Sunday, April 05, 2020

Archive: March 2016

Malwarebytes Anti-Ransomware quarantined necessary files in WAMP server

24 March 2016
Grimey
No comments
Categories: Joomla, WAMP

I upgraded a localhost version of a Joomla 3.4.8 website to version 3.5. When I did Malwarebytes Anti-Ransomware quarantined some Apache files and a registration key.

malwarebytes_ransomware_WAMP

When I tried to view the sites front end looked like this.

malwarebytes_ransomware_WAMP_broke

This all happened after the 3.5 upgrade and then I tried to update Akeeba. Mid way through I was warned by Malwarebytes Ransomware about the files. My other sites were still working fine.

 

 

Firefox show window / element width – Firebug and the Layout tab

22 March 2016
Grimey
No comments
Categories: Uncategorized

In Chrome’s developer tools is was easy to see the width of a browser window. With developer tools open, grab to lower right corner and shrink the window. In the upper-right the size of the window shows up. That makes working with Media Queries so much easier.

I use Firefox so often and wanted the same feature. I found what I needed in firebug and this article helped me.

http://getfirebug.com/layout

In the layout table as you inspect an element it’s size will show in the Layout tab.

I hope this helps someone else out there…

 

False Positive – Vipre threat ID 5230363

22 March 2016
Grimey
No comments
Categories: Security, Tech Support

We have a fair amount of clients running Vipre anti-virus and we received a bunch of warnings this morning that over 6 of our clients were infected with a “Trojan Downloader”. Vipre found it and quarantined it, but we wanted to make sure.

It shows up as “Trojan-Downloader.JS.Nemucod.dc (v)”. We contacted Vipre and they confirmed it was a false positive. They said a new definition will be out later today (3.22.2016).

vipre_threat_5230363

Microsoft says their software can handle this attack. Here is their write-up on this issue.

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=TrojanDownloader:JS/Nemucod.J

I hope this helps someone else out there….

 

Locky Virus – Blew Past Vipre – Malwarebytes Ransomware Detected it.

17 March 2016
Grimey
No comments
Categories: Security, Tech Support

One of our clients got hit with the locky tojan virus. It came in an email with a .zip file attached. A couple of employees opened the zip and within an hour their systems were unresponsive. Below is what the email looked like.

locky_virus_screenshotsuspicious_email_2

^ – This was a .zip                                                      ^- This was a .rtf

There is Vipre premium antivirus on all the machines, but it didn’t detect anything. We submitted the .zip file to Vipre to improve their definitions. Vipre’s Website to submit virus’s

http://www.vipreantivirus.com/support/submissions/missed-threat.aspx

The virus encrypted the files and left a ransom text file with instructions on who to pay to unlock the files. The following page has good info on what to look for.

http://howtoremove.guide/locky-virus-file-encryption-removal/

We found Malwarebytes Ransomware was able to detect it, but not stop it. Here are some things we learned.

  1. When a user opened the .zip file and the virus started, any file or directory that user had permission to got it’s contents encrypted.
  2. They had an intranet and the root directory’s permissions were set to “Everyone” so the applications worked, and that root directory got all of its contents infected/encryped.
  3. One Drive for Business – The files infected the shared local folder, jumped to the cloud storage and encrypted those file. Plus went to the person’s home machine that also synced with that one drive and infected their home machine.
  4. Malwarebytes Ransomware detected but did not stop it.

What saved them was a few things

  1. In Active Directory put user’s into groups and give those groups permissions to the directory.
  2. Back ups that ran twice a day. When the virus hit a 12:05pm we were able to recover the files from 7:00am.

I hope this helps someone else out there…