Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,484
    Thanks
    38
    Thanked 367 Times in 320 Posts

    SCAM: ZFSendToTarget=CLSID\{888DCA60-...

    About 7:30PM I received a phone call from a fellow w/ a mild Indian accent who said he was calling from my ISP's "Support Department" because they had detected that my computer was "downloading malicious software and needs to be cleaned up". That immediately raised a warning flag for me but I wasn't busy so decided to string him along to see what would happen.

    He asked me to open "Event Viewer" and go to "Custom Views\Administrative Events". When asked I told him there were 4,448 errors and warnings listed; he (predictably) spruiked on for a minute-or-two trying to convince me 4,448 errors and warnings is somehow a huge number. But when I told him that those 4,448 errors and warnings go back to mid-August 2016 he changed tack and said he would pass the call to his supervisor.

    His supervisor came on the line within a few seconds (too quick, a further sign of a scam) and made further attempts to convince me that the 4,448 errors and warnings constituted a serious problem that needed to be fixed, but when I asked him what specific errors/warnings actually meant he responded by changing tack.

    The "supervisor" then asked me to open a command prompt (Win+R, type cmd in the Run box) then type assoc then press enter, which of course displayed a list of file associations. He had me scroll down to the bottom of the list and look for a long entry that started with "ZFSendToTarget". He then said he would prove he was with my ISP's Support by reading back to me my computer's unique ID (???).

    Indeed, what he read back to me was "888DCA60-FC0A-11CF-8F0F-00C04FD7D062" which matched what was listed in my command prompt window. He continued to insist that the number was my computer's unique ID even after I told him I have been a computer technician since 1998 so knew that "ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" has to do with the file association for ZIP (compressed) files and that the "888DCA60-FC0A-11CF-8F0F-00C04FD7D062" number is definitely not unique to any particular Windows system; in fact it is universal since WinXP.

    He was still blathering on insisting that it was my computer's unique ID when I cut in and told him to not call my number again and hung up. Immediately after I hung up my phone rang out then immediately began ringing again about eight times before they gave up.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    Confuscius said: "no use running harder if you're on the wrong road" and "any problem once correctly understood is already half-solved".

  2. The Following 2 Users Say Thank You to Coochin For This Useful Post:

    brino (2017-01-27),High Sierra (2017-08-21)

  3. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    9,122
    Thanks
    64
    Thanked 1,125 Times in 1,048 Posts
    They are nothing if not determined - must be on commission.

    cheers, Paul

  4. #3
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,308
    Thanks
    336
    Thanked 248 Times in 202 Posts
    It's good that you wasted some of his time also, maybe that saved some one else.

  5. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    5,116
    Thanks
    188
    Thanked 727 Times in 640 Posts
    Yes, .ZFSendToTarget has been used by scammers for more than six years: PC Support Security Scams – ZFSENDTOTARGET CLSID Trick

    But it does seem particularly popular down under: Scam Alert - Australia

  6. The Following User Says Thank You to BruceR For This Useful Post:

    brino (2017-01-27)

  7. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    9,122
    Thanks
    64
    Thanked 1,125 Times in 1,048 Posts
    Aussies are known to be susceptible to such things, can't even spell beer, they just write XXXX.

    cheers, Paul

  8. #6
    Star Lounger
    Join Date
    May 2011
    Posts
    86
    Thanks
    2
    Thanked 3 Times in 3 Posts
    I demand to know their name, then explain they've call the police hot line and to report a crime, they must give me their name and address. The call does not last long.

  9. The Following User Says Thank You to robertpri For This Useful Post:

    brino (2017-01-27)

  10. #7
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,923
    Thanks
    111
    Thanked 145 Times in 142 Posts
    On a related note, when I see on the Caller ID a number I do not want to answer, I quickly press the green button and immediately press the red button, the call is gone -- and the ringing of the phone is gone.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/
    Backup, backup, backup! -- Lady Fitzgerald (sevenforums)
    Clone or Image often! Backup, backup, backup, backup... -- RockE (Windows Secrets Lounge)

  11. #8
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    651
    Thanks
    49
    Thanked 112 Times in 107 Posts
    Quote Originally Posted by RolandJS View Post
    On a related note, when I see on the Caller ID a number I do not want to answer, I quickly press the green button and immediately press the red button, the call is gone -- and the ringing of the phone is gone.
    I don't have colored buttons. I describe my actions as "answering" (off-hook) and hanging up (on-hook). Is that what you're suggesting?
    Clone or Image often! Backup, backup, backup, backup...
    - - - - -
    Home Built System: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB DDR3 RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek High Definition Audio

  12. #9
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,923
    Thanks
    111
    Thanked 145 Times in 142 Posts
    RockE, yes, it's the answer button and the hang-up button; not the best solution, however, it does eliminate the ringing, especially when others are resting.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/
    Backup, backup, backup! -- Lady Fitzgerald (sevenforums)
    Clone or Image often! Backup, backup, backup, backup... -- RockE (Windows Secrets Lounge)

  13. #10
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    651
    Thanks
    49
    Thanked 112 Times in 107 Posts
    Not long ago I bought an answering system (base, chargers and five cordless handsets) for a client. That system allows adding phone numbers to a sort of "rejection" list. The handsets sometimes ring once but that's all (if the calling number is in the list). I'm thinking that I may replace my own system with one like that.

  14. #11
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,923
    Thanks
    111
    Thanked 145 Times in 142 Posts
    RockE, if you find one for household/small office, please send me a PM with the URL and your walk-away cost, thanks!
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/
    Backup, backup, backup! -- Lady Fitzgerald (sevenforums)
    Clone or Image often! Backup, backup, backup, backup... -- RockE (Windows Secrets Lounge)

  15. #12
    Lounger akjudge's Avatar
    Join Date
    Jan 2014
    Posts
    45
    Thanks
    1
    Thanked 8 Times in 7 Posts
    Roland,

    I bought a Panasonic (KX-TGE series) wireless phone at Sam's Club that has Call-Blocking (does what RockE was describing). The Panasonic came with a base station (Answering machine) and 5 wireless hand units all for less than $100.

    Googling (call blocking phones) should give you plenty of options.

    Jim

  16. #13
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,923
    Thanks
    111
    Thanked 145 Times in 142 Posts
    akjudge, bookmarking/carting for future reference, thanks!
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/
    Backup, backup, backup! -- Lady Fitzgerald (sevenforums)
    Clone or Image often! Backup, backup, backup, backup... -- RockE (Windows Secrets Lounge)

  17. #14
    New Lounger
    Join Date
    Aug 2017
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Arrived today in Holland !!

    Quote Originally Posted by Coochin View Post
    About 7:30PM I received a phone call from a fellow w/ a mild Indian accent who said he was calling from my ISP's "Support Department" because they had detected that my computer was "downloading malicious software and needs to be cleaned up". That immediately raised a warning flag for me but I wasn't busy so decided to string him along to see what would happen.

    He asked me to open "Event Viewer" and go to "Custom Views\Administrative Events". When asked I told him there were 4,448 errors and warnings listed; he (predictably) spruiked on for a minute-or-two trying to convince me 4,448 errors and warnings is somehow a huge number. But when I told him that those 4,448 errors and warnings go back to mid-August 2016 he changed tack and said he would pass the call to his supervisor.

    His supervisor came on the line within a few seconds (too quick, a further sign of a scam) and made further attempts to convince me that the 4,448 errors and warnings constituted a serious problem that needed to be fixed, but when I asked him what specific errors/warnings actually meant he responded by changing tack.

    The "supervisor" then asked me to open a command prompt (Win+R, type cmd in the Run box) then type assoc then press enter, which of course displayed a list of file associations. He had me scroll down to the bottom of the list and look for a long entry that started with "ZFSendToTarget". He then said he would prove he was with my ISP's Support by reading back to me my computer's unique ID (???).

    Indeed, what he read back to me was "888DCA60-FC0A-11CF-8F0F-00C04FD7D062" which matched what was listed in my command prompt window. He continued to insist that the number was my computer's unique ID even after I told him I have been a computer technician since 1998 so knew that "ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" has to do with the file association for ZIP (compressed) files and that the "888DCA60-FC0A-11CF-8F0F-00C04FD7D062" number is definitely not unique to any particular Windows system; in fact it is universal since WinXP.

    He was still blathering on insisting that it was my computer's unique ID when I cut in and told him to not call my number again and hung up. Immediately after I hung up my phone rang out then immediately began ringing again about eight times before they gave up.
    They have found us now. Thank you for your good description and warning

  18. #15
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    651
    Thanks
    49
    Thanked 112 Times in 107 Posts
    "They" are legion and never seem to stop in their efforts to scam folks.
    In a similar situation about four days ago a male voice, with what I assumed to be either an Indian or Pakistani accent, immediately launched into a somewhat anxious barrage of words when I cautiously spoke "Hello" into the receiver (the Caller ID showed "Invalid Number 1-640-932-2784").
    His first six or seven sentences were delivered so rapidly that it seemed he could hardly wait to convince me to allow him to connect to my computer remotely. His initial sentence included his name (supposedly), and some bogus relationship to Microsoft as a support person.

    Me: No, my friend I think you have misidentified yourself! It is my firm belief that you are simply a crook.

    He: What makes you say such a thing? I have properly identified myself and I am calling to tell you that your computer has a problem. That problem has resulted in our network identifying the computer at your location, and we have instructions to help rid your computer of infections. This is really serious! Please just listen and I will help you.

    Me: No, I am fully aware of the status of all my computers here, and you are undoubtedly just a crook. You and the people you work with may not be able to find proper employment, but all of you are nevertheless just scum.

    He: No response other than a 'click" as he disconnected.

    In hindsight I should have strung the guy along for as long as I could I suppose. However he caught me at a time when I was shopping online and I didn't want any interruptions. Perhaps I will be better prepared next time.
    Last edited by RockE; 2017-08-13 at 16:53. Reason: changed a word
    Clone or Image often! Backup, backup, backup, backup...
    - - - - -
    Home Built System: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB DDR3 RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek High Definition Audio

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •