SCAM: ZFSendToTarget=CLSID{888DCA60-…

Topic

New Reply

About 7:30PM I received a phone call from a fellow w/ a mild Indian accent who said he was calling from my ISP’s “Support Department” because they had detected that my computer was “downloading malicious software and needs to be cleaned up”. That immediately raised a warning flag for me but I wasn’t busy so decided to string him along to see what would happen.

He asked me to open “Event Viewer” and go to “Custom ViewsAdministrative Events”. When asked I told him there were 4,448 errors and warnings listed; he (predictably) spruiked on for a minute-or-two trying to convince me 4,448 errors and warnings is somehow a huge number. But when I told him that those 4,448 errors and warnings go back to mid-August 2016 he changed tack and said he would pass the call to his supervisor.

His supervisor came on the line within a few seconds (too quick, a further sign of a scam) and made further attempts to convince me that the 4,448 errors and warnings constituted a serious problem that needed to be fixed, but when I asked him what specific errors/warnings actually meant he responded by changing tack.

The “supervisor” then asked me to open a command prompt (Win+R, type cmd in the Run box) then type assoc then press enter, which of course displayed a list of file associations. He had me scroll down to the bottom of the list and look for a long entry that started with “ZFSendToTarget”. He then said he would prove he was with my ISP’s Support by reading back to me my computer’s unique ID (???).

Indeed, what he read back to me was “888DCA60-FC0A-11CF-8F0F-00C04FD7D062” which matched what was listed in my command prompt window. He continued to insist that the number was my computer’s unique ID even after I told him I have been a computer technician since 1998 so knew that “ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}” has to do with the file association for ZIP (compressed) files and that the “888DCA60-FC0A-11CF-8F0F-00C04FD7D062” number is definitely not unique to any particular Windows system; in fact it is universal since WinXP.

He was still blathering on insisting that it was my computer’s unique ID when I cut in and told him to not call my number again and hung up. Immediately after I hung up my phone rang out then immediately began ringing again about eight times before they gave up.

3 users thanked author for this post.

IT Manager Geek, Steve, windbg

Reply | Quote

Replies

They are nothing if not determined – must be on commission.

cheers, Paul

Reply | Quote

It’s good that you wasted some of his time also, maybe that saved some one else.

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

SueW

Reply | Quote

Yes, .ZFSendToTarget has been used by scammers for more than six years: PC Support Security Scams – ZFSENDTOTARGET CLSID Trick

But it does seem particularly popular down under: Scam Alert – Australia

Reply | Quote

Aussies are known to be susceptible to such things, can’t even spell beer, they just write XXXX.

cheers, Paul

Reply | Quote

I demand to know their name, then explain they’ve call the police hot line and to report a crime, they must give me their name and address. The call does not last long.

Reply | Quote

On a related note, when I see on the Caller ID a number I do not want to answer, I quickly press the green button and immediately press the red button, the call is gone — and the ringing of the phone is gone.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

On a related note, when I see on the Caller ID a number I do not want to answer, I quickly press the green button and immediately press the red button, the call is gone — and the ringing of the phone is gone.

I don’t have colored buttons. I describe my actions as “answering” (off-hook) and hanging up (on-hook). Is that what you’re suggesting?

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

RockE, yes, it’s the answer button and the hang-up button; not the best solution, however, it does eliminate the ringing, especially when others are resting.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Not long ago I bought an answering system (base, chargers and five cordless handsets) for a client. That system allows adding phone numbers to a sort of “rejection” list. The handsets sometimes ring once but that’s all (if the calling number is in the list). I’m thinking that I may replace my own system with one like that.

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

RockE, if you find one for household/small office, please send me a PM with the URL and your walk-away cost, thanks!

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Roland,

I bought a Panasonic (KX-TGE series) wireless phone at Sam’s Club that has Call-Blocking (does what RockE was describing). The Panasonic came with a base station (Answering machine) and 5 wireless hand units all for less than $100.

Googling (call blocking phones) should give you plenty of options.

Jim

Reply | Quote

akjudge, bookmarking/carting for future reference, thanks!

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

It is five+ years later and the scam is perpetuated.  I received essentially the same call this morning twice and once yesterday.  Today i led him on and listened to his attempt to have me visit a website.  I wonder how many are being robbed and how are these fraudsters escaping prosecution.

Reply | Quote

Not if you were using MSDos 3.2 back in the 1980s. Backup to floppy disks worked perfectly, it was just the restore that didn’t work.

 

Reply | Quote

Had same today, woman earlier who I told it was a scam and hung up, then got a call later supposedly by her supervisor. I went through the actions with him, CMD, ASSOC he tried to convince me it was unique id for my Windows even though I knew different.

Let him prattle on a bit then told him I knew it was a scam and that every Windows System has had that same file association id since Windows XP and hung up.

Not rang again since, both Indian accent as per normal, the other thing identifying scams, even though they did not give names is that the scammers obviously Indian give you their name as Adrian or Steven etc, something typically White Anglo Saxon.

Reply | Quote

I just had the exact same call and found this by just googling the long string

By berating them at every opportunity and constantly questioning them I managed to make the call last 30 minutes

the high point of this was that he actually read the string to me in the most useless way possible (“d for denmark, c for china” and so on). It took forever and I Had him start over twice and he actually got angry with me

worst part about it though that they had my real name, so the data they bought was not bad.

Reply | Quote

Got this same call just now from 02896918783 here in the UK.

Very persistent despite me saying it was a scam that had been around for years.

Finally after telling them a couple of times that all Windows PCs have that same code they hung up!

Beware all….

Reply | Quote

Today, me too and he said the same serial number. But I said I will call the police, then he disconnected.

Reply | Quote

same thing happened to me on 9/8/23. same script. they told me that they are from Microsoft tech team. i asked for any identification for the contact center and she told me the justification is that we can see your id “888DCA60-FC0A-11CF-8F0F-00C04FD7D062”.

i asked them their phone number to call them back later, they said we will call you back.

i insisted and they gave me the email microsoft @ support dot com.. and the supervisor name was Suzan Williams… hmmmm

the only one was gaining something from the story was Avast, where i just in case upgraded my antivirus.

Moderator edit: Disabled email link for security reasons,

Reply | Quote

Thank you for posting this,

 

I just got the same call and I almost fell for it. God knows what he would have got into if m elderly mother had picked up.

Also from UK as similar posters and an Indian subcontinent accent.

Reply | Quote

I have just received a call from “Telstra” telling me that someone from overseas had been using my internet connection. I asked what his employee number was and he rattled off  a code which I know is not in the correct format of  a valid Telstra employee number. He also refused to give me the non-identifying part of his internal email address(after the @), and then went through the above method of “proving” that the internet identifying number contained my unique “number”- the same one as is mentioned above. Eventually I t0ld his “Supervisor” that if he would  not properly identify himself to my  satisfaction we had nothing further to say. He hung up saying that Telstra would have no responsibility for the overseas usage of my Internet account. I wasted about 30 minute of my time and theirs, but I hope it was more costly to them than me.

Reply | Quote

My time is worth more that that, so I hang up and get on with my life.

cheers, Paul

Reply | Quote

Just had the same call as everyone else above. The guy broke into a spiel about him being from Microsoft so I told him it was a fraud call and cut him off. He immediately called me back. He was apparently Derek Jones from Microsoft,  employee ID MSBC0045. Interestingly DJ had a very distinct mid Asian accent. I asked him to confirm my computer ID, which I wrote down when he gave it to me, and he told me how to check it. Same method as above typing assoc at the C:\ prompt. Sure enough it was the same number. I asked if it was unique to this computer and he replied that it was. While he was talking I did the same check on my laptop which was next to me and sure enough, there was the same ID code. When I pointed out to him that both computers were showing the same number and asked “why would that be?” his reply was “Good question – pause – it is because both of your devices are on the same network.” I thanked him for his efforts to help but that I was ending it there. I was happy to waste his time as I knew not to give him any info or to type anything other than standard commands at the C:\prompt (30 years on computers and programming). My wife is furious with me for not ending the call and she is worried that we will now be hacked and lose everything. For me, it was another bit of knowledge gained into the methods of the fraudsters which hopefully I can use to warn friends.

 

Reply | Quote