Micro Bill Systems beware…
Update (27 March 2008): MBS has now incorporated, or at least sold its technology, to Platte International. Take a look at the MBS Victims forum for much more information.
We’re on to your dodgy PC-killing tactics.
First take a read of Ask Jack’s blog in the Guardian Online.
While advertising popups often plague net users, Kenyon’s experience seemed worryingly different. He saw that the window was from a company in Leeds called Micro Bill Systems asking for £19.99, with the explanation that his computer had been used to sign up to a website. After suffering the annoying problem for some time, he emailed the Guardian for help.
Kenyon is always careful about protecting his PC. He was using fully updated Windows XP Professional along with Norton Internet Security 2007, Spybot Search & Destroy, AVG anti-spyware and Sophos anti-rootkit. He’d seen popups before but this one stayed longer each day, hindering his computer use. “The popup starts about 30 seconds after the PC is turned on and lasts for about four minutes before the window can be closed. While the bill is displayed, you cannot minimise it or open any other window in front of it, as it always hogs the top window slot,” he says.
Then the slightly bizarre exchange over at the Midtown Computer Systems Enterprise forum Microsoft Security forum, in which someone purporting to be from MBS defend themselves.
Not so, an eagle-eyed reader calls them out on one a clause in their rather dodgy terms and conditions:
You call the below professional ?
“11.6 IF YOU CHOOSE TO IGNORE THE PAYMENT REMINDERS AND DO NOT PAY THE REQUIRED MEMBERSHIP FEE, YOU HEREBY UNDERSTAND AND ACKNOWLEDGE THAT THE PROMPT REMINDERS MIGHT BECOME MORE FREQUENT AND THAT YOU MIGHT LOSE THE ABILITY TO USE YOUR COMPUTER (I.E. ACCESSING THE INTERNET, ACCESSING YOUR FILES ETC.), UNTIL YOU HAVE SUBMITTED PAYMENT OR CONTACTED CUSTOMER SERVICES. WHILE YOUR COMPUTER IS CONNECTED TO THE INTERNET THE BILLING PROCESS WILL BE ENFORCABLE.”
Wow. Talk about blackmailing payment.
No doubt they have something going with some sleazy British backstreet ‘debt enforcement agency’ as well. They’re all slimy… at least the ones I’ve had the misfortune to deal with are (including the thugs that eBay UK use – having a fancy name doesn’t obscure who they really are)
If you enjoyed this post, please 
subscribe to the RSS feed or email newsletter
Related Articles
- MBS Victims Forum featured in Technology Guardian
- Platte Media's UK operation mysteriously shuts down
- Capturing the moment and keeping it: writing a post which covers an ongoing topical event
- The disappearance of Andy Merrett?
- ProBlogger Day 1: Reflections
- Referer Risk Toppled
- The advantage of a monopoly
- Beware! Link2Blogs may conflict with Google AdSense
- Highlights around the web
- goZing Surveys
March 4th, 2007 at 10:20 pm
To be precise, the query first appeared in Ask Jack, but the piece you link to was written by Michael Pollitt and is rather more in-depth thank Jack’s original piece.
Thanks for the link to the forums, though.
March 16th, 2007 at 4:23 pm
I’m still interested in hearing from people who found the Micro Bill Systems popup disrupting their PCs even though they never visited the sexxxpassport website to sign-up.
March 20th, 2007 at 5:37 pm
dear Andy;
not able to delete MBS from my computer, they hacked into my security and Firewall, (Norton, Symantec). I blocked internet explorer 7 and they still went through firewall.
thank you,
elsa
April 18th, 2007 at 4:02 pm
i had this happen to me last night and i have upto date mcafee with all the trimmings i have never even heard of this firm or the site they say my computer has visited i also know this computer cant access these sort of sites as it has parental lock on it ive now emailed the company and asked them to remove there software from my pc i will let you know what happens
April 20th, 2007 at 9:44 am
I have had a problem recently with MBS, recently the ‘bill’ pop-up appeared on my PC. I searched instantly on the net as to why I was being asked for £19.99 and found many forums and discussions on MBS. I downloaded two anti pop-up/spy programs and since then I have not had the pop-up return.
As well as having the pop up MBS set up a short-cut on the desktop as some sort of ‘account’ that I could easily pay through and I found 7 viruses when running the new software on the computor connected to MBS – I now hopefully have deleted everything to do with MBS. It has changed my outlook on the internet drastically.
April 22nd, 2007 at 6:35 pm
Hi I’ve just received a pop up from micro billing systems for a website asking for a fee of £39.99 for a subscription for 3 months. How should I go about blocking these pop ups if you can? It’s a little concerning…….. please help!
April 23rd, 2007 at 8:29 am
hi, i have also got this pop up an dhave not found a way to get rid of it. has anyone got any ideas?
April 23rd, 2007 at 7:32 pm
I had this pop up on my screen as well, although I have never subscribed to anything like it. I seem to have got rid of it rather painlessly using the spyware removal tool(spython) in system mechanic 6 from iolo.com
April 25th, 2007 at 10:44 am
MBS is “ransomware” that downloads software onto your PC when you inadvertnly or otherwise visit one of their websites. The problem will get worse if you do not remove it as it will systematiclly block your computer more frequently as each day goes by!!!! The good news is that you can remove it by deleting the offending files for your system32 folder and removing the icon from your start up menu. the files will be date & time stamped from when you visited their site ie in the last three days and will be named MBSsm.32,mbsrm.3, UBSaythenticateAXC,ocx or something similar. remove all with the same date and time stamp and you should be ok. There is an in depth log on PC Advisor website.
good luck
April 26th, 2007 at 9:11 am
i have had the same problem with my computer. It is saying that i have a website account and i have to pay £39.99 for the transaction i believe this is a big money scheming scam. I am so annoyed that i dare not use my computer because it pops up about 1 min after i have turned my computer on. I have tryed deleting this from my computer but it says that i cannot. How do i get rid?? someone help me it is really annoying me!! Amy
April 26th, 2007 at 11:42 am
There appears to be a solution using system restore. I’ll post what I remember was done to resolve this on our pc. If anyone sees any flaws in this, please don’t hesitate to correct.
The switching off and switching on the System Restore points is pretty crucial, I understand.
Start > Accessories > System Tools > System Restore
Select a Restore Point well before the activity
Restore System
Then System Restore Setting – turn off System Restore >OK
Come out, then go in and reverse (i.e. turn on System Restore >OK)
Fingers crossed, no more pop ups in the last few days, and a check of the system 32 folder (where the stuff was located) shows it to be clear.
April 26th, 2007 at 7:39 pm
Recently i have had the bill just pop up everytime i switch the computer on. I don’t know how to get rid of it?!!Its telling me to pay £39.99?I need help how to i get rid of it?
April 27th, 2007 at 5:58 pm
I had this problem, but solved it by using this method:
Task Manager –> Processes
Find MBS type programs that are running.
Do not just end the process, End process Tree by right clicking on it. Then immediately Delete all MBS affiliated programs from your System 32 Folder. Problem Solved!
Hope this helps. Con Artists the lot of them.
April 30th, 2007 at 9:36 pm
http://www.castlecops.com/postlite186801-.html
April 30th, 2007 at 9:38 pm
See above link for a guide on how to rid this. Beware of other methods as they might not exterminate this Trojan completely. And stop using the internet till it has been resolved!!!
May 2nd, 2007 at 8:07 pm
I went on my PC onday but then this pop up came up I was really worried because it was a very rude website it wouldn’t go away im only 15 so it gave me a huge shock I asked my dad and he kew so he googled it and it said that It was a fraud.
Its horribe how they can do this to you and its just not right my dad fixed it in the end but I hate the people that did it to my Laptop.
May 2nd, 2007 at 8:13 pm
It was a normal day so i went on my laptop the weird thing is that a pop up came, I thought so i will just exit it, I did but it just came back! and again and again it wouldnt go away it said I had been on a rude website but I hadent. I was a freaked out I couldn’t tell anyone because I am only 15.
I asked my dad and he knew that it was a load of junk so he just googled it and fixed it I still think it is meen to do that to people It is just not right!
May 2nd, 2007 at 10:08 pm
An update on my earlier posting: it is now nearly two weeks since we cleared mbs off our system using the method I outlined above (which I was guided through by an IT expert) and there is no sign of it on the pc now. The method is a lot easier than others I’ve seen and the logic is sound. I’ll update if anything re-emerges.
May 3rd, 2007 at 10:03 am
i turned on my pc today and i found this pop up on my computer when clicking the button to turn the internet on. it has worried me because i have seen what other people have said about it and i dont understand why the hells it on my computer.
May 3rd, 2007 at 12:48 pm
I’m the journalist who wrote about Micro Bill Systems in the Guardian and, over the last two months, I’ve been regularly contacted for help.
What I know so far is this:
Nobody has provided proof that installation is without user consent, some people have complained to West Yorkshire Trading Standards, and a program called IE History View helps examine your browser history. Removal solutions reported by users include fhiufhyrefyer’s method and Prevx1. I’ll keep my blog post up-to-date with any detailed advice.
May 3rd, 2007 at 12:51 pm
[...] Update 18 April: It’s worth keeping an eye on this thread (and now this thread too – 23 April, and this thread – 1 May, and this thread – 3 May) to see how other people have coped. I’m interested in hearing from anyone who reckons (and can help prove with an Internet Explorer history file- see above) that the Micro Bill Systems software installed silently – no warnings, no permission given. You can contact me via tech@guardian.co.uk or my e-mail address top left in the sidebar. Alternatively, please leave a comment on this post (it will be moderated). [...]
May 6th, 2007 at 9:25 pm
hii the best way to get rid of this scam MBS is to download XsoftSpy SE it will locate the high risk files really quick the downloadable version wont delete the mbs but provide the location so you can manually delete it. ill let ya know if it pops up again..
May 7th, 2007 at 6:53 pm
Read your mail re: MBS scam. thanks for the info. I got this pop-up a couple of weeks ago and thought my son had went onto a bad site and we ended up with the bill. I didn’t pay as I wanted to find out if it was a scam. Thanks again, you saved me £40. It has been removed for now. Hope it stays away. Nothing last for ever though.
Cheers
May 8th, 2007 at 11:31 am
I posted a couple of weeks ago saying that I had got rid of the problem using various spyware and adaware programs, at first the problem did indeed seem to go away however a week or so later the bill came back with a higher severity, also when looking at the bill by looking at the details of the bill and seeking for answers (trying to find out what I had ’signed-up’ too The bill value increased!
On one website I found a guy that decided enough was enough and he paid the £19.99 only for a month later the bill to come back for another £19.99 for the next months due subscription as he hadnt ‘cancelled’ his subscription! Its a big old scam.
I tried to do a system restore ie take the computor back to a date pre the first pop up however this didnt work and reverted to doing a resetting the computor (ie the same as the day I bought it) Basically I have to start all over again. But in the end it was worth it to stop the pop-ups which were staying on the comp for ages.
Don’t give in to these people they are SCUM (Probably Leeds United supporters!)
May 8th, 2007 at 11:37 am
You know I was with you until your last paragraph. No I don’t support Leeds United but I don’t think it’s fair to compare a dodgy porn-supported virus factory with genuine sports fans.
May 8th, 2007 at 12:50 pm
Updating my earlier post on the (to date) successful method for removing MBS:
There appears to be a solution using system restore. I’ll post what I remember was done to resolve this on our pc. If anyone sees any flaws in this, please don’t hesitate to correct.
The switching off and switching on the System Restore points is pretty crucial, I understand.
Start > Accessories > System Tools > System Restore
Select a Restore Point well before the activity
Restore System
Then go into the Control Panel > System > System Restore
Check the box which turns off System Restore > OK to apply
Then do the reverse (i.e. Control Panel >System >System Restore > UNcheck the box > OK to apply ) This last action turns System Restore back on.
Fingers crossed, no more pop ups in the last few days, and a check of the system 32 folder (where the stuff was located) shows it to be clear
Please note that the turning system restore on and off needs to be done through the Control Panel.
May 8th, 2007 at 1:12 pm
Andy lighten up a bit!!
May 8th, 2007 at 1:13 pm
I’m perfectly light – that’s why I don’t bring myself down throwing around the word “scum” inappropriately.
May 8th, 2007 at 2:15 pm
Just delete my post then Andy!! Jeeze it was an ‘off-the-cuff’ remark! Bang goes my dream of becoming a comedian…
May 9th, 2007 at 12:42 pm
Yes I’m another unfortunate whose PC is plagued by MSB. Pretty sure it’s my own fault though, as my Norton antivirus ran out a month ago and hadn’t got round to updating yet.
I’m concerned about updating the antivirus as I will need to connect to the internet to do so, and whats more will have to provide my credit card details online. Also I need to get rid of the MSB popup and any related files.
Can you advise me what to do first, tackle MSB or update/grade Norton?
May 10th, 2007 at 8:50 pm
im 15 and scared dont know why im getting this mbs bill are they really scammers ? please help
May 10th, 2007 at 8:57 pm
will they really send debt collectors??
May 11th, 2007 at 10:21 am
WOW!- You guys are a god-sent! I was getting really concerned about this £39.99 bill which keeps popping up, so I ‘googled’ it and it came up with this page! I am so relieved…! My pop up does close if I click on it, but i’m scared it’ll get worse, like what you said…
Anyway thanks for the advice and I’l keep in touch!
May 11th, 2007 at 4:22 pm
thanks everyone i thought i was the only one getting this problem i payed ( stupid i know ) but in future no way. We should track them down, expose them,and take them too book.
May 11th, 2007 at 7:42 pm
gemma there not gonna send debt collectors i had the same problem and cleared it of my laptop by down loading avg anti spyware 7.5. it shud work for you aswell
May 12th, 2007 at 3:27 pm
Can someone help, this MBS pop-up keeps asking me for £39.99. How do i get rid? Getting most concerned as it comes up all the time driving me insane. I googled this and came up with your page ,most relieved its not just me its happened to.
May 12th, 2007 at 4:38 pm
These people are a real menace. They are using intimidation to extort money and are probably contravening the “Computer Misuse Act, 1990″ section 3. I have e-mailed them 200 times to ask them to remove their pop-up software from my computer. Guess what? Nothing happened. I do know they read their e-mails because a query I sent about “my account” brought an instant response. I have reported them to the police; Consumer Direct and the Trading Standards office. MBS’s e-mails are: enquiries@microbillsys.com and support@microbillsys.com.
May 13th, 2007 at 1:19 pm
i had the same problem, the mbs popup wouldnt leave me alone, but now i am deleting its history through the processes in the task manager, just delete the tree and then istall some good spyware software and delete the cookies, so far, i have about 60, which is not good, ill keep ya posted…
May 14th, 2007 at 3:06 pm
We have also had this pop up on our pc asking for £39.99. I eventually managed to get through to them and they said we are liable to pay for it unless we get a crime reference number from the police to say our pc has been hacked, I have done this and have a crime reference number but now cannot get back through to them. I hold for ages (i mean 30 mins +) at national rate and still dont get anywhere. We have tried to remove it but with no luck. it just pops up again! Please help!
May 14th, 2007 at 4:36 pm
I have had this also on my computer. i have emailed them loads and had no response.yesterday morning i did a system restore for 2 weeks previous, so far it hasnt been on my computer, but my heart is in my mouth everytime i go on it incase it starts coming back again. something must be done about this, it really makes people ill with worry.
May 14th, 2007 at 4:51 pm
emma i also have the same problem, but how did u get in contact with them?if its telephone could u give me the number please?
May 14th, 2007 at 4:57 pm
the way to get rid of the pop ups is to use Prevx1
May 15th, 2007 at 8:20 am
Another update/reassurance on the System Restore method of removal. We’ve now gone past the four week point since we removed using the method described above and no return of pop ups. Do make sure, if you use this method, that you destroy other restore points at the same time, though of course you should turn system restore back on afterwards for when you next need it. If you’re not sure how to do that, I’m sure any half decent computer outlet could explain it to you. It’s not complicated, and it shouldn’t affect anything else on your pc. It’s always sensible to do a back up, particularly of crucial stuff (coursework, work in progress, that novel that’ll make your fortune!, etc.) beforehand.
May 15th, 2007 at 8:32 am
Hi Lisa,
The number was on one of the bills that came up saying I need to contact them urgently to sort this out. The number is 0871 231 7374 then option 3. But I have called them 3 times now and only got through once. The first time I gave up after 30 minutes holding, the second time they answered after 15 minutes and yesterday I tried again but was cut off after holding for an hour!
May 15th, 2007 at 8:32 am
Oh and it is charged at national rate so im sure this is another way of making money!
May 15th, 2007 at 3:38 pm
tried ring mbs 1hour 15 mins hold stumbled on to this discussion by accident mbs are scum just glad we didnt pay they wanted 39.99
May 15th, 2007 at 7:41 pm
emma, wot did u have 2 do 2 get the police crime reference number?thanx for your help
May 15th, 2007 at 9:44 pm
After 200 e-mails etc (see above May 12th) and finally a threat of legal action MBS advised me “due to the fact that this [pay to view site] was only registered but never viewed, as a gesture of good will we have written off the bill”.
I had bought some software that can delete the MBS pop-ups a day or so ago. It seems to have cleared the problem & I deleted their intimidating software with “SpyNoMore” [http://www.spynomore.com/] before I received their message. Now, I hope, I have better protection than before. There may be other protection tools out there but this worked for me.
May 16th, 2007 at 8:43 am
I called the police and told them that I think my computer had been hacked, they took the details to pass on to their fraud squad and gave me a crime reference number. Not that its done me any good though because I cant get back through to mbs to tell them.
May 16th, 2007 at 11:05 am
i have had a bill from mbs that keeps popping up every day asking for payemant on a site i was redirected to. this site i could not shut down or leave so i had to shut my computer down. i have tried to contact the company but to no avail. also the payement system on the bill does not work. yesterday i got the bill on again and it remained locked for 10 minutes, stating that failure to pay will result in this matter being sent to a debt agency
May 16th, 2007 at 4:41 pm
I had this MBS virus last week,it started with the bill being locked for a minute by the end of the week it was 10 minutes. It was driving me mad I ended up taking my PC to the local computer shop and they managed to get rid of it as my IT guy was away on holiday for that week. I am a small company and I use my PC for doing my employees wages and paying them by Bank Transfer. I have to say something must be done about this company they need tracking down.
May 17th, 2007 at 1:25 pm
i had a problem with mbs sayin i was download sexxxpassport, so i downloaded a trail of stopzill, where it doesn’t remove the problem, u can block it from damageing ur computer
May 17th, 2007 at 5:51 pm
i am also having problems and don’t know what to do. considoring i am only 14 and did not sign up for this over 18 mbs thing anyway. what can i do?
May 18th, 2007 at 1:38 pm
We too have been plagued by these evil pigs. We have security fitted on our computer, but they have got through it. After taking our boys to task over the possibility of them entering this crappy site, they;re in the clear, because they were all at work on the day they were meant to have logged in!
I rang MBS today and spoke to a particularly snotty irk who got most annoyed at me because I asked him to send me paperwork proving the name and address of the person who had logged in. Any other bill has a name and address on it! His reply was “because they signed up for a three day free trial, no names are needed” Yeh, right! No proof of sign up, I told the snotty irk, no payment. He then replied “have we asked you to pay it?” What’s the point in blocking my computer then, if we don’t have to pay the bill? What a scam. I would almost beg them to take me to court for this bill. When our computer is locked out, we lose business, so would love to see MBS fork out for lost wages!!! We will try the remedies given above, and hope that gets rid of these scavengers once and for all. Till then, internet is out of bounds to all of us!
May 18th, 2007 at 1:54 pm
Perhaps Mark Webb might have something to say about it?
He registered the “microbillsys.com” domain name, though the own registered domain name for “Unique Billing Systems Ltd” leads to one of those stupid ad-laden holding pages.
Maybe he’d like to receive some letters of complaint:
6 Carlton Court
Brown Lane West
Leeds, West Yorkshire LS12 6LT
UK
Or give him a call: 01132 432039
Maybe enough calls that tie up his life like the scummy software that ties up the victims named above, and countless others, will make him give a damn.
May 18th, 2007 at 3:00 pm
Lets face it we are all dirty little wankers and we got caught out
May 18th, 2007 at 3:07 pm
Speak for yourself you Steve you pathetic little cock.
May 18th, 2007 at 11:19 pm
I also have the same problem!! They are useing an age old scam but the way it used to work before the net was to set up a mail order company selling sex toys that were faulty. when you ask for your money back they send you a cheque with the company name on it in BOLD i.e: “THE ANAL LUB COMPANY” so people are too embarrest to cash it in.
Just think how many people have paid to avoid having to explain?
May 18th, 2007 at 11:30 pm
Alternatively if that phone number doesn’t work try 0870-880-5455 (warning this is not a standard number)
Scum that they are they appear to have registered their domain name using some else’s telephone number, but their companies house entry gives those details:
Trading As: U B S
Address: Unit 6 Carlton Court
Brown Lane West
Leeds
West Yorkshire
LS12 6LT
Telephone: 0870-880-5455
Companies House
Registration Number: 4355673
May 19th, 2007 at 2:16 am
I have just done this and it works!! I cut and pasted it from pc advisor mag web site and it completely gone!! yay
I accept no repsonsibility for any damage monetry or otherwise from using the following information.
You can do all of this off line from the internet, infact i would adivse you to be DISCONNECTED when you do the following!
You need to disable an activeX control in your web browser for starters!
Ensure you are logged on as an adminstrator (in XP).
I did this on someone else computer because they started to get this and had no idea how it had started at all and the timer had got up to 9 minutes, this when the person needed to be study work for the course they were on!
I can not rember the exact names of files so please bear with me!
Goto the Tools menu and select Manage Add-ons…, this will open up an window, in here you will see a control that starts with mbs, mbs……., select it and then at the bottom click on the disable radio button.
This does not delete the item!
OK the window!
Now we need to go and see where the other items reside:
open up My Computer from the desktop!
if you can not see the windows folder in the following part, you will have to go into the Tools menu and then Folder Options, in the window that opens you need to go to the view tab. Here you need to go down and clik the radio button for “show hidden files and folders” you will find this under Hidden files and folders.
you will also need to unselect the tick box for “Hide extensions for know file types”. This will allow you see the extension .exe and .dll etc for what we will be looking for in a minute!
We need to goto into the c drive, then into the windows folder, from here we go into the system32 folder(XP).
That being: C:\WINDOWS\system32
In system32 we are looking for these two files:
mbsmon32.exe
mbsreg.exe
Click the toolbar to display the information as details instead of thumbs etc! This is important!
Note the date that these files were installed on the pc and click on the header bar to sort all of the files into date order when they were last modified.
Now look down the date column and find that date, you will see about 6 files i think, you will see the icons used by the two files above plus some others, one or two may be dll files!
NOTE ****
It is important to find the files on that date BUT ensure that the files you select all have the same TIME STAMP as mbsmon32.exe and mbsreg.exe, this will ensure you only pick the files that were installed with these two files!
****
note these files down and log off the computer!
Boot XP up and start pressing F8!
This will bring up a menu to boot XP in safe mode and into the all seeing administrator!
Choose to use ****** safe mode! *******
This will start and maintain a low resolution screen, this is ok.
At the log on choose the Administrator even if your user id (logon) has Admin rights!
A warning window will display on the screen, ok this and allow it fully load!
Now open my computer (or explorer) and goto the files we found earlier!
Those being in: C:\WINDOWS\system32
*** Remember the TIME STAMP ***
Select them and delete them!
Start up msconfig by going to the start button on the desktop ( bottom left) and goto run, in the box that appears, type msconfig and click ok. A window will open, goto the startup tab and untick the program identified as mbs…… ok that and allow the computer to reboot!
You can now delete the icon of the desktop and from the startup menu from the start button.
I hope this has cleared your ploblem and has been of some use!
This information has been given in good faith and it is your responsibility to do with it you see fit!
I accept no responsibility for any actions brought against you or third parties for use of the above information.
Good luck!
May 19th, 2007 at 5:29 pm
I just used this method and it seems to have worked (fingers crossed). I’ve got to say this has definitely taught me a lesson to read more carefully before I agree to terms and conditions – however, I still think this company’s methods of extorting money from innocent (and randy!) people is just plain deceptive!
May 23rd, 2007 at 10:32 am
read paragraph 16 plus of the terms and conditions when the bill pops up again.. it says clearly: you die.
May 24th, 2007 at 10:52 am
Problem here too. Have contacted KCC Trading Standards and they have asked Leeds Trading Standards to intervene. Everyone seems to take it seriously but nobody seems to be able to sort it.
Has anyone got to the end of their 3 month subscription yet?
May 24th, 2007 at 5:41 pm
these robbing b!st/d& all i wanted was a bit of fun on my own and mbs wants to charge me £39.99, i can go to the corner of a street and get the works for £20
godlook trying to get rid of this virus peace
May 26th, 2007 at 11:23 am
Use Linux, then the cretins can’t write anything to the computer core.
May 26th, 2007 at 2:58 pm
What a nightmare!! I cant believe these fraudsters have the cheek to “bully” people into paying this £39.99 i accused my sisters boyfriend of signing up to a sex site while using my pc because of this! i think i owe him an apology!! I have been so worried about this for weeks im glad i found this site feel a lot better now.
May 29th, 2007 at 5:07 pm
All. I have just got off the phone to trading standards and they are very aware of this company and the problems they are causing. I have tracked them down to an address which trading standards have confirmed is the correct address. It is 14 Clifton Downs Road, Clifton Village, Bristol BS8 4BS. Trading Standards have taken a an official complaint from me and I have been advised to write to the company telling them that I am sueing them for damages giving them 2 weeks to respond. If I do not recieve a reply (which I do not expect to get from them). Then this gives the power to trading to act on my behalf. If everyone whos posted on this site did the same then TS would have the power to act against them and close them down. SO GO ON LODGE A COMPLAINT TODAY WITH YOUR LOCAL TS DEPARTMENT and lets get shot of these scammers today
May 30th, 2007 at 11:03 am
Just had the same problem and removed like this:
BEWARE – getting involved in regedit can be dangerous so follw this very carefully. G start/Run/Regedit and search (ctrl+f) for any occurrences of mbs. You will find at least one reference to mbs.exe or something like it. Obviously ignore occurences of mbs if those letters are part of another word (eg MThumbs Control ). The one you want is a refernece to an exe file. Delete it. Then do a search in explorer for mbs*.exe and delete those as well (I found 2 files in c:\windows\system32, but there could be more or less, and they could be somewhere else as well.) If you want to absolutely safe, put a minus sign at the beginning of the entry in the reg editor (this tells the computer to ignore it without deleting it) and rename the exe files you find in system32. This worked for me, although I have absolutely no idea how this crap got into the computer in the first place – the date on the exe files was a day on which as far as I know the computer remained off. The people who designed this are clever and ruthless. They should be prosecuted for fraud. Rest assured that plenty of people will have been successfully conned out of these payments. Good luck Rob.
May 31st, 2007 at 1:46 am
I got a subscription charge too from micro billing system for£39.99, for three months. Iwas crappin my self. There is a way of gettin rid of it without all these fancy antivirus programms. Restart your computer in safe mode, this stops any start up programmes from running, then locate any mbs32 files and delete them as you would normaly, then restart the computer in normal mode, and they should stop, this worked for me. let us kno if it works for any of you!
May 31st, 2007 at 8:05 pm
I am at my wits end, with MSB Norton want to charge me £69.95 to remove this THING. Can someone please explain to me how I can remove these icon from system 32 folder, as when I click to delete I am denied.
thanks
May 31st, 2007 at 8:18 pm
hi ive had a final warning they said it will be sent to a debt recovery agency in 7 days can they do this can anyone help
June 1st, 2007 at 4:18 pm
Gemma – please get in touch with me and tell me your story. I wrote another piece about MBS in the Guardian yesterday. You’ll find my e-mail address on my blog.
June 2nd, 2007 at 3:19 pm
Hi I have also got this parasite MBS BILL, with no visits to the sites indicated, I feal that some of the spam emails with attachements contain the link.
As a Yorkshireman living in Scotland I feel that thease little S**ts who have tried to obtain money by Threats need to be taught a lesson. As this site has given the address on Brown Lane in Leeds, my first thought was to make a few phone calls to eradicte the problem at it’s roots but on reflection it would be me who would be at fault and be prosicuted not this scum.
In my mind MBS are demanding money by threats/ intimidation and blackmail.
We have only two ways of resolving this situation.
1 Wait for Trading Standards or the Police to shut down this site (which I doubt will happen)
2 We play them at their own game and infect their web site/email address
Any comments
Dave
June 3rd, 2007 at 1:00 am
What does not seem to be covered in the media is the legaliy of pursuing the owner of the computer for alleged debt. I thought that to sue someone for debt, there has to be a contract between the parties, and I fail to see how the owner of a computer can be liable for the actions of someone else that may have used the computer. That would require explicit primary legislation.
Also, they are installing software without a removal facility. Has anyone contacted Microsoft to see whether they define this as malware such as to include its removal in the monthly malicious software removal tool that comes with Windows update?
June 4th, 2007 at 9:02 am
One question, They dont seem to have any personal details about the people they send these too. When I asked they said it was done by ip number and no details were entered. So, if thats the case then how would they know where to send the debt collectors too? How would they find out a personal address from an ip number?
I had an email from them asking for the payment as I had sent them one saying I wasnt paying. I have sent them my crime reference number by email and havent heard anything else from them.
June 4th, 2007 at 10:32 am
I tried James’ solution to remove the pop up and it has worked – no more pop up. BUT running Spybot reveals a “regustry key” still lurking as a class ID HKEY_CLASSES_ROOT/CLSID/{D2FAC024-92C….so if any of you have tried his solution it might be worth checking that everything has actually gone.
How can I get in and get rid of this? It also has an icon on what can only be described as a disintegrating cube. What is this?
Since contacting Kent Trading Standards, I have received a letter from MBS demanding payment. Would they have been able to get my address any other way?
I’m still “Just Sane” but breaking down fast…
June 4th, 2007 at 10:53 am
Im sorry to say that i also had this problem.But as i need my computer is part of my working life i had no other choice to hand over the money.But then i didnt relise this was a bogus company and i just put this down to someone else logging on to this sex site as i was racking my brain to trying to think who could of looked at these horrible sites .After reading all these complaints i now know that the bill was bogus and feel greatly annoyed that some little shit has got my £40.Now i will not stop until someone takes action against these horrible people and they are rightly punished for illegally hacking into everyones computer.How can these theives get away with stuff like this is beyond me.I actually felt like going to the address on the bill and giving everyone linked to this company a dam good kicking they all deserve.
June 4th, 2007 at 7:03 pm
OK ther is a problem with MBS so can anyone tell me how to get all the people who have had problems with this site to simutanasly send emails to the company and its looks as there are thousands. How do we do this to crash theeir server, or do we take their files rename them and send them back.
Any Ideas
Dave
June 4th, 2007 at 9:06 pm
Having spoken to our IT in house, system restore is a must to be disabled.
As yet we have not cum up with a virus to infect there server but only hours away now.
Best advice disable system recovery then:
restart
F8
safe mode
lookin c:windows\system32
delete anything mbs
make a note of file names
restart
in the run file regedit
ctrl: f
delete (any entries with same file name as noted)
good luck
Also http://www.avg.com
dowload spy ware wil come up with mbs as malware
restart as yet ok.
We are comming 4 u MBS BIG TIME Trading standards Serious fraud squade no return at companies house is no excusee.
Hopefully directors have moved house since regestring at companies house because there home address is next.
Bastards Good luck all
Al
June 5th, 2007 at 8:15 am
I have been infected by this MBS. I am loving reading this. I really hope you all manage to do something to get them.
June 5th, 2007 at 12:14 pm
Great stuff these theiving gits need to be dealt with.We need to find a way to get everyone involved to come together so we can battle these w*****s.
June 5th, 2007 at 12:31 pm
Sadly last week my daughter fell victim to MBS, she panicked and paid the £39.99 charge with her mothers debit card! She is now grounded forever, the debit card has been cancelled so they cannot take any more money and I have written to them demanding our money back. I am not holding my breath on that one. I have also contacted BBC Watchdog but will also contact my local trading standards. There’s a lot of useful info on this site and I will use it to remove the bastards from my daughters PC.
June 5th, 2007 at 6:01 pm
I also had this problem and tried the solutions that were posted, but the problem is if you are not the administrator then th F8 KEY will not work.
This next sequance worked for me.
If you have not got administrator rights and because to ask for them would cause problems there seams to be a solution.
1 Let the MBS Bill lock your computer for 5 mins then close the window.
2 Go to My Computer open the Windows Folder open it then go to the system 32 folder open it, look at the period approx 3 days before the bill appeared on your PC. There will be 6 files, 4 of them can be deleted 2 will not, this is where the solutin starts.
3 The 2 Files that will not remove right click on them and then go to properties change the files attribute from Archive to read only.
4 Then create a folder in my doucuments called Rubbish or Crap
5 Click the first file and choose the option on the left to move to a folder and move it to the Rubish Folder in my documents. Do the same with the second file.
You then have a folder in my documents that cannot be deleted the soluition as of yet I have not been able to find, but the point is this MBS PARASITIC/BLACKMAILING/INTIMIDATING/THREATING SCUM have no more control of my PC all bieng well
June 5th, 2007 at 8:35 pm
As i foolishly paid these scum (luckily by postal order)the bill disappeared from my computer but the files were still there.Today my computer crashed and even when i rebooted it,it still wouldnt work.So i had to restore the computer to its original factory settings by doing a complete restore.Now there are no signs of their programs in system32 or anywhere else for that matter.Dont know if this will be any help to anyone but it worked for me .
June 5th, 2007 at 11:12 pm
Just one more thing.Have been recently reading another forum called pc advisor and would just like to know why the forum editor and kate b from the guardian constantly keep defending these scum saying they are in the right.I am greatly annoyed at there comments and feel if this had happened to them they would have a different point of view.Another thing mbs are taking the pith by posting on these forums saying what they do is legal and ok,so how come they dont reply to any complaints or queries?They also state on these forums that before you download their software you get three warnungs.What a load of tosh!Everyone involved needs to complain to watchdog at least then we might get heard and something might finally get done and these w*****s might get prosecuted.
June 6th, 2007 at 6:51 am
MBS may technically be doing nothing illegal, thanks to the wonders of all their small print, and how quickly things happen online, but I’m also convinced that a lot of people have suffered because of viruses.
MBS continue to say that their software is not malware, but surely even if I knowingly download software, I shouldn’t expect it to cripple my computer?
If I download a program, and it causes havoc on my PC, I’ll uninstall it. This software has been designed to gradually eat away at system resources, and MBS’s website admits as much. I don’t see how this is legal, regardless of whether it’s being used for collecting money. That’d be like bailiffs standing outside your house, and day after day making it more difficult for you to get into your house.
I’ve not seen anyone defending MBS here though I know some do. I haven’t censored any comments so if anyone wants to defend them, feel free.
June 6th, 2007 at 10:32 am
Andy
What in your opinion will MBS do if you don’t pay? Lots of people seem to be removing it from their computer without paying. Are MBS likely to follow it up? I am guessing the cost that they will incur would be quite large and also they would need to come clean about the methods that they are using. As many here I have fallen foul to this and like all it has disturbed me greatly.
June 6th, 2007 at 9:20 pm
Its just the way they go about things that bug me and the way they are allowed to interfer with your computer.Before i had this bill come up my system was running fine,but since it came up ive had no end of problems.The computer keeps crashing and freezing.I even had to restore it to factory settings as i actually couldnt do anything with it.I couldnt access my documents or my computer or even get online.Is this just a coiencidence?(sorry didnt know how to spell it)I also wanted to know are they liable and could i sue them for damages?As i lost alot of unsaved data because i couldnt save it before i restored my com.I really do hope that some sort of authoritytakes notice of all these complaints and does something.I dont think everybody is lying about not looking at these so called sex sites and something must be amiss!
June 6th, 2007 at 9:24 pm
Also if you dont pay MBS cant do anything as they only hvae your ip address which only links you to your nearest city.So what ever you do do not hand over any details.That is unless you have actually been to these sites by accident or otherwise then im afraid you have no choice then to pay.There is no shame looking at porn,bloody everyone does it whether they admit to it or not.But unlike most other porn sites the ones they bill you on you dont have to put your card details in,so its very easy for young minors to gain access which is a problem.
June 7th, 2007 at 8:41 am
You know the problem is I think that others may have been on the website I’m not sure how easy it is just to get this come up on your computer. Its just the underhanded way it has happened. If MBS have a log of you going on their website then in their eyes you have looked and therefore should pay. The problem is how are they going to follow it up.
June 7th, 2007 at 1:39 pm
I dont think MBS will take action against anyone who doesnt pay,simply because of the costs involved .Also dont be attimated buy their constant threats of saying they will past this debt onto a debt agency as they cant do anything if they dont have your details.Im only saying dont pay them if your 100% sure that you have not visted these web sites.I had to pay as i could not confirm that anyone using my computer didnt visit these sites,as its not only just me who has access to my computer.But i think it should be up to MBS to actually prove that you did visit these sites and not up to us to prove that we didnt.
June 7th, 2007 at 6:59 pm
I am concerned with this attitude that people are concerned about what MBS will do if you dont dont pay the scum for their so called software download.
Does anyone actualy know what was downloaded and its content, or the terms and conditions. If I go into any shop and agree to by an item I get a vat receipt and a description of exactly what I have purchaced. Also I dont get the goods untill I have paid, so how can this set of low level scum request payments from people who have no idea what they have downlowded either by accident or email attachments.
Is it because the nature of the so called content of there demands that people think that it is not worth trying to do anything about this company.
As a victim myself none of the sites described were visited and I am sure that a large % of other people are in the same boat.
So do we debate on forums or find someway of trying to to stop this blackmail, it would appear that Trading Standards, Police etc are not interested so what next.
Any comments
June 7th, 2007 at 8:14 pm
I did suggest in one of my comments earlier that all people involve complain to bbc watchdog as trading standards or the police are simply not interested.Im sure that if they received enough complaints maybe just maybe they might take an interest and look further into this.I really cant believe that every single person complaining about MBS and saying they have never visited these sites are lying.But i really do hope that someone with authority takes notice.
June 8th, 2007 at 9:41 am
Check out the PC advisor forum. Lots of work going on there. Some questions are getting answered. Sorry if I am not supposed to redirect people but I feel that this is important.
June 8th, 2007 at 9:45 am
Hi, you can redirect people wherever there’s important stuff going on. I don’t have a monopoly on this!
June 8th, 2007 at 6:11 pm
Stuart,
With respect your comments as regards people lying about never visiting the sites that MBS are lying in wait to extract money I find insulting, have you pesonaly visited thease sites, if you have then you pays your money and takes your pick.
To generalise all people that have encounted this problem have done so by their willingness to activly search for these sites you are insulting a vast amount of people who have not set out to view these sites
Dave
June 8th, 2007 at 7:58 pm
In response to david.
I think you have miss read my comment what i said was that there are to many complaints on this issue that at least some peoplr must be telling the truth that they never visited these sites.I know that some peolple proberly have but are to ashamed to admit it.I didnt say everyone was lying so i think an apologly is in order and next time get your facts straight and actually read these comments carefully.Im am actually trying to help as i to am a victim.An example where i come from there have been many sitings of a large wild cat possibly a panther or jaguar,now are you telling me that everyone who has spotted this large beast is eithier lying or mistaken i think not there must be something amiss as with MBS.
June 8th, 2007 at 8:05 pm
david
If you care to read above my comment was
“I really cant beleive that every single person complaining about MBS are saying they have never visted these sites are lying”
I may not have put it the best way but if you read it carefully you get the jist of what i mean.
thank you.
June 8th, 2007 at 8:17 pm
Also i have visited these sites and no you dont pay any money or have to put in any details that is where the problem lies and its very easy for minors to gain access.With all other sex sites you are asked to enter your card details before you get access so you always know what your getting and cannot be mistaken unlike these sites MBS bill you on.With what other product do you get first then pay afterit isnt right .
June 8th, 2007 at 11:14 pm
I am saying exactly what miros is saying on the pc advisor forum david.
June 9th, 2007 at 6:39 pm
Stuart,
I have read your comments on my post and you have some valid points that I will agree with, but the question of an appoligy for my comments, I will appologise if I was out of order and as it stands I have not called anyone a liar.
You are correct there might be a percentage of people who have visited thease sites and will hide behind the the problems of the many, and as you I was a victim I managed to get rid of it, some people are not so fortunate and as in your case have parted with the cash.
Stuart lets not get into a war of words about he said this and someone else said that, do you not think if we all pull together we can find a soloution for everyone regardles of how this Paracitic MBS has appeared.
Stuart let me know your thoughts
Regards Dave
June 9th, 2007 at 8:27 pm
Yep your spot on david.But as we know people like to moan about things but never take any action,its just the british way im afraid .We always put up with this sort of thing and let ourselves get treated like crap.
P.S Sorry to have a go mate
June 9th, 2007 at 8:42 pm
omg!!!!!!! i cant belive this crap! lol ive been looking for a way to get rid of this stupid! MBS crap ive look at well over 30 forums and people think they no how to get rid of it but so far i cant find a suitable way to gettin rid of it these MBS people MUST DIE! hahah lol this is ball though u have to admit iam only 16 y.o and obviously iam not aloud on these types of site but obviously between us i do but this MBS THING hasnt got anything to do with what ive been doing is says its from a site called MYSEXWORLD or something??? lol but anyway someone has to help me get this crap off my computer because the lock timer thing is adding up and its up to 12 mins and 30 seconds!!!
June 10th, 2007 at 8:10 am
Well little boy do your parents know?I very much doubt it.Try looking on a forum on pc advisor,there is a post by fhiufhyrefyer which should help,if you have half a brain that is by the sounds of it im not to sure lol.
June 10th, 2007 at 2:46 pm
Well said Stuart
Not to sure of the content of lol’s content, but will keep my thoughts to myself
Dave
June 11th, 2007 at 7:59 pm
You keep annoying me with the same popup bill for £39.99.I never subscribed to sexxxpassport as i told you on the phone and i am there fore not prepared to pay for it.I will never use it and i’m not intrested at all.When will you stop because i am close to telling my solicitor.I have found a web site called “andymerret.co.uk which lists maybe 100 people complaining about MBS in the same situation as me.It seems your system must be faulty or i dont know what.Anay way please stop the popups as i cant use my computer otherwise,and i am seriously not prepared to pay that sum of money for nothing.Please react to this complaint.
June 12th, 2007 at 7:35 pm
John,
Your post on this site seams to have been directed to Mbs and not a comment to the site,
Have you mistakenly sent it to this site
June 13th, 2007 at 8:39 am
Hi, Have same problem as all others on here. No one in my house has been on this site, how it got onto my p.c I don’t know. Surely they need a contact address, or at the least bank details before they can say you are liable to pay for this service, what are the legalaties of this? Has anyone ever had debt collectors call over one of these so called bills? Was very worried when first saw the pop ups on my p.c, thanks for quashing my worries.
June 14th, 2007 at 10:06 am
ive just found this thing on my computer too! what a nightmare. I paid the £39.99 to try and get rid of it but then searched it and saw what problems is had caused and cancelled my card. Im so worried about this, so could anyone give me some advice on what to do?
Thanks
Jenny
June 14th, 2007 at 10:14 am
Jenny and others: You might wish to look at the various forum threads on PC Advisor’s website who are talking about this. If this is illegal or unfair, I imagine something will ‘happen’ to progress the concerns you’ve raised. People are having to be very careful what they say as these forums are all public, which means the company in question can also view comments.
June 14th, 2007 at 10:16 am
My laptop has fallen fould to MBS – I’m so upset about it – I noticed a mysexworld icon on my desktop last week decided my husband was a pervert and doubled clicked on it. Yes it was porn so I closed it, accused him of being a perv but said he knew nothing about it. Then the MBS windows arrived. I called these people who said my computer registered for the site at 9.20am 3rd June and agreed to install the MBS software, it was again accessed at 9.30am, and again at 20.38 on the 6th June (me checking what it was). I’ve checked all my start logs, cookies and Internet history and my laptop wasn’t even turned on at that time on the 3rd June. I have deleted the mysexworld icon but I’m so upset these people might come looking for money – it’s a year subscription at £39.99 for 90 days and apparently according to the scumball on the fone there’s a charge to cancel the subscription. He advised about the crime number but said I had to write to the appeals department but what then ? They’ll have my address
June 14th, 2007 at 10:25 am
Have a look at this website, Sue.
http://michaelpollitt.com/wordpress/?p=142
June 14th, 2007 at 1:17 pm
I only just occured this problem this morning, studpidly paid the £39.99 as was worried sick and panicked a bit. i since then saw all of this and problems and it being a scam and have since cancelled my debit card. I restored my system back a few weeks, which seemed to solve the problem, as didnt find any of the named files int he system 32 file. I have since downloaded AVG Spyware 7.5 and its detected 1 trojen – whether this is it, i am not sure. But no more pop-ups or bills on the sreen. Just worried now when they dont get thier money they will come hunting. Although im sure they have not received money in most cases. It would be greatly appreciated if someone with a similar story could get in touch to just settle my mind. I am still extremely worried that my computer will be ruined eventually. Many thanks Jenny
June 14th, 2007 at 7:55 pm
Hi Sussex,
Your comments are noted and if MBS are reading this forum then good, this slime need to be aware that their activities to try and extract money from inocient people by blackmail and threats is totally wrong and if only I was closer I would be at their door in Brown Lane in Leeds with people that could have a reasonable chat with this company. If MBS have the time to visit this forum then you will understand that people are fed up with your threats and maybee you will be on the receiving end as people know your address to send the authorities to question the methords of obtaining monies by deception
MBS you might think you have created the perfect Scam, but there are more intelegent IT people out there than you
June 14th, 2007 at 9:42 pm
only just occured this problem this morning, studpidly paid the £39.99 as was worried sick and panicked a bit. i since then saw all of this and problems and it being a scam and have since cancelled my debit card. I restored my system back a few weeks, which seemed to solve the problem, as didnt find any of the named files int he system 32 file. I have since downloaded AVG Spyware 7.5 and its detected 1 trojen – whether this is it, i am not sure. But no more pop-ups or bills on the sreen. Just worried now when they dont get thier money they will come hunting. Although im sure they have not received money in most cases. It would be greatly appreciated if someone with a similar story could get in touch to just settle my mind. I am still extremely worried that my computer will be ruined eventually. Many thanks Jenny
June 14th, 2007 at 11:00 pm
i too have experienced this MBS problem luckily the system resore worked for my PC but i was so scared about this pop-up telling me that i owed some company money. i just wanna say that MBS should be taken down!!!
June 14th, 2007 at 11:38 pm
Hey,
I have contacted trading standards about this MBS bill and the person i spoke 2 said they wud b very interested in seeing the section of terms and conditions that specifically says ‘you die’.if any of you have still got the bill on your computer and can access their terms and conditions on the bill, find the section that includes this (i think it is paragraph 16 plus of the t&c)and print screen it into a saved document.if i send this info to trading standards they said they may be able to do something about this as this is considered a death threat and nobody can work like that.if anyone can do this it will be an extreme help.please send the saved document to my email address: makes_.me._wonder@hotmail.com if anyone can do this for me it will be most appreciated.they have also contacted the TS in Leeds and are said to be trying to do something about this.please could some1 send the print screen of the death threat to me as this cud greatly increase our chances of getting these scumbags.thanks.
June 15th, 2007 at 12:21 pm
I am so glad to see this site as I have been having problems with these pop ups for a week. I have actually disconnected my computer as every time I go on it I get the pop ups and am unable to do anything else because of them. I have sent this from my work because I am unable to work with my home computer and frightened to have it connected because of the name of the site they say I registered with. I know there is no way I would have logged onto a site like that even the name puts me off without knowing what is in it.
How do we stop this from happening?
June 15th, 2007 at 1:33 pm
Lisa: Are you sure that’s what was said? When somebody earlier on used that term, I took it to mean that the Ts & Cs had that effect (i.e. your computer would become increasingly difficult to use). However, not having seen their terms, I wouldn’t know anything more than I’ve read on forums.
If anyone does have a copy of these terms and conditions, it might be useful for all those who are interested in this topic to have them available, though. If this is the case, perhaps they could be posted somewhere and linked here?
June 15th, 2007 at 1:49 pm
Margaret Reid (and others): Have you tried contacting consumer programmes? There are various about, including at national level (radio, etc.) – they may be interested.
June 15th, 2007 at 2:35 pm
Margaret – i found this on my computer too yesterday and managed to get rid of and so far all is good and havn’t had pop-up’s return.
What i did was to restore my system back to when it was behaving normally, so i restored it back to about a month ago. Make sure anything you have done on your computer in the past month that you wish to keep is saved on a momory stick or some other device as you will loose this.
If you go into “Start” … “programmes” ‘acessories’ and ’system tools’ then ’system restore’ and follow the instructions this shouls work.
However the trojen that infects your computer may still be present. So i downloaded AVG Anti Spywear and it did infact find a trojen, that was probably linked with the problem.
If this doesn’t work try this link
http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=261874&forumid=1&sr=1 and look at what fhiufhyrefyer has said. Alot of people have found this a great help.
let me know if you manage to get rid of it.
Regards
Jenny
June 15th, 2007 at 4:45 pm
Jenny: System restore does work, provided all previous restore points are removed after the restore, then turn system restore back on.
There is more detail about this on Michael Pollit’s site.
June 15th, 2007 at 5:41 pm
Hi there, Restore is the way to go. then send mail to the po box of this cretinous company,WITHOUT STAMPS, AND PARCELS THEY WILL HAVE TO PAY THE POSTAGE, LETS GIVE THEM SOME OF THEIR OWN BACK
June 15th, 2007 at 5:47 pm
hi mark the mail PAYMENT FROM AND MAKE UP A FICTITIOUS NAME, THE MORE YOU DO THE MORE THEY PAY, THEY WONT DESTROY THE MAIL BECAUSE IT COULD CONTAIN POSTAL ORDERS, GIVE THEM HELL.
June 15th, 2007 at 6:33 pm
ok thanks, i think i did this when i did it yesterday, i hope i did anyway. Many Thanks
June 15th, 2007 at 7:22 pm
Brian Batt – I love your humour!
June 16th, 2007 at 9:05 am
Go for Brian’s idea
June 16th, 2007 at 2:26 pm
Thanks Sussex for the Michael Pollitt link. I can’t find any history at all from MBS and the only history from mysexworld is when I clicked on the icon I found on my desktop which seemed to log me on and enter the members arena (3 history items). To remove I tried AVG Spyware, that didn’t work for me but Prevx 2.0 did (so far), so thanks to them. I had to fiddle with my McAfee services startup (set to manual instead of automatic) to get it to work.
Go for Brian Batt’s idea – I have cats I can post them the same sort of s**t they’ve given the rest of us. (sorry I’m not normally that crude)
June 16th, 2007 at 7:04 pm
Suzanne: Would you consider sending in your IE history to interested parties who are trying to research this? Look at PC Advisor and Michael Pollitt’s site, where there are ways to contact them.
June 16th, 2007 at 7:53 pm
i recently have been affected by this bug too, requesting a sum of £39.99, and have been told if i don’t pay debt collectors will be sent to my house. (the terms and conditions say you’re 18+ but i’m not, and also if your pc was solen at the time, you have to pay, if you die, you have to pay…)
i’ve tried deleting the files, i’ve emailed and they haven’t replied. i refuse to call the phone line as it’s premium rate, and i’ve no doubt i’ll be put on hold for hours.
I’m 16 years old and seriously ill, i need my computer to study for my exams and it’s the only way i have outside contact but have been unable too as the popups won’t go away.
any help would be appreciated…
June 16th, 2007 at 8:18 pm
Hannah,
I receommend that you try the system restore or removal option detailed above.
It’s impossible for them to trace your real address from the Internet address your PC uses. The only way they’d get it is if someone put your information in to a form somewhere. That doesn’t help to get rid of the pop ups, though. I hope you manage to find help to remove them – I don’t use a PC and haven’t had this problem so I can’t personally help, but others say their solutions work.
June 16th, 2007 at 8:24 pm
Have you seen the crap they’ve posted on that forum link?
MBS Forum Information
Dear Forum
We read and note the comments of this forum and would like to offer the following advice
MBS is an independent billing company that provides billing and collection services to websites worldwide. Many of our client’ sites are either age restricted (by consent) or of an adult nature.
The software that has been described on this forum can ONLY be downloaded from visiting one
of our clients sites. Our software is not spyware nor is it embedded as a trojan.
You, or a user of your computer, will have agreed to terms and conditions then voluntarily downloaded the software to gain access to the site. In the interest of privacy, we do not ask for email addresses or credit card details to do this.
Our system is based on honesty and we expect all people who access our clients sites to pay when the bills are first shown. These bills can be closed, do not stay visible or interfere with the computer.
Unfortunately, only when people ignore the bills, do not contact us or do not pay, we have to display the bills in a more persistent way.
We always provide access to a help email address and aim to respond to enquiries within 48 hrs.
If you have a genuine query and do not understand why you have received a bill, please contact us at billing@microbillsys.com and quote the mbs reference number starting MBS-043- which can be found on your bill.
Alternatively write to us quoting the above reference at:
MBS Information
PO Box 185
Leeds
LS12 9AJ
——–
What a load of crap. No legitimate business only operates from a PO Box number (mind you, that’s the place to send your cat sh!t, Suzanne. Having had cats myself I know that’ll pong badly.
And still no mention of how they reckon they can get hold of your address to send round the bailiffs. It’s all lies and smoke screen.
June 17th, 2007 at 3:30 pm
I help out on numerous anti-spyware forums and this pest is extremely prevelant especially on the UK based sites. As a result, the issue has been brought to the attention of well known spyware veteran Pieter Arntz (AKA Metallica) who graciously agreed to write and maintain a removal script for use with Merjin’s Brute Force Uninstaller tool. New variants will be added within days of being spotted thanks to the way the anti-spyware community works together to beat these crooks. Removal instructions can be found at Virus Vault Security Forums:
http://tinyurl.com/2zb2uj
June 17th, 2007 at 4:34 pm
John McKenna: Would you pass on thanks to Pieter Arntz for his interest and work on providing a solution? While I haven’t yet had cause to use it, I’m sure this will be a great help to current, and potential future, victims of this unfair method of billing.
June 17th, 2007 at 8:21 pm
I have had this virus for three months – i have been following this blog and was reticent about going for one of the restore solutions until i could back up everything on an external hard drive- however the virus ate hrough various spyware that i tried. I think and hope (!) that I have removed this now using Prevx 2.0 which was mentioned on this site – this identified and deleted the mbs32.exe files that i couldn’t delete manually. I have now seen today’s post about a new uninstaller tool which i will try if Prevx doesn’t work long term.
Thanks for those who have spent the time to share their solution to this problem!
June 17th, 2007 at 11:16 pm
Thanks for all the information
especially more details
apparently the MD is Ashley Bateup I would love more details
I was going to pay up and hope they went away but from the sound of it even this doeesnt work with the MBS scumbags
I will be calling trading standards in Yorkshire to get a reference no and join the campaign, and seeing a techie friend to ensure that the advice on this site is followed
cheers
June 18th, 2007 at 7:45 am
Woofledust – As you’ve found this site, you may also want to look at Michael Pollitt’s site http://michaelpollitt.com/wordpress/?p=142
June 18th, 2007 at 9:30 am
thanks
I have already contacted Michael, essentially, it is a problem that no one so far has proved that the scumware was downloaded without their consent, if one person does this their argument is over,
the editor of PC advisor considers their organisation repellent, it’s just not (yet) illegal
a
June 18th, 2007 at 10:36 am
Yes, Woofledust, I’m aware of that. That’s why there’s a need for others to send in their IE history for examination.
June 18th, 2007 at 10:39 am
Sorry, Woofledust, I’ve just realised you already had a posting on MP’s site.
June 18th, 2007 at 11:33 am
Hi everyone! It’s nice to hear from some people from the PCAdvisor site! What bliss to find another forum to get me really worked up. If anyone has four hours to spare they can go to the PCAdvisor site: Helproom & type in MBS, and Consumerwatch & type MBS, do visit all the threads.
My daughter was caught by this software at the end of April. She categorically did not join any such site intentionally, and cannot recollect seeing the Terms and Conditions she supposedly ticked to agree to as she was on a totally unrelated site (University Blackboard) at the supposed time. She phoned MBS initially to cancel her supposed subscription, and after also sending two letters to them refusing to pay on the basis that their terms and conditions say that payment is IN ADVANCE and therefore she cannot have visited the site and cannot therefore owe anything, she has had a letter from them dated 14th June saying that she has no outstanding balance. Phew! I cleared her computer by downloading and running AVG Free (took 2 hours but worked like a dream). She has been greatly upset by this.
Unfortunately people do not read these forums until AFTER they have been infected. Can someone tell me (and others) how to retrieve her history from 28th April, please?
June 18th, 2007 at 11:50 am
Sussex yes I would consider sending my output from ieview to researchers. I’ll check out Michael Pollitts website for details.
I have put the question to myself a few times over the last week as to whether or not the whole thing is run by MBS – the hacking, the mysterious icons appearing, the websites and finally the threatening bills. But as a professional person I have to look at it as MBS providing their [unscrupulous] services to even more unscrupulous websites in a way that must only just be legal (if it is). MBS are just a bunch of bullying unprofessional misfits.
Rant over.
June 18th, 2007 at 12:13 pm
Pip: I’m not sure if you’ll get the IE history to go back that far – but will see if that it possiblel and post again here.
Sue: Do hang onto that IE history! And try sending to Michael Pollitt http://michaelpollitt.com/wordpress/?p=142 as I think he may well still be interested in getting to the root of this. He has access to good professional help. But, anyway, hand onto it as you’ve nothing to lose. Michael has a way to contact him on his site.
June 18th, 2007 at 12:22 pm
Okay, back again. Pip: I doubt if your computer will still have it stored, but it’s worth a check. Sue: I’d suggest sending it to Michael Pollitt and perhaps keep a hard copy for yourself. That way, you can wipe it off your computer if you wish. If other viewers of this site think differently, please say.
June 18th, 2007 at 4:17 pm
In case anyone is trying to delete MBS files from their system32 directory, be aware that MBS has renamed them – they don’t have ‘MBS’ in the name now, they have ‘IMVALID’. Don’t forget to get rid of axaccessctrol.ocx too.
June 18th, 2007 at 9:45 pm
that might be right, the files are
axaccessctrol.ocx
imvalid.ico
and
imvalid.ico.bako
June 19th, 2007 at 11:27 am
This may be where the system restore method is better as it gets around the problem of files being renamed by MBS (and, remember, they’ll keep doing this on a regular basis from now on).
June 19th, 2007 at 1:43 pm
Thanks for your help my office P.C. is infected I removed all named files from sysem32. The bug then logs on to web site secure.microbillsys/logon.auto.php or isvalid.php and reforms I have blocked these two addresses and so far so good but I have yet to restart the P.C.
June 19th, 2007 at 10:28 pm
It would appear from the PC Advisor website that MBS are now “reacting positively” to an offer from the Forum Editor to help them make their system more transparent.
While any move that might make it more difficult for people to fall into their trap would presumably be welcome, I can’t help thinking that it is amazing that they have taken this long to begin to consider varying their methods. Frankly, I think this may simply be a delaying tactic on their part while their ill gotten gains continue to roll in ….. But I could be wrong.
June 20th, 2007 at 12:58 pm
do you have a link to the “reacting positively”
I searched and couldn’t find it
given their opaque nature I too am a cynic on whether they have really had a change of heart
June 20th, 2007 at 1:09 pm
Woofledust: it’s here, a posting at 19.45 by the Forum Editor:
http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=288960&forumid=2&sr=121
To quote him:
“I’m currently talking to MBS about possible changes to their system. I offered to advise on a more transparent way of doing things, and MBS reacted positively. It’s a somewhat involved process, as you can imagine, but I’m hopeful we’ll get there.”
I’m pretty sceptical myself, for what it’s worth!
June 20th, 2007 at 4:57 pm
Hi, i had this problem last week, and stupidly paid the £39.99 to get rid of it. I then 1/2 hour later relised it was a scam and cancelled my card. Have just looked at my bank account online and the £39.99 has come out. Does anyone know anything about debit cards and why it still came out even though i cancelled my card.
many Thanks
Jenny
June 20th, 2007 at 8:20 pm
“woofledust Says:
June 18th, 2007 at 9:45 pm
that might be right, the files are
axaccessctrol.ocx
imvalid.ico
imvalid.ico.bako”
I also have smvalid.exe and rmvalid.exe that had the same timestamp as the 3 files woofledust mentioned. I assume they should be getting deleted as well? Please advise?
Cheers,
John
June 20th, 2007 at 9:01 pm
Sussex I am about to send my IE View output to Michael Pollitt. Even though I’m absolutely convinced I haven’t signed upto anything (even more so since MBS said my sign up times where when my laptop wasn’t even turned on) I just need to ask if he does find anything would it be used against me?
June 20th, 2007 at 11:05 pm
Sue: I think I’m right in saying that, no, it couldn’t be used against you. Read Michael’s postings and you’ll see what he’s trying to do. And, if it’s any consolation, I’ve sent in the IE history for the family member to whom this happened and didn’t feel at all concerned that it could be used against that person.
If you’re still concerned, why not email him first without attaching the IE history and just get a reassurance from him?
June 21st, 2007 at 3:18 pm
This is basically blackmail. I had the problem recently found a lot of good advise on PC Advisor web site. You should report the incident to the police if you get a crime number and send it to them they may back off. Alternativly, and this is entirely at your own risk, if you reboot your computer in windows safe more (click restart then keep pressing F8)search in \windows\system32 for smvalid.exe, rmvalid.exe, imvalid.ico, axaccessctrl.ocx, xmysexworld.ico,imvalid.ico.bak0 and setup1_10037.exe you should find that all these have exactly the same date and time stamp, delete them all reboot as normal. Click start then run and type msconfig and run this, look for smvalid and uncheck the box. Reboot again and all should be OK though as stated no guarantees. They also leave a load of gifs in \Program Files\MSTemplate which you can also delete
June 21st, 2007 at 6:54 pm
I’m the Forum Editor for PC Advisor, and I’ve been reading this thread with interest. I’ve been working on the MBS case now for some months, and for the record I haven’t at any time ‘defended’ MBS in our forum – it’s not my job to act as an apologist for any company.
What I have done, and will continue to do, is to state the facts as and when I know them, and – again for the record – as far as I have been able to dermine to date – there’s nothing illegal about the way that the MBS billing system works. It’s important to understand that MBS doesn’t operate the two adult-content websites which are involved here, the company acts as a third-party payment collector, and has developed micro-billing software which sits on your computer, once you’ve visited the site in question, and have agreed to the terms and conditions by applying for a 3-day trial access period.
The fact is, that if you don’t cancel the trial membership within that 3-day period, and do so from within the site itself, you will start to see (on the fourth day) pop-up bills for the ensuing 90 day subscription period. These bills are being generated by the software that was downloaded in your browser. If you fail to pay the bill you’ll see it popping up with increased regularity, until your use of your machine may be compromised.
That’s what happens, and that is what we have to address – preferably without all the defamatory comments about MBS being a bunch of crooks, and references to ’scum’ etc., etc. By taking that line I’m not defending MBS, I’m defending level-headed objectivity – the idea is to find out exactly what’s going on, and whether or not there’s anything we can do to stop it if it’s in any way illegal. If it’s not illegal there are certainly grounds (in my opinion, anyway) for suggesting that it’s an unfair system, in that it relies upon a distinct lack of transparency – many people have told me that they simply had no idea that they were agreeing to the terms and conditions of the 3-day trial, and many more have said that they didn’t even realise they had visited the site in the first place.
It’s not for me to say that anyone has been less than truthful in what they’ve told us in our forum, or in the many emails I’ve received from our readers. What I can say however, is that to date I have not seen a single verifiable case of the MBS software getting onto someone’s computer by stealth, or via what is commonly called a ‘backdoor’ download. I’m not doubting anyone’s word – I’m simply following one of the golden rules of investigative journalism, and trying to ensure that I have factual evidence to back up any claims that are made; so far, after months of following the story I don’t have any.
What I have achieved is that I got MBS to agree to answer some of our online forum members’ points, and I’ve published those responses on our site (http://www.pcadvisor.co.uk). Subsequently I have offered to advise MBS on ways they might develop a more transparent, and less intrusive form of subscription control – one that isn’t likely to threaten the trust that exists between online suppliers and their customers in the way that the present system has done. The company has accepted that offer, and I shall soon be having meetings with them to see if we can find a way to improve things.
It isn’t my intention to hijack your forum in any way on this subject – I simply wanted to explain something of what’s going on at our end. Feel free to visit us at any time and catch up on how we’re doing.
Thanks for your time.
Peter Thomas
June 22nd, 2007 at 6:27 pm
Peter
I appreciate your “fairness” but I categorically did not agree to any software to be downloaded onto my PC. I saw a mysexworld icon on my desktop, thought my husband was being a letch, he works away so he wasn’t there to interogate so I clicked on the icon. I saw the website and immediately closed the Internet Explorer Window. This is the ONLY hit my internet history listed and it appeared to be MBS popup trigger. So tell me, how did the mysexworld icon appear and how did the MBS software get on my machine? I realise I was stupid not just deleting the icon so please don’t go there.
June 22nd, 2007 at 11:01 pm
Also Peter…….when I called MBS (on their premium rate number) they said the registration for mysexworld was done on a date and time when my laptop was TURNED OFF !!!!!!!! – I have checked my history/cookies/start logs !
June 22nd, 2007 at 11:44 pm
Hi
I found this forum while trying to help my son, Now this company state they are billing my son for visiting a porn site. This was impossiable as he installed for the first time ever the internet on his computer and as he opened windows explorer for the first time ever before it had loaded this pop up appeared. He hadnt even browsed one website in that short time so how can they say this is the case. its a scam and they can say what they like innocent people in flocks are complaining so why? at the end of the day if they say they are a ligit company and only the third party then the middle man must be to blame for falsy stating we visited there sites.I think everyone needs to make a complaint and all to the same person so that we can be heard, Dont bother calling there number it will run up a high phone bill while they simply keep you on hold forever while they generate more cash from you. Ask them for proof of your IP address also im with aol and my ip address changes everytime i connect so those ip addresses must visit different people on aol at some point so how can they prove it was a certain person.By DL something onto our computers without concent is an invasion of privacy even the police cannot enter our property or touch or computers without a court order / warrent so what gives them the right.
June 23rd, 2007 at 12:05 am
Sue,
I’m afraid I can’t tell you how the icon appeared on your screen, how could I could I do that? You appear to think that I’m in some way an apologist for MBS, but that’s not the case at all, and I didn’t come here to discuss individual cases.
One of the big problems with this topic is that so many people are telling me they categorically deny any knowledge of the sites in question, yet nobody can provide me with hard proof to show that their machines weren’t used to visit one of the sites. As far as I’m aware (although I haven’t compared notes with him recently) Michael Pollitt of the Guardian hasn’t been able to find any evidence of illicit ‘backdoor’ downloads either. The software obviously gets there somehow, or people wouldn’t be seeing the bills, and that’s what I’m working on.
Nobody should make the assumption that I don’t believe what they tell me, but unfortunately a verbal assurance isn’t concrete evidence. If software is downloaded without a computer user’s knowledge and/or consent there may be a conravention of the computer misuse act, and that’s a criminal offence. MBS have told me that they are not aware of a single instance of their software being downloaded by stealth, and so far I have no grounds for challenging that statement.
You say you appreciate my fairnessm and yet in the same post you seem to infer that I’m being unfair to you in some way. I don’t challenge your statement that you have at no time accessed the mysexworld site, but I need a way to explain how that icon got onto your desktop. Give me that, and I have something to go on. I spend many hours online, and since this story started I have visited the two adult content sites involved on several occasions, but not once was anything downloaded to my machine. I almost wish it had, so I could mount a forensic investigation of my own.
June 23rd, 2007 at 11:02 am
Thankyou to:
1)Andrew Says: April 25th, 2007 at 10:44 am
& 2)Peter Donohoe, May 30th… Seems to have worked. Hats off to The Techies – the good ones.
This device is unquestionably insidious and yes it is unethical, but what really amazes me is that the companies using
MBS (UBS/Imvalid /rmvalid /smvalid) haven’t clocked that they are going to take a serious hit to their reputations – this is commercial foolhardiness of the first order, once this info spreads, as it will, like wildfire, no-one will want this prat’s software on their machine, so he’s either VERY stupid (possible) or banking on short term killing – but I doubt it will make him a millionaire.
Advice on putting a -sign in front of the file is spot on, this can be done by using right click options & selecting ‘rename’. I found the file disappeared. However, a Later repeat search I found it in Sys32 with minus sign & I deleted it.
Clearly the alleged Mr Webb will rename this file continually and look for other ruses. AND no he/they do not respond to appeal emails within 48H if at all – complete Bosh – Finally there is a law about a 7 day cooling of period,’Providing the service hasn’t started’- suggest interested parties take advice, CAB/Trading Standards.
Mr ‘We’re doing nothing wrong’ Webb, you’re a silly boy and not very nice.
PS Peter Thomas June 23rd is correct.
June 23rd, 2007 at 11:45 am
also had this problem & now resolved with huge thanks to previous contributors. i found the ‘processes’ way posted by david worked for me. been bug free for nearly a week crossed fingers forever!!!!!!!!
June 23rd, 2007 at 5:06 pm
I keep geting a popup fpo micro billing how can i get rid of it
June 23rd, 2007 at 5:31 pm
A bill for £39.99 has started to appear when we start up for a subscription to a sex site we’ve never heard of. All I can imagine is that when a pop up has been clicked to close it that it has somehow downloaded a program onto our desktop (complete with icons) and I haven’t been able to get rid of it. I felt quite sick about the whole thing and have posted a letter to MBS telling them that we do not want this service and have no idea how the program has found its way to our desktop and for them to cancel with immediate effect. As yet, the pop up remains. I have up-to-date McAfee, full services, and have googled the problem to try to find out what to do. I am reading the catalogue of complaints with interest – I don’t understand how this can go on and how these people can sleep. I will be seeking further advice as I am absolutely certain that this a visit WAS NOT MADE from this computer!
June 25th, 2007 at 7:31 am
I think (hopefully) that I’ve got rid of it, thanks to all the adivce above; I used the system32 method. It’s early days but so far so good. I can’t tell you how relieved I am to have found this site as it’s easy to think you’re the only one having the problem and also very intimidating and worrying – I sincerely hope that those responsible for this wicked scam get their deserved comeuppance.
June 25th, 2007 at 11:34 am
Thank God I have found this forum. My daughter is 13 years old and had a bill from MBS for 39.99 for mysexworld.com. The day MBS say the site was accessed there was no-one even in the house never mind on the PC – The only time we have visited the site was to delete the icon form our desktop. She is 13 years old and I am appalled that she has been sent this. I have reported the company to the police and to Trading Standards but neither were particularly interested. Now, thanks to this forum, I am going home tonight and flushing the b*stards out of my PC. I’d love to know if the directors of this company have children and how happy they would be to have stuff like this sent to them in the peace of their own homes.
June 25th, 2007 at 3:42 pm
I have just removed this horrible pop-up by following Andrew’s advice. I think this is disgusting and I hope that something is done about it!
Follow Andrew’s advice:
Andrew Says:
April 25th, 2007 at 10:44 am
MBS is “ransomware� that downloads software onto your PC when you inadvertnly or otherwise visit one of their websites. The problem will get worse if you do not remove it as it will systematiclly block your computer more frequently as each day goes by!!!! The good news is that you can remove it by deleting the offending files for your system32 folder and removing the icon from your start up menu. the files will be date & time stamped from when you visited their site ie in the last three days and will be named MBSsm.32,mbsrm.3, UBSaythenticateAXC,ocx or something similar. remove all with the same date and time stamp and you should be ok. There is an in depth log on PC Advisor website.
good luck
June 25th, 2007 at 8:40 pm
Followed all the advice from previous MSB victims tonight and it seems to have worked. Restore your PC to before this company began to bug the hell out of your family and follow link from John McKenna – June 17th. My grateful thanks to everyone who has bothered to take the time to tell us technophobes how to get rid of MBS. My daughter has new guidelines on her internet use – despite the fact she wasn’t in the house on the day in question. What a sorry, strange world we live in. Lets hope the authorities manage to put a stop to it.
June 26th, 2007 at 2:48 pm
mbshit heads micro f..kin bullshi. systems i think this is cool not any info on how to remove easy for the computer dummys please help me
June 28th, 2007 at 8:06 pm
Peter can you live in the real world,
Every one who has been infected has erased all history. So how do you expect people to provide details of their history. This is an area that if you involve third parties to this problem, because of the nature of the so called sites you have visited you will be labelled as some sort of missfit.
Well I can assure you that my infection was not from one of thease sites,but by opening an email with an attachment.
With thanks to the advice of this forum I managed to remove this
If you feel that MBS are opperating within the LAW Then Sir I feel you are not in contact with the general public.
How can you obtain Monies by threats, which is what MBS is doing, and when was the law changed that you can enter a Contract without a Name and Address and a Signiture.
I look forward to your comments
June 28th, 2007 at 8:51 pm
I too was affected by this blackmail site! luckily using the information gleaned from this forum i was able to remove it. The System Restore method didn’t work for me however, and i wonder if MBS had anything to do with it after reading earlier posts and finding a way of blocking it for newer victims. I had to use the safe mode method to remove the files from the system 32 folder. Word of warning- MBS now change the date of the time stamp – more accurately, the year. I had been searching for files created 05/06/07 (date of infection) but the actual files were dated 05/06/03! I could only find the following files in my sys 32:
smvalid.exe
imvalid.exe
axaccessctrl.ocx
X mysexworld.ico
imvalid.ico.bak0
Maybe MBS have changed the rmvalid and setup1_10073.exe files to fool me but i haven’t had the pop_up since my 5 hour war last night trying to remove the damn thing! The actual process was simple once i clicked onto the timestamp change!
Before i found this forum i had been looking into the whole shebang in an attempt to work out how and why i had been infected, and to confirm that this was indeed a scam.
Following on from earlier posts i believe that the porn website in question is sent via spammers to random addresses. I think we’ve all received these random e-mails at some point. Clicking onto this link or having the pop up appear in some cases allow MBS to record your IP address. I know because i clicked on the link (to my foolishness). This act of’viewing’ i.e. looking at the opening page -BEFORE any members page or any act of joining the website is mentioned, is what MBS are using to say ‘You viewed at the site – you should now pay!’ It would be rather like a major shopping chain saying ‘As your outside window shopping – you should pay for whatever item you see in the window’ This is Illegal, no contract is entered into and no agreement is made between the parties involved to purchase a service. No contract was ever entered into by myself with MBS yet MBS was downloaded silently onto my PC. This leads me to the Porn Website itself.
While MBS were plaguing me for payment, there billing account does offer access to the porn site i susposely signed up to. My membership status was set to active so i reasoned i should be able to view the members page – as well as the cancel subscription page that was displayed on my billing account. By this point i simply wanted to pay them off and cancel the damned subcription! However a curious, or not so curious (depending on your viewpoint) thing happened. When i tried to access the members and the cancellation page – the same pink screen would appear saying the system was authenicating my membership and a loading bar was displayed going from 0 – 100%. After 10 minutes the bar remained at 0% -surprise! For me this confirmed the whole thing was a scam, there is no porn site, no members page and most importantly – no cancellation page!
It is my belief that MBS have created a random Porn webpage which is solely used to record IP addresses and sneak their billing system onto your PC. It doesn’t matter if you click on a spammers’ link or have the pop up appear, once you ‘view’ the opening, and only web page, MBS can try justifying charging you (once the 3 day trial/3 days of forgetting you ever saw that shoddy page is over) saying it has a record of you visiting the site.
I would say to Peter Thomas that he allows his PC to be infected/enter into a contract with MBS to prove me wrong.
I hope this might help some of the people plagued by this blackmail program and shed some light as to how it could have happened.
Adam
June 29th, 2007 at 8:18 am
Adam, have you looked at the following?
http://michaelpollitt.com/wordpress/?p=142
If you still can access your IE history to cover the period of the download, please do so asap and send to Michael.
June 29th, 2007 at 4:37 pm
Yes, I’ll happily look at Adam’s history. I’m also interested in having comments from people about the relative difficulties of the current removal methods.
Adam seems to have struggled for five hours but I’ve heard other people have removed their unwanted software very quickly with the Prevx 2.0 free trial http://free.prevx.com/
What’s worked best for you? Let’s hear some experiences.
June 30th, 2007 at 9:21 am
Hi There
deleted these files via safe mode etc etc. Installed AVG spy that found nothing so thought i was ok. Turned pc on an hour ago and mbs billing came back. Looked at time stamp for the smvalid files and it was 5.04 am this morning and the pc wasn’t even turned on how does this happen and how do i get rid of this rubbish.
June 30th, 2007 at 11:57 am
Hi!
Help me canceled MBS bill from my PC. What I need to do? Thanks.
June 30th, 2007 at 7:14 pm
Steve and Sigita: Michael Pollitt has offered you a possible avenue, and his webpages are well worth a visit on this topic. They are at
http://michaelpollitt.com/wordpress/?p=142 and http://michaelpollitt.com/wordpress/?p=152. And, while you’re at it, would you consider sending him in your IE histories (see the first webpage) as he’s trying to establish how the downloads are being made.
July 1st, 2007 at 10:52 am
Yesterday morning no sooner had I turned on my computer when I had a screen charging me £39.99 for a subscription to mysexworld. My 10 year old son had told me about 3 days earlier he had typed in ‘girls’ to google and then said he had downloaded mysexworld onto the desktop. I was furious as i’d warned him many times about downloading things onto my laptop without permission. Anyhow, I viewed the mysexworld icon on the desktop and it’s address related to the internet and not to any file on my computer. So, I just deleted the shortcut to mysexworld from my desktop. Little did I know that 3 days later I would get a bill for £39.99.
As a lone parent who is struggling to keep their head above water and undergoing the many pressures and stresses of trying to find work you can only imagine how frightened and upset I was. I called the customer service number for Micro Billing Systems LTD and spoke to a very helpful and patient woman. The number was 0871 231 7374. She patiently said (through my tears and anger.) that I had to fill in a declaration that my child is a minor and that it must be signed by either the police, solicitor or head mistress at school. I have a 7 day stay of execution where any billing will be suspended. As i’m working as a volunteer in a school I cannot go to a solicitor until at least Tues afternoon. I will have to pay for their services and hope I can get an appointment. I will then to send this declaration (that was sent to me over the net) back to them by Special delivery which costs a fortune before the 7 day period is up. (Fri 6 July)It will then be forwarded to their appeals dept where they will consider my case.
How disgusting. As if I don’t have enough to worry about, as if I have the time, desire or energy to access an adult website,when I’m filling in job applications on a daily basis as well as running a home, as well as working hard as a volunteer, etc etc. (Sorry, I need to get this off my chest somewhere.)
Apparently my son would have needed to
a, agree that he was indeed over 18 years old
b, agree to the site’s terms and conditions
in order to subscribe. He obviously did not cancel the subscription within 3 days. Did I mention? He’s 10!
On calling the police to arrange them signing the form they said it would be best to ask the head teacher or a solicitor as it was a civil matter. However, they did say that it sounded bad practice as whenever you subscribe to anything on the net, be it online supermarket shopping or buying something on ebay, the company you are subscribing to must have a means of ensuring you are who you say you are. Anyone can confirm they are 18 or over and agree to terms and conditions and this is precisely what my little boy did. Usually you would have to provide an address, contact details, credit card number etc. The police advised me that I should contact trading standards, which, well, I shan’t be doing until at least the middle of the week, due to being so busy.
I have contacted the BBC newsdesk and they are considering the story. I have to wait for them to get back to me. I think the point is that MBS are clearly ensuring they get their subscription money through entrapment. They have billed me for something I have not asked for and have no interest in whatsoever, because my son in his curiosity of the world, has subscribed, obviously not understanding the full consequences of his actions. I have not asked for this service and wish them to go away.
They have caused me no amount of time wasting which I haven’t got, trying to resolve this and untold amounts of fear and stress, to the point where after just one day I am feeling worn down and ill.
The managing director is Ashley Bertup, the business (what an insult to the word) is Micro Billing Systems LTD, PO Box 185, Leeds, LS12 9AJ.
They disgust me and I can’t believe i’m having to go to all this trouble because I have fallen victim to this scam. I can only wonder at the kind of person this man, Ashley Bertup is, my skin crawls at the thought.
We have well and truely been entrapped and do we have a leg to stand on? I was told by the helpful woman at their offices that once my case is sent to their appeals dept, they will take it from there, so there’s not even any guarantee they will stop billing me. I’m sickened by them.
I have by the way, done a system restore according to instructions above but not sure if I’ll be able to tell it’s worked until the 7 day stay of execution is up.
July 1st, 2007 at 1:32 pm
The best way that has worked for me is the prevx 2.0.
At first i tried the regedit options posted in the forums but it still came back on boot up.
Tried the AVG antispyware 7.5 as mentioned which suprised me as it did not solve the issue but bought to light the other 2 trojans and IST diallers on my system that Norton and adawre 2007 had not picked up.?????????
Tried Mcafee Stinger just to see if it would pick up anything. No results.
tried the Task manager entering processes but could not find anything relating to MBS.
So Prevx it was and it found 2 malwares that it quarentined (Jailed) since then I have booted up and no pop up. I hope that is the last I will see of it. Reading some of the above posts if like me u have entered no site no email address and even if you enter a 3 day trial you must enter your card details, if you have done none of this I find it hard to believe that any debt collector will be knocking on your door. That does not take away the buggerance factor of some ************* holding you ransom on ur own pc.
July 1st, 2007 at 10:15 pm
Mali and Chambo: Please consider looking at the Michael Pollitt webpages (links given in my last posting). It might also be good for you to contact him. He’s been looking at MBS for some time and I imagine would be very interested in hearing from you.
July 1st, 2007 at 11:11 pm
Steve, Sagita, Jay.
There are several ways to remove the MBS bug.
On this forum, refer to postings from:
1. Dave, June 5, 2007 at 6.01pm
2. James, May 19, 2007 at 2.16am (He was up very late that night!)
3. John McKenna, June 17 at 3.30pm
4. http://www.virusvault.co.uk
5. http://michaelpollitt.com/wordpress/?p=142
There are others on this and the pcadvisor site.
I’m a computer dummy and have problems following technical jargon but after several tries, I think that I’ve deleted the 6 nasty files. I’ve been free of the pop-ups for 6 days. If none of the above work for you guys, I’ll try setting down what I did. I might need my method again if the pop-ups reappear someday so its no great problem. Of course, my method will be in simple terms, ie no jargon, just plain, simple words for fellow dummies.
July 2nd, 2007 at 10:34 am
I have been MBS free for over a week now. However, I am now receiving unsolicited e-mails from addresses I don’t recognise. Subject matters range from details of my holiday (not even booked yet), what sort of day I’ve had a work, how to clean my internet usage etc etc. All have been deleted without opening. Am I just being paranoid or are MBS trying to find me????
July 2nd, 2007 at 11:55 am
Unless you contacted them by email, in this case I’d imagine they’re not the guilty party! I’ve had this kind of thing happen to me, and I suspect one of your contacts has had their address book highjacked. I still get spates of this kind of thing; sometimes, setting up a new message rule can help. I know there are more sophisticated ways of dealing with this, based on disposable email addresses, but life’s too short for me to get involved with that as it’s pretty time consuming.
Of course, if you have had email contact with them, it is possible they’ve passed your details on. I wouldn’t put it past them to sell on details elsewhere, after all their business methods are pretty revolting in other ways.
July 2nd, 2007 at 1:00 pm
Bob,
Which method did you actually use? It sounds like one of the somewhat-risky-if-not-done-right manual methods rather than something easy like Prevx 2.0. How long did it take you? Why did you have several attempts? I’m interested in having comments from people about the relative difficulties of the current removal methods.
July 2nd, 2007 at 2:10 pm
My Father in Law has been a victim of MBS Billing he must have inadvertantly clicked on something to generate this download…he’s 73 years old has only a basic knowledge of a PC (uses it for online banking / booking holidays) and he’s admanent he has not been surfing sex or porn sites…he was going to pay as his PC had become totally disabled
I live away but have manged to disable the advert as described on the link below by talking it through over the phone…we spent four hours going through the procedure and it appears to have worked…for now…many thanks for those who have offered help…
I used the follow link supplied by PC Advisor
http://www.myantispyware.com/2007/02/09/how-to-remove-mbs-spyware
July 3rd, 2007 at 4:19 pm
Last night I,like some others stumbled upon and signed up to mysexworld without reading the terms and conditions. All i saw was the word ‘FREE’ in big letters. Soon after signing up i got an icon on my desktop which wasn’nt what i wanted at all, so i deleted it from the desktop and then from the recycle bin hoping to remove all trace of it from my computer. Today however i have seen all this about getting billing popups that take over your computer. However i am still within the 3 day trial period and could prevent it from happening. How can i cancel the trial period whan i have deleted the icon from my desktop. PLEASE HELP ME IM DESPERATE !!!
July 3rd, 2007 at 7:22 pm
Well I have looked at all the postings on this site and as almost everyone has the same oppinion of the way MBS are trying to obtain monies by deception. The one that realy upsets me is the post by Mali, this scum are causing worry and disstres to people and there tacticts need to be stopped.
I live in Inverness but part of my familly live in West Yorkshire, I will be going there late July within the next few days I will set up an email address and post it so that all concerned can send their comments and I will print each one without your email address and hand deliver them to personaly to This piece of SCUM in Brown Lane.
I am appalled as a Yorkshire man that someone in my home county is trying to do this, he needs to be educated in his ways.
Mali,
Please look at the instructions from me on June 5th to remove this item.
Regards Dave
July 3rd, 2007 at 8:27 pm
Michael Pollitt
Following your concern that the way I removed the 6 MBS files might have been risky, I have downloaded Prevx 2.0 as you suggested and fully installed it on my computer. I have their green light with the words that my computer is running safe and secure with no issues. Does that mean I had removed all traces of the MBS files. Thanks for your concern. I’m still typing up the way I removed the files.
The speed with which Prevx 2.0 scanned my computer, about 5 minutes, makes me wonder if it has done a complete scan. My Panda Antivirus takes 7 mins for a quick scan of some 12,000 files and 1 hour 10 mins for a full scan of over 400,000 items (didn’t know there were so many). Somewhere I have read that another Antivirus takes 2 hours for a complete scan. My friend’s Antivirus takes over an hour. Has Prevx 2.0 carried out a complete scan in just 5 mins?
July 3rd, 2007 at 10:47 pm
I am still MBS bug free.
After writing up the way I deleted the 6 MBS files, I repeated the process for testing purposes. I had used the process of finding the date of infection, (files ‘created’ 3 days before the MBS bill pop-ups started then deleting them in the SAFE mode). Today, during the last stage of my test, a file appeared for the date of infection, one that I had not seen before. It says ‘MRT 15378KB Application’.
Can anyone advise me on this file? Is it malicious. Should I delete it? I must add that this file was not ‘created’ but ‘modified’ on the infection date. Does that make a difference?
July 4th, 2007 at 8:15 am
Bob: Are you sure that is the file name? I’ve just googled and nothing came up, which is why I ask. My experience has been that references to most files can be found on the internet…. If you are sure there isn’t a typo in your posting, can I suggest you go to Michael Pollitt’s website and follow his instructions for downloading your internet explorere history? You should be able to go back 2 weeks on that. This might give a clue of what has happened. Incidentally, you can then email the IE history to Michael who has been investigating this.
Just a thought!
July 4th, 2007 at 9:01 am
Bob:
Prevx 2.0 will have found any executable files remaining as, on installation, there’s a fast scan to identify files that run automatically or frequently. Whenever a program tries to start after that, Prevx 2.0 checks to see if it’s safe first (and gives you big unmissable warnings if not!). You can, if you wish, run a full system scan at any time. If the other file you mention is unsafe, the scan will detect it. Prevx would stop it being run if bad anyway.
I’d be interested in your comments, having carried out a manual removal and then installed Prevx 2.0, which method (in hindsight) you would have been happier with. It’s a bit like tinkering with your car engine or going to the garage, I think.
July 4th, 2007 at 9:07 am
Bob: I’ve just noticed something on a PC Advisor thread which quotes the same file reference as yours, which I’ve copied here for ease of reference:
“After reading about predating files I remembered a phenomenon that happened about a week ago when I deleted the MBS files. I searched for the 6 files created 3 days before the pop-ups appeared then deleted them in the safe mode). I had searched for files created on 06/06/2007. The 6 rogue files, all created within a second of one another, were found PLUS 2 files dated 26/06/2007. Thinking this to be a computer glitch, I deleted the 6 files but not the 2 with the wrong date.
Today, I repeated the process and again the computer revealed the same 2 files 26/06/2007 although I searched for 06/06/2007. The 2 files are : A8E2D64B, 1 BK, Setup Information and created about 8 hours after the rogue ones.
And u2g.f, 1KB, F File and created about 18 hours after the rogue ones.
Also found 1 file ‘modified’ (not ‘created’) on 06/06/2007 named MRT, 15378KB, Application, and modified about 6 hours after the rogue ones.”
This from Indianjo on the following thread:
http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=291265&forumid=1
July 4th, 2007 at 9:16 am
Right, just had a quick look to see if anything could be found out about the files mentioned by Indianjo and the u2g.g file does appear to be related to MySexWorld, which does make Bob’s filename suspect too.
Bob – Can you send your IE History to Michael Pollitt? Perhaps somebody could post on the PC Advisor thread referred to above as well so that Indianjo is alerted?
July 4th, 2007 at 11:16 am
Sussex. Thanks for your help. I am Indianjo and had reported the possibility of postdating on the PCAdvisor site because of the new forum topic there which reports possible predating of MBS files. I will delete the 2 suspect files ie
A8E2D64B, 1 BK, Setup Information and created about 8 hours after the rogue ones.
And u2g.f, 1KB, F File and created about 18 hours after the rogue ones.
Do you recommend that I delete the ‘modified’ file
MRT, 15378KB, Application?
Michael, thanks for the assurance that Prevx2.0 will stop suspect files from working. What concerns me is that it has not shown up the u2g.f, 1KB, F File or A8E2D64B, 1 BK, Setup Information as suspect. Yet Sussex identifies the former as a rogue (and I am deleting the second as a safeguard). I’ve looked in Prevx2.0 Help and elsewhere but cannot find how to run a full system scan.
If the Prevx2.0 has done a thorough job (now I am sceptical with Sussex’s discovery) then it is much, much faster and simpler than the way I eliminated the 6 MBS files. Sussex makes me think there are postdated (u2g.f and perhaps A8E2D64B) and predated files not reported by other forum members. I’m adding both files to the list being compiling on MBS files.
Please can forum members, affected by the MBS bug, search to see if they still have these suspect files in their computers and report here?
July 4th, 2007 at 11:34 am
Bob: Do a Google for that file name, or elements of it, and see what you think.
July 4th, 2007 at 12:37 pm
Bob,
My name is Jacques – Im the head of research for prevx. The files you mention here (without me looking at them) sounds like temporary application files. the MRT file sounds like a Microsoft Malicious Software Removal Tool Stub and the others sound like small data files that are harmless. Be careful what files you delete in those area’s as your system might not function properly.
Regards,
Jacques
July 4th, 2007 at 1:07 pm
Thanks for posting that, Jacques. And sorry, Bob, if I’ve confused you at all.
July 4th, 2007 at 1:42 pm
Has anyone tried phoning MBS to cancel account ?
July 4th, 2007 at 1:50 pm
Jacques, thanks for that. I had not got around to deleting them. Re a full scan using Prevx2.0 how do I do it and how long will it take. Is a full scan necessary?
July 4th, 2007 at 4:36 pm
A full scan will find things that are not active. If you want you can do a full scan. Instructions are provided in the help file.
Thanks,
Jacques
July 4th, 2007 at 6:20 pm
Bob
Click your green light then click the more option to the right of support and u will see the scan and monitor options.
July 4th, 2007 at 9:01 pm
Hey i had this problem and used system restore to remove ive been pop-up free for over a month now. all thnx to this webpage so big thanx to u all. is there anything i can do to help other which will benefit in the taking down of MBS
Ollie, Former sufferer of MBS, 15
July 4th, 2007 at 11:10 pm
Iv had the same problem. billed for £39.99. Pop up of bill came to my screen and would not go away for 5 minutes. Iv now downloaded Prevx2.0 and it found the virus,s and i have deleted them. Does this mean I am now free? Iv not had the bill pop up for a few hours and I have restarted my pc a few times (normally the bill would pop up after 30 seconds of going on line. I am not good with computors so I do not have a clue. Please let me know.
July 5th, 2007 at 11:53 am
Hi all
Dave, thanks for your comments. I’ll have a look at your earlier post.
Went to the solicitor yesterday and mentioned that one of the above posts said that since they had supposedly subscribed to this delightful service then they should theoretically be able to use it. Well, they said you just get a progress bar coming accross the screen and it goes down. You can never get onto the site.
* Is the actual supposed site mysexworld a fully functioniing site? Does anyone know? If it is a non existant site then my solicitor assures me this is fraud.
* As well as doing a system restore I have downloaded a couple of other programmes to help me. I won’t say what they are as i’m so completely paranoid that MBS will catch on and write something to counteract the good work this site has done and the good results on my computer. Am I being too paranoid? If I download a software solution onto my computer can MBS mess with it?
Today my 7 day stay of excecution is up. I sent the signed declaration that my son is a minor by special delivery and it should arrive today. It’ll be very interesting to see what happens over the next few days.
Again, has anyone been able to enter the mysexworld site? Is it actually a true site in existance. If it doesn’t exist this is fraud.
Michael Pollitt, what do you say to this?
July 5th, 2007 at 1:27 pm
Mali:
The mysexworld site does exist. I wouldn’t put too much confidence in system restore as I don’t know what other programs you’ve downloaded.
You’re not the only person with a young child to have a problem as my second story about MBS in the Guardian illustrates (find via here: http://michaelpollitt.com/wordpress/?p=152 ).
If you’d like to e-mail me about anything else, then please do so.
July 5th, 2007 at 1:47 pm
Mali: For what it’s worth! the system restore method (but with the deletion of other restore points, as described) worked for my family member and he has been clear of this now for over two months.
It will indeed be interesting to hear what happens as a result of your action. It is, however, very upsetting to think that you have had all this trouble.
July 5th, 2007 at 3:00 pm
Mali: I hope you will find time to report all this to Trading Standards. I have just been reassured, in a conversation, that it is being worked upon, but I am quite sure that further complaints, especially of your kind, will help move the matter forward.
You are not the first person to have contacted the media to publicise and look into what is happening here, and I believe they are interested, but it’s a thorny issue. In my humble opinion, it is at least in part the fact that there is a cringe element involved which is causing people to hold back, but also there is the issue that MBS are *apparently* (just) within the law. This, to be frank, amazes me.
So, does the law need to be changed?
Try writing to your MP, too. Perhaps, to save you time, you could cut and paste your comments into a letter to send to her/him.
Somebody somewhere has got to stop this grimy crowd.
July 6th, 2007 at 3:31 pm
Hallelujah! The story has now been broadcast on Radio 4’s You and Yours. They want to hear from others who have been affected. If you want to hear it, you can either go to the You and Yours website on the BBC Radio 4 website, or try this link http://www.bbc.co.uk/radio/aod/mainframe.shtml?http://www.bbc.co.uk/radio/aod/radio4_aod.shtml?radio4/youandyours
Now that the ball’s rolling, I hope others will get in touch.
July 6th, 2007 at 3:42 pm
Thanks for the link Sussex.
As an aside, I love the way they use a Mac startup sound on their demonstration, even though it’s impossible to sign up or have this spyware crap on a Mac.
July 6th, 2007 at 3:44 pm
Oh and they’ve actually managed to get hold of the slimy Ashley Bateup (there’s a porn name if ever I heard one)
“could be deemed controversial,” he says.
“no more different than buying a mobile phone,”
oh yeah, right.
July 6th, 2007 at 7:15 pm
Same problem as everyone else.. took the advice of previous posts .. Spybot does not do the job but
downloaded PRVX2 on PRVX.com
Free for 30 days and problem sorted plus a few others… Try it
July 6th, 2007 at 7:34 pm
The piece of scum that is Ashley Bateup is also part of Synergybs – we know what BS stands for – let’s send Ashley some email.
July 6th, 2007 at 7:39 pm
ROFL – look how “professional” his company is.
Take a look at this page: Services
Appalling.
You’d think Ashley W**kup would use some of the money he’s extorted from people to actually get a working web site for one of his other pathetic companies.
Business Services? My a**e.
Oh yeah and clients
What a sad little loser that thinks he’s great because he got his stupid little message on Radio 4 and in the Guardian. What a tw@t.
July 6th, 2007 at 10:45 pm
Enforcer: I don’t think Mr. Bateup has come out of the Radio 4 programme well – at least, that’s not how I’ve heard it. And, if others who’ve been affected, take up the invitation from You and Yours to get in touch with their experiences of MBS, the mud will really start to stick!
July 7th, 2007 at 8:22 am
Looking this morning at the PC Advisor website (Forum ‘MBS Bill’) it would seem that MBS are now pretty rattled, to judge from the extracts from an email to the Forum Editor from Mark Webber of MBS.
Why can’t they see that the remedy lies within their power? To make silly threats like this doesn’t make them appear any more digestible.
July 7th, 2007 at 8:44 am
The PC Advisor forum has moved on. This is pathetic. Here’s what the forum editor had to say:
The radio interview happened some time ago, and the MBS situation has moved on since then. Here are a couple of extracts from an email I received yeasterday from Mark Webber, the technical director of MBS:
“I feel it only fair to inform you that our lawyers (uk and Europe) are to be instructed to pursue anyone offering advice or software to remove the billing software. Due to the fact that the big 2 vendors have accepted (from their own testing and classification) that the MBS software is not adware, spyware or delivered by trojan.”
There’s more:
“I note that a member comments our administration address is posted on the forums. Due to our staff being threatened, we have a specially assigned police officer to our company. I would respectfully request that the reference to our administration address is removed from the forums to protect our staff. Due to the nature of these threats we have an immediate response classification to our calls and I would hope that none of your members would attempt to visit our offices .”
So basically, they’re saying that they don’t want the address published of the place where they want their extortion money sent to? “Specially assigned police officer”? What a load of b*ll*cks.
Bring it on lawyers, I’d love to see you try. T*ssers.
July 7th, 2007 at 10:26 am
Perhaps the council taxpayers of the Leeds district need to be told that their hard earned cash is going towards providing protection for an outfit which itself flirting with illegality?
Unless, of course (as I somewhat suspect) Mr. Webber is exaggerating. Or, of course, it could just be a nightclub bouncer, or similar, on their own payroll. Mr. Bateup looks a bit of a bruiser, so perhaps he moonlights from his MD post to give a hand to the heavies? ;o)
July 7th, 2007 at 12:45 pm
Well think I’ve found a freeware solution for this, try looking on: http://www.prevx.com and install the trial. Run the scan and it does it for you. Deleat all associated desktop icons for MBS and think you’ll be OK. Seems nice and easy and highly effective!
However why doesn’t my up to date McAffee scan, recognize and remove this malicious software?
All the best!
John
Manchester UK
July 7th, 2007 at 6:23 pm
Well done, John! Prevx is definitely a good solution, and details about it can be found here and on other sites.
Unfortunately, however, MBS have been pretty sophisticated in their software, as well as (I gather) ‘threatening’ the main computer security companies with action if they identify that software as malware. Or, at least, that is what they have said elsewhere and earlier in this saga. I guess the big players are taking a ‘wait and see’ approach before adding it to their general list. Which won’t be too long now, I hope.
July 7th, 2007 at 8:33 pm
They say they have a special assigned policeman please do me a favour.The police do even care if you ring them up and tell them you have been burguled or mugged why are they going to care about these silly little twats.Dont these people learn threatning everyone with lawyers this and lawyers that.Pissed off people dont listen to threats it only makes them more determined.Also im glad their staff have been threatened,to bloody right.These people should have more sense let alone more morales.Now they are saying that they want to expand their software into music,films and gaming my word it will be the end of us all.These w*****s must be stopped!
July 7th, 2007 at 8:34 pm
Sorry little missed spelling,its meant to be the police dont care not do sorry its dark!
July 8th, 2007 at 12:12 am
Who are these ‘2 vendors’ who say that the ‘MBS software is not adware, spyware or delivered by trojan.’ Does it matter? There are several more vendors who know that the MBS files should not be on computers. I should think that Prevx, who have helped lots of us, should have been asked for their opinion. Perhaps we ought to give their files a new term.
How about ‘blackmailware’, ‘blackware”extortionware’,'MBSbadware’, ‘conware’, ? Anyone care to coin a term so that the ‘2 vendors’ and the rest of the world can identify these malicious files?
As far as I know, there are no laws that stops anyone from removing files from their computers. There are no laws that prevent the public from asking either individuals or companies to help them remove files from their computers. There are no laws that stop individuals or companies from giving advice or developing software to delete unwanted files/software. MBS are trying every way to protect their ‘conware’.
MBS must be the only company in the world that wants to hide their address. Hmmm! I wonder why.
I’ve been wondering about all the money they have collected. Has anyone who has paid, received a receipt with their VAT No? If they do not have one, then perhaps the VAT men might like to investigate. Their turnover must be above the VAT threshold.
July 8th, 2007 at 3:32 am
Seems im not only one to be caught by this mob , my supposed site membership is with Mysex World ha ha “i wish” the misses has just seen this and said “me too” could be on to something there! anyway getting back to the point ,same story as everyone else demand for £39.99 only thing is my supposed membership started 4th July and the free trial ended 7th July the day the bill was sent ha ha it gets better in the “user access log” Date 07/07/2007 under the “Action” heading we have CANCELED MEMBERSHIP which is the first entry in the log ha ha
July 9th, 2007 at 9:25 am
I thought other forum members might be interested by the following links (follow throught in the order given):
http://www.digitalenterprises.com/popup.htm
http://vil.mcafeesecurity.com/vil/content/v_122344.htm
http://blogs.zdnet.com/Spyware/?p=846
July 9th, 2007 at 1:04 pm
ive been trying to remove this pop up they keep puting that i have a bill for 39.99 ive not asked for this service im feed up with poop up every time i put the computer on ive to wait 10 mins im only learnig the computer and feel like i want to give up or throw the computer through the window
July 9th, 2007 at 1:11 pm
Mags: Many people have found Prevx and system restore to work for them. Have you downloaded your IE history? Have a look at this site for more information on all this http://michaelpollitt.com/wordpress/?p=142
for more on all these points.
July 9th, 2007 at 6:41 pm
I’ve just been reading forum posts regarding MBS . I have just had a huge row with my 14 year old son because he showed me these pop-ups on his laptop demanding £39.99 for a subscription to a site that he insists he has never heard of. I phoned the number on the pop up and was told that he must have accessed the site. I complained that adult sites should not be so easily accessible to minors and was told that Mysexworld is only accessible by typing in the actual website address or through links from other adult sites. They said I could not cancel the subscription unless i paid and that it will continue accumulating at £39.99 per month until September 2008 if I don’t pay it. I believe my son when he says he didn’t access it but I can’t be 100% sure that one of his friends didn’t. They are threatening legal action if I don’t pay – I am really angry and would love to help put a stop to this extortion. I’m not worried about the computer, I’ll throw it away if I have to but these people shouldn’t be allowed to get away with this!
July 9th, 2007 at 9:48 pm
Sara: Go to the Michael Pollitt website (see the link in my posting above yours).
Also, if you’ve the energy, why not contact You and Yours on Radio 4? They have just run a piece about MBS (you can listen again from the Radio 4 website – it was broadcast last Friday) and are interested to hear of the experiences of others, like yourself.
July 10th, 2007 at 12:53 pm
I gather You and Yours will be doing an update on Radio 4 tomorrow (Wednesday 11th July) about MBS. If you can’t listen live, remember the Listen Again facility on the Radio 4 website.
July 10th, 2007 at 3:39 pm
I have just had a reply from mbs as i sent them an email telling them I am not going to pay as my 12 year old did not look at my sex world. They told me that they would cancel my bill as long as i went to a solicitor to get confirmation that my son is 12. Once i have this i have to post it to them and it will be cancelled. i am a single parent and i can not do this.this is all such a worry for me. iv managed to stop the pop ups from mbs but can they still get me now they have my email address?
July 10th, 2007 at 5:18 pm
Thank you for your recent email regarding under age access to an an age restricted site.
Our membership audit log for the website shows that when the minor set up the membership for this website, using your computer, they confirmed that they were at least eighteen years of age.
We should point out that as the computer is your property and under your control, you are legally liable for the cost of the service that was subscribed to.
In order for you to have become a member of this site, you will have undertaken the following process, which constitutes a legally binding agreement;
a) viewed and clicked on an advertisement for the site
b) viewed and agreed to the terms and conditions covering access to the site
c) agreed to the download and installation of the MBS Account Management software
d) accessed and viewed the site
Further detail of these steps can be found below, along with a copy of your audit log showing your account activity.
In this instance, we will cancel the current invoice provided that you first take this email to a solicitor and make the declaration (below) confirming that access was made by a person who is under the age of eighteen. Solicitors typically charge a fee for providing this service. The solicitor will also have to sign and stamp the declaration, to confirm that you have made the declaration in front of them.
Please return the email print-out to us once it has been completed and signed and stamped in front of a solicitor. We suggest you keep a copy for your records.
Should you have any further enquiries please contact our customer service team at billing@microbillsys.com
Regards
Customer Support Services
Micro Bill Systems
Micro Bill Systems is an independent, internet billing and collections company providing services to websites and internet providers.
Visit http://www.microbillsys.com for details on our privacy statement
Information: PO Box 185 : Leeds : LS12 9AJ
billing@microbillsys.com
MBS/e6/1.2
——————————————————————————–
In respect of Micro Bill Systems identifying reference: MBS-043-486051
Declaration
I [______________________________________________________________] hereby declare that the minor who was responsible for subscribing to the adult website is under the age of eighteen years old.
Signed:_______________________. Dated____/____/______
In the presence of []
[______________________________________________________________] (Solicitors/Commissioner of Oaths).
Signed:_______________________.
Stamp:_______________________.
——————————————————————————–
Membership Signup Process
In order to have become a member of the website, the following process will have been undertaken by someone with access to your computer.
…………………………..Then there is an advert saying “click on this for full access”, meaning the web page that all this pop up stuff started with. i didnt click thank god or i would be back to square one again with the pop ups and a bill!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! They are so crafty!
July 10th, 2007 at 9:52 pm
Kat: Have you thought of sharing this with You and Yours? You can contact them via their website, http://www.bbc.co.uk/radio4/youandyours/, and they are currently running items on MBS.
You can use the ‘listen again’ facility to hear the first programme (Friday 6th July) and they are following up tomorrow, Wednesday 11th July.
July 11th, 2007 at 4:46 pm
You and Yours follow up today was extremely interesting, and it would appear that there is tangible doubt now about the legality of what MBS are doing (no surprises there, then!).
Kat: Do you really need to incur legal costs? This is MBS’ way of trying to make it difficult for you in an attempt to capitulate and ‘cough up’ to them, imho. I’m guessing here, but could this be interpreted as intimidation? Anyway, they should be prepared to accept the word of anyone who would be considered competent to confirm identity for passport purposes, so a teacher or doctor could perform this ’service’ just as adequately.
July 11th, 2007 at 7:08 pm
Hi
I got the MBS pop ups at the beginning of June, which was a very big shock and made me worry and have sleepless nights; as nor my partner or I had ever been on such a website, the only thing that I could think of is that it was a virus that came on a back of a P2P download…Anyways thinking mbs was a virus I ended up having to wipe my computer back to the day I opened the box (as nothing else would work). Now it’s July and I’ve found out more about them, like they’re not a virus!!! This is bringing more worrying as they stated they can affect your credit rating…Is this true? I’ve ran an internet history and there is nothing on there to say that a porn site had been accessed, but could that be because I wiped the system?
I’m so very worried about this, I know for a fact that I have never been anywhere near such sites, I did however, downloaded music, TV progs e.c.t from file share can it have come on the back of this?
fearing that this is the case I don’t go near P2P download, but I’m really worried that my credit will be affected by something that I haven’t done!!!
Thank you for listing to me…
July 11th, 2007 at 9:04 pm
LR, you are worrying too much.
How can your credit rating be affected when they don’t know who you are?
Luckily you’ve got them off your machine, and that is where they can cause you grief. Now, try to relax.
July 11th, 2007 at 9:06 pm
LR – PS IF you’ve still got your IE history availabe, send it to Michael Pollitt, who may be able to see how it came onto your machine. And he needn’t know who you are either. You’ll find his details on this webpage.
July 11th, 2007 at 10:38 pm
Thanks sussex,
Yeah my partner said the same thing about me worrying to much…. I know that companies can get you personal information via you IP address from your ISP.
The question I have with my IE history is because I wiped my computer before I knew what and who MBS were would that affect the IE history?
July 11th, 2007 at 10:44 pm
LR: I’m not sure – but it’s probably worth looking to see if you still have the folder with the IE history somewhere. As to getting your personal information via your IP address, that would take a court order or similar, and MBS wouldn’t have grounds to get that.
July 12th, 2007 at 2:43 pm
I have recently had the ‘mbs problem’ I got rid of it with EIDW scan/removal, which found that the MBS ‘thing’ is a trojan horse virus, how is that legal? I enclose the EU LAW on this type of selling
The Distance Selling Directive applies to any consumer distance contract made under the law of an EU-Member State as well as the European Economic Area (EEA). It provides a number of fundamental legal rights for consumers in order to ensure a high level of consumer protection throughout the EU. These include:
Provision of comprehensive information before the purchase;
Confirmation of that information in a durable medium (such as written confirmation);
Consumer’s right to cancel the contract within a minimum of 7 working days without giving any reason and without penalty, except the cost of returning the goods (right of withdrawal);
Where the consumer has cancelled the contract, the right to a refund within 30 days of cancellation;
Delivery of the goods or performance of the service within 30 days of the day after the consumer placed his order;
Protection from unsolicited selling;
Protection from fraudulent use of payment cards;
Non validity of any waiver of the rights and obligations provided for under the directive, whether instigated by the consumer or the supplier.
Speaks for itself, Micro Bill Systems ARE breaking the law! and, under several counts!
Anyway, its gone from my pc, Ive informed West Yorkshire Police of their activites.
July 13th, 2007 at 12:06 pm
Neil, that all sounds very interesting and chimes in with some of what I’ve read. Did you notify Trading Standards as well?
July 13th, 2007 at 12:28 pm
Hi Sussex, I havent as yet but I will be doing so today. The above EU LAW is just to remind people of their statutory rights as a consumer that they have at least 7 days to cancel any agreement and be entitled to a refund, for those unfortunate people who have been frightened into paying these false bills. Only problem is finding out how to cancel the ‘agreement’ but it is there somewhere on their bill, I think it says ‘cancel page’ and that does it. Then time to get your anti virus to remove it totally. It is a very alarming and frightening thing and can destroy marriages and have parents thinking their kids are perverts! No-one in my household clicked on any such thing, but a music download site may be responsible in my case, so beware people, but dont be alarmed by these fictitious ‘bills’-IT IS A SCAM!!!!! DONT EVER PAY THEM!!
July 13th, 2007 at 12:43 pm
My SO paid up, and even then the pop ups didn’t stop, so we had to remove the software.
I think they’ve tried to rely on people ceding their rights to cancel (also hidden there in the Ts and Cs). Okay, so MBS would probably say “how can it be hidden when it’s there in writing”? Well, my answer to that would be that, any company that wants to be seen to be behaving above reproach would NOT have extensive terms and conditions (as do they), nor would they hide the points of most relevance to their potential clients well within those lengthy documents. The following link http://money.guardian.co.uk/experts/legal/story/0,,1882850,00.html makes it clear that the law will not tolerate traders hiding behind small print, or get out clauses.
MBS – Take Note!
July 13th, 2007 at 12:49 pm
I honestly dont think anyone should take MBS or their fake ‘bills’ seriously, it is a scam and thats how it should be treated, just get your anti-virus to get rid of it and forget about it and them, not worth worrying over!
July 13th, 2007 at 12:57 pm
Neil, the problem is that anti-virus doesn’t deal with it, and from what MBS have said elsewhere, they’ve put the frighteners on some of the key players there, which is why their stuff gets past reputable AV programmes. And, since they’re boasting that they’ll be extending their activities into other internet areas, I’d personally hate to see this problem continuing.
If you’ve been following the forums over time, you’ll see that there are a lot of people who’ve been seriously upset by MBS, along with people who’ve paid MBS money even though they are adamant they didn’t sign up to anything.
July 13th, 2007 at 1:20 pm
I agree that this is very disturbing and does occupy one’s thoughts considerably when we’ve all got better things to do. I have looked through all the history of this forum and havent yet seen any evidence of MBS actually taking any action against anyone, are you aware of any?
I agree they do frighten people and that is surely against the law, no matter how subliminaly its done!
July 13th, 2007 at 1:33 pm
Neil: I’ve seen some evidence of threats being made, here and on other forums, of legal action, though nothing to say that these threats have been followed through. I agree, it cannot be legal to intimidate people in this way, just as I cannot believe, whatever MBS might like to say, that effectively blocking people’s access to the internet is likely to be legal.
I think why this continues to bother me is because I’m aware that they’ll only respond to action from the authorities. Failing that, they’ll not only continue to extract money under dubious pretexts from people but will also use the lack of challenge as a badge to display to other potential clients. And in this way the internet could become even more hazardous than it already is.
Incidentally, I remain unconvinced that this software can only be downloaded openly, i.e. by clicking on their Ts and Cs. My SO is adamant he didn’t do this, though he did admittedly browse some seedy sites. I know this has been debated widely, but the fact is that with a certain level of sophistication there are many injuries that can be made to unsuspecting surfers without their knowledge or acquiescence. There are, in this particular case, too many people convinced of their ‘innocence’ for it to appear mere coincidence.
July 14th, 2007 at 10:09 am
I’d like to make the following points at this stage to all who read this page (and bear with me on this, please):
This issue has been raised on a number of forums, notably PC Advisor, although this forum is very much under the control of the Forum Editor, who has appeared on Radio 4 on the issue (although it was not he who took the matter there). He seems to see himself as the hero of the hour – which overstates the case.
This webpage is pretty dynamic and Andy Merrett, to his great credit, keeps interference to a minimum. Michael Pollitt, a freelance journalist, has written two excellent articles in the Guardian about MBS which can be read.
Journalists, and others, whose roles are public are somewhat constrained in what they can say about MBS for fear of being sued. This does not mean that what MBS are doing is ‘okay’, though, and Joe Public can, within reason, express their own opinions about their experience of MBS or their view of the system MBS are operating.
I personally have no relationship with MBS, but I have a view about their methodology. A member of my family was affected, and to that degree I became involved with dealing with the extreme stress of that person, and my own stress of living with them. My family member paid up to MBS, and therefore MBS could, under no circumstances, claim to have any case against him. I’m quite sure, however, that they would just love me, and the many others who are complaining about them, to go away.
However – and this is the important bit – it is you and I who can really make the difference. We can do this in a number of ways:
(1) Report our experience/feelings about the method of trading of MBS to Trading Standards. This way a picture builds up. The more complaints, the more seriously they must take it.
(2) Write to your MP. Explain what happened, how it affected you and your family, why you think it is wrong. Most MPs have email, but a written letter may carry more wait, particulary with those from the older generation. Ask your MP to raise the matter with the OFT, the Secretary of State, in Parliament.
(3) Contact the You and Yours programme on Radio 4 who have been carrying this story. We are very indebted to this programme, and in particular the reporter Shari Vahl, who took up the story on behalf of all consumers.
Some people have reported their cases to the Police. This may well be appropriate for some people, although it wasn’t in our own case.
Also, look at the main websites dealing with this issue. There is some interesting and important information out there, and you may find pointers towards people who are trying to find out more about how, for some people, this software appears to be downloading itself onto their computer without them having been aware of agreeing to anything.
Whatever happens, this form of billing on the internet needs to be confronted before it becomes mainstream. MBS are now talking about rolling it out to sites carrying music and films, amongst other forms of media. Is this what we want?
There are already available entirely reputable ways for people to collect subscriptions online which don’t rely upon reading ream upon ream of Terms and Conditions in order for internet users to discover what they may be letting themselves in for, or thereafter holding them or their computers ‘hostage’.
July 14th, 2007 at 2:55 pm
Sussex, I agree with all you have said. In the PC forum, someone has given the email for the Office of Fair Trading. It is: scams@oft.gsi.gov.uk.
The contact there is: Aaron Gould
I have registered a complaint and received the following reply:
RE: Micro Billing Systems Ltd
Thank you for your email. The details have been registered on our database, and the information contained within will be assessed for evidence of possible breaches by the trader.
We would like to thank you once again for bringing the matter to our attention.
Yours sincerely
Olu Ademolu (Miss)
Enquiries and Preliminary Investigation
The more complaints that the OFT receive, the more chance there is of getting MBS to mend their method of trading.
They break their own Terms and Conditions. See their clause 11.6
“11.6 IF YOU CHOOSE TO IGNORE THE PAYMENT REMINDERS AND DO NOT PAY THE REQUIRED MEMBERSHIP FEE, YOU HEREBY UNDERSTAND AND ACKNOWLEDGE THAT THE PROMPT REMINDERS MIGHT BECOME MORE FREQUENT AND THAT YOU MIGHT LOSE THE ABILITY TO USE YOUR COMPUTER (I.E. ACCESSING THE INTERNET, ACCESSING YOUR FILES ETC.), UNTIL YOU HAVE SUBMITTED PAYMENT OR CONTACTED CUSTOMER SERVICES. WHILE YOUR COMPUTER IS CONNECTED TO THE INTERNET THE BILLING PROCESS WILL BE ENFORCABLE.�
From their own terms, ‘UNTIL YOU HAVE SUBMITTED PAYMENT OR CONTACTED CUSTOMER SERVICES’ it is obvious to me that there is a choice, the word ‘OR’. So either you pay OR contact customer services. Once contacted, whether or not MBS agree or not with your argument, they should not increase the frequency of interruptions. At worst, the interruptions should stay exactly as at the time of contacting them. If your interruptions had got to the 5 minute stage, then at worst it stays at that length. If they increase the time or frequency, they are breaking their own terms.
This is particularly important for those internet users who are not technical enough to follow the methods of removing the offending MBS files. At least their computers should stay useable. If the periods increase, then according to an acquaintance who is a magistrate, if a case was brought before him with proof that MBS had been contacted, and proof that the time periods or frequency had still increased, then he would find against MBS.
July 14th, 2007 at 7:05 pm
People, people!! why are we giving this so much consideration! Get your anti-virus software, get rid of all things ‘MBS’ off your pc’s and dont give it another thought. Try it!! Its quite satisfying! Its just a scam, albeit a very good one, but thats all it is, so treat it accordingly as you would any other scam/virus, send it into the oblivion of wherever virus’ go and get on with your lives. We’re giving them far too much credence by dwelling on them and writing so much about them. Look at a certain airline and their tv programmes about such, so negative, yet the company does so well-no such thing as bad press-its all advertising! So lets not give them anymore publicity, save the advice all ready written which is available on these forums should any poor victim of their’s do a search. I do concede though that they should be stopped and punished, but there will always be these crooks about, after MBS there will be another, probably with the same management I dont doubt!!
July 15th, 2007 at 9:20 am
Neil: re antivirus software, this isn’t working with MBS, which is why so many people are being ‘caught’, and MBS have ’succeeded’ in convincing some of the main players in the antivirus field that the MBS software shouldn’t be caught in the antivirus net. (Their success, incidentally, has entirely depended upon the threat of litigation, from what I gather. They’re good at ‘threatening’)
July 15th, 2007 at 9:22 am
Oh, and – Neil – the way to get them stopped and punished is by complaining. Unfortunately, because of the grubby area in which they operate, many people have felt uneasy about complaining about MBS. This is a hurdle we have to overcome, and this is why I, for one, keep the issue active.
Having the input from Radio 4 has been useful in this way. It’s made complaining about something which has a relationship to porn site ‘respectable’.
July 15th, 2007 at 6:02 pm
hi
Im newish to pcs and have had this mbs on my system for 2 weeks now, today my pc shut down because of this mbs, also even if your not conected to the net it still comes up and if you try to get rid of it it resets back to 5 mins and starts all over again.
im afraid im one of these people who can not get rid of it, norton does not work nor avg. ive been without my pc from 6am till 5pm today all because of this bullshit company.
i did make the mistake of emailing them and giving my name (as its in my email address) so now this firm know my name.
sorry to go on but this company has realy got up my nose.
thank you
July 15th, 2007 at 9:33 pm
Wayne:
There’s lots to help you out there – If you read earlier up this thread you’ll get some ideas. I’ve heard Prevx is good, although System Restore sorted things out for a person I know. For more about Prevx you could look on Michael Pollitt’s website. He may, anyway, like to hear from you.
July 15th, 2007 at 11:55 pm
Wayne, I know the anguish you are suffering. I, too, am not a computer buff and had problems following all the advice on this site. The quickest way seems to be to download Prevx2.0 from the internet. Their website is: http://www.prevx.com
When the site opens, you will see a ‘Download Now’ button which offers a unique free trial for a month. Follow the instructions and Prevx will search all the files on your computer and place the files that are causing problems, into a ‘Jail’. Others have reported that Prevx has found other offending files (not connected with MBS)which their normal Antivirus had not picked up. You can delete the files in the ‘Jail’ and you will have your computer back in working order. The Prevx 2.0 antivirus offer is very fair and genuine. After 1 month they will not force you to purchase their protection but it is half the price of all the others on the market and, in my view, well worth having. Apparently, it will work alongside your existing Norton antivirus.
I’m surprised that your computer was out of commission for such a long time (6am to 5pm)and within 2 weeks of receiving the first bill. Perhaps I’m getting confused because you also mention 5 minutes. Perhaps it is because you have been incorrectly removing some elements of their files or shortcuts which are cunningly designed to regenerate and once more stop you for a further 5 mins. Just keep the computer on for a while and let the bill tell you (somewhere at the top) that the bill is unlocked (or similar words). You should then be able to minimise it or delete it for that session. Immediately get onto the Prevx site and download etc
When did you contact MBS? Keep that email as a record. They are supposed to reply within 48 hours. As I understand from their Terms and Conditions, once they have been contacted the frequency of interruptions should not get worse, ie if it were 5 mins at time of contact, then it should remain at 5 mins each session. This should not matter once you have used Prevx.
Please report back on this site if you are successful. Good luck.
July 16th, 2007 at 7:29 am
hi, thanks for nthe replys,
i cracked it!! i got rid of norton and installed the free version of AVG and its worked! norton slows everything down so i will not miss that and the AVG free version got rid of that nasty mbs.
yesterday it was doing my head in as it stays for 5 mins at a time, and if you unplug from the net it stays for longer as if you try to close it ? it resets itself and starts again.
there should be a law against this sort of thing.
yesterday i wanted to drive to this firm and park my car in there reception (if they got a reception) more like some room someplace collecting eveybodys money.
so if i can get rid of it ? everybody can.
cheers everyone
July 16th, 2007 at 7:39 am
p.s
the reason i think i lost my pc for so long yesterday was i had norton and AVG running together and they didnt like each other. but im a happy man today.
July 16th, 2007 at 8:27 am
Bob: What you say about the 48 hour reply time is something I’ve talked about before. The ‘victim’ in my family emailed them requesting a response to acknowledge that they had received payment of £19.99p. for one month’s ’subscription’ (which he hadn’t wanted – but he’d got the popups, etc. etc. – you know the rest! i.e. he’d given in to what he considered to be blackmail). Despite having paid, the popups had continued, hence the email. And – surprise surprise! – he didn’t hear back from them within 48hours. In fact, he never heard from them again.
July 16th, 2007 at 8:33 am
A further point, which I’m posting separately so that it doesn’t get confused with my last posting.
I’ve been very struck by the different rates that appear to be charged for the use of the same websites. I intend trawling through postings on different forums to see how these have varied as it is somewhat odd. Whether or not MBS are directly connected to these websites other than as agents to collect subscriptions we do not know, although I believe they claim not to be. It is, however, a bit strange that they are downloading software with different rates of subscription for the same websites.
July 16th, 2007 at 3:30 pm
Well, I’ve found one couple who’ve been charged three times what my SO was asked to pay, and their bill doubled in five days to just under £100.
This is itself is extraordinary, I’d say. Talk about pressurising people into submission. For those who want to read more, I’d refer you to the following:
http://forums.vnunet.com/thread.jspa?threadID=114138&start=0&tstart=0
http://forums.vnunet.com/thread.jspa?threadID=114807&start=0&tstart=0
July 16th, 2007 at 5:43 pm
Got caught out by mbs on friday 11. I was browsing got snagged through mysexworld. Didn’t realise what was happening.I tried to delete it and thought I had until 2 days later got a pop up for a bill. I read the terms and belived the only way to get rid was to pay up and then cancel the account and uninstall the thing. It says so in the terms you can do so. Did so. Got a intstant reply saying ‘due to staff training unable to help, but will reply within 5 working days’. After reading this forum I realise its all a scam. Worried they have all my details and the possible consequences.
Having deleted everything from the recycle bin, there seems to be no sign of anything wrong, but now worried.
July 16th, 2007 at 5:58 pm
P.S Also worried they’ll read this…
July 16th, 2007 at 7:03 pm
Hi Guys,
I am also one of the victim of MBS, but today after tried of all the things like sysetem 32 and rest of the things when i could not get rid of these pop ups,probably i am on vista so things didnt work for me. I downloaded Adware away that picked up the file from system32 and deleted it,
ive paid 18£ for thsi software though but i preferred paying the S/w company rather then these MBS BAST–DS
I am absolutely popups free now, touchwood so far otherwise i was not even able to do my work.
thank you all, for continuous support
July 16th, 2007 at 11:10 pm
Rio: Your point is an interesting one. When our equipment was affected, money was also sent to MBS, but the pop ups continued, and they failed to respond to our email requesting that the software be removed. Their website at the time stated that they aimed to respond within 48 hours to emails – which didn’t happen in our case.
Now, this raises an interesting point because, as I understand it, MBS has threatened to pursue (i.e. sue) people who have removed, or encouraged others to remove, their software. Yet they appear to fail to acknowledge that they have a responsibility, from their end, to ‘give back’ full use of somebody’s computer once their demand for payment has been met. And you, Rio, were being asked to wait up to five days for a resolution, with your computer no doubt being rendered virtually unusable.
If anybody does find themselves pursued by MBS for advice on removal of their software, I’d suggest this point is borne in mind.
July 16th, 2007 at 11:31 pm
hi,
has anyone been contacted by the MBS frauds/ their so called legal team regarding the non payment of the bill who has deleted the bug from the computer some while ago. I mean i want to know- once you have removed the bug, are there any chances that one might be contacetd by them or their legal teams in near future by the huge summed up bill including the penalties for the non payment of bill on time, as they have our IP addresses.
can they reach us or our address by the IP address?? to recover bill??
please help as i am quite wooried.
July 17th, 2007 at 5:42 am
Hi, I was wondering if someone cpould clear up some queries I have about MBS, with regards to the questions posed above. Can they aquire your home address through your email? Who on here has not paid this extortionate request and what has happend apart form the blocking oif their computer? Surely the refusal of this service even though not asked for allows you rights under the sale of goods and services act?
Please advise as I am also ver worried.
July 17th, 2007 at 8:15 am
shal and ash: IP addresses won’t give them access to your land addresses, and your ISP’s are extremely unlikely to reveal any information they have about you on a civil matter (i.e. non payment of a ‘bill’) from what I understand. Nor should they be able to get your land address from your email address in the normal way of things (an exception might be if you had both your email address and your land address shown together in a publicly viewable document on the internet, I guess).
But, from the concerns you’ve expressed, particularly where you are clear you didn’t request this ’service’, I’d be registering complaints with Trading Standards, both in West Yorks (where MBS are based) and locally to you, and possibly speaking in confidence to the Citizens Advice Bureau. I’m not advocating that you don’t pay up, but if you feel sure you didn’t request this service, it is entirely understandable that you don’t want to do so.
I think, however, that, if they’ve got your email address, you can expect them to keep threatening. Have you kept copies of their emails and anything you’ve said to them? Always good to keep a record of stuff like that.
July 17th, 2007 at 8:36 am
I’ve just found the following link to a DTI website which might be worth consumers using to record complaints:
http://www.ripofftipoff.net/
July 17th, 2007 at 11:00 am
We have received this pop up on our works computer. Our I.T. expert removed it with spybot.
July 17th, 2007 at 11:35 am
This is all wonderful stuff on how to get rid of this destructive rmvalid/smvalid but it all seems to be on XP – what about us poor victims running an old computer on Windows 98se ????
Is there anyone out there who can walk me through how to get rid of it???
If found the two files in the windows system folder, both would not let me delete them as they are stated as being used by Windows – as if I didn’t know !!!
Have created a short cut on desk top of both items but how do I get rid of them????????
I’m not that well up on how to execute all these instructions and how to perform getting my system back to the date prior to the activity..
PLEASE PLEASE PLEASE can someone help??? I have already had to purchase a new PC because of this but cannot get vital info off the old one because nothing is working – even my internet connection has been sent to archive so can’t download any of the programmes designed to get rid of these – unless you can download them to another PC and make copies on disk???
SIX DAYS I HAVE BEEN SAT HERE FIGHTING THIS AND I AM SICK TO TEETH OF IT – WHY DO THEY DO IT?????????
JAN
July 17th, 2007 at 12:30 pm
Jan: Is this any help? scroll down to the Windows 98 bit.
http://www.microsoft.com/smallbusiness/resources/technology/business_software/how_to_undo_a_big_mistake_in_windows.mspx
July 17th, 2007 at 12:33 pm
lacweb: Do you still have your IE history? You can send to Michael Pollitt to see how it got there.
http://michaelpollitt.com/wordpress/?p=142
July 17th, 2007 at 12:59 pm
Thanks to Sussex – have looked at that but can’t seem to find how to get to where they say I should be….. right now feel too scared to do anything in case it gets worse !!
Thanks to Lacweb – not sure what you mean by sending my history to this guy, but as I have no internet connection, cant send anything anywhere – except myself slightly mad !
Jan
July 17th, 2007 at 1:26 pm
Jan: It’s a long shot, but may be worth trying. When I had a pc problem some time back (not related to the discussion in question) I got some very useful help from the guys at PCWorld. Yes – I was pretty sceptical to begin with, but they actually did sort things out for me, and in that particular case they didn’t charge me anything.
If you have one of their branches nearby, it might be worth taking your hard drive down and having a chat with one of the guys at the helpdesk. If you’re likely, as was I, you’ll find somebody pretty enthusiastic about pc’s and liking a challenge. They may, in any event, have a method for downloading what you want from your old pc and putting it on your new one.
If you, like so many others, bought your new pc from them, just dwell on that point and it may help your case.
Good luck!
July 17th, 2007 at 5:50 pm
To Sussex = thanks again but PC World !! No only joking but as I didn’t buy from them would be a bit reluctant.. Have printed off the instructions from the site you sent and hopefully my son will be able to do something about rolling back the PC – seems my only hope…
Will post and let you know how I got on but thanks for your help to date
Jan
July 17th, 2007 at 6:16 pm
Seriously, Jan, if you’re son can’t sort it out, DO try PC World. Believe me, I’ve never rated them as a store, but some of the young chaps on the help desk are quite wizzy. And, as it happens, the pc I took into them hadn’t been bought from them either, but they looked at it, and got it running again, with no charge. I was seriously impressed!
However, this would depend upon the individuals in the store nearest you. If you’re really stuck, I’d give it a try.
July 17th, 2007 at 10:35 pm
Thanks Sussex………. not sure if we have fixed it yet but downloaded the AVG 7.5 from the one installed on the new PC to an external hard drive. Plugged external hard drive into damaged PC and uploaded it (internet connection on old PC lost so couldn’t access it that way – moved AVG to old PC C-drive and ran it…
Found rmvalid almost immediately – healed it and fingers crossed the system seems to be OK again. There was a flashing egg timer next to the cursor before making any action almost impossible, but that has disappeared since running the AVG..
Not bad for a novice !!
Thanks for your input and help though and if this has worked then maybe someone else reading this will benefit…
Whoever created this NEEDS LOCKING UP….
Cheers
Jan
July 17th, 2007 at 10:38 pm
PS to Sussex
PC World are not all bad then – have dealt with them before but previously thought they were all about sales rather than after -care or assisting non-customers…
You have changed my mind now as they obviously helped you..
Jan
July 18th, 2007 at 8:14 am
Jan, that’s great news! And I totally agree with your sentiments about the perpetrators. Have you any idea how it got onto your PC, btw? From what you’ve said, I have the impression that you didn’t visit any of the sites associated with this menace. Anyway, I’m v. glad you’ve got your files back from the old pc.
It is outrageous, however, that you’ve had to buy a new PC as a result of this software.
As to PC World, I share your general sentiments about the organisation, but the help area seems to attract some enthusiastic young men (it is usually men!) whose interest drives their service, and they seem to have a degree of independence. That was what I found, but I appreciate that it will vary from store to store.
July 18th, 2007 at 1:51 pm
AVG 7.5 worked for me too, but i had to get rid of norton first.
ive had no probs from this firm since.
July 18th, 2007 at 3:46 pm
Just a reminder to folks reading this that if it’s happened to you, or someone you know, you should refer to Trading Standards so they are aware of the size of the problem.
July 18th, 2007 at 4:11 pm
Just an update on my situation – although I seem to have solved my rmvalid problems and my internet connection problems on the old PC – GUESS WHAT HAPPENED NEXT !!!!!
An Invoice popped up asking for payment !!!!!
Closed it and immediately ran AVG again but not sure if I truly have got rid of the problem..
When searching for RM & SM Valid I found them in the Windows 98se Window folder – I bought them both to desktop for easy access but the RM Valid was a programme (discovered to be a trojan horse last night) and the SM valid shows a note pad & pen indicating it is a write programme (???)
I am wondering if this is where the invoice has come from – I am going to find it and see if it will delete from the system and will let you know.
July 18th, 2007 at 4:59 pm
Jan: Have you tried Prevx? Now that you can access the internet, you should be able to download and ‘cure’ your problem.
There’s more about it in places like Michael Pollitt’s webpage (which also has other useful information).
July 18th, 2007 at 9:18 pm
Get Apple Macs you Dippies !!!
July 18th, 2007 at 11:42 pm
Jan,
Re Prevx2.0, see my posting above dated 15th July 11.55pm. It should help.
If it doesn’t, then I have a longer method which cured my problem. Other antivirus programs and several methods of deleting the files can be searched on Google. Two other websites claiming success are: http://www.virusvault.co.uk, and http://www.myantispyware.com/2007/06/14/automatic-removal-mbs-account-manager/
Also successful methods reported on this forum:
1. Dave, June 5, 2007 at 6.01pm
2. James, May 19, 2007 at 2.16am (He was up very late that night!)
3. John McKenna, June 17 at 3.30pm
4. http://michaelpollitt.com/wordpress/?p=142
As far as I know there are 6 malicious files (even perhaps 8), not just the 2 major ones for which most people look. My rather long method found all 6 files and perhaps 2 others which I deleted anyway. Deleting the 2 extra ones has not affected the use of my computer. Try Prevx first. Let us know how many files it finds.
MBS have been changing the name of their files. From this and other forums I have made a list of about 20 possible MBS file names.
As you can see, lots for you to try, Jan, (and anyone else).
July 18th, 2007 at 11:45 pm
Just read my posting. Don’t know from where the yellow head came. It is meant to be 8, eight.
July 19th, 2007 at 9:56 am
And system restore works, too, but that’s explained on Michael Pollit’s page, which Bob’s referred to.
Feels like it’s time to set up an MBS Action Group!
July 19th, 2007 at 10:06 am
Has anyone else noticed how quiet it’s become on the PC Advisor MBS threads? They’re usually a hive of activity.
July 19th, 2007 at 10:06 am
Please find these instructions on how to rid yourself of this cretin.
please make sure you have only ONE antivirus and ONE firewall running on your system at any one time. Multiple AV & F/W programs will cause conflicts (and hence more trouble).
On to the fix.
I suggest you print this out to help you follow my advice.
***********************
Make sure you have exposed all Hidden Files & Folders.
To enable the viewing of Hidden files follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.
*******************
Open HJT … click on ‘Do a System Scan Only’… put tick/check marks next to these entries IF still present …
O2 – BHO: (no name) – AutorunsDisabled – (no file)
O4 – HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\smvalid.exe
O16 – DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) – http://www.popcap.com/games/popcaploader_v6.cab
O18 – Protocol: AutorunsDisabled – (no CLSID) – (no file)
O18 – Filter: AutorunsDisabled – (no CLSID) – (no file)
Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked� at the foot of the HijackThis window.
*******************
Go to this file (in BOLD) and delete it …..
C:\WINDOWS\system32\smvalid.exe
*******************
Empty your recycle bin.
*******************
Rehide your Hidden Files & Folders by carrying out the reverse operation to that described at the start of this post.
I hope this helps. It did on a few laptops/desktops I fixed with this issue.
July 19th, 2007 at 5:04 pm
Bleachy,
A strange thing to report. I had removed the 6 MBS files (and 2 others)2 weeks ago. I have also downloaded Prevx2.0 which has confirmed that I have no malicious files.
I thought it useful to try your method.
When I ran Hijackthis, and ‘Do a System Scan only’ I did not expect to find any of the files you mentioned. Yet
04- HKLM\..\Run; [mbssm32] etc etc showed up but none of the others.
I minimised Hijackthis, then searched for C:\Windows\system32\smvalid.exe
smvalid.exe was definitely not there.
How is this possible, I wonder?
To be safe, I maximised Hijackthis and ‘Fix checked’it. A fresh ‘Do a System Scan only’ confirmed that it had been eliminated.
Whether or not it was required, I’m glad I followed what your procedure.
July 19th, 2007 at 9:42 pm
Are any of the hints and instructions (since my last posting) for Windows 98se ?????????
I checked my system folder and sm/valid has gone but what are these other files????? and how do I get rid of them on 98se..
My PC seems to be OK now but is something going on that I haven’t noticed yet and is there worse to come????
Does anyone know if this cursed thing can cross over from PC t PC ??
I am transferring files via an external hard drive – moving them from old PC (98se) onto the external then plugging external into new PC – scanning the external with AVG 7.5 and if OK, transferring them on to the new PC………
I am assuming that this is safe??
Jan
July 19th, 2007 at 11:47 pm
Jan, did you use Prevx or other antivirus? How many files did they detect and which ones? Regarding the other files, the list that I have gleaned from PC Advisor, this forum and forums.vnunet.com are:
mbsrm32.exe or mbsreg.exe
mbssm32.exe or mbsmon32.exe
winiconmon.ico.bak0
winicnmon.ico
UBSauthenticateAXC.ocx
ubsauthenticateaxc.ocy
My Sex World.ico (or whatever site it says you went on)
Win32.Agent.afi
setup1_10037.exe
axaccessctrl1.ocx (that’s lower case L and number 0ne)
axaaccessctlrl.ocx (that’s lower case L in each case)
imvalid.ico.bak0 (that’s a zero)
(Perhaps u2g.f and A8E2D64B)
sexxpassport.ico
axaccessctr.ocx
imvalid.ico
imvalid.ico.bako
rmvalid.exe
smvalid.exe
My computer had the last 6 files . All were placed within one second of each other into System32. The 2 ‘perhaps’ files were placed some hours later. To be on the safe side, I have deleted them and that has not affected the use of my computer.
I found these files by looking in C:\Windows\system32. Then using ‘All files and folders’ searched for files placed 3 days before the date shown in the popup bill. These 6 + 2 files showed up. I deleted them in the SAFE mode.
Since I am a computer dummy, I have written up exactly how I deleted the files for my Windows XP. I guess that Windows 98 will also find them the same way as XP. Can anyone please advise Jan. I have an old Windows 95 which I connected up last night and it would have found the files, too, because the search mechanism is similar to XP. My written method is quite lengthy since I didn’t know how to expose ‘hidden’ files, view files in ‘details’ instead of ‘thumbnails’, ‘icons’ etc or what ‘SAFE’ mode was and how to achieve it. No laughter from you computer buffs, please. Had I known about the other methods and Antivirus programs I mentioned yesterday, I would have tried them. But I would like to know if they would have shown up more than just the 2 main files. Do the others matter anyway?
July 20th, 2007 at 12:41 pm
Bob – Thanks for that………. fired up aol on old PC and tried to download Prevx – PC crashed big time !!
Now trying to locate where the damn things gone so I can delete ot – I didn’t save only open..
Of the list you gave the only one I still had was sm/valid which will not let me delete it – hence the notion of downloading Prevx… had run AVG against it and it didn’t throw anything up..
Perhaps it is harmless??????????????
Now have major problems with the old PC because of this download —- HELP ?
July 20th, 2007 at 12:42 pm
Have just run find and it has found two Prevx folders so have deleted them………
July 20th, 2007 at 8:08 pm
From what it looks like The My Sex World Pop up
Bill, That keeps on appearing on the computer I’m Using Could be A Internet Con or Something, and Since Your Website Was one of the first websites, that came Up when I typed in My Sex World Subscruiption on a Internet Search engine.
Could it Be Because that you are Behind the Con or closely Linked with it??
July 21st, 2007 at 7:49 am
David, are you suggesting that I am involved with MBS?
July 21st, 2007 at 9:29 am
David Spong: As somebody whose family were inflicted with this problem and who have found Andy’s site extremely helpful, can I just say that you have absolutely no grounds for even hinting that Andy has any link with MBS, and if I were him, I’d be deeply offended.
As it happens, I’ve found links to problems with MBS going way back into last year, long before Andy Merrett’s very helpful weblog. There are very few blogs that are helpful in this way – Thank you, Andy.
If I were of a more suspicious turn of mind, David, I’d wonder if it was you who had the link to MBS rather than Andy as it is such an odd suggestion! (but I’m not suggesting that, of course.)
July 21st, 2007 at 10:10 am
Another victim. I left my PC on overnight running a defrag. In the morning I hit the Enter key to ‘wake it up’ as normal. Lo and behold, a porn site! I closed it down and that was that until the MBS nonsense started up.
It turns out that a member of my family looked for a porn site at about 2.30 in the morning but stopped when the Terms and Conditions window appeared. Why they left the Window open is beyond my comprehension but alcohol may have been involved!
Despite the timing evidence MBS are adamant that someone has got to pay them money. Not a chance!
I have to say I’m impressed by their bravery! There are an awful lot of really pissed-off people at the other end of their sad little business venture and I’ve no doubt that at some time in the future retribution will be delivered.
Commenting on the discussion, David Spong??? I’m ashamed to share his forename!
July 21st, 2007 at 11:41 am
David, how can you make such a suggestion? Surely, the fact that this forum exists and has allowed us to exchange info of methods to eliminate the menace, must mean that Andy is not involved with MBS/My sex world. This site would not exist if he was involved. It must have helped hundreds, both in practical ways and emotionally.
It appears that you, David Spong, have the billing problem popping up on your computer. If you think that Andy is involved, get off this site immediately because here you will find solutions to delete the menace that is on your computer rather than the opposite. Find your solution elsewhere. If not, should you read this site from the beginning (March 4th) and use just one tip/method/suggestion then a profound apology would be due to Andy.
July 22nd, 2007 at 8:39 am
Tried the system restore posted by Sussex on 8th May. so far so good.
July 22nd, 2007 at 7:27 pm
I to tried the system restore method and so far ( 2 weeks) so good thanks to everyone for there help, lets hope MBS get something nasty pop up down there end !
Keep up the good work Andy.
July 23rd, 2007 at 12:23 am
System Restore is quick and easy. I’m not a computer buff but…but…but…
I think it is worth pointing out that System Restore works because you are going back to a time BEFORE the MBS files were placed on your computers. If, after a few days or months you decide to restore the system to a date AFTER the MBS infection, you will probably start receiving the popups again. This is because the MBS files are still in the memory. I think you should delete the offending files then you can do a System Restore to any date even after the infection date. Does anyone agree?
July 23rd, 2007 at 8:14 am
Bob: The System Restore SHOULD be a ‘clean sweep’, just as long as the other restore points are cleared out of your system at the same time (hence the points about removing other system restore points that were made in my post about system restore). The logic, I guess, is that you’re taking your computer to a place when you didn’t have the MBS software on your computer, then taking away any possible points where it could have been there. But, after you’ve removed all those old system restore points (having restored your system to an MBS-free place), you must of course switch system restore back on so that, if you hit a different problem, you’ve set up some safe places.
For the record, and as the original poster of the system restore records here and on Michael Pollitt’s site, this was done on the family member’s pc way back in April, and there have been no further problems. Which should give heart to others who have attempted this and are waiting with crossed fingers.
And, MBS, if you are reading this, you failed in your duty to provide that family member with the means to remove your odious software from his work computer when he had paid you your ransom. Don’t even think about complaining about what he did!
July 23rd, 2007 at 8:16 am
“But, after you’ve removed all those old system restore points (having restored your system to an MBS-free place), you must of course switch system restore back on so that, if you hit a different problem, you’ve set up some safe places.”
Sorry – that may have sounded a bit daft. I should have said: “if, IN THE FUTURE, you hit a different problem, your system will have set up some safe places for you to restore to.”
July 23rd, 2007 at 12:27 pm
Sussex, when your family member paid the ransom, was a receipt for the payment sent by MBS? They are entitled to a receipt. If it is still available, please check for a VAT number. Please let me know.
Re System Restore, I’m trying to understand your points. Are you saying that if the infection date was, say, 2nd June, then on 20th July we restored the system to an earlier date, say 29th May, that all restore points between 2nd June and 20th July are removed automatically? If not done automatically, how do we remove them manually? Will the System Restore to 29th May remove/delete the MBS files from our computer forever or merely make them inactive from 2nd June to 20th July and/or forever? I know the MBS files will not be bugging us prior to 2nd June but what happens if one day in the future we decide to restore our computer to a date after 2nd June. Will those files that were inactive become active again?
I ask because under System Restore it says:
‘Any changes that System Restore makes to your computer are completely reversible’.
This makes me think that restoring to a date after 2nd June brings back the wretched files. With the ticking away of time, the period and frequency of interruptions could have increased from, say, 5 minutes to, say, 2 or more hours making our computers virtually useless.
I dare not ask anyone who has used System Restore (for MBS) to reset System Restore to a date after being infected, indeed todays date, just to check if the files have been completely deleted or not. It’s too much to ask.
July 23rd, 2007 at 1:55 pm
To completely clear out System Restore which is what was done in the case of my family member, open the Control Panel, click Performance And Maintenance, click System, and choose the System Restore tab when the dialog box opens on-screen. From here, click the checkbox next to Turn Off System Restore and click OK. The computer will then prompt you to reboot. By doing so, your System Restore data will be completely purged. Once the system boots up, immediately go back to the same dialogue box and deselect the checkbox next to “Turn Off System Restore” which will effectively turn System Restore back on.
It is recommended that you do a back up of your files first, although he didn’t, and lost nothing.
As you’ll probably realise, all files, and the stuff you want, shouldn’t be affected, but your system will be back where it was before the Men from Leeds visited you.
As to getting a receipt, you must be joking! There is a copy of the bill and the statement available, however, and having checked these I can confirm that no VAT numbers were available.
July 23rd, 2007 at 4:52 pm
Sussex. Thanks. I hope everyone who adopts the System Restore procedure, follows the details you have given for a complete purge.
July 28th, 2007 at 8:51 pm
I had the same problem but i found a solution in another forum and it worked for me.
Removal!
Hi.
I accept no repsonsibility for any damage monetry or otherwise from using the following information.
You can do all of this off line from the internet, infact i would adivse you to be DISCONNECTED when you do the following!
You need to disable an activeX control in your web browser for starters!
Ensure you are logged on as an adminstrator (in XP).
I did this on someone else computer because they started to get this and had no idea how it had started at all and the timer had got up to 9 minutes, this when the
person needed to be study work for the course they were on!
I can not rember the exact names of files so please bear with me!
Goto the Tools menu and select Manage Add-ons…, this will open up an window, in here you will see a control that starts with mbs,
mbs……., select it and then at the bottom click on the disable radio button.
This does not delete the item!
OK the window!
Now we need to go and see where the other items reside:
open up My Computer from the desktop!
if you can not see the windows folder in the following part, you will have to go into the Tools menu and then Folder Options, in the window that opens you need to go to
the view tab. Here you need to go down and clik the radio button for “show hidden files and folders” you will find this under Hidden files and folders.
you will also need to unselect the tick box for “Hide extensions for know file types”. This will allow you see the extension .exe and .dll etc for what we will be looking for
in a minute!
We need to goto into the c drive, then into the windows folder, from here we go into the system32 folder(XP).
That being: C:\WINDOWS\system32
In system32 we are looking for these two files:
mbsmon32.exe
mbsreg.exe
Click the toolbar to display the information as details instead of thumbs etc! This is important!
Note the date that these files were installed on the pc and click on the header bar to sort all of the files into date order when they were last modified.
Now look down the date column and find that date, you will see about 6 files i think, you will see the icons used by the two files above plus some others, one or two may
be dll files!
NOTE ****
It is important to find the files on that date BUT ensure that the files you select all have the same TIME STAMP as mbsmon32.exe and mbsreg.exe, this will ensure you
only pick the files that were installed with these two files!
****
note these files down and log off the computer!
Boot XP up and start pressing F8!
This will bring up a menu to boot XP in safe mode and into the all seeing administrator!
Choose to use ****** safe mode! *******
This will start and maintain a low resolution screen, this is ok.
At the log on choose the Administrator even if your user id (logon) has Admin rights!
A warning window will display on the screen, ok this and allow it fully load!
Now open my computer (or explorer) and goto the files we found earlier!
Those being in: C:\WINDOWS\system32
*** Remember the TIME STAMP ***
Select them and delete them!
Start up msconfig by going to the start button on the desktop ( bottom left) and goto run, in the box that appears, type msconfig and click ok. A window will open,
goto the startup tab and untick the program identified as mbs…… ok that and allow the computer to reboot!
You can now delete the icon of the desktop and from the startup menu from the start button.
I hope this has cleared your ploblem and has been of some use!
This information has been given in good faith and it is your responsibility to do with it you see fit!
I accept no responsibility for any actions brought against you or third parties for use of the above information.
Good luck!
July 30th, 2007 at 10:46 pm
Can these “Legal” Processes there threating you with (i check help and clicked on the refused to pay option) be followed or is that to make you crap yourself???
July 31st, 2007 at 8:40 am
Robert: I suspect the latter. I think they know that, once their processes hit the courts, they’d be in pretty deep trouble.
July 31st, 2007 at 9:13 am
hi, i have just logged on to my pc and these scammers are sayin #g i have to pay a bill for a website i have never even used. i am trying to cancel it but it won’t let me. what should i do please, i don’t want to keep being charged. sue.
July 31st, 2007 at 9:17 am
Hi Sue,
I know this comment section has now become rather unwieldy, but my advice would be to have a read through and see what has worked for other people.
The solution I’ve read works best for people is to download the Prevx1 software. Do a search for that in these comments and you should find people who have used it and for whom it’s worked.
The other way is to do a system restore back to a point before your PC became infected with MBS’s software, though I think the procedure is a bit more complicated.
Not having had to actually perform any of these solutions myself, I can’t offer solid personal advice on what works the best.
July 31st, 2007 at 9:59 am
Andy/Sue: System Restore is actually very straightforward, but, after doing the restore, in order to stop it reinstalling itself, other restore points need to be removed and then you can safely turn system restore back on. I refer you back to my 23rd July posting for how to do that.
August 1st, 2007 at 10:04 pm
Wow !
I just removed this problem from a friends computer, another friend mentioned a pop-up on his computer demanding £40, I guess its the same thing.
After checking on the internet I can see that this is a huge problem. It’s a scam, don’t pay a thing to these buggers.
Download some antivirus such as AVG, or Ad aware, spybot… these are all free and will fix the problem. Start your computer in safe mode (press F8 at the very first windows screen, just after turning on your computer) once in windows you should be able to download and run programs without problems from the scam software.
August 3rd, 2007 at 6:05 am
Hi,
I had this problem and have fixed it by closing the process in task manager and deleting the files from my system 32 folder. I then let Norton do its full checks and the thing appears to have gone away. I cant belive they are getting away with this.
August 3rd, 2007 at 12:59 pm
I have seen so much of this all over the internet – people conned and then receiving threats that their pc would be taken down. Blackmail is blackmail whether the law recognises it or not. People who work for these companies are mercenaries and do not care that they are trying to con people into giving them money by menace. Does anyone know where these b*stards work? I understand it is somewhere in Leeds. Since the law as it stands does not recognise that this crime is a crime, does nobody fancy resorting to violence?
August 3rd, 2007 at 6:53 pm
Nelsoni: You are clearly very angry, but incitement to violence isn’t the answer. If, however, everybody who had been ‘conned’ by this company wrote to Trading Standards, their MP, and You and Yours, so that the scale of the problem was evident to those who can help change the law, then we might get an outcome worth having. Anything else won’t get a permanent fix – the technology’s out there now, and it needs a change, or tightening, of the law.
August 4th, 2007 at 3:06 pm
First of all i,m no PC wizard but seem to have stopped the slowdown of my PC so MBS are not getting one penny of mine, and nor did it cost me any money to solve the problem of my PC being hijacked with ransom notes being left on my PC screen..
Firsly i deny ever going on the sites that seem to have caused the problem but some other person did after i told him not to go on any porn or adult websites but he did so the problem occurred.
To solve the problem this is what i did and i am on a Dell PC Windows 98.
First of all i ran Spybot Search and Destroy which didnt seem to do much so then went into files on the pc and found several of those that have been mentioned on this site.
mbsrm32.exe or mbsreg.exe
mbssm32.exe or mbsmon32.exe
winiconmon.ico.bak0
winicnmon.ico
UBSauthenticateAXC.ocx
ubsauthenticateaxc.ocy
My Sex World.ico (or whatever site it says you went on)
Win32.Agent.afi
setup1_10037.exe
axaccessctrl1.ocx (that’s lower case L and number 0ne)
axaaccessctlrl.ocx (that’s lower case L in each case)
imvalid.ico.bak0 (that’s a zero)
(Perhaps u2g.f and A8E2D64B)
sexxpassport.ico
axaccessctr.ocx
imvalid.ico
imvalid.ico.bako
rmvalid.exe
smvalid.exe
My computer had the last 6 files . All were placed into System32.
I was able to delete the first 4 which i did in the normal mode of the PC running but was unable to delete the last 2 files as it said that the files were being used by windows.
sexxpassport.ico
axaccessctr.ocx
imvalid.ico
imvalid.ico.bako.
The last 2 files i was unable to delete from the files were,
rmvalid.exe
smvalid.exe.
So i then down loaded for free from the internet AVG Anti Spyware 7.5 which ran a check and immediately found rmvalid.exe and i got rid of another unwanted pain in the butt file that was crippling my PC..
The only file now to get rid of was smvalid.exe so after hours of scratching my head and trying various things i started the PC in safe mode and went to the files and found and clicked on smvalid.exe and the PC allowed me to delete the file.
My only problem now is that since downloading AVG Anti Spyware i am no longer able to access Mozilla Firefox so am having to sign into MSN and access the Internet that way, probably me being a PC thicko but i had fun kicking the offending files in to the cyber world totally free of charge.
As i live in Leeds i feel like going to MBS es offices in Leeds and posting S**T parcels through their letter box like they posted S**T onto my PC but this wont solve anything so i,ll just forget the whole issue for now but hope MBS get what they deserve through the legal channels.
Thanks to all who have posted on here giving good information as some of it has been a great help, and for anyone else suffering from MBS problems i hope you resolve the issues soon.
August 6th, 2007 at 10:05 pm
For anyone reading this thread who has been hit by the MBS bill recently, especially those who do not know how it has arrived on their computer, please do make sure you take your complaint to your local Trading Standards office, West Yorks Trading Standards (who are responsible for complaints against MBS), and consider writing to your MP.
Another very helpful move will be to look around the internet at other sites who have been dealing with this issue, such as Michael Pollitt’s pages. There’s a lot of information there that can help you and alert you to ways in which you can help get this matter sorted out for all consumers.
August 6th, 2007 at 10:48 pm
Message to Andy:
For your info – If you aren’t already aware of it, your contact envelope requires a payment of $12 to register so as to be able to contact you. I suspect that when you set up this method of contact, there was no charge being made, and you may be unaware that this is now the case.
August 7th, 2007 at 7:26 am
Hi Sussex,
You don’t have to register for an i-name in order to contact me – you can simply use your name and email address, then it’s free (though you have to confirm your address)
I’ve updated the text to make that clearer.
August 7th, 2007 at 9:48 am
Thanks to everyone for the help.
The mbs bug was driving me mad.
I managed to get rid of it by following GaryGLeeds advice and deleted the hidden files the best I could.
I then backdated the computer as far back as it would go.
This seems to have solved the problem.
I just have a slight problem with itunes now for some reason.
Good Luck
August 7th, 2007 at 9:56 am
Thanks Andy
August 9th, 2007 at 9:04 am
Bob – I would like to get in touch with you somehow to ask you privately about a point you have mentioned elsewhere. Could you try to contact me via Michael P or Andy M? – Thanks.
August 11th, 2007 at 11:12 am
August 12th, 2007 at 7:59 pm
I got easyer way to get rid of mbs from pc took me hours to work it out but any more problems email me at just4fun7399@msn.com – restart pc in safe mode by pressing f8 while booting up then sign in on a admin account then go in windows/systerm32 and look for these files…
1. imvalid.icon
2. my sex world.icon
3. rmvalid.exe
4. smvalid.exe
delete or change they names then reboot pc/laptop all should be ok! how i worked it out was by systerm restore point upto least a week before due to itbeing installed least 4 days before the pop ups come up! then hold down ctrl shift and esc key goto processes write down all programs running(just after restart without starting anything else) then re-do system restore then after that repeat ctrl shift esc by writing running programs then compair the ones that are not in the first list you wrote down! note though if says rmvalid.exe then search for that file in start then search all files and folders then when found change the name of file untill you know your system runs ok without it before delete. end process may not work but try that first but may need to be in safe mode to delete or change name! email me if any more problems.
August 13th, 2007 at 3:07 pm
I downloaded AVG free spyware and that got rid of MBS in system32. Been free of MBS for a week now !!
August 13th, 2007 at 4:38 pm
Does anyone have a screen shot of the popup for this, if not would someone infected be kind enough to hit the ‘print screen’ button when it comes up and paste into any image editing software and email it to df”at”freenet.co.uk (change “at” to @ obviously).
This would be much appreciated.
August 14th, 2007 at 10:33 am
I got rid of the scumware about two months ago,
then yesterday got a call from the above quoting a reference no from 0871 244 1873
is this MBS ? if so how did they get my number
cheers
August 14th, 2007 at 10:51 am
Woofledust: It’s obviously someone who doesn’t want to be easily identified, as calling the number reaches an anonymous automated system that talks about making payments – yes, but to WHO?
It sounds as if it’s some kind of debt collection service, as they tend to sit “below the radar” as their shady nature means they don’t like to identify themselves (for when they make “nuisance calls” to people they think owe them or their clients money).
If you’re brave enough to go through to an adviser and ask them who they are, then do that (dial 141 from a BT line to withhold your number, or use a public telephone box). Otherwise, I’d ignore it until something else happens. I have a policy of ignoring people who don’t have the courtesy to identify themselves and what their business is.
I don’t know how they’d find out your telephone number unless they’ve been sniffing around investigating who their “customers” might be – but that costs money and doesn’t seem worth it.
Good luck, and hope it’s something innocent.
August 14th, 2007 at 11:47 am
thanks for that,
an anonomous answer maching message just threw me I don’t get many, and being suspicious it was the first thing I thought of viven that it is an 0871 number (though mbs isn’t 0871 224) I don’t know how much it costs to trace nos especially when there are no contact details as part of the so called “mbs contract” but their profit margins drop drastically so maybe I am being paranoid
…I don’t have any credit cards, so it may be another sort of scammer with some sort of autodialler which cuts out when you reply and hopes you ring them back just to keep online (how much is 0871 by the minute then?)
August 14th, 2007 at 11:52 am
0871 numbers, I think, cost between 6 and 10 pence per minute, with some of the call cost revenue going to the owner of the number.
What was the format of the reference number? You don’t have to give the actual number but it might help narrow things down. For example: 2 letters, 5 numbers, a dash, and 3 letters.
August 14th, 2007 at 12:11 pm
thanks for that, just spoke to TSO the guy I spoke to knows about MBS and didn’t think it was anything to do with them ,
he also said it was a debt collectors and some of them just scattergun
cheers
adrian
August 14th, 2007 at 6:57 pm
I would like to thank just4fun7399 for the advice. I tried following the instructions and my PC now appears to be clear of the pest. The trojans in it seemed to be stronger than any of the solutions. Indeed the anti spy ware was corrupted by them when I tried to remove them and then my computer became virtually unusable for the past 3 days. (However everything was still able to work as it normally does in safe mode)After carrying out the instructions the computer was back to normal speed and after scanning with both AVG Anti-Spyware and NoAdware there seems to be no sign of anything malignant.
August 14th, 2007 at 8:36 pm
the MBS was not in my pc or laptop but was infact in my sisters pc to which i got the job of sorting it out! but the brother in law did infact phone the number on the pop up so does this mean they will have stored his telephone number? & he got informed when he phoned that all they had on record at that time was his ip number through a cookie stored on his pc so only other way would be was to contact your ip suppyer & dont think they would be that daft to give them your phone number some how lol but they cant take it to debt recovery cos they only hold details of your pc & not in writing! dont hold me to that but if they cant prove who was at pc at the time then they could try taking your pc to court lol thats what i think anyway!
August 14th, 2007 at 9:39 pm
“Readers’ PCs crippled by MBS porn billing”
But is nuisance pop-up scam illegal?
please take a look at this site for more info about MBS & the site they run the terms & cons!
– http://www.pcadvisor.co.uk/news/index.cfm?newsid=9544 -
August 16th, 2007 at 9:46 am
people, please accept mbs IS a scam! look back over this thread and you’ll see my comments when I was experiencing problems with mbs around mid july, I deleted all things mbs with very helpful advice from here, and have they chased me for money-NO!!! of course they havent! so, conclusion, either it is a scam, or, if they do collect money for internet companies-they’re not very good are they?? A genuine money/debt collection company would not frighten people into paying anything, nor would they threaten to disable personal equipment.
As Ive said before, delete them and forget them!
August 16th, 2007 at 9:53 am
Hi Neil,
I’m afraid many “genuine debt collection companies” do frighten people into paying – it’s how they operate. If anyone knows of a *nice* debt collection agency, do let me know, because I don’t believe they exist.
I’ve dealt with enough of them to know that even the ones with fancy web sites and well-spoken telephone staff employ bully-boy bailiffs that take things as close to the line of the law as they can (just because something is lawful it doesn’t make it ethical)
As for MBS, though – well if they’re stupid enough to install software on anonymous machines, they should expect to receive no money!
August 16th, 2007 at 12:04 pm
found out the call I got was for someone chasing up a guy I used to share the house with, he was a bit of a rogue and I wouldn’t be suprised if he has a few creditors knocking around somewhere
cheers all
August 16th, 2007 at 5:59 pm
I’m still trying to get a screenshot of the popup in question if anyone here still has the problem.
df’at’freenet.co.uk (‘at’=@)
August 16th, 2007 at 9:01 pm
dave F
Please try the following site. There is a screenshot therein.
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/519/pid/2431/post/last/m/1/#LAST
August 20th, 2007 at 8:31 pm
Thanks for that link but it’s not very clear, I’m looking for a full size shot if anyone has one.
August 23rd, 2007 at 10:07 am
thankyou for the above link,i,ve had this on my computer for a week now,and it was a right pain in the butt.downloaded this last night and no sign of mbs since!i will keep you posted.I thought i was 1 of a few until i found this forum,I urge everyone who uses it to go to their local trading standards.The more who do this the better.Once again thanks!
August 23rd, 2007 at 8:22 pm
I Have just had the missfortune to introduced to the company the route was via a opertunity to veiw 12 year old children I have reported them to the police and they do not seen to care. I have also reported them to the internet foundation at Report@internetwatch.org.uk these people cannot hide and there are ways to find them they must be flushed out now. this can be done by sending them a trogan the same as they are sending us. I would also point out that the credit card companies know who they are.
August 27th, 2007 at 9:08 pm
Just taken legal advice and am now sending MBS a bill of £1000 per Week for the fact of a virus being on my PC and thus preventing me from working and if I am not working it gives me time to spend working on other ways to get revenge on this company. Have just printed out 2000 letters without stamps for them they will be distributed from all over the country Via Friends of mine. They want a war they have now got it!
August 28th, 2007 at 10:21 am
George
Are you sure that sending unstamped letters is the best way to go about this? It is going to cost you money in stationery and MBS could always refuse to accept them. Then the Post Office would have to try to return them and if there is any way they could be traced back to you they might chase you for the money.
I sympathise and admire your spirit, but don’t think this action is wise and, apart from causing them disruption, is not really going to help you.
August 29th, 2007 at 7:38 am
[...] Micro Bill Systems beware…Sarah Beeny and Kirstie Allsopp (an Internet Traffic Experiment) – CopycatGreengrocer takes imperial conviction to the graveTwo weeks goneSarah Beeny v Kirstie Allsopp: Online survey results [...]
September 18th, 2007 at 12:29 am
i have had this on my pc for 2 months now and at first was locked to 9 minutes !! now it says it cant access my account and takes forever – 15 to 20 minutes to reload,then hangs for another 9 mins,i was worried sick about this as i knew when i got my pc two years ago that you should never access porn on your pc,,,PERIOD,,it can only mean trouble,,,when this first appeared i thaught it was just another pop-up but obviously over the period of time its been there and the amount of people being threatend by these low life cowards that it is such a real problem,if they trace you through your ip address would it not be your provider who should be taking action on these toys as well as ourselves,,just to add MBS may get a visit from a few of us from nottingham and that could be messy,,cos someone needs to nip these fraudsters in the bud once and for all and theyer not the only ones who can be scary,trust,scaring young children and women is not done,period,,,,many thanks to andy for all the work he is doing and for those who continue to root out antidotes to this worrying problem,i shall give one of the remedies a go and keep all updated on the outcome.once again many thanks to all
September 18th, 2007 at 9:02 am
pauseomic (and others) – The forum (MBSVictims) seems a good place for help.
Also, the following link is very interesting!
http://www.ftc.gov/opa/2007/09/movieland.shtm
If you look at the way these companies work they are v. like the way MBS does business, and look what’s now happening in the States! Can UK keep ignoring?
September 23rd, 2007 at 3:56 pm
as you can see from my posts on here about a month ago, I suffered from the ‘mbs’ ‘drama’ and could not understand why I had encountered it as I nor anyone in my household had been on any sex sites, of that I was convinced. However, i did suspect a certain music download site known as ‘limewire’. Anyway, used the very helpful advice on here and freed myself of all things mbs. I was over a friends house the other night and she suddenly had the mbs bill on her computer-she swore black and blue she had’nt visited any sex sites, but-guess what-she had just downloaded ‘limewire’ music site!! worth thinking about!
September 25th, 2007 at 8:37 am
Neil:
Following up your concerns, I spotted the following story which includes adverse mention of LimeWire: http://news.bbc.co.uk/1/hi/technology/4765199.stm
As BBC Radio4 You and Yours programme has been following the MBS story, perhaps you should pass on your concerns to them. You can access them via the BBC website. The reporter who has been following this story is Shari Vahl.
September 25th, 2007 at 1:01 pm
please could you help me with mbs,they are really starting to get on my tit’s. Never been on that site.And i’m not going to pay the bill. So they told me when i called them,that they will pass the bill on to a debt collection agancy. But they do not have my address,so they told me they will use my digital foot print. Please can you tell me if they are breaking any laws,such as the data protection act. And that they are hacking in to my system and obtaining information,which i think is illegal to my knowledge.
I’m thinking of of seeking legal action if they do this.i think it’s time to give MBS the grief they give other.
If you have any solution to this problem or know how to git rid of that pop up please e-mail me.
peternoir@hotmail.co.uk
September 25th, 2007 at 10:01 pm
i have had the same problem with MBS but hopefully sorted it now by following your steps thank you and good luck.
they should’nt be allowed to get away with it.
September 26th, 2007 at 10:38 am
Peter: The legal side is still open to question as it has never been tested in court. The remedial side is all available on earlier postings on this site. You might also want to look at the MBS Victims website.
October 7th, 2007 at 3:26 pm
hi, never been on the site “MySexWorld” but have now been billed £39.99 by MBS, they’re gay is the only reason they’re doing it and being 15 i CANT pay the bill. have deleted some of the files surgested in system 32 but still awaiting results. Also have emailed them (very angrilly) and asked them to cancel it.
October 9th, 2007 at 9:52 pm
After getting drunk one night and trying to see some FREE PORN {i’m not a perv! hasn’t every-one done it at one time or another}
I started receiving that billing for My sex world for £39.99. At first the bill only lasted two minutes by the time I got rid of it it was shutting me down for ten minutes.
I emailed them straight away stating that it was a free site and if I was signing up for any thing they would already have my credit card details also told them i would be reporting them to the police and if they wanted to contact me for the money they could do so through a solictor.
They sent me copies of what I had aggreed to and continued sending me the bill.
I think this is absolutely disgusting playing on people like that and bullying them into paying possibly out of embarassament because no-body wants to admit to being on a porn site, so people pay up quietly, some thing would need to be done about it.
Any way good news i downloaded avast.com free anti virus software and fingers crossed it has gone away. so do not pay up get rid of them f*****s
October 10th, 2007 at 10:52 pm
Hi guys, i recently had this very annoying virus on my system. It took me 4 days to get rid of it. Now that i know how to get ride of this i would be happy to help anyone in my position.
E-Mail me at pearson405@btinternet.com
Graza…
October 30th, 2007 at 12:07 pm
i have had the same problems and in fact paid to get rid of it. i asked them to remove it but to no success so i used a system restore and so far so good. Do not let these people bully you into paying for it. There are a number of ways to get rid MBS. I am glad i found this site.
October 30th, 2007 at 4:30 pm
just to let people know,,,avast.com…excellent software followed a link from th above comment,had it in for two weeks now and no micro bill,avast.com,,, HIGHLY recommended hope others have the same success,,lets kick MBS in to touch,peace
November 1st, 2007 at 2:52 pm
How did this rubbish get through my Norton 360 ?.
I entered “porn” onto ask.com and looked at various sites then found this crappy Sexworld icon on my lap top. I didn’t agree to anything. I wasn’t aware the thing popping up was even a “bill” it just appears as a blank screen with a line of letters/numbers in bold upper case at the top, it said microbillsys.com at the top and keeps appearing
As iv’e only had the lap top a few weeks I’m gonna just restore it back to how it came out the box (still a pain).
Got to go there’s someone at the door, may be it’s the baliffs ? (very unlikely, who in there right mind would enter personal details on a porn site).
catch me if you can mbs nob nuts………..i’ll get my titillation elsewhere for free thanks.
Dan
November 5th, 2007 at 1:52 pm
Dan.. the problem is.. how do you know that they haven’t your details on a database.. just because the pop-up has gone… who’s to say that you won’t get a bill through the post in 3 years time – for a large amount – you clicked the terms and conditions.. theres a possability they can still get you.. they are clever
November 9th, 2007 at 2:11 am
Hello,
i am an IT Expert who study many years to know what i do know, i am corrently forming my own Company who gives support to people who are less unaware about the PC problems Such as C’virus, Hardware problems, MBS Bill issues [lol] they make me laugh! i have now supported at least 30 people about MBS Billing issue and i must say that is a very nusty way of earing some cash.. ohhh well i have earn money by helping people about this [lol] MBS is useful sometimes
my services about MBS are now free as i realise it was very easy to get rid of them!!
i will be not responsable for any damage on your PC, as i am not getting paied for this kind of service but i can asure you that it will work 100%
please do not be scared to try this as i am fully qualified and know what i am doing!
1st- hit, Ctrl+Alt_+Delete to access task manager
2nd- you now click on “Process” Tab…..
3rd- now all you need to do is find the Application’s name which in this case will be MBS = M-money B-beger’s S-sad’ous {lol} .exe files- the name you looking for is “mibrsys.exe” this is MBS doggy Application running in your system
4th- before deleting anything or ending the process, i want you to open c:WINDOWS\system32\
5th- when you have opened your system32 folder you will select the first folder and hit the “M” key on your keyboard about 46 times to find the files we are looking for, the files you should see now is the following: mibisys, mibrsys(.exe some of you will see this file extention if not the file will be called only mibrsys,
November 9th, 2007 at 2:17 am
lol
November 11th, 2007 at 4:57 pm
i’v just had a bill for £39.99 pop up from m.b.s.start’d looking into it & ended up here.i’v read through alot of your e-mails and you’v finaly put my mind at rest? i’ll now attemp to get rid of this pest? i’m a new computor user so it should be good to see how i get on.if i can get rid of this anybody can!! i’ll let u know how i gat on,& thanks for your help guys.
November 12th, 2007 at 5:27 pm
Hi, i have noticed a link to a company called mirco bill systems account. Its says i have accessed and subscribed to a website involving porn. I have never acceced or subscribed to it. The amount shown to be due is £39.99. I knew this is a scan but how do i remove it and never hear from them again.
Also i have rang the helpline and a man has told me threy cant do anything as there softeare is down. Pleas help me if you can
luke
November 16th, 2007 at 8:39 pm
still no mbs,,,hurrrahh,,avast.com the mbs killer,,i urge anybody and everybody who are having or have had problems with MBS to report them to whatchdog,recieved a phonecall on wednesday,all i can say is LOOK OUT mbs ya about to get ya arse kicked !!!! BIG TIME.
November 18th, 2007 at 9:46 am
I have just had the same problem and after 5 days of trying to rid the system of this virus I purchased SPYNOMORE.
It was £20 well spent cos within minutes my computer was cleared of a load of virus.
ROD EVANS
November 18th, 2007 at 3:36 pm
im sik of it poin up i swer if i tpops up 1 mote time i sew ther arse how do u get rid of it it tryin to charge me 39.99 for nothing
November 18th, 2007 at 3:37 pm
im sik of it poin up i swer if i tpops up 1 mote time i sew ther arse how do u get rid of it it tryin to charge me 39.99 for nothing saying tht i went on a website involin porn
November 23rd, 2007 at 12:04 pm
The pop-up is caused by two .exe files. MBS will change the names from time to time. However the two I know are monrtu.exe and monstu.exe. You can check for these in the task manager processes tab. If you try to ‘end process’ here they will restart immediately – each one restarts the other. If you run msconfig and then look on the startup tab you will see all programs that start automatically when you turn on the PC. One of thse will be the .exe – if the names above are not on your PC check here for other possible .exes that could belong to MBS. If you try to remove it it will be replaced immediately. Therefore you need to select the boot.ini tab in msconfig and check the box marked /safeboot. Then restart the PC – you will be prompted to do this when exiting msconfig. When your computer has restarted in safe mode open up msconfig and delete the entry in the startup tab that contains the .exe. Then go to windows/system32 and delete the exes from there. Go back to msconfig boot.ini tab and uncheck the /safeboot checkbox and then restart your PC. This will have stopped your pop-ups. To remove all traces you can get a virus/spyware app to find them for you – however this is not necessary.
November 25th, 2007 at 12:31 pm
i thought i got rid of this annoying thing! but everytime i start IE that god damm pop bill thing still comes up? i deleted the files for it! sooo…how do i get rid of the bill popup thing? ive been searching the net for days now,and its driving me mad!!
November 26th, 2007 at 9:42 am
Shelley: Have you looked at the MBS Victims website? There are a few solutions provided there.
November 27th, 2007 at 12:56 pm
Cheers Alan,
Finally someone with the same dodgy file names: monstu.exe and monrtu.exe in the system32 folder (in C:/WINNT)
I’ve been reading many of these posts on various sites but none seemed to correspond to my situation maybe because I use win2k and because the MBS scum must be changing the name of their trojan files to avoid detection.
I first ran a recommended bit of free antispyware: http://www.ewido.net/en/product/...
took about an hour to scan and it found two high risk trojan files monstu.exe and monrtu.exe along with a fair few medium risk .txt files, I removed the lot using Ewido. I also then removed mbs startup file in the startup menu, seemed to delete normally ok. I only did this last night and files havent returned so far.
One strange thing though, in the system32 folder I noticed a file with name mbs##.dll (not sure of exact name) it was dated 2001 so didnt think this could be related? and havent deleted cos I thought it may screw something up.
I’ll repost any developments.
November 28th, 2007 at 1:14 pm
If you havent got a shed load of files that need backing up just restore your computors. Anything not backed up will be lost but at least it gets rid of MBS.
December 2nd, 2007 at 9:08 pm
I AM 15 YEARS OLD AND MBS KEEPS TELLING ME THAT I NEED TO PAY FOR LOOKING AT A PORN SITE PLZ HELP ME!
I NEED TO GET MY GCSE COURSEWORKS AND IT WON’T LET ME!!!
I DON’T WANT TO TELL ANYONE!
PLEASE HELP!!!
December 2nd, 2007 at 10:54 pm
Gazzer: Can you join the MBS Victims Website on
http://www.mbsvictims.org.uk? It will be easier for people to help you there.
December 7th, 2007 at 9:03 pm
I RE-STARTRED MY COMPUTER
I PUT THE PRODUCT KEY IN
AND HEY-PRESTO!
MBS VANISHED!
I WILL NOTIFY YOU IF IT COMES AGA
THANX TO THE SUSSEX GUY
L E G E N D
December 20th, 2007 at 8:30 pm
Something has infected my computer which i think is MBS, but i can exit the popup unlike other people, and also there is nothing requiring me to pay somehing in the window, just a load of random letters and numbers in a line.
I don’t know why it is different to everybody elses description, but i believe that it is MBS.
Can anyone direct me on what to do, as it is getting quite annoying? Would uninstalling internet explorer help?
December 27th, 2007 at 9:01 pm
I had this problem, , go on this link , do what it says and it will be gone, brilliant, john marriott. http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/519/
December 29th, 2007 at 4:10 pm
MBS IS A SCAM !
THEY ARE SAYING I HAVE ACCESSED A PORNOGRAPHIC WEBSITE AND AGRREED TO SOME CONTRACT. I AM THE ONLY ONE WHO WOULD OR EVEN COULD ACCESS THIS COMPUTER. I HAVE NOT ACCESSED ANY OF THESE WEBSITES !
IS THERE A WAY TO INVESTIGATE A HIGHLY POSSIBLE TROJAN OR EQUIVELENT THAT WOULD MAKE MY COMPUTER ACCESS A PRE-TEDERMINED URL THAT WOULD MAKE MY IP ‘SIGN UP’ TO … ?
I FIND THIS VERY LIKELY, BUT DO NOT HAVE THE KNOW HOW OR RESOURCES TO DO THIS…..
ANYONE GOT ANY IDEA’S ??
THANK YOU.
January 3rd, 2008 at 12:48 pm
hi ive just got rid of the idiots i used spybot search and destroy. just type spybot search and destroy into google. its free but welcome to donations.i had a load of other thing on my computer and it deleted them for me. i hope this helps.
January 16th, 2008 at 10:24 pm
Just got rid of them, thanks to help from your bloggers. I used this method:
Task Manager –> Processes
Find MBS type programs that are running.
Do not just end the process, End process Tree by right clicking on it.
Then immediately Delete all MBS affiliated programs from your System 32 Folder. Problem Solved!
Hope this helps. Con Artists the lot of them
January 18th, 2008 at 10:30 pm
I hope i got rid i went into system 32 folder an deleted everything to do with MBS. I rung them to find out who an what, an they give me balance off over £200 dating back 6 months if i wanted the software removed, thanks you all
January 20th, 2008 at 11:21 am
Do not pay them
Do not contact them at all
remove the ransomware using the following
mbs.bfu and bfu.exe
that is the brute force uninstaller – it will destroy all traces of this trojan.
google search for these two and follow instructions
January 24th, 2008 at 12:53 am
[...] Micro Bill Systems beware…Sarah Beeny and Kirstie Allsopp (an Internet Traffic Experiment) – CopycatGreengrocer takes imperial conviction to the graveTwo weeks goneMoben Kitchens – setting the record straight [...]
January 24th, 2008 at 11:12 am
[...] http://andymerrett.co.uk/2007/03/03/micro-billing-systems-beware/#comments Over 330 postings, lots to read and several ways to remove the billing popups [...]
February 7th, 2008 at 1:06 am
I have had this for the last week and now i have got to do smething about it. thank you for all the advice i shall start right now.
ps, i have not visited any rude sites and what keeps popping up should not .yuck!
February 8th, 2008 at 10:18 am
I downloaded spybot and it discovered it straitaway and asked me to let me know if i wanted to imform me or to kill it tick kill it get rid of this scum
February 8th, 2008 at 10:26 am
after talking to them on the phone they said pay up and what is ur e mail address hung up
February 11th, 2008 at 2:02 pm
I am getting billed by MBS on my PC saying I have accessd a porn sight. My son thinks he accessed the web site, realised what it was and logged off (he is 12), but now they want his passport and birth certificate to remove the software. Someone please help me.
February 11th, 2008 at 2:47 pm
Hi Sharon,
You might find this forum post useful: Though it doesn’t resolve the issue it’s a good starting point.
I’d recommend that you join the MBS Victims forum and ask there, because this page has now become rather difficult to keep a track on.
February 11th, 2008 at 2:58 pm
pzsys1.exe is this one of the files that MBS has infected my PC with. Spybot has found this but before I pay for my version I want to make sure this spyware has found the right trojan to delete this scum from my pc.
February 11th, 2008 at 5:17 pm
If you post that information on the MBS Victims Forum, you are more likely to get a response from somebody with the knowledge to answer you, Sharon.
Also, you might want to check out the Prevx site, which has a useful free trial.
But – please! contact Trading Standards to complain. Your child should not be able to access such material, and MBS are making it extremely easy for him to do this.
February 11th, 2008 at 5:22 pm
Sharon
If you post that information on the MBS Victims Forum, you are more likely to get a response from somebody with the knowledge to answer you. Also, you might want to check out the Prevx site, which has a useful free trial.
But – please! contact Trading Standards to complain. Your child should not be able to access such material, and MBS are making it extremely easy for him to do this.
February 17th, 2008 at 6:43 pm
hi had the same problem what can you do i down loaded spy doctor for free and then i delited it, it then gives you a option to try a norton anti virus for a free trail which i used and it found the micro billing virus i had to repeat the virus scan three times and it has now gone for good.
March 7th, 2008 at 1:37 pm
hi i to have been a victim of mbs bill. I have phoned them up and gave them a good earfull. They tell me the days and times i viewed some site which i know that day i was not home nore anyone else. ive had this on for a few weeks now and i have a different messege to phone for my FREE unistall disc but im a bit unsure to use it incase i get anymore problems
March 24th, 2008 at 9:55 pm
I have the MBS pop-up too
it is the most annoying piece of rubbish in the world
It even got through windows live onecare >:(
live onecare has protected me for the 3 months free trial from everything, apart from thet stupid MBS!!
now my free trial has run out and I’m getting spammed even more with it!
windows does the smart thing and tries blocking the window by warning me
but the verry instant I close it it pops back up!
I’ve checked all files and folders [literaly]
and even processes but I can only find the local version -.-’
so now even when I’m not online it spams a folder on my computer with the images and pops up as a .htm file
I have truly had enough those hacking masters must have used a worm / leech virus!
which in most cases are illegal!
Time to SUE! [if only I were older than 14, then I could sue]
if anyone finds out how to get rid of this MBS scum then make a whole site and forum about it because it will be popular >=D
March 27th, 2008 at 2:00 pm
Scott: There IS a whole forum about it! MBSVictims.org.uk
October 22nd, 2008 at 3:05 pm
Just checked this site out again 1 year after buying my laptop & getting that MBS thing on it.
I reset it to factory settings………..it’s never been back. I’m still paranoid about clicking on stuff when on line though.
In reply to Jamie (1yr late, apologies). I will never get a bill through the post, as I understand it all you can get from an ISP is the City or rough wherabouts of a user. It takes hundreds of man hours to track down unpleasant people using the internet for god knows what, I feel pretty confident mbs won’t be too bothered I didn’t fall for there £19.99 scam. By the way, there not that clever realy are they, maybe the guy who wrote the nasty little program is but he should put his talents to better use.
Cheers
March 11th, 2009 at 4:44 pm
[...] Micro Bill Systems beware…Sarah Beeny and Kirstie Allsopp (an Internet Traffic Experiment) – CopycatMBS Victims Forum featured in Technology GuardianSeven ways to hack off a forum member: A quick guide for administrators and moderatorsMoben Kitchens – setting the record straight [...]