Avira PC Cleaner – a second opinion scanner (Update – English version available)

The PC Cleaner is a scanner which can be used in parallel with other anti-malware products. It is created for users of other security products who think that they might have a malware infection which their security solution doesn’t detect. It works on any PC, note- or netbook with operating system Windows XP SP3 and above. It doesn’t require installation or registration and it doesn’t install any drivers.


The best experience is if you  first deactivate the installed security product temporarily. This way the files will not be scanned twice. You should reactivate the security product after all is done.



We recommend that you regularly perform a scan with the PC Cleaner, no matter which security solution you have (unless you are already an Avira user).



This product does not replace an installed security product.

Since it doesn’t install drivers, services and other technologies which integrate deeply with the operating system, it can’t provide the same amount of protection as an installed security product.

The current version is in German only, there are plans to release an English version soon.

We released both the German as well as the English version.

You can download this product directly from Avira using these direct links:



If you want to know more, read on.


How it works

The product copies its files in a temporary directory and starts by downloading the latest version. This happens only on the first execution, later on, only the differences will be updated (a few kilobytes up to a few megabytes).

It will copy on the desktop two icons:

  • Avira PC Cleaner – to start the product
  • Remove Avira PC Cleaner – to remove the PC Cleaner from the disk.




Updating to the latest version is a very important step. If there is no Internet Connection, the product will stop.



Click the button “Scan System”:


If you click the checkbox, it will perform a full system scan. Be aware, that depending on your system, it might take a while to finish.

Wait for the scan to finish:



If it finds no problem, then all is green:


If the product finds some malware, you will see this:


Clicking on the “View Details” gives you the details of the detected malware:


We suggest to just delete them all by clicking “Remove Selected” or “Remove all” in the previous screen .


After the threats were removed, you see a summary:


You can download this product directly from here:


Sorin Mustaca

IT Security Expert


How to check if you were affected by the malware delivered by Yahoo’s ads in Europe

You might have heard of the incident that shadowed the beginning of the year for Yahoo.


If you visited Yahoo during December 6th, 2013 and January 3rd, 2014 then it is best that you read on this article until the end.

An estimated 2.5 million Yahoo users were likely infected with malicious software, after hackers hijacked some of the company’s advertisements, and used them to attack visitors. According to cyber security firm Fox IT, which reported the breach, some advertisements viewed by clients from December 30 through January 2 were infected with malware. CNET explains that users who saw pages with the ads were redirected to sites that install intrusive software onto their computers, even if they didn’t click on the advertisement.

The ads served a multitude of malicious software, at least four different versions, and it is rather complicated to check each of them manually. Last, but definitely not least, we’ve seen reports that also Java vulnerabilities were used to serve malware.

For most users, the most secure way is to scan your computer with your favorite Antivirus. If you notice that your computer reacts strangely or you can’t even install your favorite Antivirus, then I recommend first to run a scan using the Avira Rescue System. More information how to use it are available here. If you still can’t get it work, you can also give Microsoft Safety Scanner a try.

Second step in hardening your computer is to make sure that Java is at the latest version or is uninstalled/deactivated.

Here you can test if you have Java active in your browsers and if it is up to date: http://java.com/en/download/installed.jsp


If it is not up to date, please update it immediately. Our recommendation is to disable Java completely, but if you really need it, check this link to see how you can deactivate it in each browser individually.

Fortunately, only users on Windows were affected by the malicious software, users of Mac, Android and iOS were not affected. This doesn’t mean that you shouldn’t protect your devices, there are good free security products available for each of them.


Sorin Mustaca

IT Security Expert

Apple released the update v10.9.1 for OS X Mavericks

Apple published an update to their latest OS X, Mavericks v10.9, which is recommended for all OS X users.

Apple Logo

It improves the stability, compatibility, and security and includes:

  • Improved support for Gmail in OS X Mail, and fixes for users with custom Gmail settings
  • Improves the reliability of Smart Mailboxes and search in Mail
  • Fixes an issue that prevented contact groups from working properly in Mail
  • Resolves an issue that prevented VoiceOver from speaking sentences that contain emoji
  • Fixes an issue that prevented iLife and iWork apps from updating on non-English systems
  • Addresses an issue that may cause multiple prompts to unlock “Local items” keychain
  • Addresses an issue that may cause Japanese keyboards to retain a previously used language
  • Includes Safari 7.0.1
    • Fixes an issue that could cause Safari to become unresponsive when filling out forms on fedex.com, stubhub.com, and other websites
    • Improves Credit Card Autofill compatibility with websites
    • Improves VoiceOver compatibility with facebook.com
    • Updates Shared Links periodically when open in the Safari Sidebar

So far, not too much about security. But, there is more.

Apple also released a special KB about the Safari 7.0.1 security issues as well which is described as CVE-2013-5227.

  • Impact: User credentials may be disclosed to an unexpected site via autofill

Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking.


If you are a Safari user, it is recommended to install this update immediately.

The updates can be downloaded and installed using Software Update, or from Apple Downloads.


Sorin Mustaca

IT Security Expert

What to do to stop phone and mail advertisements

The Christmas presents frenzy is starting during this time of year all over the world. Most of the shops are making the equivalent of their year to date revenue in these weeks before Christmas. So, it makes sense for them to have a good planned online advertisement strategy. This is the reason why you are assaulted by ads and crazy promotions these days.

In order to get rid of the online ads you should use the AdBlockPlus browser extension. If you don’t want webshops to track you, you should install a browser tracking blocker like Do Not Track Me.

But it doesn’t stop here… Ads are following you outside of the virtual world.

In order to reach those that don’t really visit the webshop but prefer more to buy from printed brochures, you will see your postal box also full with advertisements. I assume that the response rate for this is extremely low and the costs to produce them very high, because the companies don’t stop here. Starting with beginning of November, each year, there are large telephone advertisement campaigns. Somebody pretending to call in the name of a large company calls you with a story like:

- you received a big discount and you should make use of it because it expires soon – you won to some kind of prize to some lottery but you must pay the delivery costs – because you are such a good customer, you get something for free if you buy something else or if you pay the delivery costs – and many, many others.


What can you do against phone and mail spam?

Phone advertisements


First of all, listen good to what the person is saying when they are presenting themselves and write down the name of the company from which you no longer want to get ads


Remain calm and don’t hang up and don’t yell to the person speaking to you. Remember that he/she is just doing his/her job. Somebody else paid them to call you. Speak calm :

Please stop calling me. I no longer wish to receive these advertisements phone calls from you and from your affiliates. (it is very important to mention the affiliates)

If you are at the end of your relationship with that company you can try to ask them to remove your customer profile from their database. Note that this doesn’t always work because the person calling you is usually receiving a big list with phone numbers and doesn’t have access to the account system. – Make sure that the person on the phone confirms that they removed you.

If even after this you still get calls, try to contact the shop directly. See below how you can address this at “Additional measures”.

If even after this you can’t get this stopped, then your only solutions are:

- block the phone number if your router/phone allows this

- issues a formal complain to the Customer Center of that company

- issue a formal complain to the Customer Protection.


Postal advertisements


This is more complicated and it requires more work from your side.


Unfair, I know since you never opted in for any of this. Ideally, you receive ads because you opted at some point in time for them even if you didn’t know anything about it. Remember to always read the full document when you sign for something.

So, the unsubscribe process applies to this case as it did for the phone ads. If you have a customer account to that shop (or publication) then login there and check for “communication settings” or something similar. There you have usually three options:

- email communication

- phone communication / SMS communication

- post communication

You may want to unselect all of them.


Additional measures

If you don’t have an account, then look on the website for a contact address and write them an email containing this information:

- Your name

- Email address

- Address where you receive the communication

- Telephone numbers where you get the calls

Write specifically that you don’t want to be called anymore.

Sometimes it even helps to write from which number you get the calls.


What to do if you don’t know who is calling you

If you just see in your phone/router that there is an unknown number that keeps calling you and it is suspicious, try to search it on Google. There are many portals which collect such numbers which call just to sell you something. This may give you an indication who is calling you so that you can start the process of getting removed from their lists.



Sorin Mustaca

IT Security Expert

Black Friday is coming – stay alert

Every year, in the last week of November we have the Black Friday (November 29th) madness of buying at reduced prices.

“Stay alert” doesn’t mean that you should only keep an eye on those great offers. It means that you should not fall for the scams that are going to show up.


What is going to happen?

We expect to see the large spam and phishing campaigns related to this event. There are actually two events, Black Friday and Cyber Monday, but the first one is the most well-known.


These events are too well-known to not be used by cyber criminals which always try to make use of the buying frenzy of the users. With the continuous growth of the social media websites like Twitter, Facebook and others, we see also a lot of such “offers” published there as well.

The campaigns start more than a week before the Black Friday , and are trying to lure users to buy various things at unbelievable prices before everyone else.

We also expect to see spams containing offers related to various opportunities of reselling the goods which were bought during this time and are not wanted by their owners. Exactly the same is happening after Christmas until middle of January every year.

All these have something in common: social engineering and greed.

We wrote many times about not buying from spams or from offers which are simply too good to be true or are coming from suspicious websites.

But here it is again:


Don’t buy from spams

I just want to remind you once more that the spammers get their money from those who offer the goods for sale. So, if you don’t want to receive spams on the long term, then don’t buy anything that is advertised in such emails or in Facebook and Twitter posts.

Another fact is that many of these offers are fake: that is, if you pay for a product, there is a good chance that you will never see the product and you lose your money for good. Some other websites deliver fake goods instead of mark products.

Always buy from websites which you or your friends know. Remember that not always the online website ratings are real, the various “security checked” seals can be easily faked and, most important of all, if something is too good to be true, then probably isn’t.


Sorin Mustaca

IT Security Expert

5 tips to keep your mobile devices safe while using 3/4G and LTE

Having tablets and smartphones dominating the market has been the main motivation for IT companies to boost the 3/4G  and LTE technologies. This will significantly improve user connectivity but also will raise the risks levels in terms of security. These new technologies require that we have to pay more attention to our terminals in order to avoid significant risks to our security. Mobile devices usually don’t have security software or URL filtering for various reasons and the result is a greater chance of falling victim to fraud and online attacks.

Here are 5 tips that will make your mobile computing experience safe:

 1.       Protect your device against phishing

The main feature of 4G is a faster Internet connection. This causes users to decide to take steps in online banking, such as shopping, booking and payment network outside of the fixed link. The main dangers of these efforts are the possibility of hacking our account and get our credentials. The easiest and most portable way to protect your mobile device against malicious websites is to change the DNS server of the device with that of OpenDNS. Check their website for instructions how to do this for most common mobile devices.

2.       Pay attention to short links (short URLs) circulating in social networks, especially on Twitter

Mobile users are not used to short web addresses. This way of linking content has grown exponentially especially since Twitter appeared because of the need to short the post. This means that there is no visual control of the full addresses until we click on the link, which increases the probability of being infected with malware attached to the link. The easiest way to protect against this kind of URLs is the same as for the phishing websites. Malicious websites in general use shorted links to hide their real URL.

3.       Keep a track on your applications

A faster connection will allow you to download easily more applications for your device, so you must be very careful. The main route used by malware to infect your terminal is masked behind an application. It is highly recommended to pay attention when you install it and always do it from the official markets (Play Store for Android and iOS App Store for iPhone).

4.       Control the exchange of files with your contacts

A faster connection speeds up data exchange and encourages users to share more content from their mobile devices. Check with an antivirus the files that you receive from your instant messaging contacts (such as WhatsApp, Skype) so that they are not infected by malware that can endanger your personal safety or make your terminal unusable.

5. Install and keep active a remote wipe solution

In case your device gets stolen or lost, you can use its permanent online functionality and issue a remote wipe of the device. If you lose the device doesn’t necessarily mean that you must  give the private data as well.


Of course, these tips can be also used while using your mobile device via WiFi. Do not forget that accessing the Internet via a router may add additional risks.Here are additional tips about security your mobile device.

Sorin Mustaca

IT Security Expert

Ransomware in the wild: the CryptoLocker malware

The Cryptolocker is a new variant of ransomware malware that encrypts various files on user’s computer and demands the owner of the computer to pay the malware authors in order to decrypt the files. The affected files are documents, images, databases and many others.


How to recognize it

The CryptoLocker malware files are mostly spreading through fake emails designed to impersonate the look of legitimate businesses and through fake FedEx and UPS tracking notices.  In addition, there have been reports that some victims saw the malware appear following after a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground [CERT US].

It is quite obvious to see that you have the malware. After some time you see the following window on your screen. In the window it is written the date and time when the private key will be destroyed and the time left until destruction. The time given is around 3 days after infection (between 70-80 hours).


The cyber criminals pretend to keep the only copy of the decryption key on their server(s), meaning that it is not saved on your computer, so that you can’t decrypt your files without their help – help which costs 300 EUR/USD or 2 Bitcoins.

cryptolock1 cryptolock2 cryptolock3 cryptolock4


What it does

The malware searches for all hard drives, network drives, USB drives and even cloud storage drives and identifies files that it can encrypt.

Here is the complete list of file extensions that the malware searches in order to encrypt: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx.

Once the files are encrypted, Cryptolocker contacts the command servers and stores the asymmetric private key used to encrypt the files.

To connect to the servers, Cryptolocker uses a domain generation algorithm that produces unique domain names every day. This is why it is very hard to see the malware in action. It has first to connect to a server and only then it starts encrypting files.

The files are encrypted using asymmetric encryption. Asymmetric encryption uses two different keys for encrypting and decrypting messages. Asymmetric encryption is a more secure form of encryption as only one party is aware of the private key, while both sides know the public key.

In order to maximize the success rate, the malware writes some registry keys which allow the computer to execute the malicious files on each reboot.

 KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “CryptoLocker”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “*CryptoLocker”

KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “CryptoLocker_<version_number>”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “*CryptoLocker_<version_number”



The good news is that Cryptolocker is not a virus (self-replicating malware), it is a trojan which means that it can’t spread uncontrollable in your network. Its purpose is to encrypt files and demand payment for the decryption. Each user has to receive and activate the malware individually.

The bad news is, that it performs its malicious actions silently (encrypts your files) and only afterwards it communicates that it is present on the affected machine.


All Avira products detect this malware as „TR/Fraud.Gen2″.


Mitigation techniques

  • Always run an up to date antivirus software. As mentioned above, all Avira products detect and remove it. Unfortunately, it is not possible to decrypt the files that the malware encrypted.
  • Do not open suspicious or unsolicited web links.
  • Do not open emails that you didn’t request
  • Do not execute attachments from emails, even if the emails come from known persons
  • Keep a backup. If you have a real-time backup software (e.g.: Avira Secure Backup, Dropbox, etc.) then make sure that you first clean the computer and then restore the unencrypted version of the files.


What to do if you are infected?

We strongly recommend to run a system scan using the Avira Rescue System which prevents any malware to actively affect the scan results.

Here are additional steps you can take when your computer has a malware infection.

One last thing which we keep repeating: Never, ever pay the ransom. You would be just encouraging other criminals to go this way.

Unfortunately, it is not possible to decrypt the files that the malware decrypted by yourself. The asymmetric cryptography makes this task quasi impossible. Only restoring from backup might help you to get your files back.


 Sorin Mustaca

IT Security Expert

Microsoft may end antivirus updates on XP in April, Avira will not

The support for Windows XP will end as communicated by Microsoft on April 8th, 2014.

A spokesperson issued the following statement to Larry Seltzer of ZDNet:

Microsoft will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014.[...]

What does this mean for the XP users?

The free Microsoft Security Essentials is no longer going to protect the users with new signatures. It is still unknown how exactly will the product react, but most probably it will simply remain for ever up to date. This is the worse scenario actually, because the user will not be aware that he is using an outdated antivirus product.


What is the alternative?

The best alternative is, of course, Avira Free Antivirus which continues to be supported by Avira one year after the main stream support offered by Microsoft for the operating system ends. Avira Free Antivirus runs on Windows XP SP3 (32-bit), Windows XP SP2 (64-bit) and requires a computer with minumum 1 GB RAM (2 GB recommended).

Do not forget that the best way to stay away from troubles is to have up to date software, especially an up to date operating system. Unfortunately, since Microsoft will not patch security vulnerabilities of XP anymore, there will be other problems arising. Malware authors will target more and more from now on this operating system, knowing that any vulnerability they find will remain there for good. This is why we strongly recommend to migrate from XP as soon as possible.

But, as long as you are stuck on XP because of legacy software, you can count on any Avira product to protect you.



Sorin Mustaca

IT Security Expert

10 tips to improve your mobile device’s security

We wrote here how you can improve the security of a new computer in 10 easy steps.

Considering the fact that mobile devices have been selling much better than the workstations, it is important to know that the same strategy applies as well to these devices.

Here are some quick steps that you can do to improve the security of your mobile device.


1. Set a strong password for your mobile device.

Here are tips how to do this and here are general tips about how to create a strong password.

2. Set up an anti-theft solution. 

Mobile devices are easier to lose or get stolen than laptops and computers. This is why it is extremely important that you set up such a tool. Some mobile devices come with a preinstalled solution, some don’t (iPhone has “Find my iPhone”, Android has the Google services). If you don’t like those or just want to try something new, you can give Avira Free Mobile Security (Android and iOS) a try.

3. Install the latest updates of the operating system

No matter if iOS, Android, Windows mobile, etc., they all get updates if they are still supported by the provider. Usually the latest version of the OS brings not only new features, but most important, security updates.


4. Install the latest updates of your apps.

Same as above, not only the operating system is vulnerable, most of the time the apps are those with security problems.

5. Install a security solution

Even if malware is not so widespread on mobile platforms as it is on Windows, there are still many threats out there. Many apps are not what they seem to be and most important, they are not always doing what they say they do. This is the reason why you should install a security solution (with antivirus) for your mobile device.

6. Do not install from unofficial app stores

There are thousand of application stores for Android, but most important, it opens your device to unknown, unchecked apps that can endanger your security.

7. Do not root your device

Rooting a device can invalidate the warranty of your device and can create other security holes as well. For iOS it also give the possibility to install apps from unofficial stores having other possible consequences.

8. Encrypt the storage

Some mobile devices, if not all by now, allow the encryption of the storage (either external or built-in). This is important if you store all kind of information on your mobile device (like tablets).

9. Always connect to only secure Wi-Fi network connections

By connecting to unsecured Wi-Fi networks you send all data in plain text. Including passwords…

10. Use your device with security in mind

Even if you are using a non-Windows operating system doesn’t mean that you can’t get infected. Be cautious when browsing suspicious websites, when opening email attachments, when allowing apps to access your data or when requesting special privileges that they should not require to function.


Check out the rest of the series “Improve your security“.


Sorin Mustaca

IT Security Expert



Advanced Real-Time protection with Avira Protection Cloud

The malware landscape is evolving on a very rapid pace and these days, the technologies released 2 or 3 years ago are becoming slowly obsolete. That’s why providing security only through engine and signature updates is no longer considered enough.

In order to ensure that our customers are using the best protection available, we released in October 2012 the version 2013 of all products, integrating for the first time the Avira Protection Cloud in the Quick System Scan (only in paid consumer and professional workstation products).

After first introducing the Avira Protection Cloud to the product last year, Avira takes the next step beyond the cloud enabled quick system scan: real-time scanning of programs with the Avira Protection Cloud. The goal is to check only unknown, new programs that come from potential dangerous sources. Malware very often enters the victim’s computer in the same way, for example via drive-by-downloads and exploits. So, in order to optimize the user experience, various filters are applied before a binary is uploaded to the Avira Protection Cloud.


How does it work?

When you enable the Protection Cloud, the digital fingerprint of suspicious executable files on your PC (e.g., .exe, .dll, never self-created documents or pictures) is checked in real-time against virus information stored in the cloud. If an unknown file is found—that’s rare for most people—it’s uploaded for inspection and then classified as clean or infected. But fear not: we won’t upload your documents, pictures or other personal files.

The integration of Protection Cloud in the Real-time Protection doesn’t mean that each and every single accessed executable file is checked against the Protection Cloud. Instead, the product decides based on information from various sources which files are suspicious and will only check in real-time against the Protection Cloud these files. This feature accesses information about the viruses that is updated non-stop in the cloud. This way, you’re protected against the latest threats, even between regular product updates.

In certain cases, it might be needed that suspicious files that were previously unknown to the Protection Cloud have to be uploaded for a deep analysis. In these cases, depending on your configurations settings you will be able to see the upload and scan progress.

If a file is found as infected, you will see an exclamation mark and if it is clean, a checkmark.




At any point it is possible to configure that that dialog should be hidden. Just check the option present on the bottom of the dialog: Don’t show this message again.


In case you want to revert it, visit the Configuration Center, General ->Advanced Protection and deactivate the option “Show progress for uploads to the Avira Protection Cloud”.


By default, the usage of the Protection Cloud in Real-time Scanning is activated.  If you want to deactivate this feature (which we strongly suggest to use), you can do this in the same dialog: unselect the option “Real-time file scanning”. The option to display the progress for uploads is by default activated.

Note that if you deactivate the entire usage of the Protection Cloud, you will deactivate it also in the Real-time Protection.

The new feature is available in all premium products, version 2013 and 2014:

Sorin Mustaca

Product manager