| Visit Our Catalog at SteelGuitarShopper.com |

Post new topic Ransomeware attack
Reply to topic
Author Topic:  Ransomeware attack
Howard Parker


From:
Clarksburg,MD USA
Post  Posted 4 Nov 2019 7:02 am    
Reply with quote

Running Win10. Windows Defender. Latest patches all current.

W.D. has been catching these attacks(?) and will shut down any current browser (Firefox 70.0.1 current) session. While annoying W.D. says successfully quarantined.

I've run an offline W.D. full scan as well as multiple (free) Malwarebyte scans.

All negative.

Anything else I should be concerned with?

Thanks in advance.

hp




entries found.
Behavior:Win32/Wadhrama.B!rsm
Updated on Aug 30, 2017
Alert level: severe
Ransom:Win32/Wadhrama
Updated on Jan 10, 2018
_________________
Howard Parker

03' Carter D-10
70's Dekley D-10
52' Fender Custom
Many guitars by Paul Beard
Listowner Resoguit-L
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 4 Nov 2019 8:35 am    
Reply with quote

Sounds like a false positive. I run Malwarebytes and Windows Defender and haven't had any problems from either. No dangerous files are executed and hostile web pages won't even load unless I override the warning page explicitly allow them to.

To be sure, could you PM or email me links to pages that you are on when these WD warnings happen? It may need to be reported.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Howard Parker


From:
Clarksburg,MD USA
Post  Posted 4 Nov 2019 8:45 am    
Reply with quote

Wiz,

Thanks for the response. I might have multiple tabs open but, it's my impression that that I'm viewing Facebook most of the time. Facebook content, not any 3rd party links.

Howard
_________________
Howard Parker

03' Carter D-10
70's Dekley D-10
52' Fender Custom
Many guitars by Paul Beard
Listowner Resoguit-L
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 5 Nov 2019 8:06 am    
Reply with quote

I see you are running Malwarebytes in free mode. That doesn't protect your browser from exploit code. Users who subscribe to Malwarebytes are protected in real time from browser based attacks (like ransomware).

If you prefer to not use paid for realtime protection, the NoScript Add-On for Firefox will block JavaScript redirects from poisoned iframe ads and from hostile links. But, there is a learning curve to live with it. It blocks scripting by default. You have to whitelist domains you want to run JavaScript on (like Facebook), or they may not function. So, if there is a link to a clickbait article on Facebook (the kind people like to blindly share) and the landing page is not on Facebook itself, NoScript will block JavaScript from running on that article page. Thus, if that page contains a JavaScript redirect inside an iframe to a malware download site, it wont execute. Best of all, NoScript is free, or donationware.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Howard Parker


From:
Clarksburg,MD USA
Post  Posted 5 Nov 2019 10:33 am    
Reply with quote

Makes perfect sense. Thanks Wiz!

hp
View user's profile Send private message Send e-mail Visit poster's website
Howard Parker


From:
Clarksburg,MD USA
Post  Posted 6 Nov 2019 12:44 pm     Ransomeware Update
Reply with quote

For the few that might have an interest...

The alerts ceased after the Nov 5 definition update.

So, I'm considering the matter closed.

Wiz, thanks for sharing your thoughts and knowledge.

hp
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 6 Nov 2019 4:14 pm    
Reply with quote

You may need to remove the quarantines item or at least scan it again.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Howard Parker


From:
Clarksburg,MD USA
Post  Posted 6 Nov 2019 4:19 pm    
Reply with quote

Good idea.

I'll let WD do another offline scan. Might as well follow up with another MB scan.

Thanks

h
View user's profile Send private message Send e-mail Visit poster's website

All times are GMT - 8 Hours
Jump to:  
Please review our Forum Rules and Policies
Our Online Catalog
Strings, CDs, instruction, and steel guitar accessories
www.SteelGuitarShopper.com

The Steel Guitar Forum
148 S. Cloverdale Blvd.
Cloverdale, CA 95425 USA

Click Here to Send a Donation


BIAB Styles
Ray Price Shuffles for Band-in-a-Box
by Jim Baron