Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Affix Hub - I'm pretty sure it's a scam.


  • Please log in to reply
17 replies to this topic

#1 Robo11

Robo11

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.
  • Local time:06:44 AM

Posted 11 July 2016 - 03:46 PM

Hey everyone. So earlier today, my friend informed me that he had fallen victim to a classic email worm. He told me that he had gotten an email from someone in his contacts, and that it contained a link. Of course, he clicked the link, a replica email was sent to all of his contacts, etc... But then be informed me that a window popped up that said he suould call a listed phone number for help. So he called the number, and was walked through numerous steps to install remote access software, etc...  He said that they claimed to be Affix Hub (I couldn't find any info online about them other than that Affix Hub is apparently a mountain bike, but I digress :P), and that their service was built into Windows 10. Of course they showed my friend a bunch of files that shouldn't be there, errors, etc (I probably use etc a bit to much, but I digress again)... So after paying them upwards of $100 for their "services" he told me about it.

 

Now of course a immediately thought it's a scam, but since I couldn't find any info online about this particular "repair" service, I thought I would check with Bleeping Computer. Regardless, I will most likely give the OS a reinstall.

 

 

Thanks for your opinion :)



BC AdBot (Login to Remove)

 


#2 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:44 PM

Posted 11 July 2016 - 04:06 PM

Definitely sounds like a scam, he should also email ALL of his email contacts and tell them not to open the link, that type of malware will read his contact list, send to other, once they click it, it repeats.

 

Change your Passwords just in case, and clean it up, if you can not, clean install.

 

(we've had several people in the passed month call about those guys along with other names as well some even claiming to be microsoft

 

he should NOT have paid them a penny, if he can, tell him to call his bank and cancel it.

 

he should have known that if a number popped up on your screen do not call it, start your removal process.

 

The BBB (Better Business Bureau) has ZERO results for them.

 

 

EDIT: the person he got the email from is most likely infected as well, and anyone else who opened it.


Edited by Viper_Security, 11 July 2016 - 04:12 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#3 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:44 AM

Posted 11 July 2016 - 04:11 PM

+1 VS!  Going forward, our friend will have to work with the computer's owner for some time cleaning out all the malware, or, simply go with clean reinstall.  I hope the owner earlier made at least data folder/file [if not also OS] backups -- that might be needed later.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:44 PM

Posted 11 July 2016 - 04:21 PM

+1 VS!  Going forward, our friend will have to work with the computer's owner for some time cleaning out all the malware, or, simply go with clean reinstall.  I hope the owner earlier made at least data folder/file [if not also OS] backups -- that might be needed later.

@RolandJS, Thx!

 

And as RolandJS had mentioned, it's always good to have a back up readily available.

 

did some looking and (after digging somewhat deep) i found their website, http://affixhub.com/index.html

 

their site "doesn't look right" if that makes sense. and is located in PA, i don't see why they would even be interested. since remote connecting to someone is much more of  hassle then physically seeing the machine. I Always have my customers meet me first so they know who they are dealing with.


    IT Auditor & Security Professional

hQBT2G3.png


#5 Robo11

Robo11
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.
  • Local time:06:44 AM

Posted 11 July 2016 - 04:21 PM

Thanks guys, I'm glad you concur with my thoughts. Yes I have told him to change his passwords, alert his contacts and all that. Luckily there is a system image backup from a month or so ago. I did some scans on the system with Malwarebytes, Hitman Pro and ADW Cleaner, and nothing worth noting was found

 

Apparently they also claimed to be a part of Symantec? Still sounds fishy to me.



#6 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:44 PM

Posted 11 July 2016 - 04:28 PM

Thanks guys, I'm glad you concur with my thoughts. Yes I have told him to change his passwords, alert his contacts and all that. Luckily there is a system image backup from a month or so ago. I did some scans on the system with Malwarebytes, Hitman Pro and ADW Cleaner, and nothing worth noting was found

 

Apparently they also claimed to be a part of Symantec? Still sounds fishy to me.

Yeah lmao Symantec a few years ago( just about the time XP went out actually)came out and said their software wasn't doing what it should have (ever since then they went downhill, IMO (never liked em anyways )

 

so the fact that they are "partnered" with Symantec makes it even sketchier to me.

 

as a safety measure run Rkill(32bit) IExplore(64bit) to see if it left any host files or changed any .bat, .exe or .com extensions. if so Rkill/IExplore will fix it for you.

( http://www.bleepingcomputer.com/download/rkill/ )

Best of luck!


    IT Auditor & Security Professional

hQBT2G3.png


#7 Norseman143

Norseman143

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 11 July 2016 - 04:41 PM

I have watched several videos on YouTube about this exact thing.

 

They are Indian scammers and set up fake Windows support sites, many times claiming to work for Microsoft

 

Evey new version of Windows, they come out with a new scam

 

Your friend, is the reason these scammers exists



#8 Robo11

Robo11
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.
  • Local time:06:44 AM

Posted 11 July 2016 - 05:12 PM

Alright, I will follow your recommendations  :wink:



#9 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 11 July 2016 - 05:44 PM

I got a phone call from a scammer this afternoon. I hung up on him.



#10 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:44 PM

Posted 11 July 2016 - 05:46 PM

I got a phone call from a scammer this afternoon. I hung up on him.

Yeah, they keep calling my computer repair shop haha, so i finally decided to let them in to my "PenTesting" distro

 

Bears like honey :)


    IT Auditor & Security Professional

hQBT2G3.png


#11 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:44 PM

Posted 11 July 2016 - 07:40 PM

They have been doing this for years mate, use javascript to pop up a near full screen window with details such as IP and rough location (Your ISP NOC) and normally its a toll free number.

Then they do a tree command in dos prompt and open event viewer and show you soem print errors LOL.

then they ask you to use the Windows key + R and type http://somedirtyindianscammer.c0m then download their version of team viewer and then use SysKey and reboot, then ask for money.


Edited by JohnnyJammer, 11 July 2016 - 07:40 PM.


#12 Robo11

Robo11
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.
  • Local time:06:44 AM

Posted 11 July 2016 - 07:43 PM

They have been doing this for years mate, use javascript to pop up a near full screen window with details such as IP and rough location (Your ISP NOC) and normally its a toll free number.

Then they do a tree command in dos prompt and open event viewer and show you soem print errors LOL.

then they ask you to use the Windows key + R and type http://somedirtyindianscammer.c0m then download their version of team viewer and then use SysKey and reboot, then ask for money.

Yes, I was aware of these kinds of scams, but sadly my friend was not.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:44 AM

Posted 11 July 2016 - 08:20 PM

Tell your friend to read...Beware of Phony Tech Support Scams
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:44 AM

Posted 12 July 2016 - 10:03 AM

"...type http://somedirtyindianscammer.c0m then..."  this might not be the best choice of words; scammers come in all races, nationals, colors.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#15 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:44 PM

Posted 12 July 2016 - 07:13 PM

"...type http://somedirtyindianscammer.c0m then..."  this might not be the best choice of words; scammers come in all races, nationals, colors.

Agreed but 100% of them who i know have had that call are all indian mate lol.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users