Outlook Program Trying to Access Email Address Information & VIPRE

We got a call from a customer who got the following popup.

A quick search on the web lead me to this article from Microsoft.

https://support.office.com/en-us/article/i-get-warnings-about-a-program-accessing-email-address-information-or-sending-email-on-my-behalf-86cc5ece-379e-45e3-b8eb-3fefba09946b

I looked on the server and in the Vipre console I couldn’t push updates or definitions. We restarted the users machine to see if Vipre still shows it needs to be updated. We opened Outlook and didn’t get another warning. We saw the Vipre Add-in start up. We opened the Vipre agent and it asked to be updated. We pushed the button to update, but nothing happened.

In the console we “Forced Updates” instead of “Checking for updates” and this worked. We haven’t seen the warning come back yet.

Let us know if this helped you…

Delete VIPRE patchmanagement contents

Had a customer whos machine was running slow. We ran WinDirStat to see what was eating up the space on the machine. The pagesys file was huge, but a large chunk was under VIPRE. Specifically with the PatchManagement Patches.

According to VIPRE is it okay to delete out the contents of this folder. We found this information here.

https://support.threattracksecurity.com/support/discussions/topics/1000090855

Deleting the files went fine. We left the small .pup files since they were small.

Let us know if this helped you.

Outlook a program is trying to access e-mail address

We had a customer who’s Outlook keep popping up the following dialog box.

Here is the link we used to understand the issue.

https://support.office.com/en-us/article/i-get-warnings-about-a-program-accessing-email-address-information-or-sending-email-on-my-behalf-86cc5ece-379e-45e3-b8eb-3fefba09946b

This location uses Vipre Antivirus. We logged onto their server and went into the Vipre console. The customer’s machine appeared up-to-date with the client; however, the definitions were slightly behind. Not by much. We pushed “Definition Upates”, and this resolved the issue right-a-way.

Let us know if this helped you…

 

Phishing Attempts From Cheapfixerproperties.com

We had a customer complaining about emails stuck in the spam filter. They were getting an email with the subject line “(3) Incoming messages failed to sync”. In the email was a button to “Restore Messages”; however, when we hovered over the link the web address was for “https://cheapfixerproperties.com/…”.

We told the customer this was a Phishing attempt, and to not click on that button. They are ready had. We ran a full Vipre scan on their machine.

The URL takes you to a site that Google has already flagged.

Let us know if this helped you…

 

Email Scam – I do know, XXXXXXXX, is your password.

We received an email from a old customer who got an email with the following message.

I do know, xxxxxxx, is your password. You don’t know me and you are probably wondering why you are getting this e-mail, correct?

actually, I actually installed a malware on the adult vids (sexually graphic) site and do you know what, you visited this web site to have fun (you know what I mean). While you were watching video clips, your web browser started out functioning as a RDP (Remote Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software obtained all of your contacts from your Messenger, FB, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you’ve got a nice taste lol . . .), and 2nd part shows the recording of your web camera.

exactly what should you do?

Well, in my opinion, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 149EV7BbQSuJTS8mHJ5kdjGBvSKMFu7tob
(It is cAsE sensitive, so copy and paste it)

There was more to the email. The point is this email is a SCAM.

The biggest question was it was a password the customer had used in the past. Our best guess is someone gained access to an account they had and was able to capture name, email address and password. With this information they were able to get the scam started.

A Google search lead me to others that have received this email, and they all confirmed it was a scam.

Let us know if this helped you…

 

VIPRE – A problem has occurred in VIPRE Threat Scanner

We had a customer who was having VIPRE pop ups. Here is a screenshot of what they were getting.

I contacted VIPRE and they knew right a way how to fix it. They said it was a bad definition that came down in early February. The fix is to download a small file that will remove the old definitions and restart the agent.  Here is the link they sent us.

https://homesupport.vipre.com/support/solutions/articles/1000259870-vipre-alert-2-6-2018-problem-has-occurred-in-vipre-scanning-engine-or-vipre-threat-scanner

I ran the executable which only took few minutes and I got a popup saying VIPRE was my antivirus. I could see in the VIPRE Console on the server that the definitions were updating, so the Console and the agent were communicating again.

Let us know if this helped you…

 

Outlook -The synchronisation failed – check the Sync tab for further details

Had a client that uses “CodePLex – Outlook Google Calendar Sync” to sync Outlook calendars with their Google calendars. They were getting a bunch of different errors. The following link lead me down the right path.

https://help.toutapp.com/hc/en-us/articles/203348310-A-Program-Is-Trying-To-Access-Outlook-Email-Address-Information

  1. Open Outlook 2010, go to “File/Options/Trust Center” menu item, and then click on the “Trust Center Settings” button at the right side of the dialog box.
  2. From there, select the “Programmatic Access” menu item. At the bottom of this dialog, note what your “Antivirus status” is. If it is “Invalid” then close Outlook, navigate to where its “OUTLOOK” program icon is on your disk (typically it sits in the “Program Files (x86)/Microsoft Office” folder), and then right-click this icon and select “Run as administrator” from the pop-up-menu. If you get a warning, then select “allow” or “yes” to continue.
  3. Then in Outlook, go back to “Programmatic Access” as described above, and you should see your antivirus status updated to “Valid” (assuming you have an up-to-date antivirus program on your computer).
  4. Exit Outlook.

It seems like there was an issue with the trust center and antivirus. I discovered there wasn’t any antivirus on the machine. When I installed their Vipre anti-virus and restarted the machine this fixed the issue.

Let us know if this helped you…

 

Safe To Update Adobe Flash Player – Not Really!

Had another employee ask to me upgrade his Flash Player. He got a warning that the Flash Player was out-of-date. I actually have worked in Flash for years and appreciate all that it can do, but from a security stand point it can be too powerful.

When I got to his machine I saw the Adobe Flash Player Update page; however, the URL was not Adobe.com.

The URL was for “http://etaigwebulvar.com/..”. Clearly not Adobe.

Be careful with Flash Player updates.

Let us know if this helps you…

 

Protecting From WannaCry Ransomware

We have been diligently verifying our customers computer systems are up-to-date and protected from the lastest round of Ransomware called “WannaCry”.

Not sure exactly what patches needed to be applied I found a good page from SolarWinds the lists the appropriate patches for a given Operating System.

https://support.solarwindsmsp.com/

Microsoft’s Update Catalog allows you to download the the “.MSU” patches. Microsoft recommends using Internet Explorer to download and install the patches. You may need to set downloads to “enable”. In Internet Explorer Tools, under the Security tab, select “Custom Level.”. Scroll down till you see “Download” and click enable.

For antivirus we have been using Vipre. We received a email from Virpe stating the were already protecting customer before the virus was released. That will save us a considerable hassle. Here is the link the sent us.

https://blog.vipreantivirus.com/important-news/urgent-announcement-wanacryptor-wannacry-information/?mkt_tok=eyJpIjoiT1RnME5XUXpObU13TVRVeCIsInQiOiJoQ1FNVmJsQjh3YUpmTFFQUEowbDZpUzZFTG1FV3g5NkN4cnNcL2RKN1AzSWZXSlZwaTA0UUFQTHF4N29lMndwSDlcL2pxK0I2QlVSbGJ0V2NPdDBuMnhhUktKOWlHdW1UbG1Lakp0NFNrTFhYV2lhQVFhM2N2elNMWG5mTHJFTUlxIn0%3D

This list above is good to know the patches.  The next step was to disable “SMB1”. I logged onto the clients server and open Powershell as an administrator, and ran the following commands.

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

All of these updates required a reboot of the server.

Let us know if this helps you…