Jump to content

Search the Community

Showing results for tags 'Microsoft'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • A Test Category
  • Immunet Information
    • Announcements
    • Support Documentation
    • FAQ
  • Immunet Community Discussions
    • Immunet General Forum
    • Ideas
    • Immunet Support (Issues/Defects)
    • False Positives
    • Malware Detections
    • Malware Removal
  • Immunet Local Communities
  • ClamAV For Windows Community
    • ClamAV For Windows General Forum


  • Knowledge Base
  • Installation
  • FAQs

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 3 results

  1. Hi all, I received a land-line phone call this afternoon from a man with a very heavy accent from India clamming he was a representative for a company (the company name was never mentioned) that offered extended technical assistance for consumers for a yearly fee that Microsoft employs. He claimed that the company was no longer solvent and was about to go out of business so they were offering refunds to participants in the program as a stipulation in the bankruptcy proceedings. Sounds all well & good, right? First of all I have no such agreement with any company nor did I pay for anything like that. Of course I knew this was a bogus call but still played along just to see what would transpire next, as if I didn't know already! He claimed that he could mail me a check (no actual amount was ever quoted) or it would be "so much easier and quicker" if I just let them deposit the sum into my bank's checking account. Asking the bank name, address and my account number which, of course, I didn't divulge. After that I sarcastically said to him, "I bet your family is real proud of you that you turned out to be a criminal" and hung up the phone so happy to have wasted his time, lol! Most people wouldn't fall for this but there are still enough innocently unsuspecting or down right greedy individuals out there to make it worth their while to make this type of scam viable unfortunately. Those are the folks they're trying to make contact with.
  2. Is Microsoft going to offer their new Operating System, Windows 10, for free? That's the scuttlebut going around the web right now. Microsoft is neither confirming nor denying these questions as of this writing however. There is proof that this upgrade very will likely take place for Windows 7 SP1, 8, 8.1 and RT8.1 users. The proof is a vague optional recommended update that Microsoft offered back in late March, that is KB3035583. https://support.microsoft.com/en-us/kb/3035583?wa=wsignin1.0&s=myce This update supposedly offers additional capabilities for Windows Update notifications when new updates are available to the user. What it actually does is add a GWX folder to the system32 directory. After installiation a user will view some new active processes. That being gwxconfigmanager.exe and gwx.exe (gwx - get windows x [Windows10, as in the Roman numeral] get it?). These processes phone home to Microsoft, usually at system bootup to see if the upgrade is ready for downloading. This will be an ad based pop-up campaign, reminding users to upgrade to Win 10. Of course you will get some clueless users who will think their computers are infected with something malicious when the pop-ups start occuring. Supposedly this upgrade will be offered free of charge for one year, even the bootleg copies of Windows will be able to upgrade. When exactly this upgrade will be pushed to users is still unknown at this time but Microsoft really wants users to upgrade there Operating Systems to this new platform. Hence the new GWX system32 folder. My question to Support is how will that affect Immunet? I doubt Immunet will be compatable with Windows 10 so the Immunet cloud may very well loose a good number of users unless some R&D makes Immunet compatable with Win 10. I can't see that happening at the moment as Immunet seems to be getting very little or no new development. My personal note: I uninstalled the update as it was playing havoc with my computer! When gwxconfigmanager.exe and gwx.exe were launched it was causing "drastically excessive" Disk I/O and RAM usage (sometimes using 100% of avaliable RAM), causing my computer to almost "crawl to a complete standstill!" A compatibility problem with one of my security programs maybe? Perhaps. Some AV products have actually flagged this update as malicious, Immunet not being one of them. If I want the Windows 10 upgrade I can always reinstall the KB3035583 update as it will surely will be offered in the next round of updates unless I hide the update itself. One would have to be careful Microsoft doesn't make the update a priority which would be automatically installed then. I have since reconfigured Windows update to notify me of new updates but not to automatically install them. That way I can check. Anyone else have any additional info, comments or questions regarding this pending upgrade to Win 10 feel free to add a thread to this posting. Regards, Ritchie...
  3. We have received reports about a wave of malicious browser extensions trying to hijack Facebook profiles. This threat was first discovered in Brazil. We detect it as Trojan:JS/Febipos.A. The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox. When installed, it attempts to update itself using the following URLs: Chrome browser: du-pont.info/updates/<removed>/BL-chromebrasil.crx Mozilla Firefox browser: du-pont.info/updates/<removed>/BL-mozillabrasil.xpi Note: Updated versions of this threat have been verified and are still detected as Trojan:JS/Febipos.A. To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do. Depending on the file, this malware can do any of the following in the Facebook profile of an infected system: Like a page Share Post Join a group Invite friends to a group Chat to friends Comment on a post At the time of writing this blog, we have also seen the following behavior. The configuration file contains a command to post the following message in Facebook: GAROTA DE 15 ANOS VÃ?TIMA DE BULLYING COMETE SUICÃ?DIO APÓS MOSTRAR OS SEIOS NO FACEBOOK Vìdeo no link abaixo:<Currently unavailable link> It is written in Portuguese and here’s an English translation: 15 YEAR-OLD VICTIM OF BULLYING COMMITS SUICIDE AFTER SHOWING HER BREASTS ON FACEBOOK. Video on the link below: <Currently unavailable link> The above URL is unavailable and already blocked by Facebook. We also found this threat tries to "like" and "comment" on a Facebook page: It also attempts to comment on a post from this Facebook page with one of the following messages, written in Portuguese: Tenha um Celta 0km pagando R$13,00 por dia!! English translation: Get a brand new Celta paying R$13 per day!! Concurso valendo um Vale-Compras de R$1000,00! English translation: R$1000-voucher contest! Note: This message may vary depending on the configuration file.As we can see on the Facebook page, there’s a link that has been shared with about 165 comments and 167 likes. There is a possibility that these people are infected with Trojan:JS/Febipos.A. This trojan may also send out the following message via chat, posts or comments: Desculpa ai galera, mas isso eh um absurdo!!! English translation: Sorry guys, but this is ridiculous!!! Sonzinho sensação do momento. Muito show!! English translation: The coolest tune at the moment. It’s really nice! Léo Max e Renan - Rebolada de Gama (Clipe Oficial) English translation: <song title> (Official Clip) Eu, não tenho carro do ano, não tenho grana sobrando, mas chego junto e...♫♫ English translation: I don’t have a new car, I don’t have spare cash, but I get really close... It may also post links on Facebook profiles. For example, the posted link from the Facebook page in the image above redirects to a website that sells cars. At the time this blog was written, there were more users “liking” and “commenting” on the Facebook page that this malware uses – so there’s a possibility that there are more people continuing to be infected. The number of “likes” for this page grew as we analyzed this malware. When we began analysis the page statistics looked like this: Facebook page likes: 2,746 Facebook shared link likes: 167 Number of comments: 165 After several hours this had risen to: Facebook page likes: 3,177 Facebook shared link likes: 201 Number of comments: 183 All of the information above is what we found at the time of our analysis. There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time. In any case, we recommend you always keep your security products updated with the latest definitions to help avoid infection. Jonathan San Jose MMPC Here is a related article from CNET: http://news.cnet.com/8301-1009_3-57584111-83/microsoft-warns-of-new-trojan-hijacking-facebook-accounts/?tag=nl.e757&s_cid=e757&ttag=e757
  • Create New...