Jump to content

Recommended Posts

So, while I'm using my laptop (Win10 version 1803 and Firefox 67.0.4) for sites I use daily, a page pops up and slows everything to a crawl.  It doesn't stay visible for more than a minute then the screen goes black or goes black as soon as I try to open Task Manager since it won't allow me to change tabs or to close Firefox (it warns of dire consequences if I close the page).  The URL is (I think this is correct) nematocide.mi.  I searched for that URL and related spelling (I can't even copy the URL from the page) but nothing comes up  It shows what appears to be a Windows official page with an 833#.  None of the supposed links on the page works and it just keeps loading constantly.  I can't get a print screen to work on that page, either.  I've seen this twice in the last 2-3 days but I obviously won't call the number nor click on the "repair tools".  I've got Malwarebytes and Webroot Secure Anywhere and both are set to auto-update and to scan daily.  If it happens again I'll try to write down more of the page and the correct URL.   I doubt very seriously that this is an official Windows page.  I know the info here is bare-bones but has anyone else gotten hit with this?  Since it gets by Malwarebytes and Webroot I have no idea how to proceed.  Oh, and I have the system set to not save history so I can't use that.

Share this post


Link to post
Share on other sites

It sounds like a Tech Support scam with a faulty Microsoft FakeAlert web site.  These fraud sites are deliberately coded badly in such a way you think that there is something wrong with the PC to gad you to call a phone number and get paid-for support or download some rogue anti malware solution.

I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education.  They are all  videos from real web sites.  ALL are FRAUDS.

All these have one thing in common and they have nothing to do with any software on your PC.  They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened.  From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds.

MalwareScam.wmv
MalwareScam-1.wmv
MalwareScam-2.wmv
MalwareScam-3.wmv
MalwareScam-4.wmv
MalwareScam-5.wmv
MalwareScam-6.wmv

I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf  /  Flash Version

They are all a kind of malicious advertisement ( aka; malvertisement ).

If you do find the URL to one of these sites, please do submit it in;  Newest IP or URL Threats  after reading;  READ ME: Purpose of this forum


Reference:            
US FBI PSA - Tech Support Fraud
US FTC Consumer Information -  Tech Support Scams
US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio
US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
Malwarebytes' Blog - Search on - "tech support scams"
Malwarebytes' Blog - "Tech support scams: help and resource page"



1.  Also located at "My Online Security" - Some videos of typical tech support scams

 

 

Share this post


Link to post
Share on other sites

Thanks.  I figured it was a scam.  I'll get a better copy of the URL if it happens again.  I wonder why Webroot and Malwarebytes missed it or is it just they use different URLs to stay one step ahead?  I learned long ago not to trust any pages that suddenly appear.  I'll go through your vids later.  Again, thanks for the quick response.

Share this post


Link to post
Share on other sites

These web sites are created and dissolved in short order.  To block the sites MBAM has to know the URL to block it.

There are two Browser Add-ins that are now in Beta that are Malwarebytes is implementing to block the malicious actions these sites perform;  Malwarebytes for Firefox  and  Malwarebytes for Chrome

 

Share this post


Link to post
Share on other sites

For someone that's a slightly above average user, would running the Firefox version you mentioned cause me any major headaches or should I wait for the full program to be rolled out?

Share this post


Link to post
Share on other sites

The problem I see would be False Positives and possible loss of some content.

I have seen no problems indicating the Mozilla Firefox Add-In can't be removed if one is dissatisfied with it.

 

Share this post


Link to post
Share on other sites
Posted (edited)

BTW:  The syntax for obfuscating a URL is...

[code] URL [/code]

example:
[code] http://blende.xyz [/code]

Yields...

 http://blende.xyz 

not

<code> URL </code>

Edited by David H. Lipman

Share this post


Link to post
Share on other sites

Wow!  I guess I'm still an old HTML guy.  Thanks.  I'll try to remember this for next time.  And I'm sure there will be a next time.

Share this post


Link to post
Share on other sites
Posted (edited)

Syntax can play a role in whether it works or doesn't.  In you submission you used HTML tags and didn't use a space between the code and the URL such as...

<code>http://google.com</code>

Because of that the HTTP URI wasn't interpreted and it doesn't become a live link.

I checked the malicious Domain in question and it immediately redirects to Google.  Either it requires a Referral from a malvertiser to render a FakeAlert or there is more to the URL than just the Domain name.

Is there anything else ?

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

Thanks @David H. Lipman for assisting @haiweepp I'll go ahead and close this topic and leave a follow up reply to help keep the computer clean.

 

 

If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. 
If you're still using Google Chrome I would highly suggest you consider using Firefox instead. For more advanced users you might consider installing NoScript as well (it does have a higher learning curve though)

Help Secure your browsers
 
Please install uBlock Origin for your browsers to better protect your system

FireFox, ChromeOpera , SafariMicrosoft Edge
AdBlock for Internet Explorer
How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018

This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings

Browser push notifications: a feature asking to be abused
HTTPS Everywhere
NOTHING TO HIDE documentary

Review your email and Office choices

Quit Gmail for free encrypted email - Tutanota
Why ProtonMail Is More Secure Than Gmail
LibreOffice - Free and open source office suite

Use Password Management software

Bitwarden
KeePass Password Safe

Encrypted Instant Messenger and Voice Calls

Riot
Signal
Wickr Me

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up

Thank you for choosing Malwarebytes  as your preferred security protection software and tell your friends and family too. We're here to help.


Ron

 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.