It’s been a couple of months given that I have actually got one of these calls but I constantly answer the phone once the crazy caller id numbers come up hoping I gain one more. This morning I witnessed a speak to come in from “Name Unaccessible 1-123-456-7890”, looks legit… I knew it was going to be a scamera, that crmodify help call or a charity asking for docountry. Jackpot, it was my favorite technology assistance men. I scrambbrought about keep him on the line, obtain batteries right into my tiny HD recorder, and also fire up my VirtualBox Windows instance on my Mac.

You watching: .zfsendtotarget

The recording picks up as soon as I obtain whatever erected.

Here’s exactly how this svideo camera goes. The caller assumes the taracquire has actually no understanding of computers and also uses FEAR to streatment the targain into thinking there’s a problem by not knowledge standard, normal Windows functions. I play in addition to it and continue to go through the procedures. Remember, I have actually been working through Windows servers for over twenty years and I kbrand-new precisely what he was doing. Looking up complete benign data but to the uneducated those strings of long numbers are scary and also they have the right to say whatever before they desire around them and also you will believe it.

What the caller had me perform was open up the command also prompt by doing the Windows Key+R, which opens the Run home window. In the run home window they have me enter cmd which then opens up the command prompt. Basic.

Next off they had me run a command also called assoc. This command is basic maintenance and lists out the associations of file extensions to the programs that open it, basically it tells Windows that files through extensions of .txt are text papers, .xls are Excel or if you install software through a practice extension like .dfc in the association list Windows will certainly recognize that file belongs to X software program.

See more: How To Fix Winrar Diagnostic Messages The Archive Is Corrupt

Now, what the scammer does is focus on the one near the bottom referred to as .zfsendtotargain. Big scary numbers next to it that they claim is your “license key” and also continue to check out it ago to you. If you have actually no principle what this is you assume that since they know that number and also are reading it ago 100% accurately then the “tech support” must understand my computer and also therefore offers credibility to their claims. That builds trust and the tarobtain falls for the scam and shells out money.

.zfSendToTargain value is the exact same on all Windows Installations

A quick explacountry of what .zfsendtotargain is – When you best click a file in Windows, XP on up, you check out an choice to Send To Compressed file. That’s what that is, that’s it. It’s the built in Windows compression option.

Due to the fact that it the default Windows compression the worth of .ZFSendToTarget=CLSID888DCA60-FC0A-11CF-8F0F-00C04FD7D062 IS THE SAME ON EVERY SINGLE WINDOWS COMPUTER!!! THEY KNOW THE NUMBER BECAUSE THAT’S THE VALUE EVERYWHERE!!! The scammers don’t recognize your computer system, they are simply reading ago the default value. In the much remote possibility you were uber-techie and rerelocated the default, that worth will be there.

Here’s the full recording, I was unable to keep it going much longer. I might have piled on the sarcasm as well deep and also too beforehand bereason he hung up on me, more than likely after the Loser comment. But 10 minutes via me messing roughly via him is 10 much less minutes spent on a actual victim.

See more: How To Root 5.1.1 S6 Edge On Lollipop 5, How To Root Galaxy S6 On Android 5

Spcheck out this roughly to the uneducated and also acquire everyone familiar with these calls and also train civilization to A) Not answer the phone, B) Hang up.