All posts by admin

Collecting a HijackThis Report

One of the quick ways of detecting many types of spyware/virus infections is using a diagnostic tool called HijackThis.  Here are the steps for collecting a HijackThis report and sending it in to us.

  1. Download a copy of Hijack This.  We recommend simply downloading the executable, as it does not need to be installed on your system.   Link for the HijackThis download
  2. Run the program.
  3. A dialog box should appear, showing you a number of options.  Select the first option, labeled ‘Do a system scan and save a logfile’

    Collect a report
    Collect a report
  4. HijackThis will run a report and generate a text file with the report results.  This should automatically be displayed in Notepad on your screen.   On the menu bar for the report in Notepad, choose Edit and then Select All — this will highlight all of the report.  Then choose Edit and Copy to copy the text.

    Select All the text, then Copy
    Select All the text, then Copy
  5. Go to our Contact Page and in the message section, right click and select Paste to paste the report.  Fill in your name, email address, and subject (HijackThis Report), and then finally hit the ‘Send Message’ button.

    Paste the report, send the message
  6. Close out the report and the HijackThis program.

    Close out the program
    Close out the program

That’s all there is to it.

We’ll analyze the report and let you know if your system appears to be infected.

Let Me Count the Ways…

There are an increasing number of ways you can get malware (spyware, virus, etc) on your system. Here is a basic summary of the types:

  • Running a program from removable media: This was the original method. You start a program that has the infection code embedded in it. In the early days, this usually involved viruses on diskette and they would let you know very quickly that you had let them loose on your computer, usually deleting or corrupting files. These attacks can still occur with CD/DVD or USB drives, but are fairly uncommon.
  • Booting with infected media: You start your computer with a diskette or CD/DVD that has infected code on it. The automatically attempts to boot or run off the media, thus launching the virus.
  • Opening an email: Many early viruses took advantage of programming defects in common email programs like Outlook and would be able to activate themselves when you simply opened the infected email. They would usually then access your address book and automatically propagate themselves and sending copies to all your contacts. This is a fairly uncommon method of transmission now, as most email programs have been fairly well patch, and many people are relying more on online email systems like gmail.
  • Clicking on pop up windows: Many early forms of spyware gained entry into your computer via your web browser, usually using security holes in Internet Explorer. You would visit some web page that showed some kind of pop up that enticed you into clicking on it. Once clicked on, the script would gain access to your system and download its payload.
  • Opening an email attachment: More modern viruses rely less on programming defects and instead use social engineering to deceive you into activating some kind of email attachment, usually containing an executable program, possibly embedded in a .zip file (archive).
  • Viewing an infected file:  Some very sophisticated attacks have virus code embedded in files such as graphic images or even PDF files.  Most of these types of infection can be prevented by keeping your system software up-to-date with the latest patches.
  • Clicking on an link: Usually coming in an email, the user clicks on a click that launches a virus from a web site. It can also happen via a web site link.
  • Accessing an infected web site: The latest wave of malware involves very sophisticated attacks. It starts by infecting susceptible websites with a virus delivery sytem. Once you simply visit that infected web site, even without clicking on anything, the virus will be instantly launched, attacking your web browser to gain access to your system via programming defects or lax security. This type of infection is one of the most difficult to prevent, but is generally not that common (as it requires a website to remain infected).

Most good antivirus programs can prevent most of these attacks, as long as the software is kept up-to-date with the latest program updates. And most quality email providers automatically scan your email to check for most types of virus.

Think you might have been infected? Read our article on Spyware/Virus Detection, or simply Contact Us to arrange a full system scan.

Malware Attacks Becoming More Deceptive: XP Antivirus

One of the more insidious malware attacks in recent months as been an attack that disguises itself as an antivirus program. It appears on your system as ‘XP Antivirus’, which is not a real product. It then usually flashes up a fake virus detection notice such as this:

And then tries to get you to purchase the software or updates, thus providing your credit card details to some rogue organization. In addition, the virus usually embeds itself deeply into your system software, making it difficult to remove. It may also monitor keystrokes and steal other personal data.

If you start encountering antivirus warnings from a program you are not familar with, you should have your system checked immediately.

You can also do a cursory check of your system following the steps outlined in our Support article:  Spyware/Virus Detection.

Web Hosting

Web hosting is analogous to leasing a building for your business. A web hosting service is the place that houses your web site, all of the web pages and data, and serves it up to your visitors. The domain name is a basically your address and phone number rolled into one. You can switch to different web hosting companies while still retaining the same domain name, and most of the time, your web visitors will never notice who your web hosting service even is. However, a poor web hosting service is like a bad office building — if the roof leaks, or the web servers can’t handle the traffic loads, it reflects poorly on you.

Selecting a Web Hosting Company

When selecting a web hosting company, its important to know what some of your web site requirements will be. You’ll need a basic understanding of the architecture of your web site design along with a rough estimate on the storage space required.

You’ll usually be faced with an array of packages, generally based on the amount of traffic and data you’ll be hosting. Some of the key terms:

  • Server Type – The first choice is usually between a Windows/IIS or Linux/Apache based host server. The decision is driven largely on whether you need ASP.NET or PHP support. Most web designs now use Linux/Apache configurations.
  • Disk Space – Look at the total storage needed for your web site, and factor in future growth. If you have a lot of photos or movies, you can chew up disk space fast. Generally, 500MB of storage should be plenty to start with.
  • Databases – You’ll need to know what type of database products they offer, and how many databases you can create. MySQL is the most popular in the Linux
  • Bandwidth – Bandwidth is largely determined by the number of visitors and the size of data you are serving up. Sites with high traffic and/or big files like movies, will require more bandwidth. And most companies will also include the traffic going through your email accounts as part of this number. A number like 10GB per year is probably a safe start for smaller companies with low traffic or small files.
  • Email Accounts – If you plan to host a lot of email addresses, make sure it is part of the package. Most services offer at least 15 to 25 accounts.
  • Shared Host or Private Server – Shared hosting is usually fine for most small or medium web hosts. But a private server (frequently a virtual one) keeps your web resources isolated from rude web hosting neighbors.
  • Web Statistics Packages – If you want to know information about the traffic visiting your web site, like where it is coming from and what pages the frequent, then you’ll need a web stats package.

A good web hosting company will accommodate your growth, letting you start at one package and upgrade to a larger package as your web needs change. And there may be price breaks based on duration of service (discounts on one year versus month-to-month).

Costs

As of spring 2008, costs ranged from as cheap as $25 per year for a very tiny web site, to $60 per month for some of the higher end set ups. In general, a smaller company should expect to pay around $120 per year.

Background Checking

Kicking the tires on a web hosting company isn’t easy. We basically do a lot of research on new web hosting companies, looking at ratings and reading reviews from current and former customers. The key pieces for us:

  • How well does the technical support staff respond (both timely and with accurate, detailed information)?
  • How infrequently do customers complain of downtime?
  • What are the expected costs (especially hidden costs for things like add on services)?

Advanced Considerations

E-Commerce: If you’re planning on selling products via the Internet, then you’ll need to delve into the world of e-commerce. This includes topics like payment gateways, merchant accounts, SSL certificates and static IP addresses.

Some Recommendations

  • A Small Orange – Very low cost service, and generally quite good communications with the support staff.
  • BHI – Located in Eden Prairie, we’ve had experience with them for over 10 years now (and shockingly the same support people).
  • Siteground – Middle sized company, very few hiccups but technical support can sometimes be a little slow or somewhat generic.

TechApt can assist you in the full process, helping you select the right plan for your needs and setting up or migrating your web site — Contact Us today.

Domain Names

Your domain name is identity on the Internet. It’s your street address and phone number rolled into one.

Selecting A Domain Name

You’ll need to pick a clear and concise name that represents your organization. Try to keep it short, but avoid using mnemonics, punctuation or shorthand that will make it hard for visitors to remember your site name.

You’ll also need to decide on the type of domain extension: .com, .net. and .org are the most common, but newer extensions like .biz and .info and .us are becoming popular backups. In almost all cases, .com is still the preferred extension and by far the most common. Some organizations (generally a non-profit) will choose .org, and when the .com just isn’t available and you really want the name, .net has been a reasonable alternative.

Checking Availability

Once you’ve determined a name, you’ll need to check if it is available. Most domain registry services provide the tools to check on availability (and frequently offer suggestions on alternatives). And you can use a whois lookup service like InterNic. If the whois service doesn’t find any matches for your domain name, then you should be able to register it.

Registration and Fees

After you’ve found an available name, you can finally register it. This involves registering your organization as the owner and paying a fee. You’ll need to register with an ICANN approved domain registrar. Comparing the registrars can be quite confusing, as they all set their own prices and frequently offer many additional services. Be wary of low cost initial registrations as they may charge substantially higher prices on renewal and dig into the company reputation if you are unfamiliar with them.

Costs

A one year subscription for a .com domain runs $15-$30 annually. Most other extensions may run a little cheaper.

Expiration and Renewal

Make clear notes on the company you’ve registered your domain name with, and when the domain registration will expire. There are some companies that will attempt to scam you into a bogus renewal.

Once settled into a domain name, you might consider renewing the domain name for a multi-year contract to avoid the hassles of renewal and possible rising costs.

If your domain name does expire, you may need to fight to get it back again, so pay close attention to the renewal dates. Once your domain name has expired, it becomes up for grabs, and in most cases, will be captured by some firm purely for the purpose of reselling it or holding it ransom if you ever want it back (sometimes referred to as ‘cybersquatting’). Basically never allow your domain registration to expire unless you are absolutely sure you’ll never use it again.

Tieing It Together

The simple act of registering the domain doesn’t mean it will go anywhere. It’s like a phone number that has been disconnected: You can type it in, but it won’t connect you. Now if you’re just holding the domain for some future use, then that’s fine — you are basically parking it.

When your ready to have the domain setup to show a web site or provide email addresses, you’ll need to point that domain at a set of nameservers. A nameserver maps a domain name to a specific IP address where the hosting computer resides. Your web/email hosting service will provide you with a set of nameservers. Usually you can login into your domain registrar and update the nameserver entries yourself. Once you’ve mapped your domain name to a web host, it will take up to 2-3 days for all computers to recognize the new mapping (although the vast majority will recognize the mapping within a few hours).

Recommendations

While some web hosting services offer easy or cheap domain registrations, we generally recommend that you register your own domains. This ensures you have full ownership over the domain and control over the renewal process.

Some of the firms we can recommend…

Dotster – We’ve been using Dotster for over five years now. They are a decent middle-of-the-road registrar. They tend to send out a lot of reminders about renewals, usually months in advance.

At TechApt, we can handle the complete process of registering and updating your domain — just Contact Us.

Spyware/Virus Detection

Your computer is acting “strange”, seems to be running really slow, or you’re getting popups and/or messages about viruses?  Then it’s time to scan the system for possible malware (spyware/viruses, etc).

Professional software packages like Nortons or McAfee should usually do the trick in detecting infections, but you need to make sure the virus definitions are up-to-date.  Even so, it is possible for even the best software to miss some infections, especially if it is a new variant.

Online Scanners

The simplest way to quickly check for an infection is to use run a virus scan.  There are a couple of online scanners for checking your system.  These operate through your web browser:

Kaspersky Virus Scan – Kaspersky seems to do the best job at detecting most infections.   Requires Java, which most browsers already have installed.

Panda ActiveScan – Requires a special plug-in download the first time you use it.

Generally, you want the program to scan your entire disk.  Most infections will be located either in your Windows directory, reside in the cache for your web browser, or as an email attachment.  The full scan will take a while to complete — anywhere from 30 minutes to a couple of hours.

These online scanners will only detect infections, they will NOT fix the problems.   Make sure you save any report or write down the details from the report if any infections are found.

Collecting a Hijackthis Report

A faster method for checking for an active infection (something currently running on your system) is to use a tool called HijackThis.  While the tool can be used to fix some infectionss, you generally only want to use it to collect a report.

As of this writing, HijackThis was being offered by TrendMicro (TrendSecure).  Link to download page. In general, you can just download the executable and run that without having to actually install it.

Run the program and select the option to ‘Do a system scan and save a log file’.  It scans all your active programs and system configuration, then provides you with a text report (usually in Notepad).   Save that report.

You can take things one step further and analyze your log online.  Here is one site that will analyze the results. It usually flags obvious malware, but can also mark a lot of programs as unknown or even false positives.

No Tools Checkup

If you don’t have the time to run an online scan or the HijackThis software, you can still do an  examination.  This may require more effort on your part, but sometimes its the fastest way to make a quick check.

Bring up the Task Manager and look at the process list.  The easiest way to start up the Task Manager is to hold down the Ctrl-Alt-Delete keys.  Once the Windows Task Manager dialog appears, click on the ‘Processes’ tab and make sure the ‘Show processes from all users’ is checked.   This tool shows you all the currently running processes on your system.  Almost all of them have to do with the operating system and utilities running on your system.  You’ll need to examine each process by name.  Usually you can ignore these as part of the operating system:

  • dllhost.exe
  • explorer.exe
  • rundll32.exe
  • services.exe
  • lsass.exe
  • csrss.exe
  • svchost.exe
  • taskmgr.exe
  • iexplore.exe

Look up any unknown entries using Google or try this web site: ProcessLibrary.com

While this quick check may turn up some suspicious entries, do not use it as a way to claim your system is clean.  Some malware can actually hide under one of the legitmate process names (like lsass.exe).  A full system scan is still the best diagnostic.  And many types of malware actually generated randomly named files, making it impossible to search by name.

We provided comprehensive malware scanning and removal — Contact Us when you need help with diagnosis or removal.