AVGfree leads to eeeeevil!

Discussions about everything else
User avatar
EvilGrins
Godlike
Posts: 9668
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

AVGfree leads to eeeeevil!

Post by EvilGrins »

Other day I got an update for my AVGfree that said my free trial had expired and now AVG was named Avast. Seemed weird, so I went to them on Facebook and left them a message and a screenshot about it, then went to work.

Got back from work late, wee hours of the morning, went to bed... and was awakened by my cellphone 2½ hours later.

Call was from AVG's IT guy, said he'd walk me through fixing the problem. Keeping in mind I wasn't operating off much sleep, the only reason I can think of I didn't make a big deal about the fact that this guy was rapid-fire telling me a whole bunch of stuff that had nothing to do with the problem I reported... he setup remote access to my system and I accepted that.

Not that unusual. IT folks do this all the time, I've even walked my mom through it when someone did the same on her system.

However, this time wasn't standard. After saying he was clearing some stuff up on my system and then that he needed to reboot, when my computer finished booting up a window popped up asking me for a password. I got awake REALLY FAST at that point, and called him back to ask what was going on.

He explained very calmly that he had cleared my system of issues, that everything would function as it should, and that if I didn't send him $100 he would delete every single thing off my hard drive and purge my system until it was as blank as when I first got it.

Actually, my computer was never blank... several upgrades and all, it's still got info from the 1st comp I had back in the late 1980's... but I digress.

I've had RansomWare a couple times in the past, usually it's a screen claiming to be some law enforcement agency asking me to wire them money or I can't have my system back... but this was the first time I had an active actual person do it to me.

When I refused to pay, and then explained with the countdown he provided (he initially gave me a time limit) I couldn't make it to the store on time due to distance and my lack of car, he said he'd increase the length of time on the countdown. I told his new time was still insufficient. He then said I could do this more directly with a credit card...

...like I'd give him a credit card number.

I told him I didn't have a credit card, whereupon he hung up after telling me all my content on my computer would be gone soon. By this time my computer was no longer plugged into the wall and I'd disconnected the wireless... but now I had no computer.

...and I was just getting back into playing UT too.

I've since confirmed he wasn't with AVG, that he was in no way affiliated with them (though I'm fuzzy how he knew I filed an issue and got my phone number) and the RansomWare he put on my system I should be able to get off by Saturday, possibly Friday. When not able to get it off myself (provided I can get a command prompt I find ComboFix very effective) I've a friend who's been fixing/updating my computer for years who's helped me with RansomWare before.

Wanna know the weird thing?

That bogus IT-guy has called back a few times trying to re-negotiate his price despite the fact I keep saying I won't pay.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758
User avatar
Hook
Inhuman
Posts: 754
Joined: Tue Apr 22, 2008 11:21 pm
Personal rank: UT99 Promoter/Admin
Location: Minnesota USA
Contact:

Re: AVGfree leads to eeeeevil!

Post by Hook »

So sorry to hear about this EG.
You need to post this everywhere!
Let me know if there is anything I or any of us can do to help you.
=Hook=(Member# 626)
HUTP Active Forums: https://hooksutplace.freeforums.net/forum
HUTP UT99 Community Portal: https://hooksutplace.freeforums.net/
OR: https://hermskii.com/hook/ut99_hutp/
UT99 Server -> CROSSBONES Missile Madness {CMM}

* Newest Versions of: PRO-Redeemers | PRO-SNIPER-Redeemers | PRO-SEEKER-Redeemers <-(the Original)
and Now with FOOD FIGHT and Frying Pan arena !!!
IP: 68.232.181.236:7777 <-(NEW IP to come)
UT99 MH Server -> {CMH} CROSSBONES Monster Hunt (MH) by Mars007 (The Original) - IP: 108.61.238.93:7777
User avatar
EvilGrins
Godlike
Posts: 9668
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

Re: AVGfree leads to eeeeevil!

Post by EvilGrins »

Appreciate the offer of help, but if Mike can't fix this problem I doubt much of anyone else can.
Hook wrote:You need to post this everywhere!
Feel free to link it around, in less than 10 minutes I'm off work and without a computer again until possibly tomorrow night.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758
Terraniux
Masterful
Posts: 717
Joined: Mon Jan 05, 2009 8:08 pm
Personal rank: Banished member

Re: AVGfree leads to eeeeevil!

Post by Terraniux »

Can you show us a picture of how they locked your pc? I may have solutions because I had to fix this same problem for a lot people when I was a ICT (IT) guy 7 years back.
There are solutions EG.

IF it is only a password, no worries. piece of cake, if it is encryption, then maybe things get difficult but still not impossible.

Or I hope that your guy can solve it too. :tu: Let us know of any updates.
This member can only post when permitted.
User avatar
Feralidragon
Godlike
Posts: 5489
Joined: Wed Feb 27, 2008 6:24 pm
Personal rank: Work In Progress
Location: Liandri

Re: AVGfree leads to eeeeevil!

Post by Feralidragon »

I am honestly surprised how YOU would even get caught by this.
Maybe my perception is wrong, but I always perceived you to be the kind of guy that would be minimally informed about things like this, and be suspicious especially when things like remote access was requested.

I mean:

1) If you're using free software or a free version of it, you do NOT get that kind of support, period.
Any calls at all from "support" are always bogus.
I mean, how did he even get your phone number? Facebook perhaps? Is it public?

2) Generally these calls come from India from what I have heard, and they have a distinct Indian accent to them when speaking English.
Did the guy have an Indian accent at all?
If not, you can always go to the police and pick up the phone there once he calls again (you can set up a time to catch him).

3) You posted it in Facebook... why?
The way to go is to contact their support directly, otherwise any info you may get is bogus, especially in Facebook.
Some social platforms are OK though, since there are a few reliable ones (Reddit for instance), but definitely not Facebook.

4) The moment anyone at all asks for remote access, this is the only red flag you actually need to just hang the phone.
Other IT guys do it? They shouldn't, and you shouldn't trust them.
It's one thing if YOU do it towards a machine of someone of your family or so, it's a completely different thing in allowing any stranger at all having remote access to your system, no matter the argument they may have, it's just unthinkable.

5) Have backups, disconnected from your system, of anything you deem too important to be lost.
The moment he got remote access, that's the moment you lost everything.
You have to format the disk since nothing there is trustworthy anymore, he could have hidden plenty of stuff everywhere, including into existing files.
There may be tools that may be able to fix some things, but they're not 100% reliable.


You must always be prepared for the worst, and you ought to educate yourself a little on these things, because this is one of the oldest attacks in the book.
Youtube is filled with videos of these kinds of calls.
RocketJedi
Inhuman
Posts: 850
Joined: Wed Mar 12, 2008 7:14 pm
Personal rank: I.T Master
Location: New York
Contact:

Re: AVGfree leads to eeeeevil!

Post by RocketJedi »

use bitdender free it runs the best, catches the most, and never breaks systems. When I stopped getting calls every week from my parents, my wifes parents and other friends. I knew I found the right antivirus.
https://www.vulpinemission.com
Image ROCKET-X8 Server
Image MONSTERHUNT w/ NALI WEAPONS 3 + RX8
Image BUNNYTRACK NY
Image SNIPER DEATHMATCH
Image InstaGib + ComboGib + Jailbreak
Image ROSEBUM ROCKET-X RB
User avatar
papercoffee
Godlike
Posts: 10443
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.
Contact:

Re: AVGfree leads to eeeeevil!

Post by papercoffee »

EvilGrins wrote: he setup remote access to my system and I accepted that.
Not that unusual. IT folks do this all the time,
:loool: Sorry ...I hope you get your system back ...but ...but :wtf: :lol2:

Your phone number:
Every social network page want it (for security reasons) and then they lose it (due to security reasons) Facebook and Co. got hacked so many times. Every bit of private data you put into that portals are already in the wild... So, data privacy my ass.
If you use the FB App on your phone... why do you even bother to think about privacy protection?

Call in on a really late hour:
I would have just hung up. :ironic:
Then I would call in the morning the AVG support and would kick up a fuss about their service and what the hell they thing they are to call me at such a late hour. :mad2:
Just to get a surprised help-centre guy explaining me this wasn't them.

His phone number:
WHAT ARE YOU WAITING FOR??? Give the police his damn number or better ...give it to some hacker group. lol.

Your OS:
Take a Linux Live-CD.
Last edited by papercoffee on Fri Jun 22, 2018 5:38 pm, edited 2 times in total.
Reason: typo
User avatar
UT Sniper (SJA94)
Inhuman
Posts: 753
Joined: Thu Jun 24, 2010 10:35 pm
Personal rank: Retard
Location: England
Contact:

Re: AVGfree leads to eeeeevil!

Post by UT Sniper (SJA94) »

I'm confused how someone who uses a computer so much can get scammed by something as blatant as this :?
User avatar
Dr.Flay
Godlike
Posts: 3347
Joined: Thu Aug 04, 2011 9:26 pm
Personal rank: Chaos Evangelist
Location: Kernow, UK
Contact:

Re: AVGfree leads to eeeeevil!

Post by Dr.Flay »

AVG Free turning into Avast should not have been a surprise for anyone since they bought out AVG in 2016
https://blog.avast.com/avast-and-avg-become-one.

As Feralidragon pointed out, no free product will have phone support.
Even with a commercial product you will have to call them.

Posting your tech problems in a public place such as social media, will allow all scammers watching those spaces to know you are a target.

Facebook has for a long time required a phone number for validation and 2-factor authentication.
Those of you who wisely opt for 2-factor authentication, are unfortunately faced with giving your mobile number to a site you probably should not.
:noidea

You must make sure you check your privacy settings and set your personal details to hidden.

Note: Most of us here WILL have had their details made available to criminals, since so many major sites have been breached or lost control of their data.
https://haveibeenpwned.com/PwnedWebsites

If your phone number was in any of those databases, you need to prepare for lots of scam calls from people who know stuff about you.
You should consider getting a new SIM or installing an app that will watch for known bad numbers.
https://bestforandroid.com/call-blocker-apps
https://techviral.net/best-calls-blocke ... martphones
https://www.which.co.uk/reviews/nuisanc ... ng-options

There are useful sites for checking and reporting sites
https://www.whocalledme.com
https://who--called.com
https://who-called.co.uk

If you think it is time to move to a new AV, then Bitdefender, Avira and Kaspersky are the most reliable free options
https://www.av-test.org/en/antivirus/home-windows/
https://www.av-comparatives.org/comparison/
Red_Fist
Godlike
Posts: 2163
Joined: Sun Oct 05, 2008 3:31 am

Re: AVGfree leads to eeeeevil!

Post by Red_Fist »

I have all that remote assistance crap OFF, disabled. :thudown: :thudown:
Binary Space Partitioning
User avatar
EvilGrins
Godlike
Posts: 9668
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

Re: AVGfree leads to eeeeevil!

Post by EvilGrins »

UPDATE: Mike found a way around the password, so he could access my stuff, but he couldn't remove the ransomware. Much as the last time, he took my computer back to his place to work on it.

On the one hand, kinda sucks as I'm without a computer at home (my Kindle is getting a lotta overtime to compensate) but on the plus side I'm probably gonna get an entirely updated a new computer with my content added to it.
Terraniux wrote:Can you show us a picture of how they locked your pc?
I didn't think to take a pic at the time and I can't now as I don't even have my computer while it's getting fixed.
Feralidragon wrote:I am honestly surprised how YOU would even get caught by this.
Me too.
Feralidragon wrote:Maybe my perception is wrong, but I always perceived you to be the kind of guy that would be minimally informed about things like this, and be suspicious especially when things like remote access was requested.
I've been hit with this RansomWare before so I've gotten good at avoiding places where I might get caught by it again, but this situation was totally unique in my experience.
Feralidragon wrote:Generally these calls come from India from what I have heard, and they have a distinct Indian accent to them when speaking English. Did the guy have an Indian accent at all?
He did, and he may've been in India but I used 3 separate search engines to run on his number (and sure those can be faked) but they all traced back to an outta the way town in New York.
Feralidragon wrote:You posted it in Facebook... why?
Laziness?
Qwerty wrote:When I stopped getting calls every week from my parents, my wifes parents and other friends. I knew I found the right antivirus.
But i like my family!
papercoffee wrote:If you use the FB App on your phone... why do you even bother to think about privacy protection?
I don't. Only use FB on my desktop computer, never on my phone.
papercoffee wrote:WHAT ARE YOU WAITING FOR??? Give the police his damn number or better ...give it to some hacker group. lol.
Yeah, i'm gonna file a report on him very likely... but as to feeding him to hackers, I don't know any.
UT Sniper (SJA94) wrote:I'm confused how someone who uses a computer so much can get scammed by something as blatant as this
As I mentioned, lack of sleep due to graveyard shift and this bad person called me in the wee hours of the morning.
Dr.Flay wrote:Facebook has for a long time required a phone number for validation and 2-factor authentication.
I joined FB ages ago, my phone is in no way connected to my account and I've never used it to validate anything there.
Red_Fist wrote:I have all that remote assistance crap OFF, disabled.
I will from now on.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758
User avatar
Chamberly
Godlike
Posts: 1963
Joined: Sat Sep 17, 2011 4:32 pm
Personal rank: Dame. Vandora
Location: TN, USA
Contact:

Re: AVGfree leads to eeeeevil!

Post by Chamberly »

The question is... what is causing this to show up on the computer anyway? There had to be a hell of a download that gives you this.
Image
Image
Image Edit: Why does my sig not work anymore?
User avatar
ANUBITEK
Adept
Posts: 261
Joined: Sun Dec 28, 2014 1:10 am
Location: Anubitek

Re: AVGfree leads to eeeeevil!

Post by ANUBITEK »

Chamberly wrote:The question is... what is causing this to show up on the computer anyway? There had to be a hell of a download that gives you this.
Probably "research images".
Image
<<| http://uncodex.ut-files.com/ |>>

Code reference for UGold, UT99, Unreal2, UT2k3, UT3
Additional Beyond Unreal Wiki Links
wiki.beyondunreal.com/Legacy:Console_Bar
wiki.beyondunreal.com/Exec_commands#Load
wiki.beyondunreal.com/Legacy:Exec_Directive#Loading_Other_Packages
wiki.beyondunreal.com/Legacy:Config_Vars_And_.Ini_Files
wiki.beyondunreal.com/Legacy:INT_File
User avatar
Carbon
Inhuman
Posts: 855
Joined: Thu Jan 17, 2013 1:52 pm
Personal rank: Hoarder.

Re: AVGfree leads to eeeeevil!

Post by Carbon »

From what I understand the ransomware program is very small, so it wouldn't take a big download to get it onto one's system.

The thread title is a bit misleading; AVG had little to do with this situation. Personally, I have never run anti-virus software on my PC and never had an issue. I run Firefox with NoScript and a host of ad blocking/privacy software and while my internet is quite lackluster compared to how it might look to others, it keeps me safe.

And yeah...no "research images" get onto my PC. :P
User avatar
EvilGrins
Godlike
Posts: 9668
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

Re: AVGfree leads to eeeeevil!

Post by EvilGrins »

Oy!

*ahem*

While I will admit I do have "research images" they were not in any relation to this situation, but thank you ever so for suggesting that.

You're off my Christmas list.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758
Post Reply