Jump to content

GammaRayBurst

Members
  • Content Count

    18
  • Joined

  • Last visited

About GammaRayBurst

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thank you for the good answers. I guess it's always a choice between ease of use versus absolute security. We live in a different time now. One thing I had done fairly recently that was different was that I had used the free wifi at our local public library, about 6:30pm on a Saturday. That may have opened me up to something. A couple more questions: What user information is malvertising like that able to grab from the browser and/or my system on my phone? I worried that my gmail passwords could have been compromised, because my phone automatically reconnects to my two different Gmail accounts. Is most ransomware today directed toward larger enterprises with more money? I was just listening to NPR radio this afternoon, which had a segment about ransomware against city governments. The ransom was over $400K. I've also heard of hospitals being attacked, so I was thinking that maybe they've shifted to attacking enterprises that: a) are critical to the functioning of government or healthcare services; and b) have deeper pockets than individuals. Or are there still a lot of individuals falling victim? I almost never click on unknown websites, but this malvertising is always a source of danger. I don't mind the ads for things I've recently shopped for. I suspect it's the sites that pull just random ads that are the problem, as it's the luck of the draw with those. It's a lot like playing Russian roulette every time you pull a random ad. I don't see why malvertising can't be stopped. The screening on those definitely needs to be beefed up. Was I right that if I had clicked on any of the "alarm" buttons on this particular "You have won," then there could have been either identity theft or ransomware behind it? As always, thank you for your help.
  2. Hi Nathan. I didn't want to do that "responding to my own post" thing before I got a reply, as I know that's sort of frowned upon. Yes, I was certain that it was Chrome browser related after reading on an androidcental forum that I should boot into safe mode, delete the Chrome updates, then reinstall, which I did. (Does doing that delete the former browser cache?) I figured out the installation issue. Ever since I added a 32GB SD card to the device, it has been installing all apps to the SD card, not sure why. While looking at my apps list in Safe Mode, I took note of which apps were grayed out and off limits while in Safe Mode. I suddenly noticed a pattern----they were all apps installed on the SD card. I then realized that the SD card was probably not mounted in Safe Mode, and I would probably need to uninstall MBAM, reboot into normal mode with SD card mounted, and reinstall... I did that, and I was able to install the Premium version just fine, came up on Google Play Store page with the Open button, etc. (Apparently when the install fails for ANY reason, the Google Play Store message defaults to "the beta program is full." ) I did a scan, and it came up clean. So far, knock on wood, it has not recurred. And with MBAM installed, hopefully no redirects. I know that it does a great job on my desktop computer. *** I noted that the "You have won..." looked like an alarm going off. It had the red dismiss button and the yellow snooze button. But it said "Event" in tiny letters, and was blocking the function of the Home button. I can't recall if I tried the Back key. (I tested an alarm, and it says "Alarm" in tiny letters, not "Event." Plus, the Home button still retains its function.) How is it that Chrome adware could inject such a thing---overriding Home button function---when my phone isn't jailbroken? You wouldn't think Google would give ANY app that sort of override. *** Does MBAM for Android protect against ransomware if you don't use the Administrator function? I know that these days most malware is probably ransomware. Or at least a very high percentage of it is? If I do use the Admin function, it enforces a screen lock with a strong password? My only complaint about that is that the screen lock is activated every time the screen times out, which on mine (to save power) is five minutes. So, every time my phone times out, instead of simply swiping, I'd have to enter a strong password? If that is the only true way to protect against ransomware, then I guess I'd need to seriously consider it. It's annoying that we have to suffer such inconvenience to simply use our phones.
  3. Hello, Late yesterday afternoon I got what I'm sure is a virus on my phone (possibly as a result of using the free wifi at my local library). It was an alarm "event" that was going off, saying "You have won an iPhone..." with options for dismiss or snooze. I knew that you never want to click on something like that, so I didn't want to use the buttons to dismiss it. I clicked the home button, but it didn't work. So I powered off the phone and restarted. The alarm event was gone, but then I started seeing notifications saying the same. They had an odd icon to the left of them, nothing I wanted to click on. I swiped right to dismiss them. The first thing I did was go to my PC and change the password on the two Gmail accounts that I usually leave logged in. I read something I found through a Google search that said it may have been related to Chrome, so I closed the browser, and the notifications seemed to stop, but I don't know what might remain infected. I booted into safe mode, reconnected my Google accounts, then deleted all the updates in Chrome, and reinstalled the browser. I have not re-synched it at this point. I knew that I need an anti-malware app, and have Malwarebytes on a desktop computer, so I searched Google and found a page at support.malwarebytes.com/docs/DOC-1308, which directed me to go to Google Play Store and type in "Malwarebytes for Android." I went through the installation, but when I went looking for the app on the apps list to open it, the app wasn't there. Neither was there an "Open" button on the Google Play Store page. Then I noticed that on that same page was a section titled "Beta program is full," and underneath that: "The beta program for this app is currently full." Thinking that I had installed some beta app by mistake, I uninstalled it, then went to Malwarebytes's main website and followed a link for the Premium Malwarebytes for Android app, then clicked through to Google Play Store for the premium Android app, which seemed to have a different title, "Malwarebytes Security: Virus Cleaner, Anti-Malware." I went through the whole installation again, but again noted no app in the apps list, and a message that the "beta program is full." However, the app shows 10M+ downloads! That sounds wider than a beta program to me. What's odd is that, in both cases, there actually IS an app listed under Settings >> Application Manager >> Downloaded apps, saying Malwarebytes 60.16 MB. The Google Play Store page says that the app is version 3.7.2.1, and was last updated August 5, 2019. Even after restarting (back into Safe Mode), it's still not listed in my apps list (only under Application Manager >> Downloaded). Somewhere I read (but now can't find it) that the app supports version 4 point something and above. I have Android version 5.1.1. (It's a cheapie Samsung prepaid phone that I bought a couple years ago, but Verizon hasn't pushed down any system update since early 2018.) So, what gives? Why can I not get this app to fully install and run? Is this an effect of the virus? Or might there be another issue preventing a completion of the installation, such as space requirements? (I have ES File Explorer, but it can't be run in Safe Mode, so can't check space.) Oddly, I don't believe I see a folder for it under My Files, but then it might be hidden. Thanks for your help.
  4. Hello, I'm new to the forum, but already had Malwarebytes Premium (and thank God for that!). Here's my sad story. My Windows 7 Professional 64-bit computer had been connected to a LinkSys AC1200+ wireless router, which was connected to a 3com OfficeConnect hub/switch, which was connected via the uplink to a gateway provided by TimeWarner/Spectrum Business Class. But the other night, the hub/switch failed, and I couldn't get on the Internet. For a while, I connected the computer directly to the gateway, via one of its four ports on the back. (I reconfigured the computer's IP and DNS to a fixed IP address.) It probably was this way for less than a day. I suddenly noticed, though, some strange things: (*) McAfee LiveSafe (which I had in addition to Malwarebytes Anti-Malware Premium, because it came with the computer) was trying to register new. It appears that something took it out. (*) I started getting messages, seemingly one every 5 to 10 minutes, from the real-time protection from Malwarebytes that it was blocking various attacks. I then realized that being connected directly to a port on the "Wild Internet" was really dangerous. So I pulled the plug. At this point, my Wifi finally came alive (honestly, I had never figured out how to force it to do that when connected via Ethernet, but the cable being plugged in seems to have prevented that---I never thought of that!). I'm now connected through the LinkSys AC 1200+ wireless router. The Wireless connection is configured for DHCP, so I should be safe from picking up any new infections?? (At least, that's the way it was before. The LinkSys wireless router is sitting on the Wild Internet, but it is password protected with a good strong password---NOT admin!) I have been alarmed at some of the threats that have been blocked, as they are outbound attempts to connect to a site in Russia at a single IP address, attempting the connection through many different obscure port numbers. The site's two variations are either wmi(dot)my0115(dot)ru or down(dot)my0115(dot)ru and the IP address is 78(dot)142(dot)29(dot)114. There seem to be three executablea that were blocked from connecting, one classified as RiskWare, and the others as Unspecified. The RiskWare is coming from C:\Windows\System32\lsass.exe. The Unspecified are the following: C:\Windows\System32\wbem\scrcons.exe and C:\Windows\System32\svchost.exe. The odd thing is that my Malwarebytes Anti-Malware Premium scan comes up clean, even though I'm still getting messages every so often that another attempt has been blocked! Does this indicate that something is masquerading as a system (whitelisted) program?? (If this is the case, then would running a threat scan in safe mode pick it up?) Here are some miscellaneous things that may be additional infections or part of the same: (*) There were two files that were caught and quarantined: 1) First was "Backdoor Zegost" at C:\adg.exe; 2) Second was "RansomWannaCrypt" at C:\Windows\mssecsvc.exe" Microsoft Security Center says that this file should not be allowed to run, associated with ransomware I think. (*) While backing up some files to DVD-ROM, I noted an odd file in the Documents directory. It is called adxloader.log, and when I opened it with Notepad, it looks as though it was loading things into the Registry maybe. Since I noticed it, it had been modified to a later date, but maybe this happened as a result of opening the file with Notepad. Maybe it's something legit, but I don't recall ever seeing it before. And the stuff inside it looks pretty malicious if it isn't something legit. (*) There is one other thing---maybe it's normal, or maybe not. When I went to try to retrieve the log file from Malwarebytes Threat scan the Documents and Settings folder shows with a padlock icon over it, and says "Access Denied" when I click on it, EVEN WHEN RUNNING WINDOWS EXPLORER AS ADMIN. Is this normal? Maybe this is for safety?? I was able to view the required logs and save them elsewhere, so not critical, but thought I'd ask. I will attach the following files to this post: 1) The MalwareBytes Threat Scan Log (which found nothing), which I called MalwareBytesThreatScanLog.txt; 2) The FRST scan log, FRST.txt; 3) the Addition.txt log; 3) Samples of the MalwareBytes blocked threat reports from the Russian site: They are called MalwarebytesBlocked_1.txt, MalwarebytesBlocked_2, MalwarebytesBlocked_3, MalwarebytesBlocked_4 and MalwarebytesBlocked_5; 4) the adxloader.log file, re-saved as a text file. I think that's all. Let me know if you need something else. My Windows updates are really out of date, sad to say. The updates got stuck at some point, and HP "Smart Friend" deleted a bunch of stuff, including Malwarebytes Anti-Exploit Premium, and really screwed everything up. They wiped out all of the pending updates. But I've been very ill and haven't had the energy to deal with it. I do have a backup I made when I got Acronis Backup, when the system was fairly new. And of course there faling back to a configuration from a few days ago before the hub started failing is an option. I keep all of my important files on a portable drive, though. I won't do anything at all, such as put in the replacement hub I just got through the mail today, until given the okay. I especially won't restore my direct wired connection yet, as this would require reconfiguring my LAN connection, and I don't want to make anything worse. Thanks for your help. MalwareBytesThreatScanLog.txt FRST.txt Addition.txt MalwarebytesBlocked_1.txt MalwarebytesBlocked_2.txt MalwarebytesBlocked_3.txt MalwarebytesBlocked_4.txt MalwarebytesBlocked_5.txt adxloader.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.