Quickbooks? or Spam?

Just got this Spam? virus? 10 minutes after getting a supposed Federal Reserve Bank notice.


The forged From field purports to be from  qbservices@customersupport.intuit.com, But looking at the header, the mail seems to have originated at: SanMartin3.cpe.oax.cablemas.com.mx.

And see that “proceed the following link?” Points to a zip file at: http://compareandbuytshirts.com/system/logs/update/

I don’t think I’ll click.

FIOS WCB3000n MoCA Extender


I just installed one of these: Best solution for extending FIOS wifi in a large home. It uses a coax connection to extend the FIOS Actiontec router, so you do need coax cable near the spot you’re trying to cover– perhaps a TV in the kitchen or a bedroom. Just plug it into the cable, and reboot it a few times, and you’ll see the main router’s SSID appear with 4 bars. It uses MoCA (Multimedia over Coax) to extend your wireless signal at full strength. I guess it can also use wired ethernet. Really great device!

Mac Malware Comes of Age


Anyone who supports computers today has had some experience with unwanted OS X applications, which claim to help the user, but are in reality hoax programs that solicit money from their victims. The most widespread of these has been MacKeeper– a supposed utility which resides in the Taskbar, and does little beyond asking for a registration fee.

A new generation of unwanted applications and plugins proves Mac malware has arrived. TuneupmyMac, Conduit, Search Protect, and Vsearch are the culprits I’ve removed numerous times this week. They are likely the tip of the iceberg.


While not as onerous to remove as the typical Windows trojan, an entity like Vsearch has multiple plugins and Launch items to find and delete. As you can see in these screen shots, Avast Free antivirus was helpful in identifying some of these.

The days of going without a Mac Antivirus are over!

Beware the Cryptolocker!


You know how we techies are always telling you to backup? Now ransomware is no joke. Targetting small businesses through socially-engineered emails, this kidnapware issues a big box popup demanding $300 for the return of your docs. And it means business, in that it traverses your user folders searching for doc, docx, xsl, xslx and so on… You know–STUFF! Then it encrypts them with AES. They claim they will provide your private key to unlock these files, although I wouldn’t trust them based on the history of Sirefef (Zero Access,) the FBI virus, and so on. Generally, you pays your money, and you gets… nothing. (Note the screen above is the graphic that appears after the virus was removed.)

Luckily, this small business was backing up to Carbonite. But that presents another dilemma: Carbonite was running for some hours overnight, backing up the encrypted files. They provide something like the last 12 revisions, but not through the simple “Restore my Files” tray app. Carbonite techs are on the case, and I expect a call from them in the next day or so. Any company would be wise to employ both a cloud and local backup that offers versioning for their most important data.

This particular variant left QBW company files alone, and didn’t bother with the 2 sample JPGs in Pictures. But let me reiterate, if you run Windows and you’re not backing up everyday, you’re playing Russian Roulette. Literally.

Dell (Near Mint)


Repurposing this Dell e1505 for my friend Deborah. She’s a writer who needs to create extensive footnotes and bibliographies. On her Windows laptop, the Zotero plugin was causing Firefox to drag. Or something was dragging. Anyway Linux has a standalone Zotero app:

IMG_2106  IMG_2105

I’m hoping this rig buys her some time, and maybe makes a Linux convert!


UI Faults


Trying to start Norton Power Eraser in Safe Mode on an infected PC with an old 15″ monitor. Do you think “Yes” or “I Agree” is before or after “Cancel” or “No” or “Close Window” when tabbing through the buttons. Neither did I. Anyways finally got this to run in regular mode after TDSSKiller.

Zero Access

If you’ve seen this screen on your Windows PC, you’ve been hit up by Zero Access.


Zero Access, or Sirefef trojan takes over your screen and asks for at least $200 in– not cash, but a debit card. I usually delete the virus manually, and then scan with a couple cleaners and rootkit tools to remove traces of this scareware.


1 Hour Free Service with Lowell Mason Card

“Having computer issues?  Let me help you out.  1 hour service free ($65 value) Will come to your home or you can drop off.  (one time only)

Support the birthplace of the Father of American Music Education, and get one hour of free service from Medfield Computer Guy. Support a worthy local historic preservation effort, while cleaning up your computer, getting a hard drive diagnostic, or migrating your data to a new machine (Windows or Mac.) Buy a Lowell Mason Card to receive discounts at scores of local stores, restaurants, and services.