Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Thursday, September 29, 2011

How to Remove Security Sphere 2012 (Uninstall Guide)

Security Sphere 2012 is malware commonly known as a fake anti-virus product which displays misleading security alerts, effectively blocks Windows system tools, anti-malware software and web browsers and reports non-existent infections to make you think that your computer is infected with sophisticated malware. The majority of malicious software is written for profit, rogue AVs are are no exception. Cyber criminals use various methods to distribute malware: spam, blackhat SEO techniques, drive-by downloads, software exploits or even fake online security scanners. Most of the techniques cyber crooks use to install Security Sphere 2012 and other malicious software, for example rootkits, rely heavily on user interaction. Usually, malware is part of a social engineering attack. Once installed, Security Sphere 2012 not only displays fake security warnings and notifications from Windows taskbar but also may render your computer difficult to use. Security Sphere blocks Task Manager, Internet Explorer (other web browsers too) and genuine malware removal programs. In some cases, the rogue program may allow web browser to start, however, after a few seconds it displays bogus notification saying that the website you are about to visit is trying to execute malicious code and was blocked in order to protect your computer. Just like any other widespread rogue anti-virus program Security Sphere 2012 go beyond aggressive marketing to sell software that has no functionality and provides you a false sense of security. If your computer is infected with Security Sphere 2012, please follow the removal instructions below.



Here are some sceenshots of fake security alerts generated by Security Sphere 2012:
Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software...

Warning!
Application cannot be executed. The file taskmgr.exe is infected.
Please activate your antivirus software.

Security Sphere 2012 Firewall Alert
Security Sphere 2012 has blocked a program from accessing the internet
Internet Explorer Internet browser is infected with worm Lsas.Blaster.Keyloger.

Security Sphere 2012
WARNING! 38 infections found!!!


Rogue AVs face survival challenges just like any other type of malicious software. Security Sphere 2012 drops a rootkit from the TDSS family. The rootkit must be removed; otherwise, the rogue program will be re-downloaded onto your computer. Thankfully, there's a tool called TDSSKiller which is designed to remove TDL3/4 and other rootkits from infected computer. For more informarion, please see the removal instructions below. If for any reasons you can't disable Security Sphere 2012 and run anti-malware software, you can activate the rogue program and disable the restrictions.

1. Please enter the following code: 8945315-6548431.



2. Once this is done, you are free to install recommended anti-malware software and remove the rogue anti-virus program from your computer properly.

Finally, if you have already purchased this fake security application, please contact your credit card company and dispute the charges. Please note that you may become a victim of credit card scam or even identity theft. Compute wisely!


Security Sphere 2012 removal instructions:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software and run a full system scan to remove this virus from your computer.


Alternate Security Sphere 2012 removal instructions:

Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
  • Hide extensions for know file types
  • Hide protected operating system files
Click OK to save the changes.


1. Find Security Sphere 2012 file(s).

On computers running Windows XP, malware hides in:
C:\Documents and Settings\All Users\Application Data\

On computers running Windows Vista/7, malware hides in:
C:\ProgramData\

2. Look for malicious files in the given directories depending on the Windows version you have.

Example Windows XP:
C:\Documents and Settings\All Users\Application Data\eG13602PoDbI13602.exe

Example Windows Vista/7:
C:\ProgramData\eG13602PoDbI13602.exe

Basically, there will be a malicious ".exe" file named with a series of numbers or letters.



Rename eG13602PoDbI13602.exe to eG13602PoDbI13602.vir. Here's an example:



3. Restart your computer. After a reboot, Security Sphere 2012 won't start and you will be able to run anti-malware software.

4. Open Internet Explorer. Download exe_fix.reg and run it. Click "Yes" to safe the changes.

5. Download recommended anti-malware software and run a full system scan to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Security Sphere 2012 removal video:


Associated Security Sphere 2012 files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].exe
Windows Vista/7:
  • C:\ProgramData\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION "svchost.exe"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "enablehttp1_1" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
Share this information with other people:
Read more

Wednesday, September 28, 2011

Remove Advanced PC Shield 2012 (Uninstall Guide)

Advanced PC Shield 2012 is a rogue anti-virus program meant to scare you into thinking that your computer is infected with Trojans, spyware and other malicious software, according to malekal.com. It may display pop-ups saying that malicious software has been detected on your computer. It then may redirect you to a website where you can purchase the rogue program in order to remove viruses and to protect your computer against emerging threats. Do not purchase this bogus software and do not share personal information like passwords, credit card numbers, etc., with cyber crooks. It won't protect your computer against malware anyway. Advanced PC Shield 2012 may block system utilities and legitimate anti-virus software as well. We can confirm that there is no legitimate security product with such a name on the market. If your computer is infected with Advanced PC Shield 2012, please follow the steps in the removal guide below.



Update (4:15 PM EDT): We received an email from our reader Colin saying that his laptop has just got infected with a virus called Advanced PC Shield 2012. The following files have been contributed by our reader:
  • C:\Documents and Settings\Colin\Start Menu\Programs\Advanced PC Shield 2012\Buy Advanced PC Shield 2012.lnk
  • C:\Documents and Settings\Colin\Start Menu\Programs\Advanced PC Shield 2012\Launch Advanced PC Shield 2012.lnk
  • C:\Documents and Settings\Colin\Desktop\Buy Advanced PC Shield 2012.lnk
  • C:\Documents and Settings\Colin\Local Settings\Application Data\gr5291f5w5071a02.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "gr5291f5w5071a02.exe"
The fake program attempted the following network connection: 178.162.174.147. It appears to be a control center.

Update (4:23 PM EDT):
Virustotal.com results: 2 /42
MD5: 4182cf81203e73ef44e642214b04d712
http://www.virustotal.com/file-scan/report.html?id=06b773f3a121851b9919e905b925721c2b2189372f407085aec611727f18e2a0-1317223457


Update (7:56 PM EDT):
Advanced PC Shield 2012 displays the following fake security alerts:
Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible.
Act now, click here for a free security scan.

Tracking software found!
Your PC activity is being monitor. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen.
Prevent damage now by completing a security scan.






This scarware reports the same infections on different computers. It doesn't actually scan your computer. Advanced PC Shield 2012 reports the following infections:
  • Java.Trojan.Downloader.OpenConnection
  • Trojan.Spy.ZBot
  • Worm.P2P.Pron
  • Exploit.CplLnk.Gen
  • Win32.Worm.Prolaco
  • Trojan.Android.Geinimi
  • Backdoor.Destroy
  • AprNet-Worm.Win32.Kolab
  • Win32.Worm.Stuxnet
  • Trojan.MSIL.Agent
  • Trojan.Win32.Agent
  • Trojan.Spy.Ursnif
  • Win32.Ramnit
  • Java.Backdoor.ReverseBackdoor
  • Backdoor.Bifrose
  • Backdoor.Win32.Rbot
  • AprWorm.Win32.Agent
  • Trojan.Win32.Qhost
  • wscui_class
The rogue application displays fake Windows Security Center screen and fake BSOD.



Cyber crooks offer online support too. You can leave a ticket at advancedpc.coguar-systems-support.info. There's a great chance that they will actually help you, however, any any payment-related questions are usually ignored.



Although, Advanced PC Shield 2012 doesn't block malware removal tools, at least the current version, you can still activate it manually and make the removal procedure easier in case you got more aggressive version of this fake anti-virus product. Just click on Registration and select Manual Activation. Then use the following code: 8945315-6548431



However, the biggest problem is that Advanced PC Shield 2012 drops a rootkit (Trojan:WinNT/Necurs) that blogs legitimate anti-virus programs and makes it difficult to remove the infection from the computer. Hopefully, you can use TDSSKiller to remove rootkits from your computer. Otherwise, you'll have to use Combofix. For more information, please follow the removal instructions below.


Advanced PC Shield 2012 removal instructions:

1. Download ComboFix from one of the following URL: http://www.bleepingcomputer.com/download/anti-virus/combofix
2. Temporarily disable your anti-virus and anti-spyware programs as they may may interfere with Combofix.
3. Double-click on the ComboFix to run the utility. Please read the disclaimer and if you agree, click on the I Agree button.



4. ComboFix is now preparing to run. It may take a few moments. ComboFix will create a System Restore and prompt you to install Microsoft Windows Recovery Console. Please click on the Yes button to continue.



5. Please follow the directions given by ComboFix in order to finish the installation of the Microsoft Windows Recovery Console. Once finished, click on the Yes button to scan your computer for malware.



6. ComboFix will now start scanning your computer for malicious software. This may take up to ten minutes.



7. When ComboFix has finished, it may automatically reboot your computer. Don't worry, that's OK. Just don't reboot your computer manually. After a reboot it will show a log file. Advanced PC Shield 2012 should be gone from your computer.

8. Download free anti-malware software from the list below and run a full system scan to remove the remains.
NOTE: with all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Associated Advanced PC Shield 2012 files and registry values:

Files:

Windows XP:
  • %WINDIR%\SYSTEM32\drivers\[SET OF RANDOM CHARACTERS].sys
  • %UserProfile%\Start Menu\Programs\Advanced PC Shield 2012\Buy Advanced PC Shield 2012.lnk
  • %UserProfile%\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UserProfile%\Desktop\Buy Advanced PC Shield 2012.lnk
  • %UserProfile%\Start Menu\Programs\Advanced PC Shield 2012\Launch Advanced PC Shield 2012.lnk
%WINDIR% refers to: C:\WINDOWS
%UserProfile% refers to: C:\Documents and Settings\[User Name]

Windows Vista/7:
  • %WINDIR%\SYSTEM32\drivers\[SET OF RANDOM CHARACTERS].sys
  • %UserProfile%\Start Menu\Programs\Advanced PC Shield 2012\Buy Advanced PC Shield 2012.lnk
  • %UserProfile%\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UserProfile%\Desktop\Buy Advanced PC Shield 2012.lnk
  • %UserProfile%\Start Menu\Programs\Advanced PC Shield 2012\Launch Advanced PC Shield 2012.lnk
%WINDIR% refers to: C:\WINDOWS
%UserProfile% refers to: C:\Users\[User Name]

Registry values:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[SET OF RANDOM CHARACTERS]
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 "*" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 ":Range" = '127.0.0.1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
Share this information with your friends:
Read more

Tuesday, September 27, 2011

Notification of Limited Account Access - PayPal Phishing

Here's an example of another phishing attempt against Paypal users. This time phishers claim that PayPal has developed a new security method intended to protect account information. Phishing e-mail asks you to verify your account data at PayPal by visiting the given link which appears to be genuine but it actually isn't. Please note that PayPal never send their users emails requesting personal details. So, in this case, you will be taken to a phishing website where your details will be captured for the phishers and then used to compromise your PayPal account. If you've received the following phishing email, please mark it as spam and delete it from your inbox.

Content of the phishing email:
Dear PayPal member,


Our company has developed a new security method intended to protect our members account information, therefore adatabase update is required to keep up to date your online account profile. To proceed, you will have to complete our online account verification form by clicking the following link...

Legitimate website: https://www.paypal.com/
Phishing website: http://forzieri-italia.com/paypal/
Return email address: support@epay.com

Here's a screenshot of the phishing email:



Share this information with your friends:
Read more

Remove Ask Search and Ask Toolbar (Uninstall Guide)

Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us prefer Google's search results but there's nothing wrong with ask.com. Our reader Peter says that Ask Toolbar was somehow installed on his computer. He managed to remove the toolbar but he can't find a way to remove Ask Search in Internet Explorer. So, we fired up Internet Explorer and installed Ask Toolbar on our computer, directly from ask.com. It's worth mentioning that ask.com may have agreements with other software developers and they may offer Ask Search and Ask Toolbar with their software. No offense, but you should read the whole end-user agreement very carefully before installing software that offers toolbars, third-party search providers and other utilities. Anyway, the toolbar can be uninstalled very easily, however, there are some problems with Ask Search indeed.



You have to manually remove Ask Search provider from your web browser and change your default home page. Please note, Ask Search affects both Internet Explorer and Mozilla Firefox. If your default search provider was set to Ask Search and you don't know how to get back to your favorite search engine, please follow the steps in the removal guide below. It has been created to help you to remove Ask Search and Ask Toolbar from your computer. If you have any questions, please leave a comment below. You can also end an email to AskToolbarBugs@ask.com. Good luck and be safe online!


Ask Search and Ask Toolbar removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.





2. Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



3. Search for Ask Toolbar in the list. Select the program and click Remove button.
If you are using Windows Vista/7, click Uninstall up near the top of that window.




Remove Ask Search and Ask Toolbar from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove the Ask Toolbar Chrome extension:



3. Click on Chrome menu button once again. Select Settings.

4. Click Manager search engines button under Search.



Select Google or any other search engine you like from the list and make it your default search engine provider.



Select Ask Search from the list and remove it by clicking the "X" mark as shown in the image below.




Remove Ask Search and Ask Toolbar in Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Toolbars and Extensions. Uninstall everything related to Ask.com and Ask Toolbar from the list.



3. Select Search Providers. First of all, choose Bing search engine and make it your default search provider (set as default).



Then select Ask Search and click Remove button to uninstall it (lower right corner of the window).



4. Go to ToolsInternet Options. Select General tab and click Use default button or enter your own website, e.g. gooog.com instead of websearch.ask.com. Click OK to save the changes.


Remove Ask Search and Ask Toolbar in Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Choose Ask Toolbar and click Uninstall button.



3. Click the small magnifier icon at the right top corner as shown in the image below. Select Manage Search Engines... from the list.



4. Select Ask.com and click Remove button. Click OK to save the changes.



5. Go to ToolsOptions. Under the General tab reset the startup homepage.

Share this information with your friends:
Read more

Cyberbullying


Table of Contents:


Description of Cyberbullying

"Cyberbullying" is when a minor or group of minors are trying to harm another underage person by using various information and communication technologies, such as Internet, mobile phones or other digital and interactive tools. However, this term should not be confused with cyberstalking or cyber-harassment, where the adults are involved.

In fact, when adults are threatening or embarrassing someone else, it is never called cyberbullying. Even if adult is attempting to seduce children and meet them in real world, it is called differently – sexual harassment, sexual exploitation or simple luring by a sexual offender. Nevertheless, in some cases those sexual offenders are also involved in cyberbullying, especially when they get intrigued by sexual harassment among the children, or even worse, when they find advertisements posted by bully and offering a victim for a sex.

The methods of cyberbullying can be extremely different and practically depends only on child’s imagination and access to technology. However it’s obvious, that any kind of these actions must be stopped or at least prevented as soon as noticed. And not only because of negative effects on children psyche and behavior, but also because of real danger concealed in cyberbullying actions, such as killing each other or committing suicide.

To avoid these terrible things happening, you should be aware of any signs of cyberbullying. The fact is that it is usually repetitive communication and when parents see it, they commonly feel concerned about improper language among the kids and do not realize how these rude and embarrassing posts may hurt emotionally or even physically their own or any another child. Moreover, sometimes there is no clear distinction between the good and bad sides, because the kids often change roles: from victim to bully and vice versa, and therefore the cyberbullying must be stopped from both sides.

Most of the time, the cyberbullying does not go that far, but sometimes it can reach the level of misdemeanor or juvenile delinquency charge, while serious criminal cases, such as theft of identity and/or password, have to be considered according to federal or state law. However the most common and at the same time the mildest penalty for children is banning their ISP or IM accounts due a terms of service violation. These criminal charges are often tried and pursued by concerned parents.

Sometimes schools are also trying to control students and their cyberbullying actions, even if they are carried out outside the school area or school hours. Unfortunately, this is usually treated as excessive desire to demonstrate the authority or simple violating the student’s free speech right. Despite of that, schools can still be very effective in preventing and stopping the cyberbulying situations, especially when working together with parents. The first thing they can and should do is to include the cyberethics and law into their education program. They can also try to find a creative way to control off-campus cyberbullying attack without being blamed for exceeding their legal authority. For example, the additional rule can be added to the school policy allowing to discipline and control students who are violent or disrespectful with other students, even if their actions are taken off-campus. In this case the constitutional issue becomes a contractual and the reason to criticize school actions is overridden.


Different Kinds of Cyberbullying

Mainly there are two types of cyberbullying: direct attacks and indirect attacks (cyberbullying by proxy). Generally speaking, either cyberbullying is executed by bullies themselves or they use others to help them in cyberbullying.

Direct Attacks

Direct attacks can be divided in eight smaller groups:
  1. Sending Inappropriate Text Messages;
  2. Sending Inappropriate Pictures, Videos or Junk;
  3. Sending Malicious Codes;
  4. Writing Blog Posts or Creating Web Sites;
  5. Malicious Online Impersonation;
  6. Stealing Passwords;
  7. Internet Polling;
  8. Interactive Gaming.
1. Sending Inappropriate Text Messages. Instant messaging or harassment by text messages is probably the most popular way of direct cyberbullying attacks. Children may send embarrassing or threatening messages and don’t realize that it is just as harmful as bullying in the real world. Moreover, sometimes messaging grow up to big text wars or serious text attacks, when thousands of text messages are send to victim’s mobile or computer device.

Actually, online messaging has even more variations. For example, many ISP (Internet Service Providers) blocks a user, which is writing or telling inappropriate things according to other users’ claims. However when this tool is used for blaming harmless people (in order to kick them offline for a certain period), it becomes as a game or prank and is called "warning wars". Also, a child or teen may create an account name which is almost the same as another child’s name and try to damage his/her reputation by saying and doing inappropriate things.

2. Sending Inappropriate Pictures, Videos or Junk. Just like messages, various pictures, videos or other junk might be send through e-mail, IM or mobile phones. Sometimes a picture of nude classmate (captured in the shower, locker or dressing room) or any other funny, vulgar or pornographic picture of teen is send to all e-mail or phonebook contacts. This may even cause an uncontrollable chain reaction when pictures are passed around to hundreds of children. Later these pictures may be posted on a website or sharing program for anyone to download. Well, we can only imagine the feelings of the victim after such events.

Sending porn and other junk is carried out in slightly different way. Cyberbullies often use victim’s e-mail address or IM name and registers him/her in various websites, usually in the ones, which are inappropriate for children (e. g. adult site). Then the victim receives hundreds of e-mails with junk or pornographic pictures and has a lot of problems if teachers or parents notice them (the adults might become very concerned about child behavior, assuming that he/she is visiting the porn sites).

3. Sending Malicious Codes. In order to spy on victim or to damage his/her computer, children can send malicious malware. The code is usually sent as an email attachment, link or simply placed on a website, frequently visited by victim. Opening infected files usually results in lost data (when malware is used to erase the hard drive) or lost of computer control (when bully takes over the computer by operating remote control software).

4. Writing Blog Posts or Creating Web Sites. Nowadays, having your own blog or website has become very easy, so easy, that even a child can create it and, in some cases, use it for harming others. In some cases they just are posing as the victims and blaming innocent child, and in other cases they just put false, distorted or rude posts about the victims and their personal life.

For example, the actual purpose of blogging is to publish personal thoughts, various Web links or any other kind of stuff and share it with other people. However sometimes kids or teens use these blogs to destroy another child’s reputation or to reveal his/her personal information. Considering the vulnerability and sensibility of young people, any false or rude and humiliating posts about their appearance, manners or events in personal life (e.g. break-up with boyfriend/girlfriend) may lead to unpredictable and destructive retaliatory behaviour, self-depreciation, depression and etc.

Meanwhile, the websites can be used either for already discussed online diaries (blogs) or for putting any other type of information: kids adore joining various fan clubs of favorite celebrities, games, TV shows, music and so on. However with the various malicious intensions, they can create websites, which are specifically designed to offend another child or group of children. And even worse – they can post personal information and photos, which increases risk for victims to be found or contacted (remember that sexual offenders are often interested in such kind of information).

5. Malicious Online Impersonation. Sometimes cyberbully, in order to deceive, may pretend to be someone else online and this is called online impersonation. Actually it can bring just as much damage as any other way of cyberbullying, because pretender may do the following:
  • send insulting, hateful messages to victims family members, friends or to other know or unknown people;
  • send provocative messages to victim’s enemies and organize confrontation with them by giving the victim’s contacts (name, address, mobile number);
  • alter a real victim’s message to make it look that he/she said something inappropriate or very personal.
For an obvious reason to convince others that it is not victim’s fault might be very tricky after all.

6. Stealing passwords. Many password hacking programs are available online and might be used by any child for stealing another child’s password. In the meantime having a victim’s password, even it is only his/her social network account password, means a lot. First of all, the bully can edit victim’s profile information by adding offensive or inappropriate information. Later these changes may become an object of derision, humiliate victim or just attract unwanted attention. Secondly, stolen account can be used for chatting with familiar or unfamiliar people and saying nasty things to them. They may become really angry and they won’t even realize that they are talking with other person. And thirdly, children may sometimes decide to lock or delete stolen accounts, which also upsets and flusters their owners. Moreover, once password is stolen and published, other hackers may try to hack into victim’s computer too.

7. Internet Polling. Internet pool is another way to "bully" your child online. In fact, it is a perfect place to create rumors and offensive questions: Who is the ugliest person in the class? Who’s a Slut? Who’s Not? While kids poll to answer, another one may feel really embarrassed or humiliated.

8. Interactive Gaming. Surprisingly, playing interactive games on video game consoles (e. g. PlayStation, Xbox) might become a place for bullying too. The fact is that these gaming devices allow playing online and chatting with chosen or matched player. However when children get very involved in the game, they often become aggressive towards their opponents and start using threats and lewd language. Sometimes it may go even further: they are creating false rumors, stealing their accounts or throwing them out of the game.

Cyberbullying by proxy

As it has been already mentioned above, cyberbullying through proxy is simply indirect bullying, i.e. when the bully uses accomplices to perform his planned malicious operations. Actually, the person, who gets involved in such kind of cyberbullying, rarely realizes that he/she is doing the dirty work. However the most dangerous situations arise when the adults are involved, especially the sexual abusers or the ones, who are unaware that they are dealing with child. And, unfortunately, it happens very often. Therefore the cyberbullying by proxy is considered as the most dangerous kind of cyberbullying. In order to recognize it, the most frequent situations are described below, but keep in mind that the variety of such attacks is nearly endless.

One of the simplest examples of indirect cyberbullying is "Warning wars". Many ISP (Internet service providers) provide the possibility to report the user, which is using inappropriate language and thus violating their rules. However some children use the warning buttons on their email, chat or IM screens just in order to eliminate other children from chat or make them lose their accounts. Of course, the service provider firstly checks the validity of these warnings, but cyberbullies know that and therefore they provoke their victims to say something rude or nasty back. It is needless to say what goes next. The service provider gets a proof and becomes an innocent accomplice of the bully by blocking or stopping the victim’s account. Very similar situation may happen with victim’s parents too. The cyberbully can make it look like the victim had started bullying and when parents notice that (or are notified) they blame their kids and punish them without realizing that they are wrong.

Another way to start cyberbullying by proxy is to pose as the victim and thus to make a lot of problems to him/her. The cyberbully can create a new account or control the existing victim’s account (by hacking into it or simply stealing the password), but however they do it, the main aim is to send many offensive, nasty and rude messages to victim’s friends, known and unknown people. These people usually get angry and disappointed with the victim without knowing who they are really speaking with. The worst thing is that the victim can neither prove himself/herself innocent nor stop it, especially if the bully have changed the account password.

Sometimes posing as the victim can be used in other way and involve more people. For example, Thom gets angry at his classmate Tiffany, because she didn’t invite him to her birthday party, and therefore he decides to seek revenge. Thom goes to any buddy profile website and, posing as Tiffany, posts "Thom is the ugliest and the dumbest boy in the word, I want to see him dead" or something even more offensive and humiliating. Then the boy begins playing the victim: he starts blaming the girl for being mean, shows the post to Tiffany’s friends, teachers or parents and makes them do his dirty work. In the end Thom looks like the "good guy" and, on the contrary. Tiffany, being completely innocent, has a lot of problems: she may be punished by her parents, get into trouble at school and lost her friends.

Unfortunately, cyberbullying may go even further than that. Sometimes for faster and better result, the bully posts information about the victim or pose as a victim in hate group chat rooms, child molester chat rooms and/or on their discussion boards. They also publicize the personal and contact information about the victim, hoping that the members of hate group or child molester group will contact and attack the victim online or even offline. And they do. People, feeling insulted or attracted (depends on the group type), start calling, sending threats and hateful messages or simply seek to meet the victim face to face. The last action can be extremely dangerous and result in serious physical injuries. Therefore, if you are receiving similar death threats from unknown people, immediately tell about it for your parents and call the police.


Preventing Cyberbullying

In order to avoid or prevent cyberbullying, follow the recommendations written below. Notice that actions, which may be taken in one or another situation, may vary according to the type of cyberbullying.

Mobile messaging (text, pictures, videos). First of all, try to avoid sharing your mobile phone number with everyone, especially with barely known people. You should also consider entering your number on popular websites (such as Facebook, Twitter, etc.) or instant messengers (Skype, Windows Messenger, etc.), because then your number may become available to all your contacts or even publicly. And more, be careful when leaving your phone unsupervised and reachable for everyone as it may be the way to get your contacts too.

However, if the cyberbully has got your number already and now you are suffering from abusive text messages or obscene pictures/videos, try to calm yourself down and don’t write anything back to the bully. Angry response won’t resolve anything - actually, the situation may become even worse after that. The best thing you can do is to report abusive messaging for your mobile service provider (Vodaphone, Orange, T-mobile, etc.) and they will block specific numbers from calling/texting to you. Check their websites for more information.

Online Messaging (through chatrooms, instant messengers). A primary way to protect yourself from potential cyberbully, while chatting online, is to keep your personal information concealed. Even the nickname should be chosen so that no one would be able to recognize your real name, location, age or any other actual information. Of course, some people may still post something offensive or humiliating to you in the chatroom or through instant messenger, but at least you will be sure that the bully won’t reach you directly and won’t leave thousands of unsolicited messages in your mailbox box or on your mobile phone.

But still, if you have received abusive post or message, simply ignore it and do not start replying anything back. It has been written above already, how to deal with rude text messages and actually, the same stands for online chatting – being calm and ignoring is the best way to avoid more problems. You may even log off, if you feel like you can’t stand it anymore. And moreover, think about what you write too. Online chatting is not the same as direct conversation and, therefore, it is easier to misunderstand what you actually meant. Reckless words may provoke the conflict and conflict is sometimes the begging of cyberbullying.

Emailing. Emails are used for communication through the Internet and usually are absolutely harmless. However, it can also be easily used for cyberbullying. Therefore if you receive a threatening or humiliating email, or even worse, several emails, you should know how to deal with them.

The first and the most important rule – never respond to such kind of emails, but save or print them. The fact is that the sender is actually seeking your attention and when he/she gets it, he/she feels satisfied and probably will start even more aggressive bullying. On the contrary, ignoring their letters may reduce or even stop the bullying. However simply deleting these letters may be not the best solution either. In some cases, you may need evidence that you have received something and therefore it is recommended to save them.

If the bullying continues, even though you haven’t replied to it, then you should try to identify the sender. If you are using an email client, such as Outlook or Outlook Express, press the right mouse button over an email and you will get detailed information about from where/whom the letter arrived. Then you may ask your parents for help in contacting the school or service provider of the sender’s email.

Of course, emails can also be sent anonymously or from the person that is absolutely unknown (spamming). Companies or individuals use the email harvesters or other special computer programs to obtain many random email addresses from the internet and then send messages to each of them (as a rule – automatically). Obviously, there is no need for you to reply to any of these letters. Sometimes, there might be a link, which is ostensibly supposed to stop spamming, but be aware, that it is only a trick. Actually by clicking such kind of links, you only confirm that your email address is real and in use, so after that you can expect even more active email flooding, especially when your address is sold or passed to other people.

So what to do if you are constantly getting junk and abusive messages from different emails? Well, probably this problem has only two solutions. The first one is to separate normal emails from junk, because blocking or stopping in such situation is practically impossible (too many senders). For doing this, check the possibilities of your email program - many of them offer filter functions and are able to redirect the spam to another folder. Of course, this won’t solve the actual problem, but at least you will be shielded from it. The second solution, unfortunately, is to delete your current email account and to create a new one. In any case, this is a way better then reading or deleting spam every time you log in.

Websites. Sometimes cyberbullying begins on the school or community page, but not necessarily, nasty information can be posted in any website. In the first case, you should tell someone about it. This can be your parents or teachers, just according to the situation. However the second case requires a little bit more efforts - you should find out who hosts that website at first. There are some good articles on the Internet, where you can read about it. For example, take a look at the Bully OnLine website, which not only reveals how to get more information about the possible website owner, but also talks about general online safety.

Google Yourself and Your Kids

Well, it probably sounds like a joke, but actually you might be surprised how much Google “knows” about you and your personal life. The fact is that Google is the search engine and collects any pieces of information available online. Therefore, you can try to “Google” yourself or someone else, i.e. to use Google for searching any kind of information about yourself or any other person. Unfortunately, this means that others can “Google” you too.

You may be still wondering why the information about you is available online and how does it happen. Actually, in many cases it is our own fault. You will probably agree that nowadays more and more of us are using the Internet. We are communicating, sharing our ideas or simply checking the information and news posted by others. Therefore lots of personal information is posted online. Maybe you have created an account in any of social networking websites and filled in some information about yourself? Maybe you have signed up in any other website and incautiously accepted the privacy rules? Maybe you have posted something in the public forum or just written a post about your personal experience or opinion? Or maybe your children have shared any similar information with others?

In fact, every single detail ever written online might be reached by others. Therefore think twice before sharing any personal information online, because the consequences might be very unpleasant. For example, just imagine if you post your contact information (such as telephone number or address) online. It practically means that everyone can reach it now and one day you can meet uninvited guest just in front of your door. Who knows what that stranger can do to you and your family? And are you sure that your child haven’t posted this kind of information yet?

So now it is more or less clear how Google “gets” information about you and how dangerous it can be. The good thing is that you can control it, but before that try to „Google“ yourself, your kids and other family members at first. By doing this you will realize how much and what kind of information is available online about you and them.

In order to begin, launch Google in your web browser. Then type your real name and surname in quotes, e.g. “Name Surname” and click Google search. All the results, you see in the window, is the information relating you or the people, which have the same name and surname like yours. Then you can try to type your full e-mail address (e.g. name.surname@email.com), nick name, mobile or telephone numbers, street address or other personally identifiable information. The same search should be repeated in sections: „images”, “groups” and “news”, even though the last one is mostly about public figures. And don’t forget quotation marks, if you are searching for specific phrase of two or more words and want that this phrase would be searched as a whole and not picked apart by Google.

After “Googling” yourself, your kids and other family members, make the final evaluation. Do you feel like too much information is available online? Is there anything, you don’t want to be known by others? Well, at first you should contact Google and ask them to erase this information. But in many cases you would also need to make a request to the site or online service, where unwanted content is posted.

This, probably, seems to be very easy, but actually it isn’t. Some site founders don’t really care about what is posted in their pages, especially when they day by day receive a lot of new posts (for example, discussion boards). However many of them will react, when their terms of service (TOS) are violated. So there is the point from which you should start. Read the TOS for the site, where the information is posted, and try to find a violated rule. Maybe publishing information of other persons is not allowed without their permission? Or maybe posting any personal or inaccurate information is prohibited? In other words, if the information posted in site, violates any of TOS, the hosting company is more likely to remove it.

Of course, in order to achieve such reaction, you have to contact the right person at first. The easiest way is to write to the webmaster, because their emails usually are very simple: webmaster@[the Website name/URL], for example “webmaster@website.com”. Also, check the privacy contact at the site or a DMCA contact, which is related with copyright violations and therefore often reviewed. In your email, you should clearly describe the problem: introduce and prove yourself as a person, whose information is published, copy the URL of the page where this information is placed and finally specify which information exactly should be deleted. Wait for the answer about a week or two, and then send a kind reminder with the date, when earlier e-mail was sent. If still no response, after a week or two, send an email to privacy@wiredsafety.org. Also, when the issue concerns your kids under the age of thirteen, you can contact COPPA (the Children’s Online Privacy Protection Act) or FTC directly (http://www.ftc.gov). These organizations are very carefully enforced and will immediately react. You may be asked to prove that you are the parent, but as soon as you prove it, the information from website will be removed.

A slightly different letter has to be written, when you are worried about inaccurate information posted by you or someone else. It is usually a bit more complicated to change the part of the post than remove it entirely and some websites can only remove the old post and repost the new, correct information (some can’t do even that). Therefore it would be better if you include correct information in the e-mail in advance (before sending it).

The special actions should be taken if you find a site, which is related with children sexual harassment or cyberstalkers. Do not underestimate them, especially if they are trying to frighten you or your child. Strange calls at midnight or nasty posts offering you or your child for sex, is the signal that law enforcement must be involved. But they won’t be able to do anything if there would be no link to real offline contact information. In this case, the WiredSafety.org should be contacted.

What Parents Can Do?

The first action to be taken, when you find out that your children are being cyberbullied, is to talk about it with them and, especially, about their feelings and fears. Moreover, make sure that you will support and protect them from any further accuses or threats.

After a conversation with kids, you should consider reporting this problem to your child school’s administration or teachers. Many schools and after-school clubs have their own means how to deal with cyberbulying, although they may vary according to the district or state. And moreover, always ask your child permission before contacting school, because he or she might be afraid about their friends’ reaction, taunting and so on and therefore it might be necessary to convince or calm him/her down at first.

Do not hesitate to contact a therapist or counselor at school if you see that you are not able to control the situation alone.

Other possibilities to prevent cyberbullying

1. Blocking. It is probably the easiest way to stop unsolicited messages. Simply block the specific person from contacting your child by changing the settings of device (many of them have the block function).

2. Controlling activities. Usually children do not realize how dangerous is to share personal or contact information online. Therefore, you have to talk about it with them as soon as they start using Internet. The essence of privacy, strong passwords and internet ethics must be emphasized during that kind of conversation. Moreover, don’t forget to supervise your children online activities constantly.

3. Limiting access. Many children simply can’t stop checking messages in their phones, email boxes, messengers and elsewhere, even though these messages are nasty, humiliating and hurtful. Then limiting access to computer or mobile phone is probably the only way to significantly reduce or eliminate cyberbullying, even though it may upset your child.


Cyberbully: The movie

Cyberbully. Part 1



Cyberbully. Part 2



Cyberbully. Part 3



Cyberbully. Part 4



Cyberbully. Part 5



Cyberbully. Part 6




Share this information with your friends:
Read more

Monday, September 26, 2011

Facebook Price Grid Hoax

A false message is circulating on Facebook claiming that the social network will no longer be free unless you copy and paste the following message before midnight.
FACEBOOK JUST RELEASED THEIR PRICE GRID FOR MEMBERSHIP. $9.99 PER MONTH FOR GOLD MEMBER SERVICES, $6.99 PER MONTH FOR SILVER MEMBER SERVICES, $3.99 PER MONTH FOR BRONZE MEMBER SERVICES, FREE IF YOU COPY AND PASTE THIS MESSAGE BEFORE MIDNIGHT TONIGHT. WHEN YOU SIGN ON TOMORROW MORNING YOU WILL BE PROMPTED FOR PAYMENT INFO...IT IS OFFICIAL IT WAS EVEN ON THE NEWS. FACEBOOK WILL START CHARGING DUE TO THE NEW PROFILE CHANGES


It's nothing more but a hoax -- an attempt to deliberately mislead Facebook users into believing that Facebook is going to charge users $9.99 per month for gold membership, etc. Yes, the old profile is going to be redesigned, but this will not cost you anything. Besides, it wasn't on the news. Honestly, I do not understand what's the point of such false messages. Maybe it's just for fun, who knows? Anyway, do not be another hoaxster and do not share this message with your Facebook friends even if you got it from a very good friend of yours. It's amazing how many times this Facebook price grid hoax was already shared on the social network.

Share this information with your friends:
Read more

Thursday, September 22, 2011

ZeroAccess/Sirefef/MAX++ Rootkit Removal Tool

ZeroAccess/Sirefef/MAX++ is probably one of the most sophisticated rootkits out there that uses advanced technology to hide its presence in a system. It works on both, x86 and x64 platforms. ZeroAccess, also known as Sirefef and MAX++ acts very similar to the TDSS rootkit, although, it has more self-protection mechanisms that can be used to disable anti-virus software, etc. Cyber crooks use Acrobat Reader, Java exploits in order to distribute the rootkit. Once installed, ZeroAccess (ZAccess) may download additional modules onto the infected computer. If you are experiencing web browser redirects and you can't run your antivirus software, your computer might be infected with this notorious rootkit. Thankfully, Webroot has released a great utility called ZeroAccess/Max++ rootkit remover that will help you to remove the ZeroAccess/Sirefef/MAX++. The utility doesn't have graphical user interface (GUI), however, it's very straightforward. Unfortunately, it works only on 32-bit systems. Please follow the step-by-step guide below on how to use the ZeroAccess/Max++ rootkit removal tool. If you have any questions, please leave a comment below. Good luck and be safe online!


Using the ZeroAccess/Max++ rootkit remover to remove ZeroAccess (Sirefef/MAX++) rootkit.

1. Download the ZeroAccess/Max++ rootkit remover: http://anywhere.webrootcloudav.com/antizeroaccess.exe

2. Double-click on antizeroaccess icon to run it. It will ask you to verify that you want to perform a System scan. Type Y and press Enter.



Once finished, press Enter or any key to continue.

3. If your computer is infected with Zero Access rootkit, you'll see the following warning: Your system is infected!!



Infected file: mrxsmb.sys. In your case it might be different. Type Y and press Enter to perform system cleanup.

You should know see the notification that ZeroAccess rootkit has been successfully removed from the system. Press any key to exit the utility and restart your computer.



4. Run ZeroAccess/Max++ rootkit remover once again to confirm that ZeroAccess/Sirefef/MAX++ rootkit was successfully removed from your computer.



5. Finally, download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of this rootkit from your computer.

It's possible that an infection is blocking anti-malware software from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.

Share this information with your friends:
Read more

Wednesday, September 21, 2011

Remove Startsear.ch and search.searchcompletion.com (Uninstall Guide)

Startsear.ch and search.searchcompletion.com both are relatively new web search engines. We won't go into details about the quality of the search results this time, they probably return mixed results from Yahoo!, Bing and other popular web search engines. However, both websites have a poor reputation, according to MyWot. Some people think that Startsear.ch and search.searchcompletion.com are related to malware. You can easily find forum threads claiming that Startsear.ch is a virus/spyware. Other people say it's a browser home page hijacker, etc. In short, Startsear.ch and search.searchcompletion.com are not categorized as malicious websites and they do not distribute malware either. At least, we didn't find any evidence.



The biggest problem is that Startsear.ch and search.searchcompletion.com are being promoted through the use of freeware and add-ons/plugins. For example, when you install vShare plugin, your default home page and web search provider may be changed to either startsear.ch or searchcompletion.com. However, when you uninstall vShare from your computer, your web browser's default settings will not be restored. This means that you have to remove startsear.ch or searchcompletion.com from your favorite web browser manually. It affects Internet Explorer, Mozilla Firefox and Google Chrome. The following instructions have been created to help you to remove startsear.ch and search.searchcompletion.com in Internet Explorer, Mozilla Firefox and Google Chrome. If you you have any questions or additional information about this issue, please leave a comment below. Good luck and be safe online!

Scan your computer with recommended anti-malware software (direct download) to remove this browser hijacker from your computer. Then please follow the removal instructions below to remove the leftovers of this infection depending on web browser you use.


Startsear.ch and search.searchcompletion.com removal instructions:

First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.






Remove Startsear.ch and search.searchcompletion.com from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Bing search engine and make it your default search provider (set as default). Then select Web Search and click Remove button to uninstall it (lower right corner of the window).



3. Go to ToolsInternet Options. Select General tab and click Use default button or enter your own website, e.g. gooog.com instead of Startsear.ch or searchcompletion.com. Click OK to save the changes.




Remove Startsear.ch and search.searchcompletion.com from Mozilla Firefox:

1. Click the small magnifier icon at the right top corner as shown in the image below. Select Manage Search Engines... from the list.



2. Select Web Search and click Remove button. Click OK to save the changes.



3. Go to ToolsOptions. Under the General tab reset the startup homepage. That's it.




Remove Startsear.ch and search.searchcompletion.com from Google Chrome:

1. Click on Customize and control Google Chrome icon and select Options.



2. Choose Basic Options. Change Google Chrome homepage to google.com or any other and click the Manage search engines... button.



3. Select Google from the list and make it your default search engine.



4. Select Web Search from the list remove it by clicking the "X" mark as shown in the image below. That's it.



Share this information with your friends:
Read more