The setting limits the use of CPU resources, but if resources are available, the AV will use them all. The logic there is this: we use all available resources to the maximum, if they are needed by something else, then we give them up as needed.

And what's the point of limiting the use of CPU resources when scanning with a scanner? It is more logical that AB, when checking with a scanner, use all the resources available to it in order to perform the check as quickly as possible, and not "pull the cat by ... bells."

 

well i usually use express scan once a day, i don't like to see my CPU temp goes to 70C once per day for 5-10 minutes.
when literally my games that are mostly cpu extensive don't force it to go 10)% and 70C temp. 

what kind of logic is that? user don't need his pc so let's take it all ? just take what you need to do the process why should you take it all? this is the first time someone telling me 100% cpu usage and 70C temp for an express scan by an antivirus is normal. this is a performance problem on your side and needs to get forwarded to developers
this ain't a logic that work on 2022 sadly maybe in 2014 but not in 2022.

Hi,
You can restrict cpu usage (Load level of computer resources) in Scanner GUI settings

Hi

I actually set that on Minimum but no difference, it still goes to 100% cpu usage in both full scan and express

Hi.

So title says it all.

I'm getting 100% cpu usage for Dr.Web while scanning ( Express and Full scan both. )
my cpu is an i9 11900k. pretty strong but i've had F-Secure/Emsisoft/Norton360/ and Kaspersky all in the present year(2022), none of them actually use more than 50% cpu even on full scan.

this is not normal, i've seen a post here in this forum another user asked about this back in 2014, back then a Dr.Web staff answered it's pretty normal, well guess what, it is not pretty normal in 2022 to use 100% cpu in a regular express scan 

Any idea if this going to get fixed or developers still thinks it's pretty normal?

Hello Doctors! 

 

I was asked from my colegue to check his android phone. Reason was that phone is too slow, crashing applications and especially Outlook which he is using mostly. I installed Dr. Web Secuurity Space for Android, do a Full scan, it found 20 voruses! My God! It deleted 19 and 1 failed to delete. Please Help! Name of virus is: Android.DownLoader.3737.

 

How to get rid of it?

 

Thanks in advance!

Hi

your best is to contact the Technical Support of Dr.Web from this portal: https://support.drweb.com/?lng=en
 

they'll most probably comes with a solution ASAP

36 vendor detect it

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues.

Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care, a leading provider of care to those suffering from kidney failure; Fresenius Helios, Europe’s largest private hospital operator (according to the company’s Web site); Fresenius Kabi, which supplies pharmaceutical drugs and medical devices; and Fresenius Vamed, which manages healthcare facilities.

Overall, Fresenius employs nearly 300,000 people across more than 100 countries, and is ranked 258th on the Forbes Global 2000. The company provides products and services for dialysis, hospitals, and inpatient and outpatient care, with nearly 40 percent of the market share for dialysis in the United States. This is worrisome because COVID-19 causes many patients to experience kidney failure, which has led to a shortage of dialysis machines and supplies.

 

Full Article

Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store

 

A hacker has leaked on Friday the details of 15 million users registered on Tokopedia, Indonesia's largest online store.

 

The hacker claims the data was obtained in an intrusion that took place in March 2020 and is just a small part of the site's entire user database that was obtained in the hack.

 

The leaker said he was sharing the 15 million users sample in the hopes someone could help crack the user passwords, so they could be used to access user accounts.

ZDNet has obtained a copy of the leaked file with the help of data breach monitoring service Under the Breach.

Full Article

have you tried to share this with Technical Supports? https://support.drweb.com/?lng=en

Ransomware Payments Surge 33% as Attacks Target Remote Access

 

The average sum paid by enterprises to ransomware attackers surged by 33% quarter-on-quarter in the first three months of the year, as victim organizations struggled to mitigate remote working threats, according to Coveware.

 

The security vendor analyzed ransomware cases handled by its own incident response team during the period to compile its latest findings.

 

It revealed the average enterprise ransomware payment rose to over $111,000 in the quarter, although the median remained at around $44,000, reflecting the fact that most demands from online attackers are more modest.

 

Sodinokibi (27%), Ryuk (20%) and Phobos (8%) remained the top three most common variants in Q1 2020, although prevalence of Mamba ransomware, which features a boot-locker program and full disk encryption via commercial software, increased significantly.

Full Article

Понеслось

После изменения настройки с часами, уведомление не появляется ?

Hi there Eugen,

i think something is realy wrong with the appearance of the notifications, would you take a look at this ticket too? i have some ideas that might help you guys resolve the issue if there is any ofc.

after you got that let me know and i'll remove the ticket number or a mod can do that please?

Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft's Windows operating system.

 

SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them.

 

The newly disclosed unpatched Windows zero-day vulnerability is an arbitrary file read issue that could allow a low-privileged user or a malicious program to read the content of any file on a targeted Windows computer that otherwise would only be possible via

 

Read the Full Article: https://thehackernews.com/2018/12/windows-zero-day-exploit.html

Hi.

so i've seen Dr.Web had some webinars ( in English language ) i was in one of them i got the link for webinar from one of DrWeb local partners.

but is there anywhere on website so we can see the calender of webinars or even seminars that DrWeb will talk there ?

i found this one in which belongs to 2months ago but yet i couldnt find it anywhere on the website either..  just don't want to miss the future ones

https://cybersecuritymonth.eu/activities/webinar-using-application-tools-in-a-virtual-sandbox-to-analyse-malicious-or-potentially-dangerous-objects

Regards,

Attackers Connect with Malware via Malicious Memes

A new type of malware has been found listening for commands from malicious memes posted on Twitter, according to new research from Trend Micro. Cyber-criminals are using the social site as an unwilling conduit in communicating with its mothership through the use of steganography, a tactic that hides a payload inside an image in order to evade detection.

The payload also instructs the malware to take a screenshot and collect system information from the infected computer, Aliakbar Zahravi wrote in a recent blog post.

“This new threat (detected as TROJAN.MSIL.BERBOMTHUM.AA) is notable because the malware’s commands are received via a legitimate service (which is also a popular social networking platform), employs the use of benign-looking yet malicious memes, and it cannot be taken down unless the malicious Twitter...

 

Read the Full Article: https://www.infosecurity-magazine.com/news/attackers-connect-with-malware-via/

Iranian Hackers Target Nuclear Experts, US Officials

Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.

 

Iranian cyberattackers are stepping up their game after US President Donald Trump re-enforced severe economic sanctions on the country last month, the AP reports. Much of the cyber espionage activity targets American officials who make sure the sanctions stay in place.

Cerfta, a cybersecurity organization based in London, has been tracking the activity of threat group Charming Kitten and its recent campaign of phishing attacks – the most common threat among Iranian state-backed groups. The AP reports Charming Kitten has been attempting to hack email accounts of US Treasury members,

Read the Full Article: https://www.darkreading.com/iranian-hackers-target-nuclear-experts-us-officials/d/d-id/1333494

Disk-Wiping 'Shamoon' Malware Resurfaces With File-Erasing Malware in Tow

As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says.

Organizations in the United Arab Emirates and Saudi Arabia are once again being targeted in a new wave of attacks involving Shamoon, a malware strain that was used to destroy more than 30,000 PCs at oil giant Saudi Aramco in 2012.

The latest attacks come after a two-year lull and are doubly destructive since they include a new component, Filerase, for erasing files on an infected system before Shamoon wipes the master boot record clean, Symantec states in a report. The addition of Filerase makes it almost impossible for victims to recover data from impacted systems, the security vendor notes.

Based on a breach disclosure from Italian oil services firm Saipam, the new Shamoon attacks appear to...

 

Read the Full Article: https://www.darkreading.com/attacks-breaches/disk-wiping-shamoon-malware-resurfaces-with-file-erasing-malware-in-tow/d/d-id/1333509

Trend Micro Finds Major Flaws in HolaVPN

A VPN is often touted as a basic piece of any mobile device security plan. But when the chosen VPN turns out to be not just ineffective but actively working against your security, the user is left both vulnerable and betrayed.

Researchers at Trend Micro have singled out HolaVPN, a free "community VPN," for using customer computers and devices as exit points for spam, phishing messages, and worse. The "worse" is especially important at businesses where employees have downloaded the HolaVPN software. In those cases, HolaVPN could provide a gateway into the enterprise network for malicious software of many varieties.

Community VPNs are those in which the users' computers and devices provide exit points for other users in exchange for low- or no-cost services.

 

Read the Full Article: https://www.darkreading.com/network-and-perimeter-security/trend-micro-finds-major-flaws-in-holavpn/d/d-id/1333515?#

Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach

 

Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack.

In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information.

The impacted support form in question was used by account holders to contact Twitter about issues with their account.

Discovered in mid-November, the support form API bug exposed...

Read the Full Article: https://thehackernews.com/2018/12/twitter-data-breach.html

Hi.

well the question is clear,

just recently i received some invite from some of my friends to some of the best private torrents for tv series and movies ..

PrivateHD

HDBits

IPTorrents

and 2-3 more

so as i heard, they have really hard rules and great monitoring on their files and users/uploaders

but still, i want to know how are they safe-to-use ? of course they are not legal, but that's not a problem at least IMO, i'm just worried about that one of these typicaly days i'm downloading one of my favorite tv shows and i'll get Petya or WannaCry instead of my tv show..

is that possible with all that monitoring in private torrents?

what DrWeb thinks about that?  

 

 

Интересно, брошюра перед релизом была  на рецензии у тех. специалистов компании

Конечно была, а теперь они читают и им видите ли стыдно.

 

это рекламная брошюрка.

 

it's also a change in Dr.Web Policy!

Dr.Web clearly in this news said IF customers didn't set things up like we say in this brochure, they will not have a free Decryption in terms of infection with Trojan Encoders!
 

Hi

this is the last Dr.Web component update https://news.drweb.com/show/?i=11230&c=5&lng=en&p=0

but i didn't receieved it yet, and also no reboot request from Dr.Web Secrutiy Space..  

To reboot press any key. Enjoy.

:D Update didn't recieved yet.


what settings we should change to Doctor Web decrypt our encrypted files by the way? are the changes a lot?

Can't wait for English version of this

i didn't recieve a reboot request yet by the way