AVGfree leads to eeeeevil!
- EvilGrins
- Godlike
- Posts: 9819
- Joined: Thu Jun 30, 2011 8:12 pm
- Personal rank: God of Fudge
- Location: Palo Alto, CA
- Contact:
AVGfree leads to eeeeevil!
Other day I got an update for my AVGfree that said my free trial had expired and now AVG was named Avast. Seemed weird, so I went to them on Facebook and left them a message and a screenshot about it, then went to work.
Got back from work late, wee hours of the morning, went to bed... and was awakened by my cellphone 2½ hours later.
Call was from AVG's IT guy, said he'd walk me through fixing the problem. Keeping in mind I wasn't operating off much sleep, the only reason I can think of I didn't make a big deal about the fact that this guy was rapid-fire telling me a whole bunch of stuff that had nothing to do with the problem I reported... he setup remote access to my system and I accepted that.
Not that unusual. IT folks do this all the time, I've even walked my mom through it when someone did the same on her system.
However, this time wasn't standard. After saying he was clearing some stuff up on my system and then that he needed to reboot, when my computer finished booting up a window popped up asking me for a password. I got awake REALLY FAST at that point, and called him back to ask what was going on.
He explained very calmly that he had cleared my system of issues, that everything would function as it should, and that if I didn't send him $100 he would delete every single thing off my hard drive and purge my system until it was as blank as when I first got it.
Actually, my computer was never blank... several upgrades and all, it's still got info from the 1st comp I had back in the late 1980's... but I digress.
I've had RansomWare a couple times in the past, usually it's a screen claiming to be some law enforcement agency asking me to wire them money or I can't have my system back... but this was the first time I had an active actual person do it to me.
When I refused to pay, and then explained with the countdown he provided (he initially gave me a time limit) I couldn't make it to the store on time due to distance and my lack of car, he said he'd increase the length of time on the countdown. I told his new time was still insufficient. He then said I could do this more directly with a credit card...
...like I'd give him a credit card number.
I told him I didn't have a credit card, whereupon he hung up after telling me all my content on my computer would be gone soon. By this time my computer was no longer plugged into the wall and I'd disconnected the wireless... but now I had no computer.
...and I was just getting back into playing UT too.
I've since confirmed he wasn't with AVG, that he was in no way affiliated with them (though I'm fuzzy how he knew I filed an issue and got my phone number) and the RansomWare he put on my system I should be able to get off by Saturday, possibly Friday. When not able to get it off myself (provided I can get a command prompt I find ComboFix very effective) I've a friend who's been fixing/updating my computer for years who's helped me with RansomWare before.
Wanna know the weird thing?
That bogus IT-guy has called back a few times trying to re-negotiate his price despite the fact I keep saying I won't pay.
Got back from work late, wee hours of the morning, went to bed... and was awakened by my cellphone 2½ hours later.
Call was from AVG's IT guy, said he'd walk me through fixing the problem. Keeping in mind I wasn't operating off much sleep, the only reason I can think of I didn't make a big deal about the fact that this guy was rapid-fire telling me a whole bunch of stuff that had nothing to do with the problem I reported... he setup remote access to my system and I accepted that.
Not that unusual. IT folks do this all the time, I've even walked my mom through it when someone did the same on her system.
However, this time wasn't standard. After saying he was clearing some stuff up on my system and then that he needed to reboot, when my computer finished booting up a window popped up asking me for a password. I got awake REALLY FAST at that point, and called him back to ask what was going on.
He explained very calmly that he had cleared my system of issues, that everything would function as it should, and that if I didn't send him $100 he would delete every single thing off my hard drive and purge my system until it was as blank as when I first got it.
Actually, my computer was never blank... several upgrades and all, it's still got info from the 1st comp I had back in the late 1980's... but I digress.
I've had RansomWare a couple times in the past, usually it's a screen claiming to be some law enforcement agency asking me to wire them money or I can't have my system back... but this was the first time I had an active actual person do it to me.
When I refused to pay, and then explained with the countdown he provided (he initially gave me a time limit) I couldn't make it to the store on time due to distance and my lack of car, he said he'd increase the length of time on the countdown. I told his new time was still insufficient. He then said I could do this more directly with a credit card...
...like I'd give him a credit card number.
I told him I didn't have a credit card, whereupon he hung up after telling me all my content on my computer would be gone soon. By this time my computer was no longer plugged into the wall and I'd disconnected the wireless... but now I had no computer.
...and I was just getting back into playing UT too.
I've since confirmed he wasn't with AVG, that he was in no way affiliated with them (though I'm fuzzy how he knew I filed an issue and got my phone number) and the RansomWare he put on my system I should be able to get off by Saturday, possibly Friday. When not able to get it off myself (provided I can get a command prompt I find ComboFix very effective) I've a friend who's been fixing/updating my computer for years who's helped me with RansomWare before.
Wanna know the weird thing?
That bogus IT-guy has called back a few times trying to re-negotiate his price despite the fact I keep saying I won't pay.
http://unreal-games.livejournal.com/
Smilies · viewtopic.php?f=8&t=13758medor wrote:Replace Skaarj with EvilGrins
- Hook
- Inhuman
- Posts: 754
- Joined: Tue Apr 22, 2008 11:21 pm
- Personal rank: UT99 Promoter/Admin
- Location: Minnesota USA
- Contact:
Re: AVGfree leads to eeeeevil!
So sorry to hear about this EG.
You need to post this everywhere!
Let me know if there is anything I or any of us can do to help you.
You need to post this everywhere!
Let me know if there is anything I or any of us can do to help you.
=Hook=(Member# 626)
HUTP Active Forums: https://hooksutplace.freeforums.net/forum
HUTP UT99 Community Portal: https://hooksutplace.freeforums.net/
OR: https://hermskii.com/hook/ut99_hutp/
UT99 Server -> CROSSBONES Missile Madness {CMM}
* Newest Versions of: PRO-Redeemers | PRO-SNIPER-Redeemers | PRO-SEEKER-Redeemers <-(the Original)
and Now with FOOD FIGHT and Frying Pan arena !!!
IP: 68.232.181.236:7777 <-(NEW IP to come)
UT99 MH Server -> {CMH} CROSSBONES Monster Hunt (MH) by Mars007 (The Original) - IP: 108.61.238.93:7777
HUTP Active Forums: https://hooksutplace.freeforums.net/forum
HUTP UT99 Community Portal: https://hooksutplace.freeforums.net/
OR: https://hermskii.com/hook/ut99_hutp/
UT99 Server -> CROSSBONES Missile Madness {CMM}
* Newest Versions of: PRO-Redeemers | PRO-SNIPER-Redeemers | PRO-SEEKER-Redeemers <-(the Original)
and Now with FOOD FIGHT and Frying Pan arena !!!
IP: 68.232.181.236:7777 <-(NEW IP to come)
UT99 MH Server -> {CMH} CROSSBONES Monster Hunt (MH) by Mars007 (The Original) - IP: 108.61.238.93:7777
- EvilGrins
- Godlike
- Posts: 9819
- Joined: Thu Jun 30, 2011 8:12 pm
- Personal rank: God of Fudge
- Location: Palo Alto, CA
- Contact:
Re: AVGfree leads to eeeeevil!
Appreciate the offer of help, but if Mike can't fix this problem I doubt much of anyone else can.
Feel free to link it around, in less than 10 minutes I'm off work and without a computer again until possibly tomorrow night.Hook wrote:You need to post this everywhere!
http://unreal-games.livejournal.com/
Smilies · viewtopic.php?f=8&t=13758medor wrote:Replace Skaarj with EvilGrins
Re: AVGfree leads to eeeeevil!
Can you show us a picture of how they locked your pc? I may have solutions because I had to fix this same problem for a lot people when I was a ICT (IT) guy 7 years back.
There are solutions EG.
IF it is only a password, no worries. piece of cake, if it is encryption, then maybe things get difficult but still not impossible.
Or I hope that your guy can solve it too. Let us know of any updates.
There are solutions EG.
IF it is only a password, no worries. piece of cake, if it is encryption, then maybe things get difficult but still not impossible.
Or I hope that your guy can solve it too. Let us know of any updates.
This member can only post when permitted.
- Feralidragon
- Godlike
- Posts: 5493
- Joined: Wed Feb 27, 2008 6:24 pm
- Personal rank: Work In Progress
- Location: Liandri
Re: AVGfree leads to eeeeevil!
I am honestly surprised how YOU would even get caught by this.
Maybe my perception is wrong, but I always perceived you to be the kind of guy that would be minimally informed about things like this, and be suspicious especially when things like remote access was requested.
I mean:
1) If you're using free software or a free version of it, you do NOT get that kind of support, period.
Any calls at all from "support" are always bogus.
I mean, how did he even get your phone number? Facebook perhaps? Is it public?
2) Generally these calls come from India from what I have heard, and they have a distinct Indian accent to them when speaking English.
Did the guy have an Indian accent at all?
If not, you can always go to the police and pick up the phone there once he calls again (you can set up a time to catch him).
3) You posted it in Facebook... why?
The way to go is to contact their support directly, otherwise any info you may get is bogus, especially in Facebook.
Some social platforms are OK though, since there are a few reliable ones (Reddit for instance), but definitely not Facebook.
4) The moment anyone at all asks for remote access, this is the only red flag you actually need to just hang the phone.
Other IT guys do it? They shouldn't, and you shouldn't trust them.
It's one thing if YOU do it towards a machine of someone of your family or so, it's a completely different thing in allowing any stranger at all having remote access to your system, no matter the argument they may have, it's just unthinkable.
5) Have backups, disconnected from your system, of anything you deem too important to be lost.
The moment he got remote access, that's the moment you lost everything.
You have to format the disk since nothing there is trustworthy anymore, he could have hidden plenty of stuff everywhere, including into existing files.
There may be tools that may be able to fix some things, but they're not 100% reliable.
You must always be prepared for the worst, and you ought to educate yourself a little on these things, because this is one of the oldest attacks in the book.
Youtube is filled with videos of these kinds of calls.
Maybe my perception is wrong, but I always perceived you to be the kind of guy that would be minimally informed about things like this, and be suspicious especially when things like remote access was requested.
I mean:
1) If you're using free software or a free version of it, you do NOT get that kind of support, period.
Any calls at all from "support" are always bogus.
I mean, how did he even get your phone number? Facebook perhaps? Is it public?
2) Generally these calls come from India from what I have heard, and they have a distinct Indian accent to them when speaking English.
Did the guy have an Indian accent at all?
If not, you can always go to the police and pick up the phone there once he calls again (you can set up a time to catch him).
3) You posted it in Facebook... why?
The way to go is to contact their support directly, otherwise any info you may get is bogus, especially in Facebook.
Some social platforms are OK though, since there are a few reliable ones (Reddit for instance), but definitely not Facebook.
4) The moment anyone at all asks for remote access, this is the only red flag you actually need to just hang the phone.
Other IT guys do it? They shouldn't, and you shouldn't trust them.
It's one thing if YOU do it towards a machine of someone of your family or so, it's a completely different thing in allowing any stranger at all having remote access to your system, no matter the argument they may have, it's just unthinkable.
5) Have backups, disconnected from your system, of anything you deem too important to be lost.
The moment he got remote access, that's the moment you lost everything.
You have to format the disk since nothing there is trustworthy anymore, he could have hidden plenty of stuff everywhere, including into existing files.
There may be tools that may be able to fix some things, but they're not 100% reliable.
You must always be prepared for the worst, and you ought to educate yourself a little on these things, because this is one of the oldest attacks in the book.
Youtube is filled with videos of these kinds of calls.
-
- Inhuman
- Posts: 850
- Joined: Wed Mar 12, 2008 7:14 pm
- Personal rank: I.T Master
- Location: New York
- Contact:
Re: AVGfree leads to eeeeevil!
use bitdender free it runs the best, catches the most, and never breaks systems. When I stopped getting calls every week from my parents, my wifes parents and other friends. I knew I found the right antivirus.
https://www.vulpinemission.com
ROCKET-X8 Server
MONSTERHUNT w/ NALI WEAPONS 3 + RX8
BUNNYTRACK NY
SNIPER DEATHMATCH
InstaGib + ComboGib + Jailbreak
ROSEBUM ROCKET-X RB
ROCKET-X8 Server
MONSTERHUNT w/ NALI WEAPONS 3 + RX8
BUNNYTRACK NY
SNIPER DEATHMATCH
InstaGib + ComboGib + Jailbreak
ROSEBUM ROCKET-X RB
- papercoffee
- Godlike
- Posts: 10457
- Joined: Wed Jul 15, 2009 11:36 am
- Personal rank: coffee addicted !!!
- Location: Cologne, the city with the big cathedral.
- Contact:
Re: AVGfree leads to eeeeevil!
Sorry ...I hope you get your system back ...but ...butEvilGrins wrote: he setup remote access to my system and I accepted that.
Not that unusual. IT folks do this all the time,
Your phone number:
Every social network page want it (for security reasons) and then they lose it (due to security reasons) Facebook and Co. got hacked so many times. Every bit of private data you put into that portals are already in the wild... So, data privacy my ass.
If you use the FB App on your phone... why do you even bother to think about privacy protection?
Call in on a really late hour:
I would have just hung up.
Then I would call in the morning the AVG support and would kick up a fuss about their service and what the hell they thing they are to call me at such a late hour.
Just to get a surprised help-centre guy explaining me this wasn't them.
His phone number:
WHAT ARE YOU WAITING FOR??? Give the police his damn number or better ...give it to some hacker group. lol.
Your OS:
Take a Linux Live-CD.
Last edited by papercoffee on Fri Jun 22, 2018 5:38 pm, edited 2 times in total.
Reason: typo
Reason: typo
- UT Sniper (SJA94)
- Inhuman
- Posts: 753
- Joined: Thu Jun 24, 2010 10:35 pm
- Personal rank: Retard
- Location: England
- Contact:
Re: AVGfree leads to eeeeevil!
I'm confused how someone who uses a computer so much can get scammed by something as blatant as this
- Dr.Flay
- Godlike
- Posts: 3348
- Joined: Thu Aug 04, 2011 9:26 pm
- Personal rank: Chaos Evangelist
- Location: Kernow, UK
- Contact:
Re: AVGfree leads to eeeeevil!
AVG Free turning into Avast should not have been a surprise for anyone since they bought out AVG in 2016
https://blog.avast.com/avast-and-avg-become-one.
As Feralidragon pointed out, no free product will have phone support.
Even with a commercial product you will have to call them.
Posting your tech problems in a public place such as social media, will allow all scammers watching those spaces to know you are a target.
Facebook has for a long time required a phone number for validation and 2-factor authentication.
Those of you who wisely opt for 2-factor authentication, are unfortunately faced with giving your mobile number to a site you probably should not.
You must make sure you check your privacy settings and set your personal details to hidden.
Note: Most of us here WILL have had their details made available to criminals, since so many major sites have been breached or lost control of their data.
https://haveibeenpwned.com/PwnedWebsites
If your phone number was in any of those databases, you need to prepare for lots of scam calls from people who know stuff about you.
You should consider getting a new SIM or installing an app that will watch for known bad numbers.
https://bestforandroid.com/call-blocker-apps
https://techviral.net/best-calls-blocke ... martphones
https://www.which.co.uk/reviews/nuisanc ... ng-options
There are useful sites for checking and reporting sites
https://www.whocalledme.com
https://who--called.com
https://who-called.co.uk
If you think it is time to move to a new AV, then Bitdefender, Avira and Kaspersky are the most reliable free options
https://www.av-test.org/en/antivirus/home-windows/
https://www.av-comparatives.org/comparison/
https://blog.avast.com/avast-and-avg-become-one.
As Feralidragon pointed out, no free product will have phone support.
Even with a commercial product you will have to call them.
Posting your tech problems in a public place such as social media, will allow all scammers watching those spaces to know you are a target.
Facebook has for a long time required a phone number for validation and 2-factor authentication.
Those of you who wisely opt for 2-factor authentication, are unfortunately faced with giving your mobile number to a site you probably should not.
You must make sure you check your privacy settings and set your personal details to hidden.
Note: Most of us here WILL have had their details made available to criminals, since so many major sites have been breached or lost control of their data.
https://haveibeenpwned.com/PwnedWebsites
If your phone number was in any of those databases, you need to prepare for lots of scam calls from people who know stuff about you.
You should consider getting a new SIM or installing an app that will watch for known bad numbers.
https://bestforandroid.com/call-blocker-apps
https://techviral.net/best-calls-blocke ... martphones
https://www.which.co.uk/reviews/nuisanc ... ng-options
There are useful sites for checking and reporting sites
https://www.whocalledme.com
https://who--called.com
https://who-called.co.uk
If you think it is time to move to a new AV, then Bitdefender, Avira and Kaspersky are the most reliable free options
https://www.av-test.org/en/antivirus/home-windows/
https://www.av-comparatives.org/comparison/
UT99.org House Rules
ChaosUT https://chaoticdreams.org
Your Unreal resources: https://yourunreal.wordpress.com
The UT99/UnReal Directory: https://forumdirectory.freeforums.org
Find me on Steam and GoG
ChaosUT https://chaoticdreams.org
Your Unreal resources: https://yourunreal.wordpress.com
The UT99/UnReal Directory: https://forumdirectory.freeforums.org
Find me on Steam and GoG
Re: AVGfree leads to eeeeevil!
I have all that remote assistance crap OFF, disabled.
Binary Space Partitioning
- EvilGrins
- Godlike
- Posts: 9819
- Joined: Thu Jun 30, 2011 8:12 pm
- Personal rank: God of Fudge
- Location: Palo Alto, CA
- Contact:
Re: AVGfree leads to eeeeevil!
UPDATE: Mike found a way around the password, so he could access my stuff, but he couldn't remove the ransomware. Much as the last time, he took my computer back to his place to work on it.
On the one hand, kinda sucks as I'm without a computer at home (my Kindle is getting a lotta overtime to compensate) but on the plus side I'm probably gonna get an entirely updated a new computer with my content added to it.
On the one hand, kinda sucks as I'm without a computer at home (my Kindle is getting a lotta overtime to compensate) but on the plus side I'm probably gonna get an entirely updated a new computer with my content added to it.
I didn't think to take a pic at the time and I can't now as I don't even have my computer while it's getting fixed.Terraniux wrote:Can you show us a picture of how they locked your pc?
Me too.Feralidragon wrote:I am honestly surprised how YOU would even get caught by this.
I've been hit with this RansomWare before so I've gotten good at avoiding places where I might get caught by it again, but this situation was totally unique in my experience.Feralidragon wrote:Maybe my perception is wrong, but I always perceived you to be the kind of guy that would be minimally informed about things like this, and be suspicious especially when things like remote access was requested.
He did, and he may've been in India but I used 3 separate search engines to run on his number (and sure those can be faked) but they all traced back to an outta the way town in New York.Feralidragon wrote:Generally these calls come from India from what I have heard, and they have a distinct Indian accent to them when speaking English. Did the guy have an Indian accent at all?
Laziness?Feralidragon wrote:You posted it in Facebook... why?
But i like my family!Qwerty wrote:When I stopped getting calls every week from my parents, my wifes parents and other friends. I knew I found the right antivirus.
I don't. Only use FB on my desktop computer, never on my phone.papercoffee wrote:If you use the FB App on your phone... why do you even bother to think about privacy protection?
Yeah, i'm gonna file a report on him very likely... but as to feeding him to hackers, I don't know any.papercoffee wrote:WHAT ARE YOU WAITING FOR??? Give the police his damn number or better ...give it to some hacker group. lol.
As I mentioned, lack of sleep due to graveyard shift and this bad person called me in the wee hours of the morning.UT Sniper (SJA94) wrote:I'm confused how someone who uses a computer so much can get scammed by something as blatant as this
I joined FB ages ago, my phone is in no way connected to my account and I've never used it to validate anything there.Dr.Flay wrote:Facebook has for a long time required a phone number for validation and 2-factor authentication.
I will from now on.Red_Fist wrote:I have all that remote assistance crap OFF, disabled.
http://unreal-games.livejournal.com/
Smilies · viewtopic.php?f=8&t=13758medor wrote:Replace Skaarj with EvilGrins
- Chamberly
- Godlike
- Posts: 1963
- Joined: Sat Sep 17, 2011 4:32 pm
- Personal rank: Dame. Vandora
- Location: TN, USA
- Contact:
Re: AVGfree leads to eeeeevil!
The question is... what is causing this to show up on the computer anyway? There had to be a hell of a download that gives you this.
Re: AVGfree leads to eeeeevil!
Probably "research images".Chamberly wrote:The question is... what is causing this to show up on the computer anyway? There had to be a hell of a download that gives you this.
Additional Beyond Unreal Wiki Links
wiki.beyondunreal.com/Legacy:Console_Bar
wiki.beyondunreal.com/Exec_commands#Load
wiki.beyondunreal.com/Legacy:Exec_Directive#Loading_Other_Packages
wiki.beyondunreal.com/Legacy:Config_Vars_And_.Ini_Files
wiki.beyondunreal.com/Legacy:INT_File
wiki.beyondunreal.com/Exec_commands#Load
wiki.beyondunreal.com/Legacy:Exec_Directive#Loading_Other_Packages
wiki.beyondunreal.com/Legacy:Config_Vars_And_.Ini_Files
wiki.beyondunreal.com/Legacy:INT_File
Re: AVGfree leads to eeeeevil!
From what I understand the ransomware program is very small, so it wouldn't take a big download to get it onto one's system.
The thread title is a bit misleading; AVG had little to do with this situation. Personally, I have never run anti-virus software on my PC and never had an issue. I run Firefox with NoScript and a host of ad blocking/privacy software and while my internet is quite lackluster compared to how it might look to others, it keeps me safe.
And yeah...no "research images" get onto my PC.
The thread title is a bit misleading; AVG had little to do with this situation. Personally, I have never run anti-virus software on my PC and never had an issue. I run Firefox with NoScript and a host of ad blocking/privacy software and while my internet is quite lackluster compared to how it might look to others, it keeps me safe.
And yeah...no "research images" get onto my PC.
- EvilGrins
- Godlike
- Posts: 9819
- Joined: Thu Jun 30, 2011 8:12 pm
- Personal rank: God of Fudge
- Location: Palo Alto, CA
- Contact:
Re: AVGfree leads to eeeeevil!
Oy!
*ahem*
While I will admit I do have "research images" they were not in any relation to this situation, but thank you ever so for suggesting that.
You're off my Christmas list.
*ahem*
While I will admit I do have "research images" they were not in any relation to this situation, but thank you ever so for suggesting that.
You're off my Christmas list.
http://unreal-games.livejournal.com/
Smilies · viewtopic.php?f=8&t=13758medor wrote:Replace Skaarj with EvilGrins