Archive for the ‘News’ Category

Posted on 19th November, 2014 | No Comment

Today’s SCAM is a snail-mail scam to steal your money. Most likely targeted at the elderly, this scam purports to cut your credit card debt in half with “reasonable” monthly payments.
Notice the postage is BULK MAIL. Clearly not legit.  It comes from a company calling themselves NDG (National Debt Group) out of Houston.

It tries to sell itself as a “SECOND NOTICE” (there was never a FIRST notice) and has a lot of fine print that states in part, “Actual debt and savings are dependent on client’s unique financial circumstances…”

Ripoff Report has an article on this bunch of sleaze bags.

The Better Business Bureau gives them an F rating.

The FTC said they shut them down in 2013 (clearly they did not get the message.
This one goes to Dallas PD next.

Do NOT fall for these scams!


Credit Card Scam

Credit Card Scam

Posted on 15th August, 2014 | No Comment

Today’s SPAM email alleges to be an alert regarding a background check being ordered for you.

It’s bogus.

Subject: Alert – Someone has ordered your background-check-results. View results No. 9685358

Message body (you will note the language is not what you would expect from an American company):

- – - – - – - – - – - – - – - – - – - – - – - -.
NEW_ALERT # 9685358
- – - – - – - – - – - – - – - – - – - – - – - -.

IMPORTANT MESSAGE TO: (your email address here)

The reason that we are reaching out to you today to is to make you aware that someone has recently ordered the results of your background-check. Go below here right now to get all the pertinent information.

Visit here right now to learn the results of your scan and any other important-info: (url in attached photo)

Thank you.

- – - – - – - – - – - – - – - – - – - – -.

For all your questions or concerns, simply “reply” to this email-correspondence with your message # above 9685358 & your email message will be read as soon as we can.

Visit here if you are looking to no longer receive emailad-content such as this: (url in attached photo)

//Send us mail directly to:
—-PO Box # 025250 -Miami, F.L. ZIP:33102-5250



Whatever you do, DON’T click on hyperlinks in messages like tis.
Let’s all be safe out there, OK?

Posted on 8th June, 2014 | No Comment

Today’s PSA:

In case you live in a cave somewhere, #ransomware has become a very profitable enterprise for a group of criminals from the (predominantly) eastern bloc.

I am currently in the process of recovering the data from a laptop infected with Cryptowall – the latest very nasty iteration of this #extortionware. The “IT guy” at this woman’s office told her she would “lose everything” and they would have to reinstall her computer from scratch to fix the problem.

While the computer appears to have been encrypted to keep you from accessing any of your data until you pay the ransom ($500 in this case), your information files still exist and look like they always did.  However… The files have been encrypted  so that they can no longer be opened with the original application.  JPG files cannot be opened.  Documents cannot be opened.  PDF files cannot be opened.

There is the remote possibility you can clean the infection off the computer and activate the Shadow Copy function to restore your files that Windows automatically backed up.  It’s a long shot, as the sleazy individuals who wrote this malware also thought of this and these files are usually encrypted as well.  It’s a very long shot.

How did she get into this mess in the first place?

These infections are distributed in one of two ways.

1: emails with bogus links that direct you to infected web servers which in turn infect your computer.

2: “Malvertising” – Internet ads that redirect you to these same infected servers. Lately, the biggest risks have come from ads on Facebook,, the and Disney. There are many others.

What can you do?

1: Never open a link in an email before verifying it’s destination. Contact the sender if necessary and ask if they intentionally sent it to you first.

2: Do NOT click on popup ads from any site. If you see an ad for something interesting, do a Google search for the company and look for the item that way.

You’re welcome!

Posted on 5th March, 2014 | No Comment

Watch out, FaceBrick users! I was checking my news feed and trying to type a suggestion on a friend’s page this morning when my keyboard was remapped and started typing gibberish.

At the same time I was trying to diagnose this nonsense, I noticed a download completed on my system. I immediately rebooted the computer. After it came back up, I killed all running apps and deleted the offending download (download.html).

Doing some history research in all my browsers, this little infection came from FACEBOOK via Google Chrome (the browser I use for this).

This happened on an Apple Mac Pro running OS X 10.6.8, lest you think your Mac is completely immune to nasty infections. To quote from Inspector Clouseau:  “Not anymore!”

Posted on 4th November, 2013 | No Comment

Listed below are my notes from a recent virus infection on a Windows 7 computer.

Reason for service:
1: Computer is extremely sluggish.
2: Multiple instances of “COM Surrogate has stopped working” dialog boxes.


1: All applications unresponsive.

2: Over 36 instances of dllhost.exe running in Services and repeated popups of COM Surrogate message.

3: ntdll.dll is the Fault Module involved.

4: CPU is running at 100% usage.

Manually killed all dllhost.exe processes to free up CPU cycles.

Ran System File Checker to scan for possibly corrupt files.

Note, during all scans it was necessary to keep manually killing dllhost processes.  If not, CPU usage would quickly reach 100%.

Result = None found.

Ran msconfig to disable all non-MS processes.


Result = no change

Re-enable processes


Ran a full AVG virus scan.  One Win32/Heur was found mid-scan, but the file disappeared before AVG could quarantine it.  I continuously stopped  dllhost processes during scan to free up CPU cycles.

Note:  AVG, like any other antivirus, must be properly configured for thorough protection and acceptable performance.  Do NOT use this product “out of the box” or you are likely to suffer a nasty infection.

No further infection found.

Disabled thumbnail view in System performance, as many instances of this problem had that as a solution.

Result = No change.

Set System Performance to Fastest.

Result = No change.

Ran a full Malwarebytes scan.

Result = No infection found.

I ran Process Explorer and located the folder associated with dllhost.exe.  A folder comprised of random letters in the Temp directory is the culprit, indicating an infection.

Note: No legitimate application will ever run from a Temp or Temporary Internet Files directory.  Period.

I tried numerous mechanisms for taking ownership of this folder so that I could delete it, including:

1: Setting up a new Administrator account to access the folder from outside the user account.

Result = Unsuccessful.

2: Rebooting in Safe Mode + Command Prompt.

Result = Unable to make folder visible.

Additional information:

Once I determined it was definitely a virus and not a system error, I asked the client what she was doing on the computer at 3:42 pm the day before ( time stamp on the infected folder).  It seems she was browsing the MSN website and had clicked on Wonder Wall at the time.  Immediately after going to that site, the popup messages commenced.


The only solution was to take the computer to the lab, remove the hard drive and connect it to my MacBook Pro.  Since the Apple OS is not help captive by the Windows “security” I was able kill the files and folders this way.  I could have accomplished the same thing on one of my Linux machines.

Unfortunately, the computer did not operate correctly when taken out of Safe Mode.  More than 50 services were either set to Disabled or Manual and un-started.  Resetting each one by hand and manually starting them solved the problem nicely.

If you have another solution to this nasty bug, post it here.


Posted on 8th August, 2013 | No Comment

A very sneaky phishing SCAM from an AT&T address

Today’s nasty little attempt to steal your account information and ruin your life comes packaged to look like AT&T wants you to update your account and opt-in to paperless billing.

Nothing could be further from the truth.

Your first clue should be that no legitimate company will ever ask for your login credentials via email.

Message Subject: Please update your bill settings (verbiage is not what we would expect to see in this country)

(Your SECOND clue – If this was truly from AT&T it would have as the LAST part of the email address – not prepended to a domain)

Partial body text:

*$25 Gift Certificate issued after your third full month of Paperless Billing and delivered to qualifying customers via an e-mail FROM RESTAURANT.COM (allow three to four weeks for e-mail delivery). Paperless Billing must be maintained for three months or Gift Certificate will be forfeited. Offer available only online for AT&T residential accounts that are not already enrolled in Paperless Billing. Offer ends 8/31/13. Employee/retiree concession accounts and business accounts, along with any account not eligible for AT&T Paperless Billing, are excluded from the offer. Gift Certificate redeemable at Unredeemed Gift Certificates not valid toward purchase at restaurants. Limit of one (1) Gift Certificate at given restaurant per party per month. Minimum spend requirements and other restrictions may apply. Visit for complete terms and conditions and participating restaurants. You authorize AT&T to share your email address with for Gift Certificate fulfillment ONLY.

You have received this Account Service email because you are a customer of AT&T. You will receive this type of notification to communicate important information about your account, payment and self-service options or updates to your AT&T account.

To ensure delivery of AT&T emails to your inbox, please add to your email address book or safe senders list. Here’s how. (bogus phishing link)

They are appealing to your desire to get something for nothing – a classic ruse.

It appears to be originating from a Level3 subnet in NYC.

Let’s be careful what we click on, OK?

Posted on 30th July, 2013 | No Comment

The hits just keep a-comin’ !!!

Two more pathetic infection / phishing emails for your edification today  come ostensibly from eBay.

Subject: (your name here) welcome to the eBay community!
Alleges to be from:
Really Sent From: in San Juan
or [ - in Thailand]

This bogus welcome message from eBay is full of linked text and images, all of which hijack your computer and send it to:



These are not places you want your computer to go.

Let’s not go clicking on any of this nonsense, OK?

Posted on 18th June, 2013 | No Comment

Another phishing scam today from Wells Fargo

Subject: IMPORTANT Documents- WellsFargo
Sender: /


Please check attached documents.

Wells Fargo Advisors
817-594-3403 office
817-987-8493 cell


To unsubscribe from marketing e-mails from:
… Boilerplate text continues ad nauseum…

Attached is a zip file you should NOT open. In my case the file name is

Never open any attachment before verifying the veracity of the message / contents with the sender.

As a result of continuing phishing scams purporting to come from Wells Fargo, we have blacklisted in our mail servers.

Posted on 18th June, 2013 | No Comment

Today’s email SCAM from UPS (NOT)

Subject: Your UPS Invoice is Ready


This is an automatically generated email. Please do not reply to this email address.

Dear UPS Customer,
(your first clue right here – your NAME should be here, not a generic salutation)

Thank you for your business.

New invoice(s) are available for the consolidated payment plan(s) / account(s) enrolled in the UPS Billing Center.

Please visit the UPS Billing Center to view your just paid invoice.

Questions about your charges? To get a better understanding of surcharges on your invoice, click here.

Discover more about UPS:
Explore UPS Freight Services
Learn About UPS Companies
Sign Up For Additional Email From UPS
Read Compass Online


Every live link is this bogus email points to xxx…

Let’s not be getting ourselves into trouble clicking on bogus links, OK?

Posted on 26th May, 2013 | No Comment

This weekend we celebrate Memorial Day, a single day set aside each year to honor those many thousand of men and women in our Armed Forces who have given their lives for our freedom and way of life here in the United States of America.

So while you’re busy with family activities, travel and Bar-B-Qs, take a moment to reflect on those whose lives have made these activities and freedoms possible for you.

Thank a Vet.

Memorial Day Bikers
Celina, Texas
May, 2008

Find this on page 69 of Texas As I See It
Order your signed / personalized copy of Texas As I See It:

Copyright 2008 Warren Paul Harris
All Rights Reserved

Memorial Day Bikers

Memorial Day Bikers

«« Older Entries

Data Recovery / Computer Tuning