At present I am using Windows Security and seem to have a problem.
After a virus scan I am informed that I have viruses in 4 files.
Two of these files do not exist on my pc. The other two I delete
and empty the recycle bin. I then do another scan and the same
four files are reported. This has occurred for weeks now, every scan
reporting on these non-existent files.
Can anyone advise ?
TIA

--
remove fred before emailing

On 11/8/2021 10:08 AM, scbs29 wrote:
> At present I am using Windows Security and seem to have a problem.
> After a virus scan I am informed that I have viruses in 4 files.
> Two of these files do not exist on my pc. The other two I delete
> and empty the recycle bin. I then do another scan and the same
> four files are reported. This has occurred for weeks now, every scan
> reporting on these non-existent files.
> Can anyone advise ?
> TIA
>

There is *no* utility, that can properly report every
aspect of the NTFS file system.

Each utility misses something.

Most of the time, the "normal files" are not a problem.
But if you were asking, is there an easy utility that can
show me every aspect of my file system, no, not really.

*******

Around the year 2000 to 2003 or so, the "nfi.exe" utility
came out. I'm not aware of this having been improved
or re-written over the years. It could use some improvements.

https://en.wikipedia.org/wiki/NTFS

https://web.archive.org/web/20150223112102/http://support.microsoft.com/kb/253066/en-us

https://web.archive.org/web/20150223112102/http://download.microsoft.com/download/win2000srv/utility/3.0/nt45/en-us/oem3sr2.zip

Once you unzip that, you can run nfi.exe

Administrator Command Prompt

cd /d C:\users\username\Downloads # where nfi.exe is unpacked

nfi.exe C: > nfi_c.txt

notepad nfi_c.txt

And in the Notepad, *now* go look for the invisible file names.

*******

It's malware. Just because you can see the files, doesn't
mean removing the files does any good.

While I can offer the above hint, I'm no good at removing
malware. Getting guided help at places like bleepingcomputer
is a better option for a persistent pest.

Paul

scbs29 <scbs29@fred.talktalk.net> wrote:

> At present I am using Windows Security and seem to have a problem.
> After a virus scan I am informed that I have viruses in 4 files.
> Two of these files do not exist on my pc. The other two I delete
> and empty the recycle bin. I then do another scan and the same
> four files are reported. This has occurred for weeks now, every scan
> reporting on these non-existent files.

Did you enable seeing hidden and system files in File Explorer? Do you
have permissions to read in whatever folders are the files?

Files reappearing means a process is running that creates them. The
folder or file names might indicate which process is creating them.
Else, you can use SysInternals' FileMon to monitor on those filenames.
Delete the files, but don't run a full AV scan as that will touch a lot
of files. Although you can filter in FileMon, that only changes the
view of the log. All entries still get recorded in the log, so the log
can be huge, and after awhile the system will bog down trying to keep up
with all the entries going into the log. Load FileMon, create the
filter looking for the files in the log, delete the files, and see if
FileMon detects Create events on those files. If the files show up
after an AV scan, just watch FileMon for the same amount of time to do
the AV scan (but resist doing an AV scan). You want to use Filemon to
see if and when the files reappear, and what process created them.

Note that if the AV is using signatures (in addition to other methods)
to detect infected files, there can be false positives. Some AVs let
you report false positives. I've had AVs false alert on VMs (Virtual
Machines) simply because a series of bytes somewhere in the .vhd file
matched on a badware signature. The VMs were for fresh and clean
installs of Windows (usually customized during installs to eliminate the
dross not needed in VMs to test unknown or untrusted software). I even
had a false positive against a backup file, but for a host where the
scan didn't alert on anything. Tis the problem with signature-based
malware detection: the string for the signature could be in a completely
benign file.

FileMon isn't the easiest tool to understand. Disabling all startup
programs might eliminate whatever is creating those files. Microsoft
disabled the Startup tab in msconfig.exe to make startup config easy,
and moved it to Task Manager's Startup tab. In msconfig, you could
select a startup mode that disabled all startup programs all at once for
selection. Task Manager's Startup tab has to disable them one at a
time. SysInternals (acquired by Microsoft) also has their AutoRuns tool
for managing startup programs. It is far more thorough than msconfig or
Task Manager's Startup tab for the various ways to define startup items.
For example, WinLogon events run programs when you log into a Windows
account, and some startup programs are defined in Task Scheduler.

Without specifics, like filenames and folder names, and what the AV says
is the type of malware, resolving vague descriptions often results in
very generic troubleshooting. An online search on the file and folder
names might turn up something related to what creates them.

VanguardLH <V@nguard.LH> wrote:

> scbs29 <scbs29@fred.talktalk.net> wrote:
>
>> At present I am using Windows Security and seem to have a problem.
>> After a virus scan I am informed that I have viruses in 4 files.
>> Two of these files do not exist on my pc. The other two I delete
>> and empty the recycle bin. I then do another scan and the same
>> four files are reported. This has occurred for weeks now, every scan
>> reporting on these non-existent files.
>
> Did you enable seeing hidden and system files in File Explorer? Do you
> have permissions to read in whatever folders are the files?
>
> Files reappearing means a process is running that creates them. The
> folder or file names might indicate which process is creating them.
> Else, you can use SysInternals' FileMon to monitor on those filenames.
> Delete the files, but don't run a full AV scan as that will touch a lot
> of files. Although you can filter in FileMon, that only changes the
> view of the log. All entries still get recorded in the log, so the log
> can be huge, and after awhile the system will bog down trying to keep up
> with all the entries going into the log. Load FileMon, create the
> filter looking for the files in the log, delete the files, and see if
> FileMon detects Create events on those files. If the files show up
> after an AV scan, just watch FileMon for the same amount of time to do
> the AV scan (but resist doing an AV scan). You want to use Filemon to
> see if and when the files reappear, and what process created them.
>
> Note that if the AV is using signatures (in addition to other methods)
> to detect infected files, there can be false positives. Some AVs let
> you report false positives. I've had AVs false alert on VMs (Virtual
> Machines) simply because a series of bytes somewhere in the .vhd file
> matched on a badware signature. The VMs were for fresh and clean
> installs of Windows (usually customized during installs to eliminate the
> dross not needed in VMs to test unknown or untrusted software). I even
> had a false positive against a backup file, but for a host where the
> scan didn't alert on anything. Tis the problem with signature-based
> malware detection: the string for the signature could be in a completely
> benign file.
>
> FileMon isn't the easiest tool to understand. Disabling all startup
> programs might eliminate whatever is creating those files. Microsoft
> disabled the Startup tab in msconfig.exe to make startup config easy,
> and moved it to Task Manager's Startup tab. In msconfig, you could
> select a startup mode that disabled all startup programs all at once for
> selection. Task Manager's Startup tab has to disable them one at a
> time. SysInternals (acquired by Microsoft) also has their AutoRuns tool
> for managing startup programs. It is far more thorough than msconfig or
> Task Manager's Startup tab for the various ways to define startup items.
> For example, WinLogon events run programs when you log into a Windows
> account, and some startup programs are defined in Task Scheduler.
>
> Without specifics, like filenames and folder names, and what the AV says
> is the type of malware, resolving vague descriptions often results in
> very generic troubleshooting. An online search on the file and folder
> names might turn up something related to what creates them.

Oh, in addition, you can use SysInternals' 'strings' command in a
console window to find character strings in files. Sometimes you'll
find strings that hint what the files are for, and what might've created
them.

scbs29 wrote:
> At present I am using Windows Security and seem to have a problem.
> After a virus scan I am informed that I have viruses in 4 files.
> Two of these files do not exist on my pc. The other two I delete
> and empty the recycle bin. I then do another scan and the same
> four files are reported. This has occurred for weeks now, every scan
> reporting on these non-existent files.
> Can anyone advise ?
> TIA

See what one or more online scanners say.
Google: "online virus scanner"

On 11/8/2021 10:32 PM, Paul in Houston TX wrote:
> scbs29 wrote:
>> At present I am using Windows Security and seem to have a problem.
>> After a virus scan I am informed that I have viruses in 4 files.
>> Two of these files do not exist on my pc. The other two I delete
>> and empty the recycle bin. I then do another scan and the same
>> four files are reported. This has occurred for weeks now, every scan
>> reporting on these non-existent files.
>> Can anyone advise ?
>> TIA
>
> See what one or more online scanners say.
> Google: "online virus scanner"

Do you want "online" or "offline" ?

Examples of "offline" would be Kaspersky Rescue CD
or the Bitdefender CD. These tend to be Linux CDs
with a signature scanner onboard, that scan C: after
you boot from their CD.

An example of an "online" tool, would have been
the old Malwarebytes MBAM, which you would execute
on a running Windows system, and it would "burrow in"
and look for behavioral stuff (malware hooking things).
Their "Chameleon" technology, would change the name
of the malwarebytes executable, in an attempt to
fool the malware. "Burrowing in" is hard. It's just
as hard as designing malware to burrow into a system.

Malwarebytes today, their product emphasis is more of
a traditional "installable" AV product. And they have
a confusing array of trial, free, and paid, to enhance
your level of confusion.

Which of those approaches did you have in mind ?

I tried a product once, that launched from a web page
(making it "online"), with the intention I suppose,
that it would burrow in, but it was a hot mess and
based on the error messages it was throwing, there
wasn't a chance that it was going to be able to do
anything. So some of the online ones,
are really really bad. Embarrassingly bad.
At least the old Malwarebytes, was an earnest attempt.
Not a sham like some.

And even though Malwarebytes does not agree with the
notion of seeding C: with a copy of EICAR test file,
I like to do that. I do that because of the products
out there that are so defective, their scan isn't
really scanning anything. When they don't find EICAR,
the jig is up. Busted. You have to be able to scan
well enough, to "find a text string" :-) Proof of effort.

https://en.wikipedia.org/wiki/EICAR_test_file

Paul

On 09/11/2021 05:31, Paul wrote:
> On 11/8/2021 10:32 PM, Paul in Houston TX wrote:
>> scbs29 wrote:
>>> At present I am using Windows Security and seem to have a problem.
>>> After a virus scan I am informed that I have viruses in 4 files.
>>> Two of these files do not exist on my pc. The other two I delete
>>> and empty the recycle bin. I then do another scan and the same
>>> four files are reported. This has occurred for weeks now, every scan
>>> reporting on these non-existent files.
>>> Can anyone advise ?
>>> TIA
>>
>> See what one or more online scanners say.
>> Google: "online virus scanner"
>
> Do you want "online" or "offline" ?
>
> Examples of "offline" would be Kaspersky Rescue CD
> or the Bitdefender CD. These tend to be Linux CDs
> with a signature scanner onboard, that scan C: after
> you boot from their CD.
>
> An example of an "online" tool, would have been
> the old Malwarebytes MBAM, which you would execute
> on a running Windows system, and it would "burrow in"
> and look for behavioral stuff (malware hooking things).
> Their "Chameleon" technology, would change the name
> of the malwarebytes executable, in an attempt to
> fool the malware. "Burrowing in" is hard. It's just
> as hard as designing malware to burrow into a system.
>
> Malwarebytes today, their product emphasis is more of
> a traditional "installable" AV product. And they have
> a confusing array of trial, free, and paid, to enhance
> your level of confusion.
>
> Which of those approaches did you have in mind ?
>
> I tried a product once, that launched from a web page
> (making it "online"), with the intention I suppose,
> that it would burrow in, but it was a hot mess and
> based on the error messages it was throwing, there
> wasn't a chance that it was going to be able to do
> anything. So some of the online ones,
> are really really bad. Embarrassingly bad.
> At least the old Malwarebytes, was an earnest attempt.
> Not a sham like some.
>
> And even though Malwarebytes does not agree with the
> notion of seeding C: with a copy of EICAR test file,
> I like to do that. I do that because of the products
> out there that are so defective, their scan isn't
> really scanning anything. When they don't find EICAR,
> the jig is up. Busted. You have to be able to scan
> well enough, to "find a text string" :-) Proof of effort.
>
> https://en.wikipedia.org/wiki/EICAR_test_file

Hi Paul,

As always, a straight-forward and informative answer. :-D

You mention the Kaspersky Rescue CD and the Bitdefender CD.

Do these items work successfully on Apple hardware?

If so, because they are, I believe, signature based do you agree that
there may well be malware which they will NOT detect (a Rootkit, for
example).

TIA

('my' ACW group added)

On 11/9/2021 5:05 AM, David Brooks wrote:

> Hi Paul,
>
> As always, a straight-forward and informative answer. :-D
>
> You mention the Kaspersky Rescue CD and the Bitdefender CD.
>
> Do these items work successfully on Apple hardware?
>
> If so, because they are, I believe, signature based do you agree
> that there may well be malware which they will NOT detect (a Rootkit, for example).
>
> TIA
>
> ('my' ACW group added)

O.o

The fun of answering these questions, is finding
a polite way to answer them.

You're asking a question about Macs, in a Windows group.
That can't end well.

*******

I'm forced to use an analogy, because I have little
to contribute to an answer.

You may remember instances of children putting
peanut butter and jam sandwiches in the rectangular
opening of VCR players. The children are pretty young,
and are using exploratory thinking - square hole,
square sandwich.

First, we notice that the PC CD, fits in the Mac optical
drive tray. In the PPC era, the OpenFirmware loader would
be unlikely to play with such stuff. Zero chance of working.
In the Intel era, I understand the boot loader is
no longer OF, but is UEFI. but what happens after that,
who can say, except the person who personally tests it.

Leaving that observation for the moment, if it did
boot, what would the expected outcome be.

Would a peanut butter and jam flavored movie begin to play ?

Why would we scan for PC malware, on a Macintosh ?

I don't even know if there is such a thing as a
signature database for Macintosh malware. I don't
even know how many Intel-generation malwares there
are for Macintosh. Or how many commercial tools exist
for Macintosh, for this sort of application (AV).

Even a person in comp.sys.mac.* , would have a hard
time finding a way to answer this question. Does
anyone in comp.sys.mac.* scan for PC malware ?
I hope not. Not on personal machines. Maybe
on some server device.

To begin with, the application is a corner case, at
the best of times. There isn't much call for
peanut butter and jam flavored movies.

Paul

David Brooks pretended :
> On 09/11/2021 05:31, Paul wrote:
>> On 11/8/2021 10:32 PM, Paul in Houston TX wrote:
>>> scbs29 wrote:
>>>> At present I am using Windows Security and seem to have a problem.
>>>> After a virus scan I am informed that I have viruses in 4 files.
>>>> Two of these files do not exist on my pc. The other two I delete
>>>> and empty the recycle bin. I then do another scan and the same
>>>> four files are reported. This has occurred for weeks now, every scan
>>>> reporting on these non-existent files.
>>>> Can anyone advise ?
>>>> TIA
>>>
>>> See what one or more online scanners say.
>>> Google: "online virus scanner"
>>
>> Do you want "online" or "offline" ?
>>
>> Examples of "offline" would be Kaspersky Rescue CD
>> or the Bitdefender CD. These tend to be Linux CDs
>> with a signature scanner onboard, that scan C: after
>> you boot from their CD.
>>
>> An example of an "online" tool, would have been
>> the old Malwarebytes MBAM, which you would execute
>> on a running Windows system, and it would "burrow in"
>> and look for behavioral stuff (malware hooking things).
>> Their "Chameleon" technology, would change the name
>> of the malwarebytes executable, in an attempt to
>> fool the malware. "Burrowing in" is hard. It's just
>> as hard as designing malware to burrow into a system.
>>
>> Malwarebytes today, their product emphasis is more of
>> a traditional "installable" AV product. And they have
>> a confusing array of trial, free, and paid, to enhance
>> your level of confusion.
>>
>> Which of those approaches did you have in mind ?
>>
>> I tried a product once, that launched from a web page
>> (making it "online"), with the intention I suppose,
>> that it would burrow in, but it was a hot mess and
>> based on the error messages it was throwing, there
>> wasn't a chance that it was going to be able to do
>> anything. So some of the online ones,
>> are really really bad. Embarrassingly bad.
>> At least the old Malwarebytes, was an earnest attempt.
>> Not a sham like some.
>>
>> And even though Malwarebytes does not agree with the
>> notion of seeding C: with a copy of EICAR test file,
>> I like to do that. I do that because of the products
>> out there that are so defective, their scan isn't
>> really scanning anything. When they don't find EICAR,
>> the jig is up. Busted. You have to be able to scan
>> well enough, to "find a text string" :-) Proof of effort.
>>
>> https://en.wikipedia.org/wiki/EICAR_test_file
>
> Hi Paul,
>
> As always, a straight-forward and informative answer. :-D

Here's another. Detection of the EICAR test file is an indication that
the product detects the EICAR test file. One should not read more into
it than that.

On Tue, 9 Nov 2021 at 07:18:44, FromTheRafters
<erratic@nomail.afraid.org> wrote (my responses usually follow points
raised):
>David Brooks pretended :
>> On 09/11/2021 05:31, Paul wrote:
[]
>>> anything. So some of the online ones,
>>> are really really bad. Embarrassingly bad.
>>> At least the old Malwarebytes, was an earnest attempt.
>>> Not a sham like some.
>>> And even though Malwarebytes does not agree with the
>>> notion of seeding C: with a copy of EICAR test file,
>>> I like to do that. I do that because of the products
>>> out there that are so defective, their scan isn't
>>> really scanning anything. When they don't find EICAR,
>>> the jig is up. Busted. You have to be able to scan
>>> well enough, to "find a text string" :-) Proof of effort.
>>> https://en.wikipedia.org/wiki/EICAR_test_file
>>
>> Hi Paul,
>>
>> As always, a straight-forward and informative answer. :-D
>
>Here's another. Detection of the EICAR test file is an indication that
>the product detects the EICAR test file. One should not read more into
>it than that.

Strictly, that is true. However, I'm with Paul - if something didn't
even detect EICAR, I'd not have much faith in its ability to detect much
else. AFAIK, that was more or less what EICAR was developed _for_.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Actors are fairly modest...A lot of us have quite a lot to be modest about. -
Simon Greenall (voice of Aleksandr the "Simples!" Meerkat), RT 11-17 Dec 2010

On 11/8/2021 10:31 PM, Paul wrote:
> On 11/8/2021 10:32 PM, Paul in Houston TX wrote:
>> scbs29 wrote:
>>> At present I am using Windows Security and seem to have a problem.
>>> After a virus scan I am informed that I have viruses in 4 files.
>>> Two of these files do not exist on my pc. The other two I delete
>>> and empty the recycle bin. I then do another scan and the same
>>> four files are reported. This has occurred for weeks now, every scan
>>> reporting on these non-existent files.
>>> Can anyone advise ?
>>> TIA
>>
>> See what one or more online scanners say.
>> Google: "online virus scanner"
>
> Do you want "online" or "offline" ?
>
> Examples of "offline" would be Kaspersky Rescue CD
> or the Bitdefender CD. These tend to be Linux CDs
> with a signature scanner onboard, that scan C: after
> you boot from their CD.
>
> An example of an "online" tool, would have been
> the old Malwarebytes MBAM, which you would execute
> on a running Windows system, and it would "burrow in"
> and look for behavioral stuff (malware hooking things).
> Their "Chameleon" technology, would change the name
> of the malwarebytes executable, in an attempt to
> fool the malware. "Burrowing in" is hard. It's just
> as hard as designing malware to burrow into a system.
>
> Malwarebytes today, their product emphasis is more of
> a traditional "installable" AV product. And they have
> a confusing array of trial, free, and paid, to enhance
> your level of confusion.
>
> Which of those approaches did you have in mind ?
>
> I tried a product once, that launched from a web page
> (making it "online"), with the intention I suppose,
> that it would burrow in, but it was a hot mess and
> based on the error messages it was throwing, there
> wasn't a chance that it was going to be able to do
> anything. So some of the online ones,
> are really really bad. Embarrassingly bad.
> At least the old Malwarebytes, was an earnest attempt.
> Not a sham like some.
>
> And even though Malwarebytes does not agree with the
> notion of seeding C: with a copy of EICAR test file,
> I like to do that. I do that because of the products
> out there that are so defective, their scan isn't
> really scanning anything. When they don't find EICAR,
> the jig is up. Busted. You have to be able to scan
> well enough, to "find a text string" :-) Proof of effort.
>
> https://en.wikipedia.org/wiki/EICAR_test_file

I used Malwarebytes for years on our computers but their software seemed
more and more at odds with my AV solutions. Then they proudly announced
that they WERE an AV too. So I ran an AV test with EICAR and some other
things; it failed every test. I contacted them and they essentially said
that they only detected on "behavior". The problem with that is some
virus and malware can do quite enough damage before exhibiting enough
foul behavior to differentiate from the M$ solitaire program.

I then ran into a non technical problem that bordered on the unethical:
I could not go to my "profile" at their web site and turn off auto
renewal and remove my credit card. It took over a dozen emails to get
them to do it for me. This was several years ago and my opinion of the
company (technical as well as in re business practices) went from
trustworthy to toilet.
--
Jeff Barnett

On Tue, 9 Nov 2021 09:02:50 -0700, Jeff Barnett <jbb@notatt.com>
wrote:

>I used Malwarebytes for years on our computers but their software seemed
>more and more at odds with my AV solutions. Then they proudly announced
>that they WERE an AV too. So I ran an AV test with EICAR and some other
>things; it failed every test. I contacted them and they essentially said
>that they only detected on "behavior". The problem with that is some
>virus and malware can do quite enough damage before exhibiting enough
>foul behavior to differentiate from the M$ solitaire program.
>
>I then ran into a non technical problem that bordered on the unethical:
>I could not go to my "profile" at their web site and turn off auto
>renewal and remove my credit card. It took over a dozen emails to get
>them to do it for me. This was several years ago and my opinion of the
>company (technical as well as in re business practices) went from
>trustworthy to toilet.

I find Malwarebytes Premium works perfectly for Virus protection and
any other type of malware so I have auto renewal switched on.

Steve

--
Neural Network Software http://www.npsnn.com
JustNN Just a neural network http://www.justnn.com
SwingNN Prediction software http://www.swingnn.com
EasyNN-plus More than a neural network. Free from steve@easynn.com

J. P. Gilliver (John) formulated the question :
> On Tue, 9 Nov 2021 at 07:18:44, FromTheRafters <erratic@nomail.afraid.org>
> wrote (my responses usually follow points raised):
>>David Brooks pretended :
>>> On 09/11/2021 05:31, Paul wrote:
> []
>>>> anything. So some of the online ones,
>>>> are really really bad. Embarrassingly bad.
>>>> At least the old Malwarebytes, was an earnest attempt.
>>>> Not a sham like some.
>>>> And even though Malwarebytes does not agree with the
>>>> notion of seeding C: with a copy of EICAR test file,
>>>> I like to do that. I do that because of the products
>>>> out there that are so defective, their scan isn't
>>>> really scanning anything. When they don't find EICAR,
>>>> the jig is up. Busted. You have to be able to scan
>>>> well enough, to "find a text string" :-) Proof of effort.
>>>> https://en.wikipedia.org/wiki/EICAR_test_file
>>>
>>> Hi Paul,
>>>
>>> As always, a straight-forward and informative answer. :-D
>>
>>Here's another. Detection of the EICAR test file is an indication that the
>> product detects the EICAR test file. One should not read more into it than
>> that.
>
> Strictly, that is true. However, I'm with Paul - if something didn't even
> detect EICAR, I'd not have much faith in its ability to detect much else.
> AFAIK, that was more or less what EICAR was developed _for_.

IIRC it was developed so that people didn't have to have actual
malicious files on their system in order to see how the alert interface
worked. Even fake scanners can be made to find EICAR. A good heuristic
scanner (if there is such a thing) could easily miss such a
non-malicious executable and might just include a special signature
based module for detecting it, just to show the alert interface without
exposing the user's computer to actual malware.

That being said, your idea is sound anyway because salting the
directory structure with 'detectables' shows that the scanner is not
skipping those directories or not decompressing archives within them
with its signature based decompressor/scanner.

On Tue, 9 Nov 2021 10:05:36 +0000, David Brooks <DavidB@invalid.E-S>
wrote:

>You mention the Kaspersky Rescue CD and the Bitdefender CD.
>
>Do these items work successfully on Apple hardware?

You've already asked that very question.
"Forgot"?
Drink less.
And check the newsgroups you are cross-posting to before you
hit "send".

------------------------------------
BD: I want people to "get to know me better. I have nothing to
hide".
I'm always here to help, this page was put up at BD's request,
rather, he said "Do it *NOW*!":

<https://tekrider.net/pages/david-brooks-stalker.php>

98 confirmed #FAKE_NYMS, most used in cybercrimes!
Google "David Brooks Devon".
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Google Fuchsia - 2021

On Tue, 09 Nov 2021 07:18:44 -0500, FromTheRafters
<erratic@nomail.afraid.org> wrote:

>David Brooks pretended :
>>
>> Hi <redacted>,
>>
>> As always, a straight-forward and informative answer. :-D

Translation: "I didn't bother to read it".
>
>Here's another. Detection of the EICAR test file is an indication that
>the product detects the EICAR test file. One should not read more into
>it than that.

It's a safeguard. I remember a trojan that would replace the
Avast AV(even the tray icon), and under the guise of "updating" would
send your private data to a server in the Far East. (Opaserve?).
Long time ago. Can't remember the details, except that when
you created a file using the EICAR string and saved it as an .exe no
alarm bells would ring. All AV's should have some sort of self-check.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Google Fuchsia - 2021

On 11/9/2021 9:15 AM, Stephen Wolstenholme wrote:
> On Tue, 9 Nov 2021 09:02:50 -0700, Jeff Barnett <jbb@notatt.com>
> wrote:
>
>> I used Malwarebytes for years on our computers but their software seemed
>> more and more at odds with my AV solutions. Then they proudly announced
>> that they WERE an AV too. So I ran an AV test with EICAR and some other
>> things; it failed every test. I contacted them and they essentially said
>> that they only detected on "behavior". The problem with that is some
>> virus and malware can do quite enough damage before exhibiting enough
>> foul behavior to differentiate from the M$ solitaire program.
>>
>> I then ran into a non technical problem that bordered on the unethical:
>> I could not go to my "profile" at their web site and turn off auto
>> renewal and remove my credit card. It took over a dozen emails to get
>> them to do it for me. This was several years ago and my opinion of the
>> company (technical as well as in re business practices) went from
>> trustworthy to toilet.
>
> I find Malwarebytes Premium works perfectly for Virus protection and
> any other type of malware so I have auto renewal switched on.

It seems our experiences and impressions were/are different. If your
happy with their product then you should use it. I simply lost trust in
them when they put so many hoops to jump through to remove my credit
card. I was about to call the CC fraud line after about the tenth
interaction when my opinion went from "they are confused" to "they are
not to be trusted".
--
Jeff Barnett

Jeff Barnett <jbb@notatt.com> wrote:

> I used Malwarebytes for years on our computers but their software seemed
> more and more at odds with my AV solutions. Then they proudly announced
> that they WERE an AV too. So I ran an AV test with EICAR and some other
> things; it failed every test. I contacted them and they essentially said
> that they only detected on "behavior". The problem with that is some
> virus and malware can do quite enough damage before exhibiting enough
> foul behavior to differentiate from the M$ solitaire program.

And why MBAM is often used as a secondary-opinion manual scanner. You
install it, but you configure it to NOT run in the background; i.e., you
disable its on-access scanning. You manually run it to do an on-demand
scan to give a 2nd opinion regarding infection state. However, since it
affords no additional coverage than other top-rated anti-malware
programs, the manual scan is superfluous

Noting their product is heuristic-based is how MBAM manages to stay out
of AV comparisons; else, MBAM would look a very poor contender. Instead
of peering at the crowd of patrons in a bar to glean out the known bad
patrons, they wait until some patrons behave badly.

> I then ran into a non technical problem that bordered on the unethical:
> I could not go to my "profile" at their web site and turn off auto
> renewal and remove my credit card. It took over a dozen emails to get
> them to do it for me. This was several years ago and my opinion of the
> company (technical as well as in re business practices) went from
> trustworthy to toilet.

A lot of companies, online or offline, establish an auto-renewing
account, and it can take a lot of effort not only to cease that behavior
(often by having to kill the account), but also to get a refund on the
charge you never authorized. I use Paypal for a lot of purchases, and
they've been responsive with their Buyer Protection to resolve the
issue. In fact, many times they've issued a refund rather than expend
the effort to pursue the issue. Another trick is to use a credit card
that lets you create temporary card numbers. The card numbers are
associated to your real account, but you can specify the maximum amount
that can be charged, and when the expire (2 months minimum to cover a
billing cycle to make sure you to see the charge, and another to resolve
a case). These are called virtual credit card services. Whether from
one issuer, or several using the same virtual card, they cannot charge
more than you specified for a limit. You set the expiration, so
afterward no one can issue another charge against that virtual card.
That blocks those renewing or automatic charges. Once the virtual card
has been used for its intended purpose, you don't have to wait for
expiration, but instead can kill the virtual card at any time.

I used to have an MBNA credit card that offered their ShopSafe service.
Because they were so difficult to work with regarding rescinding of
bogus or unauthorized charges, their ShopSafe was a requirement to use
their credit service. MBNA later got swallowed up by Bank America who
later dropped the ShopSafe service.

You cannot hand a virtual credit card to anyone. You generate them
online to dole out to whomever. So, they're mostly for online
transactions. You could use them over the phone: put the other party on
hold while you "find your wallet", go online to create the virtual card,
and give the other party the virtual card number and its CVV code.
While possible, I never did that. I only used virtual card numbers for
online transactions, and I used a unique one for each other party to
both isolate the transactions, and let me track if anyone ever gave or
lost my virtual card to someone else.

Once expired, you cannot recreate the same virtual card number. This
causes a problem for returns, because that card number no longer exists
after the expiration of the virtual card. Usually you can find what is
the return period for a purchase before making it by checking the site's
return policies. If you're granted a 90-day return period, set the
expiration of the virtual card to 120 or 150 days: the 90-day period,
time for the product to ship to you, and time to do the return and
possibly have to argue about it. You don't have to leave the virtual
card enabled the full amount you allocate for returns. Once you're
satisfied with the product, kill the virtual card. Obviously you want
the expiration to exceed whatever is expected for delivery time. A
merchant may not shop the product, you notify them, they argue,
especially if they rely on shipping info as proof they shipped despite
you never received, but they've already made their charge. You have to
leave the virtual card alive to dispute the case.

It was a slow start over a decade for card issuers to offer ShopSafe, or
a similar virtual card service. It was slow to get adopted. Later many
banks or card issuers starting dropping their virtual card service.
Last I looked (many months ago), Capital One's Eno (requiring a web
browser extension) and Citi were the last offering virtual cards. The
following article says there are other issuers offering virtual cards,
but I didn't bother verifying their list although I noticed some are
only for business accounts:

https://wallethub.com/edu/cc/virtual-credit-card/65981

I have read about some virtual card services that operate only for that
service, but they have a monthly charge, like $5/month. They aren't a
credit issuer, but are providing a masking service to your credit
issuer.

I don't have virtual cards with PayPal, but they've been responsive
(often more than I expected by rescinding the charge, refunding me, and
didn't put up much of a fight). Plus, I get an immediate notice when
any charge was applied against my account. Lots of banks and cards
offer this notification; however, they're not all equal for when they
notify. PayPal notifies with a couple minutes (usually in a minute but
depends on when the merchant gets around to issuing the charge after the
point of sale). My bank does, too, except they issue a notice for both
the pre-authorized charge and then again when it is cleared as
authorized, so I get a lot of duplicate notices. My bank is a bit more
aggressive in monitoring charges. If I hit multiple stores within a few
hours on the same day, I get a protection alert from my bank (well, from
the protection service my bank uses). I often combine multiple
destinations in a single shopping "trip": hit a couple grocery stores
for their sales, a discount foods store, one or two hardware stores,
maybe an electronics store, and fill up with gas.

Virtual cards are dying out. Well, a lot less issuers have the service
than many years earlier. Credit companies expect some loss. They also
are not oriented to protecting their customers. Reducing their support
costs with less interaction with their customers is them helping
themselves, not helping you. How long did it take before they added
chips to credit cards? Was that for your protection? Nope. It was to
limit bogus or unauthorized charges to eliminate having to deal with
their customers hit by those charges. They're a business to make money,
not your parents to coddle you from the big bad world.

Virtual cards are handy for some protection, because you can specify a
spending limit on each one along with specify the expiration date, and
can even kill them before a charge, or after a charge, to ensure the
virtual card cannot be used again. They do NOT protect you from charges
made to the card. You're still responsible for any charges made against
a virtual card, so you have to go through the dispute process for a
bogus or unauthorized charge. They are certainly very useful to thwart
auto-renewing charges. Even if you agree to auto-renewing charges, like
for subscriptions, you are still allowed to cancel a service, but they
may charge you the next time, and you have to argue with them to refund
their charge. Easier to have the virtual card expire, or kill it, to
prevent the auto-renew charge when you intend to close an account.

I've also sent letters to each of my credit card services which state
that they must agree that any unsigned charges are not my
responsibility. This eliminates the "first $50" of any charge being my
responsibility. Many credit accounts are defined with that condition,
but you have to go through their process to refute a charge over that
amount. I don't do this with every credit card, but only for those that
I will never use online. If my signature is missing for the
transaction, I'm not responsible for the charge, even the first $50 of
it. Some will agree, some won't. The letter states that if they do not
agree that I will close the account, and I've done it upon their
disapproval. Of those that agree, they often state that the letter will
remain on file for 3 years afterwhich I have to rewrite the letter and
they must re-agree. Think about it: if you are liable for the first
$50, and for EACH charge, multiple charges could quickly add up to
hundreds of dollars that I'm responsible to pay. I don't get this
agreement for cards that I use online, because obviously there's no way
to put my signature on the transaction.

On 11/9/2021 9:15 AM, Stephen Wolstenholme wrote:

> I find Malwarebytes Premium works perfectly for Virus protection and
> any other type of malware so I have auto renewal switched on.

I'm glad you're satisfied with what you use, but it is very important to
realize that none of them, not even the best of them, can ever be
perfect. That’s for the following reasons:

1. Every anti-virus program updates its virus definitions often, but
some more often than others. But if a new virus hits the streets today,
it takes the anti-virus company time to recognize that it’s out there;
to figure out how to protect against it, to include that virus in its
latest virus definitions and to get those new definitions out to you.
For the sake of argument, let’s say it always does all that in 24 hours
(in practice, it’s usually more than that). That means that you are
exposed to and unprotected against any new virus for the first 24 hours
of its life.

2. All anti-virus companies do not simultaneously find out about every
new virus at the same time, nor is their speed at reacting to the new
ones the same. So they all catch a high percentage of the viruses out
there, but it’s never 100%. The percentage is different for different
companies, and varies from day to day. And regardless of what the
percentage is, the infections that they don’t catch never represents
exactly the same ones. So for the sake of argument, let’s say that they
all catch 99% of what’s out there (please recognize that 99% is an
arbitrary number, for the sake of argument; I am not trying to say that
that’s the case). The 1% that each anti-virus doesn’t catch is *not* the
same 1% for all of them. So anti-virus program A may not catch viruses
W, X, Y, and Z, but program B may not catch viruses U, V, X, and Z, and
so on. They overlap to some extent, but are never exactly the same list
and never can be the same list.

3. Even if you just got the latest update to its anti-virus definitions
from your program, and it was 100% perfect (again, that is never the
case; this is just a “for instance”), it would almost immediately become
less than perfect as new viruses hit the street.

So recognizing that software to protect you can never be perfect, you
should also recognize that relying on software for protection is
inadequate. You should continue to use the better security software, but
you also need to practice safe hex. That means avoiding opening e-mail
attachments; avoiding software piracy, avoiding dangerous web sites, and
avoiding web sites with URLs sent by some friend or relative to everyone
in his address book, and so on.

--
Ken

On 11/9/2021 10:21 AM, VanguardLH wrote:
> Jeff Barnett <jbb@notatt.com> wrote:
>
>> I used Malwarebytes for years on our computers but their software seemed
>> more and more at odds with my AV solutions. Then they proudly announced
>> that they WERE an AV too. So I ran an AV test with EICAR and some other
>> things; it failed every test. I contacted them and they essentially said
>> that they only detected on "behavior". The problem with that is some
>> virus and malware can do quite enough damage before exhibiting enough
>> foul behavior to differentiate from the M$ solitaire program.
>
> And why MBAM is often used as a secondary-opinion manual scanner. You
> install it, but you configure it to NOT run in the background; i.e., you
> disable its on-access scanning. You manually run it to do an on-demand
> scan to give a 2nd opinion regarding infection state. However, since it
> affords no additional coverage than other top-rated anti-malware
> programs, the manual scan is superfluous

It's interesting that you think manual execution, i.e., a one shot can
do anything useful; the problem is that MB eschews signatures (a static
property) and tries to examine behavior. You must be resident and active
when the behavior turns ugly. If MB is to be used at all, it must be on
all the time. As I said, my choice was to get rid of it.

> Noting their product is heuristic-based is how MBAM manages to stay out
> of AV comparisons; else, MBAM would look a very poor contender. Instead
> of peering at the crowd of patrons in a bar to glean out the known bad
> patrons, they wait until some patrons behave badly.

Strangely enough some AV rater or another included MB in their list of
possible candidates and rated them quite highly. And that is how I
discovered that MB now thought it was an AV solution; and that's what
set me off to test it. It's possible the test site was bogus, most of
then are, but it awakened me to why some issues I had with MB might have
started. At that point I followed the sage advice "Thou shalt not run
two AV solutions simultaneously."

>> I then ran into a non technical problem that bordered on the unethical:
>> I could not go to my "profile" at their web site and turn off auto
>> renewal and remove my credit card. It took over a dozen emails to get
>> them to do it for me. This was several years ago and my opinion of the
>> company (technical as well as in re business practices) went from
>> trustworthy to toilet.
>
> A lot of companies, online or offline, establish an auto-renewing
> account, and it can take a lot of effort not only to cease that behavior
> (often by having to kill the account), but also to get a refund on the
> charge you never authorized. I use Paypal for a lot of purchases, and
> they've been responsive with their Buyer Protection to resolve the
> issue. In fact, many times they've issued a refund rather than expend
> the effort to pursue the issue. Another trick is to use a credit card
> that lets you create temporary card numbers. The card numbers are
> associated to your real account, but you can specify the maximum amount
> that can be charged, and when the expire (2 months minimum to cover a
> billing cycle to make sure you to see the charge, and another to resolve
> a case). These are called virtual credit card services. Whether from
> one issuer, or several using the same virtual card, they cannot charge
> more than you specified for a limit. You set the expiration, so
> afterward no one can issue another charge against that virtual card.
> That blocks those renewing or automatic charges. Once the virtual card
> has been used for its intended purpose, you don't have to wait for
> expiration, but instead can kill the virtual card at any time.

I have been curious about these one off virtual cards since a friend
recommended them many years ago. The scenario that I had in mind arises
since many (if not most?) places given your card will run a charge of
one cent (then back it out) to see if the card is valid. Well you can
see how this might work with a one use card.

> I used to have an MBNA credit card that offered their ShopSafe service.
> Because they were so difficult to work with regarding rescinding of
> bogus or unauthorized charges, their ShopSafe was a requirement to use
> their credit service. MBNA later got swallowed up by Bank America who
> later dropped the ShopSafe service.
>
> You cannot hand a virtual credit card to anyone. You generate them
> online to dole out to whomever. So, they're mostly for online
> transactions. You could use them over the phone: put the other party on
> hold while you "find your wallet", go online to create the virtual card,
> and give the other party the virtual card number and its CVV code.
> While possible, I never did that. I only used virtual card numbers for
> online transactions, and I used a unique one for each other party to
> both isolate the transactions, and let me track if anyone ever gave or
> lost my virtual card to someone else.
>
> Once expired, you cannot recreate the same virtual card number. This
> causes a problem for returns, because that card number no longer exists
> after the expiration of the virtual card. Usually you can find what is
> the return period for a purchase before making it by checking the site's
> return policies. If you're granted a 90-day return period, set the
> expiration of the virtual card to 120 or 150 days: the 90-day period,
> time for the product to ship to you, and time to do the return and
> possibly have to argue about it. You don't have to leave the virtual
> card enabled the full amount you allocate for returns. Once you're
> satisfied with the product, kill the virtual card. Obviously you want
> the expiration to exceed whatever is expected for delivery time. A
> merchant may not shop the product, you notify them, they argue,
> especially if they rely on shipping info as proof they shipped despite
> you never received, but they've already made their charge. You have to
> leave the virtual card alive to dispute the case.
>
> It was a slow start over a decade for card issuers to offer ShopSafe, or
> a similar virtual card service. It was slow to get adopted. Later many
> banks or card issuers starting dropping their virtual card service.
> Last I looked (many months ago), Capital One's Eno (requiring a web
> browser extension) and Citi were the last offering virtual cards. The
> following article says there are other issuers offering virtual cards,
> but I didn't bother verifying their list although I noticed some are
> only for business accounts:
>
> https://wallethub.com/edu/cc/virtual-credit-card/65981
>
> I have read about some virtual card services that operate only for that
> service, but they have a monthly charge, like $5/month. They aren't a
> credit issuer, but are providing a masking service to your credit
> issuer.
>
> I don't have virtual cards with PayPal, but they've been responsive
> (often more than I expected by rescinding the charge, refunding me, and
> didn't put up much of a fight). Plus, I get an immediate notice when
> any charge was applied against my account. Lots of banks and cards
> offer this notification; however, they're not all equal for when they
> notify. PayPal notifies with a couple minutes (usually in a minute but
> depends on when the merchant gets around to issuing the charge after the
> point of sale). My bank does, too, except they issue a notice for both
> the pre-authorized charge and then again when it is cleared as
> authorized, so I get a lot of duplicate notices. My bank is a bit more
> aggressive in monitoring charges. If I hit multiple stores within a few
> hours on the same day, I get a protection alert from my bank (well, from
> the protection service my bank uses). I often combine multiple
> destinations in a single shopping "trip": hit a couple grocery stores
> for their sales, a discount foods store, one or two hardware stores,
> maybe an electronics store, and fill up with gas.
>
> Virtual cards are dying out. Well, a lot less issuers have the service
> than many years earlier. Credit companies expect some loss. They also
> are not oriented to protecting their customers. Reducing their support
> costs with less interaction with their customers is them helping
> themselves, not helping you. How long did it take before they added
> chips to credit cards? Was that for your protection? Nope. It was to
> limit bogus or unauthorized charges to eliminate having to deal with
> their customers hit by those charges. They're a business to make money,
> not your parents to coddle you from the big bad world.
>
> Virtual cards are handy for some protection, because you can specify a
> spending limit on each one along with specify the expiration date, and
> can even kill them before a charge, or after a charge, to ensure the
> virtual card cannot be used again. They do NOT protect you from charges
> made to the card. You're still responsible for any charges made against
> a virtual card, so you have to go through the dispute process for a
> bogus or unauthorized charge. They are certainly very useful to thwart
> auto-renewing charges. Even if you agree to auto-renewing charges, like
> for subscriptions, you are still allowed to cancel a service, but they
> may charge you the next time, and you have to argue with them to refund
> their charge. Easier to have the virtual card expire, or kill it, to
> prevent the auto-renew charge when you intend to close an account.
>
> I've also sent letters to each of my credit card services which state
> that they must agree that any unsigned charges are not my
> responsibility. This eliminates the "first $50" of any charge being my
> responsibility. Many credit accounts are defined with that condition,
> but you have to go through their process to refute a charge over that
> amount. I don't do this with every credit card, but only for those that
> I will never use online. If my signature is missing for the
> transaction, I'm not responsible for the charge, even the first $50 of
> it. Some will agree, some won't. The letter states that if they do not
> agree that I will close the account, and I've done it upon their
> disapproval. Of those that agree, they often state that the letter will
> remain on file for 3 years afterwhich I have to rewrite the letter and
> they must re-agree. Think about it: if you are liable for the first
> $50, and for EACH charge, multiple charges could quickly add up to
> hundreds of dollars that I'm responsible to pay. I don't get this
> agreement for cards that I use online, because obviously there's no way
> to put my signature on the transaction.
>
> As for MBAM doing an auto-renew of a subscription, I never ran into
> that, because I never bought anything from them. For an on-demand
> second-opinion scanner, MBAM has no value for anything beyond their free
> version. You don't run on-access (real-time) scanners to use for
> on-demand scanning. Any features beyond the on-demand scanner are not
> only superfluous but also useless when using an AV program for a
> second-opinion. Unless the second-opinion on-demand scanner (signatures
> only, no heuristics) is far superior in malware detection, there is no
> reason to run a coarse sieve after already using a fine sieve. Of
> course, why are you using anything as a second-opinion scanner that is
> superior to whatever you use as your on-access (real-time) scanner?
> Possibly the second-opinion on-demand-only scanner might have some pest
> detection that covers a few pests the other scanner doesn't, but it's
> unlikely, and you're mostly wasting your time unless you had cause to
> suspect an infection your primary scanner missed.
>

Paul wrote:
> On 11/8/2021 10:32 PM, Paul in Houston TX wrote:
>> scbs29 wrote:
>>> At present I am using Windows Security and seem to have a problem.
>>> After a virus scan I am informed that I have viruses in 4 files.
>>> Two of these files do not exist on my pc. The other two I delete
>>> and empty the recycle bin. I then do another scan and the same
>>> four files are reported. This has occurred for weeks now, every scan
>>> reporting on these non-existent files.
>>> Can anyone advise ?
>>> TIA
>>
>> See what one or more online scanners say.
>> Google: "online virus scanner"
>
> Do you want "online" or "offline" ?
>
> Examples of "offline" would be Kaspersky Rescue CD
> or the Bitdefender CD. These tend to be Linux CDs
> with a signature scanner onboard, that scan C: after
> you boot from their CD.
>
> An example of an "online" tool, would have been
> the old Malwarebytes MBAM, which you would execute
> on a running Windows system, and it would "burrow in"
> and look for behavioral stuff (malware hooking things).
> Their "Chameleon" technology, would change the name
> of the malwarebytes executable, in an attempt to
> fool the malware. "Burrowing in" is hard. It's just
> as hard as designing malware to burrow into a system.
>
> Malwarebytes today, their product emphasis is more of
> a traditional "installable" AV product. And they have
> a confusing array of trial, free, and paid, to enhance
> your level of confusion.
>
> Which of those approaches did you have in mind ?
>
> I tried a product once, that launched from a web page
> (making it "online"), with the intention I suppose,
> that it would burrow in, but it was a hot mess and
> based on the error messages it was throwing, there
> wasn't a chance that it was going to be able to do
> anything. So some of the online ones,
> are really really bad. Embarrassingly bad.
> At least the old Malwarebytes, was an earnest attempt.
> Not a sham like some.
>
> And even though Malwarebytes does not agree with the
> notion of seeding C: with a copy of EICAR test file,
> I like to do that. I do that because of the products
> out there that are so defective, their scan isn't
> really scanning anything. When they don't find EICAR,
> the jig is up. Busted. You have to be able to scan
> well enough, to "find a text string" :-) Proof of effort.
>
> https://en.wikipedia.org/wiki/EICAR_test_file
>
>    Paul
Depending on how badly I think my comp(s) is running I use either or
both online online and offline. If the comp is acting strange but I
need to keep using it I use online web based, Avira or Trend Micro.
If I don't need to use the comp then I use Kaspersky Linux boot disk and
cleaner. I don't much like Malwarebytes any more... always trying to
sell something annoying.
However, I have not found any viruses since 1991 and I don't use any
live scanners blocker shields. When my machines act up it's always due
to something that I changed that eventually went wrong.
I do have Eicar on my machines to use as a qualifier.
And other interesting but mostly benign things :)

Jeff Barnett <jbb@notatt.com> wrote:

> VanguardLH wrote:
>
>> Jeff Barnett <jbb@notatt.com> wrote:
>>
>>> I used Malwarebytes for years ...
>>
>> And why MBAM is often used as a secondary-opinion manual scanner.
>> You install it, but you configure it to NOT run in the background;
>> i.e., you disable its on-access scanning. You manually run it to do
>> an on-demand scan to give a 2nd opinion regarding infection state.
>> However, since it affords no additional coverage than other
>> top-rated anti-malware programs, the manual scan is superfluous
>
> It's interesting that you think manual execution, i.e., a one shot can
> do anything useful ...

Not sure how you missed the last sentence in my above paragraph. Unlike
you who used MBAM for years, it only took me a short trial (probably
under a month) for me to realize using MBAM as a secondary on-demand
scanner was, as I said, superfluous. I saw nothing to lure me to using
MBAM (freeware) nor MalwareBytes Premium (payware)..

> The scenario that I had in mind arises since many (if not most?)
> places given your card will run a charge of one cent (then back it
> out) to see if the card is valid. Well you can see how this might
> work with a one use card.

Virtual credit cards are NOT one use. They remain active until the
expiration date you specify, or until you delete/kill them. In case the
limit is getting low after some charge(s) you okay, you can even up the
limit to continue using the virtual card.

If you use a virtual card trying to restrict just one merchant to using
it, you wait until their charge is satisfied, they say they shipped or
wait until delivery, check to the product, and if okay then kill the
virtual card so they nor anyone else can use that virtual card. If,
after inspecting the product, or testing it during their refund period,
you decide to do a refund or return, that virtual card had better still
be accessible for the merchant to apply a refund to it, or reverse the
charge to remove it from that virtual card. Virtual cards reduce
exposure, they add features you don't get with a real credit card, but
you have to manage them as a temporary credit card. They reduce your
exposure, not eliminate it.

The 1-cent, 14-cent, or whater initial charge to test the credit number
was valid (the amount can change, and in fact some places will make the
initial charge and then have you verify the amount) usually gets
rescinded (reverse the charge) making the next charge the amount you
authorized instead of deducting the initial charge from the authorized
amount. You will see the initial charge show up, and later it
disappeares, like it never happened. Back when I saw these test
charges, there might've been more than one, like they issued two tiny
charges with each different, like 7 cents and 18 cents. That happened
when they wanted you to check for those amounts in your credit account:
they told you the test amounts they would charge, and you would know
those charges were from them. It was like having a 2-number code for
you to know it was them.

Many places, especially with debit cards, don't bother with testing a
credit card number. They issue a pre-authorization charge for the full
amount. If they get refuse, that's the same as their test charge.
Easier to track one transaction rather than two. With debit cards that
are backed by bank accounts instead of a credit line, there can be a
delay between when the merchant issues the charge to when the bank gets
around to authorizing it, like 3 to 5 days. Until the pre-authorized
charge gets okayed by the bank, the merchant is in limbo: they won't
deliver until the pre-authorization changes to authorized. That's okay
for something that gets delivered where delivery doesn't start until the
charge gets around to authorized state. Some merchants can't do to that
for debit cards, like restaurants that already served you their food.

Thank you for all of the replies.
Unfortunately, though, I do not think they address my question.
Why does Windows Security report malware in files that do not exist ?

On Mon, 08 Nov 2021 15:08:09 +0000, scbs29 <scbs29@fred.talktalk.net> wrote:

>At present I am using Windows Security and seem to have a problem.
>After a virus scan I am informed that I have viruses in 4 files.
>Two of these files do not exist on my pc. The other two I delete
>and empty the recycle bin. I then do another scan and the same
>four files are reported. This has occurred for weeks now, every scan
>reporting on these non-existent files.
>Can anyone advise ?
>TIA

--
remove fred before emailing

On Wed, 10 Nov 2021 at 14:13:08, scbs29 <scbs29@fred.talktalk.net> wrote
(my responses usually follow points raised):
>Thank you for all of the replies.
>Unfortunately, though, I do not think they address my question.
>Why does Windows Security report malware in files that do not exist ?
>
>On Mon, 08 Nov 2021 15:08:09 +0000, scbs29 <scbs29@fred.talktalk.net> wrote:
>
>>At present I am using Windows Security and seem to have a problem.
>>After a virus scan I am informed that I have viruses in 4 files.
>>Two of these files do not exist on my pc. The other two I delete
>>and empty the recycle bin. I then do another scan and the same
>>four files are reported. This has occurred for weeks now, every scan
>>reporting on these non-existent files.
>>Can anyone advise ?
>>TIA
>
At a guess, and assuming you _have_ turned on show hidden files (or
turned off hide hidden files, I forget which it is), the files did exist
when it made the report.

Or, worse, they really are malware, sophisticated enough that they are
present but not visible using whatever you're using. (Explorer maybe?
Dir in a command prompt, and dir /ah?)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"That was a great speech. Every thinking American will vote for you."
"That's not enough. I need a majority." - Mo Udall

On Wed, 10 Nov 2021 14:13:08 +0000, scbs29 <scbs29@fred.talktalk.net>
wrote:

>Thank you for all of the replies.
>Unfortunately, though, I do not think they address my question.
>Why does Windows Security report malware in files that do not exist ?

Perhaps they are hidden. See Folder Options > View

Steve
--
Neural Network Software http://www.npsnn.com
JustNN Just a neural network http://www.justnn.com
SwingNN Prediction software http://www.swingnn.com
EasyNN-plus More than a neural network. Free from steve@easynn.com

On 11/10/2021 9:13 AM, scbs29 wrote:
> Thank you for all of the replies.
> Unfortunately, though, I do not think they address my question.
> Why does Windows Security report malware in files that do not exist ?
>

How do you know the files don't exist ?

You haven't done the work.

*******

You cannot expect forensic techniques to work,
while a Rootkit is active on a system.

If you think you have a rootkit, try Rootkit Revealer.
It's old tech and isn't likely to work against a
real Rootkit. But it remains an example.

There was also MBAR.

https://www.malwarebytes.com/antirootkit

If a run of one of those is clear, use nfi.exe
and really prove the files are not there. nfi.exe
reads the $MFT directly. And does not tend to augment
the file view, by directory traversal. At one time,
everything.exe would have worked, but since modern
versions use directory traversal, everything.exe
cannot be used for forensic work any more.

nfi.exe, on the other hand, has not been ruined.

Paul