Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1964 posts

Uber Geek
+1 received by user: 158

Trusted

# 208241 2-Feb-2017 15:39
Send private message

A colleague recently got the following showing up on his browser.  It froze the screen and had to use Task Manager to close the browser (Edge), and then also clear caches to restore the browser to usefulness.

 

He also tried Chrome, but same result .... appeared when going to Project Free TV web site, which before this was perfectly fine.

 

Anyone shed light on what is happening please?

 

I don't think he was game to ring the telephone number.

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
14761 posts

Uber Geek
+1 received by user: 2746

Trusted
Subscriber

  # 1714531 2-Feb-2017 15:40
Send private message

Just ring the number. Looks pretty custom.


xpd

Chief Trash Bandit
9521 posts

Uber Geek
+1 received by user: 1619

Mod Emeritus
Trusted
Lifetime subscriber

  # 1714532 2-Feb-2017 15:41
2 people support this post
Send private message

Has some malware Id say. Check the Internet Options in control panel for any proxy settings.

 

Download MalwareBytes on a clean PC and put on a USB stick and copy to the PC with issues and run it.

 

 





XPD / Gavin / DemiseNZ

 

Server : i3-3240 @ 3.40GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  16GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, geeks, and more.     Now on BigPipe 100/100 and 2Talk


 
 
 
 


gzt

10708 posts

Uber Geek
+1 received by user: 1761


  # 1714534 2-Feb-2017 15:46
Send private message

No idea. Could be an attempt to steal domain user authentication passwords.



1964 posts

Uber Geek
+1 received by user: 158

Trusted

  # 1714535 2-Feb-2017 15:54
Send private message

We ran Malware Bytes, then SpyBot, then a full AV scan ... nothing untoward there at all undecided

 

 


1941 posts

Uber Geek
+1 received by user: 508

Lifetime subscriber

  # 1714537 2-Feb-2017 15:59
Send private message

 If it is malware then it is much better than the usual message. For example, the phone number looks like one from a block used for corporates and it is in a New Zealand number.

 

Calling the number will tend to confirm what it really is.




1964 posts

Uber Geek
+1 received by user: 158

Trusted

  # 1714538 2-Feb-2017 16:07
Send private message

A brief search with Mr Google indicates that many nefarious  scammers are using Amazon's "cloudfront" service to redirect local calls to elsewhere ... anyone in Wellington willing to try the number? innocent

 

What makes me concerned is that when using Chrome, we got a message along the screen bottom with something like "hard disk will delete in 5 minutes" ... a count-down timer was also shown but didn't move.

 

Freaky!!

 

 


830 posts

Ultimate Geek
+1 received by user: 157

Trusted

  # 1714540 2-Feb-2017 16:13
One person supports this post
Send private message

Pretty standard "scare" ads. Seen plenty of them that force themselves full screen to get you to call them. Cloudfront is part of Amazon's AWS services so nothing off there. I would just close and go on with your life!





 


3344 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  # 1714541 2-Feb-2017 16:15
Send private message

Check the router and PC DNS settings.


1358 posts

Uber Geek
+1 received by user: 319


  # 1714542 2-Feb-2017 16:21
Send private message

As above it's just one of those nefarious popup ad networks all too common on those sorts of sites.

 

As long as you haven't accidentally typed in your internet banking user and password you should be fine. Just close the window.


Mr Snotty
8618 posts

Uber Geek
+1 received by user: 4512

Moderator
Trusted
Lifetime subscriber

  # 1714620 2-Feb-2017 18:25
Send private message

I scambaited them...

 

Fired up a very broken version of Windows 7 Professional that had been totally nuked by a previous scambait and allowed the guy to connect to it. The first thing he did was ran syskey and bought up event viewer and started saying I was infected, ran a fake virus scan etc - just your standard tech support scam from India.

 

He then quoted me $490 to fix and that is when I dropped the bombshell on this guy and asked why he was scamming people. He did the standard "I am not a scammer I am helping people" and that is when I said this VM has been running for less than 3 hours and it is already destroyed by you scammers. He then swore at me in hindi and ended the call. I called back again and got standard "your mother...." type things.





gzt

10708 posts

Uber Geek
+1 received by user: 1761


  # 1714622 2-Feb-2017 18:31
Send private message

michaelmurfy:

I scambaited them...


Fired up a very broken version of Windows 7 Professional that had been totally nuked by a previous scambait and allowed the guy to connect to it. The first thing he did was ran syskey and bought up event viewer and started saying I was infected, ran a fake virus scan etc - just your standard tech support scam from India.


He then quoted me $490 to fix and that is when I dropped the bombshell on this guy and asked why he was scamming people. He did the standard "I am not a scammer I am helping people" and that is when I said this VM has been running for less than 3 hours and it is already destroyed by you scammers. He then swore at me in hindi and ended the call. I called back again and got standard "your mother...." type things.


Did you input local credentials into that box and the scammer used them?

Mr Snotty
8618 posts

Uber Geek
+1 received by user: 4512

Moderator
Trusted
Lifetime subscriber

  # 1714624 2-Feb-2017 18:38
Send private message

gzt:
Did you input local credentials into that box and the scammer used them?

 

Nah just acted like I saw the message. I know what this Javascript crap is - it is a template that these companies buy and put their numbers on it. He connected me via the Citrix Quick-support application.

 

Just tried calling them back off a private number and it appears they've now blocked private numbers which is good since this prevents quite a few people from contacting them. Have reported them too. I did have a screen recording but it appears my computer decided to muck up the audio so just trashed it as people know what kind of scam they're running anyway.







1964 posts

Uber Geek
+1 received by user: 158

Trusted

  # 1714642 2-Feb-2017 19:51
Send private message

Thanks people ... amazing how some nasties hook themselves onto old or dud websites.


1256 posts

Uber Geek
+1 received by user: 537


  # 1714689 2-Feb-2017 20:34
Send private message

Any dialogue box that pops up on my screen with grammar as poor that example gets closed and ignored.




1964 posts

Uber Geek
+1 received by user: 158

Trusted

  # 1714703 2-Feb-2017 21:13
Send private message

I think what scared the user was the inability to close the browser ... I had to talk him though Task Manager to achieve that.

 

 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.