malware

How do I get rid of Search Conduit?

Brian from Fountain Valley, CA

Episode 1074

Brian downloaded DropBox from Download.com and now he's stuck with Search Conduit. This is adware, and it's not technically malware. Leo believes that it is, though, because even though it asks the user to install, it isn't very clear. Leo says he wishes CNet/CBS Interactive would stop doing this with wrappers that install adware. Search Conduit even schedules itself in Windows to reinstall after it's removed. The fact that Brian has other symptoms in addition to this makes it sound like Brian has more malware as well.

What could have used up 20GB of my data plan overnight?

Episode 1074

Bob from Los Angeles, CA
Verizon Jetpack LTE Mobile Hotspot

Bob has been getting warnings that he's "overdrawn" on his MiFi data plan and wants to know if he's been struck by the Heartbleed virus. Leo says no. Heartbleed attacks servers, not mobile devices. More likely, Bob has an app that is active and downloading everything. Someone may have also commandeered the system and is using it.

'Heartbleed' Flaw in OpenSSL Exposes Passwords on Many Popular Websites

Episode 1074

OpenSSL is a widely used protocol for providing secure internet traffic. The "Heartbleed" bug takes advantage of a hole in OpenSSL to peer into the memory of SSL servers. It can allow a hacker to ping 64K of random memory repeatedly, thereby allowing them to glean usernames and passwords, and even fake a server certificate.

How can I get rid of the FBI virus?

Marie from Whittier, CA

Episode 1073

Marie got the FBI Virus Scam popup that has locked up her computer. Leo says it's highly customizable by the hacker who sends it out and in Marie's case, it demands she call to address the issue. So Leo thinks that it may be an offshoot of the cyrpto locker virus. Or just a malicious website. Regardless, her system has been compromised. The only real way to handle it is to backup her data, wipe the drive and reinstall Windows from a known, good source. She can also run the system restore discs, then update the OS completely.

Why am I unable to update Windows? Do I have a virus?

Mike from Lake Forest, CA

Episode 1072

Mike says his daughter's computer has a virus, and now he can't run Windows update. She was downloading music. Leo wonders what the symptoms were that led Mike to believe he had a virus. It could be a bad sector on a hard drive. Leo advises scanning with an online antivirus checker. Leo also suggests running Microsoft's Malicious Software Removal Tool. Click on "Start," then select "Run,", type "MRT" and hit enter. He should choose to do a thorough scan. He can also try MalwareBytes.org.

How can I run as a "Standard User" in Windows without losing my current account settings?

Episode 1072

Sam from Sherman Oaks, CA
Windows 8 UAC permission

Sam is worried that his Windows computer is running as an administrator. Leo suggests creating a second administrator account that he won't use. Then downgrade his regular account to standard user. He could make them look completely different to tell them apart. Then if he needs to install something, it will ask him to log in as an administrator. Any software that needs him to run as an admin, he can just right click on it, select the "run as admin" option and type in his password. This will protect him from over 90% of all malware trying to get on his system.

Why am I getting warnings about websites being infected?

Episode 1072

Michael from Cerritos, CA
Google warning

Michael has noticed that he gets a warning that some websites are suspect and it won't let him in unless he agrees to take the risk. Leo says that is a function of Google and Microsoft which searches websites and flags them as being at risk for malware. Leo says it's a good service, and helps prevent malware from poorly designed websites from infecting users, especially on the Windows platform. Forums are frequently bit because they are written in open source and rarely updated. They should fix it, because if Michael is having issues, then everyone is.

How can I get rid of a redirect virus?

Lloyd from Huntington Beach, CA

Episode 1071

Lloyd got a redirect virus. Leo says these days there really isn't an easy way to get rid of a virus because not only is he infected by this virus, but there's usually other viruses that get invited as well. Once it's on the computer, it can be so deeply embedded that any attempt to remove it can disable the operating system. So at the end of the day, the only thing he can really do is back up his data, format the hard drive, and reinstall Windows from a known, good source. Then he should run all the available updates.

Is an old version of Office safe to use?

Bob from Potsville, PA

Episode 1070

Bob has a very old version of Microsoft Office and he wants to know if it's safe to continue using. Leo says that this week, a "zero day flaw" was found in Microsoft Office through the RTF rendering engine, and hackers have been taking advantage of that. So if there's an update, update it. Leo also says not to use Internet Explorer. Use Google Chrome instead. He should turn off the feature that automatically launches an app when he goes to a website as well. If he's careful, he should be able to keep using his version of Office, though.

How can I get rid of an error in Internet Explorer?

Nate from Las Vegas, NV

Episode 1069

Nate has been having an issue with his computer for a few months using Internet Explorer. Leo says that Windows "Dynamic Linked Library" files (DLL) could have been infected, causing an error and since it's spreading, it's likely to be malware. It could also be that the hard drive is getting a bit flakey and the files are on a bad sector. Or the DLL itself is corrupted. Add-ons may have been installed as well, causing issues. He should remove all of his add-ons, and try resetting his browser. He should also boot into safe mode and see if he has the same problem there as well.