Jump to content

David H. Lipman

Experts
  • Posts

    20,836
  • Joined

  • Days Won

    244

Everything posted by David H. Lipman

  1. Data Privacy Week
  2. You still can. It just means don't use Safari due to its architectural limitations. Use Mozilla Firefox instead.
  3. Hopefully, it will NOT happen again. IFF it does, Malwarebytes will need a Log Analysis to see why you have a recurring problem.
  4. Please try; http://downloads.malwarebytes.com/file/mb4_offline It will download the full offline installer and update the product to the latest version.
  5. Malwarebytes was detecting the file in question as; MachineLearning/Anomalous.100% So I submitted the file as a possible False Positive in the appropriate file based submission sub-forum in; Possible F/P - MachineLearning/Anomalous.100% My suspicions were correct. Staff have Whitelisted the file. It is not malicious. Please see miekiemoes' reply. ** Now you, the consumer of said Capcom game(s), should contact the author, and ask if they are to use the Enigma Protector to protect their intellectual property rights, why they don't Digitally Sign their files to avoid such detections and the ensuing confusion.
  6. A large number of detections on this with Malwarebytes detection as; MachineLearning/Anomalous.100% Use of Enigma Protector may be at detection's root.
  7. At least the post of the Picture of shredded paper wasn't shredded.
  8. I just tested two more email addresses. Both received...
  9. The Malwarebytes' Digital Footprint Report and others get databases of breaches and those databases will be cross referenced when provided your email address. If it is found in a Breach it will then check if the data breach it was found in has an associated password. If YES, the emailed report may provide an obfuscated password found in an undisclosed breach I tested 3 email addresses. All three showed my IP address. But that was discerned when I supplied my email address in the Digital Footprint Report web form. One email address provided a faux identity telling me incorrect information on my name and my Postal address with an obfuscated old password. Another email address had and old password associated with one breach. However, I can say that while have i been pwned? indicated zero breaches, Malwarebytes indicated one breach but that breach was undisclosed. The last email address was indicated to be in one undisclosed breach and that's it. It creates a curiosity to find out more and to get that, one has to subscribe. I found it interesting that Malwarebytes indicated one email address was involved in a breach that was not indicated by have i been pwned? demonstrating no service is complete.
  10. This is in reference to: KB5034441 The Recovery Partition is too small to allow this update to succeed. One has to manually expand the size of the disk partition by taking unused space away from the hard disk. It can be a difficult process for many to do. Microsoft should have coded the update do automate the expansion of the Recovery Partition if it is too small OR generate a full message of why the update can not be installed while providing a Web Page with a specific set of instructions to expand the Recovery Partition such as from 350MB to 1.1GB. Please reference: Microsoft working on a fix for Windows 10 0x80070643 errors posted by @1PW
  11. CVS, Rite Aid, Walgreens hand out medical records to cops without warrants Credit goes to @NewTricks and @1PW Pharmacies Giving Patient Records to Police without Warrants
  12. Viruses spread autonomously. Internet worms are a sub-type of viruses that use Network Protocols to spread autonomously. However, the vast majority of malware seen Today are not viruses, they vast majority are trojans. Trojans do not autonomously spread. Trojans need assistance to spread and the likelihood of a Internet Worm infection on your home LAN is extremely low. The viruses that are present Today are very well detected. This is why it is wrong to call all malware viruses. All viruses are malware but not all malware are viruses.
  13. Since the third file is not Digitally Signed it has a lower chance of being from Capcom. Some questions that arise are... Do they regularly Digitally Sign their binaries? Do they include a specialty "watermark" in their binaries? Do they publish the Checksum values of their binaries to compare to?
  14. I moved the thread to General Chat so the subject matter can be discussed. As much as there is Information on the web, there is also misinformation. For example the largest misperception is that all malicious software are viruses. All viruses are malware but not all malware are viruses. There is a taxonomy to malware and malware is a portmanteau of MALicious softWARE. Malware consists of all trojans, viruses and exploit code. Just like when it comes to cars; All Fords are automobiles but not all automobiles are Fords. And just like there are no Ford Chryslers, there are no trojan viruses. Most people don't understand malicious activity or what is really malware. They don't like the way some software works and they call it malware (or a virus) and totally mis-categorize the software. Because of the general lack of understanding and the plethora if misinformation, people will come up with their own conclusions that may steer others in the wrong direction. Games and their users fall prey to this. Games are the ultimate "trojan horse" in reference to the Greeks use a large wooden horse statue that was a gift to Troy. That was the entry point of the Greeks into to the city of Troy's enclave. So games are often used alongside malware. Unlike a virus which spread autonomously, a trojan needs assistance. Social Engineering (the Human Exploit) and Software Exploits are often used to get the malicious software into your enclave, your computer. Today we are seeing many fake Game Sites being setup offering Free Beta versions of some "game." Using Social Engineering exploiting the gamers' "desire", people go to these sites and download what is malicious software, where the installer is often hosted on Discord's CDN (Content Delivery Network). Another way is to take a legitimate Game Installer Package and wrap another installer around it that will also install malware. So games are the ultimate "trojan horse." They are desirable as a malware delivery system. The Gamer Community is aware of "some" of this but not fully understanding of how, where and what games to obtain and play. They see information about submitting a file or files to Virus Total where the file(s) can be scanned by a multitude of participating anti malware vendors, which includes the Windows Malwarebytes (Virus Total version) Engine and Signature set. In the old days when Virus Total was owned by Hspasec Sistemas, the name of the malware was quite indicative to the type of malware and the family it may be a part of. There was a fairly well adopted convention to the naming of malware detections. However Today that is not the case. Thousands upon Thousands of new trojans are introduced daily and it just isn't viable to have a specific naming convention. Anti malware vendors believe what is most important is that the malware is detected and removed, regardless of the name. Additionally each anti malware vendor has their own naming convention for heuristic detections. These are not based upon a particular signature or fingerprint but by a loose analogy logic of "If it walks like a Duck and squawks like a Duck, then it must be a Duck". But that also leads to false detections which are known as False Positive defections. So we come to the area that pertains to this subject matter. If I have a given malware file (binary) and release it Today, it may not be detected. However Heuristics may catch some new files. As time goes by and the given malware binary is in-the-wild it will start to be signature detected and it will be shared and the number of anti malware vendors detections will ultimately rise. In many cases this could be in hours but mostly in days. What if I have a really good malware I want to deploy it and it it has now become well detected? That's where packers and cryptors come into play. These software utilities allow that malware to run and work as intended but the binary is completely altered. All signatures that may have been reliably been detecting the binary will no longer detect it and thus the game of detections starts all over again. Many of these packers and cryptors are quite legitimate and are used all the time to decrease the size of the executable and to protect Intellectual Property (the code). A well known one is the "the Ultimate Packer for eXecutables", UPX https://upx.github.io/ Some are not well known and I call them; Exotic Packers and Cryptors. Game authors will use these packers and cryptors to protect their game's Intellectual Property. So that's where he paradox comes in where malicious actors use the software to make their detected malware less or undetected while legitimate software vendors use the software to protect their Intellectual Property. That's where an analysis of a Virus Total Report comes into play. A true malware file represented on Virus Total will see a large number of detections of mostly signature based detections and not of heuristic detections. If a file has been known to virus Total for months and has a very low number of defections then the file's detections may be only heuristic detections, False Positives or when it comes to Potentially Unwanted Applications/Programs (PUA/PUP) the file could be a case where a vendor's stance of what makes a PUA/PUP detection is based upon their criteria for the decision. For example the criteria for a PUP detection by Eset may not meet the criteria of Malwarebytes. So the Gamer Community sees "detections" on Virus Total and may come to the conclusion of Malware.
  15. Simply put, Games often use packers and cryptors to protect their code. And yes, their use increases the likelihood of anti malware detections. However, that does not make them malicious code.
  16. Thank You Resident Evil 5 - First Submission 2023-08-08 Resident Evil 6 - First Submission 2023-03-06 Game Server - First Submission 2022-08-02 Please reference the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected new threats in the form of disk files. Malware Hunters group Purpose of this forum All the files are too old as per the above guidelines. The Resident Evil 5 is most likely a False Positive.
  17. Comments and Suggestions ==> Malwarebytes for Windows But I believe it has been suggested multiple times already and we are still waiting for it.
  18. Yes. That is what you downloaded. I mistakenly, initially, posted the WRONG version as v6.x.x. That was wrong! My apologies for any confusion that may have made.
  19. The full offline version... http://downloads.malwarebytes.com/file/mb4_offline EDIT: Oooooooooooops did I make a mistake ! That's v4.6.8+
  20. v6.6.8+ is the latest version. v4.6.8+ is the latest version. What are you using @Meems ?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.