Pro-Tech Computers

04/10/2025

We are now and have for the last 4 years offering Mobil Service Only. Pick-up, Delivery or Service at your home or business

04/27/2022

Imposters are everywhere. Here’s how to spot them.
The more you know about scammers and how they operate, the better you can protect yourself and your accounts. Here are 5 of the most common scams and top ways you can outsmart them.
1. Spoofing: a scammer pretends to be a reputable company by faking their caller ID name and number. The scammers will often call several times in a row to make you think it’s important.

Outsmart them: Don’t answer the phone, and if you do, don’t give out any personal or account information.
2. Romance scams: a scammer pretends to be your perfect mate so you’ll send them money for things like plane tickets, medical expenses, or other reasons that will play to your sympathies.

Outsmart them: Don’t send money to anyone you haven’t met in person—no matter how much you care about them.
3. Tax/bill payment scams: a scammer says you owe taxes or other debts to scare you into sending them money. Often this includes threat of a warrant or other legal action to get you to act fast.

Outsmart them: Never pay a company using gift cards. Big companies and government agencies don’t accept them as a form of payment.
4. Donation scams: a scammer will offer to deposit money (or a "donation") into your account for no reason. Most of the time, they want you to deposit a check for them into your account.

Outsmart them: Don’t give out your login info, and don’t deposit checks you weren’t expecting from people you don’t know well.
5. Tech support scams: a scammer pretends to be a software or antivirus company and tries to convince you that your computer is at risk. They may ask you to install programs or give them access to your computer.

Outsmart them: Don’t click on links, install software, or give anyone access to your computer. If you are concerned, take your computer to a reputable local company.
The simplest way to know that something may be a scam is to ask yourself, "Is this too good to be true?" If your answer is yes, or even maybe, immediately cut off contact with the potential scammer. If anyone you don’t know requests money, personal data, or login information, you have reason to be suspicious. Resist pressure to take immediate action, and talk to someone you trust about what happened

01/08/2022

03/05/2021

Do you remember? ✏️

10/11/2018

Millions of accounts affected in latest Facebook hack

Facebook announced earlier today that its social network had been hacked, resulting in 40 million accounts that were directly impacted, while another 50 million were also considered to be potentially affected.
Attackers exploited a feature in Facebook called “View As,” which essentially shows how your profile looks to others. The flaw enabled them to get ahold of so-called Access Tokens, which allowed them to be logged in as genuine Facebook users without having to use their password.
The feature has for now being turned off and the underlying vulnerability fixed. A law enforcement investigation is ongoing to determine the full scope of this hack and identify the eventual perpetrators.
Facebook says they have taken actions and that there is no need for users to reset their passwords, although it is a good opportunity remind users that passwords should be complex and not reused across multiple services.
We recommend people follow the Facebook hack story to get a better idea of what exactly was accessed and take the necessary precautions.

08/08/2018

Trojans: What’s the real deal?

The fictional Greeks hiding in their legendary Trojan horse would probably be excited to learn that the default Wiki page for Trojan is, in fact, their big wooden horse thingy (vs. computer infections or dubious businesses).
Sorry, fictional ancient Greek warriors. It’s not that we don’t think you’re a big deal—that film with Brad Pitt was at least a 6 out of 10. It’s just that at this point in time, the Trojans we’re most concerned about are the tiny ones that sneak onto your PC under cover of darkness, then lay waste to Troy.
And by Troy I mean our PCs.
The term “Trojan” as we understand it first came to life in the 1970s, used in a USAF report about vulnerabilities in computers [PDF]. The application of said digital Trojan horse is fairly straightforward: a computer program, pretending to be something it’s not, is installed and executed on the target system. For example, a victim could open up a file named dolphin.exe and thinks they’re looking at a fun game called Dolphin. But in reality, all of their personal information is being harvested covertly and sent back to base.
The Trojan hall of shame
The first big-name Trojans many of us in the IT space may remember dealing with date back to the late 1990s and early 2000s. That includes Netbus, Bifrost, and Sub7, though the bulk of the cybercrime spoils went to the notorious Zeus in 2007. After that, Trojans were in business, with DarkComet, the Blackhole exploit kit, which would (for example) push Java or Carberp Trojans, and Koobface (an anagram of Facebook), which would typically pretend to be a video as bait to install a worm.
Most of these have long since gone to the great wooden horse paddock in the sky, but Zeus continues to linger by virtue of having its code leaked in 2011, forming the building blocks for many, many Trojan attacks since then.
Social engineering at its finest
Fittingly, social engineering plays a major part in the Trojan proceedings. A splash of societal pressure, or even just a “Hey, this is cool” is often enough to get someone to compromise their personal computer by their own hand.
You’ve won this free thing! Click here and take a look!
Wait, are hackers bearing gifts now? Though there are no ancient Trojan warriors offering up towering wooden structures, you can bet there’ll be a wide variety of confidence tricks on display. You might get a cool laptop sticker or a pair of novelty-branded socks at an event. Or, you might get this:
Email: Hi, check out this adorable dolphin! Run this file dolphin.exe, it’s great!
Social media: Enter our sweepstakes to win an adorable dolphin!!! Be sure to run dolphin.exe to stand a chance of winning.
Instant messaging: Adorable dolphin webcams. Only $4.99 a month! Download this dolphincam.exe to get started.
Suspiciously abandoned USB stick: Wow, you’ve found my suspiciously abandoned USB stick. Way to go! If you want to return my adorable dolphin photos, please run adorabledolphinphotos.exe to see my address.
Despite the variance in attack methods described above, they’re all using executables disguised as harmless files (Trojans). Types of Trojan vary wildly and encompass everything from government-developed files to people on forums making their own special home-brew versions. We’ve listed the main categories of Trojans below.

Types of Trojans

Financial
Plenty of financially-motivated Trojans exist, typically doubling up with keyloggers to try and exfiltrate online banking information. Some may try and snoop connections by performing man-in-the-middle attacks, or dropping a fake bank login page on the PC so the victim happily hands over their credentials. Others take an alternative approach and simply scan the PC for anything that looks like login data stored in a text file, or insecure passwords saved in a browser.

Botnets
Backdoor the system, and the sky’s the limit. However, botnets are an old favourite of malware authors, and dropping some files that can take commands from a Command & Control server is just what the doctor ordered. Once tagged into a botnet, your machine’s power as a rogue node is amplified many times over, alongside its compromised brethren. In situations where the attackers aren’t particularly interested in your personal information, they may well just use you to join in on a Distributed Denial of Service (DDoS) attack instead.

Ransomware
The ubiquitous ransomware is often served up to potential victims disguised as something else in order to lock up the target PC then demand a ransom. It could be delivered via malspam or phishing and spearphishing campaigns, which tricked users into opening emails from untrustworthy sources.
General data collection/system tampering
The intention behind using a Trojan may be to try and grab card details, or personal information, or download additional malware files, or even just sit quietly in the background and monitor all activity for reasons known only to the attackers. It’s really up to the attacker, and as a result, the definition of “Trojan” can sometimes be murky.
For example, droppers and downloaders are two types of Trojans that do exactly what their names suggest: adding additional bad files onto the system. But
what’s the motivation for adding more bad files? Maybe they just want to keep an eye on things for a later date, installing a remote administration tool that keeps a backdoor open and gathers fresh data as you go about your business. Maybe some of your browsing habits trigger another social engineering attack, which attackers can now do easily with access to your system. Or perhaps the data gathered on you is sold to other organizations for marketing purposes, and now you can’t stop getting junk email.
This is nowhere near an exhaustive list, but just an example of the kind of mischief Trojans can cause and create.
Emotet: A Trojan you can bank on
Emotet, a mainstay of Trojan activity since 2014, is a great example of the threats we’re talking about. It’s evolved over the years to present a challenge for even the most experienced network administrator. Spam mails containing fake invoices and dubious links eventually result in compromised systems, and from there the network is under siege. Brute force attacks are waged on network passwords, traffic is intercepted and logged, banking modules are dropped on target systems with the intention of stealing credentials, and it can even be used to perform DDoS attacks.
As time has passed and more online banking customers turn to two-factor authentication, so too has Emotet evolved by virtue of moving away from focusing primarily on banking. Just like Zeus, it never seems to go away and instead keeps on coming back with more tricks up its sleeve. Thankfully, users of Malwarebytes are protected from this threat and many more like it.
Gift horse, mouth, do not look
Regardless of intention, turning your PC into an open access gateway for Trojan dolphins—er, horses—is a bad idea indeed. Even if the initial Trojan is removed from the computer (assuming it hasn’t already self deleted), there’s often no way of telling what else has been placed onboard.
Unlike some other forms of attack, Trojans never really go out of fashion. Only a few weeks ago, fake Fortnite files were causing waves over in Androidland, promising free game points but offering up unrelated downloads instead. Social engineering will never go away, and dressing up a rogue file in attractive packaging goes a long way toward compromising a system.
Feel free to read up on our many social engineering posts because that’ll give you a great head start against your horsey adversary. And if the ancient Greeks had practiced better deduction and use of common sense—You’re in the middle of war. Why invite a giant wooden structure inside your walls?!—they would have surely vanquished the clever Trojans.

06/04/2018

Justice News

Department of Justice
Office of Public Affairs

FOR IMMEDIATE RELEASE
Wednesday, May 23, 2018
Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices
Additional action necessary worldwide to remediate the botnet.
The Justice Department today announced an effort to disrupt a global botnet of hundreds of thousands of infected home and office (SOHO) routers and other networked devices under the control of a group of actors known as the “Sofacy Group” (also known as “apt28,” “sandworm,” “x-agent,” “pawn storm,” “fancy bear” and “sednit”). The group, which has been operating since at least in or about 2007, targets government, military, security organizations, and other targets of perceived intelligence value.
Assistant Attorney General for National Security John C. Demers, U.S. Attorney Scott W. Brady for the Western District of Pennsylvania, Assistant Director Scott Smith for the FBI’s Cyber Division, FBI Special Agent in Charge Robert Johnson of the Pittsburgh Division and FBI Special Agent in Charge David J. LeValley of the Atlanta Division made the announcement.

“The Department of Justice is committed to disrupting, not just watching, national security cyber threats using every tool at our disposal, and today’s effort is another example of our commitment to do that,” said Assistant Attorney General Demers. “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

“The United States Attorney’s Office will continue to aggressively fight against threats to our national security by criminals, no matter who they work for” said U.S. Attorney Brady. “This court-ordered seizure will assist in the identification of victim devices and disrupts the ability of these hackers to steal personal and other sensitive information and carry out disruptive cyber attacks. We will be relentless in protecting the people of Western Pennsylvania - from international corporations to local businesses to the elderly - from these threats.”

“Today's announcement highlights the FBI's ability to take swift action in the fight against cybercrime and our commitment to protecting the American people and their devices,” said Assistant Director Scott Smith. “By seizing a domain used by malicious cyber actors in their botnet campaign, the FBI has taken a critical step in minimizing the impact of the malware attack. While this is an important first step, the FBI's work is not done. The FBI, along with our domestic and international partners, will continue our efforts to identify and expose those responsible for this wave of malware.”

“The FBI will not allow malicious cyber actors, regardless of whether they are state-sponsored, to operate freely,” said FBI Special Agent in Charge Bob Johnson. “These hackers are exploiting vulnerabilities and putting every American’s privacy and network security at risk. Although there is still much to be learned about how this particular threat initially compromises infected routers and other devices, we encourage citizens and businesses to keep their network equipment updated and to change default passwords.”

“This action by the FBI, DOJ, and our partners should send a clear message to our adversaries that the U.S. Government will take action to mitigate the threats posed by them and to protect our citizens and our allies even when the possibility of arrest and prosecution may not be readily available,” said FBI Special Agent in Charge David J. LeValley. “As our adversaries’ technical capabilities evolve, the FBI and its partners will continue to rise to the challenge, placing themselves between the adversaries and their intended victims.”

The botnet, referred to by the FBI and cyber security researchers as “VPNFilter,” targets SOHO routers and network-access storage (NAS) devices, which are hardware devices made up of several hard drives used to store data in a single location that can be accessed by multiple users. The VPNFilter botnet uses several stages of malware. Although the second stage of malware, which has the malicious capabilities described above, can be cleared from a device by rebooting it, the first stage of malware persists through a reboot, making it difficult to prevent reinfection by the second stage.

In order to identify infected devices and facilitate their remediation, the U.S. Attorney’s Office for the Western District of Pennsylvania applied for and obtained court orders, authorizing the FBI to seize a domain that is part of the malware’s command-and-control infrastructure. This will redirect attempts by stage one of the malware to reinfect the device to an FBI-controlled server, which will capture the Internet Protocol (IP) address of infected devices, pursuant to legal process. A non-profit partner organization, The Shadowserver Foundation, will disseminate the IP addresses to those who can assist with remediating the VPNFilter botnet, including foreign CERTs and internet service providers (ISPs).

Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second stage malware and causing the first stage malware on their device to call out for instructions. Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.

The FBI and the Department of Homeland Security have also jointly notified trusted ISPs. The Department and the FBI also encourage users and administrators to review the Cisco blog post on VPNFilter, available HERE
(link is external)
, for recommendations and to ensure that their devices are updated with the latest patches.

The efforts to disrupt the VPNFilter botnet were led by the FBI’s Pittsburgh and Atlanta Offices; FBI Cyber Division; Trial Attorney Matthew Chang of the National Security Division’s Counterintelligence and Export Control Section; and Assistant U.S. Attorneys Charles Eberle and Soo C. Song of the Western District Pennsylvania. Critical assistance was also provided by Richard Green of the Criminal Division’s Computer Crime and Intellectual Property Section and The Shadowserver Foundation.

05/01/2018

Data Backup & Recovery for your Home

Don’t Lose All of Your Precious Memories!
How devastated would you be if all of your family photos were gone, your personal files lost, or all of your music erased?
Did your heart skip a beat just thinking about this?
Well it can happen in the blink of an eye.
Did you know that every week 140,000 hard drives crash in the United States?
Power surges are more common and have devastating consequences on your computers and devices.
Human error is still the number one cause for data loss!
Many times there are very few warning signs of an impending hard drive failure, and most of us ignore every warning our computer gives us. Also, we cannot always predict possible power surges or what other people are doing on our devices! The only way to ensure that you will not lose everything to one of the many potential disasters is to make sure you have a reliable and tested home data backup solution in place.
Computer Troubleshooters local experts will review your current home data backup solution, evaluate your backup needs and explain our industry leading solutions. Our home data backup solutions are designed to meet your individual needs and budget.
Take the time to protect all of the information that you keep on your computer and devices safe, so when disaster strikes (and the odds tell us it will), you can rest easy knowing your information is safe, secure, backed up and easily restorable!

03/09/2018

Did you know that identity thieves can file a fake tax return in your name with only your Social Security number and birth date?

In 2016, there was a 400% increase in tax related phishing and malware attacks, and 969,000 potentially fraudulent refunds claiming up to $6.5 billion. You may be unaware that you’re a victim until you try to file your taxes and IRS tells you something’s wrong.

Here are four common scams to watch out for this year:
• Phishing—Fraudsters send fake emails to trick would-be victims into sharing personal data. The real IRS would never initiate contact with you this way.
• Phone fraud—Identity thieves impersonate IRS agents. But, the real IRS states it will never call to demand immediate payment. You will first receive a mailed bill.
• Tax preparer fraud—Use tax professionals? Watch out for emails that appear to be from them asking for private information. Delete and call your service directly.
• Phony IRS agents visit your home—This scam often targets the elderly. Real IRS agents carry photo IDs, and will try to contact you before visiting.
Over one billion records have been stolen through breaches in recent years.

01/26/2018

Protect your privacy wherever you are connected.

Your phones and tablets need security like your computer and laptops. When you connect to public Wi‑Fi at your local coffee shop or airport or hotel, your phone and personal information may be at risk because those Internet connections may not be secure