I bought a laptops for my children. Here's how to secure it, or simply minimizing cyber threat (risks).

• I setup and configured the laptops using the local administrator account.
• Run windows update, and apply those security patches. Sometimes you need to run Windows Update, twice or three times to make sure that all security patches applied to your computer.
• After the installation of security patches, make sure that you set this windows update "automatic" once every week to keep your computer up to date. Click Start, Control Panel, then Windows Update. Here you can modify how frequent you want your computer to receive update automatically. Of course you can come back and make the necessary adjustment as you see fit.
• After the security update install and setup. It's time to download and install anti-virus software. It's nice to know that Microsoft offer Free Anti-Virus for Windows. Here's the link to download the software http://windows.microsoft.com/en-US/windows/products/security-essentials, and if the link is not working. Google it "Microsoft Security Essentials", and it will provide the updated link.
• To install the Microsoft Security Essentials, simply accept the default installation. After the install, run a full scan of your computer, and update the settings.
• Install all the applications you need such as Microsoft Office, Adobe Reader, etc. I've asked my kids to use Google Apps Doc for their projects so we don't have to spend extra $$$ buying Microsoft Office. This is part of Gmail Docs for word, excel, and powerpoint. Create your gmail email address here http://www.gmail.com
• Install your printer drivers.
• After all the basic setup, windows security updates, installation of software's, and printer driver installation. You need to create a "user" account with basic rights to use your computer. So, if you use "admin" for all the installation. You need to create account for "Joe", "Mary" and "Jane" with their own passwords. When they use their own "user" account, you minimize exposures when surfing the Internet. Those automatic cookie installations on your computer will be denied. When you click any executable "malicious" files will be denied, and you minimize of virus infection as well. You will only use the "admin" account if you will install new software and windows update install.

I assisted someone to remove the XP Anti-Spyware 2011 today. This is a similar category of Spyware Protect 2009, Vista Antimalware 2011, and Win 7 Antispyware 2011. The malicious codes apply similar approach of scaring user by displaying pop-up that your computer is infected, ask you to activate XP Anti-Spyware software, imitating  anti-virus or anti-spam program to buy. DO NOT BUY anything. A local computer technician can clean this for you.

If you're a system administrator or a local computer technician. Here's a simple procedure I tried and tested to clean up this mess! This manual removal is not applicable to end-users that doesn't understand computer trouble shooting, leave this to the professional. Seek for assistance right away.

End these processes in Task Manager
WavXDocMgr.exe
bhj.exe

Delete this file here:
C:\Documents and Settings\juliad\Local Settings\Application Data
WavXMapDrive.bat
iconfile

Run Regedit and delete these entries:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'

HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'

I read this manual removal from this website:
http://www.spywarevoid.com/remove-xp-antispyware-2011-xpantispyware-2011-removal.html

They mentioned some registry entries but not applicable to the computer I help removed this virus.

I also shared an article on how to remove Spyware Protect 2009, that was posted here:
http://www.medialogy.com/2009/04/whaddya-know-how-to-remove-spyware_27.html

Join the discussion at www.Blocklist.com community.

I recently wrote an article on how to remove a System Tool fake anti-spyware tool. If you missed to read the article, here the link (Uninstall System Tool).

Today, I received another request on how to remove a Security Shield another rogue anti-spyware program similar to Security Tool. The step-by-step is already provided by the bleepingcomputer.com website, so I will not create another how to article. Instead, I will share a different approach on how to remove the program without installing any anti-spyware program e.g. MalwareBytes or HijackThis.

You should know how to use a command prompt to navigate your workstation directories. Here's a simple guide on how to remove the Security Shield.

• Restart your workstation in a SAFE Mode.
• Login to your workstation
• Open a command prompt, click on Start, Run, type CMD [Enter] (not case sensitive)
• In command prompt, go to this subdirectories c:\Documents and Settings\Medialogy\Local Settings\Application Data\
• Check if you find any random .exe file. When I help cleaned one infected workstation, I saw ptpckschld.exe under Application Data. I deleted this file and restart the computer.

Everything is working OK with your computer and all of sudden you are prompted with a windows alert that you are infected, showing a fake scan to scare you. First thing you need to do, DO NOT order anything from the website. Take a deep breath and follow the procedure here to fix it.

It is easy to fix this problem, this is just another misleading (rouge) anti-spyware program.

• You need a tool to remove this program. Actually, you can use registry editor to delete but it is not advisable if you are not familiar on how to use. I suggest that you download one file from Trend Micro website. Here's the link: http://free.antivirus.com/hijackthis/. Download the executable (not the installer) so you can run this tool right away. You need to use a working computer to download the program and save to a USB drive. Then copy the executable program to the infected computer. For example, copy the executable program (HijackThis.exe) to your c:\temp folder. If you don't have a temp, create the folder.
• Restart your computer. After the BIOS message, click F8 function key to boot in Safe Mode.
• Login to your workstation, go to the c:\temp folder and double click HijackThis.exe file. In open file - Security Warning, click Run to continue.
• Click "Do a system scan and save a log file."
• You will see the Trend Micro HijackThis report from R1, R0, 01, 04, etc.
• You need to find the System Tool random executable file, should be something like this: O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
• Put a check, then click Fix checked. This program will clean your computer.
• Restart the computer.

I received this email today with the subject "24 Hours to Start Making $389,783 in just 60 days. On Autopilot.", I say don't waste your time and money. If they know how to make money this much (six figures in 90 days), they should be retire by now. I guess not, because I received one of the email spam today and continue to receive once in every month. This could be worst if I'm not using Google Apps for email. If you are using Gmail email, when you received a similar subject, simply click the "Report spam" or delete it. Don't bother to open the message.
Hey,

I have to be quick.

It’s your last chance...There are only 18 spots left... If you just want the link, here it is, hurry there NOW:

[Name removed, not worthy to mention] is going back underground with his profit-sucking software, along with a pile of cash that gets bigger every day.

He has almost hit his limit of available copies and will be putting up the sold out sign anytime soon...

We’ll never see anything like it again.

No doubt by now you’ve heard the buzz about the controversial proof making fools outta the ‘gurus’ he’s exposed…
====

Other article to read:
Anthony Morrison - Hidden Millionaire is a scum

I received this email today about Google Lottery. I know this email scam for years and I wonder why it was able to pass through my Gmail anti-spam security. Here's the exact email message:
+++
Dear Sir/Madam,
Congratulations to you!! You have just been picked as one of our luckywinners of £850,000 British Pounds in our online promotions. For more info/ how to claim your winnings,contact the processing officer (Mr. Grahams Benfield) with the email addresses below by sending your winning numbers,full names, sex and location.

This is alarming and I would like to inform our readers if you manage your domain name for personal or business use. Please call your registrar or email customer service, ask them to lock your domain name and not to transfer without your approval. This is added task from locked domains and changing your account password regularly. "Weitzman has been in the domain game since 1994 and oldtimers in the industry know him as one of the pioneers in the business. Weitzman is a quiet guy who has never been interested in the spotlight, but as the victim of a major domain hijacking he is speaking up now with the hope that the publicity will lead to the return of his domains and prevent problems for others who might unknowingly buy the stolen names and lose their investment. Weitzman is also trying to find out how the theft happened and he believes the break-in could have occurred as high as the registry level at Verisign." (2009, DNJournal.com)

I've read an article that was posted yesterday July 14, 2009 regarding Twitter was Hacked by Hacker Croll.He had access to the Paypal, Amazon, Apple , AT&T, MobileMe and Gmail accounts of Evan Williams, Sara Morishige Williams, Margaret Utgoff and Kevin Thau (twitter employees)."(2009, Tomsoft). According to Tomsoft, the hacking was done through google apps using simple to guess password.

If you have a Facebook account, you need to read this article. This is another phishing incident that was reported today courtesy by Reuters.com.

"Hackers launched an attack on Facebook's 200 million users on Thursday, successfully gathering passwords from some of them in the latest campaign to prey on members of the popular social networking site.

Facebook spokesman Barry Schnitt said on Thursday that the site was in the process of cleaning up damage from the attack.

He said that Facebook was blocking compromised accounts.

Schnitt declined to say how many accounts had been compromised.

The hackers got passwords through what is known as a phishing attack, breaking into accounts of some Facebook members, then sending e-mails to friends and urging them to click on links to fake websites.

Those sites were designed to look like the Facebook home page. The victims were directed to log back in to the site, but actually logged into the one controlled by the hackers, unwittingly giving away their passwords.

The purpose of such attacks is generally identify theft and to spread spam.

The fake domains include www.151.im, www.121.im and www.123.im. Facebook has deleted all references to those domains." (2009, Reuters.com)

I have a client that have asked me to assist them fixing their "hacked" website through vulnerabilities of old version of Joomla CMS. I said you should always apply the latest release of Joomla, they are very active in patching security vulnerabilities.

Just in today (actually a couple of days ago, wednesday).  "It was one of those things she never does. But, Wednesday night, when Amory Wooden, 27, received a Facebook message from a friend directing her to a new Web site, she clicked on it. Not only that, once fbstarter.com popped up in her browser, she typed in her Facebook user name and password.

She had no idea she'd been hoaxed until Thursday morning, when messages from Facebook friends started pouring in about how they all fell for it." (2009, abcnews.go.com)

I've got some questions from our visitors on how to remove the Spyware Protect 2009 Alert program in your workstation. I know it's annoying to see this pop-up, well you come to the right place to get additional information on how to get rid of this program on your workstation.

When you first bought your computer (workstation) or your laptop, did you set your Automatic Updates to install Microsoft Security Updates daily?

Did you install anti-virus software and download updates daily?

If you have not done it lately, it's highly recommended to download the latest Windows Security Updates and run anti-virus live update for your workstation. This is to minimize risk of exposure, patch vulnerabilty and close known exploit. This coming April 1st, April fools day a virus known as The Conficker Worm will start attacking computers connected to the network and Internet. I don't know the attack pattern, in the past the attacker created a botnet to disabled known website through Destributed Denial of Service (DDoS) Attack. The method of attack might be different as they know that most businesses added security measures against this type of attack.
This is the time to run Windows Update, update your antibot software, and update your anti-virus software.

Here's how to check you workstation via Microsoft OneCare online service.
For Windows XP, please use this link:
http://onecare.live.com/site/en-us/default.htm

For Windows Vista, please use this link:
http://onecare.live.com/site/en-us/center/whatsnew.htm

To run the online tool, you need to use Microsoft Internet Explorer 6.0+ browser. I'm not surprise that they don't support Google Chrome or Firefox to run this tool. Click on Full Scan, it will take a while to complete the scan depending on how many files you have in your workstation. Be patient.

After the scan, read the report.

Norton website provide detailed information about The Conficker Worm.

What to do if you are infected? Here's a three (A, B, C) different approach to correct this problem. Click the one appropriate for your workstation.