Jump to content

David H. Lipman

Experts
  • Content Count

    14,131
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by David H. Lipman

  1. False Positives are submitted in... Website Blocking after reading; Important: Please Read Before Reporting A False Positive & Please read before posting a FP and File Detections after reading; Please read before reporting a false positive
  2. I'm sorry, you don't have a case of malware and this Forum is centrally focused on the support of Malwarebytes' products. You'll have to take it up with the HitMan Pro.
  3. Send them the Virus Total report URL. Otherwise make sure to ZIP the file in a password protected ZIP file using the password = infected And note the False Positive and password in the email.
  4. It's a matter of semantics. It really doesn't hijack the Browser. It uses code to overwhelm the browser and make it use an ever increasing amount of resources. That is to lend credulity to the concept of being infected and the PC needing service and to give the impetus to make the call. When a Browser is hijacked, it is forced to not visit the web sites you want to go to, it goes to the web sites the malicious actor in control of the software wants you to visit and see the content of. Killing the Browser process in a FakeAlert relieves the issue because the Browser is no longer hitting the FakeAlert web site and running its malicious code. When a Browser is hijacked there is malicious code like a Browser Helper Object (BHO) or other form of DLL that is causing the Browser to act in a particular fashion. Killing the Browser process does not change that fact. Once the Browser is reloaded the Browser remains in the control of the software. You have to remove that software that is plugged-into the Browser to stop the hijacking process. So, because the FakeAlert is driven by HTML that is only loaded when one visits the FakeAlert site, this isn't really a "browser hijack" as that is truly a function of software that has infected the computer and controls the Browser. One may state that I am splitting hairs and maybe I am. I did not want to be pedant in pointing that out earlier in the thread because to the the victim, the ultimate effect is the Browser appears to be hijacked. However because we have gotten into the minutia I think this fine point is worth detailing. The vast majority, think that software on the PC drives the screens of the FakeAlert and they miss the fact that it is merely a form of malvertisement driven by a web page. Since the actions of the Browser is merely HTML and Killing the Browser process ameliorates the problem, the Browser isn't hijacked. To be hijacked, the Browser would still be affected when the Browser is restarted. exile360 touches on an interesting point, as I believe the Browser authors could do a better job in thwarting the code most often used in making the Browser use an ever increasing amount of resources. You would still see the content [ FakeAlert-Screens.pdf / Flash Version ] but the Browser would not become unresponsive and make the PC crawl like a snail.
  5. Similar to these ? I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version In it you'll find several MAC/Apple related FakeAlerts which I believe you ae seeing. Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  6. A PC running an old unsupported OS that is a "standalone system!" where "...proprietary hardware and/or software being used with the machine that requires a specific OS and service pack level which prohibits installing any major updates/making any significant changes (such as installing SP3) " as indicated by the OP should not even be used for Internet Browsing. Tor is used for privacy, not INFOSEC/COMSEC. When such a platform is not used in such a fashion, it becomes an Appliance and the role it takes in its environment precludes such activity. However such a PC is still vulnerable to Internet Worms and TCP/IP exploitation, the Insider Threat and other activities that are heightened by the age of the OS and the lack of manufacturer support in an aggressive hacktivisim and exploit environment that we face Today. Such an Appliance needs isolation and protection. For example, if it must be connected to the LAN then maybe there should be an external Firewall and/or Proxy node placed between the platform and and the LAN. Blocking all but the required communication the Appliance is used for.
  7. Based upon the Ransom Note, please reference... https://id-ransomware.malwarehunterteam.com/identify.php?case=3b79a46b15d54fcf12487b6ab7f35aa5f31db25f I have requested this thread be moved to; Windows Malware Removal Help & Support
  8. It may run but, will have a reduced efficacy as many signature and heuristics are v3.x dependent. Installing v2.x will give you a false sense of security.
  9. If this system is connected to the Internet and would require MBAM, please - disconnect it.
  10. Thank you Ron for that temporary fix while you communicate with Invsion. I see the max is now 58.59MB. In that private Area I tried again creating a new Test Post with the new max file size. I got the error on a 54.6MB ZIP file. I reduced that to 49.5MB and still got the error. I reduced that once again 39.1MB and got the error again. I then tried creating a new Test Post and I was able to upload that 39.1MB ZIP file. I deleted it and tried a 54.6MB ZIP file and that failed.
  11. The maximum size of an uploaded attachment was 30MB. It is now limited to 29.3MB. However even that can't be obtained under some circumstances. @Sentoryninitially demonstrated the problem to me. So I tried to reproduce it. When I tried with a 28.6MB ZIP file, the upload failed. I reduced it to 28.1MB and it failed again. I reduced it to 26.6MB and once again, it failed. That was in a Private area. When I started to create this post I tried the 26.6MB file here and it uploaded. I went back to that private area test post and tried to upload that 26.6MB ZIP file once again and it failed to upload. Then I started a new private area test post and tried to upload that 26.6MB ZIP file and it uploaded. So whatever the problem is, and there is a problem, it is reproducible in some circumstances but not in others.
  12. My apologies @boombastik you have indeed found a "bug". KUDOS !
  13. You treat it like any/all other data and open TCP/UDP ports. There is nothing to figure out. You protect the system as a whole and not individual parts. EDIT: I should have also noted that one should take full advantage of constructs built-into SQL data bases to protect the data such a data encryption and privilege assignment,
  14. How is this a "bug" and how is "windowsphoneinfo.com" a Phishing site ? A bug is usually a software coding error that produces unintended consequences. A Phishing site is a web site that emulates another entity to specifically be a masquerade of the real site and in most cases, harvest the masqueraded site login credentials. If a site is not blocked, and it should, then that is not a bug. That site should be submitted. If a site is submitted and it is still not blocked then that site may not fit Malwarebytes' criteria for being blocked.
  15. If you are going to run Windows XP, there is no reason not to update the OS to Service Pack 3.
  16. @Amaroq_Starwind's suggestion of installing the Driver(s) using Windows 7 compatibility mode is a very good option and workaround.
  17. ASRock N68-S3 FX https://www.asrock.com/mb/NVIDIA/N68-S3 FX/index.asp#Support This Motherboard does NOT natively support Windows 10 64bit At best, it supports; Windows 7 64bit
  18. Ok. It sounds like you built your OWN PC or a friend built it for you. You have the ASROCK motherboard. What is the model number of the ASROCK motherboard ?
  19. Dell is the Manufacturer so they are the Maker of the platform so the "make" of the platform is Dell. Latitude is a family of Dell notebooks with the exact model being E5430. This web page provides the Driver Software for the Dell Latitude E5430 platform. https://www.dell.com/support/home/us/en/19/product-support/product/latitude-e5430/drivers/advanced?rvps=y
  20. OK, for example. I am writing this reply on a Dell Latitude E5430. Dell is the "Make" and Latitude E5430 is the "Model".
  21. Actually, that may be the best idea and overrides the idea of just disabling the Rules altogether. Give it a shot and see if that mitigates the issue.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.