Jump to content

David H. Lipman

Experts
  • Content Count

    14,384
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. Safe Mode - same results. If an attachment download is enumerated in a PM and not in a sub-forum post, that points to Forum 'ware coding inconsistency. Why would an attachment in a PM be treated differently than an attachment in a sub-forum thread? That query would be the beginning point to a resolution.
  2. IE11 When not logged-in I get "Unavailable". When logged-in the number of downloads is properly enumerated.
  3. Maybe... Maybe not. This is from your posted example. This is a from an attachment in a PM stream. The enumeration of downloads was immediate upon reading the PM and upon a refresh of viewing the thread after I downloaded the attachment. Thank you Ron. EDIT: This may have dependencies upon Browser versions. Two different Firefox versions get different results.
  4. You are assuming malware and more specifically a sub-type of malware, a virus. As you have noted, it is an old system. Thus an OS corruption is more likely the culprit.
  5. Recently a Forum 'ware update brought back the enumeration of downloads for a given attachment. However sometimes it works but often it doesn't and the attachment just shows "Fetching info.." with the results not being obtained.
  6. It is really quite simple. If you have a business you can deploy the HP Hosts file amongst the computers used within that business. The use within said business is considered "commercial use" which is contrasted with the use in a retail situation where it is used within one's home and used personally or within one's family. These are allowed usage. The difference between the retail and commercial use is that of a familiar relationship. In a commercial setting there are numerous personnel who are unrelated. In a retail setting it is within a family group of related individuals. However one can not take the HP Hosts file and place it in a product that is distributed outside of that business. That is a disallowed usage. For example I can't take the HP Hosts file, modify it or keep it intact and rebrand and distribute it as Dave's Host File. The EULA is not contradictory. One can distribute the HP Hosts file within and not outside a given commercial setting.
  7. What you have indicated is Program X is receiving a possible malicious communication over TCP/UDP port 13902 ( a non-standard and not "well known" TCP/UDP port ) from a remote host. Since you obfuscated both the remote host and the program nothing more can be gleamed from this. You posed this query in the Windows Malware Removal Help & Support, and @nasdaq presumed you needed assistance in removing malware or having the PC checked-out based upon where you initially made this query.
  8. As noted, it is not a virus. It is a trojan. It has properties associated with the AZORult trojan and it is a data stealing trojan. It tries to harvest and steal the following which includes, but may not be limited to... Putty / WinSCP information (sessions, passwords, etc) Web Browser information (history, passwords, etc) FTP login credentials Crypto-Currency Wallets Instant Messenger accounts and password credentials Email credentials (via file access)
  9. Perform a full scan you system by MBAM. Then create a new post in Windows Malware Removal Help & Support requesting a check of the system and reference this thread; Shortcut file virus
  10. No signs that it is a virus nor that it was generated by a virus. It is a trojan. The mini script in the LNK file you provided downloads a file purported to be info.doc but it is a large PowerShell script. It downloads [ from: dir.k.o.n.pserver.ru (185.118.165.205) using TCP port 4577 ] what is purported to be read.doc but it isn't. It's a malicious executable. https://www.virustotal.com/en/file/bdf37aa3ce8a38f084d93317eadd3eb0d9306349d4362d4a7e05e322dbfc6e0f/analysis/1556814531/ https://www.virustotal.com/en/file/6d3f2feaae92b740a3f119bf12547ac54bd7abc6795e397a0483c344e51cd54e/analysis/1556814693/ While it is not reflected by Virus Total, the payload, which are trojans, are detected by MBAM. The following is an except from the scan log.
  11. Assuming you can, if you do the Policy will disallow the MRT functionality and leave your computer less-safe.
  12. exhile360 and I have provided all there is needed to know. Disabling the Policy is not a good idea and MRT ( Malicious Software Removal Tool ) should be allowed. When one quarantines this PUM by MBAM it nullifies the problem and MRT is allowed to perform it duties.
  13. Whether or not a possibly malicious and/or nefarious URLs is presently not being blocked is not an issue with a given product. If they are not blocked, they should be submitted in; Newest IP or URL Threats . Malwarebytes' personnel will determine how each product will implement a block on that site if it is warranted.
  14. A malicious or nefarious URL may alter content due to the User-Agent but the site in question would be considered for blocking by all applications. It is possible that there is ad-rotation or random display in-action here. It is also possible that a malicious URL may require a malvertiser referral, may be dependent upon GeoIP, may only show malicious or nefarious content once per IP, may be dynamically generated and not static and other variables.
  15. If a URL is suspect and is not blocked then it should be submitted in; Newest IP or URL Threats and the URL(s) properly obfuscated.
  16. Another example sent in graphic file form...
  17. A software restriction policy was set to Disable the Microsoft once per month On Demand anti malware scanner known as MRT ( Malicious Software Removal Tool ) . MBAM is flagging the Potentially Unwanted Modification ( PUM ). One should allow the once per month release and subsequent scan by the MRT.
  18. “We need to go out there and spread light... A little bit of light pushes out a lot of darkness " - Rabbi Yisroel Goldstein
  19. The information was in my reply in Post #2 which explains and provides examples of various FakeAlert web sites. The reason why Code Tags are used is to make fully qualified URLs dysfunctional and non-clickable. In other words make them not live links. When one removes the URI of HTTP:// or HTTPS:// and only displays the Domain and path, this also has the same effect of making it a non-clickable link. The purpose of which is to protect Forum thread readers from accidentally loading a malicious link. The other way to use Code Tags, which is easier, is use the Code Tag function from the Forum Editor Toolbar. It is easier because one does not have to worry about messing up the syntax of manually using Code Tags.
  20. You can replace it with a MAC or Linux an not go to Windows 10 at all.
  21. Chinese Embassy Scam Reference: https://www.consumer.ftc.gov/blog/2018/04/scammers-impersonate-chinese-consulate https://cyware.com/news/chinese-embassy-robocall-scam-rakes-in-40m-from-victims-aaba248c
  22. No The level of Abuse, malicious and nefarious activity is too high and their actions to deal with them is too low.
  23. RE: Photos, videos,pdf file are all change to deferent file name
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.