log4rescue - anyone heard of them?
Stargazing
Thread Starter
Join Date: Apr 2006
Location: West
Posts: 427
Likes: 0
Received 0 Likes
on
0 Posts
log4rescue - anyone heard of them?
I've been having some problems with my PC lately, so dutifully sent 'error reports' to Microsoft, as per the prompt screens. I have the AVG protection suite and RegCure to tidy things up. Today I had a call out of the blue from someone who said he was calling about the error reporting and would try to sort it out for me. To cut a long story short, he said that it was likely that my machine had been infected by a trojan and eventually transferred me to the Log4rescue site where, for an annual fee, this company would provide a clean-up and support service. I finished the call, and said I wanted to consider my options before paying up front.
I wondered if anyone here has any feedback or experience with this company? I went along with the call initially because I thought it was Microsoft getting in touch, but had my doubts when I ended up looking at log4rescue instead. Subsequently, I haven't been able to work out how he'd have known about the error reporting. My normal source of info on all things computing (husband) is out of the country for a few months, so would appreciate any advice.
I wondered if anyone here has any feedback or experience with this company? I went along with the call initially because I thought it was Microsoft getting in touch, but had my doubts when I ended up looking at log4rescue instead. Subsequently, I haven't been able to work out how he'd have known about the error reporting. My normal source of info on all things computing (husband) is out of the country for a few months, so would appreciate any advice.
Recidivist
Join Date: Jun 2005
Location: Essex, UK
Posts: 1,239
Likes: 0
Received 0 Likes
on
0 Posts
Sounds dodgy.
Best download Malwarebytes or similar and let it check your system out.
You shouldn't have to pay for any of these services - there's plenty of good and free stuff about.
Malwarebytes.org
Best download Malwarebytes or similar and let it check your system out.
You shouldn't have to pay for any of these services - there's plenty of good and free stuff about.
Malwarebytes.org
Spoon PPRuNerist & Mad Inistrator
I've been having some problems with my PC lately
Or maybe I'm just cynical.
Your name, address and telephone number could have been obtained in several ways - and if "they" have that much information I would be wary of any online banking etc..
Assuming an infection, he most secure way of dealing with this is a complete deletion and re-install of OS (after backing up data and user settings). You can also try running a good anti-malware program (e.g. Malwarebytes), but you need to be confident about what you are doing. See the recent http://www.pprune.org/computer-inter...-shutdown.html thread for example.
SD
Official PPRuNe Chaplain
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes
on
0 Posts
I would be very wary of log4rescue. Google shows 4 hits for them - two from their own website, one from this thread, and one totally unconnected with the firm.
Their website mentions lots of growth and about 800 employees.
While that's possible, I can't imagine a growing web company with 800 employees and only three relevant Google hits.
They may be totally legit, but...
Their domain was registered on 17 Nov 2009, so they aren't long-standing, and their registered location is Calcutta.
Did the caller say how they got your details? Did he/she have more information about you than you'd send to MS?
Saab's answer may be a tad drastic, but it will fix it.
I'd be inclined to run Malwarebytes and see what it finds. Some of us on here may be able to "talk you through" the disinfection process. I've done a fair few (mostly not in my own PCs), and some are real experts!
Their website mentions lots of growth and about 800 employees.
While that's possible, I can't imagine a growing web company with 800 employees and only three relevant Google hits.
They may be totally legit, but...
Their domain was registered on 17 Nov 2009, so they aren't long-standing, and their registered location is Calcutta.
Did the caller say how they got your details? Did he/she have more information about you than you'd send to MS?
Saab's answer may be a tad drastic, but it will fix it.
I'd be inclined to run Malwarebytes and see what it finds. Some of us on here may be able to "talk you through" the disinfection process. I've done a fair few (mostly not in my own PCs), and some are real experts!
Stargazing
Thread Starter
Join Date: Apr 2006
Location: West
Posts: 427
Likes: 0
Received 0 Likes
on
0 Posts
Many thanks for the replies. I ran the Malwarebytes which picked up the usual cookies, and what looks like a nasty:
c:/sccfg.sys
showing as a hidden file and identified as a rootkit. I have tried to remove it, but I guess the clue's in the 'hidden file' bit and it steadfastly refuses to budge. Grateful for any further advice.
Incidentally, log4rescue rang back this morning and I told them I'd fixed the problem with anti-malware. End of conversation. I suppose I should have asked where they got my details from, but I just wanted them off my back at that stage.
c:/sccfg.sys
showing as a hidden file and identified as a rootkit. I have tried to remove it, but I guess the clue's in the 'hidden file' bit and it steadfastly refuses to budge. Grateful for any further advice.
Incidentally, log4rescue rang back this morning and I told them I'd fixed the problem with anti-malware. End of conversation. I suppose I should have asked where they got my details from, but I just wanted them off my back at that stage.
Per Ardua ad Astraeus
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
R b G - have you tired Malwarebytes in safe mode? If that does not work, try something that will do a 'boot' scan - Avast has performed well in that respect.
Stargazing
Thread Starter
Join Date: Apr 2006
Location: West
Posts: 427
Likes: 0
Received 0 Likes
on
0 Posts
I have tried to remove the hidden file via AVG's anti-rootkit function, but it's back whenever a new scan is run. Does anyone know whether c: \sccfg.sys is something awful? Being a complete computer numpty, it occurred to me today that it might not be malign, although I wonder why it's hidden if that's the case.
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
Micro soft tends to hide all operating sys files so that they cant be accidentally erased. If the path is as you say then, from the command line type C:ccfg.sys -r -a -s -h and then try removing it.
Spoon PPRuNerist & Mad Inistrator
sccfg.sys seems to be associated with an application called Folder Lock - do you have that installed on your system?
SD
SD
Recidivist
Join Date: Jun 2005
Location: Essex, UK
Posts: 1,239
Likes: 0
Received 0 Likes
on
0 Posts
Folder Lock seems horribly familiar.
If it's the one I think it is, there have been lots of folk complaining that the trial version held them to ransom if they ever wanted to see their files again.
If it's the one I think it is, there have been lots of folk complaining that the trial version held them to ransom if they ever wanted to see their files again.
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
Yes you can download it as a trial, presumably when the trial runs out you're stuffed unless you buy the full version, if you don't remember to unlock the files before then.
Join Date: Jan 1997
Location: UK
Posts: 7,737
Likes: 0
Received 0 Likes
on
0 Posts
You lot are all fakes and you're banned:
Sir,
This is to bring to your kind attention that some of the people registered in your website are using the forum as a weapon to affect our companys' reputation in the market.In the last 4 days several comments have been posted in your website by the rivals in order to influence our customers as a result of our customers are charging us back and losing trust on us.Our comapny is log4rescue and if you see all the post have been done by the same IP address from kolkata and not by any resident of any country which the posted with different usernames and address.As per your terms and conditions any personal attack to any person or company is voilating your laws.
i kindly request you to go through the matter and take necessay actions against it and remove this forum and the post against our website for which we would be very thankful.
thanking you
josh paker
This is to bring to your kind attention that some of the people registered in your website are using the forum as a weapon to affect our companys' reputation in the market.In the last 4 days several comments have been posted in your website by the rivals in order to influence our customers as a result of our customers are charging us back and losing trust on us.Our comapny is log4rescue and if you see all the post have been done by the same IP address from kolkata and not by any resident of any country which the posted with different usernames and address.As per your terms and conditions any personal attack to any person or company is voilating your laws.
i kindly request you to go through the matter and take necessay actions against it and remove this forum and the post against our website for which we would be very thankful.
thanking you
josh paker