Jump to content

David H. Lipman

Experts
  • Content Count

    14,391
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. All are encouraged to review the videos at... https://www.fbi.gov/investigate/counterintelligence/foreign-influence/protected-voices Obrigado @Firefox
  2. Please Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page"
  3. RE: Fake Malwarebytes Lifetime Licenses Malwarebytes is doing the best they can.
  4. Very Good. Please wait for a response from @nasdaq that this process is complete.
  5. FYI: All the malware files that were payload and the result of the PowerShell script described in Post #1 are now detected. Trojan.Megumin Trojan.Injector Spyware.AzorUlt
  6. FYI: Consumer Review Fairness Act: What Businesses Need to Know
  7. FTC Announces Two Actions Enforcing the Consumer Review Fairness Act " The Federal Trade Commission has issued two administrative complaints and proposed orders enforcing the Consumer Review Fairness Act (CRFA), which prohibits businesses from using form contract terms that bar consumers from writing or posting negative reviews online, or that impose financial penalties for doing so. In settling the Commission’s complaints, two companies, one that rented vacation properties in Florida and one that manages rental homes in Maryland, have agreed not to use these or similar provisions in the future. The companies and their owners also must notify affected consumers that the non-disparagement clauses are void. The CRFA prohibits non-disparagement provisions in consumer form contracts. It defines such contracts as those with standardized terms used in selling or leasing goods or services, and that are imposed on an individual without a meaningful opportunity for the individual to negotiate the contracts’ standardized terms. The statute became effective on March 14, 2017. The FTC’s Complaints The FTC’s administrative complaints against Shore to Please Vacations LLC and Staffordshire Property Management, LLC allege that the companies and their owners illegally used non-disparagement provisions in consumer form contracts in the course of selling their respective services, in violation of the CRFA. Shore to Please Vacations LLC. The FTC alleges that from June 2017 through at least August 2017, the Shore to Please respondents included a “Disclaimers” paragraph in form contracts offered to consumers for online vacation house rentals. According to the complaint, the disclaimer contained prohibited language, including, “y signing below, you agree not to defame or leave negative reviews (includes any review or comment deemed to be negative by a Shore to Please Vacations LLC officer or member, as well as any review less than a “5 star” or “absolute best” rating) about this property and/or business in any print form or on any website….” In addition, the contract stated that, “[d]ue to the difficulty in ascertaining an actual amount of damages in situations like this, breaching this clause … will immediately result in minimum liquidated damages of $25,000 paid by you to Shore to Please Vacations LLC.” Staffordshire Property Management, LLC. The FTC alleges that between approximately February 2016 and October 2018, the Staffordshire respondents used form contracts in the course of processing the rental applications of hundreds of consumers. Each contract contained an “Authorization, Agreement & Release Consent Form” that included prohibited language such as, “[t]he Applicant … specifically agrees not to disparage [Staffordshire], and any of its employees, managers, or agents in any way, and also agrees not to communicate, publish, characterize, publicize or disseminate, in any manner, any terms, conditions, opinions and communications related to [Staffordshire], this application, or the application process….” It further stated that prospective renters specifically agree that “[a]ny breach of such confidentiality will support a cause of action and will entitle [Staffordshire] to recover any and all damages from such a breach.” "
  8. https://www.securityweek.com/amca-breach-hits-12-million-quest-diagnostics-patients "A data breach at billing collections service provider American Medical Collection Agency (AMCA) could impact many of the company’s customers. One victim is medical testing firm Quest Diagnostics and roughly 12 million of its patients. AMCA has yet make public any details about the breach, but in a filing with the U.S. Securities and Exchange Commission (SEC) Quest revealed that hackers had access to AMCA systems between August 1, 2018 and March 30, 2019. AMCA provides services to Optum360, a revenue cycle management provider contracted by Quest. Optum360 and Quest were informed by AMCA about the security incident on May 14. According to the available information, attackers compromised AMCA’s payment portal and they gained access to financial, medical and other personal information, including social security numbers, credit card numbers and bank account information. However, in a statement sent to SecurityWeek, Quest said laboratory test results were not exposed."
  9. @billmobile1 This doesn't have to do with the MRT Policies and MBAM calling it a Potentially Unwanted Modification ( PUM ).
  10. RE: https://ss64.com/nt/reg.html Backslash characters The REG command will interpret \ as an escape for the character that immediately follows it. To include a quote mark (") in the data, prefix it with the escape character e.g. Here is \" a quote This can cause problems with quoted directory paths because \" at the end of the line will be escaped. To save a directory path with a trailing backslash (\) requires adding a second backslash to 'escape' the escape so for example instead of "C:\My Docs\" use "C:\My Docs\\" This will work... reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\\"
  11. First get the assistance in getting any/all malware removed from the system. However, the trojans harvest data that is on the PC. Not the information changed on a web site. So if a password is stored in a Browser, it is safe to change that password on the web site but do NOT store it in the Browser until the system is cleaned.
  12. I PING'd nasdaq to help you remove any malware on your system. My submission of the actual binaries may be used to help others. The details of the post may/may not assist nasdaq with some pointers. As a data stealing payload, the first objective would be to reset passwords with a new strong password for any accounts used or accessed with the PC in question. Indications are it tries to harvest/steal... Bitcoin and Crypto Currency Wallets & information Browser information (history, passwords, etc) ftp login credentials Instant Messenger and Email credentials ( accounts and/or passwords ) Personal documents Internet Explorer cookies
  13. The script is complex and has has a data stealing payload which is not presently detected by MBAM but, has been submitted in; PowerShell Script Payload - Megumin & AZORult PING @nasdaq
  14. The point there is that the FakeAlert indicating to call a number and the $100 from Amazon survey are examples of malicious advertisements ( aka; malvertisements ) that exist as web sites and do not stem form software on your PC. Malwarebytes is not detecting anything more than Potentially Unwanted Programs ( PUPs ) because malware is not the cause. As such it is not about what software is on your PC but about what web sites you visit and one's browsing habits. There are sites that don't care who they do business with when it comes to advertisement revenue. Or when one marketing company outsources to another. Then the malvertisement may be rotated in or randomly displayed. As I have explained in other discussions I have seen fake Mozilla Firefox malvertisements emanating from the Weather Channel web site. Malwarebytes is Beta testing Browser Extension software to help block the actions of FakeAlerts and possibly the scam sites that offer-up so-called surveys. Malwarebytes for Chrome Malwarebytes for Firefox
  15. As indicated "Success... simply setting Web Protection to "Off" restores the scanner functionality ". I suggest statically setting the IP address of the Brother MFP and add an exclusion for that IP address. That would be far better than excluding all the various Brother software components.
  16. So did I. But, we are talking about 1Google. There isn't much good I can say about them! For one... since Google is hosting it for THEIR software ( the Google data mining front-end called Chrome ) they had a responsibility to authenticate the source. Especially in light of the fact that Google owns Virus Total and Malwarebytes is a participating vendor. 1. Google's original motto was "Don't be evil." in 2015 when they became Alphabet, it was changed to "Do the right thing." When a company has make such a motto you know they are evil and are not doing the right thing. Just like when you have a fraudster who states "this is legal" you know that the action is really bathed in illegality.
  17. Similar to these ? I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  18. Drive "C:" is usually the "System Drive" and it is not logical to perform a RootKit scan and exclude the "C:" drive.
  19. Only Malwarebytes' can be considered here for False Positives. If you believe all the other detections are wrong, you would have to take it up with each vendor who has a detection for UltraSurf.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.