SCAM: ZFSendToTarget=CLSID{888DCA60-…

Topic

New Reply

About 7:30PM I received a phone call from a fellow w/ a mild Indian accent who said he was calling from my ISP’s “Support Department” because they had detected that my computer was “downloading malicious software and needs to be cleaned up”. That immediately raised a warning flag for me but I wasn’t busy so decided to string him along to see what would happen.

He asked me to open “Event Viewer” and go to “Custom ViewsAdministrative Events”. When asked I told him there were 4,448 errors and warnings listed; he (predictably) spruiked on for a minute-or-two trying to convince me 4,448 errors and warnings is somehow a huge number. But when I told him that those 4,448 errors and warnings go back to mid-August 2016 he changed tack and said he would pass the call to his supervisor.

His supervisor came on the line within a few seconds (too quick, a further sign of a scam) and made further attempts to convince me that the 4,448 errors and warnings constituted a serious problem that needed to be fixed, but when I asked him what specific errors/warnings actually meant he responded by changing tack.

The “supervisor” then asked me to open a command prompt (Win+R, type cmd in the Run box) then type assoc then press enter, which of course displayed a list of file associations. He had me scroll down to the bottom of the list and look for a long entry that started with “ZFSendToTarget”. He then said he would prove he was with my ISP’s Support by reading back to me my computer’s unique ID (???).

Indeed, what he read back to me was “888DCA60-FC0A-11CF-8F0F-00C04FD7D062” which matched what was listed in my command prompt window. He continued to insist that the number was my computer’s unique ID even after I told him I have been a computer technician since 1998 so knew that “ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}” has to do with the file association for ZIP (compressed) files and that the “888DCA60-FC0A-11CF-8F0F-00C04FD7D062” number is definitely not unique to any particular Windows system; in fact it is universal since WinXP.

He was still blathering on insisting that it was my computer’s unique ID when I cut in and told him to not call my number again and hung up. Immediately after I hung up my phone rang out then immediately began ringing again about eight times before they gave up.

Reply | Quote

Replies

They are nothing if not determined – must be on commission.

cheers, Paul

Reply | Quote

It’s good that you wasted some of his time also, maybe that saved some one else.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

SueW

Reply | Quote

Yes, .ZFSendToTarget has been used by scammers for more than six years: PC Support Security Scams – ZFSENDTOTARGET CLSID Trick

But it does seem particularly popular down under: Scam Alert – Australia

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

Reply | Quote

Aussies are known to be susceptible to such things, can’t even spell beer, they just write XXXX. 🙂

cheers, Paul

Reply | Quote

I demand to know their name, then explain they’ve call the police hot line and to report a crime, they must give me their name and address. The call does not last long.

Reply | Quote

On a related note, when I see on the Caller ID a number I do not want to answer, I quickly press the green button and immediately press the red button, the call is gone — and the ringing of the phone is gone.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

On a related note, when I see on the Caller ID a number I do not want to answer, I quickly press the green button and immediately press the red button, the call is gone — and the ringing of the phone is gone.

I don’t have colored buttons. I describe my actions as “answering” (off-hook) and hanging up (on-hook). Is that what you’re suggesting?

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

RockE, yes, it’s the answer button and the hang-up button; not the best solution, however, it does eliminate the ringing, especially when others are resting.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Not long ago I bought an answering system (base, chargers and five cordless handsets) for a client. That system allows adding phone numbers to a sort of “rejection” list. The handsets sometimes ring once but that’s all (if the calling number is in the list). I’m thinking that I may replace my own system with one like that.

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

RockE, if you find one for household/small office, please send me a PM with the URL and your walk-away cost, thanks!

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Roland,

I bought a Panasonic (KX-TGE series) wireless phone at Sam’s Club that has Call-Blocking (does what RockE was describing). The Panasonic came with a base station (Answering machine) and 5 wireless hand units all for less than $100.

Googling (call blocking phones) should give you plenty of options.

Jim

Reply | Quote

akjudge, bookmarking/carting for future reference, thanks!

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

It is five+ years later and the scam is perpetuated.  I received essentially the same call this morning twice and once yesterday.  Today i led him on and listened to his attempt to have me visit a website.  I wonder how many are being robbed and how are these fraudsters escaping prosecution.

Reply | Quote

Had same today, woman earlier who I told it was a scam and hung up, then got a call later supposedly by her supervisor. I went through the actions with him, CMD, ASSOC he tried to convince me it was unique id for my Windows even though I knew different.

Let him prattle on a bit then told him I knew it was a scam and that every Windows System has had that same file association id since Windows XP and hung up.

 

Not rang again since, both Indian accent as per normal, the other thing identifying scams, even though they did not give names is that the scammers obviously Indian give you their name as Adrian or Steven etc, something typically White Anglo Saxon.

Reply | Quote

I just had the exact same call and found this by just googling the long string

By berating them at every opportunity and constantly questioning them I managed to make the call last 30 minutes

the high point of this was that he actually read the string to me in the most useless way possible (“d for denmark, c for china” and so on). It took forever and I Had him start over twice and he actually got angry with me

worst part about it though that they had my real name, so the data they bought was not bad.

Reply | Quote

Got this same call just now from 02896918783 here in the UK.

Very persistent despite me saying it was a scam that had been around for years.

Finally after telling them a couple of times that all Windows PCs have that same code they hung up!

Beware all….

Reply | Quote