Fake Viruses Popup/Software

Scams
1

I went to http://gyogle.com (it is no longer working for me now), and was redirected to this site, which makes it look like my computer is infected.

http://www.microsoft.com-repair-windows.live/tonic2/?campid=a3740cfc-4dde-4086-9031-f77ac625241b/<REDACTED PII>

Screenshot:
image scampng.png![image scampng.png](replace/assets/files/2018-11-08/00:03:550-scampng.png)

After following all of the "Next"/"Continue" popup boxes, I get redirected to this site, which lets me download a file called PPCSetup.exe.

https://www.techypctools.info/lp/fxmrkt/?x-context=dTARNMD4MHLRFN2IH27D6LBQ&utm_source=wfxmrkt&utm_campaign=wfxmrkt&pxl=WFX3591_WFX3519_RUNT&utm_pubid=355621082&x-at=XXXXX&override=1

VirusTotal results show PUP/PUA software (Power PC Care 2018)
https://www.virustotal.com/en/file/a06de6b394b5a97d4d01c039c005f886246ae0d9cc4a636ed7be5b58c28e790c/analysis/1541562485/

Does anyone know who the actual company is behind this product? Can we push to get Google/MS to block the URLs within the browser?

2

Some additional information …

The executable is digitally signed by Ab Reach Technologies Private Limited and the contact email is [email protected]

Do as you wish with the information.

Contact number on the app is 888-310-7068

3

@reportingscammers007#62305 Excellent find.

AB REACH TECHNOLOGIES PRIVATE LIMITED 706, PLOT NO. 7, ROOTS TOWER DISTRICT CENTRE, LAXMI NAGAR NEW DELHI East Delhi DL 110092 IN [email protected] is owned by very infamous scammers in NOIDA, India:

BENOVELLIENT TECHNOLOGIES PRIVATE LIMITED

same address.

Owner/director Sushant Matto

Other companies owned by them

LONGRUN SOFTWARE PRIVATE LIMITED

BENO SUPPORT TECHNOLOGIES PRIVATE LIMITED

CONNECT AB INFOLINE PRIVATE LIMITED

ULTRAHEAL

4

@reportingscammers007#62298 Jim Browning did an investigative report on this very scammer. Director Sushant Matto:

BENOVELLIENT TECHNOLOGIES PRIVATE LIMITED

AB REACH TECHNOLOGIES PRIVATE LIMITED 706, PLOT NO. 7, ROOTS TOWER DISTRICT CENTRE, LAXMI NAGAR NEW DELHI East Delhi DL 110092 INDIA


[email protected]

5

Ah, gotcha. I’ve found it interesting that their product landing pages show they are selling their product, but giving away McAfee Antivirus. I’ve sent that off to my friends at McAfee to see about getting it taken down. I’ve also reached out to my connections at MS to get the site taken down for trademark infringement. The rabbit hole for this scam is really deep, particularly, if you install their software, you find out more shell corporations.

6

The support numbers for this app “Power PC Care 2018” aka “WinTonic” aka “PCVark”, is:

US: 855-332-0124

UK: 0800-031-5332

AU: (61)280-733403

All of these numbers route to TechLiveConnect / TLC / Saburi Global Services LLC (TLC's parent company). They use the name PremiumTechieSupport / PTS, but it is Tech Live Connect.

So we have a connection between Benovellient Technologies and TLC.

As Drwat says, here is my exposé of Beno and Sushant Matto:
https://www.youtube.com/watch?v=Tk98EOvdmRI
and the exposé of TLC:
https://www.youtube.com/watch?v=5RY2IavxGbc

I hadn't realised there was a connection between these two organisations until now.

Jim

7

@JimBrowning11#62333 Nice work connecting the two. I wonder if LEO is working on taking these guys down. They seem pretty big, and I’m guessing they are paying LEO to keep quiet.

8

Something else I’ve uncovered, the email address [email protected], from the digital certificate, also owns the following domains. I dont know if this helps connect more, but here is the list. All domains are from GO DADDY, LLC.

  • * advancedpccare.online

  • * appmart.store
  • * boostmypc.online
  • * cleanmypc.online
  • * driverupdater.online
  • * emacbooster.com
  • * emacfixer.com
  • * maccleaner.online
  • * pccareutilities.online
  • * pccareutils.online
  • * pccleaner.online
  • * pccleanup.online
  • * pcfixer.online
  • * pctuneup.online
  • * piriform.online
  • * restoredrivers.com
  • * sysbooster.online
  • * syscaretools.online
  • * syscareutilities.online
  • * syscareutils.online
  • * systemcleaner.online
  • * systemfixer.online
  • * systemutils.online
  • * sysutilities.online
  • * tweakingtechnologies.online
  • * tweakmymac.online
  • * tweakmypc.online
  • * winbooster.online
  • * wincaretools.online
  • * wincareutilities.online
  • * wincareutils.online
  • * winspeedup.online
  • * wintweaker.online

    • EDIT: Sites all appear offline

    9

    @JimBrowning11#62333 Thank you Jim for your analysis. So Anuj Jain (TLC) and Sushant Matto (BT) are in cahoots.

    10

    I went ahead and reverse image searched one of their “customer photos” from a link found in their Power PC Care 2018 program, and found that they own multiple other domains, using the same stock photo.

    These domains are

    store.advancedsyscare.org/psc/price
    store.advpcrepair.com/wpr/price
    store.boostpctools.com/bpp/price
    store.fastwinpcs.com/wpr/price
    store.fastwinsystem.com/aom/price
    store.mspcboost.com/wsp/price
    store.mypccareutils.co/psc/price
    store.mypccleanuputils.com/aom/price
    store.pcoptimizerutils.com/aufp/price
    store.superpcutils.org/wpr/price
    store.techtipsforpc.com/cpp/price
    store.tweakpctools.org/wsp/price
    store.updatemypcnow.com/spp/price
    store.winspeedutils.com/aom/price
    store.winsyscaretools.com/psc/price
    store.winsyscareutils.com/spsc/price

    11

    @JimBrowning11#62333 Is the Aussie number free call?