Jump to content

David H. Lipman

Experts
  • Content Count

    14,884
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. Don't forget to check your email addresses at; https://haveibeenpwned.com/
  2. Yes - scam. See; FYI: Email Ransom Scam still current for samples of similar email. Delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. This is most likely how they know the password. From a breach and not from your PC being compromised. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email.
  3. They mean nothing. The final one is just that the site uses the Microsoft CryptoAPI to obtain a DER encoded X509 Certificate from the Comodo Security Solutions, Inc., Online Certificate Status Protocol ( OCSP ) server and the site communicates over SSL. https://docs.microsoft.com/en-us/windows/win32/secauthn/secure-channel GET ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D User-Agent: Microsoft-CryptoAPI/6.1
  4. You misinterpret the report. There is nothing physically malicious in that report. No exploit code found, no malicious content and no malware being dropped - Nothing! As I stated it is nothing but a shill site for obtaining affiliate revenue for pointing site viewers to SpyHunter. https://www.virustotal.com/gui/url/8003c0f828d7d61c2ffd34ac448d4dc9e9fa28d15d60020e2a61019566b76c98/detection EDIT: From the index.html of that page obtained with WGET. https://www.virustotal.com/gui/file/b3d26f8a92f3779405403db7e93c151b2871d169838b0bb100e1a133af877698/detection
  5. There are Usenet News Groups ( NNTP ) and some Web Forums that act as a Front-End to Usenet that will show up in Google Groups as Google Groups is Google's HTTP/HTTPS front-end to Usenet. There is no way to "fix" it.
  6. Now that you were identified to have been in more than one breach and they password was used on more than one site, the job is not to repeat passwords used on different sites. Each site should have a unique password that is a Strong Password. You would have to contact any/all sites you know longer want and tell the Administrator(s) of said sites to cancel the accounts you hold with them. Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  7. I'm not characterizing the videos one way or another, I am thinking about Cookies ( not your IP ) being used to target you with specific content. I suggest giving the below a shot, it can't hurt, only help. http://www.networkadvertising.org/choices/ http://www.aboutads.info/choices/ Google Account Activity Controls
  8. You must mean Pussy Russo. I remember when his head got blown off at the <redacted>.
  9. On the far chance this could be based upon Ads targeted through advertiser Cookies, try to use the following services to Opt-Out of Interest Based Advertising and Targeted Advertising. http://www.networkadvertising.org/choices/ http://www.aboutads.info/choices/
  10. Notifications are disabled yet I received a "Threat Watch" notification for a Sodiniokibi Ransomware. How does one Disable the receipt of "Threat Watch" notifications ?
  11. That explains the detection of "Riskware.ExtensionMismatch" the contents of the file being a PE while the file extension was JPG.
  12. You won't get an email you'll get a list of sites IFF the email address you entered was part of a known breach. I just gave the site one of my email addresses and I was provided the following... You can sign up for email notifications for the email address you provide if it is found in any subsequent NEW breaches. For example I received an email last week about the Evite Breach that email address was associated with.
  13. https://haveibeenpwned.com/ is a reputable, non-malicious, white hat web site by Microsoft MVP Troy Hunt Reference: https://haveibeenpwned.com/About https://mvp.microsoft.com/en-us/PublicProfile/4031649
  14. You submitted a URL on howtoremove.guide for analysis. The site is not a malicious site that will cause malware to be installed on your PC just by visiting it. The site does have an agenda but not to "infect" the visitor. https://howtoremove.guide/remove-drive-by-exploit-email/ The purpose of howtoremove.guide is not to provide information. It is a shill site created to obtain affiliate revenue for the web site owner by referring visitors to SpyHunter software. It is not an authoritative site and what it provides is incomplete and misinformation hoping you will be referred to use SpyHunter. This is Social Engineering to lend credulity to the email blackmail scam so you'd be more likely to pay the blackmail fee. So there are Two Social Engineering processes to discus here. Email blackmail scams use a password or some verbiage to make you have fear and trepidation to induce the victim to pay the blackmail fee to not release reported private data. There are sites that are created to be the destination of common Google, Bing, Ask and other associated search topics to provide faulty or misinformation to goad someone to use or buy a product or for a service.
  15. Malvertising doesn't really intend to infect. Rather it is a set ploys used in Social Engineering to influence the visitor for various reasons. The subsequent actions by a user may lead to infection such as with a Malvertisement pushing a Fake Java, Flash, Firefox or other software update. If a site is blocked, the connection is not made and the communication is stopped and thus "blocked". For example if the Malvertisement intent was to tell you your PC is infected and you should call a Phone Number, you would not be presented with that content. Another example would be if a Malvertisement's intent was to tell you there is a Firefox update, you would not see that content either. Another case would be a URL of a known malvertiser being blocked. Visiting that kind of redirection URL multiple time may push a myriad of Malvertisement types, different each time it is visited. By blocking that kind of site, you are not confronted with those kinds of malicious or fraudulent sites the malvertiser may redirect your Browser to. In short, the Malwarebytes "blocking" of those sites short-circuits their attempts.
  16. Additionally, @rundwald you can enter your email address(es) in the following site and it will check to see if your email address was part of a known breach. https://haveibeenpwned.com/ Some additional authoritative reports on the email blackmail scheme. ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  17. Any questions or is there anything else ?
  18. I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version They are all a kind of malicious advertisement ( aka; malvertisement ). Using Task Manager and Killing the; Edge, IExplorer, Chrome, Firefox, etc, processes is very effective once you are affected by these FakeAlerts. Right now, to block it means Malwarebytes needs to know the URL to block. If you can provide the URL it can be added to the list for Malwarebytes sites to block. Submissions of suspect and malicious URLs can be performed in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum Malwarebytes is creating Beta versions of Browser Add-Ins for Chrome and Firefox to deal with FakeAlerts and other frauds. But as noted, they are still Beta versions. Browser Add-On references: Malwarebytes Browser Extension for Chrome (Beta) Malwarebytes Browser Extension for Firefox (beta) Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  19. You don't have to reboot. Not for this. Like I said, it is not active.
  20. No. It is best to leave as-is. As noted it is a special OS construct. If the Recycle Bin shows empty, perhaps MBAM has already moved the item into Quarantine. If you still have that report, go ahead and choose "Quarantine Selected".
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.