MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 11-18-05, 17:39
Ragnarok's Avatar
Ragnarok Ragnarok is offline
Private First Class
 
Join Date: Nov 2004
Location: 127.0.0.1
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default Scam?

Something weird just happened as I surfed into the majorgeeks website. MS Antispy popped up a window saying that "syserrors.com" was trying to enter my trusted zone. I did a quick investigation which took me to http://www.syserrors.com/ which promptly informed me I was infected with W32.Sinnaka.A@mm and that my computer is being controlled from ip: 227.4.167.118
I did a whois on the ip and the info I got back was:
NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16
I searched the name of the worm on google and found the name of the files it drops, searched my h/drives for them and came up clean. I then ran AVG and that to came up clean. I can only conclude this is a scam to get you to try/buy the products listed on this site. What is a major concern aside from the unethical way of luring you to their site is that they appear to be using the official MS Security Centre logo on there. Can anyone enlighten me as to whether these people are connected to MS? btw I blocked there access but if "Joe Average" stumbled upon this he could wind up in all sorts of trouble.
__________________
Mein Luftkissenfahrzeug ist von den Aalen voll.
Reply With Quote
Sponsored links
  #2  
Old 11-18-05, 18:23
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,248
Thanks: 61
Thanked 7,615 Times in 4,100 Posts
Default Re: Scam?

WHat people?

The address you listed is just part of a reserved set of addresses used for Multicast Networks. Multicast is used most frequently in Video networks where one stream is broadcast over a network and many different endpoints (users) can join the multicast stream. It reduces network bandwidth by only transmitting one stream no matter how many end users join to receive it.

And yes http://www.syserrors.com/ is a scam!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #3  
Old 11-18-05, 18:28
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,248
Thanks: 61
Thanked 7,615 Times in 4,100 Posts
Default Re: Scam?

By the way, both SpyAxe and SpyTrooper are listed on the rogue list:

http://www.spywarewarrior.com/rogue_anti-spyware.htm
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #4  
Old 11-18-05, 18:30
Ragnarok's Avatar
Ragnarok Ragnarok is offline
Private First Class
 
Join Date: Nov 2004
Location: 127.0.0.1
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Scam?

Thanks for your reply Chaslang, the ip the site gave out was as follows:
Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:
- \WINDOWS\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official anti-spyware software

I traced it with SamSpade and was unaware of exactly what multicast was/is. Thank you for clearing that up.

I wonder if MS are aware of them using their "Security" logo.
__________________
Mein Luftkissenfahrzeug ist von den Aalen voll.
Reply With Quote
  #5  
Old 11-18-05, 18:38
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,248
Thanks: 61
Thanked 7,615 Times in 4,100 Posts
Default Re: Scam?

Quote:
Originally Posted by Ragnarok
I wonder if MS are aware of them using their "Security" logo.
I doubt it! But I wonder if that icon is trade marked?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:31.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger