Jump to content

David H. Lipman

  • Content Count

  • Joined

  • Days Won


Everything posted by David H. Lipman

  1. Like... What ? Sitar and Tabla based ?
  2. You can directly attach graphics here and it is preferred over using 3rd party sites.
  3. No. If your site is not found to be under any predicate reason to be blocked, it will be exempted based upon your post.
  4. It is not really a particular site. The .TOP Top Level Domain ( aka; TLD ) is rife of malicious activity.
  5. So far I can't find a Common Vulnerability and Exposures listing in Apple Bonjour for what's been purported.
  6. Yes. You have indicated a change of Password. As long as it us a Strong Password and you secure it your email is "safe to use". The haveibeenpwned.com web site data is static. It shows that a Breach Event occurred and an email address was harvested associated ( and possibly its password ) with that event. That static information will not change. It happened. It as Past Tense. Based upon the information provided the affected individual changes their habits and associated Password(s). After making note of the event and subsequently making changes to their habits and their associated Password(s), the affected individual is done. With the information that the individual has gained from the experience, they will hopefully not fall for future Blackmail email scams and they will have a better understanding of current events.
  7. It was a scam. They survive off people's fears. It is a type of Social Engineering which is the Human Exploit. In this case, the threat actors are attempting to exploit those fears.
  8. Chris: For the 1st issue: I was able to reproduce the F/P by creating the sub-directly tree noted [ E:\PRODUCT KEY FINDERS\PRODUKEYZIP\PRODUKEY ] and dropping NirSoft's ProduKey.exe utility in that folder. At the same time it was not flagged in c:\tools\ProduKey.exe EDIT: Note this is v1.93 ProduKey.zip
  9. That may be a spam redirection URL. It goes to... https://go.click-transit.info/go/97ef554e-e181-4886-bfef-6d438d5ebdf9?SMSid=0910U1&MSGid=Q4&DPid=FD At the present, under "my conditions" it redirects to Google USA.
  10. Yes ! If you used that password ANYWHERE you need to change it at any and all of those sites where it had been used.
  11. The objective then is have MBAM exclude that PUM detection from further scans if that modification is desired.
  12. At one time you used that password with an account that was subsequently breached. That's how they have said password. If they did have your PC under their control, they would not need to send you an email. They would make changes to said PC to make it apparent that they have control over it. For example, instead of the text being in an email, it would be a text file placed on your Desktop or in a graphic used in a changed Background Picture and other more obvious methods that prove that malicious software is on your PC.
  13. Please correspond on this issue subsequent upon your Post #23 in the topic; FYI: Email Blackmail Scam still current
  14. No. As noted, these emails are sent en masse. What were the results here; https://haveibeenpwned.com/ ?
  15. If you were given the URL; https://id.yahoo.com You will get the Indonesian Language version of Yahoo!
  16. I don't, in any way shape or form, support Apple and Android. All I can say that the text was Indonesian and had Yahoo! related text. How the content was delivered to you is the key here. Was it an email ? If yes, I want to see the Full Headers and Body of the email ( aka; raw email ) Was it a web site ? If yes, I want to see the full URL. What happens if you "close" everything and go straight to; https://www.yahoo.com/ ?
  17. They are called FkeAlerts because these web sites falsely alert the site visitor to an event that does not or did not exist All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened or buy some software. In the case of Tech Support scammers, they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. I have created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version They are all a kind of malicious advertisement ( aka; malvertisement ). Using Task Manager and Killing the; Edge, IExplore, Chrome, Firefox, etc, processes is very effective once you are affected by these FakeAlerts. Right now, to block it means Malwarebytes needs to know the URL to block. If you can provide the URL it can be added to the list for Malwarebytes sites to block. Submissions of suspect and malicious URLs can be performed in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum Reference: McAfee FakeAlert Malwarebytes has created new Browser Add-Ons called Malwarebytes Browser Guard for Chrome and Firefox to mitigate FakeAlerts and other frauds. Browser Add-On references: Malwarebytes Browser Guard Malwarebytes Browser Guard Extension for Chrome Malwarebytes Browser Guard Extension for Firefox Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  18. Indonesian - Google translation based upon graphic OCR.
  19. The presence of a HTML file may indicate that this is not a HTML.FakeAlert but actually may be a Win32.FakeAlert. Web sites don't drop HTML files in %ProgramData% . That is why I have brought in another person so he can do a Log Analysis process with you.
  20. What is the Phone number you left out in Post #1 ? You can't just use the mouse and choose the file ( Highlight the file ) and hit the Delete key ? I am bringing on another person: PING @AdvancedSetup
  21. I don't know. I have not seen that. Maybe if you click on the running icon in the task bar you can bring the Task Manager Window to the forefront. The thing about Killing IEXPLORE.EXE process in the Task manager is that there will be several and with some, new IEXPLORE.EXE processes will be created. One has to be persistent to kill all of them. I suggest using Mozilla FireFox combined with Malwarebytes Browser Guard instead of IE if this is a recurring issue and you have not identified the web site that initiates the FakeAlert to avoid it.
  22. Yes. I have seen literally a few thousand and I have found malvertising URLs that will guarantee or almost guarantee a malvertisemt every time you "hit" that URL. These Microsoft HTML.FakeAlerts are specially crafted to "abuse" the browser and draw an ever increasing amount of resources. That dogs down the computer to what appears to be quite detrimental. Sometimes you have no choice but the hit the reset button. Other times you just have to have patience for your "Ctrl-Alt-Del" Hot Key sequence to get its change so you can kill the browser process. This abuse of Browser coding is done to lend credulity to their scam. The important thing to remember FakeAlerts ( as seen in my ScreenShow and/or videos ) emanate from the Internet. As such it is not about what software is on your PC but about what web sites you visit and one's browsing habits. For example there are certain porn sites that have a greater propensity to exhibit a FakeAlert. If you are on Windows, a Microsoft FakeAlert. If you are on an Apple iPhone or MAC, you will see an Apple FakeAlert. Then there are sites that don't care who they do business with when it comes to advertisement revenue. Or when one marketing company outsources to another. Then the malvertisement may be rotated in or randomly displayed. As I have explained in other discussions I have seen fake Mozilla Firefox malvertisements emanating from the Weather Channel web site. There was a case where members visited AllMusic.com and on rare occasions they got a Microsoft FakeAlert. The reports were few and reproducing it was difficult but finally I was able to coax a Microsoft FakeAlert from a visitation. It was all discussed in This Thread. Reference: Post #20 Therefore, think about your Browsing habits. If its reproducible, we can get it blocked. Using Malwarebytes Browser Guard can help mitigate the receipt and actions of a FakeAlert.
  23. It seems to be that issue to me. The Sub-Forum heading shows unread content but when you dig into it there is no unread content, You have to mark the Sub-Forum as Read.
  24. Yes. Seeing it Today. Shows Unread Content.... However... All Content has been viewed.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.