Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe support / Dial-portsolution


  • Please log in to reply
14 replies to this topic

#1 Rich Kay

Rich Kay

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 04 September 2014 - 11:02 AM

Yesterday I contacted Adobe support online because I changed computers and tried to transfer my Acrobat X program but it will not load and gave me a message to contact support and give them the code 231:19.  The person requested permission to access my computer to help with the problem and I felt this was OK because I had contacted them and felt I was communicating with Adobe.  After a few minutes "Lisa" sent a message saying she was transferring me to a technician to fix my problems and she wanted my phone number.  I then received a call from someone who was looking at my computer and finding all the problems.  He said I had been hacked and that I had numerous Trojans and malware and someone had access to my computer.  He said he could not fix the problems but he would transfer me to a technician that would fix everything using Microsoft programs and it would cost me $399.  He then transferred me to a level 92 technician who I could barely understand and who said he was fixing my problems.  He was with Dial-portsolutions.  At that point I didn't feel comfortable and told him I was closing his connection to my computer but he didn't seem to want to allow me to control the mouse so I turned off the power to kill the computer. 

 

I have Trend-Micro client/Server Security Agent on all computers in the office.  We have a ZyXel Zywall security gateway and I have Malwarebytes Anti-Malware running on my computer, so I was surprised that he was finding so many problems. 

 

My question, is it normal for a company like Adobe to transfer me to an independent company to fix my problem, or was I maybe not actually communicating with Adobe in the first place when I thought I was on their website communicating with their employee. Thanks for any insite you can give me. 


Edited by hamluis, 04 September 2014 - 01:55 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 04 September 2014 - 11:45 AM

This is a well known scam. 

 

How you got from the Adobe web site to the hackers I don't know.  Usual recommendation is to reinstall your OS from scratch.  They would have left back doors for them to come into later.

 

These folks have a legit looking web site and the whole works but its a scam.  If you gave them your credit card you need to call the CC company and have them cancel /reissue you a new card.

 

If you look at the wording on their site you know that English was not the writers first language which is a big clue.

 

http://www.dial-portsolutions.com/plans.html



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:25 AM

Posted 04 September 2014 - 01:35 PM

Let's run some scans and see what we find.  Post the results in this topic.  Do not use another website to host these logs, and do not wrap them in code or quotes.

 

Please download AdwCleaner and install it.

 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 05 September 2014 - 10:39 AM

You would have to know exactly what hack was used to find it and even then there can be other back doors left behind.  Only safe and secure solution is to reinstall.  No amount of software thrown at the issue will make a difference. For me its not worth the risk hence the advice to reinstall.



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:25 AM

Posted 05 September 2014 - 03:51 PM

You need to run the scans I requested, this is a potentially very serious problem.

 

Backdoor Trojans are so dangerous because the have the potential to allow remote adminstration of your system. As if a hacker were sitting at your keyboard, only worse. There’s almost no limit to what they can do. Some common uses:
 
Use your system and Internet connection to send spam (yes, the majority of spam is now generated by infected systems).
 
Steal your online and offline passwords, credit card numbers, address, phone number, and other information stored on your computer that could be used for identity theft, or other financial fraud.
 
Log your activity, read email, view and download contents of documents, pictures, videos and other private data.
 
Use your computer and Internet connection, in conjunction with others to launch Distributed Denial of Service (DDoS) attacks.
 
Modify system files, disable antivirus, delete files, change system settings, to cover tracks, or just to wreak havoc.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Rich Kay

Rich Kay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 10 September 2014 - 10:47 AM

Thanks for your response. I have been gone for a few days and am just getting your message.

# AdwCleaner v3.309 - Report created 10/09/2014 at 08:18:44
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : richard - RICHARD-PC
# Running from : C:\Users\Richard.FAHLFOREST\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\ParetoLogic
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Richard.FAHLFOREST\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7089 octets] - [10/09/2014 08:03:33]
AdwCleaner[S0].txt - [4336 octets] - [10/09/2014 08:18:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4396 octets] ##########

EsetsScan
C:\Users\Richard\Documents\Downloads\pdf_converter.exe a variant of Win32/SweetIM.A potentially unwanted application deleted - quarantined
C:\Users\Richard.FAHLFOREST\Documents\Downloads\pdf_converter.exe a variant of Win32/SweetIM.A potentially unwanted application deleted - quarantined

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.Outbrowse, Date: 2014/09/03 23:21:06, Type: File, Location: C:\Users\Richard.FAHLFOREST\AppData\Local\Temp\dow.exe
Vendor: PUP.Optional.Outbrowse, Date: 2014/09/03 23:21:06, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Vendor: PUP.Optional.Outbrowse, Date: 2014/09/03 23:21:06, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Vendor: PUP.Optional.Outbrowse, Date: 2014/09/03 23:21:06, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Vendor: PUP.Optional.Outbrowse, Date: 2014/09/03 23:21:06, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Vendor: PUP.Optional.Outbrowse, Date: 2014/09/03 23:21:06, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
===============================================================
END OF FILE

#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:25 AM

Posted 10 September 2014 - 12:59 PM

You need to post the entire Eset log, what you have posted looks incomplete.

 

Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
 
tds2.jpg
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
 
2012081514h0118.png
 
3.  Click Start Scan and allow the scan process to run.
 
 
tds4-1.jpg
 
4.  If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
Click Continue.
 
 
tds6.jpg[/*]
 
5.  Click Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Rich Kay

Rich Kay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 10 September 2014 - 08:43 PM

Thanks, I will try to post the complete log and follow your instructions tomorrow. This morning I could not get the computer to boot up but after several tries and trying to boot in safe mode it finally did. Tonight I shut it off to see if it would boot up after running the scans today and it will not boot. I will try it again in the morning
when I get to work.

#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:25 AM

Posted 11 September 2014 - 08:37 AM

Let me know if you can still boot into Safe Mode.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 Rich Kay

Rich Kay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 11 September 2014 - 11:54 AM

Hi, and thanks for your help.  I was able to boot normally this morning, I guess it had a good nights sleep.  I reran RSetScan this morning and here is the log.  I also ran the TDSS Killer and tried to post the log, but it says the post is too long.  There were not problems on the TDSS scan.

 

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Temp\TmpxTmp\httEE9A.tmp Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Richard.FAHLFOREST\AppData\Local\Downloaded Installations\{7D9DD5A4-A592-4F6C-A5DA-3FC9B92D69B5}\default.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Richard.FAHLFOREST\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNKFU06Q\stubinst_pkg_en-us[1].cab Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Richard.FAHLFOREST\Downloads\spsetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Richard.FAHLFOREST\Downloads\Bleeping_tools\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\Installer\113ac1.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
 



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:25 AM

Posted 11 September 2014 - 12:50 PM

Let us know if the problem returns.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 Rich Kay

Rich Kay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 11 September 2014 - 12:59 PM

Thank you.  Are you saying that you think the problem is solved?  It does actually seem to be running better but I guess I will try turning it off and rebooting to see if there are any other problems.



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:25 AM

Posted 11 September 2014 - 01:11 PM

At this point the problem hasn't reoccurred, I don't know if the scans performed resolved this issue or not.  This is why I suggested that you let us know if it returns.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 Rich Kay

Rich Kay
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 11 September 2014 - 04:41 PM

Thanks. I've done a shutdown and reboot and everything appears fine.  I do appreciate your help and knowing you guys are there with the expert knowledge.  It would be nice if we could get war declared on these TERRORISTS that are causing so much aggravation by randomly screwing up someones computer.  LOL

 

Thanks again.



#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:25 AM

Posted 12 September 2014 - 08:40 AM

Happy computing.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users