JPnyc Posted January 14, 2018 ID:1199747 Share Posted January 14, 2018 I have a user running Win7 Pro 64. They are continually being directed in FireFox to a fake "your computer is infected site" I have run a full Avast scan - no items found A MalwareBytes scan - nothing found Windows Defender - nothing found FF has no add-ins or extensions completely deleted their FF profile Done a system restore back as far as possible I cant get a clear answer from the user if it will happen when FF is not running (I think it has to be open, but could be in the background). I myself have clicked on a totally clean link and been redirected to the "your infected" page, but as I said I think FF just needs to be open, no link click necessary. All startup programs and services are legit The URL to the site is a very long string: h t t p : //code-ss57.stream/guest/01234567891011121314151617181920212223.... Any thoughts, or help would be appreciated Link to post Share on other sites More sharing options...
David H. Lipman Posted January 14, 2018 ID:1199755 Share Posted January 14, 2018 (edited) This is not malware on your PC. It is a malicious web site. A scam web site. There is nothing anti malware software can find because it does not come from your PC, it is a web site and emanates from the Internet. At best an anti malware application may block the site IFF that site is known. However these site come and go and actually have short life spans. Use Task Manager and Kill the FIREFOX.EXE processes or you can logoff or reboot the PC. I have created a 1series of videos generated from these fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmvMalwareScam-1.wmvMalwareScam-2.wmvMalwareScam-3.wmvMalwareScam-4.wmvMalwareScam-5.wmvMalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf Reference: US FBI PSA - Tech Support Scam 1. Also located at "My Online Security" - Some videos of typical tech support scams Edited January 14, 2018 by David H. Lipman Spelling, Grammar and Clarification Link to post Share on other sites More sharing options...
JPnyc Posted January 14, 2018 Author ID:1199770 Share Posted January 14, 2018 Thanks for your reply. I completely understand that this is bogus, and I also know how to kill the FF process BUT this bogus site is popping up daily and with FF open just to some clean site like MSNBC or wile clicking on a completely benign and trusted link. Link to post Share on other sites More sharing options...
David H. Lipman Posted January 14, 2018 ID:1199791 Share Posted January 14, 2018 (edited) I know this family of FakeAlerts well. They require a malvertiser to get redirected to one of these FakeAlert sites and they redirect to a new FakeAlert site approximately hourly. You indicate that you keep getting this one site code-ss57.stream . If you kill FIREFOX.EXE via Task manager and then re-load Firefox it will load the last site(s) rendered when Firefox crashed ( killing FIREFOX.EXE by Task Manager is akin to Firefox crashing ). To prevent Firefox from reloading a web site that was rendered when Firefox crashed, one can restart Firefox in Safe Mode. You can load Firefox in Safe Mode by holding down the "Shift" key and then start Firefox. Firefox will then show a dialogue giving one a choice to "Start in Safe Mode" or "Refresh Firefox". Choose; "Start in Safe Mode". Firefox will then load in Safe Mode . Then close Firefox again and then reload Firefox. Firefox will then load cleanly. Then see if you can reproduce the problem. If you can then please follow the above processes to kill FIREFOX.EXE via Task manager, re-start in Safe Mode and then reload Firefox again. Then I'd like you to go the Firefox's History. Either from the Firefox pull-down menu ( History ---> Show All History ) or by hitting the key sequence; "Shift" + "Ctrl" + "h". Then please provide the last several URLs shown in Firefox's History prior to the FakeAlert URL.. Edited January 14, 2018 by David H. Lipman Spelling, Grammar and Clarification Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 19, 2018 Root Admin ID:1201517 Share Posted January 19, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts