RUPERT-TECH - Computer & Laser Printer Services

A new variant of the Trojan Popureb burrows deep enough into the Windows operating system that users are recommended to reinstall the OS in order to remove it, or by fixing the master boot record, Microsoft said.

The "Popureb" Trojan corrupts the hard drive's master boot record to such an extent that the only way to remove it is to run Windows Recovery Console to rewrite the sectors to a clean state, Microsoft Malware Protection Center engineer Chun Feng wrote in an advisory posted on the Threat Research and Reponse blog June 22.

The Trojan was updated recently with the driver component that makes sure the malware can never be modified by an external process, according to Feng. The component accesses the DriverStartIO routine in the device driver to execute itself.

Trojan:Win32/Popureb.E overwrites the first sector on the hard drive so that it triggers at boot time. MBR is generally invisible to both the operating system and security software. To ensure it can't easily be removed, Popureb can intercept all commands to overwrite the MBR or any other part of the hard drive where the malware is installed and replace those commands with a read command. The operation appears to succeed and no errors are thrown, but no new data is actually written to the disk. This means that if a security software attempts to remove the malware, it fails automatically because it can't overwrite the MBR or the infected sector.

Most members of this particular malware family are fake antivirus software, but this variant "might be a little more severe, Symantec said, but pointed out that this Trojan doesn't do anything that "Trojan.Tidserv doesn't already do." The company has asked Microsoft for the sample to analyze further, according to the statement.

"How to Recover a Deleted File in Windows 7"

Windows 7 has a built-in tool called Previous Version that allows users to recover files they mistakenly delete. In order to recover deleted files you have to first make sure that System Restore is enabled so that Windows can automatically create restore points. These restore points are what you can revert a folder to in order to recover the files that existed at that time and date.

Step 1 - Making Sure System Restore Is Enabled

You can verify that System Restore is turned on by right-clicking Computer and selecting Properties. Next, you'll want to click the System Protection tab and then click the drive you wish to turn on System Restore. The C: drive is usually the drive selected. After selecting the desired drive and clicking OK, System Restore will be turned on if it was previously off.

Step 2 - Recovering a Changed Document in Windows 7

1. Open the folder where the file was located.
2. Right-click in the white space within that folder.
3. Select Properties and click OK.
4. The Properties screen will then pop-up. In this screen, select the Previous Versions tab.
5. The Previous Versions tab will then display various versions of changed or deleted files in that folder. These versions are based on automatic restore points created by System Restore.
6. Choose the version time and date you wish to revert back to.
7. Then click Open.
8. You will then see all of the previous versions of files in that folder according to the time and date you selected.
9. To recover one of those files, rick-click the file and select Send to and then choose the folder you wish to save the file to.

That's it! Now you know how to recover lost files. It's a handy, useful tool that Microsoft built into Windows 7. We recommend you take full advantage of the Previous Versions tool as it will save you headaches down the road.

"How to Protect Your Network from Hacker Bots"

Not all hackers are only after your data. The real prize is your wallet. To carry our cyber-crimes, many hackers will use email spam, phishing attacks, or insidious websites to infect computers and turn them into "Hacker Bots." These Hacker Bots become drones that can be controlled remotely by cyber criminals, unleashing attacks on businesses that generate a steady revenue stream for the criminals.

A Trend Micro study recently found that roughly 25% of all infected computers belonged to businesses. It's often hard to know for sure whether your computer has been turned into a Hacker Bot. The best solution you can take is to contact a security expert to fully assess the machine.

Before you call a security expert, there are a few initial steps you can take:

1. Disconnect the potentially infected computer from the Internet. If the computer is infected, this step will immediately stop data from being stolen, and prevent attacks on other businesses.
2. Search for any sensitive data on the potentially infected machine and move it to a clean computer. Another option is to move the data to an external hard drive for safe keeping.
3. Clean the potentially infected computer using antivirus software. You can also hire a professional to utilize advanced tools to ensure a complete quarantine of your machine.

If you don't yet believe any of your machines are infected, you are in a great spot. Prevention is the best cure and is much easier and cost-effective to implement long-term. You can start by ensuring that your antivirus definitions are always updated and you download the latest security patches for Windows and the programs you run on Windows.

You can also outsource your security maintenance to a company such as ourselves who can professionally perform monthly work on your machines remotely to ensure they are as padlock safe as possible. This saves you the time and headache of having to do the work yourself, and will also give you peace of mind knowing that your data is professionally secure.

Cybercriminals are circulating a new piece of fake security software that spoofs a Microsoft security tool. It’s called the “MS Removal Tool.”

When you start your computer, you see a MS Removal Tool window that restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.

If you see a pop-up ad or an email for the “MS Removal Tool,” ignore it.

If you already have this malware on your computer, you might not be able to access Internet Explorer or any other programs.

As always, we highly recommend our users having their computers up to date and running a good antivirus application.

A good and free choice is Microsoft's own Microsoft Security Essentials.

If you can access Internet Explorer or another web browser, you can also use the Microsoft Safety Scanner to scan your computer and remove the MS Removal Tool.

Be safe!

Dust is all around us, indeed, but some places and/or things collect much more than others.

Air filters on an air conditioner, cooling fins on a refrigerator, a fan blade... anything that has a fan pushing or pulling air through will inevitably collect more as the airflow is increased. 

Your computer is no exception.

As the number one enemy on a computer device is heat, there are severe repercussions that arise from such dust accumulations:

• Blocks the air flow inside the computer, effectively preventing heat from being transfered to the outside of the case thus creating overheating problems, and eventually processor failure.
  
• Makes fan blades heavier, noisier and prone to breaking down.
• Can create shorts on board circuits.
• Can be a nest for nasty pests.
• And more...

None of which you would like to (nor should) have in your system.

As a preventive maintenance procedure, whenever you see a little dust accumulated on the vents on your computer, you can use a vacuum to suction that dust out.

If you decide you want to clean the interior as well, please note that:

1. Opening the case might void your warranty.
2. Electrostatic Electricity created by the airflow on the vacuum plastic can damage the components inside your computer.
3. Touching any component inside without following proper ESD guidelines can cause component failures.

Alternatively, you can also use a pressurized air can, but then again, certain precautions should be used, least component damage might occur.

1. Do not tilt the bottle, least the liquid might come out and short the components inside.
2. Make sure the computer is off, and let it cool down before cleaning it. Blowing cold air from a pressurized container into hot components can cause serious problems to them.

If you're unsure or don't know exactly how to safely perform this task, please contact a professional technician that can do the job safely and efficiently.

In what has become one of the biggest data breaches in history, Sony has been notifying its users of a computer intrusion and data breach that has exposed personal information on 77 million PlayStation Network users.


Among the data the hackers have been able to get are Names, passwords, country of origin, zip codes and phone and credit card numbers.

With that much information, one's identity can be easily spoofed and impersonated, fraudulent charges made and more.

If you are one of those affected, please log in to your PSN account and change your password immediately, specially if you are the type that uses the same password everywhere.