you have more than this, then you need to start thinking about a tiered storage strategy, dividing your archived data between archival, seldom accessed and frequently accessed data.  An example would be cloned images of hard drive installs, which do not change after they have been created.  These do not have to be copied every week and taken offsite – a static archive of them would be sufficient.

Along with the NAS unit, you will also need consider which hard drives to install in it (assuming you choose an unpopulated unit), and you should be installing a battery back up power supply to protect it from AC power events. No backup drive should be without a power backup.

As far as hard drive mechanisms go, you do NOT want to install regular desktop hard drives, even if they are about 20% cheaper.  Drives that are specially tuned to work in NAS units are more reliable.  Seagate NAS HDD and Western Digital Red series drives are made to run cooler and more reliably, have error correction and seek algorithms which are tailored to be appropriate to NAS units rather than desktop computers, and can tolerate a range of vibration and heat that desktop drives are not designed to encounter.

CanadaRAM NAS links

www.custompcreview.com/articles/guides/selecting-best-hard-drive-network-attached-storage-nas/19177/

www.anandtech.com/show/7258/battle-of-the-4-tb-nas-drives-wd-red-and-seagate-nas-hdd-faceoff

QNAP links

www.qnap.com/en/index.php?sn=1833&lang=en

www.qnap.com/en/index.php?lang=en&sn=822&c=351

Synology links

www.synology.com/en-us/dsm/index/overview

www.synology.com/en-us/products/index

Lenovo/EMC links

shop.lenovo.com/us/en/servers/network-storage/lenovoemc/index.html

Western Digital links

www.wd.com/en/products/business/networkstorage/

 

Posted in Computer Questions and Answers, General Computer, Hard Drives and SSD, Internet and Networking | Tagged , , , , , , , , , , , | 1 Comment

Routers – home and small business router vulnerabilities

Posted on March 18, 2014 by quill

We think (a lot) about keeping our computers up to date, virus free and protected with passwords. But stop and consider this: the wireless router that sits in the corner of the office and quietly handles all your WiFi and Ethernet network traffic is actually a small computer, and it is connected to the outside world. When is the last time you thought of updating it or making sure it is secure?

There have been some recently published hacks for popular brands of routers that can allow someone from the outside to reconfigure your router, or even see files on your shared drives. It’s time to update your router and lock it down properly.

General rules for all routers:

  1. Set strong admin passwords,
  2. Turn off all unneeded services and
  3. Update firmware.

Go into the administrative interface – usually by using a Web browser on a Ethernet connected computer to go to the router’s address such as 192.168.0.1 (this varies by brand and model, see your owner’s manual or check www.computer-answers.ca/2012/internet-networking/q-what-is-my-routers-address/)
You can do this with a WiFi connected computer as well, but it is a pain because it will drop the WiFi signal every time you restart the router. Better to get out a cable for this work.

Now check that you have an Administrative password set (this is different from the WiFi password/key). If it is still at the default “Admin: Admin” or “Admin: {blank}” then your router could be wide open for anyone to change its settings.
First step is  to change the Administrative password to something strong, a non-disctionary word with a mixture of letters and numbers. Don’t use an easy keyboard walk like ‘12345’ or ‘qwerty’ and don’t use a simple substitution like ‘r0ut3r’. Write this password down on the inside cover of the user manual for reference later.  If you cannot get into the Admin interface, you can reset the router and start from scratch. See https://computer-answers.ca/2012/internet-networking/q-i-have-lost-the-password-to-my-router-how-do-i-reset-it/

Also consider changing the default IP address of the router away from the well known 192.168.1.1 or similar, to another address in a protected IP range like 10.10.156.08
Then all of your machines would use 10.10.156.08 as the Gateway or Router address, and 10.10.156.xxx as the internal IP addresses. This doesn’t make the router more secure, but it make it harder to find when malware does scans of the typical default addresses.

Next, turn off any and all

  • Remote Administration and any other Remote access,
  • FTP,
  • Torrent/P2P,
  • Telnet,
  • WPS / PnP
  • VPN or
  • Cloud services

that the router may have.

These will vary by brand and model. If you are not sure, check the router manual or go online to the manufacturer’s support pages for your model. If your business requires cloud/VPN/Remote access, consider investing in a more secure business-class router instead of a home/small business class product.

Then, check your router firmware. Microsoft releases hotfixes for Windows every week (or more often) to patch vulnerabilities and bugs. Your router manufacturer also updates their firmware for the same reason, but you probably haven’t had a router upgrade installed since 2009.  Most manufacturers let you check for upgrades from within the router admin software, some will require you to go to the website and download it separately. Before you update, write down all of your settings including WiFi passwords and Admin passwords as you may need to reenter them later. Read and follow the update instructions carefully.

Remember to log out each time you have used the Administrative interface, and execute a Restart on the router, then clear your browser cookies and restart your browser. Staying logged in to the Admin screen increases the vulnerability of the router, as there is an additional vector (thorough your browser) that an attacker can use to enter.

Do not follow web links sent through email, displayed in web browser popups or by other methods, they may link to malware and poisoned web page. Be especially vigilant for links that are directed to internal network addresses (in the protected ranges 192.168.xxx.xxx, 172.16.xxx.xxx to 172.31.xxx xxx, and 10.xxx.xxx.xxx) – these could be attempted attacks against your network equipment or servers.

Specific vulnerabilities

Asus Routers

Leaving some of the Asus standard features enabled could allow an outsider to read files on a shared hard disk or USB stick plugged into the router.

In addition to the general steps above including updating the firmware,
Turn off “AiCloud”, “Cloud Disk”, “Smart Access”,  “Smart Sync” and “Samba” (SMB file sharing)

Asus downloads  support.asus.com/download/options.aspx?SLanguage=en

TP-Link and D-Link Routers and routers running ZynOS

An attack against TP-Link D-Link, Micronet, Tenda, ZyXEL and other brands of routers can change where your website searches and web page requests are directed to. By altering the DNS settings, the attacker can send you to lookalike sites for your bank, charge card company or other likely target.

The first defense is to reset your router to factory defaults, then immediately set a new and secure administrative password. Turn off remote administration.

Then upgrade the firmware of the router. Go to the website of the router manufacturer and download the latest firmware revision

TP-Link www.tp-link.com/ca/Support/download/
D-Link support.dlink.com/
Micronet (Taiwan) www.micronet.com.tw/mod/support/index.php?REQUEST_ID=cGFnZT1kbA==
Tenda (China)  www.tenda.cn/tendacn/DownLoads/?TagId=42
Zyxel  www.zyxel.com/us/en/support/download_library.shtml

www.pcworld.com/article/2104380/attack-campaign-compromises-300000-home-routers-alters-dns-settings.html

Linksys Routers

Linksys routers including potentially models E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900 were hit by malware called the Moon Worm. It bypasses the Admin password through a vulnerability in the router’s software. As of today there is no fix for the software.

The most important action to take is to turn off Remote Administration and reset the router.

Then check Linksys or Belkin’s website for the existence of a firmware upgrade (Belkin recently purchased the Linksys brand from Cisco). Most Linksys E Series routers do not have a firmware upgrade listed in the past 6 months to a year, if at all.  This is a pressing issue since the worm has been described for at least a month; you will need to make a decision at some point whether to continue using the Linksys product with an exposed vulnerability, or change it for a different brand of product that has regular firmware support.

support.linksys.com/en-us/support?icid=global-header-support-link

www.belkin.com/us/support-article?articleNum=10797

www.computerworld.com/s/article/9246344/_The_Moon_worm_infects_Linksys_routers?taxonomyId=17

NetGear Routers 

Netgear has release some firmware upgrades at the end of January 2014 to patch a vulnerability in some routers. downloadcenter.netgear.com/

ReadyNAS:

Although not a router, the ReadyNAS storage devices are often exposed to the Internet to act as FTP servers, download stations, etc.  There is a bug in the RAIDiator software that runs the ReadyNAS that allows an outsider to inject scripts into the machine via HTTP.

Upgrade the RAIDiator or OS6 firmware of the NAS kb.netgear.com/app/answers/detail/a_id/20684/~/readynas-downloads

Posted in General Computer, Internet and Networking, Security, Viruses and malware | Tagged , , , , , , , , , , , | Leave a comment

Q. Where did OCZ Technologies go? What happens to my warranty?

Posted on March 17, 2014 by quill

OCZ Technologies (OCZ Technology Group) was a leading edge producer of performance computer products – at first RAM memory and power supplies for gaming and overclocking, then they took on SSD solid state drives and abandoned the RAM and power supply business. In 2011 and 2012 OCZ bought SSD controller designer Indilinx, the R&D department of Oxford Semiconductor and the Israeli software firm SANRAD in an attempt to become a vertically integrated SSD development company. However, in 2013 OCZ’s revenue fell sharply and they took out an expensive credit line from a venture capital firm. They were unable to meet the obligations of their loan or meet their financial filing requirements and entered bankruptcy proceedings at the end of 2013.  Some assets of OCZ Technologies were sold by the creditor to Toshiba in January 2014, and were renamed OCZ Storage Solutions, an independent subsidiary of Toshiba.

Since Toshiba purchased the assets only and incorporated a separate company, the ‘new’ OCZ has no obligations for warranty for previous OCZ customers.  The ‘new’ OCZ has agreed to honour warranties for a select group of higher end SSD models (Vector and Vertex), and they disclaim responsibility for all other products, including all RAM and Agility, Octane, Petrol and Solid SSD models. Below is the statement from Toshiba regarding warranty and support (emphasis mine).

http://ocz.com/consumer/support/warranty

Please note, OCZ Storage Solutions – A Toshiba Group Company is not the same organization as OCZ Technology Group. Through bankruptcy proceedings, Toshiba Corporation has acquired substantially all the assets from OCZ Technology Group but most liabilities, including outstanding warranties, have been excluded from that acquisition. As a result, OCZ Storage Solutions is only able to provide warranty support for certain products, as follows:

OCZ Storage Solutions is able to provide warranty support for the OCZ Technology SATA based
Vector,
Vertex Series SSDs,
RevoDrive,
RevoDrive 3/3X2 PCIe SSDs
as well as any products launched by OCZ Storage Solutions on or after January 22nd, 2014. OCZ Storage Solutions is also able to provide warranty support for the OCZ Technology Agility SSD Series products that are still within a current warranty period until Jan 22, 2015.

OCZ Storage Solutions is unable to provide any warranty support for the following legacy and end of life OCZ Technology products that were discontinued over the past year or prior: solid state drives from the following families, Core, Apex, Solid, Solid 2, Solid 3, Colossus, IBIS, Enyo, Nocti, Synapse, Octane S2, Octane S3, Onyx, Petrol, and RevoDrive Hybrid. OCZ Storage Solutions is also unable to provide any warranty support for all discontinued non-SSD category products including DRAM memory, USB drives, Power Supplies, DIY notebooks and peripherals.

So unfortunately the lifetime warranty on RAM or the warranty on an Agility SSD drive, for example  are defined by the lifetime of the company, not yours, and the warranties are now over.

Posted in Computer Questions and Answers, Hard Drive News, Hard Drives and SSD | Tagged , , , , , | 2 Comments

New ‘NetFlix’ phishing scam

Posted on March 4, 2014 by quill

There is another variation on the bank account phishing scam – this time targetting NetFlix customers and with the potential for a lot of harm.

A pop up screen or email claiming that your Netflix account has been suspended, with a phony login screen that resembles NetFlix. (www.netflix.someotherplace.com).

NetFlix-scam

They will capture your netflix login info (of course), but that’s not the main prize.  You are prompted to call a 1-800 (in India, as it happens, but it could be redirected anywhere) where a ‘support technician’ will get you to download remote access software which lets them have full access to your comptuter.  They will then load some ‘malware checking’ or ‘intrusion checking’ software, which is phony (of course) and will show you that your machine has lots of trouble (of course)  – then they will offer to ‘fix’ it for you for $300 give or take.

But in the mean time, while you are distracted by this dog-and-pony show, they are accessing your hard drive in the background and downloading personal files, website logons, passwords, financial information, whatever they can find.

And to add insult to injury, they may ask for you to show your identification cards to your webcam, ‘for security purposes’, going for the trifecta of fraud, theft of information and identity theft.

Never click on or log into a website (whether financial or otherwise) from an email or a pop up screen.  Always enter the URL yourself.

I know a lot of people who rely on Google to get where they want, even to the extent of typing www.domainname.com into the Google search instead of the browser’s location bar. The risk is twofold: Google search results may include spoof sites, and your browser may be compromised by a search engine redirector which points you to other target sites than the one you intended.

Always look at the URL to make sure you have arrived at the destination you planned.

Don’t be misled by the first word in the URL. It is the last word before the .com that is significant.  www.netflix.com is Netflix’s server.   www.netflix.scammer.com is Scammer.com’s server.  www.netflix.cm is not Netflix.com, it is some unknown site registered in the African country of Cameroon (.cm)

Never call the phone number in an Email or pop up screen.  Go to the official site of the company and look for their customer service number.

Never download and install software under the direction of someone over the phone, email or online chat – DOUBLY so if the transaction was initiated by the unknown other party, no matter who they claim to be.  There is one exception – if YOU have initiated a support call to a reputable company and you know you are talking to the official support department.

If you find yourself in the middle of such an scenario, pull out the ethernet cable on the machine or shut off the wireless Ethernet, or just power your machine down and then call a knowledgeable local person for help.

If you have disclosed any identity or financial information before terminating the call, please call your local police and then your bank(s) to alert them and ask for the next steps to protect yourself.  Chances are you will need to change your bank and charge account number(s) and all of your online passwords.

Thanks to  for posting this on Malwarebytes Unpacked blog.malwarebytes.org/fraud-scam/2014/02/netflix-phishing-scam-leads-to-fake-microsoft-tech-support/

 

Posted in Computer Questions and Answers, Security, Viruses and malware, Windows questions | Tagged , , , , , , , , | Leave a comment

Can I build a gaming computer for under $1000 (Feb. 2014 edition)

Posted on February 21, 2014 by quill

Feb. 2014
An exercise in budget computing is to build a computer that will give acceptable gaming performance for under $1000.  In the past year we have seen hard drive prices skyrocket, then come back down to near normal pricing, SSD drives have steadily dropped in price and increased in capacity, and DDR3 RAM has taken a sharp spike upwards in price compared to early 2013. Continued weakness in the Canadian dollar has made everything 8 – 10% more expensive.

The component that has the largest impact on performance in a gaming computer is the video card, so compromises will have to me made in the area of CPU and hard drives.  The best bang for the buck on CPUs will be with an entry level Intel Core i5 CPU or a 6-core or 8-core AMD FX series CPU. For the cheapest possible machine, an AMD FM2 A8 or A10 APU could be used, but that sacrifices CPU power and affects gameplay. Here are suggested configurations at about the $1000 price point (before tax, Canadian dollars, current to Feb 22 2014) In all of the configurations, we have gone with motherboards that have:

  • two PCI-e video card slots compatible with Crossfire (or SLI) for future acceleration
  • USB 3.0 on board
  • SATA III (6.0 Gb/s) on board
  • Gigabit Ethernet (1000BT)
  • 4 RAM sockets with overclocked DDR3 capability

AMD FX 8-Core system. In brute computing performance using all cores, the 3.5 GHz AMD 8 core FX-8320 outperforms the Intel i5-4440

Case Coolermaster Force 500 CSE-FOR500KR500   83
Motherboard Gigabyte GA-970A-DS3P   91
Power supply 500W included with case      
Hard drive Seagate 500 GB 7200 RPM ST500DM002   60
Memory DDR3-1600 CL9 8 GB (2x4GB DIMM) BLS2KIT4G3D1609DS1S00 108
CPU AMD FX-8320 8 core 3.5 GHz / 4.0 GHz boost FD8320FRHKBOX   194
Optical drive Asus DRW-24F1ST/BLK/B/AS   20
Keyboard and Mouse Coolermaster CMStorm Devastator combo SGB-3010-KKMF1-US   33
Additional Fan 120mm (one included with case)     11
Video card Asus R7 260X 2GB OC R7260X-DC2OC-2GD5 Overclocked, with 2 GB of video memory   168
OS Windows 8.1 OEM WN7-00615   116
Cooler Stock cooler  Included with CPU    
 TOTAL before tax, shipping and assembly     $884
Options        
Cooler for overclocking Coolermaster Hyper 212 EVO RR-212E-20PK-R1   32
SSD drive Samsung 840EVO 120 GB  MZ-7TE120BW   122

Intel 4 core system

Case Coolermaster Force 500 CSE-FOR500KR500  83
Motherboard ASI 4*DDR VGA DVI HDMI Main Board ASUS B85M-E/CSM 96
Power supply 500W included with case    
Hard drive Seagate 500 GB Barracuda 7200 RPM ST500DM002 60
Memory DDR3-1600 CL9 8 GB (2x4GB DIMM) BLS2KIT4G3D1609DS1S00 108
CPU Intel i5-4440 3.1 GHz 4 core / 3.3 GHz boost BX80646I54440 227
Optical drive Asus DVD-RW DRW-24F1ST/BLK/B/AS  20
Keyboard and Mouse Coolermaster CMStorm Devastator combo SGB-3010-KKMF1-US  33
Additional Fan 120mm (one included with case)   11
Video card Asus Radeon R260X 2GB Overclock R7260X-DC2OC-2GD5 168
OS Windows 8.1 OEM WN7-00615  116
Cooler Stock cooler    
 TOTAL  before tax, shipping and assembly   $922
Options        
Cooler for overclocking Coolermaster Hyper 212 EVO RR-212E-20PK-R1   32
SSD drive Samsung 840EVO 120 GB  MZ-7TE120BW   122

The video card is the obvious first step to upgrade beyond the basic level, the next step up from the R7 260 is the GeForce GTX660. Although these are getting scarcer with the GTX760 on the market, the GTX660 is almost $100 lower and  gives a healthy gain in performance over the R7 260X
Gigabyte Video Card  GTX660 Overclock  2GB DDR5 192Bit PCI Express DVI-I/DVI-D/HDMI/DisplayPort $236.00
– making the AMD system $952.00 and the i5 system $990.00

The GTX 650TI is also a consideration if the pennies have to be pinched
Asus Geforce GTX 650TI 980Mhz 2G 2DVI/HDMI/DP $179

These systems rely on the stock cooling fans – if you are intending to overclock, then you may be wise to look into third party CPU coolers, and the Intel Core I5 i5-4670K, 3.4GHz Unlocked “K”  for about $67 more than the stock i5, which will push the Intel system just over $1100

The next speed upgrade would be to add a SSD drive as the boot drive, which makes booting and loading programs and game files a snap.

Other upgrades:

Mouse: Logitech Gaming Mouse G500 USB $79
(note that you don’t want a wireless mouse or keyboard for gaming)

Keyboard: Logitech Gaming Keyboard G110 12 programmable keys, backlighting, USB audio $96

Posted in General Computer, How-To, PC Gaming, Upgrading | Tagged , , , , , , , , | 2 Comments

Q. How do I add memory to an Apple Mac Pro tower?

Posted on January 27, 2014 by quill

There are three main generations of Mac Pro machines, each generation has particular RAM types and installation procedures

The models from 2006 to early 2008 use FB-DIMMs with large heatsinks in 667 MHz and 800 MHz. These models have two removable memory riser cards named A and B, with four sockets on each.  The sockets are numbered 1 to 4, starting at the connector edge of the riser.

The rule for these machines is to fill the RAM in matching pairs, starting with largest memory modules in the bottom (A) riser card slot 1 and 2. Then the upper riser, slots 1 and 2.

A1 & A2
B1 & B2
A3 & A4
B3 & B4

The reason for installing in this order is that the 3 and 4 slots are marginally slower than the 1 and 2 slots, so you want the majority of your RAM in the 1 and 2 slots.

The models from early 2009 to Mid 2012 use DDR3 memory, 1066 MHz or 1333 MHz ECC DIMMs. The machines have the memory slots on the processor tray, they may have one bank of four memory sockets or two banks of  four totalling eight, depending on if you have one or two Xeon processors.

With four socket machines, fill the memory in order from slot 1 through slot 4

With eight socket machines, it depends how many memory modules you are installing. Aim to use matching modules in a bank, you can have different sized modules in the two banks.

2: Bank 1 slots 1&2
3: Bank 1 slots 1,2 &3
4: Bank 1 slots 1&2, Bank 2 slots 5&6
6: Bank 1 slots 1,2&3, Bank 2 slots 1,2&3
8: All slots full

The highest performance is a set of three matching modules in each bank and the fourth socket empty. This allows the machine’s memory controller to use Triple Channel memory access mode.

The largest memory modules, 16  GB, cannot  be mixed with any others, as it is ECC Registered memory.

The Late 2013 model uses DDR3-1866 MHz ECC DIMMs

There are four memory sockets numbered 1 through 4. Fill the sockets in numerical order. Apple does not suggest mixing sizes of RAM “Use the same size memory modules across all slots to maximize performance.” But they don’t come right out and say “don’t mix sizes”.  With other Xeon/DDR3 machines, the memory controller can address RAM in groups of two (Dual channel) or three (Triple channel) for higher speed of access. If you mix sizes of RAM, the controller would have to shift down from Triple to Dual, or Dual to Single channel mode, which will lose about 6% – 8% in overall performance.

The Mac Pro Late 2013 model can take either Unbuffered ECC memory or Registered ECC memory, but the two cannot be mixed.  Most MacPro memory is Unbuffered, but available 16GB modules are all Registered, so you cannot mix the 16 GB memory modules with any other size.

Apple has installation guides are here for

Gen 1 MacPro1,1 MacPro2,1 and MacPro3,1 machines 2006 – early 2008  http://support.apple.com/kb/ht4433#4

Gen 2 MacPro4,1 Early 2009
http://support.apple.com/kb/ht4433#3

Gen 2 MacPro MacPro5,1 Mid 2010 and Mid 2012
http://support.apple.com/kb/ht4433#2http://support.apple.com/kb/ht4433#1

Gen 3 MacPro6,1 Late 2013 (tubular)
http://support.apple.com/kb/HT6054

CanadaRAM.com memory modules for MacPro machines

Posted in Mac questions, Memory, Uncategorized, Upgrading | Tagged , , , , , , | Leave a comment

Don’t Click on the Fake Java Updater

Posted on December 17, 2013 by quill

It’s rearing its ugly head again – the fake Java Update sites are salting reputable websites with poisoned banner ads, which take you to a “Update your Java now” message. These pop up even if your Google Chrome settings are to block all popups. DO NOT click on anything, just quit your browser immediately

Fake Java screen

Fake Java Updater Trojan Horse

The URL that it redirects to is randomized, it may say something like java-updating-now(d0t)com Do not fall for it, quit your browser without clicking anything. I recommend that you turn off Java entirely in your browser.  If you are one of the few people who need it (for videoconferencing or other specialized software) then you will know. See our article on disabling Java  https://computer-answers.ca/2013/computer-questions/windows-questions/zero-day-java-exploit-disable-java-now/

We recommend discontinuing the use of Internet Explorer and switching to Firefox with the NoScript plugin.

Posted in Computer Questions and Answers, Security, Viruses and malware, Web News | Tagged , , , , , | Leave a comment

Don’t fall for a parasite – watch your installers

Posted on May 3, 2013 by quill

Parasites … nobody wants them.

But you almost certainly have at least one, in your computer.  Did you ever wonder how a Ask, Yahoo, AVG or other browser search toolbar suddenly appeared on your computer screen? Or why instead of going to Google your searches now go to Conduit or Visual Bee or Mixmeister or Scour Search or IB or Delta Search? Or why your machine now has a new “scanner” which is telling you that you have to defragment, devirus, adjust your Internet settings or pay to ‘upgrade’ some software?

This is a result of “parasitic” software being installed on your machine along with legitimate software you have bought or downloaded.  There is an increasing trend with shareware and freeware authors and download sites, (even historically reliable sites like C|Net Download.com), to accept money from less reputable developers to bundle installers for their software into the installer for the program you actually intended to get.

You download your program installer, and open up the installer program. It whirs for a while and then shows you a dialog box that asks you to confirm. Now you need to be extra vigilant and read the messages that the installer puts in front of you.  One of their sneaky tactics is to interrupt the installation of the program you want with a screen that says “We recommend that you install SneakySoft software for a better internet experience” and then gives you a choice Cancel or Next Step – this makes it sound like cancelling will bail out of the install of the program that you want and the Next Step is the most logical choice.

Don’t Do It!  99.99 percent of the time you do not want any of these add on programs, they will load down your machine, and they only benefit the SneakySoft company, typically by redirecting your search engine searches to their own search pages on which they get paid to deliver advertising or redirect you to advertising, virus-delivery or porn sites.

searchresultsinstaller

Read the dialog box carefully, and choose the option that bypasses installation of unwanted programs. Don’t accept the “recommended installation”. If there doesn’t seem to be any option to not install parasitic software, then cancel the installation entirely and choose a different program to use.

babyloninstallerAlso make sure also that you Uncheck each of the option checkboxes that suggest “also install….” (some of the companies are getting really cute and reversing this, making you CHECK the box if you DON’T want to install the add ons.)

Remember the only reason these programs are in there is that the developer has bribed the download site or the software author to try to trick you into installing something you didn’t ask for and probably don’t want.  Worst case scenario is that the bundled software is actually malware that can infect your machine or steal your information.

We have a couple of articles for removing search engine settings from your browser.  It is not as easy as hitting Uninstall, there is some tedious poking around in the browser settings to do.  Visual Bee and Conduit removal (and general procedures for any browser search settings hijack).   Scour removal

Partial list of rogue search engine hijackers, toolbars and “helpers” commonly bundled with other software installers, and links to removal instructions

Even well known programs like Norton Anti Virus ‘offer’ to change your search engine, Adobe flash wants you to have McAfee, and the Oracle Java installer tries to install the Ask toolbar.

Partial list of programs which have been reported to bundle malware or parasitic software. The number of programs, browser add-ons, video codecs, utilities, and others that have unwanted bundled installers is endless, these are just a few. Avoid downloading or installing these programs.  Downloadable programs that advertise optimizing, speeding up your computer, fixing your registry, boosting your download speeds and seeing who is ‘spying’ on you have been historically poor choices. Lately we have seen a proliferation of ‘deals’, coupons and discounts software loaded with unwanted installers – I would avoid the entire category.

1ClickDown, 1ClickDownloader
CouponDropDown
FB Photo Zoom, FBPhotoZoom
GoPhoto.it
HDvid Codec
IB Updater
iLivid
Incredibar Toolbar
MyPhoneExplorer
OneClickDownload, OneClickDownloader
Online HD TV
PutLockerDownload, PutLockerDownloader
StartNow
TornTV
TorrentHandler
TravelScour Toolbar
Yontoo
ZoomIt

Posted in Computer Questions and Answers, Internet and Networking, Viruses and malware, Windows questions | Tagged , , , , , , , , , , , | 1 Comment

Q. Can I upgrade the CPU processor in my Desktop machine?

Posted on April 30, 2013 by quill

Maybe. And sometimes No.

The first thing to know is what CPU socket your motherboard has.  You cannot put an Intel chip in an AMD socket or vice versa.  And within the processor brands, you have to exactly match the processor type to the socket.  An Intel LGA1156 chip will not go in an LGA1155 socket for example, nor an AMD FM2 chip in an AM2 socket.

But you are only half done – next you have to check the CPU compatibility charts for the specific model of motherboard.  If you have a known brand and model of motherboard, its quite simple, you go to the manufacturer’s website, search for your motherboard model number in the Support or Specifications area, and take the link to CPU compatibility. 

If the model number of the CPU that you are considering is on the list, then you can upgrade. Pay attention to the version of the BIOS that you need for the CPU to be supported, sometimes you need to do a Flash BIOS firmware upgrade. This has to be done BEFORE you take out the old CPU. (Always back up your data before doing any operations like updating BIOS or changing hardware).

If the new CPU is not on the compatibility list however, that means that the chipset and the BIOS don’t know how to support the new CPU, and the machine will either fail to boot or will crash. Don’t try to make a non-supported CPU work, its not worth the time or the risk of damaging hardware.

Now, if you have a Dell or HP or Acer or other retail manufactured machine, you have a bigger problem. Not only do these companies usually not publish CPU compatibility lists, but even if they use a motherboard from a company like Asus, Asrock or Foxconn, they have likely custom modified the BIOS.  I recommend NOT proceeding, instead put the time and money into a new machine with a current motherboard. If you want to go down this route,  you will have to do research online to find people with the exact same machine who have done the upgrade.

Keep in mind that when you upgrade a CPU, you need to re-install your heatsink / cooler.  In most cases this means you’ll have to replace the thermal paste with fresh paste. Clean both the top of the CPU and the bottom of the heatsink with alcohol, and put a small amount of thermal paste on the top of the CPU. You can smooth it out to a paper-thin (or thinner) layer using a charge card as a squeegee if you like, and then replace the heatsink carefully, making sure to fasten it down as the manufacturer recommends.

Once you have installed, you may be prompted to go into the BIOS setup to confirm the changes for the new CPU, these could include adjusting the voltage and or the timing. Consult the CPU documentation.

Posted in Computer Questions and Answers, General Computer, Upgrading | Tagged , , , , , , , | Leave a comment

Q. How do I remove Visual Bee or Conduit from my browser?

Posted on April 29, 2013 by quill

VisualBee or VB or Conduit Search are search “aids” for web browsers and a toolbar; but you should avoid these.  They are rogue search engine redirectors that are included with downloads of various shareware installers (you have to be careful to unclick the “Install this along with…” button every time). The malware writers make money by sending your search links to commercial advertising sites instead of the one you chose. These sites could in turn redirect you to porn, virus or other sites.

In general, you cannot trust the uninstallers provided by software manufacturers who engage in these practices. Here is how to manually remove VisualBee, Conduit and other rogue search toolbars from your browsers.

First thing to try is see if AdwCleaner.exe can eradicate this browser  toolbar/search engine http://www.bleepingcomputer.com/download/adwcleaner/  Some people have reported success, although parts of the malware may be left behind.

Here is how to manually remove Conduit, VisualBee and other rogue search toolbars from your browsers.

Firefox:

Go to Manage Search Engines in Firefox and remove any entries for  Conduit or VisualBee or VB

http://support.mozilla.org/en-US/kb/search-bar-easily-choose-your-search-engine

Check if you have Conduit or VisualBee or VB Toolbar in your Firefox menu > Add Ons and remove any items for Scour. Check both the Plug ins tab and the Extensions tab (on older versions, Tools > Add-ons).

http://support.mozilla.org/en-US/kb/disable-or-remove-add-ons

Set the Home page to the search engine of your choice (the default Google search entry is http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= )

http://support.mozilla.org/en-US/kb/How%20to%20set%20the%20home%20page?s=Set+home+page&r=1&as=s

Remove  Conduit or VisualBee or VB from the search engine default for unrecognized pages

In the address bar enter “about:config” and hit Enter
Bypass the warranty screen(s) by clicking
On the next screen enter “ Conduit” in the Filter window (a search in the config)
If Conduit or Searchconduit shows up, highlight each of these entries one at a time, right click and choose “reset”.
Repeat with the search terms “VisualBee”  and “VB”

When finished, close the file.

Consider adding the NoScript extension to Firefox

Chrome

http://support.google.com/chrome/bin/answer.py?hl=en&answer=95653

Click on the wrench icon in the Google Chrome address bar and from the drop down menu select Settings > Extensions or Tools > Extensions — depending on your version
(or enter chrome://settings/extensions in the location bar)
Check if any items of  Conduit or VisualBee or VB are listed in the browser Extensions. If so, click on uninstall to remove the toolbar(s) from the browser.
Close the window. Choose the wrench icon again and depending on your version choose Settings > Settings or Options from the drop down menu.
Check the Home Page setting under Basics to see if Conduit or VisualBee or VB is listed. Replace it with another search engine that you want to use for your home page.
Click Manage search engines, check if Conduit or VisualBee or VB is listed on the page. Hover your mouse over a Scour entry, click the X icon to uninstall it. Go back to the previous page and pick another available search engine as the default browser search engine.
Check the On Start Up entry in Settings, click on Go to a specific page… and enter http://www.Google.com or your preferred search engine.

Internet Explorer

(note, we no longer recommend the use of Internet Explorer)

If you don’t have any preferences and settings in Internet Explorer that you particularly want to keep, you can do a reset of the IE Settings http://www.microsoft.com/security/pc-security/browser-hijacking.aspx

Otherwise you can remove it manually

First delete any Conduit or VisualBee or VB items from Add Ons

Open Internet Explorer and click on “Tools”.
Select “Manage Add Ons”, Click on Toolbars and Extensions, and search for Conduit or VisualBee or VB in the list of add-ons.
Right Click on the Conduit or VisualBee or VB entries and select “disable” (or highlight and click the Disable button).
Click on “Ok”
Now select Search Providers.
Left click to highlight each  Conduit or VisualBee or VB item and click Remove button to remove
Click on “Ok”
Restart Internet Explorer
Next restore your home page to the one you want.

http://www.microsoft.com/security/pc-security/homepagerestore.aspx

Remove Conduit or VisualBee or VB from the search engine default for unrecognized pages (note this requires editing your Registry. Back it up first. If you are not confident, refer the work to someone experienced)

Open “RegEdit” through the launch menu.
Find this entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\About URLs\Tabs
Change any entry that points to Conduit or VisualBee or VB search, to the search engine you want (Google for example).

Finishing up

After removing and resetting, I would recommend starting in Safe mode (F8) and running Malwarebytes or SuperAntiSpyware to check the machine and registry. Running CCleaner to clean the registry wouldn’t hurt either. Then test your browser(s) by opening them and typing in some nonsense in the URL/location bar to make sure the defaults have been successfully changed.

You may have installers or uninstallers still remaining on your machine

Go to C:\Program Files\ and delete any folder related to Conduit or VisualBee or VB (Unless you are using Visual Basic, the programming language from Microsoft, if so then research to know which Visual Basic items you need to keep)
Go to C:\Program Files (X86) and delete any folder related to Conduit or VisualBee or VB

Restart the machine in Safe Mode (F8) and run CCleaner

Open CCleaner,
Click Tools,
If you see Conduit or VisualBee or VB entries, select them from the list,
Click Uninstall.
Run the Registry tool,
Run the cleaner.

Final Cleanup 

After removing the malware, you may want to do a final cleaning.  A little program callerd MiniToolBox allows you to purge DNS entries and other information that the malware may have changed. Quit from your browser program(s) before running MiniToolBox. 

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
Posted in Computer Questions and Answers, General Computer, Viruses and malware, Windows questions | Tagged , , , , , , , , , , , , | 1 Comment

Local News – Driving School in Victoria BC – Ingrid Weighton

Posted on January 20, 2013 by quill

From time to time we recommend local Victoria BC people who do an exceptional job for their customers.

One of these is Ingrid Weighton, of Ingrid Weighton’s Driver Education Ltd.  www.drivingcoach.ca

Ingrid specializes in one on one driver training — coaching is what she does.  She is excellent at helping people who are nervous about driving, or have been in a collision and need a boost to get their confidence back on the road.

She has coached, with great success, some people who are near and dear to me, and I recommend her.

Posted in Favorites, Local to Victoria, The Best Of | Tagged , , , , , | Leave a comment

Zero Day Java Exploit – Disable Java Now

Posted on January 12, 2013 by quill

There is yet another series of malware out which exploits holes in the Oracle (Sun) Java language, including the most recent version (Java 7 Update 10) as of Jan 12 2013.

Disable Java in your Web browser now. After the Java based attacks of last year, and this “New Years Gift” exploit, I can see little reason to keep Java enabled one minute longer.

There is no need to run the Java language for 99.9% of web browsing.  Those who need to run specialized online applications that require Java (like some group meeting software) will need to make a decision about the security risk.  The risk involved is that Java gives a web page the ability to control some software on your machine.  When the virus writers find a hole in Java, they can dodge around the security restrictions and execute commands and read and write files on your computer without your knowledge or control.

For Windows and the latest version of Java, the simplified method to disable it from your Web browser is here http://www.java.com/en/download/help/disable_browser.xml

For older versions of Java and Mac, follow the instructions here

http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/

If you are using Internet Explorer, I recommend that you discontinue using it and switch to Firefox with the NoScript plugin. IE not only is difficult to remove Java from, it is also tied into Microsoft’s ActiveX scripting, which is another potential vector for malware, and was hit with a zero day exploit.

More on browser security www.computer-answers.ca/2011/internet-networking/q-is-there-any-internet-security-threat-if-i-only-visit-reputable-sites/

Posted in Computer Questions and Answers, Internet and Networking, Mac questions, Security, Viruses and malware, Windows questions | Tagged , , , , , , , , , , | 1 Comment

Q. How do I get rid of ib.adnxs.com

Posted on October 13, 2012 by quill

ib.adnxs is browser redirect malware that installs into your browser, and sends your web searches to different sites instead of where you want to go. It will persistently popup its own addresses in your browser.  It will change your home page and search engine settings, and may change your DNS settings.  There is disagreement whether this is a simple browser redirect entry, or a Trojan or possibly a rootkit.  The instructions below cover removing the redirect commands from your browser(s), however the problem may recur if the malware is a persistent trojan or rootkit virus.

Download Malwarebytes from http://www.malwarebytes.org

and CCleaner https://computer-answers.ca/2011/computer-questions/windows-questions/favorite-windows-utilities-from-piriform/

I would recommend starting in Safe mode (F8) and running a Full Malwarebytes scan to check the machine and registry. Running CCleaner to clean the registry wouldn’t hurt either.

Then clean the browsers individually:

Firefox:

Go to Manage Search Engines in Firefox and remove any entries for adnxs

http://support.mozilla.org/en-US/kb/search-bar-easily-choose-your-search-engine

Check if you have adnxs in your Firefox menu > Add Ons and remove any items for adnxs. Check both the Plug ins tab and the Extensions tab (on older versions, Tools >  Add-ons).

http://support.mozilla.org/en-US/kb/disable-or-remove-add-ons

Set the Home page to the search engine of your choice (the default Google search entry is http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= )

http://support.mozilla.org/en-US/kb/How%20to%20set%20the%20home%20page?s=Set+home+page&r=1&as=s

Remove adnxs or any unknown search engine entry from the search engine default for unrecognized pages

  1. In the address bar enter “about:config” and hit Enter
  2. Bypass the warranty screen(s) by clicking
  3. On the next screen enter “adnxs” in the Filter window (a search in the config)
  4. If you find adnxs or unknown entries showing up.
  5. Highlight each of these entries one at a time, right click and choose “reset”.
  6. When finished.close the file.
Chrome 
  1. Click on the wrench icon in the Google Chrome address bar and from the drop down menu select Settings > Extensions or Tools > Extensions — depending on your version
    (or enter chrome://settings/extensions in the location bar)
  2. Check if any items of adnxs or unknown entries are listed in the browser Extensions. If the Click on uninstall to remove the toolbar(s) from the browser.
  3. Close the window. Choose the wrench icon again and depending on your version choose Settings > Settings or Options from the drop down menu.
  4. Check the Home Page setting under Basics to see if adnxs or unknown entries are listed. Replace it with another search engine that you want to use for your home page.
  5. Click Manage search engines, check if adnxs or unknown entries are listed on the page. Hover your mouse over the entries, click the X icon to uninstall it. Go back to the previous page and pick another available search engine as the default browser search engine.
  6. Check the On Start Up entry in Settings, click on Go to a specific page… and enter http://www.Google.com  or your preferred search engine.

Internet Explorer

(note, we no longer recommend the use of Internet Explorer)

If you don’t have any preferences and settings in Internet Explorer that you particularly want to keep, you can do a reset of the IE Settings http://www.microsoft.com/security/pc-security/browser-hijacking.aspx

Otherwise you can remove it manually

Delete the adnxs or unknown entries in Toolbars

  1. Open Internet Explorer and click on “Tools”.
  2. Select “Manage Add Ons”,  search for adnxs or unknown entries in the list of add-ons.
  3. Right Click on the adnxs or unknown entries and select “disable”.
  4. Click on “Ok” and restart Internet Explorer.

Restore your home page to the one you want

http://www.microsoft.com/security/pc-security/homepagerestore.aspx

Remove adnxs or unknown entries from the search engine default for unrecognized pages (note this requires editing your Registry. Back it up first.  If you are not confident, refer the work to someone experienced)

  1. Open “RegEdit” through the launch menu.
  2. Find this entry
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\About URLs\Tabs
  4. Change the entry that points to adnxs or unknown entries, to the search engine you want (Google for example).

Check your DNS settings

Go to Start menu > Control Panel > right-click Local Area Connection > double-click Properties

Select Internet Protocol(TCP/IP), and then click on Properties

Check: Obtain DNS server address automatically, and then click OK
– OR – manually enter the OpenDNS server addresses 

Clean Up

After removing and resetting, I would recommend starting in Safe mode (F8) and running Malwarebytes or SuperAntiSpyware again to check the machine and registry, and run CCleaner to clean the registry.  Then test your browser(s) by opening them and typing in some nonsense in the URL/location bar to make sure the defaults have been successfully changed.

You may have the adnxs still remaining on your machine

Go to C:\Program Files\ and delete any folder related to adnxs
Go to C:\Program Files (X86) and delete any folder related to adnxs

Restart the machine in Safe Mode (F8) and run CCleaner

  1. Open CCleaner,
  2. Click Tools,
  3. Select adnxs from the list if it is on it,
  4. Click Uninstall.
  5. Run the Registry tool,
  6. Run the cleaner.

YouTube video tutorials on removing ib.adnxs

List of files for manual removal – a complication for manual removal is that adnxs is reputed to be able to randomize filenames and entries. The following suggestions have been copied from online sources which have not been tested. Please do not alter your machine or registry unless you know what you are doing.

%AppData%[trojan name]toolbarcouponsmerchants.xml,
%AppData%[trojan name]toolbarguid.dat
%AppData%[trojan name]toolbarlog.txt
%AppData%[trojan name]toolbarpreferences.dat
%AppData%[trojan name]toolbarstats.dat
%AppData%[trojan name]toolbaruninstallIE.dat

Delete associated files of Ib.adnxs.com Redirect virus:

C:\WINDOWS\assembly\KYH_64\Desktop.ini
C:\Windows\assembly\KYH_32\Desktop.ini
C:\WINDOWS\system32\giner.exe

Remove registry entries of isearch.claro-search.com Redirect virus:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\random
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5ATIUYW62OUOMNBX256 “(Default)”=”1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“UninstallString” = “‘%AppData%\[RANDOM]\[RANDOM].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“ShortcutPath” = “‘C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exe” -u’”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “5ATIUYW62OUOMNBX256” = “‘C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exe’

 If the problem still exists, then you would need to treat it as a serious viral infection, possibly a rootkit.  See more information the Google Redirect rootkit

About Browser Security:

Installing an Ad blocker in your Web browser or turning on the browsers anti-popup features is a first step, but it is not enough.

Many viruses that are launched from a poisoned Web page or banner ad rely on Java and/or Javascript running in your web browser software to execute their instructions.  If you turn off Java entirely, or remove it from your Web browser, you will be safer.  Turning off Javascript however is more problematic, because many of the legitimate sites you visit use Javascript for drop down menus, calendars, form filling, etc. and the sites won’t function without scripting.  My recommended solution is to use Firefox as your Web browser, with the addition of NoScript plugin, which allows you to control which scripts that you allow to run, and blocks all others.

Posted in Computer Questions and Answers, Security, Viruses and malware, Windows questions | Tagged , , , , , , , , , | Leave a comment

Q. How do I remove Scour Search from my browser?

Posted on October 3, 2012 by quill

Scour is a search “aid” for web browsers and a toolbar; it is a rogue search engine redirector that is included with downloads of various shareware installers (you know, the ones you have to be careful enough to unclick the “Install this along with” button every time).  Scour makes money by sending your search links to commercial advertising sites instead of the one you chose. These sites can in turn redirect you to porn or other sites.

In general, you cannot trust the uninstallers provided by software manufacturers who engage in these practices. Here is how to manually remove Scour and other rogue search toolbars from your browsers.

Firefox:

Go to Manage Search Engines in Firefox and remove any entries for Scour

http://support.mozilla.org/en-US/kb/search-bar-easily-choose-your-search-engine

Check if you have Scour Toolbar in your Firefox menu > Add Ons and remove any items for Scour. Check both the Plug ins tab and the Extensions tab (on older versions, Tools >  Add-ons).

http://support.mozilla.org/en-US/kb/disable-or-remove-add-ons

Set the Home page to the search engine of your choice (the default Google search entry is http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= )

http://support.mozilla.org/en-US/kb/How%20to%20set%20the%20home%20page?s=Set+home+page&r=1&as=s

Remove Scour from the search engine default for unrecognized pages

  1. In the address bar enter “about:config” and hit Enter
  2. Bypass the warranty screen(s) by clicking
  3. On the next screen enter “Scour” in the Filter window (a search in the config)
  4. If Scour shows up, highlight each of these entries one at a time, right click and choose “reset”.
  5. When finished, close the file.

Chrome 

  1. Click on the wrench icon in the Google Chrome address bar and from the drop down menu select Settings > Extensions or Tools > Extensions — depending on your version
    (or enter chrome://settings/extensions in the location bar)
  2. Check if any items of Scour Toolbar are listed in the browser Extensions. If so, click on uninstall to remove the toolbar(s) from the browser.
  3. Close the window. Choose the wrench icon again and depending on your version choose Settings > Settings or Options from the drop down menu.
  4. Check the Home Page setting under Basics to see if Scour is listed. Replace it with another search engine that you want to use for your home page.
  5. Click Manage search engines, check if Scour is listed on the page. Hover your mouse over a Scour entry, click the X icon to uninstall it. Go back to the previous page and pick another available search engine as the default browser search engine.
  6. Check the On Start Up entry in Settings, click on Go to a specific page… and enter http://www.Google.com  or your preferred search engine.

Internet Explorer

If you don’t have any preferences and settings in Internet Explorer that you particularly want to keep, you can do a reset of the IE Settings http://www.microsoft.com/security/pc-security/browser-hijacking.aspx

Otherwise you can remove it manually

First delete the Scour Toolbar from Add Ons

  1. Open Internet Explorer and click on “Tools”.
  2. Select “Manage Add Ons”,  Click on Toolbars and Extensions, and search for the Scour in the list of add-ons.
  3. Right Click on the Scour Toolbar entry and select “disable” (or highlight and click the Disable button).
  4. Click on “Ok”
  5. Now select Search Providers.
  6. Left click to highlight “Scour – Search Socially” and click Remove button to remove
  7. Do the same with “Scour Search”
  8. Click on “Ok”
  9. Restart Internet Explorer

Next restore your home page to the one you want.

http://www.microsoft.com/security/pc-security/homepagerestore.aspx

Remove Scour from the search engine default for unrecognized pages (note this requires editing your Registry. Back it up first.  If you are not confident, refer the work to someone experienced)

  1. Open “RegEdit” through the launch menu.
  2. Find this entry
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\About URLs\Tabs
  4. Change the entry that points to Scour search, to the search engine you want (Google for example).

Finishing up

After removing and resetting, I would recommend starting in Safe mode (F8) and running Malwarebytes or SuperAntiSpyware to check the machine and registry.  Running CCleaner to clean the registry wouldn’t hurt either.  Then test your browser(s) by opening them and typing in some nonsense in the URL/location bar to make sure the defaults have been successfully changed.

You may have the Scour Uninstaller still remaining on your machine

Go to C:\Program Files\ and delete any folder related to Scour
Go to C:\Program Files (X86) and delete any folder related to Scour

Restart the machine in Safe Mode (F8) and run CCleaner

  1. Open CCleaner,
  2. Click Tools,
  3. If you see Scour, select Scour toolbar from the list,
  4. Click Uninstall.
  5. Run the Registry tool,
  6. Run the cleaner.

Manual removal of files: Search your computer for these files

Files:

  • C:\Program Files\scourtoolbar\install.ico
  • C:\Program Files\scourtoolbar\scourtoolbar.dll
  • C:\Program Files\scourtoolbar\toolbar.ini
  • C:\Program Files\scourtoolbar\uninstall.exe
  • C:\WINDOWS\Prefetch\SCOURTOOLBAR[1].EXE-1BE5D268.pf

Registry values:

  • HKEY_CLASSES_ROOT\scourtoolbar.SCOURTOOLBAR
  • HKEY_CURRENT_USER\Software\AppDataLow\Software\scourtoolbar
  • HKEY_CURRENT_USER\Software\SCOURTOOLBAR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scourtoolbar.SCOURTOOLBAR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\scourtoolbar
Posted in Computer Questions and Answers, Viruses and malware, Windows questions | Tagged , , , , , , , , , , , , | 1 Comment