Home

The Danger of Rootkits

A rootkit is a collection of program tools that enable user-level access to a computer or a computer network. Typically, a hacker installs a rootkit on your computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking your password. Once the rootkit is installed, it allows the attacker to mask its intrusion and gain root or privileged access to your Windows PC.

A rootkit may consist of spyware and other malicious programs that monitor traffic and keystrokes, create a “backdoor” into the system for the hacker to use, attack other machines on a network and alter existing system tools to escape detection.

Rootkits often try to enter your PC by executing a phishing attack, where a hacker tries to trick you into running an executable file (.exe) in an email attachment, or via a hyperlink distributed via email or instant messaging. Once they are in place, rootkits are not too easy to find or get rid of.

The rootkit threat is not as widespread as viruses, malware and spyware. But removing rootkits is largely a reactive process. You will only notice changes to your computer after you are infected by a rootkit.

Is There Really a Rootkit Problem?

To determine if there is truly a rootkit operating behind the scenes, use a system process analyser such as ‘Sysinternals ProcessExplorer‘ or, better yet, a network analyser. By using these tools, you will probably be surprised to find what programs are doing and what is going in and out of your PC’s network adapter. You may also discover that you simply have an over-worked PC running with too little memory or a severely fragmented hard drive.

However, if your computer is normally super-fast with no lack of memory or hard drive issues, but still slows down and even starts to behave badly, then a rootkit attack could be the cause. But equally these symptoms could be the result of a virus or a spyware attack.

It is one thing to find a rootkit, but quite another to remove it and any spyware it is probably hiding. In fact, it may or may not be possible. In many cases you will never really know if you are infected since a rootkit can often interfere with your scanning and removal programs.

Before you even try to remove a rootkit make sure you take a backup all your important data files.

Rootkit Detection and Removal Using Software

Sysinternals, F-Secure and Kaspersky all offer standalone rootkit detection tools, Sysinternals RootkitRevealer  (is only for Windows XP (32-bit) and Windows Server 2003 (32-bit),  F-Secure Blacklight and Kaspersky TDSSKiller.

Even Microsoft has implemented rootkit detection features in its own malicious software removal tool.

Tip – For an extensive list of rootkit detection tools see ’16 Free Rootkit, Trojan Horse, Virus and Spyware Removers for Windows 10′ – www.geckoandfly.com/4696/the-best-rootkit-virus-detector-detection-and-remover-scanner.

Removing a rootkit with cleaning tools may actually leave Windows in an unstable or inoperable state depending on which files were infected and subsequently cleaned. Or, worse, a well-coded rootkit could conceivably detect the removal process and self-destruct taking your data out with it!

If these cleaning tools do not find anything, or they do find a rootkit but cannot delete it, then you could keep trying other tools, but there does come a point time when you have to evaluate if the effort is worthwhile. Perhaps you should just wipe your Hard Drive and re-install your Windows Operating system.

Some Defences Against Rootkits

To truly protect your computer, make sure you always read the current user instructions for your scanning tools to see what special steps you need to take before, during and after the clean-up process.

Then, after you’ve found and cleaned a rootkit, re scan your system to double-check that it was fully cleaned and the rootkit has not returned.

To help stay protected from rootkits you should regularly update all your software. This includes programs like your antivirus programme and any spyware or malware programmes you make use of.

Also keep all of your Microsoft software up-to-date by turning on Windows Automatic Updates (for Windows 10 – Settings – Update & Security/ Windows Update). Your computer will automatically download Microsoft security updates when your computer is online.

How to remove Malware from your Windows 10 PC

Is your PC running slower than usual or are you getting lots of unwanted pop-ups? If so, your computer may be infected with Malware.

Short for “malicious software,” Malware refers to software programs designed to damage or do other unwanted actions on your computer system. Common examples of Malware include viruses, worms, trojan horses, and spyware. In particular, Spyware can gather data from your PC without you even knowing it. This can include anything from the web pages you visit to personal information, such as credit or debit card numbers.

Although other problems such as hardware issues can produce very similar symptoms, it’s best to check for Malware if your computer is beginning to act strangely.

First Download Malware Scanners

Fortunately, running a Malware scanner is enough to remove most standard infections. If you already have an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may not have detected the malware. Remember, no antivirus program can detect 100% of the millions of malware types and variants.

There are two types of antivirus programs.

1. Real-time antivirus programs, which run in the background and constantly watch for Malware.

2. On-demand scanners, which search for Malware infections when you open the program manually and run a scan.

You should have only one real-time antivirus program installed at a time, but you can have many on-demand scanners installed which ensures that if one program misses something a different one might well find it.

If you think your PC is infected download an on-demand scanner first and then follow up with a full scan by your real-time antivirus program. (Among the free, and high-quality, on-demand scanners available are BitDefender Free Edition, Kaspersky Virus Removal Tool, Malwarebytes and Microsoft’s Malicious Software Removal Tool)

Enter Windows Safe Mode before you run these programmes

If you think your PC may have a Malware infection, boot your PC into Microsoft’s Safe Mode. In this mode, only the minimum required programs and services are loaded so if any Malware is set to load automatically when Windows starts, entering Safe Mode may prevent it from doing so. This is important because it allows any malicious malware files to be removed easier, since they are not actually running or active.

To boot into Windows 10 Safe Mode, first click the Start Button and then select the power button as if you were going to reboot, but don’t click anything just yet. Now hold down the Shift key and click Reboot. When the full-screen menu appears, select Troubleshooting, then Advanced Options, then Startup Settings. On the next window click the Restart button and wait for the next screen to appear. Next you will see a menu with numbered startup options; select number 4, which is Safe Mode.

You may find that your computer runs noticeably faster in Safe Mode. This could be a sign that your system has a Malware infection, or it could mean that you have a large number of legitimate programs that normally start up alongside Windows.

Delete all your Temporary files

Now that you are in Safe Mode, you should run a virus scan. But before you do that, delete your temporary files. Doing this may speed up the virus scanning, free up disk space, and even get rid of some Malware. To use the Disk Cleanup utility included with Windows 10 just type Disk Cleanup in the search bar or after pressing the Start button and select the tool that appears named Disk Cleanup. Select the drive you want to clean (probably your C Drive) and then click OK. In the list that appears select Temporary files and then click OK. Disk Cleanup will ask you if you want to permanently delete these files, so click Delete Files.

Once you have run one or two on demand antivirus programs and your real-time antivirus program try running a scan with Malwarebytes.

Run the setup file for Malwarebytes and follow the instructions to install the program. Once the program opens, it will automatically activate a trial of the paid version that enables real-time scanning. You will not get charged after the trial ends, as the program reverts to the standard free version in 14 days. In the meanwhile, you can disable the real-time scanning for those two weeks if you prefer.

To run a scan, switch from the Dashboard tab to the Scan tab. Keep the default scan option (Threat Scan) selected and click the Start Scan button. It should check for updates before it runs the scan, but make sure that happens before you proceed. Depending on the speed of your computer, a Threat Scan can take anywhere from 5 to 20 minutes. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being Malware or as being infected by Malware.

Once the scan is complete, Malwarebytes will show you the results. If the software gives your system a clean bill of health but you still think that your system has acquired some malware, consider running a Custom Scan with Malwarebytes and trying the other scanners mentioned earlier in this email. If Malwarebytes does find infections, it will show you what they are when the scan is complete. Click the Remove Selected button in the lower left to get rid of the specified infections. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.

Even if the Malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.

Fortunately, running a Malware scanner in Safe Mode is enough to remove most standard infections.

However, if Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. With this scenario you might be better off reinstalling Windows 10 after backing up all your files. Copy all of your files to an external USB Drive or flash drive. If you check your email with a client program (such as Outlook or Windows Mail), make sure that you export your settings and messages to save them. You should also back up your device drivers with a utility such as Double Driver, in case you don’t have the driver discs anymore or don’t want to download them all again.

Once you have backed up everything, reinstall Windows either from the disc that came with your PC, by downloading the installation image from Microsoft, or by using your PC’s factory restore option, if it has one.

Remember, you cannot save installed programs. Instead, you’ll have to reinstall the programs from discs or re-download them.

Finally fix your web browser

Malware infections can damage Windows system files and other settings. One common malware trait is to modify your web browser’s homepage to reinfect the PC, display advertisements, prevent browsing, and generally annoy you. So before launching your web browser, check your homepage and connection.

For Internet Explorer right-click the Windows 10 Start button and select Control Panel, then Internet Options. Find the Home Page settings in the General tab, and verify that it’s not some site you know nothing about. For Chrome, Firefox, or Edge, simply go to the setttings window of your browser to check your homepage setting.

Keep your Windows 10 PC clean

Always make sure that you have a real-time antivirus program running on your PC, and make sure this program is always up-to-date. If you don’t want to spend money on yearly subscriptions, you can choose one of the many free programs that provide adequate protection, such as Avast, AVG, Panda, or Comodo. Also run Malwarebytes daily or weekly to check for Malware intrusions.

Keep Windows and other software up-to-date. Make sure that you have Windows Update turned on and enabled to download and install updates automatically.

How to deal with Ransomware Like Petya or WannaCry

The short answer is to do a combination of things such as perform a reliable backup, make sure your PC is protected and use automated removal tools if the worst happens. These things can be a solid defence against the growing menace of Ransomware.

Ransomware does not sneak into your PC like ordinary malware does. It suddenly appears and demands cash, otherwise it may encrypt all the files on your Windows PC.

A form of Ransomware similar to Petya has attacked the Ukraine and other sites around the globe, encrypting files until a ransom has been paid. Researchers, though, have moved quickly to block the spread of the Ransomware, also known as Petrwrap, exPetr, Petna, and SortaPetya.

There is no real way to remove Petya Ransomware, but researchers have come up with a few ways to immunise your Windows PC and malware companies are working hard to block it completely.

We will just have to wait a while until these ‘solutions to the threats’ are applied to defeat the current crop of Ransomware.

Petya is the second major Ransomware outbreak in the last two months, following WannaCry, which appeared to leverage software the National Security Agency developed, and was then turned into malware. It struck the U.K. National Health Service and several other banks and organisations.

Ransomware Hits You Where It Hurts – So Prepare Well Against Possible Attacks

A few common-sense habits can help limit your exposure to malware and Ransomware.

Keep your computer up to date via Windows Update. WannaCry doesn’t even try to attack Windows 10, choosing instead Windows XP and other older Windows operating systems.

Ensure you have an active firewall and anti-malware solution in place. Windows Firewall and Windows Defender are barely adequate, so a good third-party anti-malware solution is far better. WannaCry patches are already available, even for Windows 8 and Windows XP.

Ensure that Adobe Flash is turned off, or surf with a browser like Google Chrome, that turns it off by default.

Turn off Microsoft Office macros, if they are happen to be enabled (In Office 2016, you can ensure they are off from Options – Trust Center – Trust Center Settings – Macro Settings).

Never open questionable links, either on a webpage or especially in an email. The most common way you will encounter Ransomware is by clicking on a bad link. Likewise, stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you are not careful, but the risks greatly increase if you end up surfing where you should not.

For dedicated anti-malware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting Ransomware. RansomFree has also developed what it calls anti-ransomware protection. Typically, however, anti-malware programs reserve anti-ransomware for their paid commercial suites.

You can download free anti-ransomware protection like Bitdefender’s Anti-Ransomware Tool, but you will only be protected from four common variants of ransomware. Kaspersky also claims that it can block Petya or Petrwrap by simply rolling back changes via its System Watcher component.

Backing Up Your PC Could Be a Good Strategy

Ransomware encrypts and locks up the files that are most precious to you so there’s no reason to leave them vulnerable. Backing them up is a good and solid strategy.

Take advantage of the free storage provided by OneDrive, Google Drive and others, and back up your data frequently. (But beware, your cloud service may back up infected files if you don’t act quickly enough.)

Better yet, invest in an external hard drive, such as the WD 1TB Elements Portable External Hard Drive, to save some less-frequently accessed “cold storage.” Perform an incremental backup every so often, then detach the drive to isolate that copy of your data.

If You are Infected

How do you know you have Ransomware? You will just know. Ransomware tends to be obvious, the imagery associated with most Ransomware is designed to invoke stress and fear in its victims.

Don’t panic. Your first move should be to contact the authorities, including the police and the UK’s National Fraud and Cyber Crime Reporting Centre. Then ascertain the scope of the problem, by going through your directories and determining which of your user files is infected. (If you do find your documents now have odd extension names, try changing them back – some Ransomware uses “fake” encryption, merely changing the file names without actually encrypting them.)

Identification and Removal

If you have a paid anti-malware solution, scan your hard drive and try contacting your vendor’s tech support and help forums. Another excellent resource is NoMoreRansom.com’s Crypto-Sheriff, a collection of resources and Ransomware uninstallers from Intel, Interpol, and Kaspersky Lab that can help you identify and begin eradicating the Ransomware from your system with free removal tools.

If all Else Fails

If you have good copies of your data saved elsewhere, online and on an external hard drive, all you may need to do is reset your PC, reinstall all your applications and restore your data from the backups.

How to remove your login password from Windows 10

While strong account passwords are important (and recommended by QBS PC Help) not every user wants or needs to enter a password every time they boot their Windows 10 PC. Thankfully, there is an easy way for users to disable or bypass the Windows login screen and automatically log directly into their account when booting.

All you need to do is log into your Windows 10 user account as you normally do by entering your password at the login screen. Next, click Start (or tap the Windows Key on your keyboard) and type netplwiz. The ‘netplwiz’ command will appear as a search result in the Start Menu search. Hit Enter on your keyboard or click on the result to open it.

A new window labeled “User Accounts” will appear, listing all the user accounts on your Windows PC. Click on your user account to select it and then uncheck the box at the top labelled “Users must enter a user name and password to use this computer.”

You’ll be prompted to enter the user account’s password (this is a safeguard to ensure that other users on the PC can’t change the settings for accounts they don’t have access to). Enter your account’s password and then click OK to close the window.

Finally, test the new setting by saving all open work and rebooting your PC. If all steps above were performed correctly, Windows 10 should bypass the login screen and load directly into your user account without prompting you for the account’s password.

Bypassing the Windows 10 login screen is relatively safe if there is a low chance of someone else gaining physical access to your PC. If you work in a shared office space or use a laptop that travels outside of your home or office, for example, you probably shouldn’t configure your account to bypass the Windows 10 login screen.

But if you’re a home user with a desktop PC or laptop that never leaves the house, and you don’t have a history of break-ins or nosy children, it’s relatively unlikely that an unauthorised user will gain physical access to your PC.

Back up your third-party hardware drivers in Windows 10

Tracking down drivers and control software for internal and external hardware devices after a clean reinstall of your Windows 10 Operating System doesn’t have to be a tedious job. The secret is to back up the driver file repository that Windows 10 kindly maintains for you.

Windows 10 includes a full library of class drivers that allow most devices, internal and external, to function without requiring any additional software. This core library is copied during Windows setup to a protected system folder, which means that most devices will work immediately after you finish Windows 10 Setup.

But unlocking the full capabilities of a device sometimes requires a third-party driver and control software, which can be installed by an OEM on a new PC or delivered via Windows Update. (You can also acquire up-to-date drivers by downloading them from the hardware vendor’s website and running an installer program.)

Regardless of how they’re acquired, all these added drivers (along with setup information files and supporting files required for installation) are saved in their own sub-folders within a special system folder. Back up that folder and you can save yourself hours of searching for drivers if you ever need to reinstall Windows from scratch on that device.

To back up your current collection of drivers, open File Explorer and go to C:\Windows\System32\DriverStore. Copy the FileRepository subfolder to a backup location, such as a USB flash drive or removable hard drive. (This folder and all its sub-folders can be several gigabytes in size, so make sure you use a big enough backup drive.)

After your clean install is complete, you can quickly reinstall any custom drivers by using the Update Driver option from Device Manager and specifying the backed-up copy of the FileRepository folder as the location where you want Windows to look for new driver files.

How to show the taskbar on only one display in Windows 10

Windows 10 has some nice features for multi-monitor setups. One of which is the ability to display the taskbar on only one monitor.

Changing this setting really comes down to your own personal preferences as there are clearly some good reasons to keep the taskbar on both monitors.

For example, since the Anniversary Update the taskbar clock is displayed on both monitors. If you play games or are watching a movie this gives you an easy way to keep an eye on the current time.

Nevertheless, some people prefer the cleaner look of having the taskbar on a single display. In Windows 10, this is really easy to set up, but first you must make sure you have the right display chosen as your main monitor because once you’ve made this change it will only show up on your primary display.

So if you have a multi-monitor set up Go to Start > Settings > System > Display. Here you will see your two monitors labelled 1 and 2. Click on the monitor you wish to use as your main display and then check the box labelled ‘Make this my main display.

Now go to Settings > Personalization > Taskbar and scroll down to the Multiple displays heading. Switch off the slider labelled ‘Show taskbar on all displays’ Your taskbar will now only appear on your main display.

How to find out what’s slowing down your Windows PC

The Windows Resource Monitor can help you to track down the resource hog’s that are slowing down your Windows computer.

If your using Windows 7 click Start, and then Run and type ‘resmon’. For Windows 10 users fire up Cortana’s ‘Ask Me Anything’ Box and type ‘resmon’. Now hit Enter and click on resmon.exe in the resulting search list.

For monitoring slowdown issues take a look at the Memory tab. This tracks usage and shows you how much memory a program or service is consuming. Also check the CPU and Disk tabs and see what particular program or service is causing your PC to slow down the most. Look particularly at the programs you’ve recently installed or uninstalled and see if any of those are using the bulk of your PC’s available resources.

All the memory hogging and performance sapping programs, services and modules can make your Windows computer less stable so its also a very good idea to check the Windows Reliability monitor too. For Windows 7 and Windows 10 users search for ‘Reliability History’ and select ‘View Reliability History’ from the resulting list.

Take a look at the blue trend line which may be flat or downward sloping. A sudden sharp drop is certainly worth checking out. If multiple programs are shown to be unstable perhaps something you recently installed or uninstalled is the culprit.

Click on the columns representing dates to see a list of the ‘activity’ for that particular day. This will show you what was successfully installed or run and what was unsuccessful. You may be able to fix the instability problem if ‘Check for a solution’ appears under the Action column at the foot of the screen.

Use these two tools to keep your Windows PC in good shape and to nip problems in the bud before they start to get out of hand!

How to change Windows 10’s default web browser

When you upgrade to Windows 10 from another version of Windows the ‘express installation’ option sets your default web browser to Microsoft’s Edge, even if you chose to use Chrome, Firefox, Opera, or another web browser, in Windows 7 or 8.

And Microsoft’s Edge has a nasty habit of resetting itself as the default browser if you update Windows 10 or even try to install another browser.

Fortunately, Windows 10 doesn’t uninstall your previous browser of choice, so it’s easy to change the operating system’s default web browser back again to your browser of choice – if you know where to find the settings to change this.

First, open the Start menu and select Settings, then click on the System option.

In the options that appear, select Default apps in the left-hand pane, then scroll down and click on Web browser, which likely has Microsoft’s Edge icon showing if you just upgraded from a previous version of Windows.

A list of browsers installed on your system will pop up. Select the browser you’d like Windows 10 to use by default. If you don’t see your browser of choice then it is not installed on your PC, so you will have to download it and walk through this very simple process again.

Once you’ve selected your preferred browser just return back to the main Settings page and your choice will be automatically saved.

From now on, all web links will open in Chrome, Firefox, Opera, or whatever alternative browser you want to use.

How to remove Cortana from Windows 10

If you have Windows 10 Professional or Enterprise you will be able to shut down Cortana by simply typing gpedit.msc in the search box to open the Group Policy Editor. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Search. Double-click on the policy named Allow Cortana.

When the policy window appears just click Disable. That’s all you need to do shut down Cortana.

However, if you are using Windows 10 Home, you will need to edit the Windows Registry. Do not tackle this step unless you have experience editing the Registry. Additionally, you should set a restore point now in case things go sideways.

So if you are confident about working in the Registry Type Regedit into the search box in and open the Registry Editor. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search. That final key (Windows Search) may not be present in the Registry. If it is not present, right-click the Windows directory and select New > Key. Name it Windows Search.

Now select that new key. In the right-hand pane, right-click and select new DWORD and name it AllowCortana. Then right-click that value and make sure it’s set to 0, which means “off”.

Now sign out and back in again or restart your PC and you should notice that Cortana has been replaced with a generic search box.

How to turn off forced restarts when Windows 10 Updates

windows10-desktopIn the past you may have been used to setting up Windows Updates so that they wouldn’t install automatically. Even though Windows 10 handles post-update reboots pretty well, you may still like to have some control over these updates from the outset.

There is a simple workaround for users running Windows 10 Professional. From the Start Menu, search for ‘Group Policy‘.

From the search result pick ‘Edit Group Policy/Control Panel‘ from the top of the list.

Expand Computer Configuration in the left-hand pane and navigate to Administrative Templates\Windows Components\Windows Update. Double-click Configure Automatic Updates in the list, select the Enabled radio button, and in the left-hand box select 2 – Notify for download and notify for install. Now click OK, and you’ll be notified whenever there are updates – unfortunately, they will be a daily irritation if you’re using Windows Defender.

The Group Policy Editor isn’t available on Windows 10 Home, but you can at least open Windows Update, click Advanced options and select Notify to schedule restart from the ‘Choose how updates are installed’ list. While you’re here, all Windows 10 users might want to click Choose how updates are delivered and ensure that Updates from more than one place is either off or set to PCs on my local network.