holdingthehead

5/5/2019 9:02:02 PM Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\David\Downloads\PolarisOfficeInstaller_1553102723.exe (SHA1: 9B72078130CD2C3197ECFE5019B099C9E6167C71) 5/5/2019 9:02:08 PM A notification message "Suspicious behavior has been found in the following program: C:\Users\David\Downloads\PolarisOfficeInstaller_1553102723.exe" has been shown 5/5/2019 10:40:03 PM Behavior Blocker detected suspicious behavior "HiddenInstallation" of C:\Users\David\AppData\Roaming\PolarisOfficeLink\Update\POLinkUpdaterSwitcher.exe (SHA1: B64AC14B2FEDA312781DBA1C3401CD7A0F41C8C2) 5/5/2019 10:40:08 PM Behavior Blocker detected suspicious behavior "HiddenInstallation" of C:\Users\David\AppData\Roaming\PolarisOfficeLink\POLinkUpdater.exe (SHA1: F27F9E7F34E213DF3503655E0F9840705B381B4C) 5/5/2019 10:40:18 PM Behavior Blocker detected suspicious behavior "HiddenInstallation" of C:\Users\David\AppData\Roaming\PolarisOfficeLink\POLink.exe (SHA1: 38B87CEFF2EB7BFDBC2D95CF4342D940A4C1F73E) 5/5/2019 10:40:25 PM Behavior Blocker detected suspicious behavior "Spyware" of C:\Users\David\AppData\Roaming\PolarisOfficeLink\POLinkSync.exe (SHA1: 365B8AC2878C85F85A94EF646BA20DCB6F08552B)

Here is the main notice, I believe.

When I install Polaris Office on my computer, I get a flag to the effect that it is not safe. Could I get some feedback on this? Is it because of the sync feature or is it not what it purports to be?

I am unable to get information from an account that I have online. I understand that it uses a popup. It is to receive the bill for the account. I click on the date and a circle begins to go arround for a few seconds and then stops with nothing happening. Is there something in the web browser protection that could cause this? I have the site with exception in FF for blocking popups. Windows 10 Home Emsisoft version 2019.2.0.9269 DESKTOP-M7CPVCS.speccy

I decided to force stop the page through task manager before putting to sleep last night. When I tried Firefox today, at first it would not connect to the internet. I feared that that was a leftover from the "attack". But eventually things have normalized. Is anyone able to comment on this?

I suspect that this is a hoax or an amatuer attempt to get the gullible (especially those who have not heard of the excellent work of Emsisoft in this line). As far as I have been able to determine, the only problem is a supposed web page that is not able to be closed. I hope my analysis is correct.

ID Ransomeware gives this Case SHA1: 63233ad46db52749a3ae9e00b47731173f34af21 Virus Total gives this. https://www.virustotal.com/#/url/2ca72b808fe3d6ad5311d548be3117e7f5c22ebcbd7189f0bbf943eb6eac1847/details

er0r-str32.xyz/ fire/ index. php?pn= This page came up when I opened a web page. (I inserted 3 spaces just in case something could be activated) It claims that www.support.microsoft.com says: Your computer has been blocked Error # 268D3 Please call us immediately at ' +1870-376-0812 ' Do not ignore this critical alert.... I read first steps when dealing w/ ransomware, but I am not sure how to carry out many steps. I closed CC Cleaner and my backup. I am not sure if that disables the Cleaner. I thought that I was not able to open another browser in FF which is what I use but yes I can.

Lately I have had problem with play store opening with a specific app to install when using Firefox. I go to the loaded apps and close, but quite often another play store app loads. I ran Emsisoft mobile but it does not detect anything. Android version 4.4.2. Could this be malware?