Jump to content

David H. Lipman

Experts
  • Posts

    20,838
  • Joined

  • Days Won

    244

Everything posted by David H. Lipman

  1. So you are saying that Windows Defender still pops of a notification that of Trojan:HTML/Phish.BBU!MTB being found after a Cache clearing?
  2. As the Microsoft provided name indicates it is a trojan and not a virus. Trojan:HTML/Phish.BBU!MTB Phish are about harvesting credentials or Personally Identifiable Information (PII). For example a Bank Phish may try to harvest login credentials to a local or state run bank. It could try to harvest a Gmail account or a Yahoo account Logon Name and password. If it is a fake package Phish they may try to harvest your mailing address, name age, Credit Card and other PII. That is what a Phis does. Once the actor harvests the data, they may use it against you. But you would have had to view the content of that Phish (in HTML format which is the code for rendering content in a Browser) and the provided real information. As a residual disk file it does nothing but like Microsoft did, it can be detected. If you completely clear the Cache then it will be removed. If you Sync your Chrome data, it can be moved back onto your PC.
  3. It may be an email in the Google Cache. It is just a HTML File for a Phish. It is not a virus. It is only an issue IFF you you fell for the Phish and supplied User Credentials that would compromise the site(s) those credentials represent. Clear cache & cookies On your computer, open Chrome. At the top right, click More . Click More tools Clear browsing data. At the top, choose a time range. To delete everything, select All time. Next to "Cookies and other site data" and "Cached images and files," check the boxes. Click Clear data.
  4. It was not a "shock", it was a hassle. The eradication process was a manual time consuming endeavour.
  5. I was a Value-Added Reseller technician. When I was installing a Novell Network at a North New Jersey manufacturer I noted before copying software and data from older PCs to new AST Computers, one of them had a NYB virus, a boot-sector infector. I had to clean the source PC and all floppy disks using McAfee software and eradicate it from that company's assets before the upgrade could proceed to the new system we were installing. That was the impetus of obtaining a greater understanding of "malware" and associated malicious actions and activities.
  6. I have spent decades studying malware and malicious activity. I was also a Malwarebytes' employee as a Malware Researcher years ago.
  7. You have already asked, in multiple Off Topic Locations, and one query was moved here and it has been answered in General Chat. If you are worried over this Roblox Account Manager, do not use it. It is that simple. Thank you for understanding.
  8. No, sorry no books or web sites that I can refer you to. Let me give a little more information and maybe more clarification. A decade or two ago, the volume of malware was not what it is at Today. Viruses were much more prevalent with many being sent through email such as the Melissa virus (worm) and file infectors such as Virut and Parite and the volume of trojans was such that one could assign a particular family name. A malware may have a preface. That could be like "Win32/ or W32/ [Win64/ or W64/] or "Win32. or Win64. [W32. or W64]" where the "/" or "." is the delimiter. Then comes the name such as Oscarbot. Then comes another delimiter followed by the variant. That may also be followed by another delimiter such as "!" or "@" followed by a qualifier. Examples: W32/Oscarbot.KD , W32.Wargbot , W97M/TrojanDropper.Lafool.NAA , W32/Bagle.DW@mm In the above; W97M/ == Word 97 Macro @mm == Mass Mailer The problem became where different companies assumed their own "take" on the standardization and also name. For example all of these detections are fore the same worm known commonly as the BlackWorm Aladdin Knowledge Systems: Win32.Blackmal.e Authentium: W32/Kapser.A@mm AVIRA: Worm/KillAV.GR CA: Win32/Blackmal.F ESET: Win32/VB.NEI Fortinet: W32/Grew.A!wm F-Secure: Nyxem.E Grisoft: Worm/Generic.FX H+BEDV: Worm/KillAV.GR Kaspersky: Email-Worm.Win32.Nyxem.e McAfee: W32/MyWife.d@MM Microsoft: Win32/Mywife.E@mm!CME-24 Norman: W32/Small.KI Panda: W32/Tearec.A.worm Sophos: W32/Nyxem-D Symantec: W32.Blackmal.E@mm TrendMicro: WORM_GREW.A You can see that became as issue. So Mitre Corp., a quasi gov't contractor, was tasked to create what became known as the Common Malware Enumeration (CME) cross reference list. The BlackWorm was listed as CME-24 and a vendor may append !CME-24 to the vendors detection name as Microsoft did in the list above. But the volume of malware was burgeoning and that too became untenable and the naming convention almost completely fell apart. Today many thousands of trojans are created on a daily basis and vendors decided that the detection as a fact is MORE important that the name so many may show detections with word names rather that a family look Koobface, ZBot, RBot, zlob, Koobface but occasionally some new family may arise and the detections will use than common name. Today we recognize three major sub-types of Malware (A portmanteau blend of MALicioius and softWARE) being; Viruses, Trojan and Exploit code and each is like the trunk of a different tree that branches out into; branches, twigs and leaves. Unfortunately there are common misperceptions. The most common is calling everything a "virus" that one "thinks" is malicious. To deal with malware and help prevent getting infected one must understand what malware is so they can best protect themselves, their platforms and their information. Just like you don't treat the Hepatitus B virus with and antbiotics like Erythromycin, identifying what the malware is can help in both prevention and cure. Knowledge is the best preventative medicine.
  9. No, Sorry... I just edited my reply. Please read.
  10. It really isn't the function of this forum to determine the safety of software. That being said... Here is the Virus Total report on the EXE file... https://www.virustotal.com/gui/file/cdb0a360cca7a5099c2d2357be1a833e032ffdeb3f467a6fac845f6bb77031c9/detection From the report; First Submission 2023-06-04 It has a low detection count for something being known to Virus Total vendors for ~7 months. While it does it does not appear to be malicious, I won't categorize it as being "safe." EDIT: Please do not Multi-Post as well as please verify you are posting On Topic for a given sub-forum. The False Positive area is not for asking if a software is safe. It is only if you question when Malwarebytes software detects something you believe to be false. The Forums Announcements & Feedback area is only if there is something that is specific to the Malwarebytes' Forum such as you want a post moderated or you need assistance with your Forum account.
  11. @Paranoid_Friendoid You are talking about "classification" of a given malware file. There is a taxonomy to malware based upon its functionality, processes and causalities. The taxonomy is not unlike that given to animal and plant species. As you move down a classification branch, it is possible that two sub-types may be misclassified. For example take a particular vegetable such as Broccoli (Brassica oleracea) which is in the family Brassica. It is possible that a given plant could be misclassified as Brassica carinata. However it is unlikely to be misclassified as a member of Apiaceae. Another way to look at this is like a human infection. A Virus infection diagnosis can not be confused with a Bacteria or protozoa infection even though symptoms may overlap. Adware and worms are two distinctly different sub-type of classification. Adware is a sub-type of trojans and need assistance to get installed on a PC. It could be through Social Engineering (the Human exploit) or it could be through a software exploitation or by by another malware infection such as by a trojan downloader. Worms are a sub-type of viruses as they do not need assistance to get installed on a PC, instead they autonomously spread from PC to PC. Two examples are AutoRun Worms and Internet Worms. Both spread autonomously but use different methodologies. One uses the AutoRun/AutoPlay facility such as when you place an infected Flash Drive in a USB port. The other uses network protocols such as SMB and SMTP. There are cases where a given malware sample is multi-faceted. Such as a Downloader trojan infected with a file infecting virus such as Virut. In a case like that, the virus declaration will have the higher precedence.
  12. Please reference the below Malwarebytes Lab's article on Browser Push Notifications. See if removing Push Notifications in Firefox resolves your issue. Look for the section "How do I disable them?" Browser push notifications: a feature asking to be abused Google Chrome: Turn notifications on or off - Google Chrome Mozilla Firefox: Web Push notifications in Firefox Microsoft Edge: Manage website notifications in Microsoft Edge Apple Safari Customize website notifications in Safari on Mac
  13. Thank you. It is not a Phish. It is some entity trying to obtain monetary gain through a referral to the Malwarebytes store; store.malwarebytes.com which is legitimate. We have been seeing numerous posts and submissions of people getting spam email with FakeAlerts and Renewal notices not by Malwarebytes but in the name of Malwarebytes. I am also seeing ads pushing fake Malwarebytes License Renewal advertisements on AOL (Yahoo) Webmail. References: Verify subscription renewal email is legitimate Fake renewal emails being received Malwarebytes' Blog: Software renewal scammers unmasked
  14. Adware is a class of malicious software that is all about advertisements for products and services and for revenues received for directing victims towards sites and product lines. While they modify some OS constructs there are few if any adware related malware that may change network settings. If malware does, it is not adware but something else. The fact that one lost Internet access is not indicative of a virus. Viruses self replicate. That is they are a class of malware is that can autonomously spread from file to file or computer to computer. Adware is not sub-type of viruses and they do no autonomously spread. You are tenuously stringing together many concepts into one.
  15. Please reference: Please read before posting a possible FP Then post a Log of Malwarebytes blocking a Web site.
  16. Thank you Pieter Arntz I want to thank Pieter Arntz for the many informative Malwarebytes' Blog posts. Every time I look, he has covered a new important topic. kudos ! Malwarebytes' Blog Posts By Pieter Arntz (Malwarebytes Malware Researcher, aka; @Metallica)
  17. Ring curtails law enforcement’s access to footage {BTW: Ring LLC is an Amazon subsidiary} Posted: January 26, 2024 by Pieter Arntz In its blog, Ring brings up a lot of endearing examples of how its Neighbors app has helped families locate lost pets, and even lost family members, and how it has been used to share critical information during disasters and emergencies. But if there is one thing history has taught us, it’s that eventually computer vision will be used for surveillance purposes against human beings. For example. the EFF warned on a previous occasion about self-driving cars: “The sheer amount of visual and other information collected by a fleet of cars traveling down public streets conjures the threat of the possibility for peoples’ movements to be tracked, aggregated, and retained by companies, law enforcement, or bad actors—including vendor employees. The sheer mass of this information poses a potential threat to civil liberties and privacy for pedestrians, commuters, and any other people that rely on public roads and walkways in cities.” Combining the information with that of CCTV cameras, Ring doorbells, delivery robots, and what have you, brings us closer to 1984, rather than steering away from it. Being able to combine the gathered information with AI driven tools at some point, makes it only scarier.
  18. I have seen numerous mutations of the name "Malwarebytes" with "Malewarebytes" being a common one. But "Mailware Bytes" is a new one !
  19. FTC Launches Inquiry into Generative AI Investments and Partnerships
  20. As I am not a subscriber nor am I versed in the their process or product, Malwarebytes' Staff would have answer those kinds of questions.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.