Stop autoloading programs in Windows 7 & 8

Windows 7 and earlier versions

Click Start, type msconfig, and press Enter. This brings up the System Configuration page. Click the Startup tab for a table listing your autoloaders. Now you can uncheck those you don’t want. But first, you have to figure out what each autoloader does. Usually the program’s name makes it obvious. But sometimes the names aren’t clear. If the name isn’t helpful, you can usually get an idea by examining the Manufacturer and Command columns in the table. These will tell you who published the software, and where the file is on your drive (usually the folder for a program you installed). If all else fails, use your favorite search engine to find more about the name. Remember that you can always experiment. Uncheck something and see if that makes things better or worse. The last column, Date Disabled, provides a record of what you’ve just unchecked.

Windows 8

In the old-fashioned Desktop environment, right-click the taskbar and select Task Manager. Once it’s up, click the Startup tab. This table doesn’t give as much information as the old Msconfig one, but it’s easier to read. And if you know where to look, the information is there. One particularly useful column is the last one: Startup impact. It tells you—in admittedly vague terms—how much that program slows boot time. This can help you decide what to remove. To disable an autoloader, right-click it and select Disable. And take a look at the other options on that context menu. Open file location shows you where the program is located on your hard drive—a good clue about who put it there. And if you really can’t figure it out, select Search online to see what the Internet says about this program. Unfortunately, this Startup tool lacks Date Disabled information. If you’re going to experiment with disabling various autoloaders, make a note about which ones you just disabled. That way, if something fails, you can fix it.

CryptoWall Ransomware

Overview In late February 2014, the Dell SecureWorks Counter Threat Unit(TM) (CTU) research team analyzed a family of file-encrypting ransomware being actively distributed on the Internet. Although this ransomware, now known as CryptoWall, became well-known in the first quarter of 2014, it has been distributed since at least early November 2013. CTU researchers consider CryptoWall to be the largest and most destructive ransomware threat on the Internet as of this publication, and they expect this threat to continue growing. Background After the emergence of the infamous CryptoLocker ransomware in September 2013, CTU researchers observed an increasing number of ransomware families that destroyed data in addition to demanding payment from victims. While similar threats have existed for years, this tactic did not become widespread until CryptoLocker's considerable success. Traditionally, ransomware disabled victims' access to their computers through non-destructive means until the victims paid for the computers' release. Early CryptoWall variants closely mimicked both the behavior and appearance of the genuine CryptoLocker (see Figure 1). The exact infection vector of these early infections is not known as of this publication, but anecdotal reports from victims suggest the malware arrived as an email attachment or drive-by download. Evidence collected by CTU researchers in the first several days of the February 2014 campaign showed at least several thousand global infections. Figure 1. Early CryptoWall variants (left) mimicked CryptoLocker (right). (Source: Dell SecureWorks) Figure 1. Early CryptoWall variants (left) mimicked CryptoLocker (right). (Source: Dell SecureWorks) As illustrated by a sample uploaded to the VirusTotal analysis service, CryptoWall has had multiple names. CTU researchers called early variants "CryptoClone" due to a lack of a unique name offered by the threat actors. In mid-March 2014, the authors revealed that the true name of this malware was CryptoDefense. In early May 2014, the malware's name was again changed to CryptoWall. While neither the malware nor infrastructure of CryptoWall is as sophisticated as that of CryptoLocker, the threat actors have demonstrated both longevity and proficiency in distribution. Similarities between CryptoWall samples and the Tobfy family of traditional ransomware suggest that the same threat actors may be responsible for both families, or that the threat actors behind both families are related. Infection CryptoWall has spread through various infection vectors since its inception, including browser exploit kits, drive-by downloads, and malicious email attachments. Since late March 2014, it has been primarily distributed through malicious attachments and download links sent through the Cutwail spam botnet. These Cutwail spam email attachments typically distribute the Upatre downloader, which retrieves CryptoWall samples hosted on compromised websites. Upatre was the primary method of distributing the Gameover Zeus banking trojan until Operation Tovar disrupted that ecosystem in May 2014. Upatre has also been used to distribute the Dyre banking trojan. In June 2014, the malicious emails began including links to legitimate cloud hosting providers such as Dropbox, Cubby, and MediaFire. The links point to ZIP archives that contain a CryptoWall executable. On June 5, 2014, an aggressive spam campaign launched by Cutwail led to the largest single-day infection rates observed by CTU researchers as of this publication. These emails used a common "missed fax" lure that included links to Dropbox. This spam campaign paused over the weekend but resumed in earnest on June 9-10 with emails purporting to be from financial institutions or government agencies, as shown in Figure 2.


CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files

The Counter Threat Unit (CTU) at Dell SecureWorks performed an extensive analysis of CryptoWall that involved gathering data from its command-and-control (C&C) servers, tracking its variants and distribution methods and counting payments made by victims so far. CryptoWall is “the largest and most destructive ransomware threat on the Internet” at the moment and will likely continue to grow, the CTU researchers said Wednesday in a blog post that details their findings. The threat has been spreading since at least November 2013, but until the first quarter of this year it remained mostly overshadowed by CryptoLocker, another ransomware program that infected over half a million systems from September 2013 through May. CryptoLocker asked victims for ransoms between $100 and $500 to recover their encrypted files and is estimated to have earned its creators around $3 million over 9 months of operation. The threat was shut down at the end of May following a multi-national law enforcement operation that had support from security vendors. CryptoWall filled the void left by CryproLocker on the ransomware landscape through aggressive distribution using a variety of tactics that included spam emails with malicious links or attachments, drive-by-download attacks from sites infected with exploit kits and through installations by other malware programs already running on compromised computers.
cryptowall mimicking cryptolocker Dell Secureworks
Early versions of CryptoWall (left) copied Cryptolocker (right) in both execution and design, Dell Secureworks reports.
The CryptoWall command-and-control servers assign a unique identifier to every infection and generate RSA public-private key pairs for each one. The public keys are sent to infected computers and are used by the malware to encrypt files with popular extensions—movies, images, documents, etc.—that are stored on local hard drives, as well as on mapped network shares, including those from cloud storage services like Dropbox and Google Drive. Files encrypted with an RSA public key can only be decrypted with its corresponding private key, which remains in the possession of the attackers and is only released after the ransom has been paid. The CTU researchers were able to count the unique computer identifiers from the CryptoWall servers and also obtained information about their IP (Internet Protocol) address, approximate time of infection, and payment status. “Between mid-March and August 24, 2014, nearly 625,000 systems were infected with CryptoWall,” the CTU researchers said. “In that same timeframe, CryptoWall encrypted more than 5.25 billion files.”
The largest number of infected systems were located in the United States—253,521 or 40.6 percent of the total. The next most affected countries were Vietnam with 66,590 infections, the U.K. with 40,258, Canada with 32,579 and India with 22,582. CryptoWall typically asks victims to pay the ransom in Bitcoin cryptocurrency, but earlier variants offered more payment options, including pre-paid cards like MoneyPak, Paysafecard, cashU, and Ukash. The ransom amount grows if a victim doesn’t pay the ransom within the initial allotted time, which is usually between four and seven days. The CTU researchers observed payments that ranged between $200 and $10,000 in value, the majority of them (64 percent) being of $500. “Of nearly 625,000 infections, 1,683 victims (0.27%) paid the ransom, for a total take of $1,101,900 over the course of six months,” the CTU researchers said. This suggests that while CryptoWall managed to infect 100,000 more computers than CryptoLocker, it was less effective at generating income for its creators. Researchers determined in the past that 1.3 percent of CryptoLocker victims paid the ransom for a total of over 3 million dollars. The difference in success rate might be explained through the technical barriers involved in obtaining Bitcoins, the CTU researchers said. In the case of CryptoLocker, 1.1 percent of victims paid the ransom through MoneyPak and only 0.21 percent used Bitcoin. The CTU analysis found similarities between CryptoWall samples and those of an older ransomware family called Tobfy. If the same attackers are behind both threats, it means that they have at least several years of experience in ransomware operations.

IT Support 24/7 with Managed Services

You’re on a deadline and a client is getting antsy, or you’re putting the finishing touches on a sales presentation. Suddenly, a vital piece of technology goes haywire. What do you do? Call the software maker? The hardware manufacturer? Do you try Google for an answer? Assistance Is Just a Phone Call Away Located in the Pompton Lakes. and staffed by knowledgeable and well-trained IT customer-care specialists, our IT Service Desk is ready and available to quickly address your needs. Whether it’s a device, a software issue, or a problem with your network, our team will stick with you until a solution is found. From the moment your call is answered, you’ll know you’ve got the right person on the line and that you’re our top priority. So go ahead. Put your frustrations on hold … and bring your technical problems to us! Let our service desk experts  handle your technology questions We’ve Got IT Covered Our Service Desk support includes:
  • PC and network troubleshooting
  • Handheld device configuration and troubleshooting
  • Popular applications for business
  • Administrative tasks
  • Software installations
  • Virus/spyware removal
  • File/folder restores
When you call our IT Service Desk, we don’t just ask you how we can help; we get right down to business with:   Live Support, 24/7 – Work late? Work early? Work weekends? It doesn’t matter. Anytime you run into a problem with your technical equipment, you can give our team a call.   More Experience for Swifter Issue Resolution  – Our Service Desk is staffed by seasoned technicians with a minimum of two-years’ experience resolving application, desktop and network-level issues. When you call, you can count on receiving reliable top-tier support.   Microsoft Office Expertise – All Service Desk technicians are certified Microsoft Office professionals and fully qualified to deliver expert support for Word, Excel, PowerPoint and Outlook.   Customer Recognition – Each time one of your users calls the Service Desk, our technician automatically sees your unique customer profile so we can move more quickly to correct your problems. We Know Apps Our Service Desk supports popular applications for: • Desktop Publishing • Graphics • Office Productivity Suites • Browsers • Email • Anti-Virus • Word Processing • Database • Domains • PC and Network • Desktop Operating Systems • Wireless Devices Everyone wants fast, expert answers when unexpected problems come up. We’re ready, able and eager to give you the technical assistance you need.