PDF Malware Using New Attack Technique | threatpost

Even PDF attachments aren’t safe. If you receive an email from an unknown sender with a PDF attachment, be aware that trying to open it might launch an executable that can inject malware into your system.

The attack produces a warning dialogue box, but users are accustomed to seeing, and ignoring, those in many situations. In this particular new malware campaign, the attackers have used that tactic, along with adding some extra white space to the dialogue box to make it look less suspicious.

Read more at PDF Malware Using New Attack Technique | threatpost.

Posted in opinion, security, tech. Tags: , , , . No Comments »

Facebook Christmas Worm Spreads Holiday Infection — InformationWeek

Facebook Christmas Worm Spreads Holiday Infection — InformationWeek.

PandaLabs, the research arm of anti-malware company Panda Security, says that a variant of the Koobface worm, Koobface.GK, is being spread through the posting of malicious links of Facebook wall pages.

Attempting to play the video or to click on the links on the page leads to an infection attempt, which will compromise the victim’s computer if successful.

The links take Facebook users to a fake embedded video player that offers a Christmas greeting, in keeping with the tendency of cybercriminals to try to exploit current or seasonal events.

helper.dll and _helper.dll removal

Problem: User has Trojan/Adware BHO


  • Internet Explorer crashes
  • Performance degradation. Took more than 10 minutes to log into the computer
  • At bootup/startup, the “C:\Program Files\Common” folder opens up automatically and contains helper.dll and _helper.dll
  • Popups/Ads indicating viruses are present

How to remove helper.dll and _helper.dll
1. Download and run HijackThis
2. You will probably see two entries like these:

  • O2 – BHO: Browser Helper Object – {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} – C:\Program Files\Common\_helper.dll
  • O18 – Filter: text/html – {921b3402-a7b7-411d-84a6-70f617503fe9} – C:\WINDOWS\system32\dsound3dd.dll

3. Place a checkmark next to both and click on “Fix checked”
4. Download, install, and run CCleaner
5. Download, install, and run Malwarebytes (don’t forget to update the definitions before scanning)
6. Scan your machine using AntiVirus software
Online Scanners:

Or Download:

7. After bootup, you still may have an issue with the “C:\Program Files\Common” folder opening up automatically. Delete the folder since it was created by the Trojan, it should be empty; and is not necessary. If you want to keep it,you can also do the following:

1. Open up the registry (via regedit.exe)
2. Navigating to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Make sure all Data values under this key are surrounded by quotation marks.
4. Exit out and reboot.

For more information on this particular threat:

WinPC Fake AntiVirus and uacinit.dll

My dad is fairly computer literate, won’t click on unknown email attachments, popups, etc. So when he called me at 7:15 in the morning to ask for help, I knew I was in for a doozy.

When I checked his computer (windows XP), I noticed the following symptoms:

  • Computer would freeze after boot up
  • Windows Genuine Advantage tray (wgatray.exe) would crash after bootup
  • AVG crashed after bootup
  • Windows Defender crashed after bootup.
  • SuperAntiSpyware would crash when trying to launch
  • Malwarebytes would not launch
  • When trying to launch IE (Firefox would not launch at all), a popup would show up, indicating the PC was infected and that we would have to buy WinPC to fix it the problem

He definitely picked up something. And this trojan/virus had disabled all security programs and prevented us from going to any security website.

Well, I had two options, neither of which was quick and dirty [both options required an XP installation CD]. My best bet would’ve been to back  up his important files, wipe out the computer, and reinstall the OS. The second option, which I chose, involved booting the PC using a BART PE CD. I chose the second option because reinstalling the OS, along with the countless applications and drivers, would’ve been slightly easier but enormously time consuming – it was Memorial Day weekend and I didn’t want to stay indoors forever.

How to remove WinPC and uacinit.dll

1. From another, clean computer, get yourself a recent copy of Malwarebytes, SuperAntiSpyware, updated definitions, Avira Antivirus PE, CCleaner, and Windows Service Pack 3 (see links below). Save them to a USB drive or burn them to a CD/DVD.

2. If you don’t have one already, make yourself a BART PE CD or any other Windows Preinstalled Environment CD. You need this to be able to see the UAC files that need to be deleted. They don’t show up in Normal or Safe Mode.

3. Boot your computer using the BART PE CD. Search for and delete all files in your hard drive that begin with the letters UAC (search for UAC*.*). Most of the files are located in the C:\Windows\system32 directory. You may find some in the C:\Windows\system32\drivers directory.

4. Search for and delete files called asd.bat.

5. At this point, you should be able to install and run the real antispyware programs. Restart the computer into Normal Mode. Install and run CCleaner, to remove cookies and temporary files. Turn off System Restore. Install Malwarebytes and SuperAntiSpyware, along with their updated definitions.

6. Restart the computer into Safe Mode. Scan and clean using Malwarebytes.

7. Restart the computer into Safe Mode, delete anything quarantined by Malwarebytes. Scan and clean using SuperAntiSpyware.

8. Restart the computer into Safe Mode. Delete anything quarantined by SuperAntiSpyware.

9. Restart the computer into Normal Mode, scan and clean again using Malwarebytes.

10. Restart the computer into Normal Mode, scan and clean again using SuperAntiSpyware.

11. By this point, it should be clean however, repeat steps 6 through 10 if the reports come back with infections.

12. Install Service Pack 3 to repair any corrupted security files or registry settings.

13. Install and update Avira Antivirus PE. Scan and clean.

14. Update Flash and java (because you probably got the trojan through security holes present in previous versions of flash or java). Install your Windows Updates (patches).

That’s it!  Easy, right? Like I said, you are probably better off just starting from scratch.

Conficker Eye Chart

Worried you might have the Conficker virus? Here’s a quick and dirty way to check:

Conficker Eye Chart