Jump to content

Malware and conflicting & replicating IP addresses ?


Recommended Posts

I apologize if this is not appropriate for this forum.  I spent an hour on the phone with a tech from (I thought) Netgear because my wifi was cutting in and out. I explained that provider replaced my modem, all the wires including the wire from the house to the pole and all the hookup and all the setup plugs etc this week. That was why I was calling Netgear to figure out if I needed a new router (I was told my was still under warranty). Long story short, he convinced me to let him log into my router (altho he changed the 192...password, I changed it again when we were finished!), opened up terminal and "showed me" where I had conflicting and replicating IP addresses, maleware "unsafe to log into banks or do any personal computing until I got this all fixed"  -- it was  causing a "communications misunderstanding" and for $249 he could fix it and monitor it for a year. It all felt scammy to me so I took screen shots as we went along so I could document it all. He even gave me a case ID for when I called back. I declined the offer, changed my password to the IP stuff, bought Malewarebytes Pro, Logged into Netgear and there's NO CASE ID in my account.  I decided to ask here if there's any truth to ANY of what he said. I ran a scan it the only thing MWB found was PUP that was actually a photo duplicate finder!  Your thought are appreciated! Thanks!

Link to post
Share on other sites

Did you really contact Netgear or did you contact a company that states they perform Netgear Support ?

What was the Phone Number you used ?

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Thanks 1
Link to post
Share on other sites

Certainly has all the signs of being a typical Tech Support Scam and I don't see anything you should believe concerning the explanation given. You seem to have done everything necessary to preclude further compromise, but since you allowed him into your computer, there is no telling what information he might have extracted while there, so keep an eye out for any compromised account information.

Link to post
Share on other sites

If this was truly Netgear that you spoke with...

The topology of the LAN needs to be enumerated and look at all the nodes the Router sees and assigns IP addresses via DHCP.  I haven't heard of "IPs are Replicating" and if there are conflicts then one needs to see if there are statically set IP addresses that are conflicting and blocking IP assignments by the Router via DHCP.

I am not a MAC person so I will step aside for a MAC Expert to help you enumerate the topology of the LAN using MAC utilities.  Example:  https://angryip.org/download/#mac

Good Luck.

Link to post
Share on other sites

  • Staff

Did he actually type in that osascript command in your screenshot, or did you type that as an example of how that message could have been spoofed? If he typed it, that was 100% a scam.

Even if that was just an example, this still sounds strongly like a scam. My guess is that you didn't actually visit the real Netgear site. If you entered your Netgear credentials on that site, I'd recommend going to the real Netgear site and changing your password.

This kind of scam almost never actually involves installation of any kind of malware on Macs. The scammers are usually just interested in getting your money, and they will even go to the extreme of trying to provide good "customer service" so they can call you back the next year for a "renewal." (My uncle fell for one of these scams, paying for it a couple years in a row before anyone knew about it.)

Link to post
Share on other sites

Hello @rswc90:

When the opportunity arises:

Just in case you were skillfully & unknowingly lured to a scamming rogue site imitating official Netgear support, would you please quote phone number and the true URL you passed to your computer's browser that ultimately solicited $249 for support so they may be investigated with an eye towards possible flagging and blocking?

Thank you.

Edited by 1PW
  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.