Windows Stability Center – Removal Instructions

April 2nd, 2011

Windows Stability Center is the latest in a long line of rogue anti-spyware program that tricks the PC user into thinking that their machine is loaded with malware and convinces them to buy the full version of the fake program in order to remove supposed system threats.

Windows Stability Center has become widespread thanks to the recent spate of hack attacks on websites called the "LisaMoon" attack.

If installed Windows Stability Center is installed will it start automatically when you login to Windows and it will run a fake scan your computer and claim to have discovered a number of security and system problems that require immediately attention.

Manual removal of this malware can be tricky and it is recommended that you use an antivirus tool. However, if you want to attempt to remove this manually, here's how:

First, find and kill he following process:

  • [random].exe (where random is a random filename)

Next remove the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell “%AppData%\[random].exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ’svchost.exe’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ‘1′

IE 9 Where did the Search Box go?

March 31st, 2011

Hi, Kathie here.

Well if you've installed IE9 you may have noticed that your search box has gone. This is because in IE9 the search box has gone! :) Instead you will see a rather small search icon in the address bar.

If, like me, you had searching from the address bar disabled in IE8, this will all seem rather confusing however because no such little search icon appears when you upgrade to IE9.

In this circumstance re-enabling search from the address bar is not straight forward either as that option has also moved. (It used to be under Tools | Internet Options | Advanced.) In IE9 however it has moved to Tools | Internet Options | General | Search. Check the "Search in the address bar" box.

Hey presto you can now search again!

- Kathie :) (Hey, what am I? The PC Nurse???)

Chrome extensions, task manager

March 31st, 2011

Hi, Kathie here.

I installed Tea and Kittens extension for Chrome a little while ago (which blocks The Daily Mail's website). Very funny and cute - every time you follow a link to go to that newspaper instead it shows you a random picture of a cup of tea and a cute kitten pic. That was great except my tea consumption went up threefold. And sometimes I do actually need to read the news on that website, so how to go about uninstalling the extension? I looked in the options for Chrome but couldn't find it anywhere. Here's how:

In the address bar type the following:

chrome://extensions/

You can then disable and uninstall it from there.

(If you want to be certain it's not running type in
about:memory
and you can see the memory allocation.)

Chrome is handy in that you can see a very useful task manager by right clicking in the blank bit above the address bar and choosing task manager. This can be usuful if you have a tab that is misbehaving as you can end the process on that tab.

- Kathie :) (Hey, what am I? The PC Nurse???)

Play.com confirms customer data leakage

March 22nd, 2011

Got this email from Play.com last night:

Dear Customer,

Email Security Message
 
We are emailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have been compromised.
 
We take privacy and security very seriously and ensure all sensitive customer data is protected.  Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved. 
 
Please be assured we have taken every step to ensure this doesn’t happen again and accept our apologies for any inconvenience this may have caused some of you.
 
Customer Advice

 
Please do be vigilant with your email and personal information when using the internet. At Play.com we will never ask you for information such as passwords, bank account details or credit card numbers. If you receive anything suspicious in your email, please do not click on any links and forward the email on to
privacy@play.com for us to investigate.
 
Thank you for continuing to shop at Play.com and we look forward to serving you in the future.
 
Play.com Customer Service Team

Now today, I get this:

Dear Customer,

As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps. 

We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses.  Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue . 

Best regards,

John

John Perkins
CEO
Play.com

Kudos for the openness!

Broadband Speed: The truth will be equal to the lie

March 2nd, 2011

When broadband companies advertise just how fast their broadband is you are likely to discover a range of superlatives from: speedy, superfast to lightning and lightspeed. But in the small print you will find that those words are just advertising fluff - they mean nothing other than to get you to choose their company. The speed you actually get is based upon so many factors - some of which are legitimately beyond the control of the ISP. Nevertheless consumers are duped into buying because they believe they will get the speed that is advertised.

Ofcom is currently addressing the problem and it looks like their solution will be to require advertisements to be based upon Typical Speeds Range or TSR which will give consumers a clearer idea of what speeds they can expect. They have also suggested that the TSR must have equal prominence to any maximum speed that is achievable by a 'material' number of customers.

So will we be seeing ads like this?

TSR Equal prominence

Read more about the speeds and changes to the procedure for fining companies who breach the rules.

Good news for consumers. Let's hope!

- Kathie :) (Hey, what am I? The PC Nurse???)