Weybridge Computer Services

WCS.Tony

Blog

WCS.Tony - Sat May 13, 2017 @ 04:56AM
Comments: 0

Whatever you do - DO NOT PAY THE CROOKS

1. Turn off the PC
2. Report it to the police
3. Call a reputable PC support company.

I've had some experience with these attacks and they usually encrypt all your data, then pop up a message saying PAY ME TO GET YOUR DATA BACK.
Now if you have kept your PC updates as Microsoft suggest and have a current reputable antivirus running you should be OK.
Obviously you still have to be careful when you click on email links or run / open attached files (save should not do any harm).
The best defence is not to load the virus in the first place!

Your second line of defence is to take regular backups of your data, I can always reinstall Windows (even if we have to buy a copy) but YOUR data is unique to YOU. All your photos of the kids, friend’s addresses, typed letters to the solicitor etc. For the sake of £50 buy an external USB drive and use it to backup at regular intervals - once a week, a month, whatever. I would also recommend that you backup to different files or folder – not just overwrite the only copy each time. For example what would happen if you backed up your encrypted files to you only backup copy? You could have Backup-Jan, Backup-Feb etc., or Monday, Tuesday.... you get the idea.If you are really concerned or careful – each back up could be on a different USB drive. Work out what you want / need for your data and DO IT.

Obviously you will need to unplug the drive from the PC afterwards; otherwise the ransom ware will also encrypt your backup.
Personally I back up to an external USB drive and make regular secondary backups to DVDs that I store away from the PC.

Now back to "help I've lost all my data and they want £300".

Killing the nasty virus is not usually a problem to an experienced PC support technician.

This must be done before anything else as otherwise any files you attach (like trying to restore from your backups) will also get encrypted before you get a chance to copy them back. Once the virus has been stopped you can recover your old files from the backup just by copying them back.

If backups are not available, or very old, I have usually managed to crack the encryption key(s) but and here is the big BUT I need an encrypted file and the same file before it was encrypted. Usually one key un-encrypts all the user files, but quite often I had to get the key on several different files and keep un-encrypting until they are all back. Usually this is just restricted to user files but I've had instances where several system / software files that had also been encrypted.

A few customers who did not have ANY backups on USB drives, sticks or DVDs. Not even any files in OneDrive, Google Docs (both FREE) or Dropbox / Carbonite / Crash Plan etc. Luckily for them they were old customers and I always put a document detailing what I have done on their PC and any log files I created. This is stored as a DOC(x) or RTF file on their PC and I keep a copy for reference. I was able to use those files to hack the encryption keys, and restore all their data.

So basically:

  • Keep your system and antivirus software up to date.
  • Take regular backups and keep the copies (more than one) safe and away from your PC.
  • Google how to spot SPAM and what to do with email links and attachments, or how to avoid ransomware. No matter how good your system is at protecting itself it’s far better if you don’t do anything silly and let the attack in. Knowledge is power!
  • Finally there are many free (and paid) dedicated anti ransomware programs out there, you may wish to try one.

I should add that currently (13/05/2017) there is no decryptor available for the Wannacry attack that hit the NHS. Unless you have backed up your data you are in trouble. It may be possible to recover the original / deleted files using specialist recovery software but apparently the virus tries to stop that as well. Even if the old deleted files were on the disk after the infection every time you boot, every time you use your PC it will write data to the disk and there is a greater and greater chance that your old files will be completelly overwritten by new files.

If you have not been infected BACK UP NOW!

Comments: 0
WCS.Tony - Tue Mar 29, 2016 @ 06:54AM
Comments: 0

Has anyone manage to use one of these on Windows 10 64 bit?

Basically I bought this years ago when FREEVIEW (Digital TV) was staring, to be honest it was more of a toy just to get TV on my old PC and I recorded a few programs and then forgot all about it. Well last week my friend's huge LCD TV packed up and I though he could borrow my USB dongle so that he could at least see TV on his PC.

It quickly became apparent that the drivers that came with this device would not install on Windows 10 and it comes in as UNKNOWN.
When I try to update the drivers using Windows 10 it fails
                  "Windows could not find driver software for your device"
I downloaded various drivers from the web (take care loads of odd downloads / viruses and driver checking software) and manually pointed the driver update to those folders and / or run the setup programs.
So far none of them have worked.

I can run the original BlazeVideo and SichboPVR software but, without the drivers, I cannot find a TV device.

USBDeView shows the dongle

DVBT AF9005 BDA Device Vendor Specific Yes Yes No No 16/05/2010 15:31:36 29/03/2016 13:50:00 15a4 9020 1.00 ff ff ff Hub 1, Port 3 Afatech Technologies, Inc. AF05BDA AF9005 BDA Device AF05BDA.sys MEDIA AfaTech 500 mA 1.10 AF9005 BDA Device 6.3.2.1 AF05BDA oem39.inf USB\Vid_15a4&Pid_9020\5&34a681e0&0&3 Removable, SurpriseRemovalOK

Device instance: USB\VID_15A4&PID_9020\6&30663d42&0&2
Hardware Id: USB\VID_15A4&PID_9020&REV_0100

Yes I know!
I have already set him up to look at catch up TV through the Internet.
But surely there must be a working driver for this dongle?
Or a means of getting the old driver to work in Windows 10?
Would Driver Signature Enforcement Overrider  be any use?

HELP?

Comments: 0
WCS.Tony - Thu Mar 24, 2016 @ 07:17AM
Comments: 0

It really is about time that our police and BT did something about these scams.

Hardly a month goes by when I don't get a call from someone AFTER they had a call from Microsoft.
My usual reply is "How do you know it was Microsoft?" - because they said so.
Just to be clear Microsoft do not call up users at random, hang up and report it to the police and BT.

The other similar issue is when people search for help online, quite often the entry at the top of the search page is "fake" and pretend to be from Apple or Microsoft of whoever. Once again "How do you know who they are?". I had people sign up for 3 years worth of "excellent" help from "Apple" or with free 24 hour support from a "Microsoft company". BE CAREFUL!

The standard "I'm from Microsoft and you have a problem with your computer" does not in itself cause you any problems. The problems come when you allow then access to your computer or give them your bank / credit card details. Usually they add some programs to your PC so that they have access to it, sends them your username and passwords or even lock it up unless you pay them. And rest assured they WILL want payment to "fix" the computer that was working fine before they call.

One young chap (it is usually the more elderly ones that get caught by these evil people) assured me that he had allowed them into his laptop, but had refused to pay them. I was rather surprised that he got off without paying but removed all the various malware and viruses that were now slowing down his laptop. There were also some proxy settings and remote monitoring programs that I removed and installed Avast FREE for him as his Norton has expired years ago and he had never renewed the contract. There are several good FREE antiviruses that you can use.

Anyhow after all that I returned his laptop and he asked me if I would taker a cheque from his wife. I was a bit surprised so I enquired and apparently his bank account seems to be empty - must be a mistake. I assured him it was probably NOT and to call his bank at once. They had got hold of his bank details even though he assured me that he had not given it out.

SO TAKE CARE.

If you get a phone call from someone claiming to be from Microsoft - HANG UP.
If you get a phone call from anyone claiming to be from company-x - how do you know they are who they say they are.
If you are not sure hang up and find out, call the company using a number from a letter you had from them or the phone book.
And even this is not 100% safe as they could have stayed on the line, when you hang up.
When you dial again, they are still there and can put another person on the phone to vouch that they were who they said.
To get over that call someone you know and you know the line is clear if THEY reply, or their answerphone replies.
Only then can you call the real company number and check if they are really calling you.

AGAIN - WHY CAN'T BT FIX THIS PROBLEM?

If you have allowed "Microsoft", a free "support company" or ANYONE access to your PC - my advice...
TURN IT OFF and CALL ME.

Comments: 0
WCS.Tony - Wed Sep 02, 2015 @ 09:30AM
Comments: 1

A huge thanks to Philby E McGee at http://www.bleepingcomputer.com/forums/t/581470/ba...

My Windows Updates began failing about 10 days ago and I've tried just about everything on the web including various Microsoft Fix Its, SFC, SCFix, register / unregister various services, batch files, registry files - nothing would allow me to start BITS or get new updates.

Never mind I will update my Windows 7 to the amazing new Windows 10
But I could not do that either!
Windows seemed to be using the update service to do the upgrade.
Or rather failing to, on my laptop.

I contacted the Microsoft online help (saying that Windows Update was the problem) and after over an hour of fiddling about on my computer he updated the BIOS (without asking me). Once again I mentioned that I thought it was my Windows Update problem.
NO - He then proclaimed that I had a "driver issue" - "Contact ACER".
Which driver I asked - no reply.
Could we not just update to Windows 10 from scratch and replace ALL drivers?
NO!

:deadhorse:

I gave up and after cooling down I tried several very complicated and time consuming repairs - or rather NOT repairs.
Then I saw this simple solution all I did was create a new registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup
Straight away I was able to start BITS, the first time in nearly two weeks.
I started Windows Updates and applied 23 of them.

Now I am waiting for my Windows 10.
"We'll let you know when this upgrade is ready to be installed on this PC".
I can hardly wait.

Once again a great big THANK YOU :bananas::thumbsup::bananas:


By the ways BITS is Background Intelligent Transfer Service.

Update:
Windows 10 became available soon after and installed with no problem.

Comments: 1
WCS.Tony - Sun Mar 29, 2015 @ 04:37AM
Comments: 0

This seems like a nasty trick from Logitech.
I am talking about my Logitech Cordless Desktop LX 700 but it may also apply to other models.

A few weeks ago a customer gave me an old wireless keyboard and mouse.
"It does not work and I have bough a new one".

Soon afterwards my keyboard began sticking on certain keys. Pouring a large mug of tea over it and then cleaning it did not help and no amount of silicon spray seemed to stop the sticking. Then I remembered the Logitech mouse and keyboard.

The keyboard just needed new batteries and the ones on the mouse were dead. As they are rechargeable I removed them and charged them on my battery charger. After that the mouse worked fine as well.

But after a few days the mouse suddenly stopped, as I keep forgetting to put it back on the charging cradle when I finish I was not too surprised. After this happened a few times (and now I was putting the mouse back in the cradle) I decided to swap out the existing batteries (AA) for two rechargeable ones. The Logitech batteries seemed to be glued together with a piece of plastic in the middle. I put in the two new AA batteries and everything was fine. But a few days latter the mouse stopped again - had I put it back in the charger?

So I blamed myself and charged the batteries externally again, and again.
Today I checked the batteries - OK, the contacts in the cradle - OK, the joints inside of the mouse - OK, the power supply - OK. WHAT COULD IT BE?

Then I noticed the a little switch right between the batteries.


A switch that would be depressed by that strange plastic between the two original batteries. I cut a small piece of plastic to the right size and made sure it was held in by the batteries. Put the mouse back on the cradle and, for the first time, I noticed a little green LED on the mouse. IT CHARGES.

What a nasty trick!

Comments: 0
WCS.Tony - Wed Feb 11, 2015 @ 12:36PM
Comments: 0

I have been using my old XP laptop for many years, usually to look at the web of for the odd email - and it does a great job.

Last week, however, I started noticing that AvastSvc.exe seems to be running constantly at 16 to 19% CPU. I have installed Avast FREE on many computers over the years and have never seen this before. Well not without a virus or another antivirus running.

I quickly checked for malware and did a full boot scan - CLEAN. As this is my laptop I am sure that I removed the previous antivirus programs properly, but had a quick check as well - OK. I am fairly familiar with the running tasks on this laptop, and no new or unknown tasks were running. A quick check with the new AUTORUNS / VirusTotal confirmed that everything was as it should be and no virus.

I assumed that one of the many new Tools that Avast are so fond of including must have been let in when I manually installed Avast. But no everything seemed OK. I tried removing any unecessaty options but the CPU remained around 19%. Avast, like many other antivirus / malware programs I USED to use, keep adding more and more rubbish to the basic antivirus. BUT THAT WAS NOT THE PROBLEM.

By now the disk IO read had gone into the BILLIONS and my poor old HDD's LED was constantly flashing. Why had I not noticed that before? The only way to stop the CPU and constant reads was to stop the File System Shield for 10 minutes - CPU %. Turn it back on and the CPU was back at 19% and the disk reads started again. As looking at my File system is a fairly basic requirement for my antivirus I searched for another solution.

I was just downloading the Avast removal tool and the latest version of Avast to reinstall it. Then I had a final look at my running tasks. I decided to kill tasks one at a time to see if anything was causing Avast to react like this. I killed TeamWare which was running in the background, I had problems with the laptop graphics last year and used this to connect from my desktop and change the graphic settings. Anyhow as soon as I killed TeamViewer, AvastSvc.exe went down to 0% CPU (zero) and no reads.

HAD I SOLVED IT?

I rebooted and the AvastSvc CPU remained at ZERO.
Start TeamViewer - CPU back to 19% and the HDD LED flickering again.
Kill TeamViewer and we are back to "normal" with 0% CPU.

If only I knew WHY?

Comments: 0
WCS.Tony - Tue Apr 22, 2014 @ 05:02AM
Comments: 0

I've had a lot of calls from customers asking for help after reading about the Heart Bleed / Heartbleed issue.

Well there is really very little chance of YOUR password in a specific site having been compromised. BUT the recommendation from just about everywhere is to change your passwords.

There is no point changing your password before the site you are using secures their code, your new password would still be vulnerable. However there are plenty of sites that have information on the updates Mashable.com and many sites will email you when they have made the security changes.

Here is a link that explains how the bug works Howtogeek.com

Obviously you will have to make a note of all your new password and you may need to log into services, Apps and programs that use these passwords. For example if you use Outlook to read your email and you change the email password - you will also need to change it in Outlook.


If you have not already done so I would strongly advice you to use LASTPASS (or a similar system) to keep track of all your passwords. Lastpass now even has a security feature that will help you manage the password changes and what sites to change and WHEN. Don't forget to accept the password changes when it warns you. Lastpass even has a history button to show you the old passwords.

See Lifehacker.com for a tutorial.
And get your LastPass account here Lastpass.com/create_account


Comments: 0
WCS.Tony - Mon Dec 23, 2013 @ 01:51AM
Comments: 0

Hi, and a Merry Christmas to all my customers.

I have been receiving several panicking inquires about this new and highly destructive virus or rather RANSOMWARE. For those of you that have not heard, CRYPTOLOCKER has attacked over 250,000 machines ... so far.
Well - I can now protect your PC.

Once in your computer it quietly starts encrypting your files and when it has finished a message pops up asking you for $300 to get the key to recover your data files.
Yes I can stop and remove the infection .
But NO, neither I or anyone else can unencrypt your files.

You have to:

  • Recover them from a back up
    (that was NOT connected to your PC during the infection),
  • OR - pay the pirates and pray that they honour the agreement.

Having studied the current infection I can however make some changes to your PC that will prevent the encryption in the first place.
Should you want this peace of mind I can now do this for you and also give you some hints and tips on avoiding this type of infection.
I cannot guarantee that Cryptolocker, a variant or a similar infection will not evolve to get past this defense.
But I am sure that the current Cryptolocker infection will be stopped.
I GUARANTEE THAT WITH A MONEY BACK PLEDGE.
So if you want peace of mind call me - 01784 434 458 or 07883 062 986

Comments: 0
WCS.Tony - Wed Aug 14, 2013 @ 04:41AM
Comments: 0

Well, I must admit that I am getting more and more annoyed by Google.

Once upon a time they were "my friends" and could do no wrong, now they are turning into another Microsoft or Apple. They seem to think they know best and whatever they do or change we will accept.

I was glad to hear that they were adding a location service to Android. There are plenty of alternatives out there: Cerberus, Lookout, Prey ..... but this one was GOOGLE.

I tried it when it first came out - nothing, so I waited assuming my old phone had "not been done" yet.
Finally when it was out to EVERYONE, and I still could not get it, I explored the problem further.
As usual no hint of an issue on Google's web sites, and no real help or instruction.

I noticed that my Google Play was not up to date, I thought it updated automatically?
I could not find any update button for Google Play or Google Settings? In the end I was forced to log onto PLAY, on my PC, and INSTALL Google Play again to my phone. FINALLY it updated and I could now see the fabled Android Device Manager in my Google Settings. But no - still no active devices when I tried to locate my phone.

I tried all kinds of resets, reboots and much swearing - none helped.

Then I found this web site http://forum.xda-developers.com/showthread.php?t=2397653

If your Android device doesn't appear in Android Device Manager, or if you see Unknown location despite your device being online and running Google Play services version 3.2.25 or higher, follow these steps:

1. Open Google Settings from your device's apps menu.
2. Touch Android Device Manager.
3. Uncheck Allow remote factory reset.
4. Go to your device's main Settings menu, then touch Apps > All > Google Play services.
5. Touch Clear Data. Note that this action doesn't remove personal data.
6. Go back to Google Settings and select Allow remote factory reset.
7. Restart your device.

Make sure you follow the directiions exactly or it won't work

Followed the instructions CAREFULLY and reboot the phone.

AT LAST - my phone appeared on the map in
https://www.google.com/android/devicemanager

Thank you GOOGLE for making it so easy?

Comments: 0
WCS.Tony - Mon Jun 03, 2013 @ 02:53AM
Comments: 0

This is ridiculous - the ONLY reason for using a reader like FEEDLY is to be able to save and then find items from multiple sources. Removing the search feature is mad and I for one is looking for another Google Reader alternative that does.

But there is a way round this missing search feature, a SOLUTION - for now.

Some people have claimed typing
       gg
,on the Feedly screen, and then
       "search term" in my feedly
does search your saved items, I for one had no luck with this.

The only way I could search through my old saved items was to click on Saved For Latter, or wherever area you want to search - you could click on ALL. Now scroll down - use the mouse wheel, click on the scroll bar or Page Down etc. You will see more and more saved items appear in your browser, keep doing this for as long as you need.

There is no date on the screen but you can always open the bottom item to see the date it was written. When you have reached the end, or gone as far back as you want, open the search in your web browser.

CTRL+F to search in your browser, I use Firefox, then enter your "search term" (no quotes) at the bottom of the screen.

It will then go to the next occurrence of that search term and you can click the down arrow to go to the next. So we are not searching the feedly saved database, but we are searching our saved items that have been displayed on this page.

Note that you will only be searching in items that have been displayed in your browser, so the more you scroll down the more saved items you will be searching through. It does not search all the items in your Saved for Latter; just the items that you have loaded into, in this case, Firefox.

NOT IDEAL - but it works for now.

 

 

20/06/2013

Well FEEDLY have now created their own web cloud and are no longer relying on Google Reader which is ending soon and they have dropped the need to use an addon.

But still no search function.
The laborious manual search above still works, but when I have 6000+ entries it is just not very usable. Yes I HAD to use it a few weeks ago as that was the only way to find an article I needed but it is just not feasible for everyday use.

SO....

1) Try, the now FREE, FeedDemon Pro - install and point to Google Reader and it will download all the starred items and searching (even off line) is simple and fast.

2) Join the excellent IFTTT and POCKET you can then run a "recipe"
Feedly's Save For Later to Pocket  https://ifttt.com/recipes/99550
and / or
Save starred items from Google Reader to Pocket
You can then easily search your POCKET  http://getpocket.com/a/queue/list/.

Hopefully those nice people at FEEDLY will now have time, and the inclination, to give us a search function.

 

 

04/07/2013

Well we were certainly spoilt for choice with Google Reader alternatives.
I think, for once, Goggle have made a grave error of judgment here.
With so many willing customers how could they turn their back on the adverts?
Not to mention that Google could find out exactly what I am interested in by following my Starred items and feeds, this information would be worth a hell of a lot to other companies.

MAD, MAD, MAD!

But back to the alternatives, I was having great problems keeping my starred items online and searching. As I move around and have several PC, laptops etc I need this mine of information online – not on my home PC.

 

I have just discovered http://www.g2reader.com it looks good, works great and I can do SEARCHES. If only it had allowed me to import my starred.json it would have been my 100% favourite. But for now this seems my ideal solution. I’m sure that after a few months my old starred items will no longer be of much use of interest to me.

NO – actually some of them are good reference material, but I can always find them in POCKET.

Up to now my favourite had been FEEDLY but we are still waiting for a search function and you can only upload about 1000 starred items. But I will keep watching as I’ve grown very  used to it and it has an Android App.

 

The only other searchable reader was http://theoldreader.com
But it’s so SLOW.

 

I am also looking at http://www.redtreereader.com/ as it has a starred.json upload facility. It did not work for my huge starred file, but did manage to upload a cut down version. Not sure If I could upload several starred.json files made from “chunks” of my main file? But unfortunately, once again, NO SEARCH, so not much point uploading them.

 

One interesting side effect of  trying out all the readers was that I was constantly clicking on STARRED on different reader alternative pages, trying to keep them all up to date. Well I have not solved this but found an interesting “solution” – I hope. I made my POCKET file available as a RSS feed , click on OPTIONS > remove PRIVACY (no password) and linked all my readers to All items Feed.

 

So, for now, I star the items in FEEDLY.
IFTTT then picks them up and sends them to POCKET.
Those starred items are then available as a RSS feed
to all my other Google Reader alternatives.
I now have a feed, in ALL the Google Reader alternatives,
where all my newly “starred” items are shown.

 

I’M HAPPY AGAIN!

 

 

 

web counter

Hits on this page

 

Comments: 0
powered by Doodlekit™ Free Website Builder