WebCry

[Rick K5IAR]

Sorry for the off radio topic, but I am going crazy trying to get rid of this thing called "webcry". I assume it's some kind of spyware.  I got it on YouTube, I think.  It slipped past my protection software and will not let go.  It redirects my Google browser for the first two searches each time.  I've tried a few removal techniques I found online and downloaded and used a couple of spyware removal packages.  Nothing helps.  Has anyone else run into this monster?

Thanks,
Rick/K5IAR

[Joe Long]

Hi Guy. Go to the web and look up Webcry. There several methods of getting rid of this nasty worm.  Joe

[k4kyv]

A few years ago I had a similar redirect problem with certain sites.  I downloaded Firefox and the problem did not occur when I used it.  I liked what I saw with Firefox, and haven't used IE since, except for certain sites that were designed not to work with FF.

As far as WebCry goes, here are instructions on how to remove it.

http://www.pchubs.com/blogs/webcry-removal-process-how-to-remove-webcry

BTW, I got rid of McAfee when my subscription last expired, and downloaded a free anti-virus called avast!  The first time I ran it, it found several virus files that McAfee had failed to detect.  I combine Avast! with the free version of ZoneAlarm firewall.  I also regularly scan with AdAware, Spybot Search & Destroy, and Windows Defender.

But one of the best protections of all is to download a custom HOSTS file.  Read all about it here.  As a bonus, it disables many of the annoying banner ads in websites, and allows the page to load faster because you don't have to wait for all the junk that is embedded in the page to load up.  My Hotmail accounts looks just like my ISP email account, displaying NONE of banner ads.  I'm sure Micro$oft just loves that!

Be sure to scroll down the page and carefully read this

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. (instructions follow on how to change your settings to resolve this problem)

In the 10 years that I have used the internet, I have never knowingly had a serious virus infection.

Beware of porn sites and e-mail attachments.

[Rick K5IAR]

Thanks guys.  Don, I'm going to try your suggestion on software first.  I haven't had any success with McAfee either.  I used Norton for years, but let it expire a while back and now I'm paying for it.  I think I picked this up on YouTube as it's the only out of the ordinary site I have visited lately.  I always stay clear of porn sites, but sometimes when I'm searching for something with Google some idiot has placed an innocent subject that leads to one of the "trash" sites.  Hopefully, I get away unscathed, but I'm never quite sure.

Thanks again for all the info and links.  Mac, I may just renew my Norton, it seems to do a good job.

Rick

[Opcom]

avast antivirus (free)
zonealarm firewall (free)

no issues.

[Rick K5IAR]

Thanks..

I downloaded Avast!, but it cost me $29.88 to use it.  I ran the normal scan and it did not remove the WebCry worm.  I'll try the deep scan tomorrow.

Rick/K5IAR

[W4EWH]

First, the bad news: it's not a virus. Viruses are written by amateurs, and that makes them easy to find and easier to defeat. Spyware like WebCry, on the other hand, is written by professional code warriors, and they're getting paid, and their bosses are making a lot of money very quickly - and they like it just fine. The software is written to be difficult or impossible to remove, i.e., to cost so much time and/or money to remove that the "average luser" will give up and put up.

I don't know the specifics of WebCry, but I've been a professional spyware remover, and I can tell you from hard experience that having Norton or McAfee or <flavor of the month> software won't help. The spyware vendors routinely design their exploits to get around all common AV and AS software, and the first thing they try to do is deny your computer access to the virus updates. Anti-anything software is a reactive action: it can't lock the barn door until the horse gets stolen!

The bad news is that when they get into your machine, they own it. As far as they're concerned, your computer just becomes another node on their corporate network, and the fact that you didn't say "Yes!" is an externality in their minds.

Now, the good news: you can prevent their entry into your machine.

• Never use the Administrator account for online access!. Create a restricted user account for ordinary day-to-day stuff, and use the Administrator account only to install new software or for functions that require it. If you have games on your machine that demand an Administrator account to run, rip them out and tell the game company they just lost a customer.
• Never click "yes" on a warning you don't understand! There's a reason that Microsoft warns you about non-certified software! If you choose to ignore the warning, do so after considering the risks and make an informed decision about the rewards.
• Never, under any circumstances, click on a URL you aren't familiar with when you're using a machine you can't afford to throw away.
• Turn off JavaScript and Java. Just do it. You can always enable either on a per-site basis, but don't surf with them on.
• Set your browser to automagically delete all cached and temporary files on exit.
• Turn off automatic display of images in email. It's important.
• Disallow write access to the executable directory for all but privileged users.
• Use Common Sense! We are all old enough to know that there's no free lunch!
  
  • Don't allow the kids to install or use file-sharing software such as Kazaa. These types of software come with an agreement (which all children carefully read before clicking "I Agree"  ) that says, point blank, that your computer is going to be under their control.
  • Don't download software from untrusted sites! It's one thing to get virus updates from Norton: Symantec's engineers are going to make sure your software checks for validity before installing. Software from vendors you don't know, especially "free" "trial", and "shareware" versions, must be carefully vetted by you before installation.
  • If someone sends you an email offering nekid pictures of <film star> or free <object of your desire>, break the sound barrier on your way to the DELETE key!
  • If you wouldn't be comfortable viewing any given site at the public library, don't do it at home.
  • Never open attachments you aren't expecting, even if they're from users you trust! Worms are programmed to exploit the address books on infected computers, sending copies of their payload to all addresses under catchy subject lines designed to slip under your defenses. Ask yourself "Why would Joe want to send me a file?" and then call Joe and confirm that he sent it.
• If possible, dedicate an older machine for use on the Internet and strip it down to the bare essentials, preferably using the free Linux operating system and the Firefox browser. Nobody writes spyware for Linux boxen: it's too small a segment of the market and the security model is too good. If you can't/don't want to use a separate machine, just download and burn a "Run from CD" version of Ubuntu Linux and use that for Internet surfing: any damage done will disappear when you reboot the machine. One of my oldest SOHO customers has a Dell computer, running  a Microsoft OS, which her teenage daughters use for homework. She has never allowed it to be connected to the net, and in nine years she has never had a virus. Right next to it are two 486-class machines, running Linux, which the girls use for IM and browsing: same nine years, same result. None of her machines have AV or AS software on them!.

OK, I'll get on the soapbox now.

I'm tempted to say that this is no one's fault: that the technical tsunami which is the Internet has hit all of us at the same time, and that the only thing to do is grab the children and run for high ground. The sad fact is that the tsunami is really of fountain of cash pouring into the coffers of Internet millionaires across the globe, and they will do anything it takes to keep riding that wave.  The institutions that we all assumed could and would defend us from these bunko artists have fallen short:  The F.C.C. doesn't have jurisdiction, the State Department doesn't have any balls, the F.B.I. is so overloaded that they had to set up a web site just to take complaints, and they don't even look at those that don't report monetary loss.

Sorry, guys: we're on our own: it really is the wild west in Cyberspace, but there's no Marshal Dillon and Kitty is selling feelthy pictures from a server in Nigeria.

FWIW. YMMV. HAND.

73, Bill W1AC
P.S. If you need help, contact me offline. My rates are reasonable   

[k4kyv]

I downloaded Avast!, but it cost me $29.88 to use it.  I ran the normal scan and it did not remove the WebCry worm.  I'll try the deep scan tomorrow.

How's that?  I got mine for free.  You must have downloaded the paid version.  The only difference is that the free version is stripped of the bells and whistles that I probably would never use anyway.

Never use the Administrator account for online access!. Create a restricted user account for ordinary day-to-day stuff, and use the Administrator account only to install new software or for functions that require it.

I switch my personal account to "administrator" when the need arises.  I use the administrator account to gain access to the control panel function to switch my personal account back from "limited".  I find it more convenient to use my personal account when installing software or performing maintenance that requires the administrative account.

[KA1ZGC]

Now, the good news: you can prevent their entry into your machine.

Run a unix-based operating system like Leopard or Linux. Problem solved, and the list is much shorter.

Sorry, guys: we're on our own: it really is the wild west in Cyberspace, but there's no Marshal Dillon and Kitty is selling feelthy pictures from a server in Nigeria.

Sorry, guys: but we tried to warn you when the stampede started, didn't we?

[Rick K5IAR]

Wow!  Thanks Bill for the information.  I am not a very computer literate person, so I guess I'm easy prey for such things as worms, spy ware and viruses.  I try to be informed and make informed decisions, but I have obviously fallen short this time.  If I don't get this thing wrestled out of here today I may very well sent you an email requesting help.

Don, I guess I did get suckered into getting the "paid version" of Avast!  Dang it!  I should have looked more thoroughly.  Thanks to you Mac and all the others for the continued insight.  Maybe I'll get lucky today and scare WebCry out of here.

Rick/K5IAR

[KA1ZGC]

Yeah BUT we really do WANT to be computer illiterates and NOT work from command line!    Want to do some RF SDR/DSP processing on your PC? Well write your own program because one DOESN'T exist for the Linux/UNIX OS.

If you're talking about the Flex, that's because the guys who wrote the software only wrote it for windows.

If the interface is open, it's just a matter of time before someone takes the plunge.

If the interface is proprietary, on the other hand, then it's windows-only by design.

There's plenty of DSP software out there for Unix, just not for the Flex.

Plug 'n play is sooo sweet. It's infuriating at times in MS Windows OS world but nobody has a finished/polished alternative at this time.

Ever heard of the MacIntosh?

Thom can be a billionaire, just like Bill Gates, as soon as he brings that spit & polish, user friendly version of Linux/UNIX to market. I'll be your first customer! 

Thanks, but Steve Jobs already beat me to it.

[KA1ZGC]

No, not just the FlexRadio software, ALL the currently available SDR/DSP software is being written for MS Windows XP OS.

You're talking about SDR. SDR and DSP are not interchangable terms. There are lots of DSP packages out there for Linux and Unix.

From the emails that I see daily from the SDR/DSP user group reflectors, the Linux/UNIX guys are still trying to get the basics to operate under that OS, that's why I abandoned thoughts of using them.

Must be something with low-level I/O then, because math is math, no matter what the underlying OS is.

Mac & Jobs, yeah the Mac users are having problems also.

I hope you mean "problems" with SDR. Last I checked, most Mac users were quite happy with their choice. My point was that it's user-friendly, and it's Unix-based.

FlexRadio is the only 'finished & bundled' deal out there for SDR/DSP at this time but it's more about the 'bells & whistles' and great audio than actual RF performance. All the code is 'open source'.

Then it should be simple to port, unless the code was written entirely around windows-isms that don't exist in the rest of the computing world, or written in some gawdawful microsoft proprietary programming language.

[KA1ZGC]

I also thought that SDR & DSP were completely different terms

That's because they are. Like I said, there are plenty of DSP packages out there for unix systems, they just weren't written with SDR in mind.

DSP is a method, SDR is an application of that method. They are not interchangable terms.

but have learned that when you're dealing with only an I&Q stream from an ADC for the software to process that it's really difficult to differentiate the terms.

Not at all. DSP is used for SDR. PDM is used for AM, but those terms aren't interchangable either. Unlike AM and PDM, SDR is only done using DSP, there's really no point in jamming those two terms together into one, it just confuses the issue.

This has all been done before. The only difference between SDR and any other use of DSP is what's on the other side of the ADC. Once it's down to a data stream, it's just math. Plenty of unix DSP packages doing that already, just not written with SDR in mind.

The Mac is a tried and true PC platform but not for the currently available software for SDR/DSP work.

Again, I wasn't talking about the Mac in terms of SDR.

Most software developers don't want to concentrate their efforts in an area that is used by a small percentage of the overall available SDR/DSP users.

If a software developer wants something on his preferred development platform, he'll write it. We're not talking about commercial interests if it's open-source.

I personally still think that a Linux/UNIX based PC should be capable of doing a better job in the SDR/DSP processing but even the guys that are currently writing this type software advise me not to pursue this avenue, unless I'm willing to invest a lot of time and effort compiling my own code and I'm not.

I am, but I've got other projects to finish first. Besides, the current approach to SDR is trying to put too much in the software realm for the sake of putting too much in the software realm. I would want some better hardware designs than what I'm seeing out there now.

We're way off the original topic and should probably spin this off if we're going to go any further. Sorry guys, didn't mean to hijack the thread.

[W4EWH]

You're partially correct. If you're the 'first kid on the block' to receive a truly new bug, there's not much the AV/AS companies can do for you. BUT there aren't really very many truly new bugs that come out. Most are variations of "known" viruses and spyware code, that makes them detectable by AV/AS software.

There are few truly new bugs in the medical world, too: does that mean we should trust in antibiotics to catch all the infections we get, or should we keep washing our hands? One approach calls for neverending round-after-round of reaction, without any chance of getting ahead or eliminating the threat. The other changes the paradyme so as to avoid the attacks entirely.

Sorry to be so blunt, but AFAICT, it comes down to a risk/reward calculation: very little risk and substantial rewards for Prophylaxis, very little reward and great risk for waiting until the attack has begun.

73, Bill

[KA1ZGC]

Everybody likes to web surf these days, few want to fool with Linux/UNIX and writing their own apps or migrating existing ones.

You don't need to write anything to go websmurfing with any unix system.

For that matter, you don't need to write anything to do anything at all. You're thinking of an era that's long since gone.

You can run Windows apps under Linux or any Unix if you have the WINE package installed, or you can always install Windows on a virtual machine under Linux or Unix if you simply have to run your windows apps under windows itself. No real "migration" is necessary.

Better still, your machine can easily be set up to boot either Linux or Windows, and you don't even have to know anything about how it's done. The install packages can take care of all that for you.

I'm presuming Rick is using a Windows based PC and has stated "I am not a very computer literate person", so advice to switch to Linux/UNIX would seem totally out of place! 

Again, those days are over. You don't have to be "very computer literate" to install and run Linux. You can have a desktop that's almost identical to Windows (or not, your choice, not the manufacturer), and do exactly the same things you would do under windows pretty much exactly the same way, if that's what you want. Like I said in the previous paragraph, you've got several (non-difficult) options for running actual windows applications.

The only real differences are: you don't have to pay for it, you don't have the security flaws that virii and spyware exploit (which means you don't have to reboot every other day for security updates),  you're not forced to run tons of bloated code you're not using for anything at all, and, frankly, it just plain runs better (for all the above reasons, and more).

...and no, you don't have to use the command line if you don't want to, but I never heard of anyone dying from typing commands.

[KA1ZGC]

All those years in telco are eating your brain away.

I stop signing my name for a day, and you start calling me "Jack".

I think you need a nap, Mack. 

[Rick K5IAR]

Thanks again for all the info on spy ware, etc.  I was finally able to rid myself of the WebCry spy ware with a small DOS based registry cleaner.  It's amazing, we have all of these fantastic interfaces to make operating the computer so much easier and I love them, but the good old basics still come to the rescue when the chips are down.  If anyone has a similar problem and would like to have the registry cleaner I'll gladly send you a link.

Thanks again for the help..
Rick/K5IAR

[W4EWH]

Thanks again for all the info on spy ware, etc.  I was finally able to rid myself of the WebCry spy ware with a small DOS based registry cleaner.  It's amazing, we have all of these fantastic interfaces to make operating the computer so much easier and I love them, but the good old basics still come to the rescue when the chips are down. 

Rich,

Sometimes, it's only the basics that work: it is exactly the "fantastic interface" that makes most exploits possible.

Windows is coded with "ease of use" as the first and only consideration. To Microsoft, security is a public relations issue: they don't consider spyware and viruses a problem because they don't pay to fix them.

By all means, please send the link. Glad it worked out.

73, Bill W1AC

[Rick K5IAR]

Here is the link to the program I used to get rid of WebCry.  Use at your own risk.  It does alter a few of your default settings, but mine were easily restored once all traces of the problem spy ware were removed.

http://siri.geekstogo.com/SmitfraudFix.php


Rick/K5IAR