Complaint from a customer today about a popup when they were browsing the internet.
** YOUR COMPUTER HAS BEEN BLOCKED **
Error # 268D3
Please call us immediately at: 0-808-238-7541
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a virus and spyware. The following information is being stolen…
> Credit Card Details
> Email Account Login
> Photos stored on this computer
You must contact us immediately so that our engineers can walk you through the removal process over the phone Please call us within the next 5 minutes to prevent your computer from being disabled.
Toll Free: 0-808-238-7541
A user name and password are being requested by http://theokalam.com. The site says. System Alert!! Your mozilla browser has been blocked to to suspicious behaviour from your IP address. Call microsoft security at 0-808-238-7541
Victims are being asked to call “0-808-238-7541” aka. 08082387541, +448082387541 or “0808 238 7541”
The start of the encoded “script:” in the page that obscures the real URL (a new trick, see here for the first time I saw it) says “winfirewallwarning.in” but isn’t the site currently being used.
This domain is currently showing as registered to..
Registrant Name: Tarun singh shekhawat
Registrant Street: 7/140, malviya nagar
Registrant City: jaipur
Registrant State/Province: Rajasthan
Registrant Postal Code: 302021
Registrant Country: IN
Registrant Phone: +91.8239555541
Registrant Email: firstname.lastname@example.org
The IP address the website is hosted on an IP which also hosts:
– kanikajewellers.com – A site seemingly containing some phishing code.
– radialrust.com – a website and app development company in India.
– techpcsolution.com – Now we are getting somewhere.. a tech support company showing a US address on their website and a US number ((855) 765-6710) but the whois shows an Indian address.
Please read the reply from radialrust here about how they came to be involved in the hosting of the bad pages..
Additionally the same “email@example.com” email address is associated with the following expired domains:
Even further the telephone number “91.856189109” is associated with:
winfirewallwarning.in [22.214.171.124] and also related winfirewallwarning1.in:
I’ve moved information about these scammers to their own page.
Hello,i got this same popup and i phoned last night,i allowed them to access my computer…they asked for money to fix my computer but thank god my card was declined..I phoned my bank and advised me to block my card so i did…My concern is whether they took any of my work/data files of my book/music etc…I have run a scan of my computer and i have found no threat at all….My bank said i should take my computer in to see if there is any thing on it….
Exactly the same happened to me and I let them access my computer, it looked like they was running some tests?? I realised as it seemed a bit suspicious when he asked for more information and I put the phone down! I’m just worried if they have got any information just from accessing my computer!?
While connected they would have access to anything on your computer but from most of these scams they don’t seem to access personal files. Their priority seems to be to try and trick you into paying for a service you don’t need.
Only once have I seen them extract personal details and photos but this was also a different scam where they made the victim send Moneygram and Western Union payments rather than trying to sell a computer fixing service.
I’ve had this pop up come up but it has blocked my browser and every time I turn my Mac on it keeps coming up and I can’t go on the Internet? How do I get rid of it? Can anyone help me?
Pingback: All In One Tech Support Pvt. Ltd. / allinonetech.net Tech support scammers and liars. | thecomputerperson
For Ben James or anyone who’s got problems, go to control panel and delete the program go to assist, I uninstalled and that’s how I got rid. Go to task manager and end task and remove it.
Pingback: “Your Computer Has Been Blocked” Tech Support Scam Browser Popups – Hoax-Slayer 2G
Hello, kindly check the website radialrust.com , you have listed are not related to any of these websites , we are web development, advetising and media , application development company . The domain names and hosting services( Shared hosting) were provided by our company to allinonetechsupport pvt ltd as we work in web development field , and we have taken all the security measures to remove all the malicious content to avoid further scams by these type of companies and have tighten the security and have taken them down. We request you to kindly edit or remove the post and the names ,adresses , phone and emails included and reinvestigate the original defaulter. Many a thanks.