Oh Yikes. this is a screenshot of an email I received…
I VERY nearly clicked on this link whilst triaging my email.
The only thing that alerted me to the fact that there might be an issue, was the wierd URL that popped up when I hovered over the link.
I was also curious about the port number 8887 so I checked online. something dodgy seemed to be going on…
I also went to the URL http://sv001.facebook–security.com – which of course doesn’t resolve to anything. Even more reason to be suspicious.
But for me, the worst thing is… I don’t know anyone called David Ross… and Facebook never send mail to that particular email address. so why did I, still geeky, still technical, almost fall for it?
I’m kicking myself now for ‘almost’ clicking the link. I was SO close…
But how many others have just clicked on it and suffered the consequences.. Grrr…
How easy it is to install spyware – especially for the unsuspecting person. It almost happened to me yesterday. I logged out of my account on scribd.com to take a screen shot of Scribd from a not logged in perspective and got a dialog box pop up saying that Windows needed to perform an urgent scan of my PC. The dialog box just ‘didn’t look right’ Normally I get Security Essentials dialogue box would pop up and the box would be orange. Then the next thing I saw is a new browser window pop up showing me the following:
est
A few things to note here:
System udgtrnbl – not a normal system volume name
The Shared Documents and Hard Drive folder were flashing warnings that there were 5 infections on each folder
This view of Control Panel is viewed through a browser window – not the normal control panel GUI
This view of Control Panel is an XP view – I’m running Windows 7 with a totally different look and feel for the dialog box
undefinedappmgmts.dll doesn’t exist
Windows doesn’t have a ‘Start Protection’ button
I closed the initial dialog box (the ‘urgent scan’ warning) and got the download box for AntiSpy2011.exe which is captured in the snip above. This is the same spyware / worm / virus / trojan that paralysed my friends machine which now needs a total format and rebuild before I’ll be happy with it
A new process started – Companionuser.exe which is a valid process used by Windows Live but is often used by malware and other malicious programs
So how did I fix this?
I closed all editions of iexplore.exe using task manager.
I stopped the companionuser process
I and watched as it re-invoked itself… over and over again
Hmmm.
Every time I stopped the process, it started again… Damn thing. And then I remembered where the virus was stored on my friends machine. The virus / worm lived in the Temporary Internet files. C:\Users\%Username%\AppData\Local\Microsoft\Windows\Temporary Internet Files. In Internet Explorer, I clicked on the View files button, sorted the files by time accessed, and deleted all of the files, images and cookies that had been accessed in the last hour.
Only then did the companionuser.exe process stop re-appearing in Task Manager.
But…
I can see how so many people install this worm. It pops up unexpectedly – all I was doing was logging out – and I must have rolled the mouse over an advert or something. Quick as anything, and to the unsuspecting person, worried about getting a virus or a worm, so simple to install.
But i thought it was certainly worth highlighting so that others can back themselves out of this problem safely – or know who to call when they have a problem… And delete cookie files regularly – just in case…
This time, they avoided telling me about ClassID. They went straight into Event Viewer then directed me to Http://logmein123.com. This site is a remote access website which is used legitimately by many companies and is used to gain access to remote PC’s
There are loads of examples of people either falling for, or having fun with the scammers. Search for logmein123.com for a selection of these. Have a look at this blog too for a huge amount of links… There are loads of videos too about this on YouTube – with people winding them up much better than I could…
From there have a look at some of the related videos. Listen and learn. Other good ones here:
http://youtu.be/dNPZf_ZWJ80 (This guy keeps them on the phone for 70 minutes and states that Google maps are wrong because they include N. Ireland as part of the United Kingdom!)
and there are lots more. All have the same theme…
I’ve been looking at of the examples around the web about people who successfully keep them talking online, see through their scams and help other people so that they don’t get caught and I’m impressed by how many of us aren’t falling for the scam.
However, for them to be continuing their efforts for this length of time (over 2 years now – and more here…) , there must be thousands of people who are actually falling for this. Older people – not the digital natives seem to be particularly at risk – like James’ Dad…
So all of you techies – when you get one of these calls. Try to tie up these scammers for as long as you can – play the innocent and confound them with your slow bandwidth speed, your poor typing and your inability to understand anything technical at all. There are some great examples of others doing this on YouTube or search for http://onlinepccare.com scam and hear some other examples. The longer you tie them up on your call, then the less they will be dealing with less calls per day and are less likely to catch anyone who might just fall for this scam.
And if you feel like a smile – watch these videos and pick up some tips to delay the scammers next time they call
Eileen's Digital Technology 