Hello< I just received this while on AOL worm??

  • 1
  • Question
  • Updated 8 months ago
  • Answered
Hello< I just received the following message while on AOL: "JavaScript Confirm - http://my IP address (RDN/YahLover.worm !055BCCAC9FEC Infection)" I clicked the red X to close this message, but AOL window was locked up so I did a cntr alt del to exit AOL via task manager and then started a full scan with trend micro max security - please advise if this is anything I should be worried about
Photo of jponeday

jponeday

  • 140 Points 100 badge 2x thumb

Posted 8 months ago

  • 1
Photo of TM_Kiko

TM_Kiko, Employee

  • 10,412 Points 10k badge 2x thumb
Hello jponeday ! Welcome to the community!

We understand that you have receive an alarming message while browsing the Internet.

This type of messages or prompts might be a technical support scam or a scare message in order for you to purchase or use a third party paid service that came after the message.

For us to confirm, can we see a screen shot of the prompt if this is still possible? Also, I would like to advise that you contact one of our Support Specialists for a more real time help.

Please see this link for the ways to contact our supports. 

Our chat lines are open 24x7.

We are looking forward to your response.

Trend Micro Home Users Community
(Edited)
Photo of jponeday

jponeday

  • 140 Points 100 badge 2x thumb
Scam to buy tech support is what I thought! But, can't be too careful these days.
These are clever tricks they use because this locked up my screen and also used an audio message alert "warning about a worm infection" if I didn't know to
cntrl alt delete to open the task manager to end the AOL program I can see where others
could fall into this trap. thanks and best, Jonathan 
Photo of TM_Kiko

TM_Kiko, Employee

  • 10,412 Points 10k badge 2x thumb
Hello jponeday!

Thanks for the prompt response and for the screen shot. We can now confirm that this prompt is indeed a Support Scam and it is a good thing that you have terminated this process that has locked your screen.

Furthermore, if you have clicked on something before this happened, make sure to be more careful with those specific sites that you were in. You might have been redirected to this scamming page through that website. If you can, you may also write the developers of that website and let them know what one of their advertisements or one of their pages directed you to a malicious website.

Thank you for letting us know about your concern and we are more than happy to continue with the support.

Trend Micro Home Users Community
(Edited)
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 18,454 Points 10k badge 2x thumb
Hi jponeday,

Look in the uninstall list if there is a new program!!!
Just to be sure!

Kind regards,
Tom
Photo of TM_Jabi

TM_Jabi, Employee

  • 7,242 Points 5k badge 2x thumb
Hi jponeday,

Doing what Tom Emmelot said will be a good step just for good measures. 

Trend Micro Home Users Community
Photo of SUEPHX

SUEPHX

  • 160 Points 100 badge 2x thumb
The exact same thing happened to my PC via AOL GOLD tonight. I believe it came from an advertisement on the email screen. These ads run vertically to the right of my email screen because there was a message in this area recommending a phone number to call Microsoft at the same time I saw the worm infection warning. I also opened the Task Manager to close AOL, however when I signed back on to AOL, each time I would send an email, the program would close. I phoned support at Trend Micro and the tech agent decided it was best to remove everything AOL related on my PC and run two scans to see if this solved the issue. I believe it came thru AOL because when I would be typing email a chrome window with a lot of script would appear which I could not close until after the email was sent. I think AOL has an issue with hijacked ads and I will be calling them in the morning.
Photo of jponeday

jponeday

  • 140 Points 100 badge 2x thumb
It's getting dicey for sure! Thank you for pursuing this issue to the source!
Photo of SUEPHX

SUEPHX

  • 160 Points 100 badge 2x thumb
This is not a mere ad worm. I never clicked on it, I merely closed the program from the TASK Manager like jponeday did. When I would send an email after this, the email would be sent and the AOL GOLD program would close by itself.

So I brought my computer into Data Doctors. They scanned it thoroughly, found a PUP virus. We uninstalled AOL GOLD. I returned home and reinstalled a fresh copy of AOL GOLD directly from the AOL email sent to me in October to install GOLD.

All was fine until an hour ago. Then the same worm message appeared. YahLoverworm! The work message instructions to call tech support is also inside the advertising pane which appears vertically in the AOL mail window. Then I noticed that Dropbox 20 GB was now installed on my computer. I did not install this.

The computer is now back with Data Doctors. I believe the AOL Gold Software is sending this worm thru its ads.

I will uninstall AOL GOLD again. I doubt I will reinstall it. I am on hold with AOL at the moment, they are saying they are receiving a huge number of calls. I believe this may be happening with a lot of folks.

I hope someone at Trend Micrro can look into this deeper. Trend Micro Maximum Security scans did not turn up anything, but Data Doctors ran 6 virus scan programs and they did remove some.
Photo of TM_Kiko

TM_Kiko, Employee

  • 10,412 Points 10k badge 2x thumb
Hello SUEPHX, Thank you so much for the information that you have provided.

We will be running some tests and replicate the AOL issue on our end. I will also consult or specialists on what may be the possible threats with regard to this.

We will post another reply to this thread once we found the fault. We would like to ask for your patience in this matter.

All the best,

Trend Micro Home Users Community
Photo of SUEPHX

SUEPHX

  • 160 Points 100 badge 2x thumb
AOL GOLD tech support verified to me that the ads that scroll and run on the window pane to the right side of the email list are all local ads which are specific to my area of the country.


AOL admitted that one of the ads could be a hacked ad which is spreading the malicious content that myself and jponeday experienced.


I will no longer use AOL GOLD until they certify that this problem has been corrected and that they are scrubbing their ad content.


If this could happen to me and jponeday, it can happen to others as well. AOL GOLD Desktop software and their ad content are the culprits.


BTW, I was on the phone with AOL GOLD for 62 minutes (on hold), then once I got to level 1 tech support, I was on for 2 hours! These folks don't have a clue as to how this software operates.


They are owned by Verizon who owns Oath who owns AOL. I even phoned Verizon corporate headquarters in NYC from another phone, to complain about the poor tech support at AOL.


They couldn't care less...Spoke to a gal named Sheena in the executive office of Verizon and her excuses offering no help to me were unbelievable.


I am hoping that Trend Micro can help us get to the bottom of this....
(Edited)
Photo of TM_JustineM

TM_JustineM, Employee

  • 3,774 Points 3k badge 2x thumb
Hello SUEPHX,

I have checked your case when you contacted our Trend Micro support hotline and talked to Sheena. like what TM_Kiko said we will be running some test to check. But since there is a message to call tech support its clearly a tech support scam trying to lure people into call the number and asking them to pay or asking them to let the tech support scammers remotely connect to the computer. We always say to our customers not to call the phone number being advertise to prevent this type of scams from connecting to the computer. We strongly suggest to our customer to call or contact our support so that we will be the one to check.

Thank you and have a great day!

Trend Micro Home Users Community
Photo of SUEPHX

SUEPHX

  • 160 Points 100 badge 2x thumb
I never clicked on any links or called any phone number contained in the worm message. This worm enters through AOL GOLD ads via their email screen. We believe that one of their ads has been compromised and hacked and each time that ad appears, this worm shows up.

Trend Micro Maximum Security Software should have the ability to detect this popup worm window and stop it in its tracks, however Trend Micro software has not done this on my system or on jponeday's system either for that matter - since we both had the popup window appear on our screens at the same time thru AOL GOLD.

I don't know where jponeday lives, but I live in AZ and I believe one of the local ads appearing in the AOL GOLD software is compromised.

Can you tell me why Trend Micro Maximum Security does not recognize this as malware and block it?

Thank you.
Photo of SUEPHX

SUEPHX

  • 160 Points 100 badge 2x thumb
So everyone who installs AOL GOLD is allowing their ads to run malicious content?
I still believe Trend Micro Maximum Security should have a way of detecting the popup window of this worm and kill it.

I did not grant any permission for malicious ads. There should be some way your software can be configured to recognize this worm and stop it - if it comes through an ad which I did not click on.  These are scrolled javascript ads that appear in AOL.

Thank you.
Photo of SUEPHX

SUEPHX

  • 160 Points 100 badge 2x thumb
Maybe the technicians at Trend Micro can work on this issue since I believe it is only going to get worse with AOL GOLD.

Currently, I am no longer using AOL GOLD and I retrieve my AOL Mail only through their website.

I sincerely advise others to follow my lead as a precaution until AOL GOLD gets their act together and fixes this mess.
Photo of TM_Kiko

TM_Kiko, Employee

  • 9,548 Points 5k badge 2x thumb
Hello SUEPHX,

We understand your concern and how you feel about this matter. We are still finding a way to replicate this issue on our end but, we are having troubles with regard to the paid subscription for the said application. 

Rest assured that we are doing our best to find a fix as soon as possible.

We also have noticed that you have created a ticket through our Consumer phone supports. Our Support Engineers are also looking in to this matter.

I hope everything will be all set at the soonest time possible.

Trend Micro Home Users Community
Photo of SUEPHX

SUEPHX

  • 160 Points 100 badge 2x thumb
I just installed AD Block PLUS as an ADD ON thru Firefox so that the AOL ads are blocked when I access my email thru their website.

I just signed on to AOL thru their web page and the ads no longer appear.

I am thoroughly convinced that their scrolling ads are compromised.
I will keep you updated on my experiences using AOL through their website.

I will NOT use AOL Desktop GOLD, however.

On another note: AOL tech support for AOL Desktop GOLD continually pushes using ASSIST by AOL when they hear you might have a worm. They AGGRESSIVELY try to sell you a plan for $200 to access your computer and remove the worm.

I read on the internet that this is happening to a lot of folks.... AOL trying to convince them to pay $200 for a remote session which I believe is a scam by AOL.

Something very wrong is happening here. I am planning to write a story on all of this.
I have a phone call in to Tim Armstrong, CEO of Oath, the parent company of AOL.
Photo of TM_Jabi

TM_Jabi, Employee

  • 7,010 Points 5k badge 2x thumb
Hello SUEPHX,

Thank you for providing a detailed update regarding this issue. 

Just always remember that the Trend Micro program protects you from threats like worm, trojan or viruses.

It's good to know that you did not believe what AOL support told you. 

Rest assured that you have the best protection so there's no need for you to worry about it. 

It would be best to keep coordinating things with them. 

Please let us know if there's anything else we can help you with. 

Trend Micro Home Users Community