Jump to content

David H. Lipman

Experts
  • Content Count

    17,276
  • Joined

  • Days Won

    14

Everything posted by David H. Lipman

  1. No new high level modules have been added in a while. The core of the application went to version 4.3 not long ago. Periodically there are Component Package updates and version 1.0.1173 was the latest.
  2. What a bloody character. Fugitive John McAfee’s location revealed by photo meta-data screw-up Sure enough, the image of John McAfee with Vice’s editor-in-chief Rocco Castoro contains EXIF data that reveals, amongst other things, the GPS latitude and longitude co-ordinates of where it was taken. http://news-sophos.go-vip.net/wp-content/uploads/sites/2/2012/12/mcafee-exif.jpg Presumably whoever took the photo on their iPhone 4S had forgotten to turn off location services. http://news-sophos.go-vip.net/wp-content/uploads/si
  3. T-Mobile Faces Yet Another Data Breach
  4. Faking it: the thriving business of “fake alert” web scams ** Much more information information in the Sophos article. References: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page"
  5. I get no resolution on pctattleatle.com Looks like a typo and the site is really; www.pctattletale.com based upon the Forum name of pcTattletale
  6. I do not know what "this" email you refer to is and thus I can't determine whether you should keep it or not. I can state that that if you were part of a Breach it is an imperative to have changed the password and use a Strong Password and/or use the @AdvancedSetupsuggested, Multi-factor Authentication.
  7. Here is an actual Romance Scam email with its attached picture... One should look at the Red Flags bedsides an unsolicited Romance contact. Looking at the email, the source IP is 98.142.235.189 which is Telefonica USA, Inc. and the email Domain is terra.com.br which does not corroborate the body of the email statement "...Belarus, in the Soligorsk region". Additionally, the email is initiated by the IP; 185.220.101.137 which is a Tor Exit Node in Germany. Another Red Flag is the email is sent from one email address; "Kseniyushka Iam" <elenisemariac@terra.com.br>"
  8. I am running Windows 7 Ultimate/32 and I have no problem running DOS programs like Quicken v8.0 under Windows NTVDM with MBAM v4.3 in full protection mode. MBAM specifically targets Windows PE files and does not target legacy DOS and Windows applications. I have no knowledge of MBAM modifying the NTVDM, the Win32 Virtual DOS emulator, in Win32 based OS' and which is not provided in any Windows Win64 based OS'.
  9. Thank you for the clarifications. I suggest General Chat as being a a good place for discussions. In relation to frauds using a telephone number, Report Scam Phone Numbers is a good place for the submission of the Phone Number. Phone numbers are a good vector of researching and vetting a service. Google Dork on 8004859316 Looking through the results you'll find so-called support for Norton, Webroot, StopZilla, AVG , Trend Micro and more associated with that number. It is important to look for a Disclaimer that these scammers must have so their web sites are not
  10. MBAM specifically targets PE binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. This includes file names that use Unicode Right-to-Left Override to obfuscate an executable file extension.
  11. Please attach graphics here. You are provided plenty of space here.
  12. Yes. Normal background OS "chatter." It will also depend on what third party software you install. Many will run stubs upon startup and they may have their own level of background "chatter."
  13. What you are seeing is background chatter. The OS communicates meta data back to Microsoft and some background processes like SSDP, STP, Shared Music Daemon, etc. Or third party installed applications "phoning home". This background communication isn't much data but a lot of different chunks of data. If you have a symmetrical 1330Mb/s trunk then this accounts for the less than 10Kb/s of background communication you see. To know more would be to load Wireshark and see exactly and specifically what constitutes the background traffic. EDIT: Here is a sample view of a quiescent
  14. What are the results for your Upload and Download speeds using the following ? http://www.speedtest.net/ http://www.speakeasy.net/speedtest/
  15. A scan will be for objects; files on a hard disk, what's running in RAM and what keys may be set in the Registry. Scanning a hard disk is slower than RAM or within the Registry. That speed is reflected in the total number of objects scanned.
  16. @Soort It sounds like you are on it. You know to change your password and you visited https://haveibeenpwned.com/ and determined you were in a Breach. Once your email address is known associated with your name, it is possible they could use that information to create an account somewhere under that information. However the account would send email to your email address and the third party won't see it. You will. That is as long as the email Password has been changed. This can be a confusing issue. You seem to understand it all but, maybe, you are frustrated with it all
  17. In relation to Rundll32, that's just a name. I can create a MS Word file called Rundll32.doc and that doesn't mean it is malicious. The file is; Rundll32.exe and where it is located is important. The job of that executable is to load a Dynamic Link Library (DLL) and the majority of times associated with Rundll32.exe it's the DLL file that Rundll32.exe loads that may be malicious. Example: In this case the DLL file is named RehW.txt and this is a malicious file because no legitimate DLL file (even if renamed to .TXT) should be loaded from one's Document folder. Thus it is
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.