David H. Lipman

That's not ransomware. That's Blackmail. This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Blackmail Scam still current

MBAM is a desktop anti malware solution and is not designed for a web server ( HTTP/HTTPS ) on a hosting service such as BlueHost.

So A Batch file could be... @Echo off schtasks /Delete /F /TN “Microsoft\Windows\End Of Support\Notify” schtasks /Delete /F /TN “Microsoft\Windows\End Of Support\Notify2” schtasks /Delete /F /TN “Microsoft\Windows\Setup\EOSnotify” schtasks /Delete /F /TN “Microsoft\Windows\Setup\EOSnotify2” Reg File... Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SipNotify] "DateModified"=hex(b):80,aa,b1,1c,0d,aa,d5,01 "LastShown"=hex(b):80,aa,b1,1c,0d,aa,d5,01 "DontRemindMe"=dword:00000001

Oh boy -- Thanx for the update ! Any notes on additional Registry modifications ?

"Who" or "what" is being declared as "they" ? Is there a script, PE binary or web site that is causing this ? Before we can draw conclusions, we have to have a basis of facts and evidence.

That's a loaded question that infers nefarious intent. Since I don't see such behaviour I'd say zero monetary remunerations,

Just breathing the air Today increases a cancer risk. Don't worry -- be happy !

Not too long ago, a very smart sage had suggested I try Systinternals Process Monitor. At that time I had indicated I would but, not at the time. However subsequently I did but no cogent information was gleamed. At some future time I may try again or use some other Sysinternals utility or other tool and approach it from another angle of approach. Yes, I have an image made by SeaGate's OEM of Acronis True Image performed on a regular basis. This is done regardless of how many time I use my KiXtart backup script to just backup data.

Too many user configurations to move to a new Profile. Just not worth it. I use Devices and Printers as a Front End to "Eject" removable media after running a KiXTart Script that uses RoboCopy to make a data backup to said removable media. It was easier when the Devices and Printers used text and an Icon to identify the USB or eSATA device Now I have to determine with that "Device" is and then I can choose the correct one, choose Eject.

Couldn't source it in HKCU.

Did it - ran it, didn't help. 😞

Yes. Worked properly as it did in an alternate profile. Just won't work correctly in the day2-day profile.

Nope. Problem still exists.

No, it isn't. For example there are staff only sub-forums as well as Group Membership only sub-forums. Being a member of a specific Forum Group will give a member specific privileges of Forum capability and access. Examples: Honorary Member & Malware Hunters

U.S. charges two Russians in connection with Dridex banking malware Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware

I use Flash for easy online Content for my HTML FakeAlert ScreenShow. I'd hate to find a new format that is as easy to generate, update and upload. FakeAlert-Screens.pdf / Flash Version

Please read: I'm infected - What do I do now? Then create a posted request for assistance in; Windows Malware Removal Help & Support

It would not be the simple printf("string") or other simple programming construct. Assuming an Interpreted Language, it would be a compromise of the Interpreter's environment that can be the object of a hack attack. This could be the Virtual Machine of Oracle Java or the complex environment of Python. Other Script Interpreters may be native to the OS such as PowerShell, VBScript and JavaScript as examples. There the hack may exploit a vulnerability of the Interpreter or the OS itself or a Program Environment such as Microsoft Office where VBA scripting may be exploited. The more complex the Interpreter's environment, the greater the propensity of there being a vulnerability that may be exploited. A simple Interpreter such as KiXtart would be less prone and and a more complex one like Python would have a higher propensity. Such functions used in a compiled language present their own problems such as poor data evaluation for input strings, buffer overflows and compiler bugs. These can lead to bad programming which could be exploited in a hack attack.

This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Blackmail Scam still current

This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Blackmail Scam still current

Pictures I take myself. Such as...