Screenconnect, Connectwise, Logmein Rescue, Teamviewer11, ShowMyPC, Microsoft Registartion Files

Lorian

peterbaker wrote: »

That is even with the Microsoft Registration folder sat on the desktop containing two horrible little javascripts:mad:

upload one of the javascript files to virustotal and it will tell you which packages think its dangerous.

peterbaker

EveryWhere wrote: »

I tried it. No Hits at all. Is that the way that it is spelled on your Desktop?

If you just type Microsoft Registartion into Google with no quotes then you might be given a bunch of hits that contain the mispelling Registartion with a hit for this thread maybe at sixth position (but it varies with location and individual Google settings on your browsing preferences in ways again that 9,999 persons in 10,000 do not fully understand including me!)

If you put quotes around it and search for "Microsoft Registartion" then you will likely be offered hits to "Microsoft Registration" because Google will assume you mispelled it.

It will however at the top of the page then in that case give you the opportunity to click on a link which basically confirms that you really did mean "Microsoft Registartion" and that is where (on my Windows PC at least and on two mobile devices) using any of my 7 browsers including an outdated copy of Safari for Windows and two different mobile OS browsers, this thread is shown as the top hit

And no, the folder on the desktop is spelled correctly, but inside at the first level it has a sub-folder called "Microsoft Registartion" within in which I suspect (because it figures in the early part of the Google Chrome history chronologically in the progress of the fraud i.e. during the telephone call) the fraudsters have thrown their javascript tools over the fence first before scaling it fully.

peterbaker

Lorian wrote: »

upload one of the javascript files to virustotal and it will tell you which packages think its dangerous.

Thanks Lorian, I might try it although that PC is quarantined ready for reformatting at the moment. I can tell you that having studied a little of the javascript in a file called bid.js using Notepad, I found a unique typically very long component ID which indeed had appeared more than once in a short list of recent installed components I could see by searching for it within regedit. Whether that component ID relates to a regular normally safe feature of most people's Windows PC's, I don't know.

Edit: Others may also notice that a Search for "Microsoft Registartion" "bid.js" is more or less almost what some techie people call a "Googlewhack" i.e. the only hit containing both phrases on the whole world wide web excluding the "dark web" I guess is this thread as of about 5 minutes after I first posted this very post.

esuhl

peterbaker wrote: »

Anyone seen evidence of Screenconnect, Connectwise, Logmein Rescue, Teamviewer11, ShowMyPC, Microsoft Registartion Files on their PC?

The main brand antivirus programs seemingly don't report their existence.

These programs are not viruses. Most are like the "Remote Desktop" -- a feature built-in to Windows.


So... Do you want your antivirus to warn you that you're using Windows? Maybe format the hard drive or stop you using your computer for your own protection? :rotfl:


And... What are "Microsoft Registartion Files"?! Do you mean registry files? Why should an antivirus program alert you to them? Why not .BAT files and .COM files too?

peterbaker wrote: »

Well such software will only end up live on your machine by fraudsters who have far too easy non-verified access to such dangerous software...

Don't be ridiculous! I have TeamViewer on my PCs, and I often install it on friends' PCs so I can assist them remotely.


The one common thing that all these fraudsters have is a computer! A dangerous tool that criminals can buy without undergoing any checks!!! Gasp!

peterbaker wrote: »

If you see a normal non-corporate antivirus customer with these Tech Support Desk type softwares on their machine, you are saying they should not be reported by the antivirus software? Why not? Even simple adware is reported routinely!

Actually, it wouldn't be a bad idea to have antiviruses alert users to open incoming connections in these programs. It's worth disabling remote access when you don't need it.

peterbaker

esuhl wrote:

The one common thing that all these fraudsters have is a computer! A dangerous tool that criminals can buy without undergoing any checks!!! Gasp!

Indeed and if they load it, and yours, with strong software after using cascadingly weak (ShowmyPC) to medium strength e.g. Teamviewer11, free trial Screenconnect software, you may soon find they have used YOUR money to upgrade their Screenconnect license to PREMIUM (very strong remote control) and then they can have a real laugh, eh? Personally I don't know where LogMeIn Rescue figures on the weak to strong spectrum, but I suspect it has a special use to fraudsters somewhere in the middle of the process.


No I do mean Microsoft Registartion (mispelled as it is by the fraudsters!)

Anyway thanks esuhl for your last comment at least, you saw at least one of my points in the end

AndyPix

What a silly thread !!


Of course AV suites dont flag these programs because they are completely legitimate tools..


By your reasoning then surely AV programs should flag browsers as being dangerous too, because they are the most common infection vector ..


Bizzare is an understatement

John_Gray

Thank heaven we have long since got over the times when people used frantically to email to each other:

BEWARE of the XXX virus!!! * :eek:

and ask the recipient to

Send this message to all your friends!

At least these pointless warnings have become more sophisticated.
Oh wait...

* yes, usually written with multiple exclamation marks

almillar

Because on a cascading basis and not in the order I gave them, they are the preferred tools of trade of confidence tricksters and they can all be downloaded in the background and the strongest versions purchased using fraudulently set up online registrations from anonymous new email accounts, ALL WHILST THE VICTIM IS DISTRACTED

I could stab and kill you with a kitchen knife, but it's still a useful tool for its job, and should remain for sale, as are the pieces of software you describe. They can't be downloaded to a user's computer without the user giving some sort of consent. I suggest you work on not being distracted.

But nope, the freeware version at least reported a computer containing all the above titled softwares as clean as a whistle

IT IS clean as a whistle!

Windows actually comes with screen sharing/collaboration software of the type you want to report as viruses!

You're barking up the wrong tree. By the time this stuff is installed by a rogue on a user's computer, they've already ignored some part of the tried and tested advice (MS don't phone you, your computer isn't breaking the internet, DHL don't have a package for you, Sexy Suzy doesn't have any Viagra waiting for you, etc etc).

dealer_wins

I use Teamviewer a lot, great piece of software.

Anyone who gets a cold call, and then proceeds to download software, install and run it quite frankly should not be using a computer.

Its 2018 and these scams have been common knowledge for many years now.

indesisiv

Hang on a min I am a bit confused here. You want to have a warning for any program that you have installed yourself? Because the scammers certainly haven't installed the program.
Why not just not click on random links and install things that you don't know.
Personally I use teamviewer quite a lot to access my home PC from my mobile. I certainly wouldn't want this process interrupting by having to go home and then click something to allow the connection, what would be the point of that!