Fake Paypal site

[webdandy]

Hi,

Recently read https://www.bleepingcomputer.com/news/security/fake-paypal-site-spreads-nemty-ransomware/ which details info on a fake Paypal site and the Nemty Ransomware.

The article says "Fortunately, the malicious executable is detected by most popular antivirus products on the market. A scan on VirusTotal shows that it is detected by 36 out of 68 antivirus engine." however based on the Virus Total scan it looks like MB doesn't detect the ransomware.

Can you advise if this is the case or if MB does in fact detect Nemty?

Elaine

 

 

 

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

1. Download Malwarebytes Support Tool
2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
3. Double-click mb-support-X.X.X.XXXX.exe to run the program
   • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
4. Place a checkmark next to Accept License Agreement and click Next
5. You will be presented with a page stating, "Get Started!"
6. Click the Advanced tab on the left column
   
7. Click the Gather Logs button
   
8. A progress bar will appear and the program will proceed with getting logs from your computer
   
9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
       

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

[SPDIF]

If the ransomware protection is on in Malwarebytes Premium, it will protect against ransom as it looks for suspicious activity and block it. Hence a real detection is not needed in this case.

Also your browser will firstly already warn you that this site is dangerous! So this also means that user behind the keyboard, totally has to be ignore this warning!! Doing so is  at your own risk. If you go ahead anyway and even click the download button, Malwarebytes will see suspicious activity and block this ransom. Also keep in mind that Virustotal is not always 100% accurate.

Further you posted in the wrong section, here you talk about problems and support with Malwarebytes.

[webdandy]

Apologies if this was the wrong section. For future ref where would this type of query be best to post?

[SPDIF]

In this section there are specialists that can help you further with this.

newest-rogue-ransomware-threats/

[webdandy]

Thanks. I've taken a note of the section.