Jump to content

Virus not detected


Recommended Posts

Hello everyone. One of my clients had this message on the screen accompanied by a voice. Can not fix the problem. Malwarebyte did not find anything and I had to perform a restore at an earlier date to remove it. (nothing in memory, no process found, nothing in the start menu etc ...) Why this attack was not intercepted?

IMG_20180926_164742.jpg

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

The first thing to realize is that this is in no way a virus !

What you are seeing a a Web Page.  It is not detected by Malwarebytes' software because these are merely web sites demonstrating Fraud.  As a Web site that exist on the Internet, there is no software generating it on the PC in question for Malwarebytes' software to find.

When we talk about these fraud Sites, we have to classify them as a Malicious Advertisement or in short as a "malvertisement".

As such we need to look at the Browser and what pages are being loaded.  Many websites include advertisements intermingled within the pages of the web site.  A malvertisement may be rotated in or randomly inserted into the advertisements which can incudes the HTML FakeAlerts.  As a FakeAlert web site at best Malwarebytes' software will block the web site if known.

From your graphic I have extracted...

http://mtregulatorinternetb.site/fr/mbs.html

At the moment it is generating the error "The connection was reset" and does not render the content.  However, I have submitted this site on your behalf in;  Microsoft FakeAlert ( French )


I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education.  They are all  videos from real web sites.  ALL are FRAUDS.

All these have one thing in common and they have nothing to do with any software on your PC.  They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened.  From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds.

MalwareScam.wmv
MalwareScam-1.wmv
MalwareScam-2.wmv
MalwareScam-3.wmv
MalwareScam-4.wmv
MalwareScam-5.wmv
MalwareScam-6.wmv

I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf  /  Flash Version


Reference:   
US FBI PSA - Tech Support Scam

 



1.  Also located at "My Online Security" - Some videos of typical tech support scams

 

Edited by David H. Lipman
Spelling, Grammar and Clarification
Link to post
Share on other sites

40 minutes ago, David H. Lipman said:

As a Web site that exist on the Internet, there is no software generating it on the PC in question for Malwarebytes' software to find.

So, do we need the "Web protection" or not???? As long as "there is no software generating on the PC" , why have "web protection" and not wait for the "software to be generating on the PC" and be detected by the other shields?

Link to post
Share on other sites

Just for additional info, it is very likely that this would have been blocked by the new Malwarebytes browser extension beta which is currently available for Chrome and Firefox with versions for MS Edge and Safari in development last I heard:

Chrome
Firefox

The browser extension doesn't just rely on databases of known malicious sites to block malicious content but also includes behavior based detection/blocking, including specifically for tech support scam sites like the one your user encountered.  Also, as David H Lipman already mentioned, these sites aren't actually a sign of infection.  They are just scam pop-ups that attempt to trick users into believing they are infected and can be defeated by launching Task Manager and terminating the web browser.

You can find out more about what tech support scams are, how they work, and how to defeat them in the following links:

https://blog.malwarebytes.com/tech-support-scams/
https://blog.malwarebytes.com/?s=tech support scams

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.