Jump to content

David H. Lipman

Experts
  • Content Count

    16,997
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by David H. Lipman

  1. I do not know what "this" email you refer to is and thus I can't determine whether you should keep it or not. I can state that that if you were part of a Breach it is an imperative to have changed the password and use a Strong Password and/or use the @AdvancedSetupsuggested, Multi-factor Authentication.
  2. Here is an actual Romance Scam email with its attached picture... One should look at the Red Flags bedsides an unsolicited Romance contact. Looking at the email, the source IP is 98.142.235.189 which is Telefonica USA, Inc. and the email Domain is terra.com.br which does not corroborate the body of the email statement "...Belarus, in the Soligorsk region". Additionally, the email is initiated by the IP; 185.220.101.137 which is a Tor Exit Node in Germany. Another Red Flag is the email is sent from one email address; "Kseniyushka Iam" <elenisemariac@terra.com.br>"
  3. I am running Windows 7 Ultimate/32 and I have no problem running DOS programs like Quicken v8.0 under Windows NTVDM with MBAM v4.3 in full protection mode. MBAM specifically targets Windows PE files and does not target legacy DOS and Windows applications. I have no knowledge of MBAM modifying the NTVDM, the Win32 Virtual DOS emulator, in Win32 based OS' and which is not provided in any Windows Win64 based OS'.
  4. Thank you for the clarifications. I suggest General Chat as being a a good place for discussions. In relation to frauds using a telephone number, Report Scam Phone Numbers is a good place for the submission of the Phone Number. Phone numbers are a good vector of researching and vetting a service. Google Dork on 8004859316 Looking through the results you'll find so-called support for Norton, Webroot, StopZilla, AVG , Trend Micro and more associated with that number. It is important to look for a Disclaimer that these scammers must have so their web sites are not
  5. MBAM specifically targets PE binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. This includes file names that use Unicode Right-to-Left Override to obfuscate an executable file extension.
  6. Please attach graphics here. You are provided plenty of space here.
  7. Yes. Normal background OS "chatter." It will also depend on what third party software you install. Many will run stubs upon startup and they may have their own level of background "chatter."
  8. What you are seeing is background chatter. The OS communicates meta data back to Microsoft and some background processes like SSDP, STP, Shared Music Daemon, etc. Or third party installed applications "phoning home". This background communication isn't much data but a lot of different chunks of data. If you have a symmetrical 1330Mb/s trunk then this accounts for the less than 10Kb/s of background communication you see. To know more would be to load Wireshark and see exactly and specifically what constitutes the background traffic. EDIT: Here is a sample view of a quiescent
  9. What are the results for your Upload and Download speeds using the following ? http://www.speedtest.net/ http://www.speakeasy.net/speedtest/
  10. A scan will be for objects; files on a hard disk, what's running in RAM and what keys may be set in the Registry. Scanning a hard disk is slower than RAM or within the Registry. That speed is reflected in the total number of objects scanned.
  11. @Soort It sounds like you are on it. You know to change your password and you visited https://haveibeenpwned.com/ and determined you were in a Breach. Once your email address is known associated with your name, it is possible they could use that information to create an account somewhere under that information. However the account would send email to your email address and the third party won't see it. You will. That is as long as the email Password has been changed. This can be a confusing issue. You seem to understand it all but, maybe, you are frustrated with it all
  12. In relation to Rundll32, that's just a name. I can create a MS Word file called Rundll32.doc and that doesn't mean it is malicious. The file is; Rundll32.exe and where it is located is important. The job of that executable is to load a Dynamic Link Library (DLL) and the majority of times associated with Rundll32.exe it's the DLL file that Rundll32.exe loads that may be malicious. Example: In this case the DLL file is named RehW.txt and this is a malicious file because no legitimate DLL file (even if renamed to .TXT) should be loaded from one's Document folder. Thus it is
  13. A Google Search on; 8004859316 shows that number is associated with an established Tech Support Scammer/Spammer. I don't know why you are showing picture of text on paper and I don't understand the history of the software purchase and installation. It sounds like a version of Malwarebytes' software was repackaged with some remote access software. The best place to obtain Malwarebytes software is directly from Malwarebytes and a license or licenses from a reputable reseller. I suggest you have your PC checked out by a trained Malware Removal specialist. Please read this; I'm
  14. FBI Warns of Sextortion Attempts in Arizona
  15. Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight
  16. To be more specific, the Malwarebytes' anti malware Engine and Signatures are their own and not an OEM from another company.
  17. No problem. If you look at my referenced examples of this kind of Renewal Tech Support scam, many reporting it have also called it "Phishing".
  18. No, not really. That email address is only good if one finds a Web Site that is an Apple Phish or if if you if have a HTM or HTML email file attachment that, when rendered, becomes a Apple Phish and one discerns that it does a HTTP POST on harvested Apple related credentials. The email was not a Apple Phish. As I wrote this is a variation of a Tech Support scam. It wasn't even a scam in Apple's name as this was really in the name of Norton/LifeLock and Comcast/Xfinity. It's not a scam on Apple. and we don't want to clog a Phishing email address with something like the above.
  19. Thank you. This is not a case of Phishing. It is a variation of a Tech Support scam in the name of Norton™ LifeLock360 / Webroot® / Malwarebytes / McAfee® / Kaspersky . Numerous forum members have posted about this type of scam. Please Reference: have received 3 scam emails about Malwarebytes account charges Fake Receipt? Your subscription for “Malware bytes Security” has been renewed. Phishing scam using malwarebytes subscription (cares@usorderreceipt02.co) Phishing is a process masquerading as a known entity where a web site, a PDF or other document us
  20. New FTC Data Show Massive Increase in Romance Scams, $304M in Losses
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.