Jump to content

David H. Lipman

Experts
  • Content Count

    14,114
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by David H. Lipman

  1. The LIFE TLD is one of those that have a propensity for nefarious and malicious sites. I get Access Denied trying to read the Microsoft Thread even when logged into a Microsoft Account. The tech-life.life Domain was created on 10/12/2017 and is barely 1.5 years old and is Registered through NameCheap. NameCheap a registrar that is known to allow registration of nefarious and malicious sites and they put up all sorts of road blocks when provided Abuse reports. When I try to visit tech-life.life I get "403, Forbidden, Access to this resource on the server is denied!". That is a Red Flag that when accessing the Root of a web site you get Access Denied. With all that in mind and the report from a Malwarebytes Employee indicating " blocked for engaging in fraudulent activity (specifically related to pushing fake scanning software and fake gift cards/prizes) " I do not understand the hesitation in accepting why that site is blocked.
  2. Kindle is based on Android. https://www.malwarebytes.com/android/
  3. This is what your complaint sounds like. A Tech Support scam. I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  4. Malicious or suspect URL submissions are provided in; Newest IP or URL Threats What you describe sounds like a Phishing URL. The TXT files contains HTML. When rendered it looks like the following. The URL is noted below and no longer resolves to an IP and thus is now a dead link. http://attachments.mail3-inboxed.host/5c5c2bf0b83a8860ca12d8fe?wtzTvhY
  5. What site you visited is not readily evident in the attached graphic. I can see pubmatic.com and doubleverify.com. The graphic eludes to eBay but that could havre been an ad on any web site advertising for eBay. What would be explicit would be the URL as shown in the below graphic. Presuming it happens on eBay, what are the exact URLs on eBay that you are viewing that lead to the eventual FakeAlert. { If you feel the content of said eBay sales are too private for public consumption, feel free to send me the URLs via a PM. }
  6. As I previously wrote... As an example please reference this thread; Virus In that thread visitors of 1AllMusic.Com would be occasionally foisted a FakeAlert. Visitors weren't getting these FakeAlerts too often and I tried numerous times to coax a FakeAlert in my visitations. Eventually I got one just as it had been reported. I contacted the owners of the site and he give me permission to post his email reply in Post #20. As he noted it was being generated "via one of our third-party advertisers". Which is what I was trying to convey in Post #8. In conclusion., the site/sites you are visiting when these FakeAlerts occur need to be noted. They either should be avoided or if they are legitimate sites ( not nefarious sites who don't care about who advertises on their site and what the content being presented is ) then they can be contacted and the problem mitigated. Additionally, submitting the URLs of the FakeAlerts is beneficial to all. Since they are web sites, and there is nothing on the PC generating the Alerts, the objective is to submit the URLs to malwarebytes such that they can have their software block access to them so others will not see the Fraudulent crap. URLs can be submitted in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum 1. It should be noted that there have been no new reports concerning FakeAlerts when accessing AllMusic.Com since its was brought to their attention in April '18.
  7. @seeyouatthetop Did you post your query on the DD WRT Forums ?
  8. I thought I had seen you attempting to post in; Windows Malware Removal Help & Support but I saw your Post Count stay at "1". I don't know what you were doing but Kaspersky flagged a GZipe'd JavaScrpt which was flagged as "not-a-virus:HEUR:AdWare.Script.Generic". Associated with the session was Reimage Plus ( scamware that uses nefarious and unethical practices to promote sales ). Malwarebytes detects this software as "PUP.Optional.Reimage" and Kaspersky detects it as "HEUR:Hoax.Win32.PCRepair.gen". Please do start a thread in; Windows Malware Removal Help & Support and ask for your PC to be checked-out. Don't post the data that is located in this thread. Just reference in your new post, Post #3 of this thread.
  9. You are not a Guest. You are a member! Ask your question and we'll do our best to give you a good answer.
  10. The difference is a Home Use and being a Business. @bdg2 you are a Home User (aka; retail ) and not a business.
  11. RE: False Positive 247techies - December '18
  12. I don't understand what is meant by " whom Malware has noticed " so I'll keep this in General Terms. First we'll start with the overarching concept of malware which is the concatenation of terms MALicious and softWARE. There are three basic sub-types of malware; trojans, viruses and exploit code. 1. trojans - Trojans are the largest sub-type and contains many forms and variations. Trojans are malicious code that require assistance to "infect". It could be through explotation such as social Engineering or software exploitation. Some example type of trojans are; porn dialers, data and password stealers, trojanizers/patchers, backdoors and Remote Access Trojans ( RATs ), keyloggers, downloaders, injectors, Each may have sub-types of their own. For example there are QRATs and JRATs. 2. Exploits - Exploit code can be any kind of code that exploits a vulnerability or a functionality in an unintended fashion. For example a Wimad trojan exploits Windows Digital Rights Management ( DRM ). The Lovsan/Blaster worm was both a virus and used exploitation. It exploited a vulnerability in RPC/RPCSS and used TCP port 445 to infect a computer and spread the infection. 3. Viruses - Viruses are a kind of malicious code that is able to spread autonomously. Unlike a trojan which needs assistance to spread, a virus can infect data files, media, executable binaries and that can be used to spread the infection. Such as file to file or file to computer or file to media and media to computer. For example a file infecting virus may inject malicious code into an executable file. It may prepend, append or cavity inject the malicious code into a legitimate file. Once that file is infected it may spread the infection to other other files and computers. Two examples are the Virut and Sallity. Another form of virus used the boot sector of the older File Allocation Table ( pre-NTFS ) such as the NYB and Form viruses. The infected computer would pass the infection to a floppy which could then infect another computer when that floppy was read. Another form of virus is the Macro Virus. it took advantage of VB macros in Microsoft Office. If an infected document is opened then MS Office would be infected which would, in turn, infect non-infected documents. Those infected documents could infect other systems. This type of virus was one of the first to cross the OS barrier as long as MS Office was installed under that OS. [ Personally, I prefer calling them a parasite due to the fact it only "lives" in the MS Office environment. ] There are also sub-types of viruses such as worms. They, in-turn, also have sub-types such as internet worms, and AutoRun Worms. Internet Worms use TCP/IP protocols such as the Lovsan/Blaster using TCP port 445. Or it can use email ( SMTP ), NetBIOS over IP, SMB, NNTP, etc. AutoRun worms use the AutoRun and AutoPlay OS facility in removable media to spread from PC to media and from media. Some may combine aspects like the Lovsan/Blaster using both exploit code and being an Internet worm. Today the vast majority of malware are trojans. Due to newer constructs in Win32 and Win64 and NTFS, many viruses have died off. You won't see viruses like the Melissa virus anymore. ** Note that I have provided a Reader's Digest version of information in monologue and I have simplified the explanations.
  13. @danilka have you performed nadsdaq's request ?
  14. @GTampsYou want to use a Memory Card Reader in a Windows PC or a USB Memory Card Reader attached to a PC and read the file directory from there. Computer malware does not normalize a relative size to a JPEG to 475GB. If a file was truly that large it would not fit on a card. Let alone dozens of JPEGS. Chances are more likely to be a a bug in how the File Table is read and interpreted. By inserting the Memory Card in a PC it is up to the PC's OS to interpret the Memory Card's File Table.
  15. Associated like in, a web site or a file or an application.
  16. I suggest you post your query at the DD WRT Forums since you indicated that you applied it to your router.
  17. This is a Certificate that can't be verified via OCSP but you do not give any information on What this certificate is associated with.
  18. I don't think that's possible with SOHO equipment.
  19. Sorry. The reason however is the same. If there is something specific you needed changed. Contact an Administrator such as; AdvancedSetup
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.