Jump to content

David H. Lipman

  • Content Count

  • Joined

  • Days Won


Everything posted by David H. Lipman

  1. Exactly. It is a OS generated file that is normal. Virus Total is a simple way to check any file. As you now see, there are 3 Virus Total Reports for three copies of "GDIPFONTCACHEV1.DAT". I think you'll find every User Profile has one.
  2. Yes, your presumptions have no basis in fact. There are 100's of files in the OS. Many are caches too. Why single this file out ? Here's the Virus Total report for my Win7 User Profile http://www.virustotal.com/file/1e4f4a4bb936381af55b3f262680a220df11da6cb24320320b6ec2c47de80512/analysis/ Here's the Virus Total report for another file from my Win7 User Profile on another PC https://www.virustotal.com/gui/file/ada06efed5d7a4d328f96c93efca893daf1cc2f3f3b879e535aa31cfa83a0b4c/detection
  3. It is an OS created data file related to your Profile and should left alone. If you have worries on a data files, send it to Virus Total. It will check it with more than 50, participating, anti malware vendors.
  4. If it is a Windows OS based server then it is a non-dedicated server. Non-dedicated servers such as Windows server is often compromised because of the Insider Threat when the role as a File Server is abused by administrators who install unapproved software and Browse the Internet. Malwarebytes' Anti-Malware ( MBAM ) does not target scripted malware files via signatures. That means MBAM will not target; JS, JSE, PS1, PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc. It also does not target documents via signatures such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc. It also does not target media files; MP3, WMV, JPG, GIF, etc. Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files). MBAM specifically targets binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. This includes file names that use Unicode Right-to-Left Override to obfuscate an executable file extension.
  5. I'm glad to read you decided to file a complaint with the US FBI's IC3. Tech Support scammers are a real problem and Law Enforcement needs all the information from victims that they can receive. PS: Best 'O Luck with that job interview Jim
  6. @JC_Stewart Steer clear from non-vetted applications such as "Shield Apps" and "PC Privacy Shield". Any applications that were installed subsequent to the Microsoft FakeAlert and the company associated with the Tech Support Scam behind the phone number (866) 359-5578 can not be trusted. Chances are the Tech Support Scammer behind the phone number, (866) 359-5578, is an affiliate and received affiliate revenue ( aka; kickback ) for the installation. If you haven't reviewed the references I previously provided, please do so... US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
  7. https://support.poshmark.com/customer/portal/articles/security-notice "Poshmark Security Notice FAQ What happened? We recently discovered that data from some Poshmark users was acquired by an unauthorized third party. The data acquired does not include any financial or physical address information, and we do not believe your password was compromised. Regardless, we recommend that Poshmark users change their passwords as a precaution and security best practice. What information was affected by this issue? The type of data involved includes: Certain user profile information specified for public use such as username, first and last name, gender, and city Certain internal account information such as email address, user ID, size preferences, one-way encrypted passwords salted uniquely per user (making it nearly impossible to use these passwords to access an account), as well as social media profile information collected when users connect social media accounts to Poshmark Certain internal Poshmark preferences for email and push notifications"
  8. Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords "The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices. While a big improvement over the earlier and notoriously weak Wired Equivalent Privacy and the WPA protocols, the current WPA2 version (in use since the mid 2000s) has suffered a crippling design flaw that has been known for more than a decade: the four-way handshake—a cryptographic process WPA2 uses to validate computers, phones, and tablets to an access point and vice versa—contains a hash of the network password. Anyone within range of a device connecting to the network can record this handshake. Short passwords or those that aren’t random are then trivial to crack in a matter of seconds. One of WPA3’s most promoted changes was its use of “Dragonfly,” a completely overhauled handshake that its architects once said was resistant to the types of password guessing attacks that threatened WPA2 users. Known in Wi-Fi parlance as the Simultaneous Authentication of Equals handshake, or just SAE for short, Dragonfly augments the four-way handshake with a Pairwise Master Key that has much more entropy than network passwords. SAE also provides a feature known as forward secrecy that protects past sessions against future password compromises." Designated: CVE-2019-13377 and CVE-2019-13456
  9. With warshipping, hackers ship their exploits directly to their target’s mail room "Why break into a company’s network when you can just walk right in — literally? Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to park outside a building and brute-force the Wi-Fi network password. Just drop your exploit in the mail and let your friendly postal worker deliver it to your target’s door. This newly named technique — dubbed “warshipping” — is not a new concept. Just think of the traditional Trojan horse rolling into the city of Troy, or when hackers drove up to TJX stores and stole customer data by breaking into the store’s Wi-Fi network. But security researchers at IBM’s X-Force Red say it’s a novel and effective way for an attacker to gain an initial foothold on a target’s network. “It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location,” wrote Charles Henderson, who heads up the IBM offensive operations unit." Reference: warshipping
  10. GermanWiper Ransomware Erases Data, Still Asks for Ransom "Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. This wiper is being named GermanWiper due to its targeting of German victims and it being a destructive wiper rather than a ransomware. The malware was first reported on the BleepingComputer forum on Tuesday, July 30 and users soon learned after examining their files that it is a data wiper, despite it demanding a ransom payment. No data recovery After compromising a computer and deleting files, GermanWiper leaves a ransom note indicating that the data was encrypted and would not be decrypted unless BTC 0.15038835 is transferred to a listed bitcoin address. Even if a victim pays the ransom, the money is wasted because the malware does not encrypt the data but overwrites it with zeroes and ones, destroying it, according to security researcher Michael Gillespie. The first sample seen by security researchers was built on Monday, July 29. The ID Ransomware service started to receive submissions the same day, a little after 10 AM CEST, MalwareHunterTeam told BleepingComputer. The end of the work week (Friday, August 2) saw the highest number of ID Ransomware submissions for GermanWiper indicating that the campaign had hit plenty of targets. After that day, the number dwindled to less than 20."
  11. Its a good read for all of us to understand about email "Headers" and using them to corroborate received email. Xiexie ni
  12. Please note that I am not a member of Staff. They are Malwarebytes' employees. I am not an employee. I'm just a Forum Member like you but I am in the Forum's Experts group.
  13. What you have demonstrated is you received a Microsoft FakeAlert and you ALLOWED a fraudster access to your computer. That was a mistake. First I suggest going to the Credit Card company and putting into Dispute any/all charges stemming from the fraud based incident. You may want that Credit Card canceled and a new card issued as well. Then I suggest having your PC checked out. Just to make sure there is nothing lingering. Please read; I'm infected - What do I do now? and then create a post in; Windows Malware Removal Help & Support requesting to have your PC checked out after falling for a Tech Support scam initiated by a Microsoft FakeAlert. - - - - I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version They are all a kind of malicious advertisement ( aka; malvertisement ). Using Task Manager and Killing the; Edge, IExplorer, Chrome, Firefox, etc, processes is very effective once you are affected by these FakeAlerts. Right now, to block it means Malwarebytes needs to know the URL to block. If you can provide the URL it can be added to the list for Malwarebytes sites to block. Submissions of suspect and malicious URLs can be performed in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum Malwarebytes is creating Beta versions of Browser Add-Ins for Chrome and Firefox to deal with FakeAlerts and other frauds. But as noted, they are still Beta versions. Browser Add-On references: Malwarebytes Browser Extension for Chrome (Beta) Malwarebytes Browser Extension for Firefox (beta) Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  14. Just install Windows Updates until there are no more Security updates to be installed.
  15. Yes. Please note that the Malware Removal Help section of the Forum is for those whose systems are actually infected or believe their systems are and requesting assistance to get their systems cleaned-up and not for general queries. Therefore I have requested Forum Admins. move this thread to; General Chat
  16. It was mitigated in a Microsoft June '16 Security Update. https://support.microsoft.com/en-us/help/3165191/ms16-077-security-update-for-wpad-june-14-2016 This is not really a home user risk and it is associated equally to WiFi as Ethernet. One should not worry about a particular risk but worry about all risks and must look at securing their platform from a holistic position. This begins with properly applying OS Security Updates as they are issued.
  17. The False Positive sub-forum is for False Positive declarations made by Malwarebytes' software and not for declarations made by other vendors. You submitted three Virus Total Report URLs for detections not showing a Malwarebytes detection. One was for a Visual Basic Encoded ( VBE ) file which isn't even targeted by Malwarebytes. The first submission was made on 2017-12-31 and has a low detection rate. Without accessing the file itself a determination can't be fully made but it may be legitimate but I can't be sure. A malicious VBE would be expected to have many more detections than that shown for a file known to Virus Total ( and associated vendors ) over this time frame. The other two files are file types targeted by Malwarebytes but their first submission goes way back to 2010. Files that have been known to Virus Total ( and associated vendors ) over this long a time frame that arre malicious would have many more detections so they are most likely False Positive declarations. In the future please restrict False Positive queries to those made specifically by Malwarebytes' software.
  18. Please do not respond to the sender ( assuming the address is valid ). Don't forget to check your email addresses at; https://haveibeenpwned.com/ to see where the password was harvested from in a site breach.
  19. The Microphone is an input device and a Microphone Port on a notebook or desktop are input ports. Playback is done through an output device or port. Speakers and headphones are output or playback devices and the line-out is an output port. Playing a MP3 file of a recorded soundbite is performed by software such as VideoLAN VLC Player and Windows Media Player What is the make and model of the Windows 10 computer you are using ?
  20. https://www.virustotal.com/gui/file/8600ba10c1fbc209e01c963b1d46538ef3ac9a257918fa822b66a1c27022b000/detection permissionresearch.zip permissionresearch.dmg had 19 detection 1 month ago and now it has 21 detections of mostly OnionSpy or a variation thereof.
  21. It's relevant to how they got a password for an understanding how it can be used to manipulate victims of a breach.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.