Shop OBEX P1 Docs P2 Docs Learn Events
Really Off-topic Computer Question — Parallax Forums

Really Off-topic Computer Question

ajwardajward Posts: 1,130
in General Discussion
Hi All...
First an apology to the Forum Gods if this is a bad post, but...

This morning I opened a browser window, and was surprised with a winderz blue screen of death and a text box proclaiming my system32 file was missing some components and predicting all sorts of evil things. They also provided me a toll free phone number to call to get help. :-\

Anyhow, besides it being an obvious scam, I'm pretty sure there's nothing wrong with "my system32" file since I'm running a Mac with OS X. Still my Safari browser has been compromised and I needed to do a serious fix. Thank you Time Machine!

Just wondering if anyone else has seen this particular beastie?
The url was internetexplorer.click.

Thanks.

Amanda

Comments

  • icepuckicepuck Posts: 466
    edited 2015-09-29 17:49
    I've had something similar happen with 14.04 and chrome. Then the same thing started with win7 & chrome. A popup would display an 800 number to call to fix the problem. Removing & reinstalling chrome fixed the problem for a few days but returned. So I disabled flash and that seems to have fixed it. But I've only had this happen with chrome and not Firefox or IE.
    -dan
  • PublisonPublison Posts: 12,366
    edited 2015-09-29 18:57
    ajward wrote: »
    Hi All...
    First an apology to the Forum Gods if this is a bad post, but...
    Amanda

    You are always welcome to ask for help here. It is pay back for the help you have provided.


  • Heater.Heater. Posts: 21,230
    Interesting. I never know that internetexplorer.click could be a valid domain name. But sure it is. Seems to be running on Amazon cloud services: 
    $ ping  internetexplorer.click
PING internetexplorer.click (54.72.16.178) 56(84) bytes of data.
64 bytes from ec2-54-72-16-178.eu-west-1.compute.amazonaws.com (54.72.16.178): icmp_seq=1 ttl=46 time=43.4 ms
64 bytes from ec2-54-72-16-178.eu-west-1.compute.amazonaws.com (54.72.16.178): icmp_seq=2 ttl=46 time=43.6 ms
    OK so who as registered that domain name: 
    $ whois  internetexplorer.click

Domain Name: internetexplorer.click
Domain ID: DO_d0fa05f1e064ed7023be6b7984883413-UR
WHOIS Server: whois.uniregistry.net
Referral URL: http://whois.uniregistry.net
Updated Date: 2015-09-15T21:13:00.303Z
Creation Date: 2015-09-10T21:12:25.590Z
Registry Expiry Date: 2016-09-10T21:12:25.590Z
Sponsoring Registrar: eNom, Inc.
Sponsoring Registrar ID: 48
Sponsoring Registrar IANA ID: 48
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registrant ID: 708c80d09537f4a6
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code: 00000
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Fax: +51.17057182
Registrant Email: legal@whoisguard.com
Admin ID: 708c80d09537f4a6
Admin Name: WhoisGuard Protected
Admin Organization: WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City: Panama
Admin State/Province: Panama
Admin Postal Code: 00000
Admin Country: PA
Admin Phone: +507.8365503
Admin Fax: +51.17057182
Admin Email: legal@whoisguard.com
Tech ID: 708c80d09537f4a6
Tech Name: WhoisGuard Protected
Tech Organization: WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City: Panama
Tech State/Province: Panama
Tech Postal Code: 00000
Tech Country: PA
Tech Phone: +507.8365503
Tech Fax: +51.17057182
Tech Email: legal@whoisguard.com
Billing ID: 708c80d09537f4a6
Billing Name: WhoisGuard Protected
Billing Organization: WhoisGuard, Inc.
Billing Street: P.O. Box 0823-03411
Billing City: Panama
Billing State/Province: Panama
Billing Postal Code: 00000
Billing Country: PA
Billing Phone: +507.8365503
Billing Fax: +51.17057182
Billing Email: legal@whoisguard.com
Name Server: ns-103.awsdns-12.com
Name Server: ns-1157.awsdns-16.org
Name Server: ns-1887.awsdns-43.co.uk
Name Server: ns-989.awsdns-59.net
    OK, now you have their address and phone number...in Panama...

    And who is "WhoisGuard, Inc."? http://www.whoisguard.com/

    Sorry I have no idea how to fix your Safari.

  • xanaduxanadu Posts: 3,347
    Have you downloaded any free programs lately? It may have been bundled with it. Otherwise it's possible an advertisement on a site you were on may have been hijacked.

    There are videos on youtube of kids calling the support numbers and inviting the scammers onto virtual PCs. Some of them are really funny. There's one where the guy remapped keys on the keyboard and the scammer gets really irritated with him.
  • ercoerco Posts: 20,256
    It's ransomeware of some sort. My wife got the "US Courts" virus on her PC a few years back. I couldn't do anything at all. It needed Malwarebytes, SuperAntiSpyware, CCleaner & Scandisk scans, but we couldn't get to those. It was her desktop, so I yanked her hard drive and scanned it using my computer (hers was the secondary drive). Worked like a champ. Of course laptops are a different matter.

    Avast is free, but I've had very different results using it on different computers.

    Oh duh, I re-read and saw Mac, so just ignore me. Just curious, do you use any real-time virus protection, Amanda?
  • skylightskylight Posts: 1,915
    Heater. wrote: »
    OK, now you have their address and phone number...in Panama...

    And who is "WhoisGuard, Inc."? http://www.whoisguard.com/

    Sorry I have no idea how to fix your Safari.
    I think the real culprit is hiding behind the above who supply the service to hide their details.
    WhoisGuard being the service in panama.

  • Heater.Heater. Posts: 21,230
    So we surmise that whoever whoisgaurd is they are not actually in Panama at all and that company name and address is as bogus as everything else ?
  • xanaduxanadu Posts: 3,347
    edited 2015-09-29 21:55
    Heater, it's private registration on a domain, by a company called whoisgaurd.
  • skylightskylight Posts: 1,915
    edited 2015-09-29 22:19
    If you click the link you supplied

    http://www.whoisguard.com/

    It goes to a service based in Panama that offers to hide your details such as email etc so was surmising that the internet.click owner's details are not shown but the service details are shown instead.

    Sorry if I didn't explain it well but im not up with all those terms that you guys use as though its second nature :)
  • koehlerkoehler Posts: 598

    Thats commonly done to prevent site/DNS hijacking.
    And, lame business models apparently.

  • LoopyBytelooseLoopyByteloose Posts: 12,537
    edited 2015-09-30 11:25
    ajward wrote: »
    Hi All...
    First an apology to the Forum Gods if this is a bad post, but...

    This morning I opened a browser window, and was surprised with a winderz blue screen of death and a text box proclaiming my system32 file was missing some components and predicting all sorts of evil things. They also provided me a toll free phone number to call to get help. :-\

    Anyhow, besides it being an obvious scam, I'm pretty sure there's nothing wrong with "my system32" file since I'm running a Mac with OS X. Still my Safari browser has been compromised and I needed to do a serious fix. Thank you Time Machine!

    Just wondering if anyone else has seen this particular beastie?
    The url was internetexplorer.click.

    Thanks.

    Amanda

    Actually, I think the topic is very appropriate. Living here in Asia, I get attacks via the brower download ablities all the time that claim all sort of dire consequence, but leave a tell-tale .exe file that Linux just ignores. Trying to run down who this bit of extortion is likely to be a big challenge.

    It is a bit absurd when you get 'Winderz blue screen of death' emulated on OSx or Linux. There really isn't much to a cleanup. Try to identify the offending source and avoid it. Remove any .exe files that suddenly appeared. In many cases that might be unnecessary as nothing shows up, but starting the browser and perhaps the whole computer pretty much ends the whole episode.

    I really can't sort out the black hats from the white hats in the internet security software business as they all want a steady stream of annual fees. So it is much easier to use a Unix/Linux system as one's first defense, and enjoy ignoring all that sales material and demands to tie up your computer for hours with security scans, registry scans, and so on.



Sign In or Register to comment.