Spam Message Upon Login

[BabyJune]

Just a heads-up that twice while loggng in I've gotten a spam message that my computer has been "corrupted" and to call a toll-free number to have it fixed. I immediately shut the computer down because the message locked up the whole computer. These people need to be shot for pulling such stunts! Anyone else got this message and what can be done about it?

[KindaOlde]

Not on this site. I've had that happen on other sites tough.

[vvp39]

Nope. Virus, I'd say.

[DailyDi]

Yep, that's a trojan on your device that is triggered by visiting adult sites.

[Little BabyDoll Christine]

If I were to make a predictioon, which nobodywould believe, you would probably find 3 or 4 of them working together. You need something to Priam out of there before they find your Achilles heel

[babykeiff]

4 hours ago, BabyJune said:

Just a heads-up that twice while loggng in I've gotten a spam message that my computer has been "corrupted" and to call a toll-free number to have it fixed. I immediately shut the computer down because the message locked up the whole computer. These people need to be shot for pulling such stunts! Anyone else got this message and what can be done about it?

@BabyJuneThat sounds like the Varenyky malware that has infected your device. Due to its secondary actions of storing your browsing history, it is usually best to factory reset your machine and your router to ensure that it is gone completely.

[babykeiff]

Everyone,

due to the prolificitian of nasty virus' and malware on the internet, specifically aimed at Windows 8 - 11 machines, if possible, roll back to Windows 7 and reinstall MS Security Essentials.

I am running Mozilla Firefox 107.0.1 on Windows 7 (64 bit) plus Microsoft Security Essentials connected to a static IP4 IP address on a router that is running a DHCP v4 server to a list of MAC filtered IP addresses and is limited to the exact count of devices I have connected. This means that only the devices I have can get a connection, and do so on a known IP address. On each device, I have disabled the DHCP Client and the DNS Client service. I also do not have the 'Guest access' enabled, nor do I show the SSID.   

What I have also done is blocked certain IP4 (specify packet filtering rules to limit the internet access for local hosts) ports on my router :-

• 239.0.0.0-239.255.255.255
  • IP Multicast - simply SPAM source of the internet.
• 74.125.193.150-74.125.193.159
  • Goggle hosts - that are usually used for tracking
• 209.85.202.150-209.85.202.159
  • More Goggle hosts - also used for tracking.
• 216.58.209.90-216.58.209.99
  • More Goggle hosts - also used for tracking.

This has blocked my computer from reaching these destinations, thus my computer does not send nor get any data from these ports. The javascript still runs, but the data transmission always fails.

To add to the security, I have AddBlock and Ghostery installed as addons to Mozilla Firefox.

[Little BabyDoll Christine]

Windows 7 hAs not been supported for years, which makes it dangerously risky; like jumping into a wolfpack wearing an overcoat made of steaks. I use MalwareBytes Premium. MS Security Essentials crashed me once. It has been upgraded to Widnows Defender. And who said the malware was on this site? I run Win 10, The latest FireFox, which has excellent security built in and with MalwareBytes integration. I also download with IDM when I can or Downloader for Youtube. I scan everthing nightly with MalwareBytes Premium

[babykeiff]

59 minutes ago, Little BabyDoll Christine said:

Windows 7 is no longer supported, which makes it dangerously risky; like jumping into a wolfpack wearing an overcoat made of steaks. I use MalwareBytes Premium. MS Security Essentials crashed me once. It has been upgraded to Widnows Defender. And who said the malware was on this site? I run Win 10, The latest FireFox, which has excellent security built in and with MalwareBytes integration. I also download with IDM when I can or Downloader for Youtube. I scan everthing nightly with MalwareBytes Premium

@Little BabyDoll ChristineDOS v1 is also 'no longer supported', but I have installed versions of that on Rasberry Pi machines to get them to work as a NAS without any issues. The fact that an OS is supported / not supported by the manufacturer is immaterial. I am still using a pen that was created over 40 years ago - and that is no longer supported by the manufacturer! What is so critical in having manufacturer support?

There is a story about how the Americans spent billions developing a pen that can work in space, where the Russians just used a pencil. Although that story is claimed to be false, there is a lesson within it. Why do you need to replace something that is not broken.... with something that came broken?

You have Win 10 - how have you dealt with the 2019/2020 update error KB5019966 dead loop in updating to such an extent that machines no longer reboots without a list of errors? Microsoft have yet to acknowledge that there is an error! Most ot the machines that have this error have had their complete system formated and reinstalled from scratch to no avail.

I do agree with you about Mozilla Firefox, but I don't need to scan with MalwareBytes or any other due to stopping the malware / virus at source via port blocking.

59 minutes ago, Little BabyDoll Christine said:

And who said the malware was on this site?

NOBODY!

I stated the following -

3 hours ago, babykeiff said:

That sounds like the Varenyky malware that has infected your device.

... which means I am referring to @BabyJune's device, not this site!

[oznl]

13 minutes ago, babykeiff said:

@Little BabyDoll ChristineDOS v1 is also 'no longer supported', but I have installed versions of that on Rasberry Pi machines to get them to work as a NAS without any issues. The fact that an OS is supported / not supported by the manufacturer is immaterial. I am still using a pen that was created over 40 years ago - and that is no longer supported by the manufacturer! What is so critical in having manufacturer support?

If the box running your obsolete/unsupported OS is offline and stand-alone, it most likely isn't a problem at all. 

If exposed to other systems however (other hosts on your network or the internet), those old OS frequently contain network services that have well known security holes in them (for which there is no countermeasure) and/or protocols that are now considered insecure in view of modern threats.  For many of these vulnerabilities, they can be exploited in a "drive by shooting" kind of fashion - it's not necessary for an operator to click on a dodgy link or launch an attachment.  The mere presence of them on the host opens a network door for remote exploitation.

https://www.theregister.com/2004/12/01/honeypot_test/  for an old story but a good one...

[Little BabyDoll Christine]

I never even noticed that 2019 error There was a more recent update error that kills a wireless mouse

Still, there maybe an advantage to using long outdated OS's. Who would be writing exploitware for Win 98/. Win 7 was a great OS. It would make sense for the users to form a group and maintain it. I like it's menu color control  more than 10. A real hardcore pro probably could use 7 but he would have to be a security software whiz-kid and once he or she closed the holes then that would be it since, not being updated it would be ultra-stable Win 10 has Win 7 embedded in it FireFox used to have Internet Explorer in it though they used two different core programs: Trident and, I think, Gecko. Fx used to have Ie Tab and IE View which would run programs that would work on IE but not in Fx. Back i 2018 MS Security Essentials crashed my disk and I lost my facebook page because I lost my facebook password and cot ZERO help from fb to restore things. I was able to restore most of my other accoutns because I got help from the companies. Only Facebook and Patreon were jerks

[oznl]

24 minutes ago, Little BabyDoll Christine said:

Still, there maybe an advantage to using long outdated OS's. Who would be writing exploitware for Win 98/. Win 7 was a great OS. It would make sense for the users to form a group and maintain it. I like it's menu color control  more than 10. A real hardcore pro probably could use 7 but he would have to be a security software whiz-kid and once he or she closed the holes then that would be it since, not being updated it would be ultra-stable

A problem with this is that whole protocols that are baked into these OS have subsequently been compromised and can be penetrated relatively easily.  It doesn't have to be an OS-specific attack.  For sure you can harden the OS by turning a lot of things off but it might prove tougher to do something like retrofit newer protocols because the old ones have been deprecated.

I hear what you're saying about Windows 7 though.  It was pretty good and if the bad guys had stood still, it still would be.

 

[babykeiff]

9 minutes ago, oznl said:

If the box running your obsolete/unsupported OS is offline and stand-alone, it most likely isn't a problem at all. 

If exposed to other systems however (other hosts on your network or the internet), those old OS frequently contain network services that have well known security holes in them (for which there is no countermeasure) and/or protocols that are now considered insecure in view of modern threats.  For many of these vulnerabilities, they can be exploited in a "drive by shooting" kind of fashion - it's not necessary for an operator to click on a dodgy link or launch an attachment.  The mere presence of them on the host opens a network door for remote exploitation.

https://www.theregister.com/2004/12/01/honeypot_test/  for an old story but a good one...

You have a very good point here, which I take on board. My machine / network is as secure as it can be made - that is unless I move to Wine etc.

The more modern systems Win 8+ are actually much more vunerable, and a pseudo copy of other failures in the industry.

What most people fail to realise is that a machine on a network is public - that is that the network address is just one in a list of billions and all are visible in some form or another on a network, and just needs the correct tools to access them. A high proportion of what makes a machine secure on a network is mainly based on what is classed as the 'needle in the haystack' concept - where trying to identify a specific machine is like finding a particlar piece of hay in a haystack.

The second, and most vunerable part of a machine is the 'auto' side of same and the traits of Microsoft to do everything for the user rather than have the user make to decisions. The Linux / Unix platforms attempt to 'get around' this by controlling each step, but that level requires the user to actually know not only what they want to do with a machine, but also how to do it. Most users are so seperated from the actual task by fancy GUIs, they would almost faint is they had to do the actual work that the computer does so seemlessly - yet they are the very ones that complain that their fancy app is causing problems!

At this stage, I am aware of most of, if not all the strengths and weaknesses in Win 7 OS.... and have enough around it to do what I want the way I want to do it. With Win 8+, I am forced to trust someone who is, by history, proven to be untrustworthy. Microsoft never admit there is an error, but in later updates, the error that didn't exist is mysteriously fixed!

It has been years since I have actually been attacked by any virus / malware, not only on my home machines, but also on numerous business machines. If I am so wrong about this, and as you state - and the tests ran by USA Today state, then why is the internet still running on very old Linux and Unix systems - where it has yet to crash. If Windows 10/11 is so good, why has businesses not 'jumped' to get something that is supposed to be so secure - because the reality is Windows is flawed from day one. Android tried to address these issues with its OS, but Trump / Biden think that the OS is spying better on them than they are spying on the rest of the world - and tried to ban same! Apple OS (AppleTalk) is so crap it is almost a joke, and Apple are following the path of Compaq... making everything bespoke Apple. It is only a matter of time before the idiots that bought Apple products actually cop on to what junk it actually is <- my humble opinion.

Most secure systems that we actually trust is running in Wine on a Linux / Unix platform including the Teller App* - bank teller machines where people lodge / withdraw money. Wine is a windows emulator that runs in a shell on Linux / Unix. The GUI of same is Kylix (Delphi on Linux) where the back end is SQL and IBM CoBOL85.

Web applications are normally visible HTML, but they are being dynamically created by C# MVC etc. C# is basically C++ on speed which is based on EriPascal systems including Borland Pascal and Visiginec based software - from 2000. Java was created to try and 'simplify' the development, but all it has done is dumb done the developers that use same. If I asked most developers about memory management and/or pointer arithmetic, it would blow their minds. Talk about ASM or anything on that level, and they would simply explode.

The actual only difference between a machine of 1939 (first binary computer) and machines being manufactured today is the speed of the process. Still, everything is being done one item at a time. That is 100+ years of progress... to create a computer that is, in real terms, slightly faster than the original. If biology worked at this snails pace, we would still be crawling on our bellies, unable to see and breath out of water!

The reason for the delay is :-

• it is not profitable enough to educate users.
• fools and their money are soon parted.

@Little BabyDoll Christine,

There are processes within sites like fb etc to key in a user name and then click 'Forgot Password' where the option to change the password will be emailed to you. However, if you were using Google signin, the email they will send is that you need to login via Google.

[babykeiff]

14 minutes ago, oznl said:

it might prove tougher to do something like retrofit newer protocols because the old ones have been deprecated.

@oznlYou are correct in that old protocols have been deprecated, but if you know the source of the old protocol, then when you fix the errors at the low levels, the 'new' polished protocols that use the low levels are still retrofitted. I am around long enough in this industry not only to know the old protocol that is being deprecated, but to know the previous one that this old protocol replaced.