| Author |
Topic: Ransomeware attack |
Howard Parker
From:
Maryland
|
Posted 4 Nov 2019 7:02 am |
|
Running Win10. Windows Defender. Latest patches all current.
W.D. has been catching these attacks(?) and will shut down any current browser (Firefox 70.0.1 current) session. While annoying W.D. says successfully quarantined.
I've run an offline W.D. full scan as well as multiple (free) Malwarebyte scans.
All negative.
Anything else I should be concerned with?
Thanks in advance.
hp
entries found.
Behavior:Win32/Wadhrama.B!rsm
Updated on Aug 30, 2017
Alert level: severe
Ransom:Win32/Wadhrama
Updated on Jan 10, 2018
_________________
Howard Parker
03\' Carter D-10
70\'s Dekley D-10
52\' Fender Custom
Many guitars by Paul Beard
Listowner Resoguit-L |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 4 Nov 2019 8:35 am
|
|
Sounds like a false positive. I run Malwarebytes and Windows Defender and haven't had any problems from either. No dangerous files are executed and hostile web pages won't even load unless I override the warning page explicitly allow them to.
To be sure, could you PM or email me links to pages that you are on when these WD warnings happen? It may need to be reported.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Howard Parker
From:
Maryland
|
Posted 4 Nov 2019 8:45 am
|
|
Wiz,
Thanks for the response. I might have multiple tabs open but, it's my impression that that I'm viewing Facebook most of the time. Facebook content, not any 3rd party links.
Howard
_________________
Howard Parker
03\' Carter D-10
70\'s Dekley D-10
52\' Fender Custom
Many guitars by Paul Beard
Listowner Resoguit-L |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 5 Nov 2019 8:06 am
|
|
I see you are running Malwarebytes in free mode. That doesn't protect your browser from exploit code. Users who subscribe to Malwarebytes are protected in real time from browser based attacks (like ransomware).
If you prefer to not use paid for realtime protection, the NoScript Add-On for Firefox will block JavaScript redirects from poisoned iframe ads and from hostile links. But, there is a learning curve to live with it. It blocks scripting by default. You have to whitelist domains you want to run JavaScript on (like Facebook), or they may not function. So, if there is a link to a clickbait article on Facebook (the kind people like to blindly share) and the landing page is not on Facebook itself, NoScript will block JavaScript from running on that article page. Thus, if that page contains a JavaScript redirect inside an iframe to a malware download site, it wont execute. Best of all, NoScript is free, or donationware.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Howard Parker
From:
Maryland
|
Posted 5 Nov 2019 10:33 am
|
|
Makes perfect sense. Thanks Wiz!
hp |
|
|
|
Howard Parker
From:
Maryland
|
Posted 6 Nov 2019 12:44 pm Ransomeware Update
|
|
For the few that might have an interest...
The alerts ceased after the Nov 5 definition update.
So, I'm considering the matter closed.
Wiz, thanks for sharing your thoughts and knowledge.
hp |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
Howard Parker
From:
Maryland
|
Posted 6 Nov 2019 4:19 pm
|
|
Good idea.
I'll let WD do another offline scan. Might as well follow up with another MB scan.
Thanks
h |
|
|
|
Regan Branch
From:
Alabama, USA
|
Posted 11 Dec 2019 11:09 am
|
|
The most trusted anti malware program in the world is Malwarebytes. You need to get McAffee off your system if that's the case and sign up for Malwarebytes. Easy peazy will do all the work for you. All other anti malware softwares that I know of contain malware themselves.
_________________
So if you see my milk cow, won't you drive her on home? |
|
|
|
Regan Branch
From:
Alabama, USA
|
Posted 15 Dec 2019 10:26 am
|
|
Refer to my recent response in the thread I authored entitled, "I’m new here and I’m an IT guy" in the Computer forum.
_________________
So if you see my milk cow, won't you drive her on home? |
|
|
|
