Category: Windows 8

The Danger of Rootkits

A rootkit is a collection of program tools that enable user-level access to a computer or a computer network. Typically, a hacker installs a rootkit on your computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking your password. Once the rootkit is installed, it allows the attacker to mask its intrusion and gain root or privileged access to your Windows PC.

A rootkit may consist of spyware and other malicious programs that monitor traffic and keystrokes, create a “backdoor” into the system for the hacker to use, attack other machines on a network and alter existing system tools to escape detection.

Rootkits often try to enter your PC by executing a phishing attack, where a hacker tries to trick you into running an executable file (.exe) in an email attachment, or via a hyperlink distributed via email or instant messaging. Once they are in place, rootkits are not too easy to find or get rid of.

The rootkit threat is not as widespread as viruses, malware and spyware. But removing rootkits is largely a reactive process. You will only notice changes to your computer after you are infected by a rootkit.

Is There Really a Rootkit Problem?

To determine if there is truly a rootkit operating behind the scenes, use a system process analyser such as ‘Sysinternals ProcessExplorer‘ or, better yet, a network analyser. By using these tools, you will probably be surprised to find what programs are doing and what is going in and out of your PC’s network adapter. You may also discover that you simply have an over-worked PC running with too little memory or a severely fragmented hard drive.

However, if your computer is normally super-fast with no lack of memory or hard drive issues, but still slows down and even starts to behave badly, then a rootkit attack could be the cause. But equally these symptoms could be the result of a virus or a spyware attack.

It is one thing to find a rootkit, but quite another to remove it and any spyware it is probably hiding. In fact, it may or may not be possible. In many cases you will never really know if you are infected since a rootkit can often interfere with your scanning and removal programs.

Before you even try to remove a rootkit make sure you take a backup all your important data files.

Rootkit Detection and Removal Using Software

Sysinternals, F-Secure and Kaspersky all offer standalone rootkit detection tools, Sysinternals RootkitRevealer  (is only for Windows XP (32-bit) and Windows Server 2003 (32-bit),  F-Secure Blacklight and Kaspersky TDSSKiller.

Even Microsoft has implemented rootkit detection features in its own malicious software removal tool.

Tip – For an extensive list of rootkit detection tools see ’16 Free Rootkit, Trojan Horse, Virus and Spyware Removers for Windows 10′ – www.geckoandfly.com/4696/the-best-rootkit-virus-detector-detection-and-remover-scanner.

Removing a rootkit with cleaning tools may actually leave Windows in an unstable or inoperable state depending on which files were infected and subsequently cleaned. Or, worse, a well-coded rootkit could conceivably detect the removal process and self-destruct taking your data out with it!

If these cleaning tools do not find anything, or they do find a rootkit but cannot delete it, then you could keep trying other tools, but there does come a point time when you have to evaluate if the effort is worthwhile. Perhaps you should just wipe your Hard Drive and re-install your Windows Operating system.

Some Defences Against Rootkits

To truly protect your computer, make sure you always read the current user instructions for your scanning tools to see what special steps you need to take before, during and after the clean-up process.

Then, after you’ve found and cleaned a rootkit, re scan your system to double-check that it was fully cleaned and the rootkit has not returned.

To help stay protected from rootkits you should regularly update all your software. This includes programs like your antivirus programme and any spyware or malware programmes you make use of.

Also keep all of your Microsoft software up-to-date by turning on Windows Automatic Updates (for Windows 10 – Settings – Update & Security/ Windows Update). Your computer will automatically download Microsoft security updates when your computer is online.

How to deal with Ransomware Like Petya or WannaCry

The short answer is to do a combination of things such as perform a reliable backup, make sure your PC is protected and use automated removal tools if the worst happens. These things can be a solid defence against the growing menace of Ransomware.

Ransomware does not sneak into your PC like ordinary malware does. It suddenly appears and demands cash, otherwise it may encrypt all the files on your Windows PC.

A form of Ransomware similar to Petya has attacked the Ukraine and other sites around the globe, encrypting files until a ransom has been paid. Researchers, though, have moved quickly to block the spread of the Ransomware, also known as Petrwrap, exPetr, Petna, and SortaPetya.

There is no real way to remove Petya Ransomware, but researchers have come up with a few ways to immunise your Windows PC and malware companies are working hard to block it completely.

We will just have to wait a while until these ‘solutions to the threats’ are applied to defeat the current crop of Ransomware.

Petya is the second major Ransomware outbreak in the last two months, following WannaCry, which appeared to leverage software the National Security Agency developed, and was then turned into malware. It struck the U.K. National Health Service and several other banks and organisations.

Ransomware Hits You Where It Hurts – So Prepare Well Against Possible Attacks

A few common-sense habits can help limit your exposure to malware and Ransomware.

Keep your computer up to date via Windows Update. WannaCry doesn’t even try to attack Windows 10, choosing instead Windows XP and other older Windows operating systems.

Ensure you have an active firewall and anti-malware solution in place. Windows Firewall and Windows Defender are barely adequate, so a good third-party anti-malware solution is far better. WannaCry patches are already available, even for Windows 8 and Windows XP.

Ensure that Adobe Flash is turned off, or surf with a browser like Google Chrome, that turns it off by default.

Turn off Microsoft Office macros, if they are happen to be enabled (In Office 2016, you can ensure they are off from Options – Trust Center – Trust Center Settings – Macro Settings).

Never open questionable links, either on a webpage or especially in an email. The most common way you will encounter Ransomware is by clicking on a bad link. Likewise, stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you are not careful, but the risks greatly increase if you end up surfing where you should not.

For dedicated anti-malware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting Ransomware. RansomFree has also developed what it calls anti-ransomware protection. Typically, however, anti-malware programs reserve anti-ransomware for their paid commercial suites.

You can download free anti-ransomware protection like Bitdefender’s Anti-Ransomware Tool, but you will only be protected from four common variants of ransomware. Kaspersky also claims that it can block Petya or Petrwrap by simply rolling back changes via its System Watcher component.

Backing Up Your PC Could Be a Good Strategy

Ransomware encrypts and locks up the files that are most precious to you so there’s no reason to leave them vulnerable. Backing them up is a good and solid strategy.

Take advantage of the free storage provided by OneDrive, Google Drive and others, and back up your data frequently. (But beware, your cloud service may back up infected files if you don’t act quickly enough.)

Better yet, invest in an external hard drive, such as the WD 1TB Elements Portable External Hard Drive, to save some less-frequently accessed “cold storage.” Perform an incremental backup every so often, then detach the drive to isolate that copy of your data.

If You are Infected

How do you know you have Ransomware? You will just know. Ransomware tends to be obvious, the imagery associated with most Ransomware is designed to invoke stress and fear in its victims.

Don’t panic. Your first move should be to contact the authorities, including the police and the UK’s National Fraud and Cyber Crime Reporting Centre. Then ascertain the scope of the problem, by going through your directories and determining which of your user files is infected. (If you do find your documents now have odd extension names, try changing them back – some Ransomware uses “fake” encryption, merely changing the file names without actually encrypting them.)

Identification and Removal

If you have a paid anti-malware solution, scan your hard drive and try contacting your vendor’s tech support and help forums. Another excellent resource is NoMoreRansom.com’s Crypto-Sheriff, a collection of resources and Ransomware uninstallers from Intel, Interpol, and Kaspersky Lab that can help you identify and begin eradicating the Ransomware from your system with free removal tools.

If all Else Fails

If you have good copies of your data saved elsewhere, online and on an external hard drive, all you may need to do is reset your PC, reinstall all your applications and restore your data from the backups.

How to change Windows 10’s default web browser

When you upgrade to Windows 10 from another version of Windows the ‘express installation’ option sets your default web browser to Microsoft’s Edge, even if you chose to use Chrome, Firefox, Opera, or another web browser, in Windows 7 or 8.

And Microsoft’s Edge has a nasty habit of resetting itself as the default browser if you update Windows 10 or even try to install another browser.

Fortunately, Windows 10 doesn’t uninstall your previous browser of choice, so it’s easy to change the operating system’s default web browser back again to your browser of choice – if you know where to find the settings to change this.

First, open the Start menu and select Settings, then click on the System option.

In the options that appear, select Default apps in the left-hand pane, then scroll down and click on Web browser, which likely has Microsoft’s Edge icon showing if you just upgraded from a previous version of Windows.

A list of browsers installed on your system will pop up. Select the browser you’d like Windows 10 to use by default. If you don’t see your browser of choice then it is not installed on your PC, so you will have to download it and walk through this very simple process again.

Once you’ve selected your preferred browser just return back to the main Settings page and your choice will be automatically saved.

From now on, all web links will open in Chrome, Firefox, Opera, or whatever alternative browser you want to use.

Backup and storage in Windows 8

windows 8.1Fewer than 5% of Windows users use the Windows Backup feature, so for Windows 8 Microsoft has replaced it with File History.

If you upgrade from Windows 7, you will still have Windows Backup installed and if you have it configured it will still carry on running. If not, you can find it under Windows 7 File Recovery in Control Panel but it’s probably better just to turn on File History.

File History insists on using an external or network drive and it doesn’t do full system backups. Instead it takes hourly copies of files in libraries or on the desktop, as well as contacts and favourites.

You can still use System Restore, or create an image that adds your installed applications to the built-in recovery tools so you get them back when you refresh Windows with the new troubleshooting tools. You can also choose to exclude files, change how often File History takes a snapshot or how long it keeps copies for, or you can just turn it on and leave it running.

Restoring an old file is nice and simple; go to the folder where it ought to be, select the file if it’s still there, or the folder if it’s gone completely, click the History button on the ribbon and browse back through files day by day, hour by hour or pick a file and see the different versions of it in Explorer.

Upgrading to Windows 8 will cost £24.99 in the UK

windows 8.1Microsoft is set to charge UK consumers £24.99 to upgrade to the latest version of its Windows Operating System – Windows 8.

The company announced in July that users would be charged $39.99 to upgrade from any version of Windows to Windows 8 Pro.

Yesterday it revealed the UK pricing for a downloaded update will be almost identical, avoiding fears that the firm would ‘rip off’ British consumers, as it has done in the past.

Microsoft is providing a UK English version of Windows 8 Pro, as well as special versions that don’t include Windows Media Player, to comply with the 2004 European Commission ruling.

Microsoft’s download store is registered in Germany, which applies VAT at a rate of 19% – 1% lower than the current UK rate.

The move comes just days after Microsoft revealed it has updated its corporate logo for the first time in 25 years as it prepares for the Windows 8 launch.

Faster Booting with Win 8

windows8lockscreen140105Microsoft will require that new PCs bearing the Windows 8 logo use a new boot solution called Unified Extensible Firmware Interface (UEFI), which will significantly improve the boot process and experience. It replaces the archaic Basic Input Output System (BIOS) that we’ve used for decades.

You’ll see much faster boot times, on the order of 8 seconds from pressing the power button to being in Windows. This, along with less need for restarts, can help increase productivity in the office and save IT personnel time when applying upgrades or installing software.

Safeguards built into UEFI can also help save the IT department time and resources over the long term. Secure Boot prevents unauthorised operating systems from loading, and Early Launch Anti-Malware (ELAM) protects against boot loader attacks. UEFI will also allow remote diagnostics and repair of computers within the pre-OS environment. So instead of physically sending a technician to visit a PC experiencing boot issues, it might be possible to repair and restore the machine over the network.

Though most will enjoy the benefits of UEFI, there has been some controversy over the Secure Boot feature of UEFI that Microsoft is requiring PC makers to turn on by default. It’s not totally clear yet, but Secure Boot may have to be manually disabled for those who want to install or dual boot another OS such as Linux, adding an extra step to the process.