[Virus/Malware] I involved the POLICE!

[Titoist]

So my dad called me demanding I go to the house immidietly. He stated that he got the virus and I thought nothing of it. I thought I was just going to remove it like always. However, this time it was different. This was the most intrusive and threatening virus/malware that I called the police. They sent over a Cybercrimes Investigator within 20min. Like me, he was shocked as well. Not only did this attack blatantly COPY and imitate the Federal Government, but it went as so far as to name my dad, his address, SIC, and take his picture. Not only that, but it paralyzed the wireless network and the computer. I could not do anything. Due to the severity of this attack, the Police informed the RCMP and we force kicked the computer into windows where now I am running a new antivirus (Norton 360) and Malwarebytes to remove the threat.

I posted this to let everyone become aware of this new threat. The Virus was acquired from the Google Homepage. Download logs indicated that. Overall, what do you think and how can it be combated. We called the police because of the personal info security breach.

[CrashG]

You called the cops.. for a virus?

Sounds like the same scam as the FBI (screenshots from the webcam and all) one here in the states:

http://www.fbi.gov/n...w-internet-scam

[Yorak]

Wow, think you might be taking this a bit too seriously? Perhaps you should just secure his PC and move on...

[Titoist]

You guys missed the part where the virus took the Social Insurance Card number. That's what concerned me. We didn't have that information on the computer... so where it get it?

[linsook]

You guys missed the part where the virus took the Social Insurance Card number. That's what concerned me. We didn't have that information on the computer... so where it get it?

Maybe your dad used it elsewhere? Cra SIN log in. Credit card sign up, credit check, etc...

[mudslag]

Had a similar virus, rebooted into safe mode, took it off and was good to go. It asks you to pay to remove, again booted into safe mode and it was easy to remove from there.

[Titoist]

What matters is that it was reported and even the investigator stated that it was a good idea to call incase there is any future fraud.

[CrashG]

Yes, you should notify your (or dads) bank, change all passwords/PIN numbers, get new cards and such., but involve the cops? Actually you should still do that, don't rely on the cops to do that for ya.

Don't see where it listed the Social Insurance Card number (or where you blanked it out) in the screenshot, just like the FBI one I posted.

[Dot Matrix]

So what was he downloading that he shouldn't have been?

[Obi-Wan Kenobi]

That's an extreme reaction to a common threat. Wow, talk about overkill! Especially when it's so easy to remove in the first place! Are you sure your dad didn't give in and give them the info out of fear? I've seen this happen before....fake scare, better enter info, because hey....if it says police, it must be true, right? I think you might have over reacted. Now, if his credit cards had been used elsewhere, then yes, sure, call the authorities....but this is like literally the second time I've seen this...."Dad" got the fbi/police virus, now every time he boots up, he gets the scare....so to keep it quiet, he enters his details into this (obviously) fake scare screen.....only to have his identity stolen...only to reboot windows and the threat still be there. Research: it's better than jumping to conclusions any day. ;) Lesson learned.

[hjf288]

Well done, they will probably do f all about it though :)

[Titoist]

Well the authorities here have a cybercrime department. I didn't call 911, I called the specific department. The purpose of that department is simply to record and publish new threats, and help people who have had their identities stolen, etc. Yes, I did over react, but better safe than sorry regardless of how common it is. Like I said, I have not seen such a program before and I thought it was a legitimate threat.

I just received a call from the RCMP. They will publish a cyber bulletin on their website notifying people that there is a Canadian version of this virus.

[Japlabot]

I see the point, that his name/SIC (I think that's like a SSN) was compromised, that's the only concern I would have, not the actual virus itself.

[Circaflex]

i highly doubt he got this from the google homepage btw

[Titoist]

i highly doubt he got this from the google homepage btw

I don't know where he got it or how. I arrived after the occurrence.

[Circaflex]

"The Virus was acquired from the Google Homepage. Download logs indicated that."

then why would you claim something like that?

[TAZMINATOR]

Simon,

He called Cybercrimes to check it out so they will report it and probably track that person who created the virus/malware. So OP is making sure his dad is not a victim of identity theft.

Of course cops do not come to the house to remove crap for you... all they do is report and probably track someone down.

[fusi0n]

U dun goofed! Better backtrace it!!

[Titoist]

"The Virus was acquired from the Google Homepage. Download logs indicated that."

then why would you claim something like that?

That is what the investigator told me once he checked the computer. He showed up, put some USB stick into the computer that ran a DOS program. Program scanned the computer and he wrote things down. He found out several things,

1. International IP

2. Program came from www.google.ca

3. International malware cannot be tracked by local police. He contacted RCMP and provided information from USB stick. RCMP will attempt to follow where the money is being transferred since Ukash is being used (without actually transferring money).

4. RCMP will publish warning.

I just wanted to inform people about this program. I did not know that some people already knew about it.

[PNWDweller]

For everyone who is complaining he called the cybercrimes division, why not? Sure, he could have nuked the virus (since we are all well versed in this topic here), but let's assume for a moment that he did this. Then, it is shrugged off to be infected later on possibly and run through the same garbage.

When the cybercrimes division gets involved, they have the power to trace things back further than you might think via the ISP involved. They could trace back the records via a warrant (at least here), and find the originating source of the data. Then take action against that source or trace even further. And with the apparently alarming information contained in the virus such as his ultra private id numbers (social security type), then there is a reason to also call police as there might have been identity theft involved. (I have been a victim of Identity theft and it is not something you would ever want to go through -trust me), With a case number, they could probably give that to any parties involved later on down the road which might have been taken by his identification and bought a lot of things on his credit and never paid. Then it goes to collections/legal action - his Dad finds out later and then is sued. With that case number - it is sort of his insurance against being liable for those charges.

I am sorry this happened to your Dad, it is scary to see this type fo stuff come around especially as sophisticated they are lately.

[jkrupa128]

I'm sure no porn was involved...{Rolls eyes}

[CrashG]

In the screenshot I didn't see where the SSN/SIC number was mentioned or blocked out, just a IP and City.

And curious minds want to know what the RCMP used to "check" the computer. Malwarebytes (pro or free version)?

[Obi-Wan Kenobi]

I'm sure no porn was involved...{Rolls eyes}

Exactly. Every time I've seen this infection, it's never had anything to do with porn. </s> :rolleyes:

[Titoist]

TA DA.... They posted it, and stated to call police once you receive it. http://www.rcmp-grc.gc.ca/scams-fraudes/scareware-eng.htm

[neufuse Veteran]

i highly doubt he got this from the google homepage btw

why do you highly doubt it? I saw someone at work get the FBI scam one from a google image search, after clicking on the image it went right to that via an exploit (we think it was a java exploit)

I got hit with something similar on Houzz.com, and that is not a malware site, it's a pretty large house design site...