Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

spyaxe dialed $40.00 900 number from my pc

Please leave any suggestions and requests here - NO HIJACKTHIS LOGS

spyaxe dialed $40.00 900 number from my pc

Unread postby beth » January 7th, 2006, 3:16 pm

Hello all,

I hope I am posting this in the correct area and it is not something redundant.

On december 9 2005 at 11:57 PM my pc was infected with spyaxe and the wonderful people here helped me get rid of it thru this thread.....

http://www.malwareremoval.com/forum/viewtopic.php?t=5651

Recently I received my Quest phone bill, and it had a $40 charge for a 2 minute call at 11:59 PM Dec 9th 2005 to a 900 number, which was 900-444-0353 to Atlantic Management. I did not make the call from my phone but spyaxe did make it thru my modem while I was connected via comcast.

Quest said they only bill for a company called Integretel 900 Service and have nothing to do with the charge.

I contacted Integretel and they sent the following email,


Dear Beth **********,

I received your inquiry in which you are disputing a charge on your
local telephone statement. After reviewing your account I show we are
billing on behalf of Information Service 900. Our records show on
(12/09/05), at (11:59P), a direct dial 900 number was dialed using a
computer modem. This number was used to download and install a small
software program. Using our number identification system, similar to
911
technology, we traced the number back to this line which resulted in a
flat rate charge on your telephone bill.
The 2 minute call was the amount of time it took for your computer
modem
to dial the 900 number and give the user a login and password that will
be valid in the 30 day period. The person who accessed the site was
provided full disclosures of charges, terms and conditions of service,
and then prompted to click "I accept, or connect on two separate
occasions. The person was also given the opportunity to cancel at any
time.
Due to privacy issues we are unable to provide you with the exact site;
however you may check the history in your computer log or look for any
new icons on your desktop. The icon for the dialer will give you
insight
as to what website was accessed. I can tell you that the user had
access
to a variety of information services such as sports, personals, games,
and entertainment programming using a user name and password to access.
If you need help identifying the program, you may visit our free
information website (http://www.infoservices900.com) on how to uninstall the
computer program.

I have issued you credit for $40.00 and blocked the 900 number billed
by
our Company for additional 900 blocking refer to your local Telephone
Company. Please allow one to two billing cycles for the credit to
appear
on your local telephone statement.

Sincerely,

Elizabeth Denton
Consumer Relations


Even though they will apparently credit my account, they deny doing anything unethical (hijacking my browser and installing a dialer) and insist I made this choice. I did not click any of the spyaxe pop up windows. This was a total attack on my pc and amounts to extortion.

This company refuses to name the company I supposedly contracted with because of privacy??? This is where spyaxe is coming from and if there is justice in this world all those involved, Quest, Integretel, and Atlantic Management will suffer the coming wrath they deserve. They all receive a cut of the billing so they are all equally guilty. How many just pay these charges, either because they wont take the time to protest or they are unnoticed in large phone bills? I know that millions are made this way and it is not right.

Everyone must call their phone company and have 900 and 976 numbers blocked in the US and whatever numbers they are in other countries. Not having a phone line connected to your pc would work but I use mine for a fax and need it. I think all that have had spyaxe should be made aware of this possibility so they can check their phone bills carefully.

Thank you all so much for the work you do

beth
beth
Regular Member
 
Posts: 27
Joined: October 9th, 2005, 1:25 pm
Advertisement
Register to Remove

Unread postby AndyAtHull » January 7th, 2006, 3:28 pm

It's not nice for this to happen. The infection to deal with is bad enough. But this is fraud. I recommend to read this:

http://malwareremoval.com/plog/index.ph ... 4&blogId=3

And file a formal complaint against the company. You did not actually purchase the product itself. But it is what I would do. I'm sure the site admins here will give you more advice on this.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby AndyAtHull » January 7th, 2006, 5:04 pm

The product although rogue - is a product that you must have given the details for to obtain the full version.

Therefore I would change your data. Like any passwords you use on your system. Also get in touch with your bank and change that. This is vitally important as this group will have all your details and may use them again.

Andy.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby beth » January 7th, 2006, 5:37 pm

thanks for the reply Andy,

I have changed my passwords and have no bank info on my pc. I absolutely did not give them any information at all, until I emailed them after I was billed, you have to supply name, address, phone and email to contact them. They could not supply a user name, password, times of use or any other information, only the record of the phone call (which number it came from) and the time. All they need to bill you thru your local phone company is your number, not your name or anything else. I gave them nothing and did not click one single thing in any of their popups.

beth
beth
Regular Member
 
Posts: 27
Joined: October 9th, 2005, 1:25 pm

Unread postby ChrisRLG » January 7th, 2006, 5:43 pm

Thanks for the warning - we will make sure others are aware of this.

Most people now - who do lots of internet browsing - are not on dialup modems, so this might be the first one that has come to light, at least for this forum.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby beth » January 7th, 2006, 5:51 pm

Thanks Chris,

It may be that others havent received their phone bills or checked them yet as this was less than 30 days ago, but my phone bill closed shortly after it happened so I have been billed already. I hope I am the only one but I doubt it.

beth
beth
Regular Member
 
Posts: 27
Joined: October 9th, 2005, 1:25 pm

Unread postby AndyAtHull » January 7th, 2006, 6:07 pm

I will do some searching about this and see if others have had the same issue. It is worth a shot. And do a write up about this on my blog.

Andy
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby beth » January 7th, 2006, 8:28 pm

Hello again,

I am in the process of doing a google search on all this and have found this so far, apparently this has been going on for some time and is continuing....

http://scientium.com/diagon_alley/comme ... ntegretel/



beth
beth
Regular Member
 
Posts: 27
Joined: October 9th, 2005, 1:25 pm

Unread postby AndyAtHull » January 7th, 2006, 8:31 pm

Wow you are good! I will be out of a placement here soon :D Thanks Beth for that.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby ChrisRLG » January 7th, 2006, 8:46 pm

Yes these diallers have been around for years, I did not know of one as part of the spyaxe/spywarestrike infection.

These are not only in the US, but in most of the world, was a notorious one in Spain some year ago.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby beth » January 7th, 2006, 8:56 pm

I just Googled spyware integretel and it is obvious they have been doing it for years, I know it came with spyaxe because it happened two minutes after I was infected (all the files modified by spyaxe were modified 2 minutes before the call) which was during the time i was fighting all the popups. I never use my sound so I was unaware my pc was dialing a number.

Is there any way to tell if it was spyaxe for certain by looking at the logs that are still posted from 12/10/05? I had done a few things myself before posting the log trying to get rid of spyaxe. Again, thank you all so much.

beth
beth
Regular Member
 
Posts: 27
Joined: October 9th, 2005, 1:25 pm

Unread postby ChrisRLG » January 8th, 2006, 5:24 pm

Unless you have a copy of the installer for the infection, and are able to disect it, you would not be able to prove where you got this from.

Probabilities, but not proof.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby beth » January 8th, 2006, 10:28 pm

Thanks Chris,

The only thing I have are the logs posted here..

http://www.malwareremoval.com/forum/viewtopic.php?t=5651

I guess it could be a coincidence but it is hard to believe it would happen 2 minutes after being infected by spyaxe when at that time I couldnt even reach another site because spyaxe took over my home page.

I found some information in my search. "Integretel" has been engaged in this practice since at least 1999, has been sued by the FTC for this tactic previously, the BBB has hundreds of complaints, they only give refunds if you threaten to report them to the FTC, BBB and your state Att General. Their standard practice is to offer you a 50% discount if you will pay it. They always say you have downloaded software, accessed the info, set passwords, agreeded to their terms and been offered a chance to quit the service without charge but they provide no proof (because there isnt any) The only info they have is your phone number and that is only because they hijack your pc and call themselves from your number. Your local phone company bills you on their behalf and provides them with your name and address.

During my research I saw that this company "Integretel" had also caused pc's to dial pay per call numbers outside the US that can not be blocked so I disconnected my phone line from my pc and will have to plug it in at times i need to fax something. I hope there is justice somewhere for these people who do these things. If anyone is from San Jose and drives by

Integretel, Inc.
5883 Rue Farrari
San Jose, CA 95138

Please raise one of your fingers to them for me, and if anyone has any mystical connections a well placed lightning bolt would be nice too.

beth
beth
Regular Member
 
Posts: 27
Joined: October 9th, 2005, 1:25 pm

Unread postby AndyAtHull » January 9th, 2006, 2:18 pm

Hi Beth. I am consulting with a few other experts I know and hopefully we will be raising this issue once again as it has been before in the past. Currently investigating this issue. It may come to nothing. It may reveal alot more. In my eyes it is worth a shot.

Andy
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby Piney » January 9th, 2006, 3:02 pm

Beth, I am so sorry this all happened to you!

You are an excellent investigator. Come join us :)

Bless your heart, Andy .... Go Get'em, kiddo :)
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm
Advertisement
Register to Remove

Next

Return to Suggestions and Requests



Who is online

Users browsing this forum: No registered users and 5 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware