dvk01

nothing at all to worry about read my post that explains exactly what to do https://myonlinesecurity.co.uk/attempted-blackmail-scam-watching-porn/

The criminal gang have now switched from Mailchimp after we made it difficult for them & forced Mailchimp to clear up and started to use the Mailgun network today https://myonlinesecurity.co.uk/gootkit-banking-trojan-via-mailgun/

https://myonlinesecurity.co.uk/mailchimp-malware-campaign/

is now on 4 spam blacklists http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a52.27.44.190&run=toolpage All amazon ses mail servers get regularly listed in black lists https://www.ultratools.com/tools/spamDBLookupResult

They were being treated as spam by spamcop ( which just about ever mailserver on the planet uses as first line of filtering ) the invisioncloudcommunity ones were all being caught by spamassasin because spamcop marked them as spam . I had to set my mailserver to stop using spamcop to let them through to my users. There still will be problems until MBAM sends them themselves. Using 3rd party mail senders will always get spam detections especially spamcop. It only needs 1 malicious report to get them blocked Received: from mta111.spmta.com ([52.27.44.190]:17756) by knight.knighthosting.co.uk with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from <msprvs1=17141ZS1cv_cQ=bounces-28506-2138@spmailtechno.com>) id 1cBqfI-0003cB-1W for [redacted]@malware-research.co.uk; Tue, 29 Nov 2016 22:14:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=malwarebytes.org; s=scph0416; t=1480457655; i=@malwarebytes.org; bh=YGM3YUyoTqO+6S0a/09aA7dfol+ge0f04DjqYuf5zP4=; h=To:Date:Subject:From:List-Unsubscribe:List-Id; b=hGJn5pEPGy+cxlnyPbNHQzeEhe7K3zDxv3eSXyv2Wu81lfgIVYk9IBfSEk9f+dF31 1PM/O2sw9yryYXGwBBV871HzGSUmWsuzwJA/qkT9sGPkD3maLzLiqRXby4IiejXRNa 3fdUfMYIwSbO9M0U0FI1ytXEPfaLSO0UAzSi64ug= X-MSFBL: muV9wmZW6AM6ZUknR9dxBcytyJd7t0Ol80KO8Shvcu0=|eyJpcF9wb29sIjoic2h hcmVkIiwiciI6ImRsaXBtYW5AbWFsd2FyZS1yZXNlYXJjaC5jby51ayIsImN1c3R vbWVyX2lkIjoiMjg1MDYiLCJpcF9wb29sX3JhdyI6ImdlbmVyYWxfMSIsImciOiJ iZ19nZW5lcmFsXzEiLCJmcmllbmRseV9mcm9tIjoibm8tcmVwbHlAbWFsd2FyZWJ 5dGVzLm9yZyIsInRlbXBsYXRlX3ZlcnNpb24iOiIwIiwicmNwdF90YWdzIjpbIF0 sImIiOiJpcF81Mi4yNy40NC4xOTAiLCJtZXNzYWdlX2lkIjoiMDAwNWI3ZmQzZDU 4OGQ0ZjA1OGIiLCJzdWJhY2NvdW50X2lkIjoiMjEzOCIsInRlbmFudF9pZCI6InN wYyIsInRlbXBsYXRlX2lkIjoidGVtcGxhdGVfMTAyNDkwMTUwMTQ2MTg3ODM2Iiw icmNwdF9tZXRhIjp7IH0sInNlbmRpbmdfaXAiOiI1Mi4yNy40NC4xOTAiLCJ0cmF uc21pc3Npb25faWQiOiIxMDI0OTAxNTAxNDYxODc4MzYifQ== To: [redacted]@malware-research.co.uk Message-ID: <50.B8.20365.7BDFD385@momentum5.platform1.us-west-2.aws.cl.messagesystems.com> Date: Tue, 29 Nov 2016 22:14:15 +0000 MIME-Version: 1.0 Subject: Not receiving Forum notification emails From: "Malwarebytes Forums" <no-reply@malwarebytes.org>

Thanks Steven

I am trying to Tom

https://www.virustotal.com/en/url/73863327e32129ce27ba3c6b72a2c194aa08a23c6cc6bb0eea2e845846ea85ae/analysis/1390938554/

spam check test This post is just to find out how long it takes for the spambots to pick up and start to use a brand new email address that has never been used before and how much spam & malware can be got from it. mbam_spam@dvk01.com These tests and the malware and phishing emails obtained from this experiment will help protect lots of users because we get early copies of email based malware and phishing

2013/12/18 09:18:09 GMT DEREK-PC derek IP-BLOCK 54.230.10.190 (Type: outgoing, Port: 55550, Process: iexplore.exe) 2013/12/18 09:18:09 GMT DEREK-PC derek IP-BLOCK 54.230.10.190 (Type: outgoing, Port: 55549, Process: iexplore.exe) this is an amazon aws IP I was looking at this page when it blocked http://www.pcworld.com/article/2057222/8-1-features-microsoft-removed-from-windows-8-1.html so I assume it is an advert somewhere

Files Infected: c:\documents and settings\all users\application data\network associates\BOPDATA\_date-20110214_time-110858109_enterceptexceptions.dat (Trojan.Goldun) -> Quarantined and deleted successfully. http://forums.techguy.org/virus-other-malware-removal/980776-unable-remove-trojan-goldun.html#post7813003

Hi Bruce also seen this one just now http://forums.techguy.org/general-security/932326-what.html

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4136 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/24/2010 3:20:27 PM mbam-log-2010-05-24 (15-20-27).txt Scan type: Quick scan Objects scanned: 153332 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE] Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE] Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. [35FF61C37574A0915CF467CFD321FF14] Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE]

I will certianly ask them to