Ransomeware attack

Howard Parker · Post by **Howard Parker** » 4 Nov 2019 7:02 am

Running Win10. Windows Defender. Latest patches all current.

W.D. has been catching these attacks(?) and will shut down any current browser (Firefox 70.0.1 current) session. While annoying W.D. says successfully quarantined.

I've run an offline W.D. full scan as well as multiple (free) Malwarebyte scans.

All negative.

Anything else I should be concerned with?

Thanks in advance.

hp

entries found.
Behavior:Win32/Wadhrama.B!rsm
Updated on Aug 30, 2017
Alert level: severe
Ransom:Win32/Wadhrama
Updated on Jan 10, 2018

Wiz Feinberg · Post by **Wiz Feinberg** » 4 Nov 2019 8:35 am

Sounds like a false positive. I run Malwarebytes and Windows Defender and haven't had any problems from either. No dangerous files are executed and hostile web pages won't even load unless I override the warning page explicitly allow them to.

To be sure, could you PM or email me links to pages that you are on when these WD warnings happen? It may need to be reported.

Howard Parker · Post by **Howard Parker** » 4 Nov 2019 8:45 am

Wiz,

Thanks for the response. I might have multiple tabs open but, it's my impression that that I'm viewing Facebook most of the time. Facebook content, not any 3rd party links.

Howard

Wiz Feinberg · Post by **Wiz Feinberg** » 5 Nov 2019 8:06 am

I see you are running Malwarebytes in free mode. That doesn't protect your browser from exploit code. Users who subscribe to Malwarebytes are protected in real time from browser based attacks (like ransomware).

If you prefer to not use paid for realtime protection, the NoScript Add-On for Firefox will block JavaScript redirects from poisoned iframe ads and from hostile links. But, there is a learning curve to live with it. It blocks scripting by default. You have to whitelist domains you want to run JavaScript on (like Facebook), or they may not function. So, if there is a link to a clickbait article on Facebook (the kind people like to blindly share) and the landing page is not on Facebook itself, NoScript will block JavaScript from running on that article page. Thus, if that page contains a JavaScript redirect inside an iframe to a malware download site, it wont execute. Best of all, NoScript is free, or donationware.

Howard Parker · Post by **Howard Parker** » 5 Nov 2019 10:33 am

Makes perfect sense. Thanks Wiz!

hp

Howard Parker · Post by **Howard Parker** » 6 Nov 2019 12:44 pm

For the few that might have an interest...

The alerts ceased after the Nov 5 definition update.

So, I'm considering the matter closed.

Wiz, thanks for sharing your thoughts and knowledge.

hp

Wiz Feinberg · Post by **Wiz Feinberg** » 6 Nov 2019 4:14 pm

You may need to remove the quarantined items or at least scan it again.

Howard Parker · Post by **Howard Parker** » 6 Nov 2019 4:19 pm

Good idea.

I'll let WD do another offline scan. Might as well follow up with another MB scan.

Thanks

h

Regan Branch · Post by **Regan Branch** » 11 Dec 2019 11:09 am

The most trusted anti malware program in the world is Malwarebytes. You need to get McAffee off your system if that's the case and sign up for Malwarebytes. Easy peazy will do all the work for you. All other anti malware softwares that I know of contain malware themselves.

Regan Branch · Post by **Regan Branch** » 15 Dec 2019 10:26 am

Refer to my recent response in the thread I authored entitled, "Iâ€™m new here and Iâ€™m an IT guy" in the Computer forum.

The Steel Guitar Forum

Ransomeware attack

Ransomeware attack

Ransomeware Update