Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»The DU Lounge»ALERT RANSOMWARE ATTACK
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

The DU Lounge

Related: Culture Forums, Support Forums
23 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
ALERT RANSOMWARE ATTACK (Original Post) Grasswire2 Aug 2018 OP
Send a message to EarlG. He should be made aware of it. madaboutharry Aug 2018 #1
does it mention encrypting your files or has it? 5X Aug 2018 #2
My son advised me to try to delete the file... Grasswire2 Aug 2018 #7
the antimalware service is legit, windows service. 5X Aug 2018 #21
Agree w 5X, try a reboot. . . . nt Bernardo de La Paz Aug 2018 #22
did you mean the 'Wrong Way Trump' one? htuttle Aug 2018 #3
typing from another computer Grasswire2 Aug 2018 #5
In GD was post saying same toon caused malware alert Panich52 Aug 2018 #4
that was the same poster as the OP... I clicked on the post and had no problems... hlthe2b Aug 2018 #6
Context missing. Which OP? Not visible on Latest Threads page. No link? Come on. Bernardo de La Paz Aug 2018 #8
Coincidence. A program usually takes a few seconds to many seconds to load and start running. Bernardo de La Paz Aug 2018 #9
This page? By Gothmog? Bernardo de La Paz Aug 2018 #10
yeah, that was what I just clicked. Grasswire2 Aug 2018 #11
OK, fair enough. It is difficult what you had to deal with. Sorry. . . . nt Bernardo de La Paz Aug 2018 #13
one of the pages it sent me to was "orgeles-hantests" dot com... Grasswire2 Aug 2018 #14
Thanks. Yes, googling seems to indicate fake malware. Bernardo de La Paz Aug 2018 #16
no, the phone was 866-685-9485 Grasswire2 Aug 2018 #18
antimalware service executable is Windows Defender, but could be mask for malware Bernardo de La Paz Aug 2018 #20
Just use one of your two backup copies of your system. I just did today. Bernardo de La Paz Aug 2018 #12
oh my god... Grasswire2 Aug 2018 #15
another url in the history is dynamic2pixel, which is some kind of redirect. Grasswire2 Aug 2018 #17
dynamic2pixel is said to be an adware popup kind of malware (so say google hits) Bernardo de La Paz Aug 2018 #19
Malwarebytes Revanchist Aug 2018 #23

5X

(3,972 posts)
2. does it mention encrypting your files or has it?
Reply to Grasswire2 (Original post)
Wed Aug 22, 2018, 08:55 PM
Aug 2018

If you have web page open that won't close, try ctrl+alt+del sign out if in windows 10, reboot.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Grasswire2

(13,569 posts)
7. My son advised me to try to delete the file...
Reply to 5X (Reply #2)
Wed Aug 22, 2018, 09:01 PM
Aug 2018

....which shows up on task manager as antimalware service executable.

It won't delete.

I'm a little afraid to just reboot.

The phone number (which I stupidly called thinking it was windows) has called me back multiple times.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

5X

(3,972 posts)
21. the antimalware service is legit, windows service.
Reply to Grasswire2 (Reply #7)
Wed Aug 22, 2018, 09:52 PM
Aug 2018

it won't hurt to reboot and you will have to at some point.
if this looked like a web page claiming to be from microsoft,
you should be ok after a reboot and cleanup.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

htuttle

(23,738 posts)
3. did you mean the 'Wrong Way Trump' one?
Reply to Grasswire2 (Original post)
Wed Aug 22, 2018, 08:55 PM
Aug 2018

Didn't notice any trouble on that. Maybe an ad it brought up?

Are you typing this from another computer, or a phone?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

hlthe2b

(102,236 posts)
6. that was the same poster as the OP... I clicked on the post and had no problems...
Reply to Panich52 (Reply #4)
Wed Aug 22, 2018, 09:00 PM
Aug 2018

I too have to wonder if the OP didn't click on some ad (I don't see ads) or had another tab open that may have been the source....

Best of luck to the OP.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Bernardo de La Paz

(49,001 posts)
8. Context missing. Which OP? Not visible on Latest Threads page. No link? Come on.
Reply to Grasswire2 (Original post)
Wed Aug 22, 2018, 09:07 PM
Aug 2018

I very much doubt the DU page or the cartoon had anything to do with whatever you are experiencing.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Bernardo de La Paz

(49,001 posts)
9. Coincidence. A program usually takes a few seconds to many seconds to load and start running.
Reply to Grasswire2 (Original post)
Wed Aug 22, 2018, 09:09 PM
Aug 2018

You undoubtedly got it somewhere else and the time was coincidental.

But give us the main fact! Give us the link! I want to inspect. I can see what my computer is doing.



TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Bernardo de La Paz

(49,001 posts)
10. This page? By Gothmog?
Reply to Grasswire2 (Original post)
Wed Aug 22, 2018, 09:24 PM
Aug 2018
https://upload.democraticunderground.com/100211035359

With the broken image that you have to "View Image" to see properly? It's a Twitter image (pbs.twimg.com).

I can't detect anything wrong with it.

Must have been something you clicked prior to it.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Grasswire2

(13,569 posts)
11. yeah, that was what I just clicked.
Reply to Bernardo de La Paz (Reply #10)
Wed Aug 22, 2018, 09:30 PM
Aug 2018

Come on.....be more patient! I was scrambling between a locked computer, an ancient computer, and looking for help with phone contact.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Bernardo de La Paz

(49,001 posts)
16. Thanks. Yes, googling seems to indicate fake malware.
Reply to Grasswire2 (Reply #14)
Wed Aug 22, 2018, 09:38 PM
Aug 2018

CyberCrime & Doing Time: Fake Malware Pop-up Example
garwarner.blogspot.com/2018/06/fake-malware-pop-up-example.html

Jun 15, 2018 - That PHP code sent me to "orgeles-hantests.com" (52.72.0.63) which immediately did a meta refresh to another page on orgeles-hantests.com ...


Blog post: http://garwarner.blogspot.com/2018/06/fake-malware-pop-up-example.html

Did it give 855-786-3666? (Coincidentally note last 3 digits!)

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Grasswire2

(13,569 posts)
18. no, the phone was 866-685-9485
Reply to Bernardo de La Paz (Reply #16)
Wed Aug 22, 2018, 09:43 PM
Aug 2018

I stupidly called thinking it was windows help.

He tried very hard to keep me on the line, tried to give me some directions, and then called back multiple times after I hung up.

Incidentally, the file "antimalware service.executable can't be deleted.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Bernardo de La Paz

(49,001 posts)
20. antimalware service executable is Windows Defender, but could be mask for malware
Reply to Grasswire2 (Reply #18)
Wed Aug 22, 2018, 09:50 PM
Aug 2018

I'm not surprised you can't delete it, it is often a loaded service so it is "in use" . I have it running here.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Bernardo de La Paz

(49,001 posts)
12. Just use one of your two backup copies of your system. I just did today.
Reply to Grasswire2 (Original post)
Wed Aug 22, 2018, 09:31 PM
Aug 2018

The rule: every file kept as three copies, one on each of three drives, with one drive kept offsite and rotated with the other backup drive periodically. Cloud storage counts as off-site but can be problematic restoring.

I keep my second copy in my safe deposit box and swap about once every six weeks. Guards against theft and fire. Francis Ford Coppola was backing up his computer every day at his winery in Chile and thieves stole the computer and the backup. He lost some scripts he had been working on 11 years.

I just had a failure three days ago of my big main data drive: music, email, software development, pictures, notes, saved political cartoons, over a TeraByte of data. Two days ago I ordered a drive delivered express. It arrived yesterday. Today I simply copied from my backup 3 TB drive all the data and this evening I'm fully operational with my full complement of data.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Grasswire2

(13,569 posts)
15. oh my god...
Reply to Bernardo de La Paz (Reply #12)
Wed Aug 22, 2018, 09:37 PM
Aug 2018

that would be horrid.

This laptop is just a few months old. I don't have anything precious on it yet. Most stuff is still on my ancient computer or on thumb drives or memory cards.

I just don't want to be locked out. Hahahah.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Grasswire2

(13,569 posts)
17. another url in the history is dynamic2pixel, which is some kind of redirect.
Reply to Grasswire2 (Original post)
Wed Aug 22, 2018, 09:39 PM
Aug 2018

and server3.flowerpuffgirls....

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Bernardo de La Paz

(49,001 posts)
19. dynamic2pixel is said to be an adware popup kind of malware (so say google hits)
Reply to Grasswire2 (Reply #17)
Wed Aug 22, 2018, 09:47 PM
Aug 2018


I didn't see anything on flowerpuffgirls that wasn't innocuous when googling.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»The DU Lounge»ALERT RANSOMWARE ATTACK
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.