1 2 Previous Next 11 Replies Latest reply on Oct 7, 2016 4:34 PM by catdaddy

    Ransomware pretending to be from Microsoft

    torikiro

      It started around September 29, 2016 (a week ago since posting). Clicking on a news story on Microsoft Edge or Internet explorer redirects to a dramatic warning of infection, complete with a constantly changing toll free phone number and a warning that my computer will be locked unless I respond. Examples of URLs are ps4ux.com, siteadvisor.com, Counterflix, Reimagerepair. A search for these [using a different uninfected device] lists phony looking advice websites with names like pcrisk, enigmasoftware, malwaretips, spywareremove, pcinfectionsupport, all intended to lure the unwary.

       

      McAfee total support finds a few infected dlls. Application list sorted by install date has nothing dangerous.

      I can play games without problems, but any search or msn.com news item starts the barrage of fake messages.

       

      Does anyone else experience this?

        • 1. Re: Ransomware pretending to be from Microsoft
          catdaddy

          torikiro

                          Any advice from the website (Malwaretips) should be considered as invaluable advice. As it is a most reputable resource in fighting Malware and other Exploits. My personal advice is to take a look at these Superb Applications which can be obtained from this link Anti-Spyware/Malware & Hijacker Tools

           

                          I recommend running the Latest McAfee Stinger/Followed up by Malwarebytes (Free).

                          In addition try running (AdwCleaner) also.

           

                           As a matter of fact here is a Removal Guide that suggests using the Applications I/we mentioned.

                            https://malwaretips.com/blogs/remove-counterflix-ads/

           

          All the best,

          Cliff

          Consumer Products

          Moderator

          • 2. Re: Ransomware pretending to be from Microsoft
            catdaddy

            Moved to Malware Discussion > Home User Assistance > Discussions

             

            By

            Moderator

            • 3. Re: Ransomware pretending to be from Microsoft
              Hayton

              First, this isn't ransomware. If it was you'd be tearing your hair out because all your files would be encrypted.

               

              Second, if it's not ransomware it might have been. You were lucky this time. You said, "Clicking on a news story" started off a barrage of phony but threatening screen messages (popups too, I'll bet).

               

              You have been the victim of a drive-by malware infection caused by malvertising - very common on news sites, even major ones. They hate users who use Ad Blockers, because it means they lose revenue, but their precious advertising slots are prime targets for hackers, who will slip in some genuine content and leave it for a while then switch it for something malicious - which does indeed sometimes include ransomware. You've got the lesser problem of fake security scans and fake tech support advertisements.

               

              I don't know whether the drive-by dropped any malware onto your system, but it's possible. You'd better run one or both of Malwarebytes Free and AdwCleaner to get rid of any PUPs - McAfee is ambivalent towards some PUPs, but those other two are far stricter. If you still see these fake warnings afterwards, it's either a re-infection (which you can prevent if you use AdBlock or AdBlock Plus, with or without Ghostery) or something more serious, in which case do please tell us and we'll devise a clean-up plan

              • 4. Re: Ransomware pretending to be from Microsoft
                robertcs49

                I am having exactly the same experience.  I loaded up Kaspersky thinking it wouldd take care of the problem and it didn't come close; they are refunding my money.  In the mean time(and I told them what I found) I did a simple Google search for Counterflix and it says plain as can be that it will change your DNS address for its own control.  I checked it and sure enough it was not that of my provider.  After I learned how to change the DNS address and putting it back to that of my provider and making it static things seemed to work fine but only for a short while as the problem has returned just as torikiro outlined above.

                • 5. Re: Ransomware pretending to be from Microsoft
                  catdaddy

                  robertcs49,

                                         Please try the following Removal Guide:Remove "Ads by Counterflix" adware (Virus Removal Guide) .

                                         You will see that both (Malwarebytes (Free) and (Adwcleaner) are included in the Removal Guide. To keep

                                          Malwarebytes (Free) do not accept the Free Trial/or activate the (Pro) Version.

                   

                                          ( Counterflix ) is even advertised as a 'DNS Service' , which is simply to mislead you.

                                           Kindly inform us if your issues get resolved

                   

                  All the Best,

                  -CD

                  1 of 1 people found this helpful
                  • 6. Re: Ransomware pretending to be from Microsoft
                    robertcs49

                    I ran all three. Malwarebytes found I think 301 items.

                     

                    This is the Adwcleaner log:

                    # AdwCleaner v6.021 - Logfile created 07/10/2016 at 06:55:12
                    # Updated on 06/10/2016 by ToolsLib
                    # Database : 2016-10-07.1 [Server]
                    # Operating System : Windows 8.1  (X64)
                    # Username : Robert - ROBERT
                    # Running from : C:\Users\Robert\Downloads\adwcleaner_6.021.exe
                    # Mode: Clean
                    # Support : https://toolslib.net/forum

                     

                    ***** [ Services ] *****

                     

                    ***** [ Folders ] *****

                    [-] Folder deleted: C:\ProgramData\dba3f0a4
                    [-] Folder deleted: C:\Program Files (x86)\Amazon\Amazon1ButtonApp

                    ***** [ Files ] *****

                     

                    ***** [ DLL ] *****

                     

                    ***** [ WMI ] *****

                     

                    ***** [ Shortcuts ] *****

                    [-] Shortcut disinfected: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
                    [-] Shortcut disinfected: C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

                    ***** [ Scheduled Tasks ] *****

                     

                    ***** [ Registry ] *****

                    [-] Key deleted: HKU\S-1-5-21-613403212-802631072-3588574253-1001\Software\Classes\Navionics.Nav Connect
                    [-] Key deleted: HKU\S-1-5-21-613403212-802631072-3588574253-1001\Software\Classes\Navionics.Nav Connect.1
                    [#] Key deleted on reboot: HKCU\Software\Classes\Navionics.NavConnect
                    [#] Key deleted on reboot: HKCU\Software\Classes\Navionics.NavConnect.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
                    [-] Key deleted: HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
                    [-] Key deleted: HKLM\SOFTWARE\Classes\AmazonAppIE.GatewayFactory
                    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Navionics.NavConnect
                    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Navionics.NavConnect.1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GatewayFactory
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
                    [-] Key deleted: HKU\S-1-5-21-613403212-802631072-3588574253-1001\Software\StackPlayer
                    [#] Key deleted on reboot: HKCU\Software\StackPlayer
                    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
                    [#] Key deleted on reboot: [x64] HKCU\Software\StackPlayer
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pricepeep.net
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.pricepeep00.pricepeep.net
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pricepeep.net
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.pricepeep00.pricepeep.net
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
                    [-] Value deleted: HKU\S-1-5-21-613403212-802631072-3588574253-1001\Software\Microsoft\Windows\Cur rentVersion\Run [Stack Player]
                    [-] Value deleted: HKU\S-1-5-21-613403212-802631072-3588574253-1001\Software\Microsoft\Windows\Cur rentVersion\Explorer\StartupApproved\Run [Stack Player]
                    [#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Stack Player]
                    [#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Stack Player]

                    ***** [ Web browsers ] *****

                    [-] Chrome preferences cleaned: "browser.search.defaultenginename.US" -  "Yahoo! Powered"

                    *************************

                    :: "Tracing" keys deleted
                    :: Winsock settings cleared

                    *************************

                    C:\AdwCleaner\AdwCleaner[C1].txt - [3582 Bytes] - [21/04/2016 15:56:19]
                    C:\AdwCleaner\AdwCleaner[C2].txt - [6041 Bytes] - [07/10/2016 06:55:12]
                    C:\AdwCleaner\AdwCleaner[S1].txt - [3860 Bytes] - [21/04/2016 14:31:33]
                    C:\AdwCleaner\AdwCleaner[S2].txt - [6282 Bytes] - [07/10/2016 06:54:00]

                    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6260 Bytes] ##########

                     

                    I did HitmanPro also and this is it's log:

                    [code]
                    HitmanPro 3.7.14.280
                    www.hitmanpro.com

                       Computer name . . . . : ROBERT
                       Windows . . . . . . . : 6.3.0.9600.X64/4
                       User name . . . . . . : ROBERT\Robert
                       UAC . . . . . . . . . : Enabled
                       License . . . . . . . : Paid (365 days left)

                       Scan date . . . . . . : 2016-10-07 07:04:23
                       Scan mode . . . . . . : Normal
                       Scan duration . . . . : 12m 41s
                       Disk access mode  . . : Direct disk access (SRB)
                       Cloud . . . . . . . . : Internet
                       Reboot  . . . . . . . : No

                       Threats . . . . . . . : 0
                       Traces  . . . . . . . : 68

                       Objects scanned . . . : 3,129,258
                       Files scanned . . . . : 276,778
                       Remnants scanned  . . : 1,374,314 files / 1,478,166 keys

                    Potential Unwanted Programs _________________________________________________

                       ask.com
                       C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data

                       trovi.com
                       C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data

                       trovi.search
                       C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data

                       trovi.search_
                       C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data

                       HKLM\SOFTWARE\Wow6432Node\K9\ (K9-PCFixer) -> Deleted
                       HKU\S-1-5-21-613403212-802631072-3588574253-1001\Software\K9\ (K9-PCFixer) -> Deleted
                       HKU\S-1-5-21-613403212-802631072-3588574253-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted

                    Cookies _____________________________________________________________________

                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:246059135.log.optimizely.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:262855726.log.optimizely.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:3431070370.log.optimizely.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ad.360yield.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:adbrn.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:addthis.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:adnxs.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ads.allscreen.tv
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ads.converge-digital.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ads.kiosked.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:adscale.de
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:adsrvr.org
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:adsymptotic.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:adtech.de
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:adtechus.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:advertising.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:agkn.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:at.atwola.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:atemda.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:atwola.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:bidswitch.net
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:bluekai.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:casalemedia.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:cdn.at.atwola.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:contextweb.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:crwdcntrl.net
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:d.adroll.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:demdex.net
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:dmtry.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:doubleclick.net
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:dpm.demdex.net
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:go.sonobi.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:googleadservices.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ibeu2.mookie1.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ibillboard.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ih.adscale.de
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:krxd.net
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:lijit.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:liverail.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:mathtag.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:media6degrees.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:nexac.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:openx.net
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:pixel.rubiconproject.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:pubmatic.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:rfihub.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:rlcdn.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:ru4.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:rubiconproject.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:scorecardresearch.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:sitescout.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:smartadserver.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:swid.switchads.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:taboola.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:tapad.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:track.clktrkrdr.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:track.priwt.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:trc.taboola.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:tribalfusion.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:tubemogul.com
                       C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\8ugej7wc.default\cooki es.sqlite:w55c.net

                    [/code]

                     

                    Thought you might be interested.

                     

                    Now another thing.  I just checked the DNS setting as I had set it statically to my provider's address in response to Counterflix thing;

                    I see that it has been changed to  8.8.8.8.  Would you happen to know anything about this?

                    • 7. Re: Ransomware pretending to be from Microsoft
                      catdaddy

                      robertcs49,

                                            Actually that is the DNS Server for 'Google', and considered to be safe and much quicker.

                       

                              ( Actually, it is the DNS server of Google, it means that Google provides the DNS and maintenance of this service, which means it is "more reliable" than some another DNS servers due to the fact that is maintained by one of the biggest IT companies of the world )

                       

                      Regards,

                      -CD

                      • 8. Re: Ransomware pretending to be from Microsoft
                        robertcs49

                        So then is it your opinion that I should just use it rather than then DNS for our provider Centurylink for this area on this ADSL connection?

                        • 9. Re: Ransomware pretending to be from Microsoft
                          Peacekeeper

                          I do for my cable install here in Australia.

                          1 2 Previous Next