Jump to content

David H. Lipman

Experts
  • Posts

    17,479
  • Joined

  • Days Won

    20

Everything posted by David H. Lipman

  1. PCRisk is giving very poor quality information and its not new. It is so generic and vanilla. Its made to capture the eye of someone who just doesn't know much about malware. The site is all about supplying insufficient information such that you choose I see other "guides" as well also indicate Maybe for affiliate revenue of some kind. Malwarebytes software is best downloaded directly from Malwarebytes itself and not from PCRisk. In any case Malwarebytes will handle any form of malware that topic covers.
  2. What is a "Complaint Letter Virus" ? Viruses are a distinct type of malware that are able to Self Replicate. That is they are able to autonomously spread on their own. From file to file. File to computer or computer to file or from computer to computer. Viruses are now a very, very, small component of the malware arena. When it comes to malicious software the terminology "virus" is widely abused and misused. The terminology "Complaint Letter Virus" sounds more like a colloquial term than a real computer virus name like; Jerusalem, Form, Nimda, Parite, WannaCry and Virut. As @Porthos has noted, MBAM does not target Documents 1as a letter would be. MBAM would block the malicious actions rendering a document may cause by the MBAM anti exploitation module. Computer Documents would not be viruses themselves. Malicious documents are mainly classed as Trojans as the propensity Today are documents that drop malware or download malware and do not autonomously spread. There were malicious documents in the past that did have this ability. That is the VB Macro language was used to create a Macro Virus that would infect MS Office and would subsequently infect any clean documents that were opened. These documents were then able to spread the Macro Virus to other systems. Today's documents do not contain Macro Viruses. Instead, the VB Macro Language is used to download and or drop malware and the vast majority of the payload malware are Trojans and not viruses. 1. Assuming a computer letter. One could have a US Postal "Complaint Letter" that contains something like Anthrax spores and thus could be a "Complaint Letter Virus".
  3. Newest Malware Threats is where one submits malware or suspicious files. You had posted a "text of experience" and I posted... Instead of following the directions in; I'm infected - What do I do now? you posted a sample submission. In any case, from the Virus Total Report URL, the software was first submitted to Virus Total on 2021-02-01 and it is now March 8th. The file has been known to Virus Total, and its participating vendors, for over a month with zero detections. The file is digitally signed and is not malicious.
  4. In the Malwarebytes for Windows Support Forum there is a thread that has a sequential series of Staff posts for each update whose body has information of what has been included, fixed or enhanced. There are also other good "sticky" threads to read by Staff. Malwarebytes 4.3
  5. No new high level modules have been added in a while. The core of the application went to version 4.3 not long ago. Periodically there are Component Package updates and version 1.0.1173 was the latest.
  6. What a bloody character. Fugitive John McAfee’s location revealed by photo meta-data screw-up Sure enough, the image of John McAfee with Vice’s editor-in-chief Rocco Castoro contains EXIF data that reveals, amongst other things, the GPS latitude and longitude co-ordinates of where it was taken. http://news-sophos.go-vip.net/wp-content/uploads/sites/2/2012/12/mcafee-exif.jpg Presumably whoever took the photo on their iPhone 4S had forgotten to turn off location services. http://news-sophos.go-vip.net/wp-content/uploads/sites/2/2012/12/exif-data.jpg Those co-ordinates suggest that John McAfee was photographed in Guatemala, having crossed the Belize border. http://news-sophos.go-vip.net/wp-content/uploads/sites/2/2012/12/google-maps.jpg Of course, John McAfee is a “person of interest” in a police investigation, and has not been officially accused of any crime. But it would be ironic indeed if John McAfee, a man who was a leading light in the anti-virus industry 20-25 years ago, was located by the authorities because of sloppy IT security. The lesson that all of us should learn is to be very careful about what information a photograph might be secretly carrying within it regarding the when and where a picture was taken. This wasn’t an easy article to write, as it involves someone who – although I never met him – I feel was an important element in the early years of my career in computer security. Just as I was about to post this article, I saw that in his latest blog post John McAfee claims he faked the EXIF data in the photograph to create a “fake emergency”. That sounds questionable to me. But in the strange ongoing story of John McAfee, it’s becoming increasingly hard to know what to believe.
  7. T-Mobile Faces Yet Another Data Breach
  8. Faking it: the thriving business of “fake alert” web scams ** Much more information information in the Sophos article. References: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page"
  9. I get no resolution on pctattleatle.com Looks like a typo and the site is really; www.pctattletale.com based upon the Forum name of pcTattletale
  10. I do not know what "this" email you refer to is and thus I can't determine whether you should keep it or not. I can state that that if you were part of a Breach it is an imperative to have changed the password and use a Strong Password and/or use the @AdvancedSetupsuggested, Multi-factor Authentication.
  11. Here is an actual Romance Scam email with its attached picture... One should look at the Red Flags bedsides an unsolicited Romance contact. Looking at the email, the source IP is 98.142.235.189 which is Telefonica USA, Inc. and the email Domain is terra.com.br which does not corroborate the body of the email statement "...Belarus, in the Soligorsk region". Additionally, the email is initiated by the IP; 185.220.101.137 which is a Tor Exit Node in Germany. Another Red Flag is the email is sent from one email address; "Kseniyushka Iam" <elenisemariac@terra.com.br>" and wants you to reply to: "Kseniyushka Iam" <lolikseniya@gmail.com>. Note that Kseniyushka Iam does NOT match the name elenisemariac which is another Red Flag. Below is the redacted headers of this particular Romance Scam spam email.
  12. I am running Windows 7 Ultimate/32 and I have no problem running DOS programs like Quicken v8.0 under Windows NTVDM with MBAM v4.3 in full protection mode. MBAM specifically targets Windows PE files and does not target legacy DOS and Windows applications. I have no knowledge of MBAM modifying the NTVDM, the Win32 Virtual DOS emulator, in Win32 based OS' and which is not provided in any Windows Win64 based OS'.
  13. Thank you for the clarifications. I suggest General Chat as being a a good place for discussions. In relation to frauds using a telephone number, Report Scam Phone Numbers is a good place for the submission of the Phone Number. Phone numbers are a good vector of researching and vetting a service. Google Dork on 8004859316 Looking through the results you'll find so-called support for Norton, Webroot, StopZilla, AVG , Trend Micro and more associated with that number. It is important to look for a Disclaimer that these scammers must have so their web sites are not taken down for fraud. Example:
  14. MBAM specifically targets PE binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. This includes file names that use Unicode Right-to-Left Override to obfuscate an executable file extension.
  15. Please attach graphics here. You are provided plenty of space here.
  16. Yes. Normal background OS "chatter." It will also depend on what third party software you install. Many will run stubs upon startup and they may have their own level of background "chatter."
  17. What you are seeing is background chatter. The OS communicates meta data back to Microsoft and some background processes like SSDP, STP, Shared Music Daemon, etc. Or third party installed applications "phoning home". This background communication isn't much data but a lot of different chunks of data. If you have a symmetrical 1330Mb/s trunk then this accounts for the less than 10Kb/s of background communication you see. To know more would be to load Wireshark and see exactly and specifically what constitutes the background traffic. EDIT: Here is a sample view of a quiescent Win7 platform running Wireshark to see background communications... 1. I'll assume Mb/s vs. Kb/s as no specific metric was provided.
  18. What are the results for your Upload and Download speeds using the following ? http://www.speedtest.net/ http://www.speakeasy.net/speedtest/
  19. A scan will be for objects; files on a hard disk, what's running in RAM and what keys may be set in the Registry. Scanning a hard disk is slower than RAM or within the Registry. That speed is reflected in the total number of objects scanned.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.