Submit a ticket to our Helpdesk

Mac Crypto-Miner shared via MacUpdate

February 8, 2018 at 11:44 pm

Macs are generally known as having safe Operating Systems. However, they aren’t without their share of malware variants. Take for example the Crypto-Miner that was released from MacUpdate via a hacked Webpage on their site. The new Crypto-Miner, referred to as OSX-CreativeUpdate, is designed to sit in the background and use the Computer’s CPU power to mine Monero Currency. The mined currency is then deposited into a single wallet. This trojan/miner, although distributed by MacUpdate, is actually downloaded from the Adobe Creative Cloud Servers.

The specific software applications that were infected were Firefox 58.0.2, Onyx and Deeper. The following instructions described how to remove the infected files.


Unfortunately, this type of scenerio is difficult to detect and avoid as the end user is not at fault.  As with any type of malware attack, please make sure that you are familiar with the email source. It at all in doubt, call the individual, or delete the email altogether.

TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Contact us now to see how we can help you.


September 15, 2017 at 4:35 am

The latest virus to make the rounds is called BlueBorne, and it is spread using Bluetooth technology. In fact, you don’t even have to be paired to a device in order for you to become infected. According to Ty Miller (ABC Reporter), “You could be simply walking down the street and walk past someone who is vulnerable, and suddenly they are infected… Then they land in other another country and suddenly the virus starts spreading there.” BlueBorne can infect any device equipped with Bluetooth. This includes smart phones, laptops, personal computers, tablets, printers, smart TVs, watches, and even medical equipment.

BlueBorne does not contain a payload like other viruses. Instead, it gives hackers the ability to leverage Bluetooth connections in order to penetrate and take control of the targeted devices.

According to security professionals, the best thing to do (until a patch is released from your particular manufacturer) is to simply turn off Bluetooth.

Click on the video below for more information.


Newly released information (as of September 17, 2017)
“Microsoft released security updates in July and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.” – a Microsoft spokesperson said.

All iOS devices with 9.3.5 or older versions and over 1.1 Billion active Android devices running older than Marshmallow (6.x) are vulnerable to the BlueBorne attack.
Google and Microsoft have already made security patches available to their customers, while Apple iOS devices running the most recent version of its mobile operating system (that is 10.x) are safe.

For those running Android platforms, you can download the “BlueBorne Vulnerability Scanner” from the Google Play Store. This will test your device, and advise as to whether it is vulnerable.

Windows 10 making final push to take over

May 18, 2016 at 8:46 pm

Despite the numerous 3rd party applications that currently aren’t Windows 10 compatible, that doesn’t seem to bother Microsoft. They want everyone on Windows 10, and it seems like they aren’t willing to take no for an answer. Take for example their latest ploy. Instead of giving people the option to opt out of the Windows 10 upgrade by simply closing the nag-screen, as soon as you click the little red “X” in the top-right corner of the window, it approves the scheduled upgrade, and starts the download process thereby prepping itself for the install to take place in a couple days time.

Many users have already been through this experience, having found Windows 10 installed on their system. As per their recollection, they don’t remember authorizing the upgrade, but according to Microsoft’s Rules, by click the little red “x” in the corner of the nag window they actually gave Microsoft the green light to perform the upgrade.

Very Frustrating.

However, there are a couple ways to combat this.

  1. Read all the fine print. Do not skip over anything. There is an option in reschedule and even cancel the upgrade, but you have to be vigilant.
  2. Download and install “GWX Control Panel” from Ultimate Outsider. Follow the on-screen instructions, and you can permanently prevent the Windows 10 upgrade from happening, until such time that you see fit.

As always, be vigilant, and make sure you read everything.

TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Contact us now to see how we can help you.

Another MS Update broken

November 13, 2015 at 7:05 am

In recent months, Microsoft has put out well over 100 patches for its Windows 7 operating system. Although most have been good, the odd one is faulty when deployed. Take for example the latest round of patches on November 10th, 2015. Many people started experiencing a flashing screen upon starting windows after the updates had been installed. This certainly wasn’t the case for everyone, but definitely made an impact for a few unsuspecting users.

As it turns out, the offending update was KB3097877. It caused the affected system to make it as far as the welcome screen, and then drop into a cyclic screen flash right before the user password prompt. All inputs are blocked, and the only way to exit this was by forcibly shutting down the machine (via the power button).

From all reports, the only way to get rid of this is to uninstall the offending update via an elevated command prompt.  More information is available here.

In my opinion, these patches need to be checked more thoroughly before being released. It’s not like they aren’t familiar with the operating system.
After all, they did make it.

TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Contact us now to see how we can help you.

3rd party Start Menu for Windows 10

February 25, 2015 at 2:49 am

On October 21, 2012 Microsoft released it’s latest operating system known as Windows 8. However, to their utter dismay, the fanfare was substantially less than what they were hoping for. This downturn in customer approval was partially due to the fact that Microsoft took customer relations for granted and stripped the start menu from it’s operating system. This left their loyal user-base literally scratching their heads, wondering how to make it work.

In response Stardock, who saw an opportunity to make things better for Windows 8 users subsequently released Start8, an aftermarket Start Menu replacement for Windows 8 which had the same look and feel as the Windows 7 start menu.

Over the last couple of years, Microsoft has been witness to the biggest mass-exodus from their once thriving user-base since Windows Vista. However, they have since taken public opinion into their design process and reintroduced the Start Menu into Windows 10.

Stardock isn’t taking this lying down though. In fact, they are releasing a start menu (aptly named Start10) for Windows 10 as well, with some enhancements that will give the Microsoft start menu a run for it’s money.

For more information on this product, check out their website at

TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Contact us now to see how we can help you.

Who is that MALWARE talking to?

February 21, 2015 at 1:36 am

If you are like most people, you typically turn your phone off at night before you go to sleep. Well, if you happen to be one of the unlucky ones… you might be getting a phone bill for some calls you don’t even remember making. This is because AVG recently discovered an Android trojan virus that starts up when you shut your phone down.

The malware gets installed via an installed app (thought to be legitimate). No one knows for sure which apps are carrying the Trojan. Due to Google’s strict policy on Malware, it isn’t likely that Google Play would be harbouring malware in it’s apps. This being said, the play store has featured infected apps before, so users should exercise caution when downloading apps regardless of the vendor.

According to AVG, this particular malware strain hijacks the shutdown process of the android platform. When the user initiates a shut down, the device displays all the usual characteristics associated with the shutdown process but actually stays on. This is where the malware takes control of the device, allowing it to make calls, send texts, etc. It has complete control of the unit, without the users knowledge.

According to AVG, the unit remains under control of the Malware (making calls, sending texts, etc) until the user initiates the power-up process by turning the unit back on, which causes the malware to go dormant, until the unit is switched off again. The only way to know for sure that the unit is in fact off is to power down the unit, then disconnect the battery.

Unlike the Simplocker Android virus that we mentioned in an earlier post, this virus is fairly easy to remove by running an Antivirus scan of your device. The Antivirus app will then detect and remove the associated malware files.

Right now, this Virus seems to be limited to China. But it never hurts to be one step ahead when it comes to technology.

TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Contact us now to see how we can help you.

Hard hitting Android “Locker” Virus hits back

February 13, 2015 at 5:56 am

Recently, we posted a piece titled Ransomware Viruses – Retaining control of your Data. This nasty little piece of malware has now lept onto the Mobile Android platform as well.
This virus, simply known as Simplocker , first appeared in June of 2014. However, the developers left a nice size whole in the programming allowing Avast! to create a decryption tool for the virus’ unfortunate victims to use. This hole was infact a programming error, which in its execution, used the same encryption key for all the victims’ mobile devices. This made it easy to identify the key, and develop a fix to combat it.

However, the developers have since fixed that programming error. The new version of Simplocker uses a different encryption key for each device it infects. According to Avast!, the new android malware strain has already infected 5000 mobile devices. The virus comes across as a Flash Player app, and upon execution encrypts the users’ files.

Although there is currently no fix to recover the encrypted files, Avast! advises people NOT to pay the $200.00 ransom.

According to Nikolaos Chrysaidos of Avast!, “If you have been infected by this new strain of Simplocker, back up the encrypted files by connecting your smartphone to your computer. This will not harm your computer, but you may have to wait until a solution to decrypt these files has been found. Then boot your phone into safe mode, go into the administrator settings and remove the malicious app and uninstall the app from the application manager”.
He also goes on to state that its also a good idea to change the device’s settings to prevent the downloading of apps from unknown sources. By doing this, it will prevent attacks like this from ever getting on your device in the first place.

TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Contact us now for your free, no-obligation, comprehensive 35-point network audit.

How secure is your smartphone?

February 12, 2015 at 12:03 am

With malware developers looking for new and creative ways to steal data and your information, it begs the question “How secure is your smartphone?”

Malware is a constant, yet changing threat in our daily lives. On average, there are roughly 160,000 new strains of malware being developed every single day, according to Panda Security. That figure alone has left some of us wondering, “Is it safe for me to go to that site, or am I going to get hit again?”

Luckily for the majority of us, we will never see the 160,000 daily strains that are being reported. However, with Android devices taking more and more of the market share, and malware becoming more prevalent on these devices, it may just be a matter a time before you encounter one.

The best way to circumnavigate the android-malware-minefield is to invest in an reliable mobile android security app.

In recent years, all the major players in the Anti-Malware security arena have developed apps for the mobile android market. Some are better than others, and we are here to tell you who’s on top, and who’s not.

The Results were broken into 3 categories. Protection (6), Usability (6) and Extras (1) for a max score of 13.

We have ranked the apps based on the Max Score achieved.

Score (13) – Ahnlab, Anguanjia, Antiy, Avast!, Baidu, Bitdefender, BullGuard, Cheetah Mobile, ESET, F-Secure, Ikarus, Qihoo 360, Quick Heal, Sophos & Trend Micro

Score (12.5) – Comodo, G Data, Kaspersky, McAfee, NSHC, Symantec & Tencent,

Score (12) – Avira, DU Apps & Webroot

Score (11.5) – Alibab

Score (10.5) – Trustlook

Score (10) – AVG

Score (9.5) – Malwarebytes

Looking at the results, I can’t say I am not surprised. BitDefender has equally shared the #1 spot for PC Security with Kaspersky for the last 4 years. IT is obvious they have put forth that level of commitment to security, in their mobile apps as well.

As always, the best offence is a solid defense. That rule applies to android devices as well. Make sure your device is protected by a trusted mobile security app such as Bitdefender, and ensure that your device is password protected.

TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Call us now for your free, no-obligation, comprehensive 35-point network audit.

Ransomware Viruses – Retaining control of your Data

February 10, 2015 at 10:58 pm


Over the past year, ransomware viruses have been front and center. They have infected computers in all sectors (Residential, Public Services, Emergency Services, Commercial, Not-For-Profit, etc). There just doesn’t seem to be a way to stop it, or is there?

Most viruses can be removed without a lot of damage occurring (if you catch them fast enough). Take for instance a Trojan Virus.

A Trojan virus usually resides inside another program that the user installs (either on purpose or without their knowledge). It emerges when the host program is installed. These viruses often act as “backdoors”, allowing other malicious content into the system. They are also characterized by not infecting other files (like a computer virus), and not propagating (like worms). There job is to simply open backdoors to your system, and steal data. Once they are removed from your system, they are usually gone for good, and your data stays within your control.

Ransomware viruses are completely different, as they typically don’t infect your files, don’t propagate, and do not open backdoors. They simply hold your system at Ransom. The first of it’s kind was Cryptolocker (identified in the last part of 2013). It encrypted users files using asymmetric encryption and then demanded $300 in order for the users files to be dycrypted. This demand was also subject to a time limit as well. If the user didn’t pay the ransom within the defined time limit, the offer was be rescinded and the user lost access to their files forever. This virus had a longer lifespan than most, as the Department of Justice final took down the threat in early June 2014.

However, this type of virus attack was just beginning. On June 19, Cryptowall emerged as a more deviant version of Cryptolocker. The developers hence fixed the vulnerabilities that allowed Cryptolocker to be taken down.

July 2014 brought yet another player to the Ransomware arena, CTB-Locker. This nasty little virus I had the pleasure of meeting. IT comes in via email from a reputable source (CAB or ZIP attachment), claiming to be a Fax or Invoice. The user clicks on the attachment to open it up, and Voila you’re infected. CTB-Locker is particularly nasty because it has taken stealth to an entirely different level. CTB stands for Crypto-Tor-Bitcoin, meaning that it encrypts your files, and demands to be paid in Bitcoins (like it’s predecessors), but also uses the Tor anonymity network for its communication to the Encryption key servers. The only way I was able to save our client’s data was to reinstate the previous night’s backup (after I removed the virus, and all supporting files).

In Summary, Ransomware looks like it is going to be here for a while. Here are a few tips to ensure that if the inevitable happens, you are not caught unprotected.

  1. Ensure that you have an Anti Virus program protecting your computer, and that it’s virus definition files are ALWAYS up to date.
  2. Set your Anti Virus’ mail filter to remove the following attachments from your incoming mail.
    • SCR
    • CAB
    • EXE
  3. Make sure that you have nightly backups of your data. If you find that you are often to busy to remember to back up each night, have the process automated.
  4. Test your backups periodically to ensure that your backup data is intact.


TSG Computer Services is a Vancouver-based IT Support company who specializes in Solutions for Increased Productivity. Call us now for your free, no-obligation, comprehensive 35-point network audit.


Infected in a ‘flash’

January 31, 2015 at 4:23 am

The latest in computer scams involves a harmless piece of software that you probably already have on your computer… the Adobe Flash Player.

The most recent vulnerability is referred to as a drive-by-attack, or drive-by-download. You don’t have to click on anything or download anything on purpose. You simply visit the infected page, and the flash applet loads automatically without ever asking for permission (like most flash applets do). The difference is that this one carries a malicious payload. Once the applet is loaded, you are infected.

There is simple fix for this, and that is to keep your Adobe Flash player up to date.

So when you get a notification that states an update is available for Adobe Flash Player, be sure to grab it.

Certified computer repair services One call away

Find out how TSG Computer Services can help you minimize downtime, increase security and maximize profits. You can learn about our computer repairs and IT consulting services, our computer support specialists, or you can contact us now.

contact us
Facebook Twitter Linkedin RSS YouTube Google Plus