Jump to content

Recommended Posts

Hello.

I run the purchased version of Malwarebytes.

I keep getting a Win32 virus message popping up, but only after I visit a certain blog (hosted on Wordpress).

My PC still works, but the instance this afternoon locked firefox.

Currently unable to run Malwarebytes.

Tried a system restore, but was told it didn't work, and the message suggested removing Malwarebytes, which sounded suspicious to me.

I think my PC is infected, and hope you can help me.

Thanks.

Share this post


Link to post
Share on other sites

Similar to these ?

I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education.  They are all  videos from real web sites.  ALL are FRAUDS.

All these have one thing in common and they have nothing to do with any software on your PC.  They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened.  From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds.

MalwareScam.wmv
MalwareScam-1.wmv
MalwareScam-2.wmv
MalwareScam-3.wmv
MalwareScam-4.wmv
MalwareScam-5.wmv
MalwareScam-6.wmv

I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf  /  Flash Version


Reference:            
US FBI PSA - Tech Support Fraud
US FTC Consumer Information -  Tech Support Scams
US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio
US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
Malwarebytes' Blog - Search on - "tech support scams"
Malwarebytes' Blog - "Tech support scams: help and resource page"



1.  Also located at "My Online Security" - Some videos of typical tech support scams

 

Share this post


Link to post
Share on other sites

Along those lines, but no human voice, just a loud beeping noise.

Until today I thought it was what you suggest above, but today the PC wouldn't do anything, and when I closed the browser (firefox) and re-opened it, the bloody thing was still there.

Malwarebytes has now opened and done a scan with no problems detected, so I will assume all is OK, and will send a message to the Wordpress blog owner that he has this adware problem, as it only appears when I browse his blog (if you're curious, it's aeolipera.wordpress.com.

Thanks for the speedy response.

Share this post


Link to post
Share on other sites
Posted (edited)

What I demonstrated in my reply are FakeAlerts which are classed as malicious advertisements or malvertisements.

As such it is not about what software is on your PC but about what web sites you visit and one's browsing habits.  For example there are certain porn sites that have a greater propensity to exhibit a FakeAlert.  If you are on Windows, a Microsoft FakeAlert.  If you are on an Apple iPhone or MAC, you will see an Apple FakeAlert.  Then there are sites that don't care who they do business with when it comes to advertisement revenue.  Or when one marketing company outsources to another.  Then the malvertisement may be rotated in or randomly displayed.  As I have explained in other discussions I have seen fake Mozilla Firefox update malvertisements emanating from the Weather Channel web site.

There was a case where members visited AllMusic.com and on rare occasions they got a Microsoft FakeAlert.  The reports were few and reproducing it was difficult but finally I was able to coax a Microsoft FakeAlert from a visitation. It was all discussed in This Thread.  Reference: Post #20

I visited the WordPress site using a couple different browsers and so far I don't see any malvertisements.  It does have advertisements   I also noticed that there were many frames for ads that were empty and at the bottom of these frames were "Report this ad" and when I clicked on it, it changed to "Report submitted" so they may be place holders where malvertisement(s) may be eventually rotated in or randomly displayed.  I'll keep trying to coax the site to produce a malvertisement.

Many FakeAlerts are coded in such a fashion as it makes the PC run like a dog and act "weird".  This is to lend credulity to their false claim there is something wrong.  These sites may open multiple instances of the Browser.  Thus you may think you have closed a Browser Window but the Browser is running an invisible instance.  The way to truly close them out is to kill the firefox.exe processes. This is done by using the Windows Task Manager ( key sequence;  "Ctrl" + "Alt" + "Del" keys ) and close all instances of  firefox.exe  until you don't see it listed any longer.  This is done by placing the Cursor on firefox.exe and hitting "End Process" on each instance.

1 hour ago, glosoli said:

...will send a message to the Wordpress blog owner that he has this adware problem, as it only appears when I browse his blog (if you're curious, it's aeolipera.wordpress.com. 

Adware is software that resides on a system.  If you want to alert the Blog Owner, indicate that you are experiencing malicious advertisements or malvertisements when you visit the site.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

That all makes sense, I think it did fool me by hiding in another Firefox tab/window.

I have written to the blog owner already, I know him well, so I hope he can sort something out.

As I run Malwarebytes, it's a shame that doesn't have a way to block these things.

Cheers.

Share this post


Link to post
Share on other sites

Ok, if it happens again I will attempt to grab the URL.

Best wishes and thanks.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.