malware

Why are weird text files appearing on my desktop?

George from Houston, TX

Episode 1393

George wants to know why he's getting weird text files being saved onto his desktop. Leo says it sounds like an app was written with debugging turned on, and when he uses that program, it saves the error messages to a text file. It's a harmless mistake left over by the developer. The trick is to figure out which app it is. George should check out Microsoft's Process Explorer. It should be able to help him track down what app it is. It's at Sysinternals.com.

WannaCry Ransomware Has a Possible Solution

Episode 1391

Encryption

WannaCry is ransomware that can lock up your data unless you pay the hacker who created it. WannaKiwi, however, finds the crypto key in your PCs RAM to undo the damage. It only seems to work about a third of the time, however. That's why Leo says to make sure you don't get it by altering your behavior, and by making sure you have current backups of your data should it happen. One thing you should never do is pay up, because you don't know if you'll get your data back, or if there's something even worse getting installed.

Have I been bit by ransomware?

Episode 1389

Grover from California
Google Chrome

Grover has a popup that says to call Microsoft Support. Has he been bit by ransomware? Leo says no, probably not. It's a phishing attack, but it's to try and get him to call in and then they charge him and access his computer. It's Scareware, really. He can ignore it, but it keeps popping up and he has to reboot his system to get rid of it. He even replaced the hard drive, but it didn't help.

WannaCry is the Latest Phishing Ransomware Attack

Episode 1389

WannaCry

The latest ransomware attack is called WannaCry and it's spreading via phishing email attacks. The ransomware not only encrypts your data — it also has a built-in kill switch on websites. Security researchers may have crafted a fix to it, but there's a catch. The encryption is done using Microsoft's bit locker, and the fix is to take advantage of a flaw in the cryptographic memory that keeps the keys in RAM so it can harvest them and unlock your data.

Has my computer been hacked?

Episode 1385

Melinda from Sherman Oaks, CA
Hacker

Melinda says that after she turns on her computer and goes into her browser, it takes a really long time to get to Gmail, and it goes to her eBay and other accounts. She wonders if she got hacked. Leo says perhaps. That kind of behavior points to being hacked. Maybe someone has gotten physical access to the computer. Did she make an enemy?

Does a smartphone need antivirus?

Episode 1385

Jim from Bend, OR
Antivirus

Jim bought a pair of Samsung Galaxy S8 and the guy at the store said he doesn't need an antivirus app to protect it. Is that true? Leo says it is. Mobile phones don't really need that extra precaution, as long as he only gets his apps from Google Play Store. He should be careful what apps he gets, though, even then. Sometimes a junky app does get through. The benefit through Google Play is that if one gets through, they will remotely kill it.

Did malware break my laptop?

Episode 1383

Janet from Santa Monica, CA
Apple MacBook Air

Janet has a 2014 MacBook Air and she's got malware. Leo says it's very rare to get malware on the mac, so it's unlikely. Janet is getting redirected to other sites. That's a browser hijack, not a virus. It's malware, but it's browser level malware. The laptop has also died as a result. Leo says that hardware can die, especially a laptop that's being carried around. A MacBook Air may be more prone because it's so thin. It could also just be a bad logic board or diode on it. It's not related to the malware/browser hijack issue, though. It doesn't work that way.

Has my browser been hijacked?

Episode 1383

Doug from St. Louis, MO
Chrome Reset

Doug's in laws are getting popups in Chrome using Facebook that malware is on their machine asking them to download something. Leo says that is a fishing scam trying to get them to download and install something. Leo suspects that there is a malicious extension in Chrome that is causing it. Leo suggests resetting Chrome to wipe out everything. They'll have to reinstall the extensions, but it's the only way to be sure. They should go to Settings and search for Reset. That'll make it go away.

Has my computer been hacked?

Episode 1382

Art from California
Hacker

Art opened his computer and something took control of Chrome and wouldn't let him shut down the app or his computer. Has he been hacked? Leo says not to panic. It's likely a javascript instruction that hacked a website. He can always force quit his browser to get out of it. He can do that by pressing Ctrl-Alt-Delete to open the task manager for Windows. On macOS, press Option-Command-Escape and Force Quit the app.