Replies

Fred,
Long time reader, first time writing.
With regards to your very excellent article on the LizMoon virus, I wouldtake exception to one piece of advice. I advise my clients to NEVER touch ANYselectable object in a suspect window. The reason being that any object(including the X to close) does what it does because it is actually running asmall program.

One of the most common that I am running into is a modification of the”X” that causes your installed security application(s) to loseinternal communication between the search engine module and the databasemodule. The search engine continues to operate normally (thus no error messagefrom the Security Center), but the database can’t hear it (although it is stillloaded and being updated), and thus can’t tell it to stop.

Use of Ctrl+Alt+Del makes perfect sense to us old guys who started withcomputers back in the days before we had mice . . . but is WAY too geeky forthe next couple of generations who grew up with a mouse in their hand. Toogeeky translates into “they won’t remember it when the time comes”,and thus I ALWAYS recommend that they very carefully remove the cursor from thesuspect window, go down to the TaskBar, right click, and select Task Manager(or Select Task Manager).

This works in all versions of windows and does not further confuse the usersof Vista and Windows 7 by giving them the extra window. Once there, I instructthem to select the Applications tab if it is not already selected, and locatethe suspect window based on its Title Bar information, select it, and then justclick on the End Task button.
For your readers that might benefit from a more complete set ofinstructions, they are welcome to go to http://www.1stComputerTechnologies.com/newsand copy my article. They have my permission to copy the article (prints out toabout 2.6 pages) so that they can share it with their friends and/or clients.

Gary R Hill
1st Computer Technologies, Inc.
Zephyrhills FL

Laura,

Thanks for you suggestion. I followed your link and have it downloaded into my toolbox. I will give it a try on a computer I am working on that belongs to Sandy Bahr (coincidence?).

Carl,

Please allow me to add my two cents worth . . .

The following is a clip from the NEWS page of my web site:

PRESUME THAT ANY OTHER NOTIFICATION OF ANY KIND IS A DISASTER WAITING TO HAPPEN AND DO NOT CLICK ON ANYTHING IN THE WINDOW. IF POSSIBLE, DON’T ALLOW YOUR MOUSE TO PASS OVER THE WINDOW! At this point, you must presume that everything in the suspicious window is a booby trap . . . because it probably is!

Remember, they are trying to get you to panic!

1. Remove your hand from the Mouse and take a deep breath. You are under attack, but the solution is quick and simple.

2. Locate the cursor and if it is in the suspect window, carefully remove it without passing over any item that might activate a response.

3. Right-click on the Status Bar (the bar on the bottom of the screen) and select Task Manager.

4. Click on the Applications tab, select the suspect program and click on the End Task button in the bottom of the Task Manager window. This will safely exit the attack without unknowingly activating anything you will wish you hadn’t activated.

That’s all there is to it! Now lets practice. Open NOTEPAD and pretend that it is a false security pop-up. Practice closing it with the four steps listed above.

Congratulations! You are now an expert in avoiding the most common form of attack, the False Security Warning con.

For the full article, go to http://www.1stcomputertechnologies.com/news/news.htm

What the crooks are doing is taking a perfectly benign popup and booby-trapping every selectable object including the ‘X’ that you would use to close the offending window. Technically, it is a pretty simple process and the end result is that it trashes your security application in such a way as to not arowse the Microsoft Security Center and then it is free to do its evil deeds.

To your reader who is taking care of 1,000 computers at his school, I have a suggestion that will solve his problem quickly. And best of all, it’s FREE (donateware).

Go to http://www.stevengould.org/index.php?Itemid=223&id=29&option=com_content&task=view and download his excellent CleanUp! application. It can be set to several different levels by clicking on the OPTIONS button, not the least of which will enable him to clean all the users on the machine at once.

Hope he enjoys it as much as I have over the years. , this is not a new program, having last been updated in 2006, but it works well in XP, Vista, or Win7.

Gary R Hill
the Florida Swampster