Jump to content


Photo

Pm from a scanner


  • Please log in to reply
10 replies to this topic

#1 alex antonas

alex antonas

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 21 August 2008 - 05:08 AM

I got a pm from a full member who wrote


Hello!
Try new online antivirus scanner: antivirus777.

Best regards,
Spywareinfoforum.com Support


But it clearly says he has posted 6 times and is a full member.

his username is support.

Edit to disable malware link...

Edited by Budfred, 21 August 2008 - 06:13 AM.


#2 BeHE

BeHE

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 21 August 2008 - 06:01 AM

I have received the same PM too, which I've forwarded to cnm.

#3 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,574 posts

Posted 21 August 2008 - 06:17 AM

Thank you for letting us know... That is malware and Support is now banned... If anyone gets this PM - DO NOT - click on that link... Delete the PM without even opening it...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#4 Bobby

Bobby

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 21 August 2008 - 07:33 AM

One of the things I have learned from this community is to never click a link in an email so you can imagine how surprised I was to see an email for a PM from someone named "support" from this forum.

That's like trying to hold up a Police station :lol:

Anyway, I banned him from my PM's and dropped in to let the folks here know they taught me well :D


Bobby

#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,574 posts

Posted 21 August 2008 - 09:05 AM

I believe we have another one... If you receive a PM from petrpon or pittersok, please delete it or forward it to me...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 August 2008 - 10:34 AM

And see http://www.spywarein...howtopic=119249
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 0vermind

0vermind

    Internet Security Junkie

  • Full Member
  • Pip
  • 36 posts

Posted 22 August 2008 - 04:25 PM

I hope you notify their ISP and give them a permanent ban cause that link shows pornographic images, illegal.. especially for kids who click on that link.

Yeah, just a word of caution, please don't click on the link. Oh and I grabbed the download that tries to start and submitted the links to CastleCops.

I also got a PM from a user by the name of petrpon, with a link that looks different but is the exact same page (also submitted to CastleCops).

-Mike

Edited by 0vermind, 22 August 2008 - 04:32 PM.

My blog: www.MikesSupport.com/blog

Computer Repair in Orem, Utah


#8 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,574 posts

Posted 22 August 2008 - 05:57 PM

Overmind,

If you read my last post, you will see that we discovered and also banned petrpon... And yes, the bans were all permanent... The pests seem to have been using proxies, so there is no way to deal with their ISPs...

We have also neutered the PMs that were not already opened by the time we worked out the code to neuter them... As cnm says, do not assume that a PM from someone claiming to be a SWI staff member is real unless they have the rank to support it... Even then, I would check that PM with a member of leadership before clicking on it... If it seems to be from me, ask cnm before you open it -- and so on...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#9 burgessms

burgessms

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 August 2008 - 02:00 PM

Overmind,

If you read my last post, you will see that we discovered and also banned petrpon... And yes, the bans were all permanent... The pests seem to have been using proxies, so there is no way to deal with their ISPs...

We have also neutered the PMs that were not already opened by the time we worked out the code to neuter them... As cnm says, do not assume that a PM from someone claiming to be a SWI staff member is real unless they have the rank to support it... Even then, I would check that PM with a member of leadership before clicking on it... If it seems to be from me, ask cnm before you open it -- and so on...



Instead if deleting the post, and when folks log in to check the message, can you retype the message to state it was a scam, or redirect searches for antivirus777 to a warning page.

I'm sure this is going to get worse before it gets better.

address headers from my scam email:

Return-Path: <mike@www.spywareinfoforum.com>
Authentication-Results: mta572.mail.mud.yahoo.com from=spywareinfo.com; domainkeys=neutral (no sig)
Received: from 75.127.110.25 (EHLO www25.yourdnshost.com) (75.127.110.25) by mta572.mail.mud.yahoo.com with SMTP; Sun, 24 Aug 2008 18:46:09 -0700
Received: from apache by www25.yourdnshost.com with local (Exim 4.67) (envelope-from <mike@www.spywareinfoforum.com>) id 1KW8t1-00082y-RT for user@yahoo.com; Thu, 21 Aug 2008 08:03:31 -0400
To: user@yahoo.com
Subject: You have a new personal message ( SWI Forums )
MIME-Version: 1.0
Date: Thu, 21 Aug 2008 08:03:31 -0400
From:
"SWI Forums" <forums@spywareinfo.com>
Content-type: text/plain; charset="iso-8859-1"
Message-Id: <E1KW8t1-00082y-RT@www25.yourdnshost.com>
Content-Length: 325

Edited by burgessms, 25 August 2008 - 02:04 PM.


#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 25 August 2008 - 02:18 PM

I'm sure this is going to get worse before it gets better.

It's not, it's been dealt with, and measures have been put in place to deal with any attempts to repeat it. See Budfred's post above.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 August 2008 - 02:25 PM

Also please see http://www.spywarein...howtopic=119380
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button