1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cant get rid of porn bill 2

Discussion in 'The Lounge - Off Topic' started by greenbrucelee, Jul 30, 2007.

  1. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I was visiting my brother at his business today.

    He has told me he was a bit pissed one night and was on FHM.com and a pop up came up which he clicked on. It was a 3 day free trial of some porn site which he didnt even enter, he said he just closed it. However he has said whenever he opens his browser which is Internet explorer on XP home he says a bill keeps coming up saying he owes £40. (Yes it was my bro not me):twisted:

    He has said that he phoned them up and he has said that the girl he spoke to say he owes the money because he didnt cancel the free trial (so it automatically signed up to the site).

    He is adamant that he isnt going to pay as the girl confirmed that he had never used the service.

    But what he really wants is to get rid of this pop up bill, they dont have his address so I would say they cant find him.

    What do guys/gals suggest - his pc is a Dell so I would assume he has a restore disk if thats needed.

    Or will spyware remover such as Spybot etc probably do the job?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  2. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Format C: nah I am just kidding. I say run something like spybot or adware, there is also a nice app called Hijack this which is great.

    Clear the cookies, temp files, history.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  3. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Tell your "Bro" to be more careful :)

    Lol :biggrin
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  4. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Yeah thats what I have told him to do well the clear cookies, history etc
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  5. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Tell your bro that he caused his own malware problem. Then he compounded it by calling them: unless he called them from a pay phone or otherwise-untraceable number, they've now got his phone number. The whole point of them popping up that ad is so he WILL call to complain and/or cancel. And by doing that, they've got him... he's fallen right into their trap.

    A malware remover such as Spybot S&D will probably get rid of it, but it might take a couple of different apps to find one that will do the job.

    That said... a malware remover's not gonna delete his information out of the shady company's database. He can only hope that they're not gonna sell that information to a billion mass-marketing companies/phone banks.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  6. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I just hope they he withheld his number when calling them.

    Also people like us would never click on stuff like that, let alone call them but the average person with a comp at home wouldnt know stuff about malware etc
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  7. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Try a system restore in safe mode, should shift most of the spyware in this case. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  8. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Next we'll have to start teaching people how to get porn in order to keep theri computer safe ! :biggrin

    One manager at a company I know complained that there was a problem with his desktop, turns out he'd filled his hard drive with porn,
    IT solution delete porn ? Hell no this was a manager, he got an extra hard disk ! God knows what will happen when that one fills up !
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  9. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    Right, I am going to dig out an old copy (well a month old) of PC Advisor. It explains exactly what your brother is having problems with and trust me no amount of anti-spyware or anti-virus software can tackle this bad boy...give me 5 min...
     
    Certifications: A+
    WIP: my life
  10. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    found it:

    Ever heard of Micro Bill Systems? According to PC Advisor, these guys are notorious for their actions against users who mistakenly click on their ads thinking nothing will happen.

    However, a few days later you get hit with a page on your desktop saying u owe this amount and it will keep appearing until your PC is rendered useless. (the thing is I visit porn sites everyday and havent had one single about this appear on my PC...strange!!).

    Anyway, lets just say your brother (and Headache) are not the only victims out there.

    PC Advisor have been following this for months now and lots of readers on their forums have certainly been voicing their concerns too, especially those with children.

    As I have said, no matter what removal software you use, it wont get rid of this problem. Only paying the sodding bill will. Which is a bummer. But there maybe a glimmer of hope on the horizon (oh by the way the mag is actually this months edition so its only a couple of weeks old lol). PC Advisor will be meeting with MBS (Micro Bill Systems) very soon to discuss a way forward about their billing methods. When more crops up I shall inform all.

    Hope that has cleared things up for some people. In future if u see anything resembling MBS or Micro Bill Systems...DO NOT CLICK ON IT!!
     
    Certifications: A+
    WIP: my life
  11. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    I like this guys methods...would u mind passing on my comments to him? :biggrin
     
    Certifications: A+
    WIP: my life
  12. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Too bad computers don't come with an operating manual. However, even if it did, few people would read them. :p
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  13. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    My brother did mention an MBS as it matters

    But no matter what he is not gonna pay the bill and my brother is a director with Nissan so he knows the law.

    how can he pay for something he never used or chose to use he says he never accepted he clicked on the x to close the pop up down.

    He will go to court if it gets further, I am gonna try spyware, history removal etc

    If not i am gonna restore his pc or format it, surely that'll remove it.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  14. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Its just software, if you can find all the processes and kill them and all the files and remove them the problem will be solved. Its just the programs can be fairly devious installing hooks into the kernel to hide themselves, respawning processes, writing registry sections, killing processes or freezing the PC when scanners are run etc.

    Try searching for MBS removal on google, looks like various people have had a go.

    You may need to launch in safe mode, or use a boot disk, linux boot CD's can be very useful sometimes.
    This may help you see the files as certain drivers may not be loaded, sometimes rootkits use fake drivers to load and mask themselves.
    Also a boot disk will not load the OS so again will help to prevent the rootkit from loading itself into memory.
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  15. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Is this part from the PC Advisor article or just your own thoughts, worst case i would say format the thing but man dont pay
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  16. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Yeah it might come to the format, just hope he has his dell restore disk.

    But he definetly wont pay thats for sure :D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  17. shambles

    shambles Guest

  18. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    Its what PC Advisor said as other readers have tried this but to no avail...yes re-format is the only option available. But GBL, I agree with your brother big time and if he takes them to court he better be prepared for their lies...
     
    Certifications: A+
    WIP: my life
  19. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Some people reported success, like I said if you manage to find all the files and remove them while there are no malware processes running you will be ok.

    Some people may have only removed half the infection, a virus duplicates itsef all over whatever media it can find, hard disk, floppy, memory card, as a process in memory etc. The filenames can often look legit. Some viruses can insert their payload into other files, valid system files could be infected so you might need to delete them and reinstall them.

    The details change but the fundamentals don't, remove the malware processes, files and registry entries then they can't run or re-infect.
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  20. shambles

    shambles Guest

    seconded...
     

Share This Page

Loading...