Archive for the ‘News’ Category

Posted on 12th February, 2015 | No Comment

Malware protection news:

Contrary to popular belief, all malware (viruses, trojans, etc.) are not created equal.  Some are simply much better than others and we routinely find computers “protected” by competing products to be badly infected.  Also, no commercial anti-malware product is configured “out-of-the-box” for optimal protection.  They all need to be optimized by someone who actually knows what they are doing.  We have been using AVG for many years, with over 3,000 (THREE THOUSAND) installations and a very successful protection record.  We settled on this product after trying everything else on the market and finding them all lacking.

We are now offering a cloud-based AVG installation which includes Remote IT.  This allows us to remotely administer your protection, start scans and even troubleshoot your computer remotely if you so desire.  This results in big savings for technical support, as we don’t have to physically come to your location for most issues.  We can connect remotely for a lower hourly rate.

Optionally we can include content filtering, which protects your browser from connecting to known hazardous sites (highly recommended).

We also have SPAM filtering available as an option.  See the document below for an explanation and contact us if you would like to simplify – and improve your computer security.

These services are available for stand-alone computers, laptops, networks of all sizes and Windows Servers.  Get the best protection and service for your home computer or office network right here!


The price for all this peace of mind?

  • A paltry $5/month for Malware protection or:
  • $8/month with content filtering included. *
  • (remote administration included with either – or both options)
  • Add Anti-spam for another $12/month per account. **prices are per computer.  Setup and initial configuration not included.


Posted on 11th February, 2015 | No Comment

February 10, 2015


DFW Computer Investigations Partners with AVG

For many years, DFWCI has recommended AVG products for virus / malware removal and protection. In an effort to offer a more convenient and thorough computer security solution, DFWCI has recently partenered with AVG to offer their suite of CloudCare products to their clients.

AVG Authorized Reseller CCThe CloudCare suite includes anti-malware, remote administration, content filtering, SPAM protection and online storage. The core components of anti-malware and content filtering are part of the primary suite recommended by DFWCI. Client computers are protected and monitored via remote cloud console so the DFWCI is alerted the moment any intrusion is detected on the remote system. With this proactive approach, infestations can be correctd remotely, reducting costs of containment.


DFW Computer Investigations
Dallas, TX 75248




Posted on 30th January, 2015 | No Comment

You do have an off-site backup, right? A local external hard drive backup is a very good idea, but only if you take it off-site weekly and swap it out with another drive so that your most recent backup is somewhere else.


Because disasters happen every day where both your computer and backup drive are inaccessible:

  • Fire (obviously)
  • Tornado (your computer and data could be mile apart with drives that no longer spin)
  • Flood (you may never see your drives again)
  • Theft (we’ve had this happen to our clients)Disaster recovery can become a critical necessity in the blink of an eye.
    A cloud backup is your best defense against total loss of data.

It seems like everyone and their dog is offering a cloud backup these days, right,  How do you make a decision between all these offerings?  Well, we have done some research on this topic and have actually used several of the products out there.  Our sister business, Warren Paul Harris Photography, stores over 5 Terabytes of data and backing up all this data is absolutely crucial.  Also, some of our network clients have struggled with finding a solid and manageable backup solution as well.

All backups are not created equal.  Some are not capable of backing up Windows servers, as they cannot handle the permissions at a kernel level.  Our backup seamlessly integrates with both workstations and servers.

With some products, your cloud storage is managed from a local client application, but if you also want local backups to an external drive, you need an add-on application and another account (more $$$) to accomplish this task.  Not with our solution.

One application and a single, affordable monthly fee takes care of all your data protection at once.

Our recommendation is: 

iBackup cloud storage

IBackup Cloud storage

Posted on 23rd January, 2015 | No Comment

If your computer is giving you a bad time, give us a call. We do house calls / office calls in the DFW Metroplex.

We support all versions of Windows and Apple Mac systems.

  • Troubleshooting
  • Hardware Upgrades
  • Network support
  • Performance tuning
  • Malware removal
  • Webhosting and spam filtering for your domain.

Call 214-232-9503 to set up an appointment.


Posted on 19th November, 2014 | No Comment

Today’s SCAM is a snail-mail scam to steal your money. Most likely targeted at the elderly, this scam purports to cut your credit card debt in half with “reasonable” monthly payments.
Notice the postage is BULK MAIL. Clearly not legit.  It comes from a company calling themselves NDG (National Debt Group) out of Houston.

It tries to sell itself as a “SECOND NOTICE” (there was never a FIRST notice) and has a lot of fine print that states in part, “Actual debt and savings are dependent on client’s unique financial circumstances…”

Ripoff Report has an article on this bunch of sleaze bags.

The Better Business Bureau gives them an F rating.

The FTC said they shut them down in 2013 (clearly they did not get the message.
This one goes to Dallas PD next.

Do NOT fall for these scams!


Credit Card Scam

Credit Card Scam

Posted on 15th August, 2014 | No Comment

Today’s SPAM email alleges to be an alert regarding a background check being ordered for you.

It’s bogus.

Subject: Alert – Someone has ordered your background-check-results. View results No. 9685358

Message body (you will note the language is not what you would expect from an American company):

– – – – – – – – – – – – – – – – – – – – – – – -.
NEW_ALERT # 9685358
– – – – – – – – – – – – – – – – – – – – – – – -.

IMPORTANT MESSAGE TO: (your email address here)

The reason that we are reaching out to you today to is to make you aware that someone has recently ordered the results of your background-check. Go below here right now to get all the pertinent information.

Visit here right now to learn the results of your scan and any other important-info: (url in attached photo)

Thank you.

– – – – – – – – – – – – – – – – – – – – -.

For all your questions or concerns, simply “reply” to this email-correspondence with your message # above 9685358 & your email message will be read as soon as we can.

Visit here if you are looking to no longer receive emailad-content such as this: (url in attached photo)

//Send us mail directly to:
—-PO Box # 025250 -Miami, F.L. ZIP:33102-5250



Whatever you do, DON’T click on hyperlinks in messages like tis.
Let’s all be safe out there, OK?

Posted on 8th June, 2014 | No Comment

Today’s PSA:

In case you live in a cave somewhere, #ransomware has become a very profitable enterprise for a group of criminals from the (predominantly) eastern bloc.

I am currently in the process of recovering the data from a laptop infected with Cryptowall – the latest very nasty iteration of this #extortionware. The “IT guy” at this woman’s office told her she would “lose everything” and they would have to reinstall her computer from scratch to fix the problem.

While the computer appears to have been encrypted to keep you from accessing any of your data until you pay the ransom ($500 in this case), your information files still exist and look like they always did.  However… The files have been encrypted  so that they can no longer be opened with the original application.  JPG files cannot be opened.  Documents cannot be opened.  PDF files cannot be opened.

There is the remote possibility you can clean the infection off the computer and activate the Shadow Copy function to restore your files that Windows automatically backed up.  It’s a long shot, as the sleazy individuals who wrote this malware also thought of this and these files are usually encrypted as well.  It’s a very long shot.

How did she get into this mess in the first place?

These infections are distributed in one of two ways.

1: emails with bogus links that direct you to infected web servers which in turn infect your computer.

2: “Malvertising” – Internet ads that redirect you to these same infected servers. Lately, the biggest risks have come from ads on Facebook,, the and Disney. There are many others.

What can you do?

1: Never open a link in an email before verifying it’s destination. Contact the sender if necessary and ask if they intentionally sent it to you first.

2: Do NOT click on popup ads from any site. If you see an ad for something interesting, do a Google search for the company and look for the item that way.

You’re welcome!

Posted on 5th March, 2014 | No Comment

Watch out, FaceBrick users! I was checking my news feed and trying to type a suggestion on a friend’s page this morning when my keyboard was remapped and started typing gibberish.

At the same time I was trying to diagnose this nonsense, I noticed a download completed on my system. I immediately rebooted the computer. After it came back up, I killed all running apps and deleted the offending download (download.html).

Doing some history research in all my browsers, this little infection came from FACEBOOK via Google Chrome (the browser I use for this).

This happened on an Apple Mac Pro running OS X 10.6.8, lest you think your Mac is completely immune to nasty infections. To quote from Inspector Clouseau:  “Not anymore!”

Posted on 4th November, 2013 | No Comment

Listed below are my notes from a recent virus infection on a Windows 7 computer.

Reason for service:
1: Computer is extremely sluggish.
2: Multiple instances of “COM Surrogate has stopped working” dialog boxes.


1: All applications unresponsive.

2: Over 36 instances of dllhost.exe running in Services and repeated popups of COM Surrogate message.

3: ntdll.dll is the Fault Module involved.

4: CPU is running at 100% usage.

Manually killed all dllhost.exe processes to free up CPU cycles.

Ran System File Checker to scan for possibly corrupt files.

Note, during all scans it was necessary to keep manually killing dllhost processes.  If not, CPU usage would quickly reach 100%.

Result = None found.

Ran msconfig to disable all non-MS processes.


Result = no change

Re-enable processes


Ran a full AVG virus scan.  One Win32/Heur was found mid-scan, but the file disappeared before AVG could quarantine it.  I continuously stopped  dllhost processes during scan to free up CPU cycles.

Note:  AVG, like any other antivirus, must be properly configured for thorough protection and acceptable performance.  Do NOT use this product “out of the box” or you are likely to suffer a nasty infection.

No further infection found.

Disabled thumbnail view in System performance, as many instances of this problem had that as a solution.

Result = No change.

Set System Performance to Fastest.

Result = No change.

Ran a full Malwarebytes scan.

Result = No infection found.

I ran Process Explorer and located the folder associated with dllhost.exe.  A folder comprised of random letters in the Temp directory is the culprit, indicating an infection.

Note: No legitimate application will ever run from a Temp or Temporary Internet Files directory.  Period.

I tried numerous mechanisms for taking ownership of this folder so that I could delete it, including:

1: Setting up a new Administrator account to access the folder from outside the user account.

Result = Unsuccessful.

2: Rebooting in Safe Mode + Command Prompt.

Result = Unable to make folder visible.

Additional information:

Once I determined it was definitely a virus and not a system error, I asked the client what she was doing on the computer at 3:42 pm the day before ( time stamp on the infected folder).  It seems she was browsing the MSN website and had clicked on Wonder Wall at the time.  Immediately after going to that site, the popup messages commenced.


The only solution was to take the computer to the lab, remove the hard drive and connect it to my MacBook Pro.  Since the Apple OS is not help captive by the Windows “security” I was able kill the files and folders this way.  I could have accomplished the same thing on one of my Linux machines.

Unfortunately, the computer did not operate correctly when taken out of Safe Mode.  More than 50 services were either set to Disabled or Manual and un-started.  Resetting each one by hand and manually starting them solved the problem nicely.

If you have another solution to this nasty bug, post it here.


Posted on 8th August, 2013 | No Comment

A very sneaky phishing SCAM from an AT&T address

Today’s nasty little attempt to steal your account information and ruin your life comes packaged to look like AT&T wants you to update your account and opt-in to paperless billing.

Nothing could be further from the truth.

Your first clue should be that no legitimate company will ever ask for your login credentials via email.

Message Subject: Please update your bill settings (verbiage is not what we would expect to see in this country)

(Your SECOND clue – If this was truly from AT&T it would have as the LAST part of the email address – not prepended to a domain)

Partial body text:

*$25 Gift Certificate issued after your third full month of Paperless Billing and delivered to qualifying customers via an e-mail FROM RESTAURANT.COM (allow three to four weeks for e-mail delivery). Paperless Billing must be maintained for three months or Gift Certificate will be forfeited. Offer available only online for AT&T residential accounts that are not already enrolled in Paperless Billing. Offer ends 8/31/13. Employee/retiree concession accounts and business accounts, along with any account not eligible for AT&T Paperless Billing, are excluded from the offer. Gift Certificate redeemable at Unredeemed Gift Certificates not valid toward purchase at restaurants. Limit of one (1) Gift Certificate at given restaurant per party per month. Minimum spend requirements and other restrictions may apply. Visit for complete terms and conditions and participating restaurants. You authorize AT&T to share your email address with for Gift Certificate fulfillment ONLY.

You have received this Account Service email because you are a customer of AT&T. You will receive this type of notification to communicate important information about your account, payment and self-service options or updates to your AT&T account.

To ensure delivery of AT&T emails to your inbox, please add to your email address book or safe senders list. Here’s how. (bogus phishing link)

They are appealing to your desire to get something for nothing – a classic ruse.

It appears to be originating from a Level3 subnet in NYC.

Let’s be careful what we click on, OK?

«« Older Entries

Data Recovery / Network Integration / Performance Tuning