Hello, I did not hear about this. Can you provide more information? What happened and what was hit? How do you detect this on a machine? Thanks. Dave. On 5/13/17, Simon Eigeldinger wrote:

Hi David,

Maybe no nagware. maybe it has something to do with the worldwide hacker attack that happened on friday.

greetings, simon

Am 13.05.2017 um 18:24 schrieb David Mehler:

...

Hello,

Is there any new "nagware" out lately like in the last week or so? Nagware is what I call those virus fakes that pop up and read out with a tts "Your computer is infected, call this number etc etc etc".

I've got a machine that has it, it was a low priority until that owner got another machine infected, which is a high priority. Things we've tried, this is on win10 1607, Windows defender, Malware bytes (version unknown), (is v3 really accessible last time I tried it no joy), and a disk cleanup giving emphasis to deleting the temporary files. Also, a ccleaner.

The issue is nothing is detecting this malware, not defender or malware bytes, and cleaning the temporary files didn't stop it.

Browser used, firefox, (version unknown).

Last item one machine user was visiting the site www.watchfree.to

I also replaced the system's hosts file with one specifically designed to block a lot of ad sites, can't remember where I got it from, no joy.

Any help appreciated.

Thanks. Dave.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

-- Simon Eigeldinger Follow me on Twitter: http://www.twitter.com/domasofan/ E-Mail: simon.eigeldinger@vol.at MSN: simon_eigeldinger@hotmail.com ICQ: 121823966 Jabber: domasofan@andrelouis.com

--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus

Hi, there is loads of info online on the net. according to some texts its you just look that you have all patches added and don't open stuff you don't know. well the default stuff what you always should do but some people pretty often forget. its all over the news over here and i guess the rest of the world as well. greetings, simon Am 13.05.2017 um 20:09 schrieb David Mehler:

Hello,

I did not hear about this. Can you provide more information? What happened and what was hit? How do you detect this on a machine?

Thanks. Dave.

On 5/13/17, Simon Eigeldinger wrote:

...

Hi David,

Maybe no nagware. maybe it has something to do with the worldwide hacker attack that happened on friday.

greetings, simon

Am 13.05.2017 um 18:24 schrieb David Mehler:

...

Hello,

Is there any new "nagware" out lately like in the last week or so? Nagware is what I call those virus fakes that pop up and read out with a tts "Your computer is infected, call this number etc etc etc".

I've got a machine that has it, it was a low priority until that owner got another machine infected, which is a high priority. Things we've tried, this is on win10 1607, Windows defender, Malware bytes (version unknown), (is v3 really accessible last time I tried it no joy), and a disk cleanup giving emphasis to deleting the temporary files. Also, a ccleaner.

The issue is nothing is detecting this malware, not defender or malware bytes, and cleaning the temporary files didn't stop it.

Browser used, firefox, (version unknown).

Last item one machine user was visiting the site www.watchfree.to

I also replaced the system's hosts file with one specifically designed to block a lot of ad sites, can't remember where I got it from, no joy.

Any help appreciated.

Thanks. Dave.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

-- Simon Eigeldinger Follow me on Twitter: http://www.twitter.com/domasofan/ E-Mail: simon.eigeldinger@vol.at MSN: simon_eigeldinger@hotmail.com ICQ: 121823966 Jabber: domasofan@andrelouis.com

--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus

-- Simon Eigeldinger Follow me on Twitter: http://www.twitter.com/domasofan/ E-Mail: simon.eigeldinger@vol.at MSN: simon_eigeldinger@hotmail.com ICQ: 121823966 Jabber: domasofan@andrelouis.com

It's hard to tell people though never to click on an email link. Sometimes sending an email is the best way to get your point across, so there's always a balance. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of vic.pereira@ssc-spc.gc.ca Sent: Monday, May 15, 2017 9:51 AM To: blind-sysadmins@lists.hodgsonfamily.org Subject: Re: [Blind-sysadmins] Windows machines, new nagware We try very hard to get people not to click on anything even if it looks like it is coming from a credible source. But as any communications strategy goes, just when you think you have it right something happens that ends up biting you in the bum. A short time ago, I was about to send an all staff email message complementing everyone on the great job they did by following all of our recommendations, because we dodged a major incident. Wouldn't you know it, our helpdesk got a call, because one of our directors clicked on a link in the body of a message that, yes of course, didn't come from a creditable source. Although we try to let people know that financial institutions and even our helpdesk will never send a message asking to verify information or to run activate the link to update information or systems, the message will never reach at least one person. To top it all off, this person was with our finance department. One would think that if any area is overly cautious it would be them. Vic Pereira Project Manager, Intra-Building Networks Real Property Projects | Networks and End-Users Branch Shared Services Canada | Government of Canada vic.pereira@ssc-spc.gc.ca | Tel: 204-781-5046   Gestionnaire de Projet, Réseau Intra-Immeubles Projets biens immobiliers | Direction générale des Réseaux et utilisateurs finaux Services partagés Canada | Gouvernement du Canada vic.pereira@ssc-spc.gc.ca | Tél: 204-781-5046 -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Simon Eigeldinger Sent: Saturday, May 13, 2017 13:26 To: David Mehler Cc: Blind sysadmins list Subject: Re: [Blind-sysadmins] Windows machines, new nagware Hi, there is loads of info online on the net. according to some texts its you just look that you have all patches added and don't open stuff you don't know. well the default stuff what you always should do but some people pretty often forget. its all over the news over here and i guess the rest of the world as well. greetings, simon Am 13.05.2017 um 20:09 schrieb David Mehler:

Hello,

I did not hear about this. Can you provide more information? What happened and what was hit? How do you detect this on a machine?

Thanks. Dave.

On 5/13/17, Simon Eigeldinger wrote:

...

Hi David,

Maybe no nagware. maybe it has something to do with the worldwide hacker attack that happened on friday.

greetings, simon

Am 13.05.2017 um 18:24 schrieb David Mehler:

...

Hello,

Is there any new "nagware" out lately like in the last week or so? Nagware is what I call those virus fakes that pop up and read out with a tts "Your computer is infected, call this number etc etc etc".

I've got a machine that has it, it was a low priority until that owner got another machine infected, which is a high priority. Things we've tried, this is on win10 1607, Windows defender, Malware bytes (version unknown), (is v3 really accessible last time I tried it no joy), and a disk cleanup giving emphasis to deleting the temporary files. Also, a ccleaner.

The issue is nothing is detecting this malware, not defender or malware bytes, and cleaning the temporary files didn't stop it.

Browser used, firefox, (version unknown).

Last item one machine user was visiting the site www.watchfree.to

I also replaced the system's hosts file with one specifically designed to block a lot of ad sites, can't remember where I got it from, no joy.

Any help appreciated.

Thanks. Dave.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

-- Simon Eigeldinger Follow me on Twitter: http://www.twitter.com/domasofan/ E-Mail: simon.eigeldinger@vol.at MSN: simon_eigeldinger@hotmail.com ICQ: 121823966 Jabber: domasofan@andrelouis.com

--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus

-- Simon Eigeldinger Follow me on Twitter: http://www.twitter.com/domasofan/ E-Mail: simon.eigeldinger@vol.at MSN: simon_eigeldinger@hotmail.com ICQ: 121823966 Jabber: domasofan@andrelouis.com _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

Hi, It's malware bytes 3 the nonpremium version. Is malware bytes3 accessible? Thanks. Dave. On 5/13/17, George Bell wrote:

You say, "Malware bytes (version unknown)". The latest version is at least 3.0.6, and they claimed in a message today that it would have protected the latest world-wide calamity. Here is an extract of that message:-

" We're alerting you to reassure you that if you're currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the WanaCrypt0r ransomware before it can encrypt your files. (The free version of Malwarebytes, however, does not protect you against WanaCrypt0r. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.) Learn more about Malwarebytes".

If it is still not accessible, I'd suggest it is worth calling in a sighted friend to assist.

George

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of David Mehler Sent: 13 May 2017 17:25 To: blind-sysadmins Subject: [Blind-sysadmins] Windows machines, new nagware

Hello,

Is there any new "nagware" out lately like in the last week or so? Nagware is what I call those virus fakes that pop up and read out with a tts "Your computer is infected, call this number etc etc etc".

I've got a machine that has it, it was a low priority until that owner got another machine infected, which is a high priority. Things we've tried, this is on win10 1607, Windows defender, Malware bytes (version unknown), (is v3 really accessible last time I tried it no joy), and a disk cleanup giving emphasis to deleting the temporary files. Also, a ccleaner.

The issue is nothing is detecting this malware, not defender or malware bytes, and cleaning the temporary files didn't stop it.

Browser used, firefox, (version unknown).

Last item one machine user was visiting the site www.watchfree.to

I also replaced the system's hosts file with one specifically designed to block a lot of ad sites, can't remember where I got it from, no joy.

Any help appreciated.

Thanks. Dave.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

If the files aren't encrypted just do a backup and reinstall the OS. Think how many reinstalls you could have done in the time it's taken you to go down this rabbit hole. On 5/13/17, David Mehler wrote:

Hi,

It's malware bytes 3 the nonpremium version.

Is malware bytes3 accessible?

Thanks. Dave.

On 5/13/17, George Bell wrote:

...

You say, "Malware bytes (version unknown)". The latest version is at least 3.0.6, and they claimed in a message today that it would have protected the latest world-wide calamity. Here is an extract of that message:-

" We're alerting you to reassure you that if you're currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the WanaCrypt0r ransomware before it can encrypt your files. (The free version of Malwarebytes, however, does not protect you against WanaCrypt0r. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.) Learn more about Malwarebytes".

If it is still not accessible, I'd suggest it is worth calling in a sighted friend to assist.

George

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of David Mehler Sent: 13 May 2017 17:25 To: blind-sysadmins Subject: [Blind-sysadmins] Windows machines, new nagware

Hello,

Is there any new "nagware" out lately like in the last week or so? Nagware is what I call those virus fakes that pop up and read out with a tts "Your computer is infected, call this number etc etc etc".

I've got a machine that has it, it was a low priority until that owner got another machine infected, which is a high priority. Things we've tried, this is on win10 1607, Windows defender, Malware bytes (version unknown), (is v3 really accessible last time I tried it no joy), and a disk cleanup giving emphasis to deleting the temporary files. Also, a ccleaner.

The issue is nothing is detecting this malware, not defender or malware bytes, and cleaning the temporary files didn't stop it.

Browser used, firefox, (version unknown).

Last item one machine user was visiting the site www.watchfree.to

I also replaced the system's hosts file with one specifically designed to block a lot of ad sites, can't remember where I got it from, no joy.

Any help appreciated.

Thanks. Dave.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

There's a couple things you can do. First, I like a tool called frst.exe (farbar scan & recovery tool) for cleaning up all sorts of garbage on a computer. The downside of the tool is that you better know precisely what you're doing, or you could bring it down in a screaming, foaming, convulsing heap. It lists stuff on the machine, both good & bad, so you've got to know the difference. But you can often catch stuff other tools won't. It's a little like HijackThis, if you're familiar w/that, but it also has an option to fix what you ask it to fix simply by copying the entries into a text file, putting the file into the FRST folder, naming it fixlist.txt, & running the tool w/the 'Fix' option. It's available in 32 & 64-bit versions. It's particularly good for fixing machines via email. In terms of prevention, 1 of the first things I recommend is a DNS other than the 1 on the router. Both OpenDNS & GoogleDNS are acceptable. I personally use OpenDNS, & it's highly configurable, allowing you to block all sorts of sites, ie., porn, gambling, & even social networking sites. You can download a hosts file from: https://hosts-file.net/?s=Download but be advised that some sites are blocked completely that aren't necessarily harmful, ie, Commission Junction & Google ads; thus, some sites that the user may in fact find desirable can't be viewed. I had to make changes in it in order to view Dr. Peter Meijer's vOICe site, for example, because the Google ads were required viewing. What he offers is free--so fair enough. For Windows PC's, there's a program called Spyware Blaster that prevents a lot of spyware from getting on your computer. From an accessibility viewpoint, however, it's pretty iffy. It can be used, but it requires a good deal of fiddling. I personally think what you're talking about, Dave, has very little to do w/the massive cyber attack that took place yesterday. That was a very real ransomeware attack. This, on the other hand, is nothing but scareware. On 5/13/17, David Mehler wrote:

Hi,

It's malware bytes 3 the nonpremium version.

Is malware bytes3 accessible?

Thanks. Dave.

On 5/13/17, George Bell wrote:

...

You say, "Malware bytes (version unknown)". The latest version is at least 3.0.6, and they claimed in a message today that it would have protected the latest world-wide calamity. Here is an extract of that message:-

" We're alerting you to reassure you that if you're currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the WanaCrypt0r ransomware before it can encrypt your files. (The free version of Malwarebytes, however, does not protect you against WanaCrypt0r. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.) Learn more about Malwarebytes".

If it is still not accessible, I'd suggest it is worth calling in a sighted friend to assist.

George

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of David Mehler Sent: 13 May 2017 17:25 To: blind-sysadmins Subject: [Blind-sysadmins] Windows machines, new nagware

Hello,

Is there any new "nagware" out lately like in the last week or so? Nagware is what I call those virus fakes that pop up and read out with a tts "Your computer is infected, call this number etc etc etc".

I've got a machine that has it, it was a low priority until that owner got another machine infected, which is a high priority. Things we've tried, this is on win10 1607, Windows defender, Malware bytes (version unknown), (is v3 really accessible last time I tried it no joy), and a disk cleanup giving emphasis to deleting the temporary files. Also, a ccleaner.

The issue is nothing is detecting this malware, not defender or malware bytes, and cleaning the temporary files didn't stop it.

Browser used, firefox, (version unknown).

Last item one machine user was visiting the site www.watchfree.to

I also replaced the system's hosts file with one specifically designed to block a lot of ad sites, can't remember where I got it from, no joy.

Any help appreciated.

Thanks. Dave.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

-- Remember! Friends Help Friends Be Cybersafe Jackie McBride Helping Cybercrime Victims 1 Person at a Time https://brighter-vision.com