Serious warning

[Guest]

I made a mistake today by opening the rlcreplay.com website. On the front page there was a video of Leora bating on the LR couch, dated on April 10. I was a bit surprised of that date as I thought Leora was away from home all day. Anyway, I clicked the link, and my laptop started getting crazy. A male voice said he is from Microsoft and they can see that my computer has been seriously attacked and there will be big damages if I do not immediately call their support center for help. There was a toll-free number on the screen, I called and explained the problem, and the technician started asking questions and then took a connection to my computer. He went through the system - sometimes I needed to translate what I see in my language - and showed me all the problems, plenty of them! In this process, he also got the picture of Leora´s bating video which had caused the attack - that was a bit embarrassing for me, but he did not make any other comments than "aha". I have used Internet Explorer´s InPrivate connection, but yet he saw what I had watched.

He was a real salesman - the company is WeTechConsultants, I guess in Ireland - he proved me that I do not have sufficient protection for my Internet and finally sold me a lifetime endorsable software for 350 USD. Quite an expensive click. After we had made the deal, another technician started to clean and fix my computer - there were about 1,200 items that had to be fixed. This work took almost an hour, and the guy called me when he had finished, and my computer is now "good as new".

CC´s policy of not allowing uploads from third party sites is excellent. I have learnt my lesson and will no more open rlcreplay.com and its sister sites. I have noticed before this event that those sites try to offer as many pop-up ads as possible, but I was too naive to believe that there is also malware involved. Of course I hope that the videos that have been uploaded to such malware sites can instead be uploaded to the CC attachments center, which is nowadays too much filled up with pictures from Russian voyeur sites.

[Foamy T. Squirrel]

Mistake #1. Never click on anything that says you have problem. Kill the browser and run scans.

Mistake #2. Microsoft does not call people. Bad guys call you, to help you "fix" your computer. Now, your computer is now part of a botnet.

Try running Malwarebytes, Spybot Search & Replace, and your anti-virus program. If they find nothing, that means you might have a very serious problem that cannot be fixed.

My suggestion is to format the drive and re-install the system. And change your credit card numbers, and put your bank accounts on "Hold." And do it NOW.

[Foamy T. Squirrel]

AND CHANGE ALL YOUR PASSWORDS AFTER YOU REINSTALL. BETTER YET, GET HOLD OF ANOTHER KNOWN CLEAN COMPUTER AND CHANGE THEM ASAP. INCLUDING YOUR CAMCAPS PASSWORD. And don't upload links to CC. I will delete  them, because they are not your posts: they belong to your highjacked system.

[timber]

48 minutes ago, kalevipoeg said:

I made a mistake today by opening the rlcreplay.com website. On the front page there was a video of Leora bating on the LR couch, dated on April 10. I was a bit surprised of that date as I thought Leora was away from home all day. Anyway, I clicked the link, and my laptop started getting crazy. A male voice said he is from Microsoft and they can see that my computer has been seriously attacked and there will be big damages if I do not immediately call their support center for help. There was a toll-free number on the screen, I called and explained the problem, and the technician started asking questions and then took a connection to my computer. He went through the system - sometimes I needed to translate what I see in my language - and showed me all the problems, plenty of them! In this process, he also got the picture of Leora´s bating video which had caused the attack - that was a bit embarrassing for me, but he did not make any other comments than "aha". I have used Internet Explorer´s InPrivate connection, but yet he saw what I had watched.

He was a real salesman - the company is WeTechConsultants, I guess in Ireland - he proved me that I do not have sufficient protection for my Internet and finally sold me a lifetime endorsable software for 350 USD. Quite an expensive click. After we had made the deal, another technician started to clean and fix my computer - there were about 1,200 items that had to be fixed. This work took almost an hour, and the guy called me when he had finished, and my computer is now "good as new".

CC´s policy of not allowing uploads from third party sites is excellent. I have learnt my lesson and will no more open rlcreplay.com and its sister sites. I have noticed before this event that those sites try to offer as many pop-up ads as possible, but I was too naive to believe that there is also malware involved. Of course I hope that the videos that have been uploaded to such malware sites can instead be uploaded to the CC attachments center, which is nowadays too much filled up with pictures from Russian voyeur sites.

As Foamy says, this was 100% a scam. Your computer was probably fine before, but whatever software you installed to give the 'technician' access to your computer (teamviewer?) allowed them to compromise it. I would immediately dispute the payment you made with your bank, and I would take the computer to a local computer place if you have one and tell them what happened. Reformatting and reinstalling everything is probably a good idea. Changing any important passwords that may have been accessible from the computer is also a good idea (but do it on a different computer). In the meantime, make sure that computer isn't connected to the internet.

[StnCld316]

8 hours ago, kalevipoeg said:

I made a mistake today by opening the rlcreplay.com website. On the front page there was a video of Leora bating on the LR couch, dated on April 10. I was a bit surprised of that date as I thought Leora was away from home all day. Anyway, I clicked the link, and my laptop started getting crazy. A male voice said he is from Microsoft and they can see that my computer has been seriously attacked and there will be big damages if I do not immediately call their support center for help. There was a toll-free number on the screen, I called and explained the problem, and the technician started asking questions and then took a connection to my computer. He went through the system - sometimes I needed to translate what I see in my language - and showed me all the problems, plenty of them! In this process, he also got the picture of Leora´s bating video which had caused the attack - that was a bit embarrassing for me, but he did not make any other comments than "aha". I have used Internet Explorer´s InPrivate connection, but yet he saw what I had watched.

He was a real salesman - the company is WeTechConsultants, I guess in Ireland - he proved me that I do not have sufficient protection for my Internet and finally sold me a lifetime endorsable software for 350 USD. Quite an expensive click. After we had made the deal, another technician started to clean and fix my computer - there were about 1,200 items that had to be fixed. This work took almost an hour, and the guy called me when he had finished, and my computer is now "good as new".

CC´s policy of not allowing uploads from third party sites is excellent. I have learnt my lesson and will no more open rlcreplay.com and its sister sites. I have noticed before this event that those sites try to offer as many pop-up ads as possible, but I was too naive to believe that there is also malware involved. Of course I hope that the videos that have been uploaded to such malware sites can instead be uploaded to the CC attachments center, which is nowadays too much filled up with pictures from Russian voyeur sites.

They got your computer fixed but they have compromised your system. They'll steal any Vital Information they can get such as Usernames, Passwords, Banking and Credit Card Information. They'll watch every keystroke your computer does and Monitor everything you do.  If you receive that type of message again just bring up your Task Manager and close the Browser Windows if that can't be done just use the Power Button and Shut the Computer down and Restart from a Cold Boot.

If you know how to Format a Hard Drive and Clean Install your Operating System that would be your best option. The Unconditional Formatting is the way to rid of it.A Quick Format only rids of the first and last parts of a Hard drive still leaving Vital Information accessible using certain Software's for Recovery purposes.

 If you don't know how to do it then you'll need to take it to a Computer Tech to get rid of what was installed on your computer and have a clean O/S installed. Leaving it as is will be one major headache you won't need.

[Guest]

Guys, thanks for the valuable advice. I googled WeTechConsultants after this event and found both positive and suspicious information. Therefore I immediately had my credit card closed. This morning I talked to my bank, but got assured that no intruder can get on my bank account through the Internet banking, as the password is in my wallet, and after the password the bank asks for a dispensable security number from my banking security card, which has 90 such numbers altogether, and I always get a new card when 20 numbers are left. Then I consulted my Computer Tech, he checked the company and the software I had bought - Malwarebytes Anti Malware plus Autoruns (Sysinternals), mbam-setup, JRT and MRT. He said that all this is OK, as well as the documents and receipt I received from WeTech, and having the IP address only is not enough for getting secretly into my systems and files.

Though it seems that everything is OK now, i follow your advice if similar messages appear, and I will never ever buy anything with my credit card in such circumstances, only in the normal protected payment systems. Thanks once again!

[Guest]

But don´t forget the original warning: the link to Leora bating video at rlcreplay.com caused the alarm. and during the fixing process that link came in sight. It was either the true reason or an organized sales method, but regardless of that, don´t go to that site!

[Foamy T. Squirrel]

Glad it worked out. Usually sites like rlcreplay.com are OK by themselves, but they sell advertisements which then become pop-ups or have links to a malicious virus or malware. It's an ugly world out here. I clean everything almost daily.

I also have a linux box, which I can easily restore quickly and without cost if it gets messed up. I really want to invite these creeps in to fix it some time. Just to fuck with their heads. They think everyone runs a PC; they speak English with an Indian accent; they are not to be trusted. You are not the only one who has been hit with hacking attacks. Many very advanced users on this board have experienced such misery. I consider it one of the main duties of Mods on this board to keep our Forum free of such scamish and hackish monsters so that they are not promulgated further. 

And no, Mr. Nigerian Prince, I will not give you my banking numbers so you can share your vast wealth with me. That's an old 419 scam. You were hit with #10 on this list:

https://www.lifewire.com/top-online-scams-153134

(link verified to be safe.)

[nack]

2 minutes ago, Foamy T. Squirrel said:

Glad it worked out. Usually sites like rlcreplay.com are OK by themselves, but they sell advertisements which then become pop-ups or have links to a malicious virus or malware. It's an ugly world out here. I clean everything almost daily.

I also have a linux box, which I can easily restore quickly and without cost if it gets messed up. I really want to invite these creeps in to fix it some time. Just to fuck with their heads. They think everyone runs a PC; they speak English with an Indian accent; they are not to be trusted. You are not the only one who has been hit with hacking attacks. Many very advanced users on this board have experienced such misery. I consider it one of the main duties of Mods on this board to keep our Forum free of such scamish and hackish monsters so that they are not promulgated further. 

And no, Mr. Nigerian Prince, I will not give you my banking numbers so you can share your vast wealth with me. That's an old 419 scam. You were hit with #10 on this list:

https://www.lifewire.com/top-online-scams-153134

(link verified to be safe.)

You have a problem with Indians.What are you talking about ?

[Foamy T. Squirrel]

I figured I'd be called on that.

I have no problem with honest Indians. They're all good people. Except a few who are corrupt as all hell.

But for months at a time, I get a phone call (yes, a land-line call) from some clown named Mark or John who is clearly not a Brit or a Canadian or an American or an Australian, telling me that they have detected a problem with my kum-put-or. They will fix it on line. They have done this incessantly for weeks. This scam has become such an embarrassment to the Indian Government that they have forcefully shut down some of these operations, arresting and detaining hundreds of people.

https://www.theguardian.com/technology/2012/oct/04/ftc-cracks-down-tech-support-scam

And yes, I have gotten the "You owe the IRS money or you will be arrested" scam for weeks at a time. Do a search and you'll see how that one has operations in India and has been raided many times. But then these clowns just move elsewhere and continue.

https://www.consumer.ftc.gov/blog/police-raids-india-cut-down-irs-imposter-calls

 

 

 

[timber]

2 hours ago, kalevipoeg said:

Guys, thanks for the valuable advice. I googled WeTechConsultants after this event and found both positive and suspicious information. Therefore I immediately had my credit card closed. This morning I talked to my bank, but got assured that no intruder can get on my bank account through the Internet banking, as the password is in my wallet, and after the password the bank asks for a dispensable security number from my banking security card, which has 90 such numbers altogether, and I always get a new card when 20 numbers are left. Then I consulted my Computer Tech, he checked the company and the software I had bought - Malwarebytes Anti Malware plus Autoruns (Sysinternals), mbam-setup, JRT and MRT. He said that all this is OK, as well as the documents and receipt I received from WeTech, and having the IP address only is not enough for getting secretly into my systems and files.

Though it seems that everything is OK now, i follow your advice if similar messages appear, and I will never ever buy anything with my credit card in such circumstances, only in the normal protected payment systems. Thanks once again!

I'm glad you made sure your card is secure, but the advice you received from your tech is bad. 

In your original post you said that:

Quote

I called and explained the problem, and the technician started asking questions and then took a connection to my computer. He went through the system - sometimes I needed to translate what I see in my language - and showed me all the problems, plenty of them!

I assume that when you called whatever number was listed in the popup message they told you to install some program that allowed the 'technician' to remotely access your computer. There are a number of programs that can do this, but one of the most common is called TeamViewer. The important thing to understand is that if this program is still running on your computer (and it probably is), they can access it whenever it is connected to the internet and do whatever they want to it (install new programs, go through your files, etc).

Beyond that, just because the names of the programs that they installed on your computer are the same as the names of legitimate programs (MalwareBytes, etc) doesn't mean that the actual files they installed are legitimate. It's not hard to bundle spyware/trojans into the same executable file as a real program.

Just based on the fact that you got the number for this company from a popup window on a porn site, I can assure that they are in no way legitimate. Microsoft and Microsoft certified companies would never contact you like this. 

This is a common scam. Here are some threads from Microsoft's own website addressing similar situations (the numbers and company names change frequently since it's a scam): 

https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/pop-up-notice-from-microsoft-i-allowed-remote/221b598f-86f1-46f1-8512-ad9c095571a2

https://answers.microsoft.com/en-us/windows/forum/windows8_1-security/pop-up-saying-that-microsoft-system-alert-call-to/3a8a1f11-1977-4976-9c07-e20670d93f73

https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/a-system-alert-page-official-microsoft-supprtcame/6f806d04-77e1-4bf7-8542-e1b917263b35

https://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/computer-hacked/40b93b97-2e95-4492-aa28-f77fb8cbdd5a

https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/warning-in-a-pop-up/b6123a01-c809-4e22-9f3d-5f56ab75e17d

https://answers.microsoft.com/en-us/windows/forum/windows_vista-security/phone-warnings-from-microsoft-re-my-system-has/9a507804-3c85-40fa-b319-95bf3d956624

 

The best way to make sure that your computer is not compromised is to reformat the hard drive and reinstall the operating system/programs. It's a pain in the ass, but it's probably the only way to be sure.

[Foamy T. Squirrel]

Thank you Timber. It's nice to know that we have some very smart people here who know their computer stuff and are willing to help fellow members out with these issues. We're all brothers and sisters here.