Dangermouse
Members-
Posts
31 -
Joined
-
Last visited
About Dangermouse
-
Rank
Newbie
Profile Information
-
Location
Australia
Recent Profile Visitors
1,114 profile views
-
Potentially unwanted content found- forexapps
Dangermouse replied to tmuster2k's topic in Malware Finding and Cleaning
That URL is blocked because it automatically redirects to sites that download malware - such as the Fastsearch addon - not because it necessarily contains malware itself. Given that you have unusual tabs in Chrome, I'd suggest that you run scans with Malwarebytes Anti-Malware free edition, and AdwCleaner. Also look in Control Panel - Add/Remove Programs to see if there are any entries you don't recognise, are recently installed, or have names that would indicate malware. If so, remove them. -
Keep an eye on this thread https://www.bleepingcomputer.com/forums/t/632389/dharma-ransomware-filenameemaildharmawalletzzzzz-support-help-topic/ It's the first place that is likely to have news if/when a decryptor becomes available.
-
Can you help me? .wallet ransomware
Dangermouse replied to kaylor's topic in Malware Finding and Cleaning
Keep an eye on this thread https://www.bleepingcomputer.com/forums/t/632389/dharma-ransomware-filenameemaildharmawalletzzzzz-support-help-topic/ It's the first place that is likely to have news if/when a decryptor becomes available. -
Those entries are the preferred DNS adresses for Vodafone Ireland - if that's the customer's ISP and/or equipment, it shouldn't be a problem. Which operating system is being used ? Windows 10 defaults to uploading Windows Updates via P2P to other users, and if that's the case, it will chew up bandwidth and CPU and should be disabled. Try a scan with Malwarebytes anti-malware free edition just to be sure.
-
Photo.SCR infection not successfully removed?
Dangermouse replied to Luv2Lafmcc's topic in Malware Finding and Cleaning
As a preventative measure, you should stop downloading torrents with unauthorised versions of copyrighted content - this is a well-known way to get your computer infected. It's also important to realise that the NAS isn't just another network drive, it's a computer in its own right, albeit with an OS that is probably a variant of linux. Although you are seeing the Photo.scr infection on the NAS folders, if you refer to the information for the infection, hxxp://www.virusradar.com/en/Win32_Crytes.AA/description you will see that the infection also includes infecting the registry of your computer. Therefore, you need to clean your computer and NAS at the same time; it's probably better to do the computer first, with the NAS and any other network or USB devices disconnected. Make sure that your copy of ESET is up-to-date with the latest definitions, and that all of the scanning/cleaning options in ESET are configured to scan all types of files, and use Strict Cleaning. Do a full scan of the computer with ESET and allow it to remove any infections it finds - it might need to reboot afterward. Then run a malware scan with another piece of software, just for a second opinion - I'd recommend Malwarebtes anti-malware free edition - as it might find traces that ESET doesn't; no single piece of security software can catch all threats. Once you are sure that your machine is clean, go into System Restore, switch it off and reboot Windows - this will remove all previous restore points and prevent you inadvertently restoring to an infected state. Once the machine has rebooted, switch System Restore back on, create a new restore point and reboot the system again - you now have a clean machine with a clean restore point. Next, ESET scan any other devices that get attached to the computer via LAN or usb, e.g. thumbdrives, external drives, smartphones, etc., to make sure that you have nothing that is acting as an infected carrier for malware. Once you have clean devices, you're then ready to scan and clean the NAS. If you don't use FTP for anything, then disable it in your NAS, your computer, your firewall and your router. Spreading Win32/Crytes.AA is a worm that repeatedly tries to connect to various IP addresses. The FTP protocol is used. -
Thanks for the wall of text. Do I infer from it that the descriptions in the signature files don't necessarily detail all of the variants, even though the example I gave is listed as a specific variant ? i.e., some of the 'variants' listed in the signature file descriptions are generic umbrella terms for minor variations ?
-
OK, here is an example hxxp://www.virusradar.com/en/update/info/14565 contains a signature for Win32/Autoit.IV but clicking on the link from the list of update 14565 shows Category worm Detection created May 16, 2013 Signature database version 9534 Win32/Autoit.IV [Threat Name] Detection created 2013-05-16 World activity peak 2016-03-05 (0.07 %) Clicking on the link for update 9534 shows the same threat, and the same variant In fact, this threat is also listed in another recent signature file hxxp://www.virusradar.com/en/update/info/14559
-
I've just noticed this in my firewall log 3/12/2016 9:36:38 PM; An attempt to connect to the Server Service was detected; Source 192.168.1.6:11909; Destination 192.168.1.6:445;TCP; ;System; Obviously this is something internal to my network rather than an external attack, but what is it trying to tell me ? Using ESS version 9
-
You're not the only one who takes issue with the design 'feature' of windows that cannot be resized to a useful, practical size. However, that kind of nonsense was introduced in ESS9 and ESET took no notice of objections to it then, so there's no reason to assume that they'll value the same kind of feedback for the current software.