Jump to content

CaptainHindsight

Members
  • Content Count

    29
  • Joined

  • Last visited

About CaptainHindsight

  • Rank
    New Member
  1. I think that one of my relative's was tricked into letting someone take remote control of his computer a few weeks ago. Full details are below. My ultimate question: if he actually let someone take remote control of his computer, could they have infected it so deeply that it is hopeless to try and clean it? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Full details: Wednesday evening (2 days ago) I emailed a 90 year relative's in law that I wanted him to run a Malwarebytes scan before I come to visit him this weekend. (I had been planning to do several computer chores for him, such as swap his hard disk with an SSD. I wanted a Malwarebytes scan done before I show up just to ensure that his computer has no malware before I possibly clone his hard disk.)He emailed me this back yesterday: Oh no. Sounds like a classic scam. A brief web search found similar accounts: https://www.bleepingcomputer.com/news/security/mcafee-tech-support-scam-harvesting-credit-card-information/ https://community.mcafee.com/t5/Consumer-General-Discussions/Elaborate-Scam/td-p/589738 My relative forwarded me some emails sent to him by that company. The call themselves "AS Clout" but also seem to identify with asknet. They give this as their contact info: A web search for that US phone number 415-449-5700 found this page https://www.bbb.org/us/ca/san-francisco/profile/ecommerce/asknet-inc-1116-193791/complaints and the 03/18/2019 complaint sounds exactly like my relative's case. We called up his credit card company in a conference call and disputed the charge for 399.99, cancelled his existing credit card, and asked for a new one. The lady at the credit card company said that there were no unusual charges on his card, just ones he has made in the past. If I understood her correctly, that lady also claimed that the firm that billed the 399.99 is known to them and is not a hacker. Maybe not, but at a minimum they are scum who prey on vulnerable people like my relative. I then had my relative uninstall everything McAfee related from his computer. I think that he said that there were 5 McAfee programs. When that was done, I had him download and install Malwarebytes and start a full threat scan on his entire computer. It started last night and is still running now, maybe 9.5 hours later... (My relative has long complained that his computer, a cheap Dell all in one, is agonizingly slow. This is why I originally wanted to replace his hard drive with an SSD.) What I want to know is if my relative's computer hopelessly infected at this point. If he truly let someone take remote control of his computer, could they have installed malware so deeply that nothing can restore it? Say, with malware embdedded in his firmware or something? I tried to probe my relative exactly on what happened. His memory is fuzzy. He cannot recall for sure if he downloaded a program that let the other person take over his computer. He also said that even when the person claimed to be working on his computer, he saw almost no activity (e.g. his mouse rarely or never moved?). It is not obvious to me if his computer actually was taken over. If I replace his existing hard drive with the new SSD that I bought him this weekend, I am likely going to use Dell's operating system recovery approach to cleanly install Windows 10 on the SSD. https://www.dell.com/support/article/us/en/04/sln299044/how-to-download-and-use-the-dell-os-recovery-image-in-microsoft-windows?lang=en
  2. Thanks for your reply and for confirming my understanding. Old style mechanical hard drives have been pretty durable for years (a few decades?) now. The sole concern that I am aware of is with SSDs. It is true that SSDs do have write limitations. Key specs to look out for are "Drive Writes Per Day" (DWPD) and "Terabytes Written" (TBW). For example, my latest laptop is a Dell 7530 Precision Mobile Workstation with a Samsung 970 EVO 2 TB SSD. Its product page gives a "Terabytes Written" spec of "1,200 TBW with a 5-year limited warranty, achieving 50 percent higher than the previous generation". That's 600 full drive writes. However, since when has reading an SSD been an issue? To my knowledge, massive disk reading is almost all that a full disk malware scan should be doing, but almost no writing. So I see zero issue with doing full disk scans and SSD degradation. I have been doing full disk scans for ~5 years on my old desktop's SSD, an Samsung 840 EVO 500 GB, and I have seen zero issues with it so far. Samsung Magician reports the drive's status as Good. Thanks a million! There has to be many others like me who want this. I have zero problem if you limit this feature to your Premium product. One feature needed in the CLI: I should in the GUI be able to save a named custom scan configuration, and then refer to that custom scan as a command line argument. Much better than supplying a dozen command line arguments.
  3. MBAM: I really hope that you are looking at this thread. I am a Premium user and I have a huge need for command line support I want to run a full MBAM scan every day as part of a suite of nightly processes. The only way to properly do this is to have a command line script that says "do process 1" and then when that is over "do process 2" etc. But because MBAM lacks command line support, I have to resort to scheduling scans. But that is a deeply inadequate substitute, because all the processes in the suite have variable execution times. So, with scheduling, I am forced to make very conservative assumptions about execution times, and this causes the entire suite to take 3X longer to completely finish than it ought to.
  4. Reading the wiki link on reCAPTCHA more, is MBAM using the NoCAPTCHA version? The wiki link says: "Because NoCAPTCHA relies on the use of Google cookies that are at least a few weeks old, reCAPTCHA has become nearly impossible to complete for people who frequently clear their cookies." I clear my entire browser cookies every time that I shut it down, which is more than once a week. Furthermore:
  5. I just logged into my MBAM account at https://my.malwarebytes.com/en/login# That login was agonizing because this MBAM website uses the horrid reCAPTCHA as an extra layer of alleged protection. I hate reCAPTCHA with an unmitigated passion. It took me many screens to pass that ******* test. Once logged in, I tried to file a support ticket. Once again, the website made me do a reCAPTCHA test before I could click on the Submit Ticket button. Why? I had already done that upon login?! I tried several times that pass this reCAPTCHA, but eventually had to give up. Death to reCAPTCHA. MBAM if you have any thoughts for your users, please eliminate reCAPTCHA. I think that you need no CAPTCHA at all, but if you insist, gimme something like an arithmetic problem.
  6. Also: could a Russian IP address have an innocuous explanation, such as, since I was sharing a file, maybe there was another ordinary person in Russia who simply wanted to download it as well? Also, strictly speaking, 46.172.212.116 is a Ukrainian not Russian IP address that points to the domain name pool.sevtele.com (if ipinfo.info is to be believed, not that that is any more reassuring...).
  7. My colleagues at the DNC tell me that that is just fine. Kidding! Thanks for adding that info.
  8. Thanks for your response. I just sent you a private message with the subject "requested files" that has the requested files. I looked at this a little deeper (the log files), and I think that my initial guess that Vuze was trying to download an auto updater was wrong. My version of Vuze is the latest, there is no update. Instead, I think that Vuze was trying to open a connection to IP address 46.172.212.116, and that particular IP address was blocked. My guess is that that IP is one that is know to you to have downloaded malware in the past to other people?
  9. While running Vuze today, I noticed that Malwarebytes Premium version 3.4.5 flagged Azureus.exe as malware. My guess is that Vuze wanted to download an updater to itself (i.e. Azureus.exe), but MBAM caught that, and decided to block it. Looking at Reports --> View Reports, I see that MBAM's Category for Azureus.exe is "RiskWare". My questions: What exactly is "RiskWare"? I have only used MBAM free in the past, never Premium (am currently on a free trial), and MBAM never identified Azureus.exe before as malware (when I manually scanned my system), so did anything change with either MBAM or Azureus.exe that might have caused this? Ultimately, I want to know if I can safely ignore this warning (i.e. create an exception, and download Azureus.exe anyways).
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.