Recovering from a Trojan Horse or Virus

 Recovering from a Trojan Horse or Virus

It can happen to anyone. Considering the vast number of viruses and Trojan horses traversing the Internet at any given moment, it’s amazing it doesn’t happen to everyone. Hindsight may dictate that you could have done a better job of protecting yourself, but that does little to help you out of your current predicament. Once you know that your machine is infected with a Trojan Horse or virus (or if your machine is exhibiting unexpected behavior and you suspect that something is wrong), what can you do?

Best practice before it happens 

1. A backup  will save Data, Time and money. In some cases fighting the virus and Trojan can cost more that replacing a machine. Acroniss and symantic are good choices from making full backup
2. Most machines do not come with a recovery CD and needs to be created right after you purchase the machine 
3. Keep all software that will be needed to recover the machine in a safe location.

 1. Call IT support
If you have an IT support department at your disposal, notify them immediately and follow their instructions. ( If not call Spider Networks Inc)
2. Disconnect your computer from the Internet
Depending on what type of Trojan horse or virus you have, intruders may have access to your personal information and may even be using your computer to attack other computers. You can stop this activity by turning off your Internet connection. The best way to accomplish this is to physically disconnect your cable or phone line, but you can also simply “disable” your network connection.
3. Back up your important files
At this point it is a good idea to take the time to back up your files. If possible, compile all of your photos, documents, Internet favorites, etc., and burn them onto a CD or DVD or save them to some other external storage device. It is vital to note that these files cannot be trusted since they are still potentially infected. (Actually, it’s good practice to back up your files on a regular basis so that if they do get infected, you might have an uninfected set you can restore.)
4. Scan your machine
Since your computer (including its operating system) may be infected with a malicious program, it is safest to scan the machine from a live CD (or “rescue” CD) rather than a previously installed antivirus program. Many antivirus products provide this functionality. Another alternative is to use a web-based virus removal service, which some antivirus software vendors offer (try searching on “online virus scan”).
The next best action is to install an antivirus program from an uncontaminated source such as a CD-ROM. If you don’t have one, there are many to choose from, but all of them should provide the tools you need.

Dell Slammed For Shipping Computers With superFish Security Flaw

Dell Shipping pre-installed on some Dell laptops.

 Here’s what you need to know about this Superfish-like vulnerability, and how you can check to see if your Dell laptop is affected.

The certificate, called eDellRoot, causes any affected computers to trust any SSL certificate it signs. Because the key is stored locally, an attacker could forge a signed key and expose users on the machine to man-in-the-middle SSL attacks. According to the US Comptuer Emergency Readiness Team (US-CERT), that means you could be vulnerable to an attacker impersonating web sites (even ones that look like they’re HTTPS.) A falsely signed certificate can also let an attacker send email or sign and install software that slides past Windows’ built-in security or your anti-malware tools. Additionally, any encrypted network traffic and other data could be accessed and captured by the third party, HTTPS traffic to legitimate sites can be captured and decrypted.

The Dell Inspiron 5000, XPS 15, and XPS 13 have the certificate pre-installed, but Dell is still unsure how many computers out there are actually affected

Fortunately, Dell has already provided a fix for finding the certificate and revoking its permissions. It can be a complicated task for those who don’t normally go digging in their operating system, but Dell has issued step-by-step instructions for removing the certificate. If your machine is affected, it’s important to remove the certificate and the DFS component that re-installs the certificate.




Click here for removal instructions from Dell

You can read the statement Dell issued at the link below. We’ll update this post as we learn more.

Update: Dell has included an automatic removal tool in its certificate removal instructions to make the process much easier (link is on page 3). Dell will also push a software update starting sometime today that will check for the certificate, and if detected remove it. Lastly, we mistakenly recommended a check tool from security researcher slipstream/RoL, but this tool actually checks for another issue related to the same software.

Update Two: Security researchers have found a second certificate (DSDTestProvider) that allows attackers to create trusted certificates and perform impersonation, man-in-the-middle, and passive decryption attacks. CERT recommends you revoke the certificate using Windows certificate manager (certmgr.msc)

Response to Concerns Regarding eDellroot Certificate

Computer IT management solutions

Reliable and proactive IT management solutions

A comprehensive business technology management solution that delivers proactive monitoring, maintenance and IT support all for one monthly flat fee for businesses that requires full control, increased productivity and peace of mind

Reduce your Risk,reliability and cost of ownership by automating the infrastructure

http://www.spidernetworks.net/

#computerconsultant #cybersecurity #browardcomputer #Managedservices

 

 

Network Management

 

 
With around the clock network monitoring, we are able to proactively respond to alerts and avoid downtime and identify bottlenecks.

 

 Managed Security

 

Dedicated team of Engineers, your end user receive rapid response and support (onsite, remote) from engineers they know.  

 

 

Protecting your business from today’s malware and cyber-attacks by deploying the required security measures to protect your business.

 

Servers Management 

 

Scheduled maintenance tasks such patching, firmware updates and optimization insures servers are running with optimum stability.  

 

 

Disaster Recovery

 

Design, implement and manage your business backup and disaster recovery plan, allows us to bring you back in business faster.  

Reporting

 

Scheduled systems performance and asset reports as well as  quarterly review with your IT manager to discuss goals and current issues.