New 'ransomware' virus poses threat to computers - report
AFXU


PARIS (AFX) - Software protection companies are warning that a vicious new form of cyber-attack known as 'ransomware' is threatening computers by encrypting documents and demanding money for them to be decrypted, the UK weekly New Scientist said in its next issue, dated Saturday.

Symantec, a manufacturer of anti-virus programs, said on its website that the attacking program is a 'Trojan horse' that enters the computer via holes in the victim's web browser, scans a hard drive and encrypts any text-based documents that it finds.

Unlike a virus, a Trojan horse does not replicate from machine to machine.

If it installs successfully, the new threat wipes out text files then displays a ransom note demanding 200 usd to supply decryption software that will restore the data back to its original, readable form.

So far, only one case of 'ransomware' has come to light, but this could be the start of a new and dangerous generation of malicious software, said New Scientist.

The algorithm used to scramble the data in that case was not very sophisticated and the encrypted documents were easily decoded by a computer consultant, the magazine said.

'The danger now is that the virus writers might turn to using strong military-grade encryption systems,' leaving the victim with little option but to pay up to decrypt his files, New Scientist warned.

The new program goes under the name of pgpcoder, apparently to besmirch the name of Pretty Good Privacy (PGP), a legal, popular and highly secure encryption product.

The ransomware case was spotted by the Californian web-filtering company Websense, which has notified the US Federal Bureau of Investigation (FBI), New Scientist said.

As with extortion everywhere, the weakness of ransomware is the line of contact. The demand includes a contact email address and an electronic bank account, both of which can be traced.

I have received a panic email from a friend in Cyprus for assistance with her laptop. Looked in MS kb but no help. Her report is:-

I can only boot my laptop by pressing F1. The message it gives me is: "CMOS checksum bad. Default configuration used. Press F1 to boot." Bob, whatever does all this mean? When I press F1 the machine comes alive but the date is always changed to 31st December 1999. Then another message comes up saying date and time invalid, please adjust. I have to do this every day before I can begin. Is there or is there not anything I can do about it?

The lady has windows XP home, I assume with service pack 2.The machine is about 2 years old. Any assistance wud be greatly appreciated

Thanks in anticipation

Bob, it is likely just to be the mercury battery in the laptop that needs replacing (the button battery, not the main battery). It is normally accessible easily from the bottom by opening up one of the windows, but she can check the instruction manual. After replacing the battery she will need to check the configuration details and set the time.

Kayak

Thanks very much, will onpass and let you know results.

CMOS checksum bad Default configuration used Press F1 to boot

The battery could be bad, inserted backwards or is simply not connecting for some reason. It is needed to keep the clock running when power is removed from the machine.

See here for some more clues

Thanks Doc

I shud have realised because I had the same problem on date and time with a PC in 1996.

All
I have lost the sound on my pc. Have checked all the usual suspects,cables,conections audio devices etc. Have restarted pc a number of times but still no sound. Anybody give any advice as to what the problem might be.

Try uninstalling the sound card in device manager then rescan for new hardware. That should re-initialise the sound card.

Before you do that, check the manufacturers site for the latest drivers.

Thanks Opti will do that, already checked for latest drivers.

Bit simplistic, but you haven't switched the volume to 'mute' by any chance? :-)
Mine (XP) remembers that setting when the pc is switched off.

Sound card may have come loose - unless it's integrated on the motherboard.

It is my birthday today, next year I will be 70 on 060606.

Can anyone help with this problem.

I had trouble Saturday trying to watch a film in Telegraph of Saturdays edition.
It started to cause problems with my PC.
So I used restore to an earlier date.
When my PC restarted all I got was the windows wallpaper.
I cannot right click cannot use the windows key on the desktop to bring windows up.
I can use control/alt/delete buttons which brings up Windows Task Manager.
Can anyone help.
PS I have a spare computer back up which I am using now.

AB

The first thing to rule out is a virus/trojan attack.

Start the computer in safe mode and run Spybot S&D, Adaware and an AV scan. If you have no taskbar, the easiest way is to run explorer from task manager and navigate to the programs (running explorer is also one way to bring back the task bar but I don't think that will work in this case).

Virus Problem in my Recycler folder:

I use Fix-It utilities and have a report that virus VBS-Helpxsite is in file C:\Recycler\S-1-5-18\DC74098.HTM
I suspect this is a deleted temporary file from my Temp internet files and it's got there when I emptied the temp cache. I cannot auto or manual delete this little bugger as it's hidden. When I go into My Computer and then the hidden Recycler folder s-1-5-18, these files are still hidden even though I have ticked the box that says show hidden folders and files.
1. How can I empty the Recycler of hidden files? (I've tried switching off the System restore, re-booting and then switching on System restore points but this hasn't helped. There are still 3.9 Gb of hidden files in there.
2. Can I delete the hidden folder Recycler\s-1-5-18 altogether?
3. What is this feature for?
Thanks in advance guys

7thFloor

Open the Recycle Bin and click 'Empty Recycle Bin'.

If nothing is in the recycle bin then it could be that you have multiple users on the computer. Each user has to empty their own bin.

Optimist

Not that simple I'm afraid. The recycle bin is 'apparently' empty. The files I mentioned are all hidden. Single user also.

If I go to C:\Recycler I have 3 hidden 'bins' (or folders I suppose). 2 have 85 bytes in them (they are called s-1-5-21 xxxxxx & s-1-5-21 xxdifferent numbersxxxx.) My 3rd one is s-1-5-18, has 3.19 Gbits worth of 229,000 files, all of which are hidden and are, I suspect, deleted temporary files from my internet cache.

I get a little red cross in the corner of certain screens I try to look at.

For example I want to see live scores at this site

http://www.stellaartoistennis.com/default.asp

but when I hit the live scores link I get a blank screen with that dreaded red cross.

I have switched off my pop up blocker but am at a loss for any other ideas to resolve it.

I would really appreciate any help.

Regards.

7thFloor

The three 'bins' are seperate recylers for each user on your computer. So long as you have administrator rights, you should be able to view and delete the files but you will have to set explorer to view/delete hidden and system files.

If there are 229,000 hidden files, they are almost certain to be old files deleted after a system update. Windows doesn't normally put these into the recycle bin. Be very carefull before you delete them.

Harlosh

I'm only guessing, but does the site require Java or some other plugin?

Optimist,

I don't know but I did have a problem with Money AM when I changed my PC a few months back because I didn't have Java. I remember I downloaded it and everything was OK.
Just looked through my programs now and can't see Java listed. Now where's that gone?