Billing scam?
Thread Starter
More than just an ATCO
Joined: Jul 1999
Posts: 1,773
Likes: 1
From: Up someone's nose
Billing scam?
I had some problems withmalaware a cou[le of weeks ago. now i found this in my e-mail. Marked as spam I quarantined it straight away. I guess the problems would start if i replied,
Dear Lon,
Order 10123517 from 2008-11-22
VirusRemover2008 for 49.95 EUR - shipped
This message is to confirm you that your account has successfully been charged with 49.95 EUR for VirusRemover2008. Please find your invoice attached to this confirmation message.
Do not dispute the charge, as this may negatively imply your credit rating! If you are no more using the product subject to current charge, please click here to apply for a refund.
Be informed that we offer technical support, both voice and mail totally for free!
You are welcome to visit our Interactive Support Page and get prompt and reliable solution on any arisen issues. Our technical support team will be glad to guide on every area making you a real master of our products and services.
Respectfully,
bestpaymentsolution.net Support Team
Order 10123517 from 2008-11-22
VirusRemover2008 for 49.95 EUR - shipped
This message is to confirm you that your account has successfully been charged with 49.95 EUR for VirusRemover2008. Please find your invoice attached to this confirmation message.
Do not dispute the charge, as this may negatively imply your credit rating! If you are no more using the product subject to current charge, please click here to apply for a refund.
Be informed that we offer technical support, both voice and mail totally for free!
You are welcome to visit our Interactive Support Page and get prompt and reliable solution on any arisen issues. Our technical support team will be glad to guide on every area making you a real master of our products and services.
Respectfully,
bestpaymentsolution.net Support Team
Joined: Nov 2000
Posts: 2,018
Likes: 73
From: Pewsey, UK
Looks, from Googling, like spyware.
1. Google removal tools - there appear to be loads about.
2. Check your current firewall, anti-virus programs are working properly, if not make them work or change. Then make sure they're properly configured, and not only stop stuff comig from the outside world, but block non-essential stuff going out i.e. only allow HTTP and HTTPS traffic if you use web-based mail services.
3. Consider K9 from Bluecoat - K9 Web Protection - Free Internet Filtering and Parental Controls Software
4. Use Firefox, and install FlashBlock, NoScript and SpoofStick extensions.
5. Check your C/card hasn't been debited - if so, dispute the amount.
1. Google removal tools - there appear to be loads about.
2. Check your current firewall, anti-virus programs are working properly, if not make them work or change. Then make sure they're properly configured, and not only stop stuff comig from the outside world, but block non-essential stuff going out i.e. only allow HTTP and HTTPS traffic if you use web-based mail services.
3. Consider K9 from Bluecoat - K9 Web Protection - Free Internet Filtering and Parental Controls Software
4. Use Firefox, and install FlashBlock, NoScript and SpoofStick extensions.
5. Check your C/card hasn't been debited - if so, dispute the amount.
Joined: Dec 2005
Posts: 1,694
Likes: 15
From: Wellington,NZ
Just curious, what site were you attempting to update the flash player from when you got the "antispy 2009" infection?
Was it the Adobe site (doubtful) or another site with some kind of banner saying words to the effect "your flash player needs updating to play this content...."
From what I read in your thread about this you used Superantispyware to zap it. I'd certainly recommend another scan with SAS, and also MBAM (link from me in the other thread).
Basically this malware can be a bit of a pain to remove completely, so it's worth throwing pretty much everything at it, just to be sure. I'd also not consider it over the top to run a couple of rootkit scans. Good site for getting the applications here. Probably one of the easier to use is Trend Micro's Rootkit buster. GMER is very good (actually quite a few referenced on that site are very good) but mostly they need a bit of expert knowledge to interpret safely. Rule number 1 with anti-rootkit scanners is "if you aren't sure, investigate it; don't delete it."
Because of the nature of the scan (in the alternate data stream) valid items are likely to be presented to the un-knowing as possible rootkits.
Was it the Adobe site (doubtful) or another site with some kind of banner saying words to the effect "your flash player needs updating to play this content...."
From what I read in your thread about this you used Superantispyware to zap it. I'd certainly recommend another scan with SAS, and also MBAM (link from me in the other thread).
Basically this malware can be a bit of a pain to remove completely, so it's worth throwing pretty much everything at it, just to be sure. I'd also not consider it over the top to run a couple of rootkit scans. Good site for getting the applications here. Probably one of the easier to use is Trend Micro's Rootkit buster. GMER is very good (actually quite a few referenced on that site are very good) but mostly they need a bit of expert knowledge to interpret safely. Rule number 1 with anti-rootkit scanners is "if you aren't sure, investigate it; don't delete it."
Because of the nature of the scan (in the alternate data stream) valid items are likely to be presented to the un-knowing as possible rootkits.
Thread Starter
More than just an ATCO
Joined: Jul 1999
Posts: 1,773
Likes: 1
From: Up someone's nose
I can't remember where the original problem started. it was from opening a video clip from a mate when the warning appeared IIRC.
First thing i did yesterday was run a full check with SAS, no big problems found, and checked my on-line banking afterwards.
Firewall etc seems to be functioning normally and all info is up to date.
Thanks for the help
First thing i did yesterday was run a full check with SAS, no big problems found, and checked my on-line banking afterwards.
Firewall etc seems to be functioning normally and all info is up to date.
Thanks for the help
Joined: Mar 2004
Posts: 216
Likes: 0
From: UK
I used Superantispyware to remove antispy 2009 and antivirus 2009 on one computer.
Then did a boot scan with avast antivirus which removed some more trojans that were still hanging around.
Maybe you still have some hidden away
Max
Then did a boot scan with avast antivirus which removed some more trojans that were still hanging around.
Maybe you still have some hidden away
Max
Joined: Nov 2000
Posts: 3,443
Likes: 1
From: Cambridge, England, EU
now i found this in my e-mail
(2) If you can't do that, run spam filtering locally. Configure it to throw away spam rather than put it into any "spam folder".
(3) Then apply brain when looking at incoming emails. If it looks like spam from the header, delete it unread.
(4) If you get so far as opening an email before noticing it's spam, you can still delete it without reading all of it.
This way you don't read spam, mostly. If you don't read it you can't worry about it, and more particularly you won't waste other people's time posting questions about it.
Joined: Dec 2005
Posts: 1,694
Likes: 15
From: Wellington,NZ
GtW,
Although the message was spam-y looking, it was a bit more sinister than that, methinks. It actually rolled up following the loading of a trojan based rogue antispyware application. This particular one is doing the rounds now and a lot of folk are having trouble removing it.
Who knows what info the trojans send home? Email addy? Possibly. If it has full access to the system for the time it's on, you wouldn't be sure- or I wouldn't - that an address hadn't been harvested.
So I think a reasonable amount of paranoia is called for, in case it isn't a coincidence.
Although the message was spam-y looking, it was a bit more sinister than that, methinks. It actually rolled up following the loading of a trojan based rogue antispyware application. This particular one is doing the rounds now and a lot of folk are having trouble removing it.
Who knows what info the trojans send home? Email addy? Possibly. If it has full access to the system for the time it's on, you wouldn't be sure- or I wouldn't - that an address hadn't been harvested.
So I think a reasonable amount of paranoia is called for, in case it isn't a coincidence.
