Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Topic (malware) passed to this group. see below.


  • Please log in to reply
10 replies to this topic

#1 jackmeat

jackmeat

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 04 October 2015 - 11:30 PM

Upon visiting websites, a pop up comes up (screenshot available upon request) informing me to contact my ISP (which is the correct one) and a phone number to call. Some annoying voice also speaks this and can only be terminated via the task manager. Everything that has been done so far is outlined in previous correspondence here: http://www.bleepingcomputer.com/forums/t/590600/possible-malware-informs-me-to-contact-isp-when-visiting-websites-to-remove-it/

 

All browsers are affected and seems to be triggered mostly by stream2watch.com but is not limited to there as I get the message randomly on other sites (ESPN, CNN, Bleeping computer included)

 

-----------------

 

Since then, everything done with the secondgroup and al correspondence is here,including being told to open this thread.

 

http://www.bleepingcomputer.com/forums/t/591356/possible-malware-informs-me-to-contact-isp-when-visiting-websites-to-remove-it/

 

--------------------------------

 

Attached is the screen that pops up, sorry I can't send the voice along with it for you (and be thankful, it is damn annoying) I will copy ths thread back over to the malware thread in hopes someone can figure this out.

Attached Files



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:36 PM

Posted 05 October 2015 - 04:32 AM

The BlueScreen is a scam.  As the other message uses the same phone number, I'd suspect it's a scam also.

I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 05 October 2015 - 04:59 AM

You may have wanted to check the links in my post. I started in that thread, and then was passed onto the malware logs analysis one which obviously stumped him/her and was sent here.

 

I know it is an infection of some sort. (at least in your description, it says "visually handicapped" so missing the links showing the previous steps taken before posting here were not ignored, just not seen)



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:36 PM

Posted 05 October 2015 - 05:18 AM

Sorry for missing that, I'm not only visually handicapped, I'm also rushing so I'll finish these posts before I have to get ready for work.

Just FYI - I am blind in my right eye and have lost 30% of the vision in my left eye due to glaucoma.  The rest of the vision is 20/20 - but only if the eye is well-lubricated (I also have severe dry eye).

 

This isn't technically an infection.  Rather it's something that's causing your browser to visit the  18-trafdsfgficimg.tf/w/ale...... webpage (I got this from the address bar in the browser on your screenshot).  Fixing that is the problem here.

 

Open the Run dialog and type in "inetcpl.cpl" without the quotes and press Enter.

Go to the Advanced tab and select "Reset" to reset the browser.

There's no need to delete your personal stuff when first trying this (although you may have to do that on the second try).

Restart the system and see if it's gone away.

Also, you may get more expert assistance in the networking forums - as I'm not a browser expert.

Good luck!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 CodeSmasha

CodeSmasha

  • Banned
  • 524 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 06 October 2015 - 12:20 AM

This page I believe is directed as a ransomware attack I might be wrong. But have you checked your AV Lately?


Edited by CodeSmasha, 06 October 2015 - 12:32 AM.


#6 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 06 October 2015 - 01:27 AM

Sorry for missing that, I'm not only visually handicapped, I'm also rushing so I'll finish these posts before I have to get ready for work.

Just FYI - I am blind in my right eye and have lost 30% of the vision in my left eye due to glaucoma.  The rest of the vision is 20/20 - but only if the eye is well-lubricated (I also have severe dry eye).

 

This isn't technically an infection.  Rather it's something that's causing your browser to visit the  18-trafdsfgficimg.tf/w/ale...... webpage (I got this from the address bar in the browser on your screenshot).  Fixing that is the problem here.

 

Open the Run dialog and type in "inetcpl.cpl" without the quotes and press Enter.

Go to the Advanced tab and select "Reset" to reset the browser.

There's no need to delete your personal stuff when first trying this (although you may have to do that on the second try).

Restart the system and see if it's gone away.

Also, you may get more expert assistance in the networking forums - as I'm not a browser expert.

Good luck!

Sorry about the eye joke, but your own descruiption set you up for it. Unfortunately with al the other stuff I did and then also did with techs from here, nothing has alleviated the problem so they seem t have given up and blamed windows 10. the thing about resetting the browser (yet again) is that it effects IE11, Chrome, and slimjet. Not sure about firefox since I only use that for I2P. Where ever the redirect is coming from is alluding anything that people have come up with and I started working on this myself for a couple days befre even posting to here. Oh well, thanx anyway, if you think of some otherthing to try, I am game to give it a go. I still think it is some damn service doing it. but who knows.



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:36 AM

Posted 06 October 2015 - 03:14 AM

Just for curiosity, have you tried resetting your router? I checked both of your topics and that hasn't been done yet.

#8 CodeSmasha

CodeSmasha

  • Banned
  • 524 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 06 October 2015 - 03:28 AM

 

Sorry about the eye joke, but your own descruiption set you up for it. Unfortunately with al the other stuff I did and then also did with techs from here, nothing has alleviated the problem so they seem t have given up and blamed windows 10. the thing about resetting the browser (yet again) is that it effects IE11, Chrome, and slimjet. Not sure about firefox since I only use that for I2P. Where ever the redirect is coming from is alluding anything that people have come up with and I started working on this myself for a couple days befre even posting to here. Oh well, thanx anyway, if you think of some otherthing to try, I am game to give it a go. I still think it is some damn service doing it. but who knows.

 

 

Have you ran the tool Junkware Removal Tool to see if it could remove it.

 

 

Just for curiosity, have you tried resetting your router? I checked both of your topics and that hasn't been done yet. 

 

 

That could work too?


Edited by CodeSmasha, 06 October 2015 - 03:30 AM.


#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:36 PM

Posted 06 October 2015 - 05:07 AM

No problem with the jokes.  I enjoy them (and make quite a few myself).

 

You really need the networking folks to help out on this if it's happening in multiple browsers.

Tracking down networking errors isn't easy (I've tried and failed more times than I can count).

Here's a link to them:  http://www.bleepingcomputer.com/forums/f/21/networking/

 

Hmmm, if you make a new account on that computer, does the behavior continue there?

Can you try another computer on that network and see if it has the same problem?

Have you searched your computer/registry/hosts file for 18-trafdsfgficimg.tf ?


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 06 October 2015 - 07:40 AM

 

 

Sorry about the eye joke, but your own descruiption set you up for it. Unfortunately with al the other stuff I did and then also did with techs from here, nothing has alleviated the problem so they seem t have given up and blamed windows 10. the thing about resetting the browser (yet again) is that it effects IE11, Chrome, and slimjet. Not sure about firefox since I only use that for I2P. Where ever the redirect is coming from is alluding anything that people have come up with and I started working on this myself for a couple days befre even posting to here. Oh well, thanx anyway, if you think of some otherthing to try, I am game to give it a go. I still think it is some damn service doing it. but who knows.

 

 

Have you ran the tool Junkware Removal Tool to see if it could remove it.

 

 

Just for curiosity, have you tried resetting your router? I checked both of your topics and that hasn't been done yet. 

 

 

That could work too?

 

Both of these have been done. No such luck. I reset my router before contacting here, and then did again yesterday for other reasons (accidentally unplugged it lol) so that did not help.



#11 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 08 October 2015 - 01:31 AM

Hmmm, if you make a new account on that computer, does the behavior continue there? Interesting question, had NOT tried, but will

Can you try another computer on that network and see if it has the same problem? It does not happen on another computer

Have you searched your computer/registry/hosts file for 18-trafdsfgficimg.tf ?yes, also for ads.alx.......and today I noticed a new one, n121adserv popped up before the bogus message to call the ISP.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users