Jump to content

MalwareBytes Popup Windows service scam


Recommended Posts

After updating an expired Malware Bytes Home licence on computer tested scanned and activated the account.  This morning while user was on computer she was checking to see that Malware bytes was working and got a pop up window.

 

The scammer represented himself as from Malwarebytes and that activations was not complete and that there were thousands of problems.  He then took control using Gotoassist.  At that point the user contacted me.  I called the scammer, Peter and asked him directly who he was with... He then sent me to a website that Malwarebytes needs to take control of, My malwarebytes.org   I know it is reported in browser guard, but by the time I saw it the site offered no warnings.. ALL signs of malwarebytes had been removed from the system, and several security settings were left open.

 

Even rebooting had gotoassist come back up as well.

Killed helper app, rebooted again, and reinstalled malwarebytes, along with activating the code.

Ran a complete scan , closed security settings.

 The phonme number for the scammer is 1-800-485-9316.  The person who perpetuated the scam and answered the phone is "Peter".

IMG_7829.jpg.149d79a3f3d90979c1b7d217bb785a37.jpg 

I am attaching two pictures of scammers diagnosis, and info.  I hope it helps others.

IMG_7830.jpg

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

A Google Search on; 8004859316  shows that number is associated with an established Tech Support Scammer/Spammer.

I don't know why you are showing picture of text on paper and I don't understand the history of the software purchase and installation.  It sounds like a version of Malwarebytes' software was repackaged with some remote access software.

The best place to obtain Malwarebytes software is directly from Malwarebytes and a license or licenses from a reputable reseller.

I suggest you have your PC checked out by a trained Malware Removal specialist.  Please read this;  I'm infected - What do I do now?  and then  create a Post in;  Windows Malware Removal Help & Support

 

Reference:                                     
US FBI PSA - Tech Support Fraud
US FTC Consumer Information -  Tech Support Scams
US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio
US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
Malwarebytes' Blog - Search on - "tech support scams"
Malwarebytes' Blog - "Tech support scams: help and resource page"

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

David,

Thank You for your response. a few points for me to clear up.

I really posted this because the pop up attack was new and other than this forum did not know how to alert others as well as Malwarebytes. 

Until you note I was not aware that the phone number was a known scammer number.

I posted the text as pictures for two reasons, I am keeping the identity of the person attack as completely unavailable and it was in the middle of the original text.  The other reason is that they were very convincing to the unaware.  Even when I talked to them on the number listed, they could be convincing unless one knows better. 

 

Rest assured the version(s) of Malware bytes I installed on this machine were directly from Malwarebytes, and from their URL.

 

The machine is clean and I have verified the installation/activation of the software.  One unasked question is W10 is completely up to date now and was only about 30 days back before this incident.

I know Malwarebytes has places to submit new finds that are software/Virus/Malware based, but I see no way to alert them to this kind of incident. 

People that would be hit this way expose Malware bytes to perceptual damage in as much as the person effected will believe that the scam was perpetuated by Malwarebytes, Which I would like to have avoided.

Bill

 

 

Link to post
Share on other sites

Thank you for the clarifications.

1 hour ago, breederfly said:

I know Malwarebytes has places to submit new finds that are software/Virus/Malware based, but I see no way to alert them to this kind of incident.

I suggest  General Chat  as being a a good place for discussions.

In relation to frauds using a telephone number, Report Scam Phone Numbers   is a good place for the submission of the Phone Number.

Phone numbers are a good vector of researching and vetting a service.  Google Dork on 8004859316

Looking through the results you'll find so-called support for Norton, Webroot, StopZilla, AVG , Trend Micro and more associated with that number.

It is important to look for a Disclaimer that these scammers must have so their web sites are not taken down for fraud.

Example:

Image.jpg.38e6fd2247569413d15e9d3978a0b50e.jpg

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.