David H. Lipman

  • Content count

  • Joined

  • Last visited

  • Days Won


About David H. Lipman

  • Rank

Contact Methods

  • Website URL

Profile Information

  • Location
    Jersey Shore USA
  • Interests
    Malware Research, dSLR Photography, Numismatics & Surf Fishing

Recent Profile Visitors

98,249 profile views
  1. First, you are assuming a virus. People call anything and everything a "virus" when they are not. The vast majority of malware are trojans, not viruses. All you indicate points to hardware. You can download an ISO image and burn a CD of https://www.memtest86.com/ Then you can test that RAM.
  2. If the PC won't boot and you have to swap RAM modules, then logs won't help. Its a hardware issue. Either the RAM slot(s) or the RAM modules have gone bad. It would be best to replace the RAM modules using a matched pair and if one of two H81M-S1 RAM slots is bad, replace them with one module with a capacity of the combined modules. Additionally, if the RAM is PC3-12800 you may opt to replace it/them using PC3-14900 module(s).
  3. Win32 / Neshta

    Puffery ! That and the fact the the Malwarebytes' claim is in prevention. There is no claim that Malwarebytes can eradicate a true viral infection.
  4. Win32 / Neshta

    W32/Neshta is a true virus. It is a file infecting virus. Too many call anything and everything a virus when in fact, they are not viruses. MBAM targets mainly non-viral malware. The exception being a virus dropper ( a malware file that drops a virus and starts a virus infection but is not infected with the virus ) and worms ( such as Internet worms and AutoRun worms ). MBAM is incapable of removing malicious code that has been prepended, appended or cavity injected into a legitimate file. That means if a file infecting virus infects a legitimate file MBAM will be unable to remove the malicious code. An anti virus application should be able to remove malicious code from an infected file and hopefully bring it back to its preinfected state. Which may or may not return the file to its original, non infected, checksum value. A file infecting virus will prepend, append or cavity inject malicious code into a legitimate file. Once infected, that infected file can further the infection by infecting other legitimate files. On the other hand there are trojans that will prepend, append or cavity inject malicious code into a legitimate file. However that file can not infect other files. The infection stops with that targeted file. These files are either deemed to be "trojanized" or "patched". Since MBAM can not remove the added malicious code, at best MBAM will try to replace the trojanized file with a legitimate, unaltered, file. HTH
  5. How to request check-ups for applications?

    Virus Total ( VT ) does not " only search for 'already' flagged signatures". That is not how it works. VT has the anti malware engine(s) and signatures of *many* anti malware vendors. The Signatures for each vendor are updated quite often. The anti malware Engines are updated less frequently but are also updated periodically as needed. When one submits a file to VT it makes a decision if the file has been seen before ( based upon a file hash ) or if it is a new file. If the file has been seen before, it will display the last report based upon the results. If the submitter chooses to do so, the file can be re-analyzed based upon the latest Engines and Signatures for each vendor. If the file has not been seen before, the submission will be analyzed using latest Engines and Signatures for each vendor. Based upon the file's Hash value, a historical notation is made and in the report one can see when the file was first submitted to VT. Anti malware researchers can use that information to make inferences. For example... Let's say that a file was first seen on Dec. 2016 and 15 vendors marked it as malicious. The file is reanalyzed on Oct 15, '17 and now the results show that only 5 vendors mark it as malicious. One can deduce that the file is not malicious and those that flagged it as malicious are False Positive declarations. Conversely if a file had showed 5 detections as malicious on Dec. '16 and on Oct 15, '17 the report shows 15 detections then it can be inferred that the file has a very high probability of being malicious.
  6. Encrypted keystrokes (anti-keylogging module)

    All anti malware cover keyloggers. They are just another type of trojan. Some are in fact legal. It is legal for an employer in the USA to employ a keylogging software on their corporate furnished equipment but it is not legal to put a keylogger on another person's computer such as a Girl/Boy Friend. All tools created for so-called Free Speech are a double-edged sword. After they are deployed and get to be known, they are then used for Abuse. A perfect example is the Tor Network. Ransomware loves Tor. Many Proxy Servers that are used in countries have been usurped by spammers. A perfect example would be the Chinese knockoff web sites selling fake Nike and other faux retail products. The site owners then generate spam through such services.
  7. Eicar test

    Malwarebytes' Anti-Malware ( MBAM ) does not target scripted malware files. That means MBAM will not target; JS, JSE, PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc. It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc. It also does not target media files; MP3, WMV, JPG, GIF, etc. Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files). MBAM specifically targets binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. Because the EICAR is not a windows PE file, it simply won't be targeted.
  8. Windows 7 Update

    I don't know what to state except that a lack of proper maintenance has made the system unstable.
  9. Windows 7 Update

    There is no way to increase system speed via software. That's a Snake Oil niche. The way to increase speed is through some internal hardware methodologies. CPU and/or CPU Over-Clocking -- This method is mostly for OTC motherboards. They allow the end user to increase the CPU base frequency and upgrade to a newer CPU ( such as i5 --> i7 ). Note that some OTC systems can be moderately upgraded. RAM: XMP and/or quantity -- increase the amount of physical RAM such as going to 8GB on a 64bit OS. Also making sure if the RAM uses two modules that they are matched and they are seated in paired memory slots. You may also be able to apply XMP RAM. The Extreme Memory Profile capable memory modules allow the speed of memory operations to be increased greatly. Faster Video -- If the system in question is a desktop and it uses an embedded video chip-set, you may want to replace it with a new PCI-e Video Card. Secondary Storage -- This method is to replace spindle drives with Solid State drives ( SSD ). Instead of one large hard disk, use multiple small hard disks and Edit the Registry and relegate specific functions for each drive such as one for the OS, one for programs and %TEMP% files and one for data files. This increases speed because the OS is then allowed to access these functions simultaneously and not sequentially. A combination of parts or all of the above. NOTE: The greatest flexibility, and thus the ability to boost the system speed, lies in a Desktop computers.
  10. Windows 7 Update

    Unfortunately I have nothing for you about the Sleep issue. Problems with Sleep Mode and Waking the PC have been noted for multiple Windows OS over time and it's difficult to troubleshoot. However I have noted different results of Waking the PC from Sleep Mode being based upon how the PC was put into Sleep Mode. For example: With one notebook closing the lid had a different result than hitting the Power Button. Hitting the Power Button to put the PC to Sleep resulted in no problems when the notebook was taken out of Sleep Mode. Closing the lid to put the notebook to sleep yielded an issue with the Right-Click Context based menu upon being taken out of Sleep Mode.
  11. Windows 7 Update

    Download and install IE11 from Microsoft. Reboot Download and install KB3102810 Reboot Try Windows Update again. Hopefully, listing of available updates should then be shown within 15 ~ 30 mins.
  12. I don't see anything in this post that identifies; Name and path of malware file What detection name ( or names ) are used to identify "what trojan" you are concerned over. There are millions of trojans so maintaining a Malware Encyclopedia is more than difficult. What they may hold in their directories are major malware families such as; Koobface, RamsomWare, ZLob, ZBot, Pony, etc. There has even been attempts to create a cross-referencing database with an associated malware name suffix ( such as !cme-416 ) called the Common Malware Enumeration project that was maintained by MITRE. It was designed to overcome the fact that 10 different anti malware vendors may have 10 different names for the same infector. But, that project was dropped. In short, with the large volumes of trojans that now exist or have existed, maintenance of these malware encyclopedias has gone fallow. Google and other search engines will tend to NOT help with many forms of malware because Malware Encyclopedias lack sufficient information to be Search Engine Indexed as well as all the misinformation that exists throughout the 'net.
  13. Searchguide.level3.com

  14. Zeus virus alert - win defender

    Anything else ?
  15. Searchguide.level3.com

    That is a DNS redirection where a Domain is not found, the user is redirected to searchguide.level3.com It means that you are using a Level-3 DNS server and this is normal and not in anyway related to malwarebytes. I just tried a URL where I changed the domain Name and I got...