jasmine
New Member
Posts: 36
Former World Start Member: Yes
World Start Name: Jasmine
|
Post by jasmine on Sept 1, 2018 8:28:13 GMT -5
The attachment shows what I believe is a scam, a hoax, warning of an infection on my computer. Does anyone here know about the website elitisms.com?
|
|
|
|
Post by Everton on Sept 1, 2018 8:46:37 GMT -5
This is most definitely a scam. There is a lot of information about it here malwaretips.com/blogs/remove-tech-support-scam-popups/Included are lengthy removal instructions. Please read the link thoroughly and come back for further help if required. It is important as stated to perform the tasks in the order given. If you can not identify the malicious program (as in Step 1) to uninstall go straight to running Mawarebytes as described in Step 2. Remember it is important to reboot your computer after running the scan |
|
Phil
Member
Posts: 118 
Former World Start Member: Yes
World Start Name: Phil
|
Post by Phil on Sept 1, 2018 8:49:21 GMT -5
I agree that it is almost certainly a scam. I have seen an almost identical screen with those same threats. I would never open ANYTHING nor click any link nor make any phone call as requested.
Google reports that the site will not allow Google to obtain info about the site. Snopes has no info.
Stay away from this.
|
|
|
|
Post by jholland1964 on Sept 1, 2018 9:12:11 GMT -5
#1 rule with something like this, if it looks & feels like a scam/hoax then it IS a scam/hoax. There is NO WAY any unknown web site can know or can tell you that you have a problem on your computer, same holds true for telephone calls. SCAM period. Delete, never interact. You get a phone call? HANG UP say nothing.
These crooks send out thousands of these everyday in hopes that a few people will bite. Don't be one of those people. Delete, delete, delete.
Be absolutely sure to follow Everton's advice and do the clean up steps given on the link that she gave you. Very Important!!
|
|
jasmine
New Member
Posts: 36
Former World Start Member: Yes
World Start Name: Jasmine
|
Post by jasmine on Sept 3, 2018 14:53:56 GMT -5
#1 rule with something like this, if it looks & feels like a scam/hoax then it IS a scam/hoax. There is NO WAY any unknown web site can know or can tell you that you have a problem on your computer, same holds true for telephone calls. SCAM period. Delete, never interact. You get a phone call? HANG UP say nothing.
These crooks send out thousands of these everyday in hopes that a few people will bite. Don't be one of those people. Delete, delete, delete.
Be absolutely sure to follow Everton's advice and do the clean up steps given on the link that she gave you. Very Important!!
Yes, I've read reports on ebay about the site that appeared in the address bar of my computer, vod.ebay.co.uk. The reports say that this page comes up instead of the buyers details upon clicking "view order details." One user reported he kept getting a request to use vod.ebay.co.uk when he needed to check his receipt after buying an item. A web page in Google results for vod.ebay reports that "Fake eBay listings redirecting users to spoof account-stealing phishing pages."
I believe that this malicious page came up when I was viewing results of an ebay search.
Ebay needs to look into this, right?
In the attachment, you can see that the vod.ebay page came up after the pay.ebay web page. ("Checkout" in the left column of web sites shows when the vod.ebay page appeared, right after pay.ebay.com.)
Thanks Judy, Phil, and Everton for the information about this scam
Attachments:
|
|
|
|
Post by jholland1964 on Sept 3, 2018 15:28:46 GMT -5
The address shown in your first attachment was not vod.ebay.co.uk but elitisms.us. vod.ebay.co.uk is a web page in the United Kingdom, not the United States. You live in Ohio, the United States. eBay web address in the U.S is a .com address
Did you even bother to read the link & do the steps given in the link by Everton? There very likely is malware on YOUR computer that called out to the scammers which then caused that pop up to appear. If you don't wish to at least follow the steps or read the information then there is no more help we can offer.
|
|
jasmine
New Member
Posts: 36
Former World Start Member: Yes
World Start Name: Jasmine
|
Post by jasmine on Sept 4, 2018 7:30:55 GMT -5
WebDiscover was the only program in Add/Remove Programs that seemed suspicious. I did a search in Explorer for WebDiscover and got 74 items (see the attachment for only a portion of these items). Would it be copacetic to delete all of these items? (A PC Fix Help video removed all the items in its search.)  |
|
|
|
Post by jholland1964 on Sept 4, 2018 8:36:09 GMT -5
WebDiscover was the only program in Add/Remove Programs that seemed suspicious. I did a search in Explorer for WebDiscover and got 74 items (see the attachment for only a portion of these items). Would it be copacetic to delete all of these items? (A PC Fix Help video removed all the items in its search.) WebDiscover is well known Malware and has been for over two years. It is a browser hijacker and it came onto your computer with something you have downloaded and it has been on your computer at the very least since August 2, note the date of one of the listings in your attachment. A LOT of damage can be done in a month by malware. It may redirect your searches via safestsearches.com (also malware) first, which will then redirect again to a page of IT'S preference not a page that is legitimately related to your search. When you click a link on a page, like eBay, it can redirect the browser to a page that contains more malware that will also load onto your computer, this is how you received your scam page from elitisms.us, NOT eBay. eBay had absolutely nothing to do with this the malware did this. Pages like elitisms will drop MORE malware onto your computer.
Not sure why you would even consider asking if the other listings should be removed, not one single crumb of a piece of malware should be left on your computer. Leave just one and it will come back 100% and bring more with it. Of course they all should be removed.
If you had used the tools given in the original link that Everton gave you, especially Malwarebytes' then those listings you found would not have been there to be found, they would have been removed. The longer you leave the malware on the computer the more seriously infected it will become and we must presume it has been on there at least a month based on the date shown.
What do you mean by "PC Fix Help Video removed all of the items in its search"? Is this a tool you have found or a youTube video you watched? The video I found gives ONE of the steps given by the link given to you by Everton. Manually remove the program. After that then the automatic tools from the link would have removed all the rest. Manually trying to remove listings found as shown in that video should never be counted on to remove all remaining files. Often that is imposssible. The video showed 2 items found, you say you found 74. That does NOT count registry listings because malware like this makes changes and additions to the registry. ALL of those also have to be removed and it is nearly impossible to remove all of those manually, it could take hours and hours to do that and do it correctly without damaging the registry and therefore damaging the operating system. The tools we advise using DO remove all traces including in the registry and it is done very quickly.
I certainly do hope you have NOT used a scam tool linked on the video page from PC Fix Help called SpyHunter. If so then you have added MORE malware to your computer. It is NOT free. The only thing free is the original scan it will do and it ALWAYS finds malware, always even on a brand new unused computer. Then you have to PAY $40.00 to have the tool remove the malware, which it NEVER does. It just causes major problems on the computer.
You came here for assistance, Everton originally gave you the correct suggestion but thus far you have not followed any of the suggestions given except remove unusual programs and apparently because you searched out a video to get removal instructions rather than follow what are well known easy to use correct removal steps. If you had continued with the instructions exactly as given you would have already removed the malware.
Here is my final suggestion:
Follow ALL of the instructions found on our Preliminary Cleanup Steps, this means use Every Single Tool as directed there. There are three tools, CCleaner, Malwarebytes' and Malwarebytes' AdwareCleaner. All are extremely easy to use.
Post back here with copy/pastes of logs produced. Then you may be given other instructions.
Those are the tools we and virtually every legitimate, well respected computer forum works with and if you don't care to follow those instructions then there is nothing else we can offer except to tell you that you most certainly DO have malware on your computer and it has been on there a minimum of one month.
|
|
jasmine
New Member
Posts: 36
Former World Start Member: Yes
World Start Name: Jasmine
|
Post by jasmine on Sept 5, 2018 9:30:23 GMT -5
I did the Malwarebytes scan, which found 34 threats. The results are shown in the attachment.
(Malwaretips.com mentioned resetting the web browser settings to their original defaults — but only if your PC is being redirected to the “Tech Support Scam” notification scam. [This should be performed only if your issues have not been solved by the previous steps.]) (My PC hasn't been redirected to the "Tech Support Scam" since I last posted.)
The only program I downloaded on August 2 — the date of the earliest WebDiscover file on my computer — was Flash Player.
They said HitmanPro was to be used as a "second opinion" and that Zemana was an optional program to be used.
You asked about SpyHunter. I didn't use it.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 9/5/18
Scan Time: 9:51 AM
Log File: d5b6102e-b112-11e8-bddd-c81f663de7fb.json
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6655
License: Trial
-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: DESKTOP-UO9TDEE\pres0
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 302343
Threats Detected: 34
Threats Quarantined: 34
Time Elapsed: 2 min, 45 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 7
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-1399520329-389376565-2101838444-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [1577], [253912],1.0.6655
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [218], [236865],1.0.6655
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [218], [236865],1.0.6655
PUP.Optional.Conduit, HKU\S-1-5-21-1399520329-389376565-2101838444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [218], [236865],1.0.6655
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [1577], [253915],1.0.6655
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-18\SOFTWARE\WebDiscoverBrowser, Quarantined, [1577], [253912],1.0.6655
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, Quarantined, [1577], [253915],1.0.6655
Registry Value: 2
PUP.Optional.Conduit, HKU\S-1-5-21-1399520329-389376565-2101838444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [218], [236865],1.0.6655
PUP.Optional.Conduit, HKU\S-1-5-21-1399520329-389376565-2101838444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, [218], [236865],1.0.6655
Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-1399520329-389376565-2101838444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [218], [293058],1.0.6655
Data Stream: 0
(No malicious items detected)
Folder: 5
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\WEBDISCOVERBROWSER, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\Locales, Quarantined, [618], [348279],1.0.6655
File: 19
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\metadata, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\settings.dat, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics.pma, Quarantined, [1577], [444086],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\Locales\en-US.pak, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\libEGL.dll, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\browser.exe, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome.dll, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_100_percent.pak, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_200_percent.pak, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_child.dll, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_elf.dll, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\debug.log, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\icudtl.dat, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\libGLESv2.dll, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\resources.pak, Quarantined, [618], [348279],1.0.6655
PUP.Optional.Conduit, C:\USERS\PRES0\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\16Y07BWL.DEFAULT\PREFS.JS, Replaced, [218], [301520],1.0.6655
Generic.Malware/Suspicious, C:\USERS\PRES0\DOWNLOADS\FLASHPLAYER_SETUP.EXE, Quarantined, [0], [392686],1.0.6655
PUP.Optional.InstallCore, C:\USERS\PRES0\DOWNLOADS\ADOBE_FLASH_SETUP_2396457620.EXE, Quarantined, [401], [548559],1.0.6655
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Am I "out of the woods" now?
|
|
|
|
Post by jholland1964 on Sept 5, 2018 10:16:12 GMT -5
Very good. Now can you please do the following as noted in the Preliminary Cleanup Steps #6;
This will give you the executable file itself. Save it to your desktop where you can easily find it.
When CLEANING IS REQUIRED, THERE ARE TWO STEPS REQUIRED IN ONE RUN OF THE TOOL.
CLOSE ALL other programs you have running....browsers, email programs. Letting those run while clean up tools to run slows the clean up immensely AND may not allow full clean up because many, if not most tools, cannot clean an open program. So close all that. Only open browser window AFTER the a tool has been run and used to clean, reboots the system and produces a log. Then open the one window and come back here and post the logs required.
Double click AdwCleaner to open it.
1. Hit the Scan button to have AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs. Once this search is complete IF MALWARE IS FOUND you will see the words “PENDING” and the SCAN button will change to a CLEAN button and you must immediately move on to step 2.
2. NEXT Click on the Clean button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed. Copy/paste that log here.
Please NOTE, when using AdwCleaner If no malware is found with your SCAN run of AdwCleaner you will receive a message that nothing was found but it you choose you can run Basic Repair which will reset Winsock and other settings to their default values. This is your option and if you would prefer not to do this just hit the Skip Basic Repair button and close the program.
BUT REMEMBER, IF MALWARE IS FOUND there are TWO steps needed so sure to absolutely complete BOTH steps.
|
|
jasmine
New Member
Posts: 36
Former World Start Member: Yes
World Start Name: Jasmine
|
Post by jasmine on Sept 5, 2018 10:45:21 GMT -5
AdwCleaner said "No malicious filed cleaned" and went on to say "no malicious DLLs cleaned, no malicious WMI cleaned, no malicious shortcuts cleaned, no malicious tasks cleaned, no malicious Chromium entries cleaned, no malicious Chromium URLs cleaned, and no malicious Firefox URLs cleaned."
I would never ask you, Judy, or anyone else for an endorsement of a product, but my intuition tells me that, at the very least, you can see a definite value in using Malwarebytes AdwCleaner.
I have used CCleaner in the past, but, if I remember correctly, CCleaner removes autocomplete entries so that I often have to look for URLs in order to do a search, after having used CCleaner.
|
|
|
|
Post by jholland1964 on Sept 5, 2018 12:55:34 GMT -5
Think nothing of asking about programs. AdwCleaner is HIGHLY recommended. I use it and run it weekly. I do the very same with Malwarebytes'. Excellent programs, well maintained by the developers I absolutely recommend them.
As you have learned by using Malwarebytes' attempting manual removal of malware/infections is virtually impossible. I know that you thought you had personally found everything with your manual search but as shown in the Malwarebytes' logs there was a lot more there. 10 of them were registry entries in various areas. But, there were 24 other listings found that you didn't find yourself.
The use of the tools have likely saved your computer. If you get into a weekly routine using them it will make all the difference in the world.
I also very strongly recommend, if you do not use it yet, to add SpywareBlaster to your computer. It also is FREE and a superior protection program. I have used it for years and I wouldn't run a computer without it.
Download it, install it, udpate it, enable all protection and Close it. That is it. Check for updates every two weeks and if there is an update then take it and enable all protection again and close the program. SpywareBlaster does not run in the background. Very highly recommended!
Here is a link for the executable file:
SpywareBlaster |
|
Paul D
Member
Posts: 106
Former World Start Member: Yes
World Start Name: Paul D
|
Post by Paul D on Sept 12, 2018 13:50:34 GMT -5
I have used CCleaner in the past, but, if I remember correctly, CCleaner removes autocomplete entries so that I often have to look for URLs in order to do a search, after having used CCleaner.
CCleaner removes whatever you want it to remove AND ONLY whatever you want it to remove. That's what the checkboxes down the left hand side are for. |
|
