Contact email for Microsoft

[AndyManchesta]

Is there a email address to send information to Microsoft
regarding a website that is using the Microsoft Logo to
promote Rogue products, This page opens as a help support
document (for example if you type services.msc into the
run box then goto help and Help Topics its opens the same
as this) It doesnt show as a website but appears by
showing a yellow shield in the system tray saying spyware
activity detected by moving the mouse over it, when you
open the support page it looks very genuine and looks
like its a MS page except for the links it then provides,
Also a ActiveX with a Microsoft Download address which
has been infected with a Virus

The address starts with :

http://download.microsoft.com/download but it is a file
infected with a virus called FNICK.7326-O

I didnt want to post the details on here incase anyone
followed the link's, I managed to find the web address of
the bogus Microsoft Support pages and then the IP address
details so they can see what I mean without having to
infect a pc to get the page. I notice the "contact us"
link on this page doesnt work so thought id post the
question if there is a email address that deals with this
type of thing rather than send it to any unrelated MS
address.

Thanks

 

[AndyManchesta]

Regarding the ActiveX I think this may be a false
positive, I cannot see a way they can infect a file from
MS, All the warnings are coming from Fortinet's Antivirus
scanner so Im thinking this may be a false detection but
the bogus MS pages need looking at, Id posted just after
cleaning the pc up so didnt have time to test things but
maybe its clean, It did come with all the malware though
so not sure why it was downloaded to the DPF folder.

There was also some other strange entries like
balloon.wav left in the windows folder which Spybot S&D
detected as FindSpy.A and C:\Program Files\Windows Media
Player\wmplayer.exe.tmp which Ewido detected as Trojan
Downloader.Apher, Also redirecting of my search results
no matter what I typed in and what linked I pressed I
would end up at the same site

The amusing one was I followed the link in the Bogus MS
page and got SpySpotter which showed this in the scan

C:\WINDOWS\system32\csrss.exe - WIN-SPY - Spy -BC

Im sure it would of wanted to charge me for deleting the
Server Runtime Server Subsystem but I didnt want to test
the results of doing that

Then there's another address that is
http://Microsoftspyware***removed***.com which again
redirects to rogue spyware results or adult sites so its
been a confusing couple of hours

Im glad its only a test pc or I would be getting stressed

Andy

 

[Bill Sanderson]

You could use this web form:

https://s.microsoft.com/technet/security/bulletin/alertus.aspx

or email to:

(e-mail address removed)

See this URL for lots of details:

http://www.microsoft.com/technet/security/bulletin/info/msrpracs.mspx

This really is the right route to go--even if it doesn't seem to fit
perfectly--these folks are on duty 24x7 and they will figure out where the
info needs to get to.

 

[AndyManchesta]

Thankyou Bill

I will forward the details to them and let them decide
whats best regarding these sites,

Regards Andy

 

[AndyManc]

Ive sent the details to them so hope they can do
something to stop it, Ive just revisited some of the
sites to try find what originally put the yellow shield
in the system tray but now have a different infection
which changed my desktop wallpaper and installed PSguard
& Spysherrif. Ive removed them but have msmsgs.exe hooked
into explorer About:Blank and oneclicksearches taking
over my IE

They really are stupid though as it says this in a pop up:

Detected SpyWare! YOU ARE IN REAL DANGER!

Your IP address is 86.***.88.**. Using this address a
remote computer '83.***.72.11' has gained an access to
your computer and is collecting the information about the
sites you've visited and the files contained in the
folder 'My Documents'. Attention! Choose and download the
software to kill this spyware.

Your private info is collected by winSock.cfg

But then give's a link to AdultFriendFinder, Dont think
they remove spyware but maybe they have branched out plus
if I right click to copy the text in the pop-ups it says
the spyware has disabled right click , Control & C still
works though so they forgot about that

At least Hijack This makes it easy to see what some of
the problem's are, Smitfraud variant, CWS, Trojan.Secup,
Trojan.pepop & some other junk to keep me busy for half a
hour in the winlogon area and system.ini files,

I like a challenge though,Thanks for the help Bill have a
nice night

Andy