Starbuck

Ghost NIC might be created after installing the update This month’s Patch Tuesday rollout is slowly proving to be quite a fiasco, as more reports seem to be pointing to issues with the updates Microsoft published for Windows devices. After Windows 10 cumulative updates KB4088787 and KB4088776 showed signs of failed installs, it’s now the turn of the Windows 7 monthly rollup to cause problems, this time in a pretty different way. There are reports that installing KB4088875,and the security-only update KB4088878 remove or break down virtual Network Interface Cards (NICs), and in some cases, they delete the static IP address configuration. The update also creates a ghost NIC on some systems, according to this reddit discussion. KB4088875 is available for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, and the issues mentioned above are said to be experienced on both OS versions. One reddit user says that removing the ghost NICs returns systems to full functionality and adding new ones without first deleting these greyed-out entries would only cause conflicting IPs. Meltdown and Spectre fixes Delaying KB4088875 and the security-only update doesn’t really seem to be an option since they bring quite critical patches for Windows 7 systems. They include new Meltdown and Spectre protections, as well as security updates for Internet Explorer, the Windows Shell, Windows Installer, and the Windows Kernel. Microsoft is aware of four different issues with this monthly rollup for Windows 7, including a BSOD occurred when the update is installed on a 32-bit system with the Physical Address Extension (PAE) mode disabled. “Microsoft is working on fixing this issue, and this update is, therefore, currently made available to machines with the Physical Address Extension (PAE) mode enabled,” the firm says. We’re seeing reports that KB4088787 is no longer being offered via Windows Update, but we can’t confirm this just yet. If this is the case, Microsoft could be aware of the problem and the company temporarily halted the update until a fix is released. Source: Windows 7 Monthly Rollup Update KB4088875 Causes Network Adapter Issues

Verizon, which now owns the web giant, sought to dismiss the case. Yahoo customers affected by three massive data breaches that resulted in the theft of more than three billion users' data are allowed to sue the company, a judge has ruled. California judge Lucy Koh rejected a bid by Verizon, which bought the internet giant last year, to dismiss a large portion of the claims, including breach of contract, deceit and concealment, and negligence. At the heart of the case, Yahoo was accused of taking too long to notify users of the breaches, which put customers at risk of identity theft and fraud. The filing, dated Friday, cited several customers whose data was stolen by criminals and used for filing fraudulent tax returns or credit card charges. Other customers had to pay out to credit bureaus to freeze their accounts. Koh said that customers may have "taken measures to protect themselves" had they known about the breaches sooner. The case began in 2016 after the company admitted it was hacked in 2014, in which 500 million user accounts were stolen. Later in the year, the company revealed that it was hacked again -- a year earlier in 2013 -- in which one billion accounts were stolen. Yahoo later said that all its three billion users were affected by that breach. A separate attack on the company's systems allowed hackers to steal portions of the company's source code. Attackers used that code to generate cookies, allowing access to accounts without requiring a user's password. Source: Yahoo users can sue over data breaches, judge rules

Build 17115 is now available for the Slow ring Microsoft has just released Windows 10 Redstone 4 build 17115 to users enrolled in the Slow ring of the Windows Insider program, making another substantial step towards the eagerly-awaited RTM expected sometime this time. Rolled out earlier this week for the Fast ring, Windows 10 build 17115 is entirely focused on polishing the experience in Redstone 4, and this makes perfect sense since we’re so close to RTM. And releasing it to the Slow ring is living proof that Microsoft is pleased with how this particular build is performing, and there’s a chance this could actually be the RTM build that ships to everyone next month. Windows 10 build 17115 comes with no known issues, and if insiders found any, there’s a chance it’s nothing big, so with such flawless performance, it makes sense for Microsoft to ship it to the Slow ring as well. New ISOs on their way Usually, new builds are promoted from the Fast to the Slow ring when smoother performance is reported, as the latter is only supposed to get builds that come with few to zero bugs. The previous build in the Slow ring dates back to January 19 when Microsoft published Windows 10 build 17074.1002. The next step for this particular build to become RTM is to be promoted to the Release Preview ring as well, the very last one before production devices. If this happens, build 17115 is very likely to be RTM. Slow ring releases typically include new ISOs allowing for a clean install, and Microsoft says that they would be published sometimes next week. No other specifics were provided, but by the looks of things, work on RTM advances nicely and we’re only a few weeks away from the moment we’ll get it. Redstone 4 doesn’t yet have a name, though evidence found in the latest builds indicated that Microsoft plans to call it Spring Creators Update. It’ll launch next month as version 1803. Source: Windows 10 Redstone 4 Gets Closer to RTM, New ISOs Announced

Report indicates this happens even with Windows Update turned off, without users being asked for authorization https://i.imgur.com/lapGbvS.jpg Back in 2015 when it rolled out Windows 10, Microsoft turned to a rather aggressive strategy to boost adoption of the operating system, including what were described as forced upgrades that deployed the new software on a number of PCs without users giving their consent. This reportedly happens once again, only that systems running older versions of Windows 10 are upgraded to version 1709 (Fall Creators Update), in some cases even if Windows Update is turned off. A story from CW citing a number of user reports indicates that the upgrade is started with “no advanced warning,” adding that the alleged forced upgrade took place on computers running Windows 10 Anniversary Update (version 1607) and Windows 10 Creators Update (version 1703). If Windows Update is turned off, which means that updates are automatically blocked on a specific computer, the upgrade is said to be performed with the Update Assistant. Upgrade notifications Oddly enough, Microsoft has published an advisory on March 5 which indicates that computers running Windows 10 versions older than Creators Update might see a notification stating that the latest security updates are not installed. While an upgrade to Fall Creators Update shouldn’t be linked to security updates, Microsoft does state that “Windows Update will then try to update the device,” but guarantees that when you receive the update notification, nothing starts until the user clicks the “Update now” button to update the device. Windows 10 Anniversary Update and Creators Update are still supported, which means that Microsoft is still shipping security updates to systems running any of these two versions. The original version of the OS and version 1511, however, have already reached end of service, and Microsoft emphasizes that it’s critical for these computers to upgrade to the latest Windows 10 release. Upgrading these systems without users’ consent, however, is a strategy that has already backfired for Microsoft, as the company has been sued in the past by customers whose computers installed Windows 10 without authorization. Source: Microsoft Reportedly Forcing Upgrade to Windows 10 Version 1709 on Some PCs

So you're on the 'Fall Creators Update'. This update has been a bit of a disaster for M$ since it was released. A few people I know have even had to reinstall Windows 10 because of it. This is the latest problem..... Windows 10 Cumulative Update KB4090913 Fails to Install, Causes Other Issues Like Ken said, you should disable Windows Defender and just run Eset.... but it may be the update itself that's causing the problem. How long has the system been like this?

This update is only shipped to Fall Creators Update machines Microsoft rolled out Windows 10 cumulative update KB4090913 for systems running Fall Creators Update (version 1709) yesterday to fix a USB device connectivity problem, but as it turns out, the same update also causes some more issues on a number of machines. At this point, there are isolated reports of failed installs hitting Windows 10 cumulative update KB4090913, and just like it happened with previous CUs, users are complaining of an error reading “We could not complete the update, reverting changes” with code 0x80070643. Afterward, systems are automatically re-offered the update with another failed install attempt, so they’re pushed into an infinite loop that doesn’t stop until the patch itself is completely hidden and blocked on Windows 10. “Can't find the cause and now stuck on windows update downloading the update again and if I restart to try and install it it's the same on repeat. fails to install and reverting back,” one user explained on reddit. Some suggest there’s an issue with AMD processors running the latest versions of Windows 10, though Microsoft doesn’t specifically list any known issues with such hardware. New cumulative updates coming next week In addition to the typical failed installs hitting cumulative updates, KB4090913 also causes other problems, including USB devices no longer working correctly after the install. “Careful guys it broke my mouse Logitech G502 until i uninstalled the update. More or less made everything on my desktop unclickable,” one user explained, while another one confirmed the bug with the same mouse, adding that they occasionally get a BSOD. While originally Microsoft said cumulative update KB4090913 only fixes an issue with USB devices, the changelog has been quietly updated in the meantime to also reveal that it resolves a bug causing some devices to fail to boot with INACCESSIBLE BOOT_DEVICE error. At the time of writing this article, there are no new known issues added to the KB page. With Patch Tuesday kicking off next week and more cumulative update likely to be released, expect fixes aimed at today’s bugs to be included in the rollout. Source: Windows 10 Cumulative Update KB4090913 Fails to Install, Causes Other Issues

Malware injected in firmware of more than 40 models https://i.imgur.com/NZAiJUs.jpg More than 40 Android phone models, most of them manufactured by companies in China, ship with pre-installed malware that was injected into the firmware straight from the factory. Security company Dr. Web says that it came across a new Trojan called Android.Triada.231 in the firmware of several Android devices back in mid-2017, and after an in-depth research, it discovered that over 40 models are likely to be affected. Most of the compromised phones are in the low-end category, and they include devices from Leagoo, Doogee, Umi, and Cubot. Newer models include the Leagoo M9 launched in December. Dr. Web explains that it contacted the affected companies to report the problem, and it discovered that at least in one case, the culprit was a partnership with a software developing company in Shanghai which required Android OEMs to pre-install one of its apps into the image of the mobile operating system. Stealing confidential information As for how dangerous the malware can be for Android users purchasing these phones, the security firm says it can steal confidential information, like banking data and personal details. “These Trojans infect the process of an important Android system component, Zygote. This process is used to launch all applications. Once the Trojans inject into this module, they penetrate other running applications,” Dr. Web explains in its analysis. “In doing so, they obtain the ability to carry out various malicious activities without a user’s intervention: they covertly download and launch software. The key feature of Android.Triada.231 is that cybercriminals inject this Trojan into the libandroid_runtime.so system library. They do not distribute the Trojan as a separate program. As a result, the malicious application penetrates the device firmware during manufacture. Users receive their devices already infected from the box.” The security company warns that the number of Android phones possibly shipping with the same malware could be bigger, though for the time being, only the models below have been confirmed to be compromised. Removing the malware from a phone isn’t possible without installing a clean version of the operating system, in which case the manufacturer is the only one that can help. If the device is rooted, security applications can help clean the infection. Source: Android Phones Caught Selling with Pre-Installed Factory Malware

A vast improvement on the old site.

Researchers have noticed a sudden spike in a phishing attack that sends malware-ridden attachments as replies to real email conversations. There's been a spike in the number of cyber-attacks that hijack ongoing email conversations and turn them into a vehicle for delivering malware. Conversation-hijacking attacks are when hackers manage to infiltrate legitimate email threads between people, and use highly-customised phishing techniques to make it look as if the victim is the one sending messages back and forth. By ensuring that people believe they're interacting with a person they trust -- perhaps someone even within the same organisation -- the scammers hope victims won't be suspicious about downloading and opening attachments they might be sent as part of the conversation. That means victims can relatively easily be tricked into downloading malware. Now researchers at email and web security firm AppRiver have uncovered what they refer to as "an unparalleled spike" in this form of phishing attack -- and a campaign is leveraging conversation hijacking to deliver the Gozi banking trojan, providing the attackers with access to the victim's financial details and the ability to clean out their account. The attackers begin with phishing campaigns designed to acquire the email login details of targets. Large numbers of phishing emails are sent, using lures with a variety of themes designed to trick targets into opening malicious documents and clicking on an embedded URL. One example is an email around the theme of real estate, which requires users to enter their email address and password in order to 'unlock a protected document'. The victim is taken to a customised login page designed to look like the major email provider they selected and the attackers harvest the data. https://i.imgur.com/h07QloC.jpg These attacks may be generic and widely targeted in spam blasts -- although some are more carefully crafted -- but if even a small number of people fall for the ruse, those behind the campaign have gained access to email login and password details they can use to extend their reach for the true aim of the campaign: distributing malware. Rather than having to start brand new email threads in an effort to lure in victims, the attackers can use the trusted accounts to reply back to ongoing and previous legitimate conversations. With control of the accounts, this stage of the campaign is relatively simple, as the attackers just send out replies with malicious attachments, which can easily be related to previous points in the discussion. In January alone, AppRiver recorded more than 34,000 incidents of malicious emails being sent from compromised accounts over the course of the month, with peaks and troughs of activity. "Since we began monitoring this we have seen an ebb and flow of sorts. Much in the same way that a botnet will reseed itself prior to a large email blast," Troy Gill, manager of security research at AppRiver, told ZDNet. "These attackers seem to go through cycles where they are gathering credentials and later utilising those credentials by launching the malware attacks from the compromised accounts." The Gozi trojan payload works like other banking trojans, and steals information relating to financial accounts. That means it could be extremely potent if the customised phishing emails managed to successfully trick anyone in an organisation with access to company accounts. While the widespread use of Gozi means it can't be used to pinpoint any potential perpetrators of these attacks, those behind it are "likely part of a highly organised crime ring", said Gill. While the conversation-hijacking attacks are currently being used to distribute a banking trojan, it's possible that in future, those behind the campaign could move onto distributing other forms of malware -- and in greater numbers. Source: http://www.zdnet.com/article/this-phishing-trick-steals-your-email-and-then-fools-your-friends-into-downloading-malware/#ftag=RSSbaffb68

Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive. https://i.imgur.com/9re4GLC.jpg Google Drive and Microsoft Office 365, both of which have built-in malware protection, failed to identify a new form of Gojdue ransomware dubbed Shurl0ckr. The zero-day ransomware evaded most major antivirus platforms: only seven percent of 67 tested tools detected it. Researchers on the Bitglass Threat Research Team discovered Shurl0ckr during a scan of malware in the cloud. It was confirmed as a form of ransomware-as-a-service by Cylance. Shurl0ckr works the same way as Satan ransomware. A hacker creates a ransomware payload and distributes it via phishing or drive-by download. The malware encrypts files on disk in the background until the victim pays a Bitcoin ransom. Hackers pay a percentage to the author. The discovery was part of a broader study on malware in the cloud. Researchers found 44% of businesses they scanned had some form of malware in at least one of their cloud applications. One in three corporate instances of SaaS applications were infected with malware. Microsoft OneDrive had the highest rate of infection compared with other major SaaS applications, with 55% of instances hit. Google Drive was next-highest at 43%, followed by Box and Dropbox, both of which had a 33% infection rate. Researchers dug into which file types are most likely to have malware. Script and executable formats were most common at 42%, followed by Office documents (21%), other file formats like text files and images (19%), Windows system files (10%), and compressed formats (8%). The average business has nearly 450,000 files in the cloud, they report, and 1 in 20,000 contains malware, they report in their findings. Source https://www.darkreading.com/cloud/new-zero-day-ransomware-evades-microsoft-google-cloud-malware-detection/d/d-id/1330999?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Best Ad-Blocker I've found is uBlock Origin. For Google Chrome..... uBlock Origin Click on Add to Chrome Once installed, I recommend that you update the blocking definitions. Right click on the uBlock Origin icon (top right of the browser) and select Options. Now click on 3rd Party Filters >> Update Now.

Get an ad-blocker if you want to dodge tech-support scammers' latest rapid-download ruse. https://i.imgur.com/l1LGWa6.png Tech-support scammers have developed a new trick to freeze browsers on a bogus security alert with a number to a fake support line. The ultimate goal of the browser freeze is to cause stress to lots of potential victims in the hope some will call the bogus hotline offered in the alert. Previously, tech-support scams have used pop-under windows, pop-up loops, and other shady techniques that aim to prevent users from closing the bogus security alert page. Scammers frequently use malicious ads to nudge browser users to booby-trapped webpages that freeze the browser. A new technique found by researchers at Malwarebytes targets the current version of Chrome, 64.0.3282.140, on Windows. This scam works by instructing the browser to rapidly download thousands of files from the web, which quickly results in Chrome becoming unresponsive and makes it impossible to close tabs or the window by clicking the X button. Malwarebytes' Jerome Segura said that the booby-trapped pages in this case include code that abuses a web application programming interface for saving files from the web on the browser. The code is set to download 'blob' objects at half-second intervals, leading to a huge number of concurrent downloads that causes the browser to freeze and a large spike in CPU and memory usage. Segura contends that given most of these browser lockers reach users via malvertizing, one effective method of countering the threat is to use an ad-blocker. He also notes that people who have landed on one of these pages can escape them by going to the Windows Task Manager and force quitting the offending browser processes. Chrome is often targeted because of its huge number of users, making it ideal for indiscriminate and widespread attacks that are usually delivered by malicious ads. Source: http://www.zdnet.com/article/windows-chrome-users-tech-support-scams-try-new-trick-to-freeze-your-browser/#ftag=RSSbaffb68

Windows Live mail has been discontinued. It's now 'Outlook'. To get your emails, just login to http://www.hotmail.com enter your username and password.

Thanks for letting us know. That bit of information may come in handy :)

Sounds like it's an issue with the phone then. How many usb 2 and usb 3 ports do you have? On the old desktop are all of the usb ports usb 2?

Wait until you try Version 57 !!! it's a nightmare, most of the addons don't even work with it now.

https://i.imgur.com/ftKKmRl.png

Hi Ned, Welcome to FPCH, it's good to see you again. Made a small change to your account. See if your PM system works now

Ken's right. The address did change a while back, the .co.uk domain was kept and redirected to the .uk domain. Seems the .co.uk domain has now expired.... so only the .uk domain works now.

Hi BJ, What address are using? If it's... http://extremetechsupport.com change it to ..... http://extremetechsupport.com A few have had this problem lately and by missing out the .co seems to work.

The 'LightsOut' adware is found in flashlight and utility apps, which have been downloaded between 1.5 million to 7.5 million times. https://i.imgur.com/rKid1FQ.jpg New adware dubbed "LightsOut" is making the rounds in Google Play, hiding in 22 flashlight and utility apps that have been download up to 7.5 million times, reports Check Point Research, which made the discovery. LightsOut embeds its malicious script into flashlight and utility apps that appear legitimate. It then hides its icon when the app is launched, making it difficult for the user to remove the adware. Although the malicious app offers users a control panel and checkbox to disable additional services, such as displaying ads, LightsOut can override users' efforts. As a result, the persistent ads do not appear related to the control panel and checkboxes, reports Check Point. Any Wi-Fi connection, a locked screen, a cell phone call that ends, or a charger plugged into a device can trigger the LightsOut adware, according to Check Point. Read more about LightsOut here. Source: https://www.darkreading.com/threat-intelligence/new-adware-discovered-in-22-apps-in-google-play/d/d-id/1330750?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Hi Richard, Do you have access to the PC now?

It would have been created when Win10 was installed.... but something must have shown the 'Hidden Files' .... making it visible to you. Normally the System Recovery won't be assigned a drive letter. If you wish to view the contents of this partition, you will have to first give this partition a Drive Letter, using Disk Management. Next open Folder Options and allow showing of hidden files, folders, and drives option, as well as protected operating system files. Once you have done this, open your File Explorer to view the partition and the files it contains. You may see files like bootmgr, BOOTNXT, BOOTSECT.bak and folders like Boot, Recovery, System Volume Information, $RECYCLE BIN, etc. I would recommend that you do not delete this partition.

Glad all's well now. https://i.imgur.com/ftKKmRl.png

Hi joddle Seems you're not alone and it's not the first time that Avira has blocked TeamViewer. Avira blocking internet access for TeamViewer program used to remotely access other computers? Avira blocked my teamviewer TeamViewer 9 blocked by Avira Premium Security Suite First link will explain how to changed settings to allow access? In the last link, the poster cured the problem by updating TeamViewer.