Jump to content

Unwanted gift from Malwarebytes

stevieb333

By stevieb333
in Resolved Malware Removal Logs

 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

stevieb333

stevieb333

Posted
Posted

I recently had cause to contact Malwarebytes support regarding My MB privacy had a problem. After attempting to download an update the MB Privacy app would not open. I got an error message saying "The file or directory is corrupted and unreadable". After contacting support through the support "chat" option I was eventually put through to a level 7 tech, who gave his name as Peter Goodwin BDC 2010. After allowing him to access my PC through him installing SUPREMO he did various  checks etc and then informed me that there was no problem with my PC or Malwarebytes security its a problem with your IP Address, Firewall and Network when they compromised to the server. he then told me that to put it right there would be a fee of £199.99 for five year security of $249.99 for lifetime security!!!

At this time I was getting suspicious as this had every sign of being a scam as I could not see a reputable Company such as Malwarebytes making such a demand for payment during an online support session.

I told the so called level 7 tech that i would not be paying any fee whatsoever and asked him to remove all f the software he had used to scan my PC.

However I am now in the position of not knowing if I was scammed or not and also with SUPREMO software running on my PC. I have tried to delete the SUPREMO but when I attempt this I get the message that the file is open so it can not be deleted.

I am now concerned as to whether any key logging malware or such like has been put on my PC. And I want to find a way of getting the SUPREMO software off my PC.

Any help would be gratefully accepted.

Thank you

Steve

 

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello Steve.    :welcome:

I'm truly saddened to read of this scam.   If you have the website link and or the telephone number of this scammer, please provide that. It is quite clear that the 'person' is not associated to Malwarebytes.  Malwarebytes does not charge for its support of consumers.  Plus, they have no "lever 7".   And I know fully well they do not use "Supremo".

And by the way, if you have an actual Support Ticket with Malwarebytes Support please let me know that.

Also, if the original problem is truly with a paid-for Malwarebytes Privacy, I may have to point you to the real Malwarebytes Support.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
Please only just attach   all report files, etc  that I ask for as we go along.  I

I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.80.848.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,
Sincerely.

Link to post
Share on other sites
stevieb333

stevieb333

Posted
  • Author
Posted

Hello Maurice

Thank you for taking the time to respond to my problem your help is very much appreciated.

Before I follow your advice and instructions may I please tell you how this scam happened as I think that Malwarebytes itself may have been compromised!

I have MB on both my PC and Laptop. The PC is the one with the problem, I am now speaking to you on my Laptop.

The problem first occurred when I updated my privacy to version 2.3.0.462 on my PC. After the update, the icon on my screen went white and when I clicked on it, to open MB Privacy, I got the error message "The file or directory is corrupted and unreadable" I down loaded the update on my Laptop with no problem.

On 10/12/2020 I went to Malwarebytes Support page to try to find out why the error message had appeared I clicked on the Help button in the bottom left hand corner of the page and an automated popup appeared asking what my problem was and asking if I wanted to send a ticket or get in touch. I chose the get in touch option and  a Chat screen opened up with Valentina as the chat host. 

 

(10:46:59 AM) *** Steve Beckhurst joined the chat ***
(10:46:59 AM) Steve Beckhurst: I have a problem after downloading an update
(10:47:56 AM) Steve Beckhurst: ok
(10:51:22 AM) Steve Beckhurst: C:\program Files\Malwarebytes\Privacy\UI\MBPrivacy.exe
(10:52:15 AM) Steve Beckhurst: The file or directory is corrupted and unreadable
(10:54:12 AM) Steve Beckhurst: hi Val
(10:54:17 AM) Val: Hello, my name is Val and I will be assisting you today.

(10:54:34 AM) Steve Beckhurst: ok
(10:54:50 AM) Val: Hello Steve. Can you please tell me what version of Malwarebytes you have and what OS ( operating system) ?

(10:55:53 AM) Steve Beckhurst: Windows 10 and its Malwarebytes privacy that is the problem I have typed the error message above
(10:56:30 AM) Val: Thank you.
(10:56:32 AM) Steve Beckhurst: C:\program Files\Malwarebytes\Privacy\UI\MBPrivacy.exe
The file or directory is corrupted and unreadable
(10:56:54 AM) Val: This issue requires more investigation, so I will need to open a ticket for you with our Tech Support team.

(10:57:04 AM) Steve Beckhurst: ok
(10:57:12 AM) Val: I will also need you to collect additional information from your computer using our special tool. I will send you an email shortly that includes the tool and instructions on how to use it. Once you have completed the instructions and sent us the logs, a technical product specialist will be able to assist you further.

(10:57:31 AM) Steve Beckhurst: ok
(10:57:52 AM) Val: Great. Is there anything else I can do for you now?

(10:58:21 AM) Steve Beckhurst: no thanks
(10:58:33 AM) Val: I'll go ahead and close this chat then, have a great day.

(10:58:42 AM) Steve Beckhurst: ok bye
(10:58:45 AM) *** Steve Beckhurst left the chat ***

this is the chain of emails that followed

Your support ticket 3302515 has been updated. Please reply to this email to update the ticket with any questions or additional information.

 

Malwarebytes (Support)

Dec 10, 2020, 3:11 PST

Hello,

Thank you for submitting your troubleshooting logs.

This is an automated email just to let you know we are in the process of reviewing your information. A support agent will get back to you with an update. In the meantime, you may find an answer to your issue in our Malwarebytes Support site.

Thanks!

 

 

Valentina (Support)

Dec 10, 2020, 2:59 PST

Hello Stephen,

To help troubleshoot the issue, run Malwarebytes Support Tool to gather information from your computer. The Malwarebytes Support Tool collects log information to determine the cause of the issue.

To run the tool and upload logs to your support ticket, see the following:
 
When prompted enter your email: @hotmail.co.uk and ticket number: 3302515.

If you need help, reply to this message and one of our support agents will assist you.

Regards

Valentina R.| Malwarebytes Support | support.malwarebytes.com

 

As I had received no further contact about resolving my problem by Monday evening 14/12/20 I decided to contact support again as I did not want to use my PC without the MB Privacy in working order.

I followed the same procedure as before and when I reached the chat option I was chatting with Chat host Jessica Stone. it was then that I was put through to a Level 4 tech.

I have attached a copy of the text between myself and the so called techs as i photographed the screen when i became suspicious 

I hope all of this helps Maurice 

Regards

Steve

 

 

 

MBPrivacy.pdf

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi Steve.

Thanks for the information, Steve.  I have sent an email to a contact at Malwarebytes Support, looking to see about having them reach out to you on your original Support ticket.  From what I can tell, the contact with Valentina is an actual true contact and she helped you in creating the Tech Support ticket.  

The stuff in the PDF file you attached is one with a scammer who pretended to be with Malwarebytes.

I will help you till such a point when Support gets in touch with you to further assist you on your Support Ticket.  They will be reaching out to you for help on The MB Privacy application.

For now, my goal is just to get Supremo to not be running on this computer.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

The system will be rebooted after the script has run.

.

This custom script is for  Stevieb333  only / for this machine only.

The  custom Fix script is going to be used by the FRSTRNGLISH  tool. They will both work together as a pair.

Please save the (attached file named) FIXLIST.txt   to the  Downloads  folder

The tool named FRSTENGLISH .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this

 

Fixlist.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

If the tool is running, then please wait until it is finished.

The goal was to have saved the file FIXLIST.txt  in the same folder s where FRSTENGLISH is stored  ( which should be the Downloads folder)

Edited by Maurice Naggar
Link to post
Share on other sites
  • Solution
Maurice Naggar

Maurice Naggar

Posted
  • Solution
Posted

Thanks for the log file.  The custom script ran and did as we needed it to do.  The Supremo files have been removed.  With that done, please stick with the Support ticket and the fine folks at Malwarebytes Support.

I do wish you well.

Sincerely.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi Steve.   You are most welcome.  Since you have a on-going Support Help ticket, just leave the Support tool and the mbst-grab file  where it is.

After the Support ticket is all finished, then you may delete those files.

I would just point out to never ever do a web search looking for support & to never allow anyone that you cannot vouch for to ever have access to your computer or your personal information.  There is only one true Malwarebytes Support portal.  That is at https://support.malwarebytes.com/hc/en-us

( that is, beside this public Malwarebytes forum.)

All my best to you.   Stay safe.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.