Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for 247emailsupport

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,312 posts
Content is republished with permission from Malwarebytes.

What is 247emailsupport?

The Malwarebytes research team has determined that 247emailsupport is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.

How do I know if my computer is affected by 247emailsupport?

You may see these warnings during install:

main.png

warning1.png

warning3.png

this icon on your desktop since the installer initiates an install of Reimage Repair:

icons.png

And this entry in your list of installed programs:

warning7.png
Note that there is no version information

How did 247emailsupport get on my computer?

Tech Support Scammers use different methods for distributing themselves. This particular one was offered as an installer for PC Cleaner Pro.

But it installs files that will produce a fake BSOD screen and a popup with the Tech Support Scammers number.

warning5.png

warning4.png

And it creates a scheduled task that opens a browser window to http://www[dot]247emailsupport[dot]com (blocked by Malwarebytes Anti-Malware Malicious Website Protection).

warning6.png

How do I remove 247emailsupport?

Our program Malwarebytes Anti-Malware can detect and remove this unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of 247emailsupport?
  • No, Malwarebytes' Anti-Malware removes 247emailsupport completely.
  • This Tech Support Scam creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.

protection1.png


and it stops the connections the browser hijacker tries to make:

protection2.png


Technical details for experts

You may see these entries in FRST logs:

 HKLM-x32\...\Run: [WLrt1] => C:\Program Files (x86)\Adobe\WLrt1.exe [820885 2016-03-26] (Windows)
 HKLM-x32\...\Run: [tv] => C:\Program Files (x86)\PC Cleaner Pro\TV.exe [3282584 2016-03-26] (TeamViewer)
 C:\Windows\System32\Tasks\Checking
 C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
 C:\Windows\Reimage.ini
 C:\Program Files\Google
 C:\Program Files (x86)\PC Cleaner Pro
 C:\Program Files (x86)\Adobe

PC Cleaner Pro (HKLM-x32\...\PC Cleaner Pro) (Version:  - )
Task: {A3099428-8B8F-422F-8CD4-EA7CC68D9908} - System32\Tasks\Checking => C:\ProgramFiles\Google\t.bat
Alterations made by the installer:

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files\Google
       Adds the file t.bat"="3/26/2016 11:37 PM, 105 bytes, A
    Adds the folder C:\Program Files\Google\Chrome
       Adds the file Sct - Enable.bat"="3/27/2016 12:31 AM, 130 bytes, A
    Adds the folder C:\Program Files (x86)\Adobe
       Adds the file ClearLock.ini"="3/27/2016 12:36 AM, 60 bytes, A
       Adds the file WLrt1.exe"="3/26/2016 10:33 PM, 820885 bytes, A
    Adds the folder C:\Program Files (x86)\PC Cleaner Pro
       Adds the file ReimageRepair.exe"="3/25/2016 10:52 PM, 772016 bytes, A
       Adds the file track.bat"="3/27/2016 12:51 AM, 475 bytes, A
       Adds the file TV.exe"="3/26/2016 10:30 PM, 3282584 bytes, A
       Adds the file Uninstall.exe"="4/7/2016 8:23 AM, 82287 bytes, A
       Adds the file Uninstall.ini"="4/7/2016 8:23 AM, 1567 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file Resume Reimage Repair Installation.lnk"="4/7/2016 8:24 AM, 1210 bytes, A
    In the existing folder C:\Windows
       Adds the file Reimage.ini"="4/7/2016 8:23 AM, 99 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Checking"="4/7/2016 8:27 AM, 3982 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
       "tv"="REG_SZ", "C:\Program Files (x86)\PC Cleaner Pro\TV.exe"
       "WLrt1"="REG_SZ", "C:\Program Files (x86)\Adobe\WLrt1.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaner Pro]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PC Cleaner Pro\Uninstall.exe"
       "DisplayName"="REG_SZ", "PC Cleaner Pro"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "UninstallString"="REG_SZ", "C:\Program Files (x86)\PC Cleaner Pro\Uninstall.exe"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/7/2016
Scan Time: 8:46 AM
Logfile: mbamTSSPCCleanerPro.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.07.01
Rootkit Database: v2016.04.03.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362782
Time Elapsed: 9 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Rogue.TechSupportScam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Cleaner Pro, Quarantined, [22db32798415072ffba97b214cb85ba5], 

Registry Values: 2
Rogue.TechSupportScam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WLrt1, C:\Program Files (x86)\Adobe\WLrt1.exe, Quarantined, [df1e0d9e5742a5911487839deb176a96]
Rogue.TechSupportScam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tv, C:\Program Files (x86)\PC Cleaner Pro\TV.exe, Quarantined, [22db32798415072ffba97b214cb85ba5]

Registry Data: 0
(No malicious items detected)

Folders: 1
Rogue.TechSupportScam, C:\Program Files (x86)\PC Cleaner Pro, Quarantined, [22db32798415072ffba97b214cb85ba5], 

Files: 8
Rogue.TechSupportScam, C:\Program Files (x86)\Adobe\WLrt1.exe, Quarantined, [df1e0d9e5742a5911487839deb176a96], 
Rogue.TechSupportScam, C:\Users\{username}\Desktop\setup (1).exe, Quarantined, [c538f2b9831620161cdace520df554ac], 
Rogue.TechSupportScam, C:\Program Files (x86)\PC Cleaner Pro\track.bat, Quarantined, [22db32798415072ffba97b214cb85ba5], 
Rogue.TechSupportScam, C:\Program Files (x86)\PC Cleaner Pro\ReimageRepair.exe, Quarantined, [22db32798415072ffba97b214cb85ba5], 
Rogue.TechSupportScam, C:\Program Files (x86)\PC Cleaner Pro\TV.exe, Quarantined, [22db32798415072ffba97b214cb85ba5], 
Rogue.TechSupportScam, C:\Program Files (x86)\PC Cleaner Pro\Uninstall.exe, Quarantined, [22db32798415072ffba97b214cb85ba5], 
Rogue.TechSupportScam, C:\Program Files (x86)\PC Cleaner Pro\Uninstall.ini, Quarantined, [22db32798415072ffba97b214cb85ba5], 
Rogue.TechSupportScam, C:\Program Files (x86)\Adobe\ClearLock.ini, Quarantined, [af4ef1ba7425270f1381f76364a132ce], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.