David H. Lipman

Please reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21887 "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. " https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805 "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. " As stated these are web components of Ivanti Connect Secure. They are not desktop applications or Smart Phone applications and thus they are not the targets of these exploits.

We're glad that we were able to assist you. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you

Thank you @JSntgRvr Is there anything else @derbyday ?

Thanks @1PW That's interesting. But I wonder how congestion and saturation will play along with EMI/RFI emissions. As well as Line of Sight (LOS) vs obstructions and atmospherics.

@derbyday Another person will be assisting you later on with a more formal step-by-step removal process. Thanks for your patience.

So you are saying that Windows Defender still pops of a notification that of Trojan:HTML/Phish.BBU!MTB being found after a Cache clearing?

As the Microsoft provided name indicates it is a trojan and not a virus. Trojan:HTML/Phish.BBU!MTB Phish are about harvesting credentials or Personally Identifiable Information (PII). For example a Bank Phish may try to harvest login credentials to a local or state run bank. It could try to harvest a Gmail account or a Yahoo account Logon Name and password. If it is a fake package Phish they may try to harvest your mailing address, name age, Credit Card and other PII. That is what a Phis does. Once the actor harvests the data, they may use it against you. But you would have had to view the content of that Phish (in HTML format which is the code for rendering content in a Browser) and the provided real information. As a residual disk file it does nothing but like Microsoft did, it can be detected. If you completely clear the Cache then it will be removed. If you Sync your Chrome data, it can be moved back onto your PC.

It may be an email in the Google Cache. It is just a HTML File for a Phish. It is not a virus. It is only an issue IFF you you fell for the Phish and supplied User Credentials that would compromise the site(s) those credentials represent. Clear cache & cookies On your computer, open Chrome. At the top right, click More . Click More tools Clear browsing data. At the top, choose a time range. To delete everything, select All time. Next to "Cookies and other site data" and "Cached images and files," check the boxes. Click Clear data.

It was not a "shock", it was a hassle. The eradication process was a manual time consuming endeavour.

I was a Value-Added Reseller technician. When I was installing a Novell Network at a North New Jersey manufacturer I noted before copying software and data from older PCs to new AST Computers, one of them had a NYB virus, a boot-sector infector. I had to clean the source PC and all floppy disks using McAfee software and eradicate it from that company's assets before the upgrade could proceed to the new system we were installing. That was the impetus of obtaining a greater understanding of "malware" and associated malicious actions and activities.

I have spent decades studying malware and malicious activity. I was also a Malwarebytes' employee as a Malware Researcher years ago.

You have already asked, in multiple Off Topic Locations, and one query was moved here and it has been answered in General Chat. If you are worried over this Roblox Account Manager, do not use it. It is that simple. Thank you for understanding.

@pondus

No, sorry no books or web sites that I can refer you to. Let me give a little more information and maybe more clarification. A decade or two ago, the volume of malware was not what it is at Today. Viruses were much more prevalent with many being sent through email such as the Melissa virus (worm) and file infectors such as Virut and Parite and the volume of trojans was such that one could assign a particular family name. A malware may have a preface. That could be like "Win32/ or W32/ [Win64/ or W64/] or "Win32. or Win64. [W32. or W64]" where the "/" or "." is the delimiter. Then comes the name such as Oscarbot. Then comes another delimiter followed by the variant. That may also be followed by another delimiter such as "!" or "@" followed by a qualifier. Examples: W32/Oscarbot.KD , W32.Wargbot , W97M/TrojanDropper.Lafool.NAA , W32/Bagle.DW@mm In the above; W97M/ == Word 97 Macro @mm == Mass Mailer The problem became where different companies assumed their own "take" on the standardization and also name. For example all of these detections are fore the same worm known commonly as the BlackWorm Aladdin Knowledge Systems: Win32.Blackmal.e Authentium: W32/Kapser.A@mm AVIRA: Worm/KillAV.GR CA: Win32/Blackmal.F ESET: Win32/VB.NEI Fortinet: W32/Grew.A!wm F-Secure: Nyxem.E Grisoft: Worm/Generic.FX H+BEDV: Worm/KillAV.GR Kaspersky: Email-Worm.Win32.Nyxem.e McAfee: W32/MyWife.d@MM Microsoft: Win32/Mywife.E@mm!CME-24 Norman: W32/Small.KI Panda: W32/Tearec.A.worm Sophos: W32/Nyxem-D Symantec: W32.Blackmal.E@mm TrendMicro: WORM_GREW.A You can see that became as issue. So Mitre Corp., a quasi gov't contractor, was tasked to create what became known as the Common Malware Enumeration (CME) cross reference list. The BlackWorm was listed as CME-24 and a vendor may append !CME-24 to the vendors detection name as Microsoft did in the list above. But the volume of malware was burgeoning and that too became untenable and the naming convention almost completely fell apart. Today many thousands of trojans are created on a daily basis and vendors decided that the detection as a fact is MORE important that the name so many may show detections with word names rather that a family look Koobface, ZBot, RBot, zlob, Koobface but occasionally some new family may arise and the detections will use than common name. Today we recognize three major sub-types of Malware (A portmanteau blend of MALicioius and softWARE) being; Viruses, Trojan and Exploit code and each is like the trunk of a different tree that branches out into; branches, twigs and leaves. Unfortunately there are common misperceptions. The most common is calling everything a "virus" that one "thinks" is malicious. To deal with malware and help prevent getting infected one must understand what malware is so they can best protect themselves, their platforms and their information. Just like you don't treat the Hepatitus B virus with and antbiotics like Erythromycin, identifying what the malware is can help in both prevention and cure. Knowledge is the best preventative medicine.

No, Sorry... I just edited my reply. Please read.

It really isn't the function of this forum to determine the safety of software. That being said... Here is the Virus Total report on the EXE file... https://www.virustotal.com/gui/file/cdb0a360cca7a5099c2d2357be1a833e032ffdeb3f467a6fac845f6bb77031c9/detection From the report; First Submission 2023-06-04 It has a low detection count for something being known to Virus Total vendors for ~7 months. While it does it does not appear to be malicious, I won't categorize it as being "safe." EDIT: Please do not Multi-Post as well as please verify you are posting On Topic for a given sub-forum. The False Positive area is not for asking if a software is safe. It is only if you question when Malwarebytes software detects something you believe to be false. The Forums Announcements & Feedback area is only if there is something that is specific to the Malwarebytes' Forum such as you want a post moderated or you need assistance with your Forum account.

@Paranoid_Friendoid You are talking about "classification" of a given malware file. There is a taxonomy to malware based upon its functionality, processes and causalities. The taxonomy is not unlike that given to animal and plant species. As you move down a classification branch, it is possible that two sub-types may be misclassified. For example take a particular vegetable such as Broccoli (Brassica oleracea) which is in the family Brassica. It is possible that a given plant could be misclassified as Brassica carinata. However it is unlikely to be misclassified as a member of Apiaceae. Another way to look at this is like a human infection. A Virus infection diagnosis can not be confused with a Bacteria or protozoa infection even though symptoms may overlap. Adware and worms are two distinctly different sub-type of classification. Adware is a sub-type of trojans and need assistance to get installed on a PC. It could be through Social Engineering (the Human exploit) or it could be through a software exploitation or by by another malware infection such as by a trojan downloader. Worms are a sub-type of viruses as they do not need assistance to get installed on a PC, instead they autonomously spread from PC to PC. Two examples are AutoRun Worms and Internet Worms. Both spread autonomously but use different methodologies. One uses the AutoRun/AutoPlay facility such as when you place an infected Flash Drive in a USB port. The other uses network protocols such as SMB and SMTP. There are cases where a given malware sample is multi-faceted. Such as a Downloader trojan infected with a file infecting virus such as Virut. In a case like that, the virus declaration will have the higher precedence.

Please reference the below Malwarebytes Lab's article on Browser Push Notifications. See if removing Push Notifications in Firefox resolves your issue. Look for the section "How do I disable them?" Browser push notifications: a feature asking to be abused Google Chrome: Turn notifications on or off - Google Chrome Mozilla Firefox: Web Push notifications in Firefox Microsoft Edge: Manage website notifications in Microsoft Edge Apple Safari Customize website notifications in Safari on Mac

Thank you. It is not a Phish. It is some entity trying to obtain monetary gain through a referral to the Malwarebytes store; store.malwarebytes.com which is legitimate. We have been seeing numerous posts and submissions of people getting spam email with FakeAlerts and Renewal notices not by Malwarebytes but in the name of Malwarebytes. I am also seeing ads pushing fake Malwarebytes License Renewal advertisements on AOL (Yahoo) Webmail. References: Verify subscription renewal email is legitimate Fake renewal emails being received Malwarebytes' Blog: Software renewal scammers unmasked

Please do NOT "consult" with ChatGPT !!!

Adware is a class of malicious software that is all about advertisements for products and services and for revenues received for directing victims towards sites and product lines. While they modify some OS constructs there are few if any adware related malware that may change network settings. If malware does, it is not adware but something else. The fact that one lost Internet access is not indicative of a virus. Viruses self replicate. That is they are a class of malware is that can autonomously spread from file to file or computer to computer. Adware is not sub-type of viruses and they do no autonomously spread. You are tenuously stringing together many concepts into one.

Please reference: Please read before posting a possible FP Then post a Log of Malwarebytes blocking a Web site.

Thank you Pieter Arntz I want to thank Pieter Arntz for the many informative Malwarebytes' Blog posts. Every time I look, he has covered a new important topic. kudos ! Malwarebytes' Blog Posts By Pieter Arntz (Malwarebytes Malware Researcher, aka; @Metallica)