There is a recent outbreak of something called ransom-ware, which is exactly as it sounds: a program is installed without your consent, and takes control of your computer. It gives you a persistent warning and claiming that your computer is infected and the only way to solve the problem is to pay $35 by Credit Card, to disinfect your computer. It is obvious that the company claiming to remove it is the same group that developed the bug, itself. Behind this Ransomware technology are people who have been convicted in the past, in other countries (I live in the US), who have been tried and convicted previously for various phone fraud / extortion schemes.
If you think that this is not profitable, think again. According to a recent article in the San Jose Mercury, these kinds of schemes are bringing in over 10,000 orders a day to remove this ‘bug’.
As of the writing of this post, the current incarnation of this bug is called theĀ Backdoor.Win32.Delf.ctk Trojan, but the behavior and name can and will vary slowly over time. The scheme will remain the same; a program forces its way on to your windows machine, pesters the computer user, and eventually freezes the computer, BUT it gives you the option to buy special software to make it all go away.
The best way to avoid future problems is to simply completely restore your machine to ‘factory state’ (First, back up your important files – like the entire My Documents directory for each Windows user, backup the Microsoft Outlook calendar, contacts and mail, and any Quicken / Quick Books files, then reinstall Windows:
– once Windows is reinstalled to the ‘factory state’, then smart preventative web surfing behaviors should be enforced.
– Immediately install a popular brand-name Cable/DSL Router on your network (a piece of hardware between $29 – $200, depending on features, etc),
– Update your computer, (using Internet Explorer, click on this link the Windows Update Website or copy it inside of Firefox and paste it — right-click the link and choose to Copy Link Location from the popup menu, then paste it into the address bar of Internet Explorer).
– Purchase and install an anti-virus like Nod32 (ESet Nod32 Anti-Virus for Home) , AVG or Kaspersky.
– Install and update Microsoft Office if it was originally on your computer. If you no longer can find the installation disk, you can download a free version Open Office from OpenOffice.org
– Install Adobe Acrobat Reader
– install iTunes on the computer, but do not let the install ‘find’ music on your machine right now. This needs to be done later
– create a second account (Control Panel – User Accounts – Create new account) called Family and place a password on this account to control computer access of your kids,
– login to the Family account and make sure FireFox, Microsoft Office or Open Office programs, as well as Acrobat Reader will all launch
– Logoff this account by selecting Start – Log Off , and then login to the other account on the machine: (This account, too, should have a password and should only be used by parents.) Control Panel – User Accounts – select the non-Family account icon at the bottom of this user account section, and then click on the link above that says something about adding a password. Close out of these User Account windows entirely.
– Change the Family account type so that the users of the machine in the Family account cannot install anything – including the unintentional installation of bugs (Control Panel – User Accounts – click on the Family account icon, change the account type to limited).
If a program needs to be updated in a Windows limited account, there should be no problems. All additional program installations in limited accounts should be performed by downloading the program in the parent account, and installing it, or downloading it on the limited account desktop and then right-clicking the installation file and selecting the “Run As…” option. Change your user name to the parent account and use the parent account password and then begin the installation.
For more details, please feel free to contact me or drop a comment in the post.
Menlo Technical Blog 