Call from a customer today on an Apple mac who had a screen claiming to be from Microsoft Security Essentials saying that their computer was infected.
Looks like an advert on putlocker (a TV and film streaming site) brought up this junk.
http://criticalsystemerrors.info/crt/uk_seg2603/micr_essen1_5480/index.html
The domain is registered via a privacy protection service and the site is hosted at OVH in France.
The domain does seem to be associated with bhupendra.kalambe@googlemail.com
This e-mail address is also associated with a few domains:
mamotechnolabs.com – A web development company in India. [Whois]
dotphi.com – A web development company in India. [Whois]
http://www.preranatechnologies.net/ – An outsourcing support and web design company in, you guessed it, India! I will follow this thread on further down in “Additional 2” section.
It won’t let you close the web page and if you force quit Safari, Safari helpfully remembers the site you were on and loads it again on next launch.
It requests you call “0-800-088-5480” aka. 08000885480 or +448000885480.
I solved it by force quitting Safari and loading it and constantly pressing Escape to try and prevent the junk page from loading.
When called they want you to load teamviewer.
The remote control software seemed to use the IP 202.63.103.20 “s-20-103-63-202.southernonline.net” in Hyderabad, India
One other page referenced was fixmypc.help where they tried to take payment.
This site lists “1-866-921-7786” as their phone number (18669217786 / (866)9217786) and their postal address as:
2950 W Cypress Creek Rd,
Fort Lauderdale, FL 33309
Additional 2 Section:
A domain I came across earlier, preranatechnologies.net, seems to also link to “thekonqueror@gmail.com” which leads to even more dodgy establishments and support companies…
http://www.coderedtechsupport.com/contacts.html – A dodgy looking support company website listing their details as:
1200 Route 22 East
suite 2000
Bridgewater
NEW JERSEY
08807
United States of America
P: 1-888-241-5244
http://ihelpteq.com/ – A dodgy looking support company website listing their details as:
1-800-287-3613
10685-B Hazelhurst Dr. # 14975
Houston, TX 77043 USA
Update 27th June 2015:
I called these people today to see what would happen.
A domain, 121techhelp.com, cropped up that I’ve seen before too! These people probably also run the Yahoo support scam and are posting on the Yahoo forums to gain victims.
121techhelp.com
Registrant Name: Kamal K
Registrant State/Province: Delhi
Registrant Postal Code: 110034
Registrant Country: India
Registrant Phone: +91.9213987675
Registrant Email: globalcubes123@yahoo.com
Other references (IP) to gautam.bsw@gmail.com which I’ve also seen in that Yahoo scam!
If they call you back their caller ID is 02088982898 (aka. 020 8898 2898 or 0208 898 2898).
They give their phone number to call, after paying, as 02921680065 (aka. 029 2168 0065 or 0292 168 0065).
They create an icon on your computer called Global Cubes (www.globalcubes.com)
Domain registered by a privacy service but it does leak:
gautam@chariotinfotech.co.in
They also used the domain quickpcsol.com
Registrant Name: DEEPAK VERMA
Registrant Street: Plot No. 30, vardhman market plaza
Registrant State/Province: Delhi
Registrant Postal Code: 110034
Registrant Country: India
Registrant Phone: +91.9999634063
Registrant Email: deepak_accostings@hotmail.com
This domain has relations with gautam@chariotinfotech.co.in too.
thecomputerperson 
Hi. I just googled this and found your blog. I just had the same message. I guess I am safe just to delete the webpage and forget about it?
Absolutely.. Close the page / end task on the browser and then continue as normal but try to avoid whatever website popped up that message as they are clearly not vetting their advertisers enough or got hacked.
Thanks….this was slightly convincing. I should of known better :) Great blog btw. Very helpful. I am always googling to check if things are scams, and finding this was very reassuring :)
Hi. This happened to me today. Ive tried force quitting and escape. Restarted… nothing it making it go away. I don’t know what else to do :(
P.s mine is on a mac
All I can find is someone on the internet saying you type this into “Terminal”…
defaults write com.apple.Safari NSQuitAlwaysKeepsWindows -bool false
I called the number and I was on the phone for 30 mins but i never gave them my any details when they asked for me to buy the software. will I have been hacked they gave me a authentication password so they could go on my screen but nothing more, i have uninstalled hte software since, should I be worried? will they have reeped up a big p[hone bill costs? I have since downloaded virus software?
As long as you have removed TeamViewer or whatever remote software they used you should be ok. None of these scams that I have seen so far have stolen details from the victims computer, they simply try to trick the user into paying for software or services they don’t need. I recommend downloading and installing Avast Free antivirus from the official avast website (don’t click an advert at the top of google! often adverts for unofficial sites which give you crap too).
Same thing has come up on my laptop an lenova. What
can I do to get rid of it?
You can probably simply just start –> shutdown and turn off the computer.
Or hold down the power button for about 20 seconds and then turn the laptop back on.
When you go back into the internet make sure you DON’T click any option to “restore last browsing session” as this will just bring the fake advert back up again.
Pingback: Fake Yahoo! Mail Support on their own forums! | thecomputerperson
March 2016 and they are still trying the scam with the same 0800 number !!!!
Pingback: Musing of me - Depicus