How to Completely Remove Microsoft Security Essentials Manually

WARNING: Manually removing Microsoft Security Essentials is a complicated task which should only be performed by an expert. This article describes how to uninstall Microsoft Security Essentials if you cannot uninstall it in Control Panel by using the Add or Remove Programs.

  1. Attempt to remove Microsoft Security Essentials via Add/Remove Programs. If the program doesn’t show up inside of Add/Remove Programs and you are certain it is still installed proceed.
  2. Download Microsoft Fixit Tool 50692 (See https://support.microsoft.com/en-us/kb/2483120)
  3. Attempt to run the utility.  If it works, skip to step 18.
  4. Using notepad, create a batch file with the following text. Do not execute the batch
    file until step 5.
cd /d "%ProgramFiles%Microsoft Security Client"
setup.exe /x
TASKKILL /f /im MsMpEng.exe
TASKKILL /f /im msseces.exe
net stop MsMpSvc
sc delete MsMpSvc
REG DELETE "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMsMpSvc" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Antimalware" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Security Client" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMicrosoft Antimalware" /f
REG DELETE "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionRunMSC" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerProducts4C677A77F01DD614880F352F9DCD9D3B" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerProducts4D880477777087D409D44E533B815F2D" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMicrosoft
Security Client" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
{774088D4-0777-4D78-904D-E435B318F5D2}" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerUpgradeCodes1F69ACF0D1CF2B7418F292F0E05EC20B" /f
REG DELETE "HKEY_CLASSES_ROOTInstallerUpgradeCodes11BB99F8B7FD53D4398442FBBAEF050F" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUserData
S-1-5-18Products4C677A77F01DD614880F352F9DCD9D3B" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUserData
S-1-5-18Products4D880477777087D409D44E533B815F2D" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller
UpgradeCodes11BB99F8B7FD53D4398442FBBAEF050F" /f
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller
UpgradeCodes1F69ACF0D1CF2B7418F292F0E05EC20B" /f
takeown /f "%ProgramData%MicrosoftMicrosoft Antimalware" /a /r
takeown /f "%ProgramData%MicrosoftMicrosoft Security Client" /a /r
takeown /f "%ProgramFiles%Microsoft Security Client" /a /r
REM Delete the MSE folders.
rmdir /s /q "%ProgramData%MicrosoftMicrosoft Antimalware"
rmdir /s /q "%ProgramData%MicrosoftMicrosoft Security Client"
rmdir /s /q "%ProgramFiles%Microsoft Security Client"
REM Stop the WMI and its dependency services
sc stop sharedaccess
sc stop mpssvc
sc stop wscsvc
sc stop iphlpsvc
sc stop winmgmt
REM Delete the Repository folder.
rmdir /s /q "C:WindowsSystem32wbemRepository"
sc stop
EXIT
  1. Use Selective Startup via MSCONFIG. Disable all non-Microsoft Services and all Startup
    Items.
  2. Reboot system in safe mode with networking.
  3. Execute the batch file you created.
  4. Since the Microsoft Installer will not work in Safe Mode by default, use an Elevated
    Command Prompt and type the following commands.
    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
 
net start msiserver.
  5. Run the Microsoft Fix It file. The Fix It program may not complete. It’s okay. Once the
    file has run for a period of time without completion use task manager to kill the MSI Exec.
  6. Reboot the system in NORMAL MODE with SELECTIVE START-UP still enabled
  7. Run the Microsoft Fix It again. The program should now complete.
  8. Using REGEDIT Remove the following keys if they exist
  9. HKEY_CLASSES_ROOT > Installer > UpgradeCodes>26D13F39948E1D546B0106B5539504D9
  10. Go to Control Panel and turn Windows Defender back on. If it comes on and allows you to update you have successfully removed Microsoft Security Essentials.
  11. Use MSCONFIG to restore your system to normal startup mode.
  12. Reboot your system to finalize the process. Don’t forget to install an anti-virus.

 

Sync Outlook to Google Calendar

Google ended support and availability of Google Sync in August 2014.   While unconfirmed, Google still makes Google Sync Application available for Paid Business and Education users of the GMAIL platform.   Click here to see the Google Sync End of Life Announcement.

Google Sync allowed users to sync their Outlook Calendar to Google Calendar quite easily.   So, if you are looking for a way to sync your Microsoft Exchange Calendar to Google Calendar you are likely frustrated.  While there are many articles and paid applications which allege to sync your Exchange Calendar to Google Calendar, we were looking for something that worked reliably and didn’t cost very much.

 

The good news is, there is an Open Source FREE tool called Go Contact Sync Mod which is available on SourceForge which can quickly be installed on your desktop to facilitate one-way or two-way sync between Outlook and Google Calendar.  The application will also sync contacts between Outlook and Google if you desire.

Link to Go Contact Sync Mod on Sourceforge is available at: http://sourceforge.net/projects/googlesyncmod/?source=typ_redirect

More information about the Go Contact Sync Module is available at: http://googlesyncmod.sourceforge.net/

CryptoDefense Ransomware Virus

As we have provided previously, there has been a bad virus running around for a few months. The virus targets Microsoft Office files, text files, pictures, videos and PDFs.  If infected, the virus will encrypt these files and hold the victims data ransom.

The latest iteration of the cryptolocker virus is known as “CryptoDefense.”   Symantec has analyzed the program and discovered the file encryption is a 2048-bit RSA key.  The virus creators are Microsoft’s infrastructure and Windows API to generate the encryption and decryption keys.  The extortionists are demanding $500 BITCOIN to be paid within a few days.  If you don’t pay on time, the ransom doubles.

According to Jeremy Kirk of Computer World, Symantec has “estimated the cybercriminals received more than $34,000 worth of bitcoin in just a month, showing the effectiveness of their scam.”

In November 2013, the United States Computer Emergency Readiness Team (US-CERT) has issued Alert (TA13-309A) which outlines details and recommendations for dealing with CryptoLocker Ransomware Infections.   See: https://www.us-cert.gov/ncas/alerts/TA13-309A

Our recommendation is to ensure you have a current on-site and off-site backup.  Frequently update and verify your backups.  Non-compressed backups (or copies) of your files stored on an external hard drive will fall prey to the malware if your system is infected and the drive is plugged in.  Off-site backups which use a mapped drive also can become infected.

Source: http://www.computerworld.com/s/article/9247348/CryptoDefense_ransomware_leaves_decryption_key_accessibleLarge-CryptoDefense

Ransomware CryptoLocker

Ransomware is a type of malicious software designed to block access to your computer system or files until a sum of money is paid. This type of malware typically targets individuals.  We are starting to see more business computers targeted.

The current greatest ransomware threat continues to be Cryptolocker. Cryptolocker started appearing in late September 2013. Once the system is infected, the malware encrypts most or all the users data files, making the files inaccessible.  The ransom ranges from $300.00 to $3000.00 US dollars. There is currently no way to decrypt the files as the encryption key is randomly generated.

It is important to note CryptoLocker will encrypt any data files it finds on your system.  This includes files on your physical hard drive, attached USB drives and even cloud connected storage.  This means data on a mapped DropBox drive could also become encrypted.

I have an online backup. Is my data protected?

Having an online backup does NOT guarantee your data is protected.  While having an online backup can HELP to restore unencrypted files, it does not protect you from CryptoLocker.  In fact, once CryptoLocker has encrypted the file, it has changed.  This may cause your online backup to backup the now changed and encrypted file.

Should I pay the ransom?

Only you can make the decision to pay the ransom. Paying the ransom DOES NOT guarantee the files will be decrypted. Paying the ransom can lead to other problems, like credit card fraud and identify theft. We DO NOT recommend ever paying the ransom.  We recommend prevention and using best practices to avoid getting the infection.

Reports indicate some who have paid the ransom never get their files decrypted.  Others have reported their files were decrypted, but it took several hours to days for the process to reverse itself.

Where does CryptoLocker come from?

CryptoLocker can be installed from simply browsing to an infected website.  However, it is frequently delivered via spam email as a compressed archive (.zip) file or via an executable file (.exe). Emails may appear to come from a person or business you know.  Faked emails appearing to come from UPS or FedEx have also been reported as points of distribution for CryptoLocker.

Signs your system may be infected with CryptoLocker

1. The system has started running unbearably slow.  This is due to the processor resources needed to encrypt all of your files.

Some steps you can take to help protect yourself.

Remembering no anti-virus/anti-malware can provide 100% protection, here are some things you can do to help ensure you don’t get infected.

  1. Have a decent and up-to-date antivirus program running.
  2. Get the latest operating system updates
  3. Have your computer firewall running
  4. Limit user privileges
  5. Have an online backup of your files.
  6. Have a complete and current offline and unconnected backup of all your data files.

More information about CryptoLocker:

Service Provider Invoicing

So you are starting up your small business and confused about which accounting package is right for you. Knowing which accounting package is right for you can be a complex decision. Quickbooks is an outstanding program if you’re looking for an accounting program that is a total solution. However, for a new small business software accounting systems can be a big investment.

When you decided on an accounting package, it is essential to understand your needs now and in the future. Ask youself if the accounting package will grow with your business. Be sure you understand the portability of the data, should you decide to move to a different accounting package later on down the road.

If you are just getting started, and you are looking for simplicity and affordability, Freshbooks, a completely online accounting system, may be right for you. Freshbooks is an extremely simple and easy to use online invoicing program which provides many bells and whistles accounting tools which are standard with QuickBooks. With FreshBooks, the focus is on keeping everything simple and the programs core functions are based on the basics like creating estimates or proposals, issuing payments and sending invoices.

AirMail

Have you ever wanted to get some FREE information from a website only to find they want your name, email address, mothers maiden name and phone number before giving it to you?  A disposable can be very useful in getting the information you want without giving out our real email address.

Disposable email addresses are valuable if you want to avoid receiving SPAM.  One free service we recommend is AirMail.  AirMail is located at www.getairmail.com.  You can obtain a disposable email address in about 5 seconds.  It shouldn’t be used for any real business.  It should never be used for more then a few minutes and there is no security.  To be very clear, the use of a disposable email address should be used for legitimate purposes where you want to protect your actual email address from ending up on some company’s SPAM list.

About.com provides a list of other Disposable Email Address Services > Here!

AT&T and SBC Email Settings for Outlook

The helpdesk is frequently receiving calls regarding the proper settings for sbcglobal.net Outlook settings and att.net Outlook settings. If your email account is still pointing to the pop.sbcglobal.yahoo.com and smtp.sbcglobal.yahoo.com servers, you are likely receiving a certificate warning issue when sending and receiving mail. AT&T changed these severs over a year ago.

Current AT&T Mail Server Configuration can be found HERE

Need help accessing your account?  Call AT&T U-Verse Internet Support at 1.800.288.2020. or click HERE to connect with AT&T Support Team.

sbcglobal.net and att.net Email Servers

Incoming mail server: pop.att.yahoo.com Outgoing mail server: smtp.att.yahoo.com

Authentication

Mark the checkbox for My outgoing server (SMTP) requires authentication and select use same settings as my incoming mail server.

Server Port Numbers

Incoming server (POP3) – 995 (Check This server requires an encrypted connection (SSL))

Outgoing server (SMTP) – 465 (Change the following type of encrypted connection from None to SSL)New Account

Mail Settings More      Mail Settings More2    Mail Settings More3

This article is for information purposes only. If you need password assistance or help accessing your AT&T/SBC email account, you must contact AT&T. Call AT&T U-Verse Internet Support at 1.800.288.2020. or click HERE to connect with the AT&T Support Team.

Gone Phishing

Phishing Scams

Phishing is an illegal attempt to collect meaningful information, like your online bank account username, password, or credit card number, from an email recipient (target).  The emails masquerade themselves as coming from an organization you likely already due business with.  Large national banks like Citibank, Chase, CapitalOne, PayPal, PNC and others are the most frequent brands used by the criminals.  However, banks are not the only organizations used.  They will use social media sites, like FaceBook or LinkedIn, and other high traffic websites to trick the target into providing their information.

Popular Phishing Scams

  1. Email from your bank saying your account has been compromised.
  2. Email from your bank saying a check has bounced.
  3. Email from your bank saying your online password has expired or will expire.
  4. Email telling you to need to verify your email address.
  5. Email from your bank telling you about a recent change in your account information has changed.
  6. Email telling you some amount of money (usually a small but tempting amount) is available for you.

Email Spoofing

The method of masquerading a FROM email address called spoofing. It is a non-complex way of manipulating how an email appears when it is sent out to make the recipient believe it comes from a legitimate organization or person.  As an example, the email appears to come from security@somebank.com when in fact it was sent from 123456@freemail.com.

Why the scammers do it?

If an email spam scammer is successful the target will click the link provided in the email.  This usually takes the target to website which looks EXACTLY like the organizations legitimate website.  The target attempts to login to the FAKE website with their username and password and the scammers job is nearly complete. The victim has just provided their username (often their email address) and password to the criminal.

Unfortunately, over 80% of computer users, you use the same password for everything.  So the criminal now has the targets password for everything from their bank to their Facebook and Amazon account.  If a common password is compromised, the criminal will attempt to use it to access every possible site/account they can.  The targets compromised information is now used by the criminal or sold to another criminal to create distance between the original offender and the user of the information.

How to Avoid Becoming a Phishing Victim

  • Be aware that many scam artists are making forgeries of company sites that look like the real thing. They may take every precaution to make consumers believe their site is secure and, therefore, legitimate. Following are some tips on avoiding the trap.
  • Don’t trust e-mail headers. They can easily be forged.
  • Avoid filling out forms in e-mail messages. One can’t know with certainty where the data will be sent, and the information can make several stops on the way to the recipient.
  • Verify the legitimacy of a web address with the company directly before submitting any personal information. Don’t click on a link in an e-mail message from a company until you check.
  • Protect yourself through education and thorough evaluation. Don’t trust everything you read.
  • Verify the legitimacy of the company first before acting. What’s the rush? A simple phone call may make all the difference.
  • Be alert to phishing messages. Reputable companies do not contact their customers via e-mail to request that they update their files or to verify an account or security setting.

Source: Center for Information Technology

If you have been a victim and taken the bait.

If you have taken the bait and compromised your information, especially your Social Security Number (SSN), you should place fraud alerts on the three major credit reports (Equifax, Experian, and Trans Union).

Even if you haven’t been a victim, you should consider an identity protection and credit monitoring service like LifeLock or Experian.  Some of the services they provide include proactive protection, advanced internet monitoring, credit alerts, non-credit alerts, address monitoring and lost wallet protection.

Don’t SPAM

So you received an email from a trusted friend.  The email subject reads “This has been verified on Snoops.com!”  First, before you hit the forward button…hit the delete button.  Most of these emails start from the very folks who make malware and virus software.  99% of these are scare tactics.

You should also be very careful when searching the Internet for information about viruses. Doing so will often lead your computer to the path of infection. There are reputable locations to learn about current virus threats, but we don’t consider Snoops to be among them. If you absolutely must do some research, we recommend some of the sites below.

Learn more about the latest email and virus hoax information at SOPHOS

  1. Microsoft Malware Protection Center
  2. Symantec Security Response Team
  3. Wikipedia for a List of Known Viruses

Stuck Key’s Driving You Insane

As keyboards get old they have a tendency to loose their spring.  Most keyboards (laptop and desktop) rely on a combination of rubber springs and somewhat fragile plastic scissor clips.  First, we never recommend you taking your keyboard apart to resolve the stuck key.  It can lead to disastrous results and you needing to replace an otherwise healthy keyboard.

There are several things you can try to do to fix a stuck key or two.  Check out the article at PC World for some great tips on resolving your keyboard frustrations at I’ve got a dead key on my keyboard.