Jump to content

promark

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by promark

    Microsoft Spoof Infection

    in Malwarebytes for Windows Support Forum

    Posted · Edited by celee
    disabled active URLs and turned it into code

    I was advised in another forum to post this incident here.

    I am using Malwarebytes Anti-malware Premium. There were no alerts from Anti-malware or the antivirus.

    Here is my report from the other forum.

    My setup:
     

    Windows 10 Home 1607 x64 - Firefox ESR 45.4.0 - OpenDNS with Security options On - Avast free - Malwarebytes anti-malware premium - Malwarebytes anti-exploit

    While browsing Facebook, I clicked on a link about the passing of Jane Fonda, which triggered a couple of center page popups and an audio which alerted that Windows had detected an infection that could be sending out personal information.  I don't remember all of the specifics.

    The audio instructs to call Microsoft at the number provided to be walked through the fix or repair or whatever.
    It goes on to say that if the message is closed before making the call, Microsoft will be forced to "disable your computer".

    I did not listen to the whole message.

    All attempts to close or cancel the dialog box fail.  The browser tab could not be closed.  I closed the browser.

    When I checked the browser history, after reboot, there was a very long list of entries beginning with the following, all named Microsoft Official Support: 

    http://microsoft.com-00005.info/?num=305-902-4549
http://microsoft.com-00005.info/?num=
http://microsoft.com-00005.info/msie1.php
http://microsoft.com-00005.info/0
http://microsoft.com-00005.info/01
http://microsoft.com-00005.info/012
http://microsoft.com-00005.info/0123
http://microsoft.com-00005.info/01234
http://microsoft.com-00005.info/012345
http://microsoft.com-00005.info/0123456
http://microsoft.com-00005.info/01234567
http://microsoft.com-00005.info/012345678
http://microsoft.com-00005.info/0123456789
http://microsoft.com-00005.info/012345678910
http://microsoft.com-00005.info/01234567891011
http://microsoft.com-00005.info/0123456789101112
http://microsoft.com-00005.info/012345678910111213
http://microsoft.com-00005.info/01234567891011121314
http://microsoft.com-00005.info/0123456789101112131415

     

    It continued on like this for a little more than one minute.  There were several HUNDRED of these in the browser history, with each one incremented in the same manner from the previous address.

    After a restart, I ran a full scan with Malwarebytes anti-malware, Avast and Adwcleaner.
    AdwCleaner tagged a single line in Firefox prefs.js related to a SpeedDial link to a ghacks.net article:
    http://www.ghacks.net/2012/02/02/why-i-switched-to-the-duck-duck-go-search-engine/
    This is a legitimate link.  Everything else was clean.

     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.