Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Receipt for Your Payment to Netflix, Inc.


  • Please log in to reply
12 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 15 April 2017 - 11:18 AM

Hope this is the proper place to post this

 

1. I got this so-called "Bill" to my email address from apple@apple-verification.live.com.

 

2. Just removed a bunch of important info because it had my email address in it.
 
3. I copied some funky looking email address from the upper right hand Corner of the Mail Front page.  Looks like something to do with the Users address.  It looks something like this, I will doctor it so that it is not the actual address with:  "NUMBERSANDLETTERSHERE"  
Mail - outlook_NUMBERSANDLETTERSHERE@outlook.com
 
I don't know what all this means, and it does not show up in my bank account as being taken out.  I think it is just some kind of Phishing Scam because it contains Three Attachments along with some Links.
 
I reported all this by Forwarding email to reportphishing@apple.com
 
I saved it as a PDF and printed it out.
 
I then Scanned computer with Avast Internet Security and all seemed fine.
 
Short on time now but if anything else is needed please tell me.  There is personal info on the PDF/email so will need to doctor that if I post it.
 
Thanks, pcpunk

Edited by pcpunk, 15 April 2017 - 03:06 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:42 PM

Posted 15 April 2017 - 11:36 AM

pcpunk:
 
This sounds like a phishing scam, as you deduced! :thumbup2:  You didn't click any links, so it is unlikely your computer is infected.
 
We can run some standard anti-malware scans just to confirm that and set your mind at ease.  I would also advise you to continue to monitor your bank account for the next few weeks on a daily basis, just to be sure.

.

:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Copy and paste the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

If I haven't responded to your reply in 48 hours, please send me a personal message.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 buddy215

buddy215

  • Moderator
  • 13,095 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:42 PM

Posted 15 April 2017 - 01:46 PM

Apple email scam alert that scares victims into thinking someone has used bank details | This is Money

 

Apple and Netflix customers are being targeted in a fake invoice e-mail scam duping them into handing over their bank details 
  • Rise in fake Apple invoices looking to steal card details of worried people
  • E-mail says users have bought music or Netflix subscriptions in App store
  • Contains 'refund' link where people are duped into sharing card numbers
  • Apple has warned people it would never ask for card details on an email  

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 15 April 2017 - 03:42 PM

Thanks very much guys, I feel better already with the support here.  I wish I could have left the Important Information that I deleted because it linked to an Microsoft account that showed my personal email.  I don't even know how to explain this without exposing the account.

 

I did a search on the email address that this came from, and it led me to an outlook email address.  From there I clicked the "View Account" in the outlook email account, and it then redirected me to an Microsoft Account that I did not create that I know of, don't see any User Name like I have in my Forum Accounts.  I also looked through the outlook account to see if there were any Outgoing emails, or anything at all, there was nothing.  
 
I also plugged the outlook account address into virustotal and many there were saying it was malicious.  One person said it was Safe, but he had no Good Reputation at virustotal, and frankly looked suspicious.  It's really the weirdest thing, at least to me, how I can do this search and end up at this account with my email attached to it.
 
I wonder if it is of any importance to anyone to see these links, and how I should report this to Microsoft also.  I thought about going back into that account and messaging ms from there, and or changing the password also, but won't make a move until the more knowledgeable tell me too.
 
I'll do the scans above also, and thanks also to buddy.
 
One friend of mine just said that it is a tip off that the email ended in "live.com" and means it’s coming from a Microsoft account and has nothing to do with Apple.
 
So I have this rouge MS Account that I should deal with ASAP right?
 
How should I report this in Yahoo Mail, as "Phishing Scam" or "Hacked Account"?
 
Thanks, pcpunk

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#5 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 15 April 2017 - 06:12 PM

@garioch7, Both scans were run and came up clean.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#6 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 16 April 2017 - 07:38 AM

When I sign up for one of the Microsoft forums does it create a Outlook Mail Account for me?  That would explain this Outlook acount.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:42 PM

Posted 16 April 2017 - 09:28 AM

pcpunk:
 
If you have Windows 10, then you might have signed up for a Microsoft account when you upgraded or "clean installed" Windows 10, or as a part of the process of configuring a new computer that came with Windows 10 installed on it.
 
That is good news that both scans came up clean.  We run a couple of more scans just to be sure that you were not infected.  I think that you dodged that bullet by not clicking on anything.  As buddy215 has pointed out, there are lots of these phishing scams out there.

.

:step1: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
.


:step2: Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.
.

Thank you and have a great day.

Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#8 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 16 April 2017 - 11:01 AM

I downloaded and installed Windows 10 for a client of mine recently, but did not sign up for anything, so still confused.  Hopefully I will be able to get to the bottom of why I have that account.  The weirdest thing is how I Linked to it with my search???

 

And Yes, I don't know a lot, but do know not to click on things like this LOL...luckily.

 

Will run these scans today.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#9 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 16 April 2017 - 11:35 AM

Here garioch7

 

I would like to keep the Auslogics Disk Defrag for now unless you think it is a hazard.  As I understand it, it's  just PUP's or Junkware that is harmless.  But would really like your opinion of it as I don't completely understand.  I know MBAM Flags it for some reason, and I tend to trust MBAM.  I don't know why these entries are there and if I want them gone or not.  I don't use ask.com or aol.com.  Although, will be installing aol.com to help some of my Senior Clients.

Chrome pref Found: [C:\Users\Stealth\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

Chrome pref Found: [C:\Users\Stealth\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com 

# AdwCleaner v6.045 - Logfile created 16/04/2017 at 12:21:40
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-16.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Stealth - WORK
# Running from : C:\Users\Stealth\Downloads\AdwCleaner\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\ProgramData\Auslogics
Folder Found:  C:\ProgramData\Application Data\Auslogics
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Folder Found:  C:\Program Files (x86)\Auslogics


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Auslogics


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Stealth\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Stealth\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1350 Bytes] - [16/04/2017 12:21:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1423 Bytes] ##########


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#10 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 16 April 2017 - 12:05 PM

JRT Looks all clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64 
Ran by Stealth (Administrator) on Sun 04/16/2017 at 12:56:04.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/16/2017 at 12:59:16.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:42 PM

Posted 16 April 2017 - 01:33 PM

pcpunk:

 

Thank you for your post and for the logs.  Since the JRT log was clean, we don't have to discuss that one.

 

The revised Malwarebytes criteria for flagging a PUP, which were instituted on October 5, 2016 can be found here, at this link.  The post announcing the changes by the CEO of Malwarebytes can be found at this link.

 

If you want to keep Auslogics products, then un-check the folders from the list found by the AdwCleaner scan, before running the "Clean" function after you scan again.

 

As for my opinion, Windows has a perfectly adequate disk defragmenter.  Why pay for one?  Have you seen any empirical evidence that the Auslogics product does a better job of defragmenting a mechanical hard drive that the built-in Windows defragmenter does?  You might want to review this post by quietman7, of the foremost computer security experts here at Bleeping Computer, about the various programs available for sale that claim to speed up your computer and make it run better.

 

Personally, I use the Windows defragmenter on my laptop, which has a mechanical hard drive.  I formerly paid for a product, but I can not see any performance difference, other than the fancy graphics, between the paid product and the Windows utility.  My main tower has an SSD, so I have no need to defrag that.

 

The bottom line is: it is YOUR computer, so YOU decide.  According to policy, staff are not supposed to comment on the merits of various programs, unless they pose a "real and present" danger to a user's computer, such as that posed by some registry optimizers and system optimizers.  I myself bricked one of my computers years ago after using such a program, which shall remain nameless, so I have heeded the advice not to fix what isn't broken and to trust that Microsoft Windows utilities are optimized for the Windows environment.  That said, Windows is not without its issues from time to time, ... such as that Skype issue that you have encountered.

 

As for the aol.com and ask.com Chrome preferences, if you did not add them, and you do use them, then I would advise that you nuke them.

 

As for your Outlook account, why not contact their Tech Support and find out when, and who, created that account?

 

Your computer does not show any indication of active malware, so I would say that you will have to wait for Microsoft to fix the Skype issue.

 

Can I be of any further assistance to you?

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#12 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 17 April 2017 - 10:10 AM

 

Can I be of any further assistance to you?

garioch7, Thank you very much for your generosity, knowledge and professionalism while helping me with my challenges.  I won't need any further help, and I followed up reading all the articles you presented.  I went ahead and Removed all the Detected junk that AdwCleaner found, and will re-evaluate using a third party Defrag.  I was only using this one because many clients of mine use it so needed to become familiar with it.  Yes, I have read what I thought was empirical evidence that Auslogics Disk Defrag was one of the Top Free Defrag tools out there, if not the number one, but can't remember the link atm.  Here is one link I read, but I don't have the knowledge to know what is a good test and what is not, and it's an old article.  No need to comment on it, just posted it in case your'e interested.

http://www.hofmannc.de/en/windows-7-defragmenter-test/benchmarks.html

 

I used Defraggler for years because of this site and the relationship with Piriform.  I love Piriform so will likely go back to them for my Defraging needs.  Honestly, i don't Defrag all that much lol,...but am a bit of a nut about NOT installing and deleting lot's of files programs etc. so I don't really need to defrag all that often.  And keep all my files on a USBx3 meaning backups on Three USB's.

 

Thanks again, pcpunk


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:42 PM

Posted 17 April 2017 - 12:27 PM

pcpunk:

 

Thank you for your post and for your kind words.  They are very much appreciated.  Thank you also for your link.

 

I formerly used Defraggler, but now rely on the Windows Defragmenter.  I do use CCleaner, but NOT the registry cleaner module.  At least it does make a backup of the registry before it "cleans", but I don't want any programs messing with my registry that purport to improve its performance or enhance its stability by correcting "errors."

 

Thank you for choosing Bleeping Computer to assist you with your computer issues.  Please stay safe out there in cyberspace and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users