DO NOT SHUT OFF YOUR COMPUTER Reason
will become apparent shortly
Here's what to do in WINDOWS Start Task Manager - Task Manager can be
started by right-clicking the taskbar, and then clicking Start Task
Manager. You can also open Task Manager by pressing
Click on the Applications Tab, find the browser entry.
firefox, chrome., or iexplorer.exe.
Click on it to highlight.
Then click the End Task button May ask for confirmation.
Ok the browser, with the scam Website, is now
NOW do a FULL SYSTEM scan with your anti virus
as it's been known that some
of these pages DO leave behind some crap that may cause problems when
you restart your machine.
I suggest also doing a scan with Malwarebytes, The
Free version is OK.
The paid version offers you additional real-time protection.
When these scans are done and 'clean' your computer
can be considered 'safe'.
Malwarebytes, If not already installed on your
machine, may require you to use another computer to download the
installer file. Copy it to a USB drive. Move the USB drive
to the affected computer to run (install) it.
LINUX has essentially the same but it's known as
Ubuntu: Dash HOME, enter SYS, click on System Monitor.
Highlight the browser, and KILL Process.
With that you're done. In Linux, it cant leave anything
behind. If it does succeed in leaving something behind, it will
not be able to run as it's written for windows.
Some more info you may find helpful:
Especially the first part on dissecting where this page really
The web address of an encountered page http://fbi.gov.id334905829-6328216468.k363471.com/?flow_id=1217&865890=54245/case_id=34344
Looks authentic, The FBI, right? It starts with fbi.gov so it is?
Well it's not,
The scam is quite dynamic in that it may be coming from a different
site, in other instances, but the http://fbi.gov. is consistent.
Oh, the . (period) after gov is a dead 'give-away' that it's not the FBI.
Lets dissect it a bit:
http:// - yep, it's 'on the web'
fbi.gov.id334905829-6328216468. - Sub
?flow_id=1217&865890=54245/case_id=34344 i - s just a bunch of junk.
Going to http://fbi.gov.id334905829-6328216468.k363471.com gets the same page.
So who owns k34371.com?
go to sears.com and click on their store link and the site then
could be store.sears.com
Yeah, whatever is first preceding .com, .net, .org, etc to the next
left . is the actual domain
serving the page.
Dynamically changing? You bet. Registered just a few days ago.
Creation Date: 2013-12-23T22:38:16Z
To be used for only a few days.
Then register and use another for a few, and repeat.
All automated. No work other than pick up and cash the MoneyPaks.
It's not enough that our government has been selling out this country to the
there are Chinese that are attempting to extort your money also.
Another interesting piece is
Name Server: ns3.cnmsn.com
Nameserver owned or operated my Microsoft? Yup!
cn.msn.com is the Chinese