David H. Lipman

GandCrab is a trojan, not a virus.

RE: Photos, videos,pdf file are all change to deferent file name

https://www.wilderssecurity.com/threads/what-is-osfinstaller-exe-causes-high-cpu-load.415948/#post-2822629

This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current

DHCP will obtain DHS servers and the WAN address and the Gateway address. They will be on the Verizon network. You can override the DHCP provided DNS servers with static servers. Such as from the following list of public DNS Servers. Otherwise you do not need to do anything as there is no problem noted from Post #1. 8.8.8.8 - Google 8.8.4.4 - Google 4.2.2.1 - former GTE 4.2.2.3 - former GTE

Malwarebytes' blog from January 9, 2014 by Metallica -- The RTLO method

Its a fraud. There is a high propensity of malicious and nefarious sites hosted on the TLD .BID Web site is hosted by Private Customer, Cameroon Mail Server is hosted by Yandex enterprise network, Russian Federation EDIT: I went to the site and chose "About Us" - No information. I went to "Contact Us". No information on whom they are or where they are located and the Contact is only a Web Form. No email address, no phone number - nothing. Red Flags of fraud. One must vet a web site for legitimacy before spending money with a web site.

@exile360 can confirm this but the sale of Life Time Licenses ended well before 6 months ago. Most likely, Years ago. Whom did you obtain said license from ?

You stated - "I tried it anyway but of course as soon as I uplink it downloads fake dns servers and default GW. " NetRange: 71.96.0.0 - 71.127.255.255 CIDR: 71.96.0.0/11 NetName: VIS-71-96 NetHandle: NET-71-96-0-0-1 Parent: NET71 (NET-71-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: MCI Communications Services, Inc. d/b/a Verizon Business (MCICS) RegDate: 2005-01-18 Updated: 2016-08-18 Ref: https://rdap.arin.net/registry/ip/71.96.0.0 71.115.11.1 is a WAN node on Verizon and thus become a gateway into the Internet for a Verizon subscriber 71.252.0.12 -- nsrest01.verizon.net ( Verizon DNS ) 68.238.112.12 -- nsrich03.verizon.net (Verizon DNS ) 71.115.11.1 -- lo0-100.RCMDVA-VFTTP-316.verizon-gni.net 96.228.38.1 -- lo0-100.RCMDVA-VFTTP-316.verizon-gni.net verizon-gni.net - Domain is registered to Verizon Trademark Services LLC Everything looks normal for a Verizon FiOS connection ( FTTP ) for a Virginia Point of Presence ( PoP )

I believe I wrote about this file naming trick years ago. EDIT: RE: Post #11 (2014) , Post #20 (2017) I have also replied to your posts Amaroq_Starwind with specific information. Please stop suggesting what MBAM should do. Write you own anti malware application. MBAM specifically targets binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. This includes file names that use Right to Left Override to obfuscate an executable file extension. Reference: https://en.wikipedia.org/wiki/Bi-directional_text https://en.wikipedia.org/wiki/Right-to-left EDIT: Here's a file I submitted years ago. https://www.virustotal.com/en/file/3ac80eecd863e0f33fa124d5ae13bbbf070672d03628415823cbd0397aa100fc/analysis/ First submission 2013-08-07 18:58:40 UTC ( 5 years, 8 months ago )

Muito bom!

Reference: I installed an cracked windows activation Piracy

Other reason to take a PC out of sleep... USB event Power button Keyboard keys Ethernet magic packet. BIOS setting to wake at a specified day and time Look in the BIOS setting for many ways to take a PC out of sleep.

The same goes for Potentially Unwanted Programs ( PUPs ).

If you are asking if Malwarebytes supplies malware samples to the general public. The answer is no. However there is a quid pro quo for those who submit quality malware samples inline with the provided submission guidelines. If the submissions are quality, Malwarebytes personnel, who are Malware Researchers, may choose to elevate that member to "Malware Hunters" status. Once a member is in the group Malware Hunters, the member can then download samples that other members have submitted.

Please explain and not write in cryptic, riddle, form.

A "Keylogger" is just another form of trojan. One should not think just about this trojan sub-type of malware but should think holistically about the ingress of all sorts of malware. This begins with practicing Safe Hex. That means use Critical Thought about what you see and what is presented to you and ask those all important questions. Understand Social Engineering and how its exploits the human vulnerabilities and emotions. Don't willy-nilly click on URLs. Have Situational Awareness and learn about the threats that were presented Yesterday and are being presented Today. Performing them, and using an anti malware like MBAM or MBAM couples with a full anti virus application, will go along way in preventing malware from infecting your platform(s). Yes, MBAM Premium specifically targets, blocks and removes Keylogging trojans.

What about it?

You are not alone @Judy Lee

Anything else ?

Large companies holding Personally Identifiable Information ( PII ) and their failure to protect that data and/or share that data without your expressed permission is a problem. Limiting your exposure to having a large number of web sites having PII is a start. For example if you have five doctors that each tell you to create an Internet, web, account, don't do it for any of them. Send companies you have subscription and leases with a Right of Privacy and Opt-Out notification. Tell them they are legally bound to protect your data and they are NOT allowed to share that data or collect meta data. However, if a stolen password is current and can be used at a banking or other financial site or a site that contains PII can lead to Identity Theft and can have greater and more profound consequences. You stated... " Also, once all that info is in the wrong hands, no amount of Password changing will make up for the SS #'s, mother maiden names, etc will get it off the internet. " With fixed data such as a SS#, yes. However sites that have challenge questions or ask your mother maiden name have them change the information or ask something new. This would go for any compromised challenge question answers.

No. Basically it shows that that email address ( or addresses ) were associated with a data breach and that would indicate how this occurred... " ...saying they had my password (they showed a partial of a pw I used in the past), " If that password is used anywhere now, please change it to a new Strong Password.

Did you test your email addresses against the site to see if they were associated with a breach ?

This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. That is most likely how they had a partial password you had in the past. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current

It sucked and it should never have been created. It was proof the Microsoft failed to learn the lesson of the "Coca Cola and Pepsi" dominance battle. It created a data push platform using a lousy GUI and generated content where none was requested. Good Riddance !