Yet another telephone scam

[Pepperpotty]

Just to warn you all, although I'm pretty sure that no one here would fall for this.

Here I am minding my own business reading the posts that have been posted about the Kronos whilst I have been out in the garden hanging up my washing.

The phone rings - number unavailable.
I answer "Hello?"
Some Indian guy on the other end says "Hello Madame how are you this morning?"
I reply shortly "Fine thanks"
"I am calling from 'Line'. There seems to be a problem with your computer and it is transmitting a virus"
I reply "Nice try but the problem is that I am not stupid and I know that this is a scam"
He replies" Why would you think that this is a scam"
I reply "Because I have heard about this on the internet and on the tv and I know that there is no way that you could possibly know that there is a problem with my PC"
He replies "We have had problems recently with companies pretending to be us and we are currently in talks with the police to stop this" (Really? Do you think that I am that stupid?
I reply "You are not calling from my broadband provider and you are not calling from the people who make my computer so if you have no way of knowing anything about my PC unless you have illegally obtained information about my IP address and home phone number."

At this point I hung up.

I have to give these guys credit for being so damn persistant. Even to the end he was insisting that he was a genuine company.

Just in case you're not aware of the current scam going around. These guys call you and tell you that you have a virus on your computer. They convince you to allow them to remotely connect to your pc where they will then infect your computer. They do this to convince you that you need to pay them to remove the virus that they put there themselves!

I'm sure you're thinking that you would not possibly fall for this but you would be surprised with the amount of people that do. They're targeting everyone, even people without computers! It seems that they are just getting numbers out of the phone book.

[Sharp]

I get those kind of calls all the time, and if I'm in the mood, I have tons of fun taking the pi$$ out of these fools.

Kind of goes like this....

Indian guy calls and asks is my PC slow, to which I reply “Yes, very slow”.

I accept his offer of help and he asks me to go to a certain website to scan my PC for viruses, to which I reply sure, I will turn on my PC right now and do that.

For the next few minutes (as long as 20 minutes with one guy) I can make them hold while I pretend the PC is booting. They will either cut me off, or if they think they have me, you can keep them on the line.

If I can keep them hanging on, I can easily get another few minutes from them by pretending I'm just seeing search results for websites, or page not found errors. This drives them mental.

In the end when I pretend that the page is up they ask me to describe what I see on the screen, to which I at this point laugh my arse off and throw some rather strong insults down the phone and then hang up before they can get a word in...he..he...

Try it, it's loads of fun.

Regards
Sharp.

[Pepperpotty]

Oh damn, why didn't I think of that!

My Dad got one the other day pretending to be his bank. They didn't even use the name of an actual bank but instead made up their own one!

These guys are everywhere!

[Aciphecs]

I want to get one of these call just so I can screw with them

[Pepperpotty]

I want to get one of these call just so I can screw with them

I know, after reading Sharp's post I want to get another one! We had one at work once and we kept passing him around the office. Someone got the call and said "just one moment, I'll transfer you to the right person" and we kept on doing this all trying not to pee our pants laughing! I think we managed to transfer him about 5 times before he hung up!

[Pepperpotty]

Speaking of scams, has anyone encountered the Windows security suite virus?
That's nasty!
I've had it twice on my old pc now. I've got it hooked up to my telly in my bedroom and because it's my old one I'm not as careful about what sites I visit but I've managed to get this virus twice now and it's a bugger to remove!
Basically all you have to do us visit an infected site, you don't even need to click on anything. Before you know it, this "software" has installed itself on your pc and it starts "scanning your pc for viruses". It finds no end of viruses that it then asks you if you want to remove. When you say yes, it directs you to a website that tells you that your virus subscription has expired and you need to renew it to continue. This all looks very legit as it is apparantly coming from windows itself.

Of course I know that this isn't legit because I don't use Windows anti-virus. I also know that my anti-virus programme would not ask me to renew in dollars!

Anyway, it disables your internet. The only internet you can access it their site. It diasble ctrl-alt-dlt so you can't run task manager to close it. It also stops you from opening pretty much every single other programme on your computer that could help you get rid of it like your anti-virus softwar, regedit, msconfig and just about everything else!

It took me about 7 hours to get rid of it! The problem is that so many people are falling for this, after reading in other forums, the amount of people that actually end up paying this company is unbelievable!
Some pay because they think it is legit and some pay simply because they have no other way of getting the virus off their computer.

Nasty!

[X-Trade]

Speaking of scams, has anyone encountered the Windows security suite virus?
That's nasty!
I've had it twice on my old pc now. I've got it hooked up to my telly in my bedroom and because it's my old one I'm not as careful about what sites I visit but I've managed to get this virus twice now and it's a bugger to remove!
Basically all you have to do us visit an infected site, you don't even need to click on anything. Before you know it, this "software" has installed itself on your pc and it starts "scanning your pc for viruses". It finds no end of viruses that it then asks you if you want to remove. When you say yes, it directs you to a website that tells you that your virus subscription has expired and you need to renew it to continue. This all looks very legit as it is apparantly coming from windows itself.

Of course I know that this isn't legit because I don't use Windows anti-virus. I also know that my anti-virus programme would not ask me to renew in dollars!

Anyway, it disables your internet. The only internet you can access it their site. It diasble ctrl-alt-dlt so you can't run task manager to close it. It also stops you from opening pretty much every single other programme on your computer that could help you get rid of it like your anti-virus softwar, regedit, msconfig and just about everything else!

It took me about 7 hours to get rid of it! The problem is that so many people are falling for this, after reading in other forums, the amount of people that actually end up paying this company is unbelievable!
Some pay because they think it is legit and some pay simply because they have no other way of getting the virus off their computer.

Nasty!

There are so many of these, you've only hit the tip of the iceberg.

In the industry we call them 'Rogue' suites. Even to the point where some of them try to copy a well known free antivirus (for example the top sponsored ad on Google once was for 'malwarebytes 2011', which is illegitimate, whereas malwarebytes anti-malware itself is a great free product that will go most of the way to removing these things.

All the way back to 'antivirus 2008', 'Eindows XP Antivirus', etc. I can't even remember the 1st one I removed. One way to tell is that they always have a year after them, although unfortunately a number of legit packages do this as well.
They always tell you that you have a virus, they often lock down you computer preventing you from accessing the internet, or they will redirect you from known security product pages telling you that it is dangerous. They will ask for you to register or otherwise pay to remove the viruses that don't actually exist, or in some cases they actually report their own files as viruses (which is handy). It will also usually disable most antivirus packages that you do have installed.

The terrible thing is that if you do pay, it doesn't stop there. They aren't really interested in your money as much as the card or bank details you use so that they can steal your identity or charge you much more. We've had customers at the shop I've worked at who have been scammed out of thousands of pounds through these. And they're prolific, there's a new one every month, its run by organised crime and people fall for it because its designed to look legit and offer no other choice (to the average user) to get rid of it.

A few that I've removed from user's computers recently:
"XP Antivirus 2011"
"Win7 Antivirus"
"System Tool"
"Internet Security 2011"


A comprehensive list (although not exhaustive) can be found here

Worth noting that legitimate Microsoft antivirus products are Windows Defender (but not Win Defender 2011 or Defender Antivirus 2011) and Microsoft Security Essentials.

If you're a home user the best thing I can recommend is either taking it to a local computer tech, or if you want to do it the hard way, then boot into Safe Mode, install Malwarebytes antimalware from malwarebytes.org and run a full scan. After this also run a scan with your native antivirus.
NEVER browse on the internet without up-to-date antivirus or even worse NO antivirus (can't believe I've seen this).
Some great free antivirus products that are just as good as the paid versions are:
AVG 2011 (Free Edition)
Avira Antivirus

Malwarebytes is good for on-demand scanning but you have to get the paid version for actual realtime protection. Probably well worth it though and quite light on system resources.

I don't have anything to do with any of the products I recommend, all I can say is that I've used them and they are fantastic.

[Timo]

Tried to post this earlier, but the site was down?

Speaking of scams, has anyone encountered the Windows security suite virus?
That's nasty!
I've had it twice on my old pc now. I've got it hooked up to my telly in my bedroom and because it's my old one I'm not as careful about what sites I visit but I've managed to get this virus twice now and it's a bugger to remove!
Basically all you have to do us visit an infected site, you don't even need to click on anything. Before you know it, this "software" has installed itself on your pc and it starts "scanning your pc for viruses". It finds no end of viruses that it then asks you if you want to remove. When you say yes, it directs you to a website that tells you that your virus subscription has expired and you need to renew it to continue. This all looks very legit as it is apparantly coming from windows itself.

Of course I know that this isn't legit because I don't use Windows anti-virus. I also know that my anti-virus programme would not ask me to renew in dollars!

Anyway, it disables your internet. The only internet you can access it their site. It diasble ctrl-alt-dlt so you can't run task manager to close it. It also stops you from opening pretty much every single other programme on your computer that could help you get rid of it like your anti-virus softwar, regedit, msconfig and just about everything else!

It took me about 7 hours to get rid of it! The problem is that so many people are falling for this, after reading in other forums, the amount of people that actually end up paying this company is unbelievable!
Some pay because they think it is legit and some pay simply because they have no other way of getting the virus off their computer.

Nasty!

Hi Pepper, I got the same or similar virus you're describing twice, and I'm extremely vigilant about websites and relatively proficient when it comes to computers themselves. As you say it's extremely devious and is an absolute bugger to get rid of. My virus was called "Antivirus XP 2010".

I found that it was a simple advert displayed on Photobucket that triggered it (in both my cases). Pictures within websites can contain malicious code and merely displaying them on your screen is enough to activate them, you don't even need to click anything.

In my case simply loading up the Photobucket site in a browser caused the aforementioned "Antivirus XP 2010" to put up a system pop-up (not the usual fake, ad-based GIF picture web pop-ups you normally see but a fully official operating system pop-up from within Windows XP itself) trying to scan my computer. The system pop-up kept popping up trying to start a scan every few seconds so I killed the browser, physically disconnected the internet cable and had to keep killing the pop-up via TaskManager every few seconds until I could regroup.

It's is an extremely severe breach as it de-activates everything in Windows' so-called Security Centre along with my genuine anti-virus (Avast), firewall (both Zonealarm and Windows' firewall) and my Malwarebytes anti-malware scanner. Nothing would allow me to re-activate them or run manual scans using any of them - they kept forcibly crashing - even after rebooting or booting into safe-mode.

Fortunately it hadn't blocked another program I have called Spybot Search And Destroy, so I carried out a manual scan and this allowed me to delete critical aspects of the virus, finally allowing me to re-activate Avast, Security Centre, Malwarebytes, ZoneAlarm et al. I then ran multiple scans on my computer using Avast, Malwarebytes and Spybot again to cleanse the rest of the detritus relating to that virus/trojan. If I hadn't had Spybot installed I reckon I would've been forced to attempt to back up all docs and re-install Windows.

Avast didn't even detect this virus, which is the first time it's been powerless, usually it's bomb-proof. As such I think Windows XP was to blame as the trojan deactivated all software in Windows XP Security Centre via a back door hack.

I know most of the general common pitfalls, but nothing would've prepared me for the above virus, other than literally disabling all pictures on the internet. This is also why Yahoo mail and other email clients have an option to disable images in emails in addition to HTML.

Photobucket clearly do not vet adverts, and thus some of the adverts are maliciously embedded with code and are executed simply by displaying the advert on screen (not even by clicking on it). After googling on the net, it appears it's happened more than once on the Photobucket site and I'm not the only one.

Sorry for the long post. People who code this stuff are vile.

[Pepperpotty]

X-trade - I had no idea that they were also stealing your identy. I thought they were only doing it to get your money. That's really bad. These guys should be hung. I had to remove mine the hard way. The virus wouldn't let me reboot in safe mode or even boot to a previous boot. I had to remove it bit by bit by finding and deleting all the nasty little files it had installed and then getting rid of it once and for all in the registry files. I can't say it was an enjoyable experience!

Timo - you were lucky that it let you run your spybot as mine was also disabled! I very nearly gave up and reverted to factory settings as it was on my old pc and I have all my files backed up on my new one. But I'm one of these people who never gives up and didn't want to be defeated! I got there in the end although I suspect that the damage it has caused my PC will force me to re-format it sooner or later as it's been running suspiciously slow since the virus attack.

[cello]

Aye, Pepper my PC has been hit with those damn virus scams a couple of times.

As you say, totally disables your control - but usually only at a desktop level; which of course is pretty much everything! If you try to open outlook it says 'Outlook is infected and can't be opened'. Same with Explorer. Same with Photoshop. Same with InDesign, etc, etc.

There's a great freeware app called 'Hackthis' which I live by. Keep it on a USB 'thumb' drive for exactly this purpose.

It looks at what's happening at registry level - but you've got to start up in safe mode which disables the crap stuff. Then it lists all the things like the browser helper objects, along with their credibility... You simply look through the long list and you'll always find something and say to yourself 'what's that doing then?' as everything else will say Adobe or Microsoft. Your little nasty will say nothing, of course.

You check the check box which removes it from the system and voila! The joy of Windows is back in all its glory

Wish there was some way of reporting the little sh!ts to the authorities, but all they do is change their IP address and their gone...

By the way, the last such infection I got was from eBay; so not always from dodgy sites! It was an infected ad that got online literally for a few hours and that was when I bid on something...

[Giner]

Luckily, I've not been plagued by these douchebags - heh, they must know I'm just a poor muso without any great wealth attached.

Anyhoo, I have Avast (free antivirus) on my computer, so it seems to be doing the job so far. Should I have any concerns about Avast? You know, stuff that may be lurking below the surface?

[X-Trade]

No, Avast is pretty good actually.

The problem with a lot of modern antivirus packages though is that they do too much. One of the things I like about Avira particularly is that it isn't too resource heavy.
At the end of the day with this type of virus in question here you'll still get if you've got the ultimate power-sucking Norton or if you have the lightest antivirus on the net, because typically it will trick you some way or another of being 'invited' in by the user.

[Giner]

Thanks for that, X-trade. Good stuff to know.

[mikemolloyuk]

There is also an unknown number caller that is an automated american voice thats really happy and says

'Hi...! - my names Mike i'm calling from Las Vegas... You have won a prize, press 9 - thats 9 to claim it'

I love the fact that he has to repeat the number - I guess some hilbillys dont read to good..!

Anyway, just hang up as it will probably bill you lots if you press the number...

Sorry if I have ofended any hillbillys on here..!!

[xmlguy]

I haven't answered a telephone call from anyone I don't know in years. Everyone I know has been informed that they better have caller ID unblocked to call me, since all other calls will get rejected or sent to voicemail, and my phone doesn't even ring for calls from anyone except on my approved list. My telephone is a telemarketing and scammer black hole.