• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 18:02
CEST 00:02
KST 07:02
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins HomeStory Cup 2914Serral wins Maestros of the Game 243ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12
Community News
Reynor: GSL Loss Wasn't About Preparation Format12[IPSL] Spring 2026 Grand Finals - This Weekend!1Weekly Cups (July 6 - 12): Protoss strike back11BSL Season 22 Full Overview & Conclusion8BSL Season 22 Full Overview & Conclusion8
StarCraft 2
General
Serral wins HomeStory Cup 29 Weekly Cups (July 6 - 12): Protoss strike back Yamato Cup Series Is the larve respawn broken? Interview with an American 16 Year Old Grandmaster
Tourneys
WardiTV Summer Cup 2026 GSL CK #5 Race War RSL Revival: Season 6 - Qualifiers and Main Event HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 534 Burning Evacuation Mutation # 533 Die Together Mutation # 532 Nuclear Family
Brood War
General
Pros Debate: Zerg Unfairly Nerfed? (ASL S22 map) screpdb: new Starcraft reporting tool ASL 22 Proposed Map Pool BSL Season 22 Full Overview & Conclusion BGH Auto Balance -> http://bghmmr.eu/
Tourneys
[ASL22] Wildcard Qualifier [IPSL] Spring 2026 Grand Finals - This Weekend! [Megathread] Daily Proleagues IPSL Spring 2026 Top 4!
Strategy
Fighting Spirit mining rates Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies
Other Games
General Games
General RTS Discussion Thread Nintendo Switch Thread Stormgate/Frost Giant Megathread Path of Exile Summer Games Done Quick 2026!
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
TL Mafia Power Rank NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread Vanilla Mini Mafia
Community
General
US Politics Mega-thread UK Politics Mega-thread Russo-Ukrainian War Thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The IdrA Fan Club The HerO Fan Club!
Media & Entertainment
Anime Discussion Thread [Req][Books] Good Fantasy/SciFi books Movie Discussion! Series you have seen recently...
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
Simple Questions Simple Answers FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard?
TL Community
Northern Ireland Global Starcraft The Automated Ban List
Blogs
Poker (part 2)
Nebuchad
The Experiences We Want and …
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
Customize Sidebar...

Website Feedback

Closed Threads



Active: 6095 users

Screw Scamware

Blogs > tofucake
Post a Reply
Normal
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 07 2010 16:08 GMT
#1
For the past 2 hours I've been fixing the receptionist's computer. The problem? Scamware. Clever, annoying scamware. The kind I hate most.

Plenty of people run into spyware. Ads popping up at random, tracking cookies (they count) for certain sites, and things like that. Scamware takes it to the next level: it tries to extort you at the same time.

This one was pretty sophisticated. It posed as an AntiVirus software. It intercepted all DNS requests to anywhere but its site (antivirmore.com). It reported fake "infected files" (real files, just not really infected). It also blocked all programs except browsers. That meant I couldn't go into notepad and block/redirect the site in hosts.

So I tried to boot into safe mode, but no....it's a corporate computer, so obviously nobody trusts anyone: there was a password lock on BIOS and the boot menu. While in theory this is a good idea, it's pretty bad practice when nobody (including the CEO) knows the damn password.

After about 2 minutes of trying to guess it, I said "screw you software, I have direct access to the hardware." And so I grabbed a screwdriver and opened up the computer. For the next 10 minutes I looked for the CMOS reset jumper. It was hidden under a bunch of cables and under the lip of the case..arg. I reset CMOS, rebooted, got into safe mode, system restored to last week, and installed a real antivirus.

Back to the scamware: it blocked everything and said you had to activate the product to remove the infection. This would cost $189.00, and I'm quite sure all that would accomplish would be to disable the blocks temporarily (odds are it was a yearly subscription) and not activate any kind of real AV.

All in all, screw scamware. And everyone stop downloading things.

*****
Liquipediaasante sana squash banana
Djzapz
Profile Blog Joined August 2009
Canada10681 Posts
Last Edited: 2010-07-07 16:15:16
July 07 2010 16:14 GMT
#2
I've had to deal with that kind of problem too, about 2 months ago. Same deal with a fake AV program... Usually I handle it in safe mode and get rid of it from there.

That time, it wouldn't let me start any programs at all, and the first thing I tried was to close it in task manager but it wouldn't come up...... So I spammed task manager and somehow one DID pop up. I tried to shut down the infected process and it didn't work - so I spammed again and it actually CRASHED the scamware =D

So I just installed some spyware removal software and it did the trick. Took about 15 minutes and I didn't even have to reboot. It was kind of funny to me seeing how I've had to handle *VERY* annoying viruses in the past.
"My incompetence with power tools had been increasing exponentially over the course of 20 years spent inhaling experimental oven cleaners"
sob3k
Profile Blog Joined August 2009
United States7572 Posts
July 07 2010 16:15 GMT
#3
I just have only the OS on a really small hard drive....whenever I catch something I just unplug my data drive and reformat. Very convenient.

Although I haven't got anything for almost a year...and I don't run ANY antivirus.

I guess I just know how to avoid sketch stuff...I wouldn't say I'm a "low risk user" with all the torrenting and cracking I do...

In Hungry Hungry Hippos there are no such constraints—one can constantly attempt to collect marbles with one’s hippo, limited only by one’s hippo-levering capabilities.
ieatkids5
Profile Blog Joined September 2004
United States4628 Posts
July 07 2010 16:15 GMT
#4
that's cool, never knew you could reset stuff like that. and i bet it felt great when you finally fixed the problem. i've gone through a ton of different computer software and hardware problems that when i finally found a solution and got something to work, i felt damn accomplished. one of those 'fuck yeah' moments.

also, im going to continue downloading things.
Judicator
Profile Blog Joined August 2004
United States7270 Posts
July 07 2010 16:17 GMT
#5
On July 08 2010 01:08 tofucake wrote:
For the past 2 hours I've been fixing the receptionist's computer. The problem? Scamware. Clever, annoying scamware. The kind I hate most.

Plenty of people run into spyware. Ads popping up at random, tracking cookies (they count) for certain sites, and things like that. Scamware takes it to the next level: it tries to extort you at the same time.

This one was pretty sophisticated. It posed as an AntiVirus software. It intercepted all DNS requests to anywhere but its site (antivirmore.com). It reported fake "infected files" (real files, just not really infected). It also blocked all programs except browsers. That meant I couldn't go into notepad and block/redirect the site in hosts.

So I tried to boot into safe mode, but no....it's a corporate computer, so obviously nobody trusts anyone: there was a password lock on BIOS and the boot menu. While in theory this is a good idea, it's pretty bad practice when nobody (including the CEO) knows the damn password.

After about 2 minutes of trying to guess it, I said "screw you software, I have direct access to the hardware." And so I grabbed a screwdriver and opened up the computer. For the next 10 minutes I looked for the CMOS reset jumper. It was hidden under a bunch of cables and under the lip of the case..arg. I reset CMOS, rebooted, got into safe mode, system restored to last week, and installed a real antivirus.

Back to the scamware: it blocked everything and said you had to activate the product to remove the infection. This would cost $189.00, and I'm quite sure all that would accomplish would be to disable the blocks temporarily (odds are it was a yearly subscription) and not activate any kind of real AV.

All in all, screw scamware. And everyone stop downloading things.


This is hardly clever...by the time it pretends to be anti-virus, you're already too late. Your receptionist was just browsing sites that they shouldn't have been.

R1CH's thread says hello by the way
Get it by your hands...
Jaw
Profile Blog Joined July 2008
United States274 Posts
July 07 2010 16:17 GMT
#6
i had vista defender it was so bad that i ran to foxfire for noscript
Djzapz
Profile Blog Joined August 2009
Canada10681 Posts
July 07 2010 16:18 GMT
#7
It's been about 4-5 years since I got an issue with viruses on my own computers. I do run an antivirus. At this point it's not worth not having one unless your computer is really old IMO.
"My incompetence with power tools had been increasing exponentially over the course of 20 years spent inhaling experimental oven cleaners"
barbsq
Profile Joined November 2009
United States5348 Posts
July 07 2010 16:20 GMT
#8
dude, as an IT person, i totally feel you,

esp when its an important computer that has various important files for research and whatnot (i work for a uni IT dept.), it just makes me wonder how these ppl got these in the first place T.T
The worst one i ever had to deal with, it locked me out of safe mode (i got hanged), so i had to boot through linux in order to copy data to another harddrive, scan it, and then reformat the original hdd. Basically took all day and wasn't fun.
Look at this guy, constantly diluting himself! (╮°-°)╮┳━┳ ( ╯°□°)╯ ┻━┻
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 07 2010 16:20 GMT
#9
It's not a very well known thing, the CMOS reset jumper. The only reason it exists is to flush the BIOS settings completely, and it's not something I like doing.

Also, I feel great when I fix my computers on my own time, but when I fix a company computer during company time, all I can think is "great, now I'm 2 hours behind on my other work...."
Liquipediaasante sana squash banana
keNn)
Profile Blog Joined February 2003
Philippines297 Posts
Last Edited: 2010-07-07 16:21:34
July 07 2010 16:21 GMT
#10
i encountered something like this before when i was in my OJT. after fixing the problem identical to yours. i made an email( instructionals how to avoid this kind of stuffs and some technical tips) then forward it to all employee in the company(ask permission to your boss before sending it).

It work.after that I had so much free time on work LOL.
^_^
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 07 2010 16:22 GMT
#11
On July 08 2010 01:17 Judicator wrote:
Show nested quote +
On July 08 2010 01:08 tofucake wrote:
For the past 2 hours I've been fixing the receptionist's computer. The problem? Scamware. Clever, annoying scamware. The kind I hate most.

Plenty of people run into spyware. Ads popping up at random, tracking cookies (they count) for certain sites, and things like that. Scamware takes it to the next level: it tries to extort you at the same time.

This one was pretty sophisticated. It posed as an AntiVirus software. It intercepted all DNS requests to anywhere but its site (antivirmore.com). It reported fake "infected files" (real files, just not really infected). It also blocked all programs except browsers. That meant I couldn't go into notepad and block/redirect the site in hosts.

So I tried to boot into safe mode, but no....it's a corporate computer, so obviously nobody trusts anyone: there was a password lock on BIOS and the boot menu. While in theory this is a good idea, it's pretty bad practice when nobody (including the CEO) knows the damn password.

After about 2 minutes of trying to guess it, I said "screw you software, I have direct access to the hardware." And so I grabbed a screwdriver and opened up the computer. For the next 10 minutes I looked for the CMOS reset jumper. It was hidden under a bunch of cables and under the lip of the case..arg. I reset CMOS, rebooted, got into safe mode, system restored to last week, and installed a real antivirus.

Back to the scamware: it blocked everything and said you had to activate the product to remove the infection. This would cost $189.00, and I'm quite sure all that would accomplish would be to disable the blocks temporarily (odds are it was a yearly subscription) and not activate any kind of real AV.

All in all, screw scamware. And everyone stop downloading things.


This is hardly clever...by the time it pretends to be anti-virus, you're already too late. Your receptionist was just browsing sites that they shouldn't have been.

R1CH's thread says hello by the way

I didn't mean clever in the way it presents itself, but rather how it blocks every avenue of attack. Other similar scamwares I've dealt with have had some way to remove it from the computer without a reboot, but this one was very good at not letting me do that. Unfortunately for it, it can't stop me from using a screwdriver.
Liquipediaasante sana squash banana
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 07 2010 16:23 GMT
#12
On July 08 2010 01:20 barbsq wrote:
dude, as an IT person, i totally feel you,

esp when its an important computer that has various important files for research and whatnot (i work for a uni IT dept.), it just makes me wonder how these ppl got these in the first place T.T
The worst one i ever had to deal with, it locked me out of safe mode (i got hanged), so i had to boot through linux in order to copy data to another harddrive, scan it, and then reformat the original hdd. Basically took all day and wasn't fun.

Not only that, but that and IIRC every other computer all have a drive mapped from the same source. I'm lucky it (apparently) didn't spread beyond just the one computer.
Liquipediaasante sana squash banana
StRyKeR
Profile Blog Joined January 2006
United States1739 Posts
July 07 2010 16:45 GMT
#13
it's tofucake!
Ars longa, vita brevis, principia aeturna.
monkh
Profile Blog Joined April 2010
United Kingdom568 Posts
July 07 2010 16:45 GMT
#14
For like 20 years I've been using computers and the internet and I rarely use AV software. I feel so left out never had a virus or spyware.
Daeden.620
BrTarolg
Profile Blog Joined June 2009
United Kingdom3574 Posts
July 07 2010 16:58 GMT
#15
I had a vista defender one that worked in safemode, and still made popups even when i was reinstalling fricking windows, blocked all registry editing, browsers, corrups all AV's etc.

that was the most annoying one, i literally had to format and install windows for it, never had one as bad at that before
Baksteen
Profile Blog Joined June 2010
Netherlands438 Posts
July 07 2010 18:09 GMT
#16
The annoying part is where people do have enough user rights to get it on their computer but you never have enough rights to get rid of it
Derp Derp Derp
barbsq
Profile Joined November 2009
United States5348 Posts
July 07 2010 18:11 GMT
#17
On July 08 2010 01:23 tofucake wrote:
Show nested quote +
On July 08 2010 01:20 barbsq wrote:
dude, as an IT person, i totally feel you,

esp when its an important computer that has various important files for research and whatnot (i work for a uni IT dept.), it just makes me wonder how these ppl got these in the first place T.T
The worst one i ever had to deal with, it locked me out of safe mode (i got hanged), so i had to boot through linux in order to copy data to another harddrive, scan it, and then reformat the original hdd. Basically took all day and wasn't fun.

Not only that, but that and IIRC every other computer all have a drive mapped from the same source. I'm lucky it (apparently) didn't spread beyond just the one computer.


Yes, standard operating procedure states that all virus-related cases require us to scan the network drives that the person had access to so that it doesnt contaminate the network. Networks are so hard to maintain :/
Look at this guy, constantly diluting himself! (╮°-°)╮┳━┳ ( ╯°□°)╯ ┻━┻
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 07 2010 18:19 GMT
#18
On July 08 2010 01:45 StRyKeR wrote:
it's tofucake!

Indeed.

On July 08 2010 03:09 Baksteen wrote:
The annoying part is where people do have enough user rights to get it on their computer but you never have enough rights to get rid of it

I'm sort of lucky there, since the account was a limited one.


On July 08 2010 03:11 barbsq wrote:
Show nested quote +
On July 08 2010 01:23 tofucake wrote:
On July 08 2010 01:20 barbsq wrote:
dude, as an IT person, i totally feel you,

esp when its an important computer that has various important files for research and whatnot (i work for a uni IT dept.), it just makes me wonder how these ppl got these in the first place T.T
The worst one i ever had to deal with, it locked me out of safe mode (i got hanged), so i had to boot through linux in order to copy data to another harddrive, scan it, and then reformat the original hdd. Basically took all day and wasn't fun.

Not only that, but that and IIRC every other computer all have a drive mapped from the same source. I'm lucky it (apparently) didn't spread beyond just the one computer.


Yes, standard operating procedure states that all virus-related cases require us to scan the network drives that the person had access to so that it doesnt contaminate the network. Networks are so hard to maintain :/
That would murder me and waste about 3 days. Too many computers, not enough AV. Unfortunately, it also probably means that I'll have to deal with this crap again soon.
Liquipediaasante sana squash banana
exeexe
Profile Blog Joined January 2010
Denmark937 Posts
July 07 2010 18:22 GMT
#19
get antivirus .. oh no wait.. that cost money .. learn to dodge .. its free :DDDDDD
And never forget, its always easier to throw a bomb downstairs than up. - George Orwell
Baksteen
Profile Blog Joined June 2010
Netherlands438 Posts
July 07 2010 18:30 GMT
#20
On July 08 2010 03:11 barbsq wrote:
Show nested quote +
On July 08 2010 01:23 tofucake wrote:
On July 08 2010 01:20 barbsq wrote:
dude, as an IT person, i totally feel you,

esp when its an important computer that has various important files for research and whatnot (i work for a uni IT dept.), it just makes me wonder how these ppl got these in the first place T.T
The worst one i ever had to deal with, it locked me out of safe mode (i got hanged), so i had to boot through linux in order to copy data to another harddrive, scan it, and then reformat the original hdd. Basically took all day and wasn't fun.

Not only that, but that and IIRC every other computer all have a drive mapped from the same source. I'm lucky it (apparently) didn't spread beyond just the one computer.


Yes, standard operating procedure states that all virus-related cases require us to scan the network drives that the person had access to so that it doesnt contaminate the network. Networks are so hard to maintain :/
That would murder me and waste about 3 days. Too many computers, not enough AV. Unfortunately, it also probably means that I'll have to deal with this crap again soon.
[/QUOTE]

I don't envy you

Where i work i'm the only one who knows the basic stuff about IT so we have it out sourced. I am so glad we did that everytime i read a post like this.

Good luck though and hope it won't happen again.
Derp Derp Derp
barbsq
Profile Joined November 2009
United States5348 Posts
July 07 2010 18:30 GMT
#21
On July 08 2010 03:19 tofucake wrote:
Show nested quote +
On July 08 2010 01:45 StRyKeR wrote:
it's tofucake!

Indeed.

Show nested quote +
On July 08 2010 03:09 Baksteen wrote:
The annoying part is where people do have enough user rights to get it on their computer but you never have enough rights to get rid of it

I'm sort of lucky there, since the account was a limited one.


Show nested quote +
On July 08 2010 03:11 barbsq wrote:
On July 08 2010 01:23 tofucake wrote:
On July 08 2010 01:20 barbsq wrote:
dude, as an IT person, i totally feel you,

esp when its an important computer that has various important files for research and whatnot (i work for a uni IT dept.), it just makes me wonder how these ppl got these in the first place T.T
The worst one i ever had to deal with, it locked me out of safe mode (i got hanged), so i had to boot through linux in order to copy data to another harddrive, scan it, and then reformat the original hdd. Basically took all day and wasn't fun.

Not only that, but that and IIRC every other computer all have a drive mapped from the same source. I'm lucky it (apparently) didn't spread beyond just the one computer.


Yes, standard operating procedure states that all virus-related cases require us to scan the network drives that the person had access to so that it doesnt contaminate the network. Networks are so hard to maintain :/
That would murder me and waste about 3 days. Too many computers, not enough AV. Unfortunately, it also probably means that I'll have to deal with this crap again soon.


Well, fortunately for us, we run a pretty tight ship. Ppl only have access to a very limited amount of space on the network, with really only staff computers having access to the larger network hdds. For lab computers, it typically only increases the workload by ~ 1-2 hrs or so. Still sux tho
Look at this guy, constantly diluting himself! (╮°-°)╮┳━┳ ( ╯°□°)╯ ┻━┻
Normal
Please log in or register to reply.
Live Events Refresh
Next event in 10h 58m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
ZombieGrub154
StarCraft: Brood War
ZZZero.O 46
Purpose 5
Counter-Strike
summit1g5386
Other Games
tarik_tv4711
Grubby4177
Liquid`RaSZi1426
fl0m646
shahzam378
C9.Mang0341
ToD213
XaKoH 176
Liquid`Hasu142
Organizations
Other Games
gamesdonequick2610
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 14 non-featured ]
StarCraft 2
• StrangeGG 91
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
League of Legends
• TFBlade710
Other Games
• imaqtpie767
• Shiphtur331
Upcoming Events
Replay Cast
10h 58m
CrankTV Team League
12h 58m
Replay Cast
1d 10h
CrankTV Team League
1d 12h
Replay Cast
2 days
RSL Revival
2 days
Clem vs Lambo
Scarlett vs Cure
CranKy Ducklings
2 days
IPSL
2 days
Dragon vs Hawk
RSL Revival
3 days
Classic vs Trap
herO vs SHIN
Sparkling Tuna Cup
3 days
[ Show More ]
IPSL
3 days
Bonyth vs Ret
WardiTV Weekly
4 days
Monday Night Weeklies
4 days
PiGosaur Cup
6 days
The PondCast
6 days
Liquipedia Results

Completed

YSL S3
HSC XXIX
Eternal Conflict S2 E2

Ongoing

IPSL Spring 2026
Acropolis #4
CSL 2026 Summer (S21)
KCM Race Survival 2026 Season 3
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
Stake Ranked Episode 3
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

Escore Tournament S3: W3
ASL S22 SEASON OPEN Day 1
Escore Tournament S3: W4
ASL S22 SEASON OPEN Day 2
Escore Tournament S3: W5
CSLAN 4
Blizzard Classic Cup 2026
HSC XXX
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.