ussoftwaresolutionsinc.com fake virus warning message and tech support liars.

Another day and another, what I feel to be, scam tech support company. This time I can attribute them to at least 100 fake virus warning sites and domains.

This time a message pops up when a victim is browsing (in the case I saw) TV streaming websites.

The scam warning was on “http://computerproccesseal.club/?source=70790_600680_  ” but it looks like many other domains are also involved.

us software solutions scam warning.png

The message reads:

0x80070424 Warning: Activation Key Damaged!!! Call Help Desk:

** YOUR COMPUTER HAS BEEN BLOCKED **

Error # 268D3

Please call us immediately at: +44-800-090-3856
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.

Your computer has alerted us that it has been infected with a virus and spyware. The following information is being stolen…

> Facebook Login
> Credit Card Details
> Email Account Login
> Photos stored on this computer
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your computer from being disabled.

Toll Free: +44-800-090-3856

The telephone number used in this scam is a UK number of 0800 090 3856 aka. +448000903856 or 08000903856).

A small javascript file controls the telephone number that shows on the scam warning.

If these tech support liars call you back their caller ID shows as +18443073377

Needless to say the message is a lie, there is no infection the computer and the computer access (other than the scam message) will not be blocked.

When the victim calls up they are given the standard scam tech support routine of being shown the “scary errors” in event viewer and stopped services in msconfig (all normal!)

Their fixes (of which they charge £199) seem to be.

1) Running a .bat file to clear the event viewer history. (“Win 7 Viewer.zip” containing “Win 7 Viewer.bat”)

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit

2) Running SuperAntiSPYWARE to close the web browsers and clean cookies.
3) Installing CCleaner..

Entirely not worth it and their initial sales pitch about infections, firewalls and risks are fiction.

The company who tried to take payment are:

https://www.ussoftwaresolutionsinc.com/
aka. “US Software Solutions Inc.” or “ALW*ussftwrsolution8882551137”.

The domain I came across has the following whois information:

Registrant Name: Ajay Kumar
Registrant Street: C-45, Sec- 5
Registrant City: Noida
Registrant State/Province: Uttar Pradesh
Registrant Postal Code: 201301
Registrant Country: IN
Registrant Phone: +91.8802175217
Registrant Email: kidanumer8171@gmail.com

Other domains related to this scam are:
Hosted on the same IP at GoDaddy..

macintosh-security-warning.info
windows-error.co (an active fake virus warning page listing +1-800-737-7785 as the number to call and error code ERR7343DYJ6)
computerprocceslocksmiths.club (a copy of the original scam warning that I’ve posted at the top of this page).
computerprocceslock.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerprocceslock.club (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
processorprocceslock.club
computerproccessecure.club (an active fake virus warning page listing +44-800-090-3846 as the number to call and error S47452D aimed at Mac users)
computerprocceslockservice.club (an active fake virus warning page listing +1-844-564-0211 as the number to call and error S47452D aimed at Mac users)
computerprocceslocks.club (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
pcprocceslock.online
computermycceslock.club (an active fake virus warning page listing +1-888-417-0191as the number to call and error 268D3)
computerproccesseal.online
computerbolt.online (an active fake virus warning page listing +1-888-328-0520 as the number to call and error 268D4 aimed at Mac users)
computerprotection.online
computerprotectionhub.online
computerlocksmiths.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerprotectionworld.online (an active fake virus warning page listing +1-888-608-9575 as the number to call and error 268D3)
computerprotectionservices.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerlock.online (an active fake virus warning page listing +1-888-328-0781 as the number to call and error 268D5 aimed at Mac users)
computerprotectiongroup.online (an active fake virus warning page listing +44-808-238-7566 as the number to call and error 268D3)
processorlock.online (an active fake virus warning page listing +61-180-094-0864 as the number to call and error 268D3)
computersecure.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerlockweb.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerclamp.online (an active fake virus warning page listing +1-888-328-0781 as the number to call and error 268D5)
computerprotectionweb.online (an active fake virus warning page listing +1-888-608-9575 as the number to call and error 268D3)
computerprotectionreviews.online (an active fake virus warning page listing +1-888-328-0466 as the number to call and error S47452D aimed at Mac users)
computerpadlock.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerprotectionstar.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerprotectiontech.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerprotectionzone.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerprotectionhome.online (an active fake virus warning page listing +44-800-090-3856 as the number to call and error 268D3)
computerlockbox.online (an active fake virus warning page listing +1-888-430-9671 as the number to call and error 268D5)
computerlocks.online
computerlockpro.online (an active fake virus warning page listing +61-1800-990-328 as the number to call and error 268D4)
computerlockshop.online (an active fake virus warning page listing +61-1800-940-864 as the number to call and error 268D3)
computerprotectionsystems.online (an active fake virus warning page listing +44-800-090-3846 as the number to call and error 268D3)
computerprotectionnow.online
computer-lock.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
computerlockservice.online
computerprotectionpro.online (an active fake virus warning page listing +1-888-328-0471 as the number to call and error 268D3)
pcvirusalertsystem.today
technicalserrors.online (an active fake virus warning page listing +61 (1800) 893-775 as the number to call and error 268D3) (also related to an Amazon s3 hosting account “technicalserrors.online.s3-website-us-west-2.amazonaws.com”)
safari-infected-with-malwares.s3-website-us-west-2.amazonaws.com (an active fake virus warning page listing +44-800-098-8642 as the number to call and error XX00x1)
pcnetworktrustytrusty.online (an active fake virus warning page listing +1-888-328-0471 to call and error code S47452D)
alertatpc.website
recheck-mac-service.com (an active fake virus warning page listing +64-1800-894-043 as the number to call and error 9ADX400)
pcnetworksteadfastcloud.online (an active fake virus warning page listing +61-1800-940-864 as the number to call and error 268D3)
pcnetworktrustycloud.online (an active fake virus warning page listing +1-888-328-0466 as the number to call and error 268D#3)
pcsystemauthenticcloudservices.online (an active fake virus warning page listing +61-180-094-0864 as the number to call and error 9ADX400)
debuggingerrorinterrupt.club (an active fake virus warning page listing +61-1800-940-864 as the number to call and error 268D3)
pcnetworkreliablecloudservices.online (an active fake virus warning page listing +1-844-564-0211 as the number to call and error 268D#3)
safarifaults.club (a fake apple support “Your mac has been blocked” page listing +44-8000-988-382 as the number to call and error 8UXK307)
pcnetworksteadycloud.online (fake virus warning page listing +1-888-328-0466 as the number to call and error 268D#3)
netservicesupport.website (fake virus warning page listing +1-8777-993-986 as the  number to call and error 9XAX401)
debugginginterrupt.club (fake virus warning page listing +61-1800-875-586 as the number to call and error 9ADX400)
systemexpert.online (fake virus warning page listing +61 (1800) 893-775 as the number to call and error 268D3)
mclimaxasurment.club (fake virus warning page listing +1-877-231-7887 as the number to call and error S47452D)
alertatpc.space
geekcrew.online
computermalwareissue.space
recheck-mac-service.info (fake virus warning listing +61-1800-894-043 as the number to call and error 268D3)
geekcrewservices.club
geekteam.online
supportsupport.online (fake virus warning listing +1-877-937-6922 and +61-1800-940-864 as the numbers to call and errors S47452D and 0x80070424
networkalertnetwork.club (fake virus warning listing +61-1800-894-043 as the number to call and error 268D3)
pcmethodreliablecloudcomputing.online (fake virus warning listing +1-877-231-7887 as the number to call and error 268D#3)
macsystemmeasurwoment.club (fake virus warning listing +1-844-564-0211 as the number to call and error 268D3)
macsystemuseasurment.club (fake virus warning listing +1-844-564-0211 as the number to call and error 268D3)
macsystemusasurment.club (fake virus warning listing +1-844-564-0211 as the number to call and error S47452D)
systemreliablecloudstorage.online (fake virus warning listing +1-844-564-0211 as the number to call and error 268D3)
hxxp://www.supportsupportnetwork.online (fake virus warning listing +1-844-669-3961 as the number to call and error 9XAX400D)
recheck-mac-service.org (fake virus warning listing +61-1800-990-328 as the number to call and error 268D3)
pcgeeksquad.club
systemreliablecloudservices.online (fake virus warning listing +1-844-564-0211 as the number to call and error 354#D7)
techhelp.club (fake virus warning listing +44-8000-988-382 as the number to call and error 8UKX307)
pcassist.online (fake virus warning listing +1-844-669-3961 as the number to call and error 9XAX400D)
methodexpert.online (fake virus warning listing +61-1800-661-980 as the number to call and error 268D3)
pcaid.online (fake virus warning listing +1-844-669-3961 as the number to call and error 268D3)
expert-system-solutions.net (fake virus warning listing +61 (1800) 893-775 as the number to call and error 268D3)
computermeasurmentmart.club (fake virus warning listing +1-844-669-3961 as the number to call and error 9XAX400D)
computermeasurmenthub.club (fake virus warning listing +1-844-669-3961 as the number to call and error 9XAX400D)
xdebugging.club (fake virus warning listing +1-844-669-3961 as the number to call and error 268D3)
somedebugonmycomputer.club (fake virus warning listing +44-8000-988-382 as the number to call and error 8UXK307)
someerroronmypc.club (fake virus warning listing +1-844-669-3961 as the number to call and error 9X#X400D)
hxxp://www.mymacinterrupt.club (fake virus warning listing +1-844-669-3961 as the number to call and error 268D3)
funmaxsteel.club (fake virus warning listing +44-8000-988-382 as the number to call and error 8UXK307)
pcdebuggingerrorinterrupt.club (fake virus warning listing +1-844-669-3961 as the number to call and error 268D3)
alertatpc.online
visitnewyorkcity.club (fake virus warning listing +44-8000-988-382 as the number to call and error 8UXK307)
systemalertsystems.club (fake virus warning listing +1-844-669-3961 as the number to call and error 9XAX400D)
machelpexpert.online (fake virus warning listing +1-844-669-3961 as the number to call and error S47452D)
macbackupexpert.online (fake virus warning listing +1-844-669-3961 as the number to call and error S47452D)
saffaribrowser.com (fake virus warning listing +61 (1800) 157-009 as the number to call and error 268D3)
expert-system-solutions.org (fake virus warning listing +61 (1800) 661-980 as the number to call and error 268D3)
expert-system-solutions.info (fake virus warning listing +61 (1800) 893-775 as the number to call and error 268D3)
mac-safari-repair.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1 (844) 412-6929 as the number to call)
mac-supports.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-844-856-0111 as the number to call)
supportllc.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-844-412-6929 as the number to call)
error-code-229s4.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-844-412-6929 as the number to call)
shop-for-sale.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-844-856-0111 as the number to call and error 268D3)
trackingfacebookfuntime.club.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-844-856-0111 as the number to call and error 268D3)
gamezonly.space.s3-website-us-west-2.amazonaws.com (fake virus warning listing +61 (1800) 893-775 as the number to call and error 268D3)
technicalserrors.online.s3-website-us-west-2.amazonaws.com (fake virus warning listing +61 (1800) 893-775 as the number to call and error 268D3)
trackingfacebookads.club.s3-website-us-west-2.amazonaws.com (fake virus warning listing +61 (1800) 893-775 as the number to call and error 268D3)
mac-alert-38107.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-844-717-2444 as the number to call and error 268D3)
pcnetworkreliablecloudcomputing.online (fake virus warning listing +1-844-231-7887 as the number to call and error 268#D3)
pcnetworkreliablecloudhosting.online (fake virus warning listing +1-888-328-1037 as the number to call and error 268#D3)
macmeasurhombrest.club (fake virus warning listing +1-844-564-0211 as the number to call and error 9XW#X400D)
macmeasurmentpro.club (fake virus warning listing +1-844-564-0211 as the number to call and error S47452D)
macplanreliablecloud.online (fake virus warning listing +1-844-564-0211 as the number to call and error CM74#2D)
macsystemreliablecloud.club (fake virus warning listing +1-844-564-0211 as the number to call and error S47452D)
pcservicecompany.online (fake virus warning listing +1-844-590-7988 as the number to call and error S47452D)
methodsupport.club (fake virus warning listing +44-800-088-5641 as the number to call and error S47452D)
computerseal.online fake virus warning listing +44-800-088-5641 as the number to call and error S47452D)
macsystemsteadycloud.online (fake virus warning listing +1-844-590-7989 as the number to call and error 268D3)
systemalarm.club (fake virus warning listing +1-844-590-7992 as the number to call and error 268D3)
computerprotectioncenter.online (fake virus warning listing +1-888-328-0471 as the number to call and error 268D3)
cpudebuggingerrorinterrupt.club (fake virus warning listing +1-888-871-6288 as the number to call and error 268D3)
systemexpert.website (fake virus warning listing +61-1800-893-775 as the number to call and error 9ADX400)
cpidebuggingerrorinterrupt.club (fake virus warning listing +1-844-590-7989 as the number to call and error 9#XWX400D)
edge-not-working.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-888-328-0471 as the number to call and error 268D3)
pcsteadycurrent.online (fake virus warning listing +1-888-328-0471 as the number to call and error 268D3)
window-error.s3-website-us-west-2.amazonaws.com (fake virus warning listing +1-888-328-0471 as the number to call and error 268D3)
macsystemreliablecloudservices.online (fake virus warning listing +1-888-328-0471 as the number to call and error 268D3)
pcsteadycurrent.online (fake virus warning listing +1-888-328-0471 as the number to call and error 268D3)
supportsupportservices.online (fake virus warning listing +1-844-590-7989 as the number to call and error 268D3)
pcsteadynow.online (fake virus warning listing +44-800-090-3848 as the number to call and error 268D5)
computerinterruptdebuggingexcess.club (fake virus warning listing +1-844-590-7989 and +1-877-937-6922 as the numbers to call and errors S47452D and 0x80070424)
gomicrosoft-errors.website and gomicrosoft-errors.website.s3-website-us-west-2.amazonaws.com (fake virus warning listing +44 (8000) 988-382 as the number to call and error XX00x1 and the full error shown below..)

System Detected Security Error (Error Code : XX00x1) Due to Suspicious Activity. Please Contact MAC Technicians For Help :
‘+ tollfree +’ . Please contact MAC technicians to rectify the issue.
Please do not open internet browser for your security issue to avoid data corruption on your registry of your omacusating system. Please contact MAC technicians at

Tollfree Helpline at ‘+tollfree+’

Tell customer service this error code : XX00x1

PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILIURE OF OPERATING SYSTEM , HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS . CONTACT MAC technicians TO RESOLVE THE ISSUE ON TOLL FREE – ‘+tollfree+’

PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILIURE OF OPERATING SYSTEM , HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS . CONTACT MAC technicians TO RESOLVE THE ISSUE ON TOLL FREE – ‘+tollfree+’. Please contact MAC technicians to rectify the issue.
Please do not open internet browser for your security issue to avoid data corruption on your registery of your omacusating system. Please contact MAC technicians at

Tollfree Helpline at ‘+tollfree+’

Tell customer service this error code : XX00x1

PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILIURE OF OPERATING SYSTEM , HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS . CONTACT MAC technicians TO RESOLVE THE ISSUE ON TOLL FREE – ‘+tollfree+’

PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILIURE OF OPERATING SYSTEM , HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS . CONTACT MAC technicians TO RESOLVE THE ISSUE ON TOLL FREE – ‘+tollfree+’.

supportsupport247.club (fake virus warning page listing +61-1800-940-863 as the number to call and the warning message shown below..)

Microsoft System Security Alert

Oops !! Something went wrong with your Unknown OS Platform

Dear Unknown User,

The Website you have recently visited may have downloaded the Malware and Virus on your Unknown OS Platform system.

Microsoft Defender is Suspicious about your Unknown OS Platform System Security.

Your TCP Connection Was Blocked by Your Unknown OS Platform Security System. Your Unknown OS Platform and Internet Explorer has been locked untill we may hear from you to immediately fix this issue.

Please Contact Microsoft Unknown OS Platform Help Desk

——————————————————————-
Customer Support : +61-1800-940-863 (TOLL-FREE)
——————————————————————-

********** IMMEDIATE RESPONSE REQUIRED **********

Please contact network administration to rectify the issue.
Please do not open internet browser for your security issue to avoid data corruption on your registery of your operating system Unknown OS Platform. Please contact Unknown OS Platform network administration department at +61-1800-940-863 (TOLL-FREE)

Virus Info:
A Trojan horse, or Trojan, in computing is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.

A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. The Trojan and backdoors are not themselves easily detectable, but if they carry out significant computing or communications activity may cause the computer to run noticeably slowly. Malicious programs are classified as Trojans if they do not attempt to inject themselves into other files (computer virus) or otherwise propagate themselves (worm).

A computer may host a Trojan via a malicious program a user is duped into executing files or browsing internet.
Please contact network administration department at +61-1800-940-863 (TOLL-FREE)

Expired domains or also associated and suspicious are:

sincronizarsantander.info – Santander are a bank.
click4support.biz
click4support.us
web-consultant.biz
classifiedline.asia
turkeyclassifieds.asia
classifiedgallery.asia
vehiclesclassifieds.asia
systemsupportalert.online
browsersupportapp.net
helpdeskproductions.org
hxxp://www.hotappdownload.com

The name Anil Verma crops up regularly across the domains I’ve found including being the name used for ussoftwaresolutionsinc.com (anil.verma1392@gmail.com)

The name anil also appears in the javascript source code of the fake virus warning website.

Also related (linked by ga):

ubertechsupport.blogspot.com
dialportsolutionsllc.com “Dialport Solutions llc” (Almost an exact copy of the ussoftwaresolutions website)
usinfosolutions.us
ubertechsupport.tumblr.com

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

4 Responses to ussoftwaresolutionsinc.com fake virus warning message and tech support liars.

  1. don zweig says:

    what should i do to get rid of it?

  2. End Task on your browser, open it up again and _don’t_ click the restore tabs button!

    If you continue to get this kind of pop up when visiting legitimate websites (msn.com, news websites etc.) then you actually may have an infection on your computer. I suggest contacting someone local to you to check the computer if so.

  3. Nica says:

    Can you help me?This thing just happened to me today.i called them and they said the same thing but i didnt say yes to fix.but he can access my computer like he can move my mouse cursor and stuff im just scared they might get my personal information.

  4. Turn the computer off and then ask someone local who you trust or has a good reputation to check your computer for any remaining remote access software. Don’t pay the scam phone support company!

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s