David's computer runs Windows 7 Home Premium. Lately, he's getting a lot of failure messages. He ran MalwareBytes and has stopped malware that was running. Leo says that Malware Bytes may have taken out system files that the malware has attached it to. Leo suggests using the recovery discs that David can burn from his computer and then just start over. Back up the data, then restore from those recovery discs. That will format the drive and re-install Windows.
Joe got bit by the FBI Moneypak virus. Leo says it's a well known ransomware exploit, and all viruses require the user to be complicit in the infection. So, Joe probably went somewhere or downloaded something that enabled the virus to get on his system. Unfortunately no repair can fully remove everything and it's likely what he tried just got rid of the notification and not the actual malware itself. That virus may have invited many other malware exploits to the party, too.
Steve Gibson joins Leo to talk about the UPnP bug. It's one of the most nefarious exploits out there and the media isn't talking about it because it's just too "geeky." Security groups scanned over 4.3 Billion routers connected online, looking for a vulnerability. There are hackers probing as well. It's stunning that over 81 million are vulnerable due to a bug in the router software that will give hackers access to their personal networks. Steve advises turning off UPnP in the router settings.
John got bit by the FBI Moneypak virus. Leo says it's ransomware, they threaten users and offer to cut them a break if they spend $300 worth of Moneypaks and send it to them. After he got this, John went into safe mode and found it and tried to clean it off. He can remove it, but at the end of the day, it may be best to just backup his data, and reinstall Windows from a known, good source.
Gary got a spam email message and now it's been forwarded to everyone on his contact list. He got failure notices from the message being sent to addresses that didn't exist. Leo says that it's not unusual to get failure notices where he has no control. Spammers can "spoof" the return address by using another user's email address as the return address. Nothing he can do about that, but the good news is that they'll soon move on to another email.
Bob turned on his computer and found a new account named "John" on it. Leo says that's cause for concern. It could be a form of malware that gave a hacker remote access to the system. Why they'd choose a standard account, vs. an administrator account is somewhat of a mystery. Steve Gibson talked about a new malware issue that's popped up recently. It's a really nasty flaw in routers that was just discovered last week that exploits universal plug n play. Bob should run GRCs Shields Up to see if his router has that flaw.
Sam got a popup from what claims to be the FBI requiring him to buy a Moneypak card to get rid of it. It's a scam, malware (more specifically called ransomware) on Sam's system designed to blackmail him into sending them money. He can restart in safe mode and run his antivirus software to clear it. Norton and McAfee both have removal tools for it, too. Even if he clears that off his system, there could be other stuff that has been installed as well, though. So at this point, it's just best to backup his data, format the hard drive and re-install from a known, good source.
Bruce got a virus on his computer that's preventing him from gaining full access to his computer, and is asking him to pay $300 to get it back. Leo says to try starting in safe mode. If he has access to another computer, Kaspersky offers a rescue disk that he can download and make a CD that he can boot to on his computer. Once he gets access to his data, he should wipe the drive and reinstall Windows from a known, good source.
Mark says that Norton anti virus on Windows 8 allowed a web search toolbar (called SearchUS.com) to get on Internet Explorer and it's been a pain in the neck to get rid of. Leo says that while it did happen, it's not really Microsoft's fault. They control 95% of the market and that makes it a huge target. Since it could have come with something else he installed, Mark may have accidentally installed it. Viruses can't get installed unless the user runs some sort of program to trigger them. Just having data can't really do it. It may be a security flaw in IE 10 that allowed it, though.
Jennifer updated her subscription to Avast and now her computer is all screwed up and they want her to pay for a certified technician. So, she went to Eset and they helped her by giving her an uninstall tool. Now she can't install Nod32 because it can't connect to the Internet. Leo says that is likely something left over from Avast that is causing the issue. Check out Avast.com's Uninstall Utility.