Jump to content

David H. Lipman

Experts
  • Content Count

    14,391
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. Thanx Ron. If it is a vulnerability on XP and Windows 7, Windows Vista is not affected ?
  2. One would have to view or let Outlook Preview an email that is stored in a PST. The email can't auto-perform this. Thus, this is most likely associated with the email InBox and not an email stored in a folder.
  3. Who knows. Perhaps the Romanian site was also known to be a Command and Control (C2) site associated with Ransomware but co-located on the same IP. But as I noted Romania is well documented as being associated with spam. That ties in more with email than Ransomware. What is often the case, it is MORE important to detect and block a given site than correctly classify or give a detection for a specific identification. For example a given malware may be detected generically or heuristically and not detected specifically as a particular family named trojan. Same goes for classification of a web site. I dealt with a site that was a Fraud site that was committing a DMCA violation by stealing another Forum's content but it was classified as "Phishing" and not "Fraud".
  4. That's correct. Outlook.exe would connect to a TCP port for SMTP, POP3 and/or IMAP. Otherwise, it could be an email that was received. Time is the key. What were you doing in email at the time the MBAM Pop-Up notification came to be?
  5. It is not evidence of malware because the external communication came from ...\Office16\OUTLOOK.EXE which is Microsoft Outlook email. But it is indicative of something that transpired within the email client and since it handles email, one presumes that it is sourced to a particular email message. If you can isolate the particular email message, delete it.
  6. The question is... What in you email needs to go out to gown-plan.com [ Web site is hosted by Next Stride SRL, Romania ] over TCP/UDP port 58109 ? Romania is well known for producing spam.
  7. Malwarebytes' signatures will target the AutoRun worm and the anti exploit module will prevent the OS from being infected. There is no reason to format the Flash Drive unless it was really empty to begin with or it is new. There are KNOWN events where Flash Drives are deliberately made to be malicious and are then sold in that state. Packaged and sealed products from known manufacturers and vendors have the lowest propensity for this. Used drives bought 2cnd hand have a much higher propensity of bearing a malicious payload.
  8. En inglés por favor El Emotet es un troyano, no un virus. Virus Total no siempre vuelve a seleccionar la detección de Malwarebytes 'Anti-Malware (MBAM). MBAM utilizará la detección heurística para detectar malware que no está disponible en el motor de MBAM que se usa en Virus Total. Si tiene el archivo físico, adjúntelo en un archivo ZIP, RAR o 7zip en Newest Malware Threats
  9. That helps... gpedt.msc <> gpedit.msc So if it is trying to hide in plain site by a slightly altered name, that could mean something. It could be named .msc but that may be a label and not a file extension. Look in the Control Panel applet "Program and Features" for "gpedt.msc"
  10. It is the Group Policy Editor. Please leave it alone. Reference: https://www.ghacks.net/2017/06/10/windows-msc-files-overview/
  11. This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  12. Yes. There is no malware on your PC as a causative factor. They are just malvertisements. Yes.
  13. David H. Lipman

    customer

    This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. This is not malware but it is malicious activity. It is also not a sign of iPower being "infected". Email headers can be forged and they make it seem like the email was sent by the recipient but if you look at the email headers in RAW format, you will see that the email did emanate from another source. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  14. RE: cant remove virus please help I have requested it be reopened and this thread be merged with the previously closed thread.
  15. I found these on the topic... https://app.hacknotice.com/#/hack/5cc85afee038960db869a674 https://govanguard.io/2019/04/23/club-penguin-rewritten-1688176-breached-accounts/ https://beenleaked.com/LatestBreaches They all seem to repeat the same info. No other technical data other than what you have already learned.
  16. Please reference: How to remove WeKnow malware (and others)
  17. These are classed as malicious advertisements or malvertisements. As such it is not about what software is on your PC but about what web sites you visit and one's browsing habits. For example there are certain porn sites that have a greater propensity to exhibit a FakeAlert. If you are on Windows, a Microsoft FakeAlert. If you are on an Apple iPhone or MAC, you will see an Apple FakeAlert. Then there are sites that don't care who they do business with when it comes to advertisement revenue. Or when one marketing company outsources to another. Then the malvertisement may be rotated in or randomly displayed. As I have explained in other discussions I have seen fake Mozilla Firefox malvertisements emanating from the Weather Channel web site. There was a case where members visited AllMusic.com and on rare occasions they got a Microsoft FakeAlert. The reports were few and reproducing it was difficult but finally I was able to coax a Microsoft FakeAlert from a visitation. It was all discussed in This Thread. Reference: Post #20 You stated " Between my visits to this forum, I see the same thing happening again and again. " Well, you need to review and look at your browsing habits as to what you were doing and what sites you visited when you receive these FakeAlerts and try to avoid these sites. The other thing is you stated " When looking in my browser history, the redirect page is listed as Win Erx03 " We want to identify those web sites and get them submitted so Malwarebytes' products can block access to the malicious sites. Submissions of FakeAlert sites are done in; Newest IP or URL Threats ( as per the directions in READ ME: Purpose of this forum )
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.