***** warning ******please read

kennyp

kennyp

Member
I HAVE BEEN ZAPPED .........Was running a routine virus scan on my laptop yesterday, when I returned to it the scan had stopped part way through and the screen had loads of 'Crirical Error' warning messages about HDD being corrupted, Ram full (?) and system unable to execute commands. When I cleared this lot off the screen, a new screen appeared called Windows Repair. Everything looked genuine, correct colours for the pages, correct fonts etc even the logos, so I assumed (yes I know)that the windows security had picked up this problem and it then started to scan the system.
It confirmed that there were 4 critical errors which needed immediate repair. (I KNOW!)
(And this is where I put on the donkey head!!.) The 'windows' page stated that to remove the critical errors the current program needed updating (laptop 3-4 yrs old so plausible) and that I would have to purchase the update from them. Which I did!!!
After inputting my credit card details I returned to the original page and guess what?, all the critical errors had now disappeared,although I hadn't downloaded anything!!.
The site I noticed had changed from a Windows page to one which had ...EDSCLEAR.COM.... in the title and it was these who took the money. They sent me an activation code consisting of 31 characters, order number and contact telephone
which offered 24/7 support.
Then things looked even worse the text on the receipt was the worst english I have ever seen. The t.p. number doesn't exist. My laptop doesn't work, cannot do a system restore, virus scan or download a virus software from a disc I have. I am now faced with having to do a clean / reinstall. Oh and yes I did cancel my card about 10 mins after the money had been taken. I feel such a dick for falling for this scam, as I am usually quite savvy but the windows thing utterly threw me and once it took over its got you. PLEASE learn by my mistake. The bastards out there will do everything to screw with you and get your hard earned dosh:mad: I do have virus protection but obviously not good enough!!
 
PCS

PCS

Administrator
Staff member
I'm sorry to hear that you were caught out. For anyone else reading this never input your card details into anything that requests you to. Only input your card details when you have actively gone seeking a product. At least you have cancelled your card details now, so in this case you will hopefully not lose any money.
 
Gorman

Gorman

Author Level
Sorry to hear that :(

It really sucks when this sort of thing happens, all it takes is for you to take your eye off the ball for a second, they are very sneaky and determined.
 
Anthony.Ralph

Anthony.Ralph

Bronze Level Poster
I think it is both brave of you to tell us about this and helpful, as we could all get caught given the right circumstances...

Anthony.
 
pez

pez

Well-known member
aye anthony. Tend to agree. The wife nearly fell for something like this a couple of weeks ago. Thought she had a nasty virii. I heard her mumbling in the kitchen...say "Hmm, I need to pay for this software" and ran into the kitchen screaming "NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!!!!!!!1111111111111111"

Fortunately, I scared the crap out of her and she stopped clicking. I point the error of her ways and we now live happily ever after.

Just a heads up for Virus Security. Anyone here, speak to you Bank. They all offer McAffee for FREE - 3 usr License - if you bank with them online :)
 
JSG10

JSG10

Expert
Just use MSE and Windows Firewall. No problems at all with them......yet :S
Even the most sophisticated AV will fail you if you allow something in by running a program or inputting your card details into what you think is a genuine pop up.
 
DeadEyeDuk

DeadEyeDuk

Superhero Level Poster
I have had a couple of instances in the last 2 months like this. Mine was called Windows Vista Security 2011 or something.

It lists X number of critical alarms/infections and says I need to Upgrade to the full system to remove them...uhm..ok.

The first time in Feb, I spent most of my evening on mum's laptop tryin to find out how to remove this obvious malware.

In the end, I DLed MalwareBytes onto a stick, and ran it on my PC, and after a 2 hour scan, it was removed.

It happened again on Friday night (I wasnt even doing anything! Let alone anything dodgy!), and I just ran the already present MalwareBytes, and again, after a 2 hour scan, it was detected and removed.

I might be concerned about it appearing again, and it being somewhere in the bowels of my PC, but as I am due my new one soon *cough*still in pre-production a week later*cough* I shan't worry!

These kinds of scams infuriate me though, because I can just imagine how many older/less tech-savy people get caught by it and end up giving 10, 20, 50 pounds to these "people" (lowest form of the species mind).

Ah well, at least you can learn from this one kenny.

DED
 
L

LFFPicard

Godlike
DeadeyeUK, it sounds like the same virus as the OP.
I have removed this on many a friends PC and know the routine for it. Malwarebytes wont get rid of it on its own you need to use a few programs.
When I am home I will look it up again for you so you can finally remove it for good.

This will also remove the virus for Kennyp

EDIT:

http://www.bleepingcomputer.com/virus-removal/remove-system-tool

That should do it.
 
Last edited:
pengipete

pengipete

Rising Star
This particular nasty is big enough to have made headlines on the BBC's website - http://www.bbc.co.uk/news/technology-12933053

It's triggered when you visit a site with the hidden link and won't be blocked immediately by regular security software because the user actually has to authorise it to run - which many will do because of the official looking interface. Latest update from Websense claimed that 500,000 sites and 1.5 million pages have embedded links to lizamoon dot com - the source of the malware - and that number could grow.

The nature of this sort of attack means that it makes no difference what browser you use as the weaknes it exploits is in the user. What you'll see first is a pop-up when visiting a site telling you that your computer is infected. If you click the "okay" button on this warning, you authorise the download of the
file which prompts you to download and install the fake "Windows Stability Center" software and once that is run it pretends to scan your PC and then request payment.

The good news is that - as of today - all of the major security software is now recognising the download as malware (a list is available here) though experience says that such malware is constantly being rewritten and tweaked to avoid detection. The only way to realy avoid this type of malware is to never - ever - click on a "Your PC is infected" pop-up - not even on the pop-up's "close" gadget as that can easily be used to trigger the same malware. If you get such a pop up - close the browser (from the taskbar or task amanager if necessary) then clear your temp folders and browser cache - run CCleaner and change the Options/Advanced settings to allow it to remove files less than 48 hours old - and then restart your browser. The page hosting the nasty/link may try to re-open - just close the tab before it can load. It does not load malware directly into any other folders or areas of your PC - that happens if you run the fake app or click on the notices.

The sad news is that this type of nasty doesn't need to be hosted on the site you visit - it will most likely be on a site you visit via a link and even the site that actually hosts the scripts will not know it's there until they receive complaints - so completely legitimate sites may end up inadvertantly pointing you towards it. That's a worry for forums like this where we post external data and links to other sites. If you ever get any sort of pop-up like this when using the forum, make a note of the thread or content you were viewing and alert the moderators - chances are someone posted a link in good faith to a site or host that has since become infected and all we'll need to do is remove the link.
 
DeadEyeDuk

DeadEyeDuk

Superhero Level Poster
Thanks pete and picard for the info. As I say, id be more worried about cleansing the PC asap if I wasnt expecting my new beast soon!

Will def look at both posts again when i get home though and see what I can do quick and easy, if nothing else to get in good practice so the new one doesnt get owned withing a day!

Why cant we go back to the days when it was only a certain type of website that was a risk?! If you were looking at something you shouldnt or DLing something illegal, you kinda had to expect to run the risk, but just going to any site now, could make you go all parano...

...is someone watchin me?

DED
 
lloydehhh

lloydehhh

Bronze Level Poster
Its funny, coz an internet pop up just came up on my mac saying "Windows stability centre", and showed loads of .exe viruses. Im still trying to control my laughter. :D
 
pez

pez

Well-known member
images
 
DeadEyeDuk

DeadEyeDuk

Superhero Level Poster
Dom on The Chris Moyles Show does the best impression of that skit, always makes me chuckle! (and its so true!)
 
P

PokerFace

Banned
LFFPicard said:
DeadeyeUK, it sounds like the same virus as the OP.
I have removed this on many a friends PC and know the routine for it. Malwarebytes wont get rid of it on its own you need to use a few programs.
When I am home I will look it up again for you so you can finally remove it for good.

This will also remove the virus for Kennyp

EDIT:

http://www.bleepingcomputer.com/virus-removal/remove-system-tool

That should do it.
Click to expand...

Thanks for the link, but jeeez, I hope I don't have to go through that!
 
P

PokerFace

Banned
kennyp said:
I HAVE BEEN ZAPPED .........I feel such a dick for falling for this scam. PLEASE learn by my mistake.
Click to expand...

You are definitely not the first and unfortunately you won't be the last. Thanks for being brave enough to advertise your mistake and hopefully it will prevent someone else from having to go through this.

Hope you get your cash back and that your PC is sorted.
 
P

PieOPah

Member
One way to help avoid these problems is to update your hosts file. Obviously to do this manually would be a difficult laborious process but fortunately there are tools out there to do it for you.

I personally use Search & Destroy which regularly updates your Hosts File (through immunize) and while this is unlikely to protect you from all of the sites, at present it does help protect you from over 14,000 of them...
 
kennyp

kennyp

Member
Me again

Thanks for the kind words guys, just finishing reloading updates after the clean/reinstall.
I couldn't do anything else. My laptop was completely stuffed. Still on the positive side I now have a nice clean laptop while I await my new desktop which I am going to collect from PCS so might get to see actual people (or maybe they don't exist and all this is just run by a great big alien brain coaxing us to purchase computers which it will one day use to turn us unsuspecting folk into the undead whose aim is to wander the earth
moaning and pointing aimlessly at people coming out of P.C. World and Dixons then laughing uncontollably)......And to answer your question, the sky is purple in my world!!

Thanks again
K.P.:rockon:
 
You must log in or register to reply here.
Top