Frontera Technical Support

[adyclemo]

This is a screen shot of one of the latest scams i have come across on a customers computer while at work today.

At the moment its not perticularly advanced and is easily removed, but will probably advance as time goes on just like they all do. All it appears to do is run internet explorer full screen with no navigation bars etc, divert you to a web address were they capture your details, disable task manager and windows explorer.



To remove just boot to safe mode of which seems to function as normal, load up ms config and strip the startup items which stops the file from running and reboot, the file is locate in a hidden folder located at c:\users\your user name\appdata\local\temp. Just delete the file once the computer has rebooted (no need for safe mode now). You will need to enable the viewing of hidden folders. Once removed i would do a few scans with AV software to check rest of the machine and clear all internet temp files, cookies etc.

I will post up tomorrow the file names that you will be looking for as i have them scribbled on a scrap piece of paper on my clip board at work, they may differ but will at least give you an idea of what you are looking for.

Although the grammer is not excellent at first glance its beleivable to those that do not understand this stuff, with 90% of people at some point having had counterfeit software put on their computer or browsed web sites they probably shouldnt have, and at a supposide fine of £100 is probably considered not to be exstortionate and rather reasonable as pointed out by colleagues at work.

[SPEEDBIRD 202]

I'm always dead keen in these types of scams and learn what you can do to avoid them.

So thanks for that adyclemo, and for me it was a

ATB

[Big Dav]

On behalf of the police the media in Scotland put an alert out last weekend regarding the scam and for folk not to respond to it.
Don't know how much cash the scammers have made from it.

[furball]

I believe the current free malwarebytes download can get rid of this, not sure if it's been added to stinger yet though

[fogman]

just had a phone call from a mate & his pc is locked up with it, im not that good with pcs so im wondering if i can go into safe mode then choose a previous restore point then run the av to track it down ?
failing that have you got the file names please ady ?

[BoxCleva]

Don't use system restore Gary.

Download Malwarebytes Anti Malware (free version) , updating it with the latest definitions when prompted is critical. Run a full scan with that in safe mode. It should deal with the issue you have mate.

[fogman]

ok understood mate im not sure if he has malware or antispyware on it so can i download in safe mode ? i think hes only got macfee av installed

[BoxCleva]

Yes mate , select safe mode with networking which will mean you will have net access in safe mode.

[fogman]

ok thanks si

[adyclemo]

The names are changing but so far are very clear that they should not be theyre, ive seen names in the startup items anything from "my grans bloomers" to "mrs deatons giggles" to "scary fish balloons". In the hidden folders the app name goes along the lines of 0.0xxxxxxxxxxxxxx (x being random numbers)

System restore wont work as box has already said. Refer to my first post on how to get rid of it then scan with AV software and MBAM

[fogman]

right guys ive just returned from my mates, first of all i rebooted it in safe mode & ran a scan with the already installed macfee a/v programme, that found nothing, so rebooted it again this time with networking then downloaded superantispyware [which ive found to be excellent in the past ] left it scanning again expecting it to sort it out but he ran me again saying its still on there, thinking about it i left it still connected to the modem for the 2nd scan, do you think that would explain its reappearance ?
would going into the disc cleaning facility & deleting all temporary files & cookies clear it ? as im not too sure how to strip start up files as ady advised in his first post

[BoxCleva]

Download the tool from here > http://www.avg.com/ww-en/remove-win32zeroacces

Disable System Restore prior to running the tool. Instructions here > http://support.microsoft.com/kb/310405

[fogman]

ok ill give that a try boxy out of interest what would happen if the system restore wasnt turned off while using the removal tool ?

[BoxCleva]

It struggles to access restore files in XP.

[fogman]

hes running vista so would that make any difference ?

[BoxCleva]

Whoops, sorry didn't realise.

Disable it anyway. You can enable it again after the scan and a reboot. http://windows.microsoft.com/en-US/wind ... -on-or-off

[fogman]

as i post this another mate is wiping his pc clean so i cant give any more input but thanks for the advice guys