Jump to content
Dr_Bombay

Fake virus warning and audio keeps coming back

Recommended Posts

I have a friend/client running Windows 8.1 and Internet Explorer (all current and updated) that he uses IE to access his Comcast email.  We leaves IE running to monitor his emails but after sitting idle anywhere from 1 hour to several hours the fake virus warning with audio comes on (so this happens without any movement or clicking by the user).  The IE tab changes from the current site to flash yellow and now says Microsoft Support (but obviously it is not).  The only way at this point that IE can be closed is to use task manager.  The user has a current trial version of the latest Malwarebytes program and has scanned the system several times, the first scan 2 weeks ago produced a few PUP/issues and cleaned them but the warning messages came back.  Subsequent scans did not find any issues.  This is the first time that I have seen this issue where Malwarebytes did not permanently resolve the issue and where the warning message pops up even when IE is sitting idle.  Any suggestion how to fix this would be appreciated!  My latest attempt was to reset IE - waiting on result.  Possibly uninstalling/re-installing IE and/or installing Chrome?

Share this post


Link to post
Share on other sites


Similar to these ?

I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education.  They are all  videos from real web sites.  ALL are FRAUDS.

All these have one thing in common and they have nothing to do with any software on your PC.  They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened.  From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds.

MalwareScam.wmv
MalwareScam-1.wmv
MalwareScam-2.wmv
MalwareScam-3.wmv
MalwareScam-4.wmv
MalwareScam-5.wmv
MalwareScam-6.wmv

I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf  /  Flash Version


Reference:   
US FBI PSA - Tech Support Scam




1.  Also located at "My Online Security" - Some videos of typical tech support scams
 

Share this post


Link to post
Share on other sites

Yes, just like those examples.  The point is that is keeps coming back even after Malwarebytes scans which find nothing.  The message will come on even if you just let explorer sit there idle.  This can happen anywhere between 1 to 4 hours.  I have asked the client to do a reset on Explorer and waiting to see if that helps/resolves the issue.  Thanks.

Share this post


Link to post
Share on other sites
2 hours ago, Dr_Bombay said:

...The point is that is keeps coming back even after Malwarebytes scans which find nothing.  ...

Yes.  That's because these are merely web sites demonstrating Fraud.  As a Web site that exist on the Internet, there is no software generating it on the PC in question for Malwarebytes' software to find.

You had indicated "... he uses IE to access his Comcast email.  We leaves IE running to monitor his emails but after sitting idle anywhere from 1 hour to several hours the fake virus warning ...".

When we talk about these fraud Sites, we have to classify them as a Malicious Advertisement or in short as a "malvertisement".

As such we need to look at the Browser and what pages are being loaded.  Many Webmail Clients include advertisements intermingled within the pages of the web site.  A malvertisement may be rotated in or randomly inserted into the advertisements which can incudes the HTML FakeAlerts.   To-date I have not heard of this occurring in conjunction with Comcast but, it is not out of the realm of possibility.  Comacast webmail is known as Xfinity Connect Inbox and it does include EXTERNAL ADVERTISEMENTS intermingled within the web page  It is also possible that your 'friend" that you represent in this correspondence is not just loading the Xfinity Connect Inbox ( Webmail ) but may also have other web pages open at the same time.

I am not an advocate of Webmail.  Why it may be easy to access, it diminishes the email capabilities which is best performed by an Email Client such as MS outlook, Pegasus Mail, Mozilla Thunderbird and other "email clients".  They exclude opening a web page and seeing advertisements.  As far as I am concerned, if you pay a Service Provider and have an Email Account associated with said account, you should NOT be abused by advertisements on the Webmail web page(s). 

To deal with this issue, one must examine what web pages are actually being loaded by IE that may or may  not be simultaneously loaded alongside Xfinity Connect Inbox ( Comcast Webmail ).  They too may have advertisemenents that my have an problem with malvertising.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

I have been in discussion with a Security Department representative of Comcast.  We discussed the fact that their Webmail has external Advertisements and we discussed the possibility of a malvertisement being intermingled with the Advertisements.  He assured me the possibility of this is extremely low.  However I pointed the Comcast Security Department representative to this thread.

So to investigate this further requires isolation and verification.  The person in question who holds the Comcast account and accesses his email via webmail must make sure that the Xfinity Connect Inbox is "the ONLY" web page present and loaded and "...sitting idle anywhere from 1 hour to several hours...".

Share this post


Link to post
Share on other sites

Thanks for the detail analysis. I am also not fond of webmail but many of my clients are elderly and want to keep things as simple as possible. I am also aware of the risks with the advertisements that appear on these webmail sites but my latest test I switched his home page to google, no other pages loading and after  approx. 3 hours sitting idle at that page the fake message appeared again.  I have asked him to reset IE to factory/default settings but he has not responded since. If no luck I will also have him try Chrome and/or Firefox. I will update as soon as I hear from him.  Thank you!

Share this post


Link to post
Share on other sites

Ok, finally have a response from the client.  A full reset of Internet Explorer has resolved the fake message from popping up.  Thanks for the help.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.