Jump to content

David H. Lipman

Experts
  • Content Count

    15,676
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. If that is true, post that in; Website Blocking so it can be unblocked.
  2. VLC Player is OpenSource software. It should ONLY be downloaded from VideoLAN. There are sites that masquerade as VLC Player just like there ae sites that masquerade as Mozilla Firefox updates, Java Updates, Flash Updates, etc. VLC Player is HIGHLY recommended. It's versatility and capability is unmatched. I used VLC Player to capture a video of four squirrels in my attic.
  3. This is not a virus nor is it malware. It is a fraudulent web site. I have created a 1series of videos generated from these fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: US FBI PSA - Tech Support Scam 1. Also located at "My Online Security" - Some videos of typical tech support scams
  4. Similar to these ? I have created a 1series of videos generated from these fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version If you get one or more of these per week then examine your surfing habits to see what sites you are visiting when you see this kind of content. For all intents and purposes these scams are a form of malvertisement and can be rotated-in or randomly displayed on a site with many advertisements or when visiting a site whose existence is for the purpose of redirecting the Browsing Public to malicious web sites. Reference: US FBI PSA - Tech Support Scam 1. Also located at "My Online Security" - Some videos of typical tech support scams
  5. I'm sorry if I wasn't clear. The screenshot isn't really that important, it only proves the malicious intent of a given URL. It is the URL that is important. For example the following is an example of a Microsoft FakeAlert. Therefore it it would be a good idea to submit URLs like it in; Newest IP or URL Threats ( as per the directions in READ ME: Purpose of this forum ) https://d35iq1yh0ox7cq.cloudfront.net/ Rendered Content for the above Microsoft FakeAlert. As I indicated earlier in this thread, I have created a 1PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Any specific MAC related questions can be posed in Malwarebytes for Mac If you believe your MAC to be infected, you can request assistance in; Malware Removal for Mac 1. I have created the FakeAlert ScreenShow for the purposes of education and recognition. Of course if someone has a different screenshot other than what I represent ( for example one in another language or completely different graphics and/or content ) I would gladly accept them for inclusion. I do NOT want to get Off Topic here. But I do like US coined currency; Silver, Copper, Nickle, Steel and Gold as well as US Mint Silver Dollar Commemoratives. I also like Striper, Blue, Spanish Mackerel, Fluke, Little Tunny and other fish caught in the Jersey Surf. Subject matter better served in their own topic here in General Chat. I'm not into Cryptocurrency but I do like Cryptovirology.
  6. It isn't screenshots that are needed. It is the URL that is used to render the HTML.FakeAlert content. Then they can be submitted for product inclusion in; Newest IP or URL Threats ( as per the directions in READ ME: Purpose of this forum ) so they can be added to protect others from falling prey to the scams they represent. Remember - They do NOT come from software on your PC ( Windows or MAC ) and that they emanate from the POV of the Internet and exist as web sites. They are merely sites that host fraudulent content to induce one to make the phone call to pay for service or to purchase a product based upon a non-existent event. Since they are Internet sourced, no anti malware solution can find and remove anything. Any specific MAC related questions can be posed in Malwarebytes for Mac ** As noted, the URLs can be submitted and subsequently added to the Malwarebytes' products to protect others from ever seeing the objectionable fraud sites.
  7. Oracle Java and Adobe Air, Flash and Shockwave happily updated and running here.
  8. Thank you. It is NOT a virus. It is a malicious web site. The content is not on you computer, it emanates from the Internet. It is rendered in the Browser. The way to "get rid of it" is to close the Browser. Many of these FakeAlerts program the malicious web site so that is not so easy. There are a few choices. Reboot Logoff and then login Kill the Browser process in Task Manager Remember - It is just a web page.
  9. That is not a web site. That is a Broadcast address.
  10. It is a traditional AV application. It is not the best but it is better than nothing. Microsoft tried to have an AV Application but they did not do well and Windows Live Anti Virus was pulled as a paid-for application and became the free Windows Defender and variants we see Today. The best application of an anti virus functionality is that Microsoft has implemented is the Once-per-Month On Demand scanner that is included in Patch Tuesday's updates. Unfortunately, Samuel doesn't quite get it. Malwarebytes would not code the functionality to remove malicious code for just one virus like Virut so its lifespan and its bugs are a moot point. The functionality of removing malicious code from legitimate files would be applied to all file infecting viruses and files that have been trojanized. The difference being a file that is infected with a file infecting virus can in turn infect other files. A file that has been trojanized is an end point. It will not infect other files. The concept of trojanization ( patching ) has been an ongoing threat. Therefore once created, the module of the application that would disinfect legitimate files that have been injected with malicious code would transcend all file infecting viruses and malware that trojanizes legitimate files, thus that functionality would never be pointless.
  11. That's the focal point "On Demand" and not "On Action".
  12. It isn't "semantics" just like gb does not equate to GB. It is the looseness of facts that brought us to this point in time where everyone is calling all malware a "virus". Understanding the concepts and being educated to the facts leads to be better understanding of the malware environment allowing us to better protect ourselves. Those that understand the facts are infected the least and those with least understanding are infected the most. Thus being exact in our words as professional and SMEs and our statements can lead to less people getting infected. Facts matter. I did not approach the preventative nature of MBAM and its "on Action" capabilities. The subject matter was scanning non-native OS' which is an "On Demand" process where "On Action" is a moot point other than the fact that an Internet worm, whose ability is to infect multiple operating systems, may be inhibited by MBAM's "On Action" capability. Traditional AV applications still attack the results of a file infecting virus. What separates them is their ability to do that in situ as well as their ability to bring back altered files to their preinfected state without corrupting them which may or may not also bring them back to their pre-infected checksum value.
  13. That's right, an ELF file can't run under Windows. But as a disk file can be "hosted" by it. If I have malicious DMG or ELF files on a web site, that web site is not neccessarily infected by the malware represented by the DMG and ELF files but it surely can "host" these files. But like I said there are infectors that can cross the OS barrier. An Internet worm can come to windows as a Win32 EXE and infect the Windows PC but it may see another system on the network and infect it. MBAM is incapable of removing malicious code that has been prepended, appended or cavity injected into a legitimate file. That means if a file infecting virus infects a legitimate file MBAM will be unable to remove the malicious code. An anti virus application should be able to remove malicious code from an infected file and hopefully bring it back to its preinfected state. Which may or may not return the file to its original, non infected, checksum value. This is also true for trojans that trojanize legitimate files. MBAM is incapable of removing malicious code from them as well ( also known as patched files ). At best MBAM will try to replace the patched file from a know good copy. A media file detected as a Wimad file is not infected. It is a trojan that was designed to be malicious from the onset. Documents, media files and other data files that are trojans are not "infected'. To be infected it has to be be a legitimate file that was altered to be malicious.. A MS Word Document that uses a malicious VB macro to download executes a malicious binary is not infected. Nor is one that that has an an embedded OLE object. They are designed on the onset to be malicious so that they can not be considered "infected". However in the case of Macro Viruses they are infected. That's what sets them apart. If a legitimate MS Office Documen is loaded into the MS Office environment that is infected, that legitimate file will have the malicious macro virus injected into it. That legitimate MS Office document is now infected with a macro virus. If I then took the infected MS Office Document and went to a system that that was clean and I had MS Office open that infected document, that previously clean MS Office environment is now infected and can now further the macro virus dissemination. MS Office does not just run under Windows. Thus in the late 90's the Macro Virus was one of the first to cross the OS barrier. It did this due to the relative OS independence nature of the MS Office VB Macro environment. That's a vulnerability as malware may come back. There is no such thing as a malware expiration date. If one "assumes" a malware family is extinct and no longer protects against it, the system is vulnerable. However, there are technical hurdles that may make an old malware family resurgence highly unlikely in some cases.
  14. The Stock OS will not include every driver for every chipset, card and/or attached device. For a Stock OS installation, go to the manufacturer. For example if it is an ASUS Motherboard ( MB ), go to ASUS. Lookup the model of said MB and then go to its Support page and then to the relevant OS and flavour. If they show the same driver but with multiple versions, choose the last version. in other words choose the latest version. If it is a system such as HP, Dell, Acer, etc. do likewise. Go to the manufacturer's website. Lookup the model of the system ( In some cases not the family model but the fully qualified model number ) and then go to its Support page and then to the relevant OS and flavour. If they show the same driver but multiple versions, choose the last version or in other words the latest version. If it is a peripheral component such as a Syba PCI-e card, use the disk that accompanied the peripheral If you do not have the disk, go to the card's manufacturer.
  15. Let me repeat... If the prerequisite requirements of Driver Updates are not met, then don't do it. An updated driver can actually cause instability. I have used Intel's older ActiveX Control and their later updater and both delivered, on occasion and not the rule, and updated driver that was unstable and caused "issues" where none existed before.
  16. Any OS can "host" any malware that can infect a different OS. For example a Windows PC can host an ELF file that infects Linux or a DMG that can infect a MAC. There are rare Internet worms that may infect a Windows PC and infect other OS'. They are uncommon. There are MS Office Macro Viruses that can infect a MS Office Document that can in turn infect MS Office on a different OS. Specifically Malwarebytes product lines do not cross OS'. That is MBAM for Windows does not target, detect and/or remove MAC malware. Conversely MBAM for MAC does not target, detect and/or remove Windows malware. The exception being those rare infectors which are somewhat OS independent. Traditional anti virus software targets all malware and will detect and/or remove malware found on one OS but is meant for another OS. MBAM is NOT a traditional anti virus nor is it "historical". It does not know what the "NYB" or "Form" virus are and can't even deal with the consequences of file infecting virus such as Virut, Neshta or Sality. It can't even detect a Wimad trojan because it does bot target data files.
  17. I just wanted to note that I am taking a back seat as Ron goes through this Log Process with you.
  18. I certainly don't see " 200gb missing " being unallocated. ( BTW: I think you mean GB not gb as in GigaByte. Nomenclature is important ). I do see Lenovo related partitions.\ RE: https://forums.lenovo.com/t5/Lenovo-P-Y-and-Z-series/Can-you-tell-me-what-partitions-these-are/m-p/1201540#M65417 Choose the "Spoiler".
  19. Easeus Partition Manager. http://download.easeus.com/free/epm.exe
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.