Tag Archives: PC

Your money or your data!

The scene unfolds like a cyber thriller. You fire up your PC and a message appears saying your files have been encrypted. Your screen looks like it’s from the FBI. Sometimes it identifies itself as malware. Sometimes it’s a plain-text message. When you click around in your PC (assuming you still can), you find that your photos and text files are indeed unavailable.

The screen also asks for money. To get the key to unencrypt your files, you must pay, usually in some form of untraceable currency, such as bitcoin. In most cases, there’s a firm deadline when payment must be made. If you miss it, the fees shoot up. At some point, your files are permanently encrypted.

Welcome to the world of ransomware.

While this form of malware can slip into devices in any number of ways, phishing is probably the most common vehicle. Basically, bad guys send innocent-looking emails that ask recipients to click on a link or download an attachment. (Phishing is also used to ask for money directly. A tiny piece of software infects the machine and goes about encrypting files before demanding cash. Sometimes the message pops up automatically. Sometimes there’s a time delay or a switch that lets hackers turn it on when it’s convenient to them.

And sometimes attacks are big and bold. Two assaults on major hospitals in the US, for instance, used multipronged ransomware infiltration to shutdown key networks and records. But experts largely agree that most attacks are on individuals. Mass emailing allows criminals to take advantage of long-tail effects and the fact that many people would rather just pay a few hundred (or thousand) dollars to have their data – which many consider their life – returned to them rather than fight back through various law enforcement channels.

Data hostage taking is on the rise

Given the efficacy of ransomware, the number of attacks is set to grow. In its annual Threat Landscape report, published in January 2016, the European Union Agency for Network and Information Security (ENISA) characterizes 2015 as “the year of ransomware”. According to the study, the number of reported incidences nearly doubled in 2015 compared to 2014, with aggressive phishing campaigns a hallmark of many attacks. Targets tended to be in North America and Western Europe, as residents are perceived to have the money to pay.

ENISA also notes that 2015 was a year of innovation in ransomware development and deployment. The number of new ransomware types quadrupled in the first half of the year alone. Criminals have set up service centers, allowing the non-technical to buy crimeware-as-a-service, further expanding the reach of ransomware. And stealthier delivery methods are still being developed.

Do I know you? Did I ask for this?

Phishing is still the most common delivery method. Which is convenient, in a way, as there are some practical steps you can take to avoid getting scammed. Probably the most important is to maintain an online “stranger danger” mindset. If an email looks even the slightest bit suspicious, don’t open it. If it’s from someone you don’t know, don’t open it. If it says you’ve won the lottery, are being watched by some security agency, asks about an order (you did not make), or promises rewards in some other way, don’t open it. (Similar phishing attacks also appear on Facebook.)

For emails you’ve opened, if they include links or attachments you weren’t expecting or didn’t ask for, don’t click or download. If you feel that you must do either, reply to the sender (if you know them), and ask if they did indeed send you something. If you do not know the sender – delete the email.

And of course, you should build a fortress around your device. This is where AVG can help. We provide antivirus, link scanners, attachment and download checkers, enhanced firewalls, spam blockers, and file encryption to help keep your photos, videos, files, contacts, and devices safer. If you haven’t done so already, give us a try on your PC or Android phone.

PC Malware that silently installs apps on your Android device

The AVG VirusLab was recently exploring the Chinese Android App market and encountered PC based Malware with an interesting side-effect – it was silently (without any notifications to the user) installing apps to Android devices directly connected to the PC.

With a competitive landscape of over 1.9 Million Android apps in the Google Play store alone, and more in other global marketplaces, it’s not hard to see why such tactics are appealing to developers.  Advertising a new app has become increasingly difficult, and costly.

Pre-installation of apps, for example, is one of the most successful ways that developers can get attention and market share, yet it is prohibitively expensive and replies on partnerships with a limited number of handset vendors.

China’s underground black market however appears to be providing a cheaper pre-installation alternative for developers to spread their new apps – through special “alliance” operations such as ones we identified called “cyber café alliance” and “fast step union”.

These alliances offer access to a combination of groups such as hackers, distributors, cyber cafes, phishing websites, servers, etc. They are organized and operated systematically and focus on providing a sales and distribution service.

What we captured and described below, is typical of such “promoting” Trojans – malware designed to assist in the promotion or distribution of software or apps using questionable methods.

This particular malware starts by being downloaded to the computer, but its main purpose has little to do with the PC itself.  Using some clever techniques, it will even “help” you install mobile device drivers if you haven’t already.

From then on, once installed on your PC, whenever you connect your mobile device to your computer it will download an “App promotion list” and install those apps silently to your device.

Download the device’s driver from the server:

 

The server’s response:

{ “platform”:”android”, “service”:”winusb”, “args”:””, “dl”:”http://222.186.60.89:1001/driver/Android/Google/Google64.zip”, “md5″:””, “size”:”” }

Download Adb and other components:

Download the App list:

Below is an example list:

{ "list" : [{
    "dl" : "http://222.186.60.128:1501/522/TTAPKYH_ZX_AG_595_20150826_2.0.0.2.a",
    "pn" : "org.funcity.runrunner.yh.zx",
    "md5" : "9441ce1595fa1d9a4577263d2c30307a"
},

{
    "dl" : "http://222.186.60.128:1501/522/MHLS_AG_906_20151109_1.0.0.1.a",
    "pn" : "com.ltestany.catmouse",
    "md5" : "21b4ba7356f93c4e206455c42a2fc275"
},

{
    "dl" : "http://222.186.60.128:1501/512/BDMSN_ch_white308.a",
    "pn" : "com.tunimei.p8.bai.bdmsn42",
    "md5" : "f732fa12b1754caaf70822fb3dc81dfb"
},

{
    "dl" : "http://222.186.60.128:1501/522/BYDR3JJB_AG_375_20150907_1.0.0.9.a",
    "pn" : "com.you2game.fish.qy.zx1",
   "md5" : "73411890e59a099606122e39fe01c0dc"
},

{
    "dl" : "http://222.186.60.128:1501/512/qqbrowser_6.1.2.1715_22411.a",
    "pn" : "com.tencent.mtt",
    "md5" : "0d8cd219f36e445ef483cf42da5aaca4"
},

{
    "dl" : "http://222.186.60.128:1501/522/com.qihoo.gameunion_41611.a",
    "pn" : "com.qihoo.gameunion",
    "md5" : "dfe5a616507560a49c16831d12b882a0"
},

{
    "dl" : "http://222.186.60.128:1501/522/CFQMJS_AG_610_20150811_1.0.0.3.a",
    "pn" : "com.aiwan.sniper212.zxcps.zx1",
    "md5" : "8446863713d13cb047029f867167f785"
},

{
    "dl" : "http://222.186.60.128:1501/512/Sogou_Explorer_1493.a",
    "pn" : "sogou.mobile.explorer",
    "md5" : "63e3b5c44796ac43fd3eb99d568c6525"
},

{
   "dl" : "http://222.186.60.21:1501/522/xiuba-3.3.0-3262-1-TEST1.a",
    "pn" : "com.xiu8.android.activity",
    "md5" : "721a40131f83bee2874904fb332c8de5"

}]}

 

Use adb.exe to install the Apps:

Apps in the below snapshot are all installed by this malware.

We have noted that this malware is regularly updated. At the time of our research the latest version is 1.7 and this malware checks with a remote server to get the newest version each time it runs.

Query the server to check the version:

http://222.186.60.89:9023/?action=getVersion&pcid=6C78A9C3_%3CMACHINE_NAME%3E&nowVer=1.1&pid=109&subpid=&runas=exe

And the server responded with:

{ "renew" : "0", "version" : "1.7", "dl" : "http://222.186.60.128:1123/setup/appmain.v1.7.exe" }

We found this malware has been actively developed and improved for some time, and below is a record of some of the versions we have observed. It is possible this malware is developed and maintained by a stable team.

But how is this malware distributed to end users’ computers in the first place? The answer is via the alliance model we mentioned above.

In our research, we looked at two cyber café alliances named in Chinese ‘领跑吧网吧联盟 (Leading runner cyber café alliance)’ and ‘快步网盟 (Fast step net union)’ – and we captured some of their distributing servers and their client’s apps:

[File]
kuaibu8=http://4IG7UpAH.adkuai8.com:7000/iniuser/
szicoad=http://4IG7UpAH.adkuai8.com:7000/ico/
wbzzlm=http://4IG7UpAH.adkuai8.com:7000/wbzzlm/

[update]
Startupdate=yes
kuaibu8=kuaibu8
szicoad=szicoad
wbzzlm=wbzzlm

[server]
01=down01.kuaibu8.com:5505
02=down01.kuaibu8.com:5505
03=down01.kuaibu8.com:5505
04=down01.kuaibu8.com:5505
05=down01.kuaibu8.com:5505
06=down01.kuaibu8.com:5505
07=down01.kuaibu8.com:5505
08=down01.kuaibu8.com:5505
09=down01.kuaibu8.com:5505
10=down01.kuaibu8.com:5505

[dllhost]
yewu01=/updata/adclient/ie/ieadd.dll
yewu02=/updata/adclient/cpu/cpuvod.dll
yewu05=/updata/adclient/desk/tequangame.exe
yewu06=/updata/adclient/desk/desk1.exe
yewu09=/updata/adclient/pcfen/app.dll
yewu10=/updata/adclient/sohu/adpc.exe
yewu98=/updata/adclient/baidu/baidu.dll
yewu100=/updata/adclient/online/ipdong.dll
yewu101=/updata/adclient/online/letvst.exe

[yewu01]
zhuyeid=/updata/adclient/baidu/baidu.dll
daohang=/updata/adclient/baidu/baidu.dll

[MD5]
pc.dll=19F7823A7CFE41AC7391BA1C8C402D4B
ieadd.dll=B72A680F93B3EE939FD5ED7818BB28FB
cpuvod.dll=C98A50E044DE1BC9E3E0ED3B7B334231
baidu.dll=37E8DBBF71D48CE87B6D21362A4E2E69
tequangame.exe=A36BCA657DA769E928FC1F746759E66F
desk1.exe=6438B7830D7B110CDF2CDF017AC6EF69
app.dll=5E782960BB0EABB41E756E58381CB5DA
adpc.exe=ED596AB4CABE52680A97073C29BCAC6D
ipdong.dll=5C6F0FEE74493D76F6EBA01BBC741190
2345ieadd.exe=93E32D9C0D647EC2DA4E456398905947
ieadd360.dll=136E8CA0987C754EEBFBCC7164307E78
letvst.exe=6283F091AE24944D487A67FC0C92DD46
wyvip.exe=689DBD3CED0D2A1404DD5ED1E6B06EB6
bdbrowserSetup-7.6.504.2877-1811_10003289.exe=095D58F8A54AC364836A7BA4AA802D25

In order to help protect you from this type of malware, AVG is already detecting them as “Agent5.ZKR” – just one of the many threats we continue to protect you against, on all your devices.

Getting the care you deserve for your digital life

Being connected and enjoying your digital life these days means dealing with many devices.  Computers, smartphones, tablets, game consoles, printers, and don’t forget they all need a reliable Internet connection too!

And despite all that money you spend on your technology, when things go wrong and you spend hours searching for a solution that doesn’t work, it can be very frustrating and lonely.

Having to solve a technical problem quickly when you don’t know the answer can feel a bit like you are the contestant on a live TV game show!  The only difference is there’s no 50/50 or “ask the audience” option – instead you’re only left with “phone a friend”.

Then what happens when your friend can’t help?  Or if you know that calling your “friend” is going to leave you with more questions than answers, or you’re going to get “that look” they give you; like you’re the dumbest person on the planet.

Instead, let me suggest a new friend, a really smart and non-judgmental friend, who will help you with technical problems on your PC, Mac, tablet, smartphone or game console.

Your new friend is called AVG Go :)

AVG Go offers remote technical support 24 hours a day, 7 days a week. I bet your other friends are never THAT available!

Our dedicated tech experts can help you with:

  • troubleshooting operating system issues
  • installing and configuring software
  • setting-up and configuring your router and Wi-FI to get you online
  • diagnosing and removing viruses, spyware, & malware.

If you sign up for the AVG Go Total Care Plan, you also get our award-winning protection and performance products for unlimited devices with AVG Ultimate. All of these products are included:

  • AVG Internet Security for Windows
  • AVG AntiVirus PRO for Android
  • AVG AntiVirus for Mac
  • AVG PC TuneUp for Windows
  • AVG Cleaner for Mac
  • AVG Cleaner PRO for Android.

For more information visit AVG Go or, if you’re in the US or Canada, call 1-844-234-6038* now for your FREE consultation.

*AVG Go is currently available in the US and Canada and we hope to bring you more locations in the future.

Performance Shootout: Windows 8.1 versus Windows 10

One of the first things you see when reserving your free copy of Windows 10 is that it’s “designed for speed”, promising you faster boot times, resume times and more. But is Windows 10 really that much faster than its direct predecessor? We’ve put it to the test and show you how the new OS fares in multiple scenarios such as boot time, performance while working, smoothness of gaming or battery life.

The Device Tested

In our lab, we started our tests with a rather high-end multimedia notebook – the Asus UX-501.

Asus UX-501

It’s equipped with a Core i7 (which clocks up to 3.6 GHz), 16 GB of RAM, a rather powerful GeForce 960M GTX and a blazing-fast 128 GB SSD. It’s one of the hotter devices of 2015 and should definitely show if and how much Windows 10 was able to speed things up compared to the pre-installed Windows 8.1.

How we tested

To get reproduceable and comparable results of Windows 8.1 versus Windows 10, we clean-installed both versions and installed only the latest drivers as well as our speed testing software, such as PCMark 8. Then we prepared both installs with the following steps:

  • Put the devices in a controlled room with 23° celcius and 250 (+/- 50) lux
  • Set the power plan to “Balanced”
  • Run all scheduled tasks and automated tasks using the “Rundll32.exe advapi32.dll,ProcessIdleTasks” command
  • Installed all updates
  • Left all Windows optimization features enabled
  • Repeated all benchmark tests three times and then averaged the results

So let’s have a look at the tests we performed before and after the upgrade to Windows 10 Build 10240 (final, including the latest updates as of July 27th):


1. PC Startup Time: Windows 

For “boot time” tests, we used Microsoft’s “Windows® Performance Toolkit”: These tools are used by software and hardware makers to test the impact of battery life and performance of their products on typical machines.


The difference isn’t huge, but it shows that Microsoft is working hard to shave off seven milliseconds of boot time: 9 versus 8,3 seconds isn’t something you feel on such a powerful device, but on a slower PC or laptop this could translate into a far higher benefit.

Winner: Windows 10

 

2. Internet Explorer Startup Time

During a typical work day, applications get launched and closed all the time. Long loading times aren’t just an annoyance to the user, they could even hinder his ability to work or browse the web properly. This is why we used Windows Assessment Toolkit to measure how long it takes to launch an application, in this example Internet Explorer, down to the millisecond.

Yet again, a reduction from 0,9 to 0,45 seconds is something only few people would notice – yet it’s more evidence how Microsoft continually improved performance in every aspect and handles application launch just a tad better than before.

Winner: Windows 10

 

3. Writing, Web Browsing and Video Chat Performance

The next test involved the benchmarking tool PCMark 8 which uses real-life scenarios such as browsing the web, Office 2013, Adobe Creative Suite and other tools to recreate a typical home and business scenario. It measures the exact time it takes to complete tasks down to the millisecond:

The numbers you see in the graphs represent the time it took to complete the browsing benchmarks. Unfortunately, in this instance, the results really weren’t that different. A 0,11s difference is completely within margin of error and doesn’t have any real-life effect.

Winner: Tie

 

4. Word, Powerpoint and Excel Performance

The next test involved PCMark running automated actions in Word, PowerPoint and Excel to measure performance, such as converting and calculating a huge Excel file:

We were impressed: In all test iterations, Windows 10 was able to run 8% faster when working with the Office suite.

Winner: Windows 10

 

5. Grand Theft Auto V performance

Thanks to the ubiquity of services like Steam and the increased sales of capable PCs or laptops, gaming applications are not just some of the most popular applications pn PCs, but also the most resource-intensive too. This is why we used the top game of 2015 Grand Theft Auto V and its built-in benchmark tool which measures the average FPS (Frames per seconds) for different scenes and scenarios of the game:

Windows 10 performed slightly slower, but also well within testing tolerance. However, one of the main benefits of Windows 10 is the exclusive implementation of Microsofts graphics platform DirectX 12 which is supposed to speed up games by to 50% – unfortunately, we’re still waiting for such titles so there’s no way to really put this to test.

Winner: Tie

 

6. Adobe Creative Suite Performance

While the last couple of tests focused more on consumer activities, such as browsing the web or working with Office, particularly IT professionals have a need for snappy performance. One such example is Adobe’s Creative Suite:

Again, Windows 10 showed better results: Likely due to the improved resource utilization and improved driver support.

Winner: Windows 10

 

7. Battery Life while Working

Microsoft promised better power management in Windows 10 and that it would save more battery life when on the go. We tested this using PCMark 8s work tests (in loop) until the battery ran dry. The result:

In all three test iterations, Windows 10 managed to run 9 minutes longer. Not a massive improvement, but definitely enjoyable.

Winner: Windows 10

 

8. Battery Life while gaming

Gaming is the number 1 battery drainer so it doesn’t come as a surprise that our tests were done rather quickly. Unfortunately, even with NVIDIAs latest drivers (as of July 28th), battery life on the 960M while playing GTA V went down rather than up:

A reduction of 13% in all of our tests. We’re hoping that NVIDIA and Microsoft are working closely on a new driver to fix this issue.

Winner: Windows 8.1

 

9. Battery Life while watching a movie

It came as a surprise that our movie tests showed some significant improvements for Windows 10. When watching a 1080p video clip in a loop using Windows Media Player under Windows 8.1, the laptop died after 2 hours and 25 minutes. However, when going to Windows 10 it lasted a whopping 3 Hours. Likely that Windows 10 does something in the background to reduce resource usage and just focus the power on the things necessary for movie playback:

Winner: Windows 10


Verdict

Windows 10 – even in its first release – a tad faster than Windows 8.1. But beware, it doesn’t do magic: some areas only improved marginally, whereas other areas (battery life) really jumped up noticeably.

However, we just tested a clean install of Windows 8.1 versus a clean Windows 10. The areas in which operating systems really suffer from performance is the gradual slowdown that occurs over time and with more and more programs or drivers installed. That’s why, in our next blog, we installed 150+ programs on new Windows 10 devices to see how much the new OS is resistant to this load – and what we, as AVG, can do about it! Stay tuned.

Windows 10 not playing DVDs? Here’s why.

Microsoft has included the DVD Player software for free in Windows 10, but only if you’re upgrading from any of the following versions:

  • Windows 7 Home Premium, Professional or Ultimate
  • Windows 8 or 8.1 with Windows Media Center.

It’s free for a limited time, but Microsoft hasn’t given any indication as to how long that will be. So if you haven’t already upgraded and qualify for the free DVD software, you might want to consider upgrading soon.

It’s important to note that to receive the DVD Player app from Microsoft for free you must upgrade Windows 10 from your existing version of Windows.  A clean install of Windows, despite this being the preference for many people, won’t work.

What if you don’t want the Windows DVD Player app? No problem, there are free and open source alternatives available, such as VLC Media Player

While you’re at it, remember to keep all software on your PC up-to-date and install an antivirus solution like AVG AntiVirus Free to prevent infections against viruses and malware.

If you have any tips for Windows 10 you’d like to share, please let us know via Facebook or Twitter. Until next time, stay safe out there.