Monday, November 6, 2017

Phishing Email - RE : [ Summary New Reports ] Statement-News message Info-payment [Alert]

For the record, here's a recent Phishing Email from "Apple Inc." with Subject 
RE : [ Summary New Reports ] Statement-News message Info-payment [Alert]  that was received on Friday, Nov 3, 2017
What to do?

 Well looks it like SPAM is being deal with more effectively. As of writing of this post Nov 06, 2017 the offending website has been taken down, in just 4 days

http://ow.ly/tKTm30glrvN did point to and very convincing Apple look alike site at 
https://www.review-info-payment1.com/upgrade.info

When I first checked on Friday, it was still up - see screen shot below. 

 Here's the view of the email in Outlook.com 

The mail client with body of email reading; Please update your Apple ID Now

































Here's what http://ow.ly/tKTm30glrvN points to and very convincing Apple look alike site at 
https://www.review-info-payment1.com/upgrade.info

















How to tell this is a Phishing email ?

  1. Check email "Apple Inc" <Dear-Admin.History.Account-Transfer-appleid2018@Update-Sumary-Account098-costumer039.legendsok.u122pdateyouinforeminadersugmarrylijmitedaccesyouraccoutservicepaksupriadi4536367webapps.account.live.mail.com> it not from apple.com but live.com email.
  2. Bad spelling 
  3. Convert the email view from HTML to text, check for bad URLs.
  4. Hover over all links in email, if it's not from the same as the text then forget it.
  5. The best way is to look at message source, see below.

How to examine Email Message Source ?


Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
And look for phony links.


Report Phishing Email (not as Spam)


  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 


Report phishing at Microsoft and government agencies


  1. https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx
Posted by metadataconsulting (profile) at 12:00 PM 0 comments

Thursday, November 2, 2017

Frequency counts of system file extensions for Windows 7 machine

Powershell script to enumerate all system extensions from c:\windows

 
#get system file type counts
$sysdir= "C:\Windows"
$cntsfile= $env:USERPROFILE+"\Win7SystemFileExtsCnt.txt"

try{
Get-Childitem $sysdir -Recurse  -ErrorAction Ignore |
     WHERE { -NOT $_.PSIsContainer } | 
        Group Extension -NoElement | 
            Sort Count -Desc | Out-File $cntsfile
} catch {}

#get computers age as of last update
$OS = Get-WmiObject -Class Win32_OperatingSystem 
$InstalledDate = $OS.ConvertToDateTime($OS.InstallDate) 
$Span = [datetime]::Now - $InstalledDate
$age = New-Object DateTime -ArgumentList $Span.Ticks
Write "Computer's age is:  $($age.Year -1) Years $($age.Month -1) Months $($age.Day) days old" | Add-Content $cntsfile

Results of system extensions frequency counts (I added % after)

 
Ext Counts  %
=== ====== ======
.dll 30800 25.54%
.cat 19125 15.86% //(.cat) is packaged of an arbitrary collection of files
.mui 10994 9.12%  //Multilingual User Interface application resource files
.mum 8987 7.45%   //Windows update file 
.cdf-ms 6956 5.77%  //A CDF-MS file contains the compiled version of a .MANIFEST file
.exe 4316 3.58% 
.inf 3262 2.71%  //Setup Information file is a plain-text file
.ttf 3043 2.52%  
.GPD 2758 2.29% //GPD files are used for creating Unidrv minidrivers
.sys 1882 1.56%  
     1705 1.41%
.PNF 1340 1.11% //system-maintained configuration file that is created when an .INF file is run.
.xml 1268 1.05%
.man 1265 1.05% //short name for .manifest file
.aux 1262 1.05%
.mof 1224 1.02%
.png 1120 0.93%
.ini 1102 0.91%
.PPD 814 0.68%
.wav 793 0.66%
.tmp 693 0.57%
.nls 567 0.47%
.fon 560 0.46%
.txt 543 0.45%
.chm 474 0.39%
.ptxml 455 0.38%
.dmp 413 0.34%
.ps1 387 0.32%
.admx 378 0.31%
.adml 373 0.31%
.log 371 0.31%
.dat 363 0.30%
.xrm-ms 360 0.30%
.config 338 0.28%
.H1S 320 0.27%
.cur 312 0.26%
.nlp 311 0.26%
.tlb 309 0.26%
.otf 307 0.25%
.xsd 307 0.25%
.compiled 292 0.24%
.resx 270 0.22%
.rtf 267 0.22%
.cs 260 0.22%
.jpg 252 0.21%
.mfl 243 0.20%
.icc 200 0.17%
.msc 181 0.15%
.EXP 172 0.14%
.rat 168 0.14%
.bin 165 0.14%
.cpl 165 0.14%
.efi 164 0.14%
.gif 164 0.14%
.sql 162 0.13%
.ax 157 0.13%
.h 147 0.12%
.aspx 144 0.12%
.DXT 130 0.11%
.browser 124 0.10%
.icm 120 0.10%
.pf 116 0.10%
.OCX 115 0.10%
.psd1 113 0.09%
.rs 108 0.09%
.ps1xml 103 0.09%
.bmp 102 0.08%
.GDL 95 0.08%
.tbl 94 0.08%
.x32 94 0.08%
.pdb 92 0.08%
.htm 90 0.07%
.sdb 86 0.07%
.ico 82 0.07%
.ins 78 0.06%
.jtp 77 0.06%
.cab 76 0.06%
.emf 70 0.06%
.IMD 69 0.06%
.targets 69 0.06%
.mib 68 0.06%
.wmv 67 0.06%
.bcm 64 0.05%
.uce 64 0.05%
.xsl 64 0.05%
.iec 62 0.05%
.cfg 59 0.05%
.ime 58 0.05%
.JS 50 0.04%
.propdesc 49 0.04%
.vbs 47 0.04%
.ascx 44 0.04%
.default 44 0.04%
.rsp 42 0.03%
.vdf 42 0.03%
.web 42 0.03%
.CMB 40 0.03%
.html 40 0.03%
.ttc 38 0.03%
.css 37 0.03%
.stl 35 0.03%
.rom 34 0.03%
.cmdline 32 0.03%
.diagpkg 32 0.03%
.err 32 0.03%
.out 32 0.03%
.uninstall 32 0.03%
.com 31 0.03%
.theme 29 0.02%
.SCR 27 0.02%
.avi 25 0.02%
.acm 24 0.02%
.dtd 24 0.02%
.JSON 24 0.02%
.master 24 0.02%
.reg 24 0.02%
.tsp 24 0.02%
.etl 23 0.02%
.ccu 21 0.02%
.amx 20 0.02%
.vp 20 0.02%
.vrg 20 0.02%
. 18 0.01%
.hlp 18 0.01%
.lng 18 0.01%
.db 17 0.01%
.CompositeFont 16 0.01%
.dlm 16 0.01%
.H1K 16 0.01%
.ngr 16 0.01%
.rll 16 0.01%
.sep 16 0.01%
.prof 15 0.01%
.DIC 14 0.01%
.wmf 14 0.01%
.am 12 0.01%
.ani 12 0.01%
.comments 12 0.01%
.drv 12 0.01%
.inc 12 0.01%
.nlt 12 0.01%
.psm1 12 0.01%
.rpo 12 0.01%
.scp 12 0.01%
.cmd 11 0.01%
.NTF 11 0.01%
.crl 10 0.01%
.lex 10 0.01%
.olb 10 0.01%
.Tasks 10 0.01%
.wma 10 0.01%
.lnk 9 0.01%
.old 9 0.01%
.gmmp 8 0.01%
.job 8 0.01%
.lxa 8 0.01%
.mlp 8 0.01%
.rld 8 0.01%
.sdi 8 0.01%
.url 8 0.01%
.cmf 7 0.01%
.jnt 7 0.01%
.tmp-tmp 7 0.01%
.toc 7 0.01%
.Wdf 7 0.01%
.bat 6 0.00%
.cap 6 0.00%
.cch 6 0.00%
.cpx 6 0.00%
.ds 6 0.00%
.mid 6 0.00%
.mpg 6 0.00%
.res 6 0.00%
.shp 6 0.00%
.win32manifest 6 0.00%
.GRM 5 0.00%
.16385 4 0.00%
.camp 4 0.00%
.cdmp 4 0.00%
.CHS 4 0.00%
.CHT 4 0.00%
.cov 4 0.00%
.cpa 4 0.00%
.cty 4 0.00%
.cw 4 0.00%
.dcr 4 0.00%
.dir 4 0.00%
.dls 4 0.00%
.dun 4 0.00%
.dvd 4 0.00%
.dvr-ms 4 0.00%
.fe 4 0.00%
.frm 4 0.00%
.h1c 4 0.00%
.H1T 4 0.00%
.hex 4 0.00%
.iso 4 0.00%
.isp 4 0.00%
.jpn 4 0.00%
.jrs 4 0.00%
.kor 4 0.00%
.mllr 4 0.00%
.mp4 4 0.00%
.msi 4 0.00%
.obe 4 0.00%
.phn 4 0.00%
.prx 4 0.00%
.ps 4 0.00%
.psc1 4 0.00%
.psd 4 0.00%
.smp 4 0.00%
.tbr 4 0.00%
.THA 4 0.00%
.uni 4 0.00%
.vb 4 0.00%
.vs 4 0.00%
.wmz 4 0.00%
.wsc 4 0.00%
.wwd 4 0.00%
.xbap 4 0.00%
.xsx 4 0.00%
.csv 3 0.00%
.ebd 3 0.00%
.idx 3 0.00%
.mp3 3 0.00%
.ser 3 0.00%
.acl 2 0.00%
.blb 2 0.00%
.BPD 2 0.00%
.BUD 2 0.00%
.chk 2 0.00%
.clb 2 0.00%
.dcf 2 0.00%
.desklink 2 0.00%
.devicemetadata-ms 2 0.00%
.dnl 2 0.00%
.doc 2 0.00%
.dub 2 0.00%
.ecf 2 0.00%
.fl 2 0.00%
.fx 2 0.00%
.GRL 2 0.00%
.hit 2 0.00%
.hkf 2 0.00%
.HPI 2 0.00%
.hrd 2 0.00%
.hxx 2 0.00%
.ird 2 0.00%
.LOC 2 0.00%
.mapimail 2 0.00%
.msstyles 2 0.00%
.org 2 0.00%
.OverrideTasks 2 0.00%
.pb 2 0.00%
.pdf 2 0.00%
.prm 2 0.00%
.properties 2 0.00%
.props 2 0.00%
.qtp 2 0.00%
.qts 2 0.00%
.qtx 2 0.00%
.que 2 0.00%
.rrr 2 0.00%
.s3 2 0.00%
.stp 2 0.00%
.t4 2 0.00%
.uns 2 0.00%
.vch 2 0.00%
.XEX 2 0.00%
.xpi 2 0.00%
.xst 2 0.00%
0 2 0.00%
0.1 2 0.00%
0.10165524 2 0.00%
0.106033 2 0.00%
0.1079901 2 0.00%
0.1083426 2 0.00%
0.10917137 2 0.00%
0.11277624 2 0.00%
0.12913793 2 0.00%
0.1371903 2 0.00%
0.139199 2 0.00%
0.144727384 2 0.00%
0.1496361 2 0.00%
0.2061428 2 0.00%
0.2176416 2 0.00%
0.25691211 2 0.00%
0.27929935 2 0.00%
0.2799157 2 0.00%
0.29565683 2 0.00%
0.29599 2 0.00%
0.3285044 2 0.00%
0.3397998 2 0.00%
0.35809623 2 0.00%
0.3822664 2 0.00%
0.4026523 2 0.00%
0.4058614 2 0.00%
0.4181747 2 0.00%
0.42556121 2 0.00%
0.43410679 2 0.00%
0.449033 2 0.00%
0.45415385 2 0.00%
0.52254527 2 0.00%
0.5814079 2 0.00%
0.601773 2 0.00%
0.6051029 2 0.00%
0.6179558 2 0.00%
0.6812641 2 0.00%
0.7166873 2 0.00%
0.7263375 2 0.00%
0.7559434 2 0.00%
0.762213 2 0.00%
0.786571 2 0.00%
0.8922087 2 0.00%
0.89321288 2 0.00%
0.910531 2 0.00%
0.95783 2 0.00%
0.975474 2 0.00%
0.9903645 2 0.00%
.01cad04b30e6c1f8 1 0.00%
.01caf13786f95966 1 0.00%
.01cb07fce6f4def3 1 0.00%
.01cbc8bc3c502f9d 1 0.00%
.01cbde138c673079 1 0.00%
.01cbf98efc018851 1 0.00%
.01cc061e0207fe70 1 0.00%
.01cc061e7b4627fd 1 0.00%
.01cc10096d9577dd 1 0.00%
.01cc1009cd04e555 1 0.00%
.01cc2cafb47f7f25 1 0.00%
.01cc366609526398 1 0.00%
.01cc43435e83bc45 1 0.00%
.01cc4343b4f5c6a7 1 0.00%
.01cc43a8ef1e5f83 1 0.00%
.01cc43af693564d0 1 0.00%
.01cc43afb503df66 1 0.00%
.01cc43b8b32a8a54 1 0.00%
.01cc43b90803edd2 1 0.00%
.01cc4400c9ea5a90 1 0.00%
.01cc440419f25b98 1 0.00%
.01cc449c6ea0256c 1 0.00%
.01cc44a2be60cbf0 1 0.00%
.01cc44c572f49e8d 1 0.00%
.01cc4542bdca9e7c 1 0.00%
.01cc454af005b30c 1 0.00%
.01cc454b3545c85c 1 0.00%
.01cc460965267b1b 1 0.00%
.01cc46143d5c1503 1 0.00%
.01cc4614a91661e6 1 0.00%
.01cc46d8c40504e4 1 0.00%
.01cc46df33556595 1 0.00%
.01cc46dfa5b64a8d 1 0.00%
.01cc47aaf31a8b9e 1 0.00%
.01cc487230e7398e 1 0.00%
.01cc4ad0b8666299 1 0.00%
.01cc4b9497b5ea61 1 0.00%
.01cc4c644032dc07 1 0.00%
.01cc4d2edee8ed9e 1 0.00%
.01cc4d4c95948401 1 0.00%
.01cc4df8a29b8a69 1 0.00%
.01cc4f97e9963f11 1 0.00%
.01cc505c148fcf9a 1 0.00%
.01cc5106d19d44e0 1 0.00%
.01cc5117dbacd143 1 0.00%
.01cc5118446ffb80 1 0.00%
.01cc51228d186b38 1 0.00%
.01cc5761a1913c7f 1 0.00%
.01cc88f886d56bf3 1 0.00%
.01cc9f3c273aed31 1 0.00%
.01ccbb437a7d323d 1 0.00%
.01ccd069f917befe 1 0.00%
.01ccdb7938594e57 1 0.00%
.01ccecb73fd30c50 1 0.00%
.01ccfe10bf065228 1 0.00%
.17514 1 0.00%
.ADM 1 0.00%
.APL 1 0.00%
.asp 1 0.00%
.bak 1 0.00%
.bcf 1 0.00%
.chr 1 0.00%
.CON 1 0.00%
.crmlog 1 0.00%
.CRT 1 0.00%
.CSD 1 0.00%
.Deployment 1 0.00%
.edb 1 0.00%
.ev1 1 0.00%
.ev2 1 0.00%
.ev3 1 0.00%
.EVM 1 0.00%
.fxh 1 0.00%
.gs 1 0.00%
.hhc 1 0.00%
.hhk 1 0.00%
.hve 1 0.00%
.lic 1 0.00%
.LTS 1 0.00%
.mif 1 0.00%
.mni 1 0.00%
.MPP 1 0.00%
.MST 1 0.00%
.mzz 1 0.00%
.policy 1 0.00%
.PPTX 1 0.00%
.PUB 1 0.00%
.sam 1 0.00%
.security 1 0.00%
.ses 1 0.00%
.SHD 1 0.00%
.soundpack 1 0.00%
.SPL 1 0.00%
.tif 1 0.00%
.trx 1 0.00%
.tsi 1 0.00%
.TTS 1 0.00%
.txt44A40B10-65CC-094C... 1 0.00%
.UDT 1 0.00%
.UNT 1 0.00%
.WIH 1 0.00%
.WIM 1 0.00%
.wsf 1 0.00%
.wtv 1 0.00%
.XLSX 1 0.00%
.ZFSendToTarget 1 0.00%
0.001 1 0.00%
0.002 1 0.00%
0.003 1 0.00%
0.004 1 0.00%
0.005 1 0.00%
0.10461536 1 0.00%
0.10533967 1 0.00%
0.1292296 1 0.00%
0.13285 1 0.00%
0.13718556 1 0.00%
0.1405288 1 0.00%
0.14254232 1 0.00%
0.14254263 1 0.00%
0.167389 1 0.00%
0.174178735 1 0.00%
0.17803239 1 0.00%
0.17803255 1 0.00%
0.19404605 1 0.00%
0.2 1 0.00%
0.2046951 1 0.00%
0.2046967 1 0.00%
0.2227912 1 0.00%
0.22733011 1 0.00%
0.23230623 1 0.00%
0.26146625 1 0.00%
0.26146641 1 0.00%
0.28082519 1 0.00%
0.28082551 1 0.00%
0.28379967 1 0.00%
0.28379998 1 0.00%
0.298835 1 0.00%
0.3 1 0.00%
0.30507196 1 0.00%
0.30507212 1 0.00%
0.3099874 1 0.00%
0.3323866 1 0.00%
0.3549553 1 0.00%
0.3609051 1 0.00%
0.36226255 1 0.00%
0.36226583 1 0.00%
0.37110625 1 0.00%
0.38856432 1 0.00%
0.38856448 1 0.00%
0.39093569 1 0.00%
0.391765 1 0.00%
0.4 1 0.00%
0.4183291 1 0.00%
0.437894 1 0.00%
0.47845 1 0.00%
0.47876 1 0.00%
0.48844412 1 0.00%
0.50275971 1 0.00%
0.5114928 1 0.00%
0.52039609 1 0.00%
0.52884151 1 0.00%
0.52884198 1 0.00%
0.55739516 1 0.00%
0.5624569 1 0.00%
0.56799012 1 0.00%
0.58400705 1 0.00%
0.58400752 1 0.00%
0.637903 1 0.00%
0.654845 1 0.00%
0.68749 1 0.00%
0.7006 1 0.00%
0.771799 1 0.00%
0.77724986 1 0.00%
0.783764 1 0.00%
0.80246 1 0.00%
0.85348 1 0.00%
0.85769 1 0.00%
0.8586653 1 0.00%
0.8586669 1 0.00%
0.87563 1 0.00%
0.90917 1 0.00%
0.916817 1 0.00%
0.93912 1 0.00%
0.9757269 1 0.00%
   120572 100%

Computer's age is:  7 Years 8 Months 17 days old


Post Your Results
Post your results in comments below and I will publish them.
Posted by metadataconsulting (profile) at 12:00 PM 0 comments

Monday, October 30, 2017

How to fix Creating a new folder or file is not appearing - Windows 7, Vista

Problem

Recently, after a major overhaul of my tower of power Windows 7 machine, I ran into this scary problem of my files not appearing. Trick or treat! Nice. That's all I need - a vanish act of my files not appearing - lol, just in time for Halloween. 

 I had the following problems with Window Explorer; 


  • Created a new folder or a files, but it doesn't appear
  • Renamed files, but the old name keeps appearing 
  • Move or copy files, but the file doesn't appear on the target destination
  • Delete files, but the files still appear in a folder or on the desktop
  • Empty the Recycle Bin, but the recycle bin is not shown as empty.
Eventually these show up by after closing and opening Windows Explorer or pressing refresh. But it was frustrating, and I finally fixed it.


Cause

It's a bug/odd ball setting in Windows Explorer that prevents files and folders from properly updating until you perform a manual refresh. It affects Windows Vista and Windows 7 (SP1). 

 Solution 

Open your registry and Search for Registry key. You can do this safely with my free "Registry Viewer" app to check if this key exist. Then alter it in your normal regedit cmd.
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}\Instance"

Look out for a DWORD value called "DontRefresh" which is set to "1" (on). 

 Change the value to "0" (off). 

 This re-enables the refresh. 

Posted by metadataconsulting (profile) at 12:00 PM 0 comments
Subscribe to: Posts (Atom)