Jump to content

David H. Lipman

Experts
  • Content Count

    14,726
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. The question is... What in you email needs to go out to gown-plan.com [ Web site is hosted by Next Stride SRL, Romania ] over TCP/UDP port 58109 ? Romania is well known for producing spam.
  2. Malwarebytes' signatures will target the AutoRun worm and the anti exploit module will prevent the OS from being infected. There is no reason to format the Flash Drive unless it was really empty to begin with or it is new. There are KNOWN events where Flash Drives are deliberately made to be malicious and are then sold in that state. Packaged and sealed products from known manufacturers and vendors have the lowest propensity for this. Used drives bought 2cnd hand have a much higher propensity of bearing a malicious payload.
  3. En inglés por favor El Emotet es un troyano, no un virus. Virus Total no siempre vuelve a seleccionar la detección de Malwarebytes 'Anti-Malware (MBAM). MBAM utilizará la detección heurística para detectar malware que no está disponible en el motor de MBAM que se usa en Virus Total. Si tiene el archivo físico, adjúntelo en un archivo ZIP, RAR o 7zip en Newest Malware Threats
  4. That helps... gpedt.msc <> gpedit.msc So if it is trying to hide in plain site by a slightly altered name, that could mean something. It could be named .msc but that may be a label and not a file extension. Look in the Control Panel applet "Program and Features" for "gpedt.msc"
  5. It is the Group Policy Editor. Please leave it alone. Reference: https://www.ghacks.net/2017/06/10/windows-msc-files-overview/
  6. This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  7. Yes. There is no malware on your PC as a causative factor. They are just malvertisements. Yes.
  8. David H. Lipman

    customer

    This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. This is not malware but it is malicious activity. It is also not a sign of iPower being "infected". Email headers can be forged and they make it seem like the email was sent by the recipient but if you look at the email headers in RAW format, you will see that the email did emanate from another source. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  9. RE: cant remove virus please help I have requested it be reopened and this thread be merged with the previously closed thread.
  10. I found these on the topic... https://app.hacknotice.com/#/hack/5cc85afee038960db869a674 https://govanguard.io/2019/04/23/club-penguin-rewritten-1688176-breached-accounts/ https://beenleaked.com/LatestBreaches They all seem to repeat the same info. No other technical data other than what you have already learned.
  11. Please reference: How to remove WeKnow malware (and others)
  12. These are classed as malicious advertisements or malvertisements. As such it is not about what software is on your PC but about what web sites you visit and one's browsing habits. For example there are certain porn sites that have a greater propensity to exhibit a FakeAlert. If you are on Windows, a Microsoft FakeAlert. If you are on an Apple iPhone or MAC, you will see an Apple FakeAlert. Then there are sites that don't care who they do business with when it comes to advertisement revenue. Or when one marketing company outsources to another. Then the malvertisement may be rotated in or randomly displayed. As I have explained in other discussions I have seen fake Mozilla Firefox malvertisements emanating from the Weather Channel web site. There was a case where members visited AllMusic.com and on rare occasions they got a Microsoft FakeAlert. The reports were few and reproducing it was difficult but finally I was able to coax a Microsoft FakeAlert from a visitation. It was all discussed in This Thread. Reference: Post #20 You stated " Between my visits to this forum, I see the same thing happening again and again. " Well, you need to review and look at your browsing habits as to what you were doing and what sites you visited when you receive these FakeAlerts and try to avoid these sites. The other thing is you stated " When looking in my browser history, the redirect page is listed as Win Erx03 " We want to identify those web sites and get them submitted so Malwarebytes' products can block access to the malicious sites. Submissions of FakeAlert sites are done in; Newest IP or URL Threats ( as per the directions in READ ME: Purpose of this forum )
  13. You should have saved this for April 1. Too phunny Samuel.
  14. Knowing your IP is not a real concern. You can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ What were the results from the above? If an email account password has been compromised, change it to a new Strong Password. If that password was used on any other site, change it. You stated "... since the game was deleted and someone reuploaded..." What "game"? I can't see a game account breach being too serious. It's only a game and holds no real data. Does the possibility of this unidentified Game Breach have associated with a Credit Card number ? If yes, contact the bank and have it canceled and have them issue a new one. If this happened a year ago and you haven't made any efforts to protect yourself then you put yourself in a bad position as you may be viewed as having been "sleeping on your rights".
  15. Please reference; New Potentially Unwanted Modification: DisableMRT
  16. If you are done with the topic with @nasdaq please update that thread and ask for it to be closed.
  17. Similar to these ? I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  18. It is not a fake. It is a site that produced a Movie Rendering software for Windows. They are not stating they are Microsoft, they are stating the product is for Microsoft Windows. ( WinXP ~ Win10 ) As for bloatware, I use a DVD Authoring where the installer is ~2GB. The only question is the site states " Copyright (c) 2008 - 2019 " but the web site was created December '17.
  19. Safe Mode - same results. If an attachment download is enumerated in a PM and not in a sub-forum post, that points to Forum 'ware coding inconsistency. Why would an attachment in a PM be treated differently than an attachment in a sub-forum thread? That query would be the beginning point to a resolution.
  20. IE11 When not logged-in I get "Unavailable". When logged-in the number of downloads is properly enumerated.
  21. Maybe... Maybe not. This is from your posted example. This is a from an attachment in a PM stream. The enumeration of downloads was immediate upon reading the PM and upon a refresh of viewing the thread after I downloaded the attachment. Thank you Ron. EDIT: This may have dependencies upon Browser versions. Two different Firefox versions get different results.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.