Jump to content

David H. Lipman

Experts
  • Posts

    20,832
  • Joined

  • Days Won

    244

Everything posted by David H. Lipman

  1. FYI: I submitted the file in Post ID:1608344 as a possible False Positive detection by Malwarebytes. Suspected F/P - Generic.Malware/Suspicious
  2. Generic.Malware/Suspicious RE: DS4 updater malware EDIT: Another version same detection; https://www.virustotal.com/gui/file/391634b076cc8a6a0c8b559d935bafebf8f8c712db4b17b745ab66b7ae6fa5f7/detection
  3. And... Can be supplemented by Malwarebytes' (Binisoft) Windows Firewall Control https://www.binisoft.org/wfc
  4. Who was that Malwarebytes' Employee? What Malwarebytes' Partner did they indicate it was?
  5. As a Browser Guard issue, I moved your post to MBG for Chrome sub-forum. Malwarebytes 4.6.6.294, is not up-to-date. Currently Malwarebytes Premium is at...
  6. It is in the Windows Recycle bin. Empty the Recycle Bin of it contents.
  7. It is Blocked by MBG so I would suggest making sure your copy is up-to-date or remove it and then reinstall it.
  8. Email spam for products don't care if there is a real recipient or a dead email account and your Opt-Out does not say "hey real person here". If you Opt-Out and you continue to receive spam from the same source, the email provider and/or hosting service can shut them down and cancel accounts and web sites. That costs the actors money and time to start again and also leaves them open to fines and prosecution. The benefits of spam reduction far outweigh the few negatives of some actor's continuance. Face it, those who think spam marketing is a good idea in the first place want you to NOT Unsubscribe and would put out the misinformation of distracting its use. Google maybe. The Google Store is theirs and they are greedy. Malwarebytes, no.
  9. I strongly disagree. The Unsubscribe in the body of the email is required and is there according to the US Can Spam Act. If one fails to Unsubscribe, one is leaving themself open to even more spam. And that is what this was, spam. https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business @Nohgz There is another possibility called Interest Based Advertising (IBA). If one leaves enough bread crumbs about themselves and you did not secure your privacy then that leaves one open to behavioural targeting. Many social sights have a Privacy Dashboard (or other name) where you can Opt-Out of IBA.
  10. No. Its scam spam. Hit the Unsubscribe and then Delete the email.
  11. Coincidence. We are seeing numerous of these lately. I get spam for Apple and Amazon for stuff I am told I supposedly bought yet I have never bought any Apple product and have never and will never do business with Amazon. As these subjects are popular they will coincidentally hit somebody who does have an interest in the subject matter. The actors are just playing the odds.
  12. Spam scam. Hit Unsubscribe and delete it. While this was a spam email for a renewal, we have been seeing numerous posts and submissions of people getting spam email with FakeAlerts and Renewal notices not by Malwarebytes but in the name of Malwarebytes. [References: Verify subscription renewal email is legitimate Fake renewal emails being received Malwarebytes' Blog: Software renewal scammers unmasked
  13. Mint Mobile discloses new data breach exposing customer data https://en.wikipedia.org/wiki/Mint_Mobile
  14. Due to personnel vacations I believe there are personnel shortages and thus support is scaled back and processes delayed.
  15. bulliontradings.com - Domain was created on 9/6/2023 No longer resolves to an IP so it looks like it has already been taken down. The Domain is registered with Namecheap so in cases such as these you would file an Abuse complaint with Namecheap as well as the web site hosting company.
  16. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you
  17. No worries @nso89 . That a FakeAlert. That is a Push Notification, web site or Pop-Up that falsely indicates and even that never happened. They either are for Technical Support scams and have a Phone Number associated with it or are used to as a referral for some application for monetary gain. I have seen numerous examples of both FakeAlets for Tech Support scams and for the purpose referral profits for anti malware and VPN applications.
  18. I'm truly sorry for you to feel that way. One has to understand more about malware. PDF files may contain malicious URLs or may exploit vulnerabilities in a PDF Rendering software but they do not "directly" infect. Malwarebytes reserves it signatures to files that directly infect a PC as a Portable Executable file. MBAM specifically applies signatures to target PE binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. This includes file names that use Unicode Right-to-Left Override to obfuscate an executable file extension. Malwarebytes does employ signatures on a simplistic basis on some scripted malware but not on specific scripts. However, MBAM does not target documents via signatures such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc. It also does not target media files; MP3, WMV, JPG, GIF, etc. MBAM does not target MSI files by signatures. MBAM is capable of extracting PE files embedded in these COM Structured Storage files and may target them via signatures. Malwarebytes employs heuristic constructs and its Anti Exploitation module to Scripted Malware, media files and Documents as well as its Web Protection module and the added protection of Browser Guard. Thus let's assume that this was a PDF that was specially crafted to exploit a bug (vulnerability) in rendering a PDF. In that case the anti exploitation would block and/or mitigate the the action of exploitation and any possible payload. Take a PDF that is implementing a Phish. Malicious actors create Phishing emails. Some may contain the Phish Content in thy body of the email. However that may fall prey to Spam and Content Filters. To thwart that the actor may create a PDF that has the Phish Content in the body and has a URL to the site intended to harvest associated credentials. Here the Web Protection module or Browser Guard will block the access to the malicious web site. So while a PDF is not "detected" by a signature, the Malwarebytes product will protect the user and that is what counts. Another example is malicious DOC/DOCx and other MS Office documents (aka; maldocs) . Here too MBAM will not "detect" a maldoc but the anti exploitation module will block a document specifically crafted to exploit the MS Office environment (or other applicayions that may view/edit it). Another scenario is where malware is embedded in the document and tries to drop it and run it. If the file embedded is an EXE file, the signatures base would detect IFF it was executed but the anti exploitation would block the dropping and execution process. Another scenario is where the maldoc has a malicious VB Script. Here the anti exploitation would block the malicious actions of the script as well as using the Web Protection and even Browser Guard if there was a malicious site that the script was trying to visit or download a payload from. I can truly understand the desire to at least "know" if it is a malicious document, Virus Total participating vendors will provide that indicator. I had a case where a user on a Borough Hall network connected a USB drive that detected the Wimad Trojan on some MP3 and other media files by Kaspersky. Wimad files exploit the Digital Rights Management (DRM). In that case Malwarebytes would not detect the media files via signatures. However, the anti exploitation module would protect the user, in the same scenario, if they employed Malwarebytes. This is why one should still enable the Microsoft Windows Defender of the OS. It will detect the malicious Documents, Scripts and Media files. HTH
  19. Since @Missie has not replied I am posting a graphic from a URL found in the email that bolsters the concept that this was spam trying to obtain monetary gain through a referral to the Malwarebytes store.
  20. Thank you. However that is not a good submission. You basically took an email, obtained its Headers and Body in RAW format and used Microsoft: Print to PDF and attached the created PDF. Microsoft Print to PDF created a graphical representation of that data and its not something that can be worked with. However from the subject line "Reactivate your Malwarebytes Anti - Virus Protection Fri, 22 Dec 2023 17:36:30 -0500!" it leaves me to believe it is not a Phishing email. It is some entity trying to obtain monetary gain through a referral to the Malwarebytes store; store.malwarebytes.com which is legitimate. We have been seeing numerous posts and submissions of people getting spam email with FakeAlerts and Renewal notices not by Malwarebytes but in the name of Malwarebytes. To be sure... Please export said email to a .EML file or view the source of the email, for its RAW contents, and copy all the text into a .TXT file. Then place either the .TXT file or the .EML file in a ZIP file and attach that ZIP file in a Reply.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.