Security Alert: Handbrake Download Mirror was Compromised

HandBrake

From Handbrake.fr:

SECURITY WARNING

Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it.

Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.”

If you have Handbrake installed on your Macs, you should check if it is compromised by this Trojan.

Also:

“Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores.”

YIKES!

Malware, Malware and more Malware.

For the past week I have been removing a lot of Malware from a lot of computers running Windows XP, Windows Vista, Windows 7 and Windows 8. Some are harder to remove than the others. In general I’d like to avoid the Scorched-Earth scenario whenever possible, as it is the last resort.

Malware Script

There are a lot of ways to remove Malware, there is not a single solution.

Whenever removing Malware from Windows computers I tend to boot to Safe mode with a Command prompt and remove any Malware reference from “Run” key in the registry and Start from Programs Menu.

Some tools/programs that I use:

I then use Microsoft’s Malicious Software Removal Tool and Safety Scanner to for the second run of Malware removal.

There are a lot of other tools/programs that I use to remove the Malware whenever necessary.

 

Scam Alert: movieplayerupdate.com and videoplayerdownload.co

A Mozilla Firefox user reported popup ads from movieplayerupdate.com (movieplayerupdate.com/mtrack/free_download/1/pre/).
Another Mozilla Firefox user also reported the popup ads from movieplayerupdate.com (movieplayerupdate.com/flashplayer/download_free/).

Both links now show 404 not found, but not before we managed to grab a screenshot. It says:

http:// movieplayerupdate.com

WARNING! Your Flash Player may be out of date. Please update to continue

movieplayerupdate_dot_com

The site is also telling user:

Please Install Flash Player Pro to Continue

Remember folks, there is no such thing as “Flash Player Pro”.

The links on both “REMIND ME LATER” and “INSTALL” point to: mtrack10.com/base2.php

By clicking either button, an executable file will be downloaded.

movieplayerupdate_dot_com-scam

A user sent us a note that similar popups from videoplayerdownload.co were found (videoplayerdownload.co/free-download/mt/1/pre/).

videoplayerdownload_dot_co-scam

The “Install Now” link also points to mtrack10.com/base2.php

videoplayerdownload_dot_co

It seems that both movieplayerupdate.com (whois info) and videoplayerdownload.co (whois info) are registered by the same individual through GoDaddy on the same day (Feb 20, 2013).

The domain mtrack10.com (whois info) is also registered through GoDaddy one week earlier (Feb 14, 2013).

By clicking the “Install Now” button, an executable file will be downloaded.

——-

It is pretty obvious the individuals behind the domain names mentioned above are unscrupulous. Do not blindly download some programs just because a popup told you so.

To update Flash Player, download it direct from Adobe.

http://www.adobe.com/products/flashplayer/distribution3.html

Microsoft Security Essentials Fails! Marks Firefox Uninstaller as Trojan.

Apparently Microsoft still doesn’t like Mozilla Firefox. Microsoft Security Essentials marks Mozila Firefox uninstaller as Trojan.

ms_se_fails_firefox

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.

Category: Trojan

Get more information about this item online.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan%3aWin32%2fComame&threatid=2147624660

What is really going on there?

Anything Goes: June 24th, 2009 Edition.

I had quite a crazy morning with Outlook and Exchange Server. Then I went to the Apple Store to get a 15-inch MacBook Pro Battery replaced. It only has 70 full-charge-cycles and it lasts about 5 minutes of charge.

Bunch of letters and numbers and punctuations from the series of tubes:

Spinal Tap: Back From The Dead

——-

Disclaimer

If you bought anything through Amazon link above, and I get some kickbacks.

“If you buy Spinal Tap: Back From The Dead CD, I can buy this Canon Vixia HV40 HDV Camcorder” to paraphrase the great Robert Schimmel.