Page 1 of 2

AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 3:51 am
by EvilGrins
Other day I got an update for my AVGfree that said my free trial had expired and now AVG was named Avast. Seemed weird, so I went to them on Facebook and left them a message and a screenshot about it, then went to work.

Got back from work late, wee hours of the morning, went to bed... and was awakened by my cellphone 2½ hours later.

Call was from AVG's IT guy, said he'd walk me through fixing the problem. Keeping in mind I wasn't operating off much sleep, the only reason I can think of I didn't make a big deal about the fact that this guy was rapid-fire telling me a whole bunch of stuff that had nothing to do with the problem I reported... he setup remote access to my system and I accepted that.

Not that unusual. IT folks do this all the time, I've even walked my mom through it when someone did the same on her system.

However, this time wasn't standard. After saying he was clearing some stuff up on my system and then that he needed to reboot, when my computer finished booting up a window popped up asking me for a password. I got awake REALLY FAST at that point, and called him back to ask what was going on.

He explained very calmly that he had cleared my system of issues, that everything would function as it should, and that if I didn't send him $100 he would delete every single thing off my hard drive and purge my system until it was as blank as when I first got it.

Actually, my computer was never blank... several upgrades and all, it's still got info from the 1st comp I had back in the late 1980's... but I digress.

I've had RansomWare a couple times in the past, usually it's a screen claiming to be some law enforcement agency asking me to wire them money or I can't have my system back... but this was the first time I had an active actual person do it to me.

When I refused to pay, and then explained with the countdown he provided (he initially gave me a time limit) I couldn't make it to the store on time due to distance and my lack of car, he said he'd increase the length of time on the countdown. I told his new time was still insufficient. He then said I could do this more directly with a credit card...

...like I'd give him a credit card number.

I told him I didn't have a credit card, whereupon he hung up after telling me all my content on my computer would be gone soon. By this time my computer was no longer plugged into the wall and I'd disconnected the wireless... but now I had no computer.

...and I was just getting back into playing UT too.

I've since confirmed he wasn't with AVG, that he was in no way affiliated with them (though I'm fuzzy how he knew I filed an issue and got my phone number) and the RansomWare he put on my system I should be able to get off by Saturday, possibly Friday. When not able to get it off myself (provided I can get a command prompt I find ComboFix very effective) I've a friend who's been fixing/updating my computer for years who's helped me with RansomWare before.

Wanna know the weird thing?

That bogus IT-guy has called back a few times trying to re-negotiate his price despite the fact I keep saying I won't pay.

Re: AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 5:33 am
by Hook
So sorry to hear about this EG.
You need to post this everywhere!
Let me know if there is anything I or any of us can do to help you.

Re: AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 7:51 am
by EvilGrins
Appreciate the offer of help, but if Mike can't fix this problem I doubt much of anyone else can.
Hook wrote:You need to post this everywhere!

Feel free to link it around, in less than 10 minutes I'm off work and without a computer again until possibly tomorrow night.

Re: AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 1:13 pm
by Terraniux
Can you show us a picture of how they locked your pc? I may have solutions because I had to fix this same problem for a lot people when I was a ICT (IT) guy 7 years back.
There are solutions EG.

IF it is only a password, no worries. piece of cake, if it is encryption, then maybe things get difficult but still not impossible.

Or I hope that your guy can solve it too. :tu: Let us know of any updates.

Re: AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 1:40 pm
by Feralidragon
I am honestly surprised how YOU would even get caught by this.
Maybe my perception is wrong, but I always perceived you to be the kind of guy that would be minimally informed about things like this, and be suspicious especially when things like remote access was requested.

I mean:

1) If you're using free software or a free version of it, you do NOT get that kind of support, period.
Any calls at all from "support" are always bogus.
I mean, how did he even get your phone number? Facebook perhaps? Is it public?

2) Generally these calls come from India from what I have heard, and they have a distinct Indian accent to them when speaking English.
Did the guy have an Indian accent at all?
If not, you can always go to the police and pick up the phone there once he calls again (you can set up a time to catch him).

3) You posted it in Facebook... why?
The way to go is to contact their support directly, otherwise any info you may get is bogus, especially in Facebook.
Some social platforms are OK though, since there are a few reliable ones (Reddit for instance), but definitely not Facebook.

4) The moment anyone at all asks for remote access, this is the only red flag you actually need to just hang the phone.
Other IT guys do it? They shouldn't, and you shouldn't trust them.
It's one thing if YOU do it towards a machine of someone of your family or so, it's a completely different thing in allowing any stranger at all having remote access to your system, no matter the argument they may have, it's just unthinkable.

5) Have backups, disconnected from your system, of anything you deem too important to be lost.
The moment he got remote access, that's the moment you lost everything.
You have to format the disk since nothing there is trustworthy anymore, he could have hidden plenty of stuff everywhere, including into existing files.
There may be tools that may be able to fix some things, but they're not 100% reliable.


You must always be prepared for the worst, and you ought to educate yourself a little on these things, because this is one of the oldest attacks in the book.
Youtube is filled with videos of these kinds of calls.

Re: AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 3:22 pm
by Qwerty
use bitdender free it runs the best, catches the most, and never breaks systems. When I stopped getting calls every week from my parents, my wifes parents and other friends. I knew I found the right antivirus.

Re: AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 4:38 pm
by papercoffee
EvilGrins wrote:he setup remote access to my system and I accepted that.
Not that unusual. IT folks do this all the time,

:loool: Sorry ...I hope you get your system back ...but ...but :wtf: :lol2:

Your phone number:
Every social network page want it (for security reasons) and then they lose it (due to security reasons) Facebook and Co. got hacked so many times. Every bit of private data you put into that portals are already in the wild... So, data privacy my ass.
If you use the FB App on your phone... why do you even bother to think about privacy protection?

Call in on a really late hour:
I would have just hung up. :ironic:
Then I would call in the morning the AVG support and would kick up a fuss about their service and what the hell they thing they are to call me at such a late hour. :mad2:
Just to get a surprised help-centre guy explaining me this wasn't them.

His phone number:
WHAT ARE YOU WAITING FOR??? Give the police his damn number or better ...give it to some hacker group. lol.

Your OS:
Take a Linux Live-CD.

Re: AVGfree leads to eeeeevil!

PostPosted: Fri Jun 22, 2018 4:52 pm
by UT Sniper (SJA94)
I'm confused how someone who uses a computer so much can get scammed by something as blatant as this :?

Re: AVGfree leads to eeeeevil!

PostPosted: Sat Jun 23, 2018 5:31 am
by Dr.Flay
AVG Free turning into Avast should not have been a surprise for anyone since they bought out AVG in 2016
https://blog.avast.com/avast-and-avg-become-one.

As Feralidragon pointed out, no free product will have phone support.
Even with a commercial product you will have to call them.

Posting your tech problems in a public place such as social media, will allow all scammers watching those spaces to know you are a target.

Facebook has for a long time required a phone number for validation and 2-factor authentication.
Those of you who wisely opt for 2-factor authentication, are unfortunately faced with giving your mobile number to a site you probably should not.
:noidea

You must make sure you check your privacy settings and set your personal details to hidden.

Note: Most of us here WILL have had their details made available to criminals, since so many major sites have been breached or lost control of their data.
https://haveibeenpwned.com/PwnedWebsites

If your phone number was in any of those databases, you need to prepare for lots of scam calls from people who know stuff about you.
You should consider getting a new SIM or installing an app that will watch for known bad numbers.
https://bestforandroid.com/call-blocker-apps
https://techviral.net/best-calls-blocke ... martphones
https://www.which.co.uk/reviews/nuisanc ... ng-options

There are useful sites for checking and reporting sites
https://www.whocalledme.com
https://who--called.com
https://who-called.co.uk

If you think it is time to move to a new AV, then Bitdefender, Avira and Kaspersky are the most reliable free options
https://www.av-test.org/en/antivirus/home-windows/
https://www.av-comparatives.org/comparison/

Re: AVGfree leads to eeeeevil!

PostPosted: Sat Jun 23, 2018 6:21 pm
by Red_Fist
I have all that remote assistance crap OFF, disabled. :thudown: :thudown:

Re: AVGfree leads to eeeeevil!

PostPosted: Sun Jun 24, 2018 11:13 pm
by EvilGrins
UPDATE: Mike found a way around the password, so he could access my stuff, but he couldn't remove the ransomware. Much as the last time, he took my computer back to his place to work on it.

On the one hand, kinda sucks as I'm without a computer at home (my Kindle is getting a lotta overtime to compensate) but on the plus side I'm probably gonna get an entirely updated a new computer with my content added to it.
Terraniux wrote:Can you show us a picture of how they locked your pc?

I didn't think to take a pic at the time and I can't now as I don't even have my computer while it's getting fixed.

Feralidragon wrote:I am honestly surprised how YOU would even get caught by this.

Me too.
Feralidragon wrote:Maybe my perception is wrong, but I always perceived you to be the kind of guy that would be minimally informed about things like this, and be suspicious especially when things like remote access was requested.

I've been hit with this RansomWare before so I've gotten good at avoiding places where I might get caught by it again, but this situation was totally unique in my experience.
Feralidragon wrote:Generally these calls come from India from what I have heard, and they have a distinct Indian accent to them when speaking English. Did the guy have an Indian accent at all?

He did, and he may've been in India but I used 3 separate search engines to run on his number (and sure those can be faked) but they all traced back to an outta the way town in New York.
Feralidragon wrote:You posted it in Facebook... why?

Laziness?
Qwerty wrote:When I stopped getting calls every week from my parents, my wifes parents and other friends. I knew I found the right antivirus.

But i like my family!
papercoffee wrote:If you use the FB App on your phone... why do you even bother to think about privacy protection?

I don't. Only use FB on my desktop computer, never on my phone.
papercoffee wrote:WHAT ARE YOU WAITING FOR??? Give the police his damn number or better ...give it to some hacker group. lol.

Yeah, i'm gonna file a report on him very likely... but as to feeding him to hackers, I don't know any.
UT Sniper (SJA94) wrote:I'm confused how someone who uses a computer so much can get scammed by something as blatant as this

As I mentioned, lack of sleep due to graveyard shift and this bad person called me in the wee hours of the morning.
Dr.Flay wrote:Facebook has for a long time required a phone number for validation and 2-factor authentication.

I joined FB ages ago, my phone is in no way connected to my account and I've never used it to validate anything there.
Red_Fist wrote:I have all that remote assistance crap OFF, disabled.

I will from now on.

Re: AVGfree leads to eeeeevil!

PostPosted: Sun Jun 24, 2018 11:55 pm
by Chamberly
The question is... what is causing this to show up on the computer anyway? There had to be a hell of a download that gives you this.

Re: AVGfree leads to eeeeevil!

PostPosted: Mon Jun 25, 2018 4:44 pm
by LannFyre
Chamberly wrote:The question is... what is causing this to show up on the computer anyway? There had to be a hell of a download that gives you this.

Probably "research images".
Image

Re: AVGfree leads to eeeeevil!

PostPosted: Mon Jun 25, 2018 11:09 pm
by Carbon
From what I understand the ransomware program is very small, so it wouldn't take a big download to get it onto one's system.

The thread title is a bit misleading; AVG had little to do with this situation. Personally, I have never run anti-virus software on my PC and never had an issue. I run Firefox with NoScript and a host of ad blocking/privacy software and while my internet is quite lackluster compared to how it might look to others, it keeps me safe.

And yeah...no "research images" get onto my PC. :P

Re: AVGfree leads to eeeeevil!

PostPosted: Tue Jun 26, 2018 12:03 am
by EvilGrins
Oy!

*ahem*

While I will admit I do have "research images" they were not in any relation to this situation, but thank you ever so for suggesting that.

You're off my Christmas list.