Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. That shows that ARM is not a dedicated startup program! I bet it is launched when you start Reader or Acrobat. It phones home, so to speak, to see if any new builds are available. Try starting Reader and then check Task Manager. Click on the Processes tab to see if you find anything in "Background processes" related to ARM.
  3. Ritchie, I am pretty sure I am doing that. See pic below. "File Path" is listed on the right. Unless I am missing something. When I type in the path it said file can not be found (I think it is because it is in quarantine). Now I can restore it and the file will be there. But then I just put back a potential virus, right? Is there a better way? Or am I missunderstanding what you are saying. Regarding unchecking adobeARM.ex. I went into Task Manager. I went into startup and got this (see pic) I don't see adobeARM.exe. Any suggestions??? I guess it is not that important if we still think it is not a virus but still like to know what is going on. Is it as simple as adobe is trying to look for updates at every startup and Immnet is blocking it and adobe tries again and load more files at the next startup. But if that is the case sure like to know how to turn of adobe looking for update if that is what is happening.
  4. Under those circumstances it would be nice if Immunet had a Copy & Paste feature for quarantined files. This idea to include this feature in a future build has been suggested in the past actually. What you could do is click on the word Quarantine located below & to the right of the History tab on the UI and in the right side Details dialog box write down the exact malware definition name & file path for the file(s) in question & manually type it in. Here's how to disable AdobeARM with Win 10. Click on the Search app -> type exactly msconfig in the Search bar and click on the System Configuration app to launch msconfig.exe -> click on the Startup tab, depending on your version of Win 10 you may be directed to Task Manager to do this -> uncheck any file names that end in adobeARM.exe -> click Apply -> reboot your computer and that should disable ARM. Just don't forget to check for any new builds for Adobe Reader or Acrobat Manager from time to time & manually update yourself. That is important as new builds can sometimes contain security/exploit vulnerability fixes Cheers, Ritchie...
  5. Yesterday
  6. Thanks Scats and ritchie58. Two new files were flag today at startup the are the same type or same configurations as I mention before. Also what is the best way to get a file that is already in immunet quarantine to load in either virustotal.com or http://www.clamav.net/contact because if it is in quarantine I don't see the file in my file path folder anymore (I can restore it but then I may have release a potential virus). Also can you folks point me to an article on how to change to abode and Acrobat Manager manual update. thanks
  7. Thanks ritchie! Tankace, Thanks for the pic unload from VT. Since no other AVs have flagged it I would agree with ritchie and say it's a FP. I wish immunets FP upload was working:( Stay safe.
  8. Hi tankace, I deleted your topic in the General section of the forum. Please refrain from posting duplicate topics in different locations as it's against forum rules. No biggie though & with that said... Ordinarily I would recommend you submit those files to Immunet's False Positive URL but to my knowledge it's still not functional at this time. One option at your disposal & since it's a ClamAV detection would be to submit your findings directly to the folks at ClamAV at this URL. http://www.clamav.net/contact Scats's idea to use Virustotal to check the files & you adding the screen grabs was a good one! I would venture to guess these are False Positives. AdobeARM is used for auto-updating Adobe Reader & Acrobat Manager but if you 'manually update' to new builds yourself (which I would recommend) you really don't need to use ARM anyway. Best wishes, Ritchie....
  9. ok this is what I did, Ran full scan with Immunet (I only have immunet but I made ClamAV was on). I don't have defender because my understanding is that you have to delete Immunet to install defender to run it (not sure the exactly way to do that correctly, so will hold off on doing that for now and will wait for response from you all). Run full scan on Immunet flag 74. 72 were like the first one the 2 like the 2nd one. I restore one of the files like the 1st one and drop it into www.virustotal.com. and only ClamAV detected it out of 60 other engines (please see pic) . What do you folks think do we have a false positive??? Also some of the Adobe files were listed from months ago. I am pretty sure I ran Immunet full scan more often then that. I am pretty sure I rant Immunet full scan last week if not the week before. any help will be appreciated. The other questions is in immunet if a file is quarantine it disappears form the file-path tree so for me I can not drop the file in virustotal.com unless I restore the file. Is there a way I can drop the file in virustotal when it is in quaranitine from immunet??? ps I use firefox and I have window 10. thanks
  10. Last week
  11. Wow Zombunny!!! I am very impressed with your setup and practices!!! One thing that I think is way too over looked and that you brought up was your Smart IoT devices. With the growing amount of internet connected devices, with very little usually no security, it's a huge hole in any network. I will go out of my way to not buy smart devices till the industry brings up security with them. I have seen network hacks through smart TVs, Home cameras, even Smart fridges. Too often we look at defensive computing/networking and not how to prevent them from happening by taking an offensive approach like you. I may even have to take some notes from your approach:) Stay safe...
  12. Hi Tankace! First run a full system scan. With ClamAv on. I would also scan with Defender. What AVs do you have or is Immunet you main? Is Defender flagging anything? Those files do look suspicious, but could be false positives. Since these are copy and paste I can't dive in to the files much. Try uploading the files to Virustotal, https://www.virustotal.com. It's a drag and drop site and it's easy to get a good idea if its bad or not. After you do that we should know more if its a true threat or a false positive. What's your OS i.e Win7 or 10. Pro of home version Are you using Internet explorer? The reason I ask is the first file path with INetcache/IE looks like a toolbar has installed itself to IE. Why it seems to install when your start your system is most likely is set to startup automatically when you turn on your computer. You can disable this in a few ways, but the easiest is go to task manager ->startup tab -> find the program and select it and at the bottom right hit disable. With that said if it's malware it may hide itself for being seen. Sorry if this seems like a quick response It's a very busy day for me, but I will help where I can:) Let me know what virusTotal says so I can help with what needs to be done next.
  13. Hello folks, Forgive me in advance don't know that much about computers. For the pass 3 days at startup Immunet has flag and quarantined these two files as malware. One with the same exact file name the other is a variation of the same file name. But they seem to be going into the same respective folders paths 1. File Name=AdobeARM_1824406920[1].msi File Path=C:\users\Username\AppData\Local\Microsoft\Windows\INetCache\IE\7JNV5UH\AdobeARM_1824406920[1].msi (note: this is typed in vs cut and past) 2. File Name=BIT6270.tmp or variation BITXXXX.tmp File Path=C:\users\Username\AppData\Local\Adobe\ARM\S\BIT6270.tmp So the questions are these real virus (malware)???? Or is it a false positive???? If they are it seem like someone or something is trying to install it at start up everyday how do I stop it? If they are not It seem then Adobe trying to install something what is it that they are trying to install and why? Thanks.
  14. TL;DR Layered approaches are good, your behaviour is key, spyware/tracking/adware are also malware, if telemetry/personal data aren't collected, they can't be leaked/exploited, if unsolicited connections aren't made, you know your exposure and can trust your devices, you need to be able to trust the developers. The long version: I suppose how far you're willing to go depends on your threat-model. My defences are overkill for my minimal (ordinary guy) threat-model. The more defences you have, the more inconvenience you will experience, and the more your computers will get bogged-down. Also, more defences increases the likelihood of false positive detections, accidentally corrupting/deleting/losing-access to your data, etc. That said, layered defence is definitely the way to go. I'd also remark that security overlaps somewhat with privacy. Once you neutralise a threat to one, it often reduces a threat to the other. Additionally, security isn't just what packages you install. It's a whole philosophy and workflow. It's a method you have to constantly adhere to, not just something you can install and forget, or just do once. I am primarily a GNU/Linux user, but I do occasionally boot Windows 10. My main most obvious defence methods are the following: Platform-independent Pi-hole DNS-based blocking with a handful of well-known spyware/tracker, adware and malware-blocking lists. (Personally, I believe all of those are just "malware", but apparently some people distinguish between them). If scummy hosts can't connect in the first place, they can't infect you. Firewall/router disallows any outgoing connection not originating from the Pi-Hole, with a destination of port 53, to mitigate against creepy devices that try to use their own hardcoded DNS (e.g. other people's portable devices, possibly my TV even though I only use it as a "dumb" TV). (If it's not making an unsolicited connection and not contacting undesirable hosts, it's harder to exploit. Believe it or not, even smart light bulbs can be hacked to operate in botnets). All my passwords (except perhaps 1 or 2) are very long, randomly-generated strings of alphanumerics and symbols. I store them in a free and open-source password-manager (Keepass is a good option). If they're hard to brute-force, hard to guess, unique, and stored safely, it's harder for malware and crackers to get at them. I don't use "the cloud" for anything - although I do have a little bit of Nextcloud storage I occasionally use like a USB stick. It's encrypted with Cryptomator. I log out of everything the instant it no longer has my attention - i.e. I check my emails, then I sign out. I check my secondary emails, then I sign out. This should work for Facebook, Google Drive, virtually anything you use. If you're not signed-in, malware can't exploit your login as easily. You also can't be tracked as easily, and if you're not being tracked, that information can't be leaked and then exploited for phishing etc. Every time I sign out of something, I clear all browsing history, cookies, cache, the lot. I don't save anything in the browser - no addresses, payment-methods, passwords, nothing. The browser is a prime target for crackers looking to attack desktop users. If it isn't stored in my browser, it's harder for any malware that slips through to get it. Make sure as much of your software as possible is free/libre, or at least open-source - or that the developer is well-known, trustworthy, honest, and has a clear, plausible business model. If source-code is available, someone can vet it for malware; if the software is proprietary but has a good, transparent developer with a believable revenue-stream, the developer has little incentive to insert malware into their code. I don't install an app on any portable device, if the web site provides the required functionality, even if less convenient. Browser I use Mozilla Firefox, GNU Icecat, or Pale Moon with a variety of about:config tweaks, detailed at spyware.neocities.org, restoreprivacy.com and privacytools.io. I also use Vivaldi on occasion, but never, ever Chrome under any circumstances. Useful extensions include Ublock origin, Cookie Autodelete, Decentraleyes, Privacy Badger, HTTPS Everywhere, CSS Exfil Protection, Privacy Oriented Origin Policy, and either Trace (Vivaldi) or ClearURLs (Mozilla-based) to cover the remaining tracking-methods not already covered by about:config tweaks or other extensions. If you don't mind taking ages to fix broken web sites the first time you visit them, then NoScript would boost your security immensely, but it's not for the faint-hearted or beginners. I shutdown any PC or tab whenever I'm not using it. I'm very wary of browser extensions, especially if they're not released under a free/open-source licence, and the developer doesn't have a good reputation/online-presence. I periodically make sure none of my extensions haven't been sold to new developers (like what happened to Nano). Ad and tracking networks have distributed malware several times in the past. If a site asks you to disable your content blocker, tell the webmaster to go to hell and then navigate to a better site. Don't use an adblocker that participates in any sort of "approved ads" programme (or at least disable the whitelisting of such ads). If data about you isn't collected, and a piece of code isn't allowed to run in your browser, that's one less way for your name and credit-card details to be leaked, and one less way for malware to infect you. Linux-specific Don't run any proprietary packages, for instance Skype or Zoom - use the web versions (where available) instead. Only use the distro's official repository - not even semi-official user-contributed repos. AppArmor enabled. Always sandbox anything internet-connected (e.g. browser, mail client, instant-messenger) with Firejail. I use additional databases for ClamAV - the SecuriteInfo ones, and a subset of the ones provided by Sane Security. I used to also use the rfxn databases, but they caused a lot of false positives when used in conjunction with the other databases. I have ClamAV on-access scanning on my /home /media /mnt and /tmp directories for fast machines. For slow machines I just run a full ClamAV scan of my home folder every time I finish using the internet. Windows-specific I install all my software from Chocolatey because it's a bit like a Linux package-manager, so everything stays up to date. Additionally, the packages are all subjected to at least a small degree of checking/verification. O&O Shutup10 to disable as many of the Windows spyware functions as possible. If unsolicited connections don't happen, they can't be exploited. Additionally, if someone isn't able to collect your data, they can't lose it when they eventually make an error or get hacked. For AV/antimalware, I use F-Secure AV + Malwarebytes Premium (i.e. their paid version) + Immunet with ClamAV enabled. To get them to play nicely, I have gone into the "exclusions" settings for each, and excluded the program-files and program-data folders for the other two. Believe it or not, using all 3 real-time solutions doesn't bog-down anything but the slowest of old machines. Windows itself is so bloated and heavy that anything you install on top of it is negligable in comparison. (If you don't believe it, try to install W10 on an atom-powered netbook and watch how long it takes to do things like display the start menu). For behaviour-blocker, Voodoosoft Voodooshield or NoVirusThanks OSArmor are absolutely fantastic. Truth be told, they can almost function as the sole protection in their own right, and they consume negligable resources. I prefer OSArmor as it is less "noisy" with alerts, and has less false-positives. I also think its interface is neater and cleaner. That said, Voodooshield is more well-known, older/more-established, and still offers a free version. I have been using computers for over 30 years, and been an internet user for around 25 of them. I've never detected an infection or experienced symptoms indicative of an infection, on any computer in my household or workplace. This isn't a boast, issuance of a challenge to potential crackers, or an invitation for fate to give me a kick in the pants, it's just an indication that a moderate degree of effort and inconvenience that doesn't significantly-interrupt daily life or use of most sites/services, seems to have worked over time. Obviously my approach and software-choices have evolved over time, but the above should at least give you a hint of the type of philosophy/approach I've always taken. Sorry for the massive essay, but hopefully something in it will be useful to you.
  15. Hey RockMaster! I experimented with your approach to update Clam and I had close to the same, only Clam failed on the first attempt. I suspect that Immunets servers don't recognize the new version and possibly stops the service or its incompatible. I usually never turn Clam on unless I am testing as my main AV and it will conflict. With that said I would keep it off if you can due to the older version or till a fix is out. I will keep experimenting to see if I can find out why it stops ClamAV.exe Let me know if it starts to work again too.
  16. Hey Scats, I'd have to say you've got an awesome layered security set-up too! That's something I forgot to mention, my modem/router also has a built in hardware based Firewall as well as using the Windows software based Firewall. That's the reason I chose Panda Dome Advanced is that it has a built-in Virtual Private Network service that I use for on-line banking, shopping or sending sensitive data of any kind. You're also right there, it is very important to keep your OS updated with the latest Microsoft security patches, fixes & improvements. Another thing that can help keep you safe while on-line is to avoid, if possible, questionable web sites that don't use the https:/ URL encryption protocols or use risky browsing behavior such as accessing the dark web, illegal key-gen sites or peer to peer download hubs. "Some 'good ol' common sense' can go 'a long way' at avoiding a malware infection!" Cheers, Ritchie...
  17. Hey guys, Like ritchie I like having a layered approach. Win10 64bit professional OS and Ubuntu on a bootable USB for testing. AV is microsoft defender ( group policy edited for a stop on first sight approach with MAPS enabled) since it plays nice with immunet, immunet with clam off. Browser is a mix of chrome and edge set up with strict security settings. with malwarebytes extension for both and HTTPS everywhere extension. I also find having a good network setup is also important. I use Nextdns for it's network level protection with a hardware firewall. Having a good VPN is also a good idea. Overall the best approach is to play defensive computing/networking with a no trust policy and keeping thing up to date.
  18. I do like to use a layered approach & not rely on just one app to keep my computer secure! Here's what I'm currently using for my Windows 10 Pro (Business Edition) x64 Operating System. Antivirus/Antimalware protection: Panda Dome Advanced, Immunet (ClamAV disabled) Zero Day Vulnerability protection: Malwarebytes Anti-Exploit Premium Browser protection: No-Script extension (run only the scripts you want), Browser Protect extension (this protects your browser settings from being changed by outside sources)
  19. I would like to know if there are additional programs of defense software out there you guys use?
  20. It seems this does not work anymore. Somehow it worked to begin with but I noticed that ClamAV.exe would not run (with enabled in Immune setting). I've tried other methods of trying to use the current ClamAV engine and importing the deflection files manually but it doesn't work. Is there any news on when or if ClamAV will be fixed in Immunet?
  21. Earlier
  22. I very much appreciate the effort you've put in here. Unfortunately taking any/all of these steps is a lot of effort, when I can just turn off the Immunet Service to "solve" the problem... I'll try to post again if I try any of these steps. For now I'm just going to play the game in peace and quiet.
  23. Since you've posted two encounters with a quarantine response I still would highly recommend that you perform a "Full Scan" of your entire OS just to weigh on the side of caution. Also, with the Edge browser you can store log-in/password information to auto fill in that info next time you visit that site. If you were using that feature you might want to consider changing your log-in info for any sites you accessed & logged into with Edge. Best wishes, Ritchie...
  24. I wasn't using Yahoo at the time; at least not on purpose. I think I was watching a youtube video. That warning just popped up. I just downloaded the latest version of Immunet and ran the custom scan on user directories, and it pops up again. Then I noticed it was in my husband's AppData, not mine. I was able to locate the file and delete it. So it seems that since I'm logged in and running Immunet, it doesn't have permissions to kill another user's files.
  25. I don't know if I was using Edge. I do occasionally open it for testing. I just downloaded the latest version of Immunet. Will that fix the problem?
  26. Your absolutely right David, many of the FAQ topics are outdated. Some 'several' years old as you mentioned. I too would like to see these topics updated to the most current information available about Immunet. I try my best to fill in as needed but there has been no input from any administrative personal updating the site, responding to users questions, fixing the current forum site server errors and fixing the FP reporting URL which isn't functional for many months now. That's what I find (sometimes extremely) frustrating & most troubling! Cheers, Ritchie...
  27. when will Immunet add windows 10 FAQS to the support info, including new supported antivirus companion info? The FAQS only mention Win 7 and XP which have been outdated for years now!
  28. No, the process that handles malware definition updates for the ClamAV module is freshclam.exe.
  1. Load more activity
×
×
  • Create New...