Jump to content

dvk01

Experts
  • Posts

    300
  • Joined

  • Last visited

Everything posted by dvk01

  1. nothing at all to worry about read my post that explains exactly what to do https://myonlinesecurity.co.uk/attempted-blackmail-scam-watching-porn/
  2. The criminal gang have now switched from Mailchimp after we made it difficult for them & forced Mailchimp to clear up and started to use the Mailgun network today https://myonlinesecurity.co.uk/gootkit-banking-trojan-via-mailgun/
  3. https://myonlinesecurity.co.uk/mailchimp-malware-campaign/
  4. is now on 4 spam blacklists http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a52.27.44.190&run=toolpage All amazon ses mail servers get regularly listed in black lists https://www.ultratools.com/tools/spamDBLookupResult
  5. They were being treated as spam by spamcop ( which just about ever mailserver on the planet uses as first line of filtering ) the invisioncloudcommunity ones were all being caught by spamassasin because spamcop marked them as spam . I had to set my mailserver to stop using spamcop to let them through to my users. There still will be problems until MBAM sends them themselves. Using 3rd party mail senders will always get spam detections especially spamcop. It only needs 1 malicious report to get them blocked Received: from mta111.spmta.com ([52.27.44.190]:17756) by knight.knighthosting.co.uk with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from <msprvs1=17141ZS1cv_cQ=bounces-28506-2138@spmailtechno.com>) id 1cBqfI-0003cB-1W for [redacted]@malware-research.co.uk; Tue, 29 Nov 2016 22:14:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=malwarebytes.org; s=scph0416; t=1480457655; i=@malwarebytes.org; bh=YGM3YUyoTqO+6S0a/09aA7dfol+ge0f04DjqYuf5zP4=; h=To:Date:Subject:From:List-Unsubscribe:List-Id; b=hGJn5pEPGy+cxlnyPbNHQzeEhe7K3zDxv3eSXyv2Wu81lfgIVYk9IBfSEk9f+dF31 1PM/O2sw9yryYXGwBBV871HzGSUmWsuzwJA/qkT9sGPkD3maLzLiqRXby4IiejXRNa 3fdUfMYIwSbO9M0U0FI1ytXEPfaLSO0UAzSi64ug= X-MSFBL: muV9wmZW6AM6ZUknR9dxBcytyJd7t0Ol80KO8Shvcu0=|eyJpcF9wb29sIjoic2h hcmVkIiwiciI6ImRsaXBtYW5AbWFsd2FyZS1yZXNlYXJjaC5jby51ayIsImN1c3R vbWVyX2lkIjoiMjg1MDYiLCJpcF9wb29sX3JhdyI6ImdlbmVyYWxfMSIsImciOiJ iZ19nZW5lcmFsXzEiLCJmcmllbmRseV9mcm9tIjoibm8tcmVwbHlAbWFsd2FyZWJ 5dGVzLm9yZyIsInRlbXBsYXRlX3ZlcnNpb24iOiIwIiwicmNwdF90YWdzIjpbIF0 sImIiOiJpcF81Mi4yNy40NC4xOTAiLCJtZXNzYWdlX2lkIjoiMDAwNWI3ZmQzZDU 4OGQ0ZjA1OGIiLCJzdWJhY2NvdW50X2lkIjoiMjEzOCIsInRlbmFudF9pZCI6InN wYyIsInRlbXBsYXRlX2lkIjoidGVtcGxhdGVfMTAyNDkwMTUwMTQ2MTg3ODM2Iiw icmNwdF9tZXRhIjp7IH0sInNlbmRpbmdfaXAiOiI1Mi4yNy40NC4xOTAiLCJ0cmF uc21pc3Npb25faWQiOiIxMDI0OTAxNTAxNDYxODc4MzYifQ== To: [redacted]@malware-research.co.uk Message-ID: <50.B8.20365.7BDFD385@momentum5.platform1.us-west-2.aws.cl.messagesystems.com> Date: Tue, 29 Nov 2016 22:14:15 +0000 MIME-Version: 1.0 Subject: Not receiving Forum notification emails From: "Malwarebytes Forums" <no-reply@malwarebytes.org>
  6. https://www.virustotal.com/en/url/73863327e32129ce27ba3c6b72a2c194aa08a23c6cc6bb0eea2e845846ea85ae/analysis/1390938554/
  7. spam check test This post is just to find out how long it takes for the spambots to pick up and start to use a brand new email address that has never been used before and how much spam & malware can be got from it. mbam_spam@dvk01.com These tests and the malware and phishing emails obtained from this experiment will help protect lots of users because we get early copies of email based malware and phishing
  8. 2013/12/18 09:18:09 GMT DEREK-PC derek IP-BLOCK 54.230.10.190 (Type: outgoing, Port: 55550, Process: iexplore.exe) 2013/12/18 09:18:09 GMT DEREK-PC derek IP-BLOCK 54.230.10.190 (Type: outgoing, Port: 55549, Process: iexplore.exe) this is an amazon aws IP I was looking at this page when it blocked http://www.pcworld.com/article/2057222/8-1-features-microsoft-removed-from-windows-8-1.html so I assume it is an advert somewhere
  9. Files Infected: c:\documents and settings\all users\application data\network associates\BOPDATA\_date-20110214_time-110858109_enterceptexceptions.dat (Trojan.Goldun) -> Quarantined and deleted successfully. http://forums.techguy.org/virus-other-malware-removal/980776-unable-remove-trojan-goldun.html#post7813003
  10. Hi Bruce also seen this one just now http://forums.techguy.org/general-security/932326-what.html
  11. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4136 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/24/2010 3:20:27 PM mbam-log-2010-05-24 (15-20-27).txt Scan type: Quick scan Objects scanned: 153332 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE] Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE] Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. [35FF61C37574A0915CF467CFD321FF14] Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE]
  12. I will certianly ask them to
  13. Looks like a fp to me here http://forums.techguy.org/windows-7/924865...tml#post7403754 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4136 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/24/2010 2:43:16 AM mbam-log-2010-05-24 (02-43-16).txt Scan type: Quick scan Objects scanned: 152971 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken.
  14. dvk01

    morphine

    why re wew still detecting the uninstallers H:\Program Files\Waves\DIAMOND UNINSTALL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. this is extremely dangerous & does no favouirs to MBAM when a user wants to uninstall a product & they can't http://forums.techguy.org/malware-removal-...tml#post7188861
  15. dvk01

    morphine

    You cannot rely on morphine packer for detecting malware. too many legitimate files & programs are morphine packed especially in music industry http://forums.techguy.org/malware-removal-...tml#post7175721
  16. Of course there will be or should be a UAC prompt when ANY limited user attempts to run a script that will clean up protected folders IN X64 W7 all program files/program data and system32 as well as X86 versions of those folders should ALWAYS alert with a UAC prompt when any program attempts to alter anything in there That has been one of the biggest criticisms of W7 that it doesn't always alert when a program tries to do it It isn't the certificate in question here but the clean up script being set to run at start up or reboot that triggers a UAC prompt removing the start up entry by using the reg file from http://www.malwarebytes.org/forums/index.php?showtopic=29158 should stop it happening, until nest tiem mBAM is run & finds something to fix
  17. ignore please i see it was sorted out here http://www.malwarebytes.org/forums/index.php?showtopic=26896 user hadn't updated MBAM to latest definitions file
  18. http://forums.techguy.org/malware-removal-...completely.html C:\WINDOWS\ServicePackFiles\i386\lang\voicesub.dll (Spyware.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\bckg.dll (Spyware.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\ufat.dll (Spyware.Zbot) -> Quarantined and deleted successfully. D:\MiniNT\system32\ufat.dll (Spyware.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\bckg.dll uploaded to http://www.bleepingcomputer.com/mrc/index....how&e=27719 and scans clean at VT & I can't see any malicious content in it
  19. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explor er\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.http://forums.techguy.org/malware-removal-...logger-exe.html
  20. http://board.protecus.de/t36735.htm 22.04.2009 20:14:06 mbam-log-2009-04-22 (20-14-06).txt Scan-Methode: Vollst
  21. You also posted at http://forums.techguy.org/malware-removal-...tml#post6471935 where I suggested running GMER to check whether a rootkit was blocking MBAM. You didn't reply there Although GT500's explanation is the most likely reason, it would be sensible to run gmer just in case Obviously MBAM has found something but can't add it to results to fix it so we need to see what is wrong What was the original problem that you ran MBAM for in the first place or were you just checking
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.