Computer scam

 
franco b
Site Moderator
Posts: 11416
Joined: Wed. Nov. 05, 2008 5:11 pm
Location: Kent CT
Hand Fed Coal Stove: V ermont Castings 2310, Franco Belge 262
Baseburners & Antiques: Glenwood Modern Oak 114
Coal Size/Type: nut and pea

Post by franco b » Tue. Sep. 19, 2017 4:03 pm

Was checking and reading Email when a page popped up purportedly from Microsoft informing me my computer was infected and locked up.

Call this number to get support and unlock your computer. Do not turn off your computer.

Sure enough I could not exit chrome, locked up.

I decided to hit control, alt, delete, but just hitting control and alt was enough to get the desktop. Ran anti-virus scan which found nothing. Computer runs normally, but on opening chrome it had a message that it was not properly shut down.

This seems like to me, a shake down con game that if you foolishly call the number, there will be a fee.


 
User avatar
lsayre
Member
Posts: 21781
Joined: Wed. Nov. 23, 2005 9:17 pm
Location: Ohio
Stoker Coal Boiler: AHS S130 Coal Gun
Coal Size/Type: Lehigh Anthracite Pea
Other Heating: Resistance Boiler (13.5 KW), ComfortMax 75

Post by lsayre » Tue. Sep. 19, 2017 4:25 pm

The fee thing sounds like what it is. I may be mistaken, but didn't the Mayor go through something like this awhile back?

 
User avatar
lsayre
Member
Posts: 21781
Joined: Wed. Nov. 23, 2005 9:17 pm
Location: Ohio
Stoker Coal Boiler: AHS S130 Coal Gun
Coal Size/Type: Lehigh Anthracite Pea
Other Heating: Resistance Boiler (13.5 KW), ComfortMax 75

Post by lsayre » Tue. Sep. 19, 2017 4:29 pm

Can you try this, or does the "lock-up" forbid it??

Click the Chrome menu icon or Google Chrome options icon (at the top right corner of Google Chrome), select "Tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons, select these entries and click the trash can icon.

Plus, i if you can get to the "settings", go to "advanced", look for, and click on "restore all settings to their original defaults" (or something close to that).
Last edited by lsayre on Tue. Sep. 19, 2017 4:36 pm, edited 1 time in total.

 
User avatar
lsayre
Member
Posts: 21781
Joined: Wed. Nov. 23, 2005 9:17 pm
Location: Ohio
Stoker Coal Boiler: AHS S130 Coal Gun
Coal Size/Type: Lehigh Anthracite Pea
Other Heating: Resistance Boiler (13.5 KW), ComfortMax 75

Post by lsayre » Tue. Sep. 19, 2017 4:35 pm

This site has pointers to some "cleaners" that will potentially find and kill the offending malware.

https://malwaretips.com/blogs/your-computer-has-been-locked-virus/

 
User avatar
Richard S.
Mayor
Posts: 15183
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Tue. Sep. 19, 2017 4:38 pm

Usually these messages are difficult to close because they open a dialog box and nothing else can be done unless the dialog is closed. Closing it spawns another one so you are in endless loop. Closing the browser through task manager is the only solution. On restart of the browser the issue should be gone. Not sure if it's Edge of Firefox but they have now have option on the second dialog box that opens to prevent another one from loading.

If the page respawns when you start the browser they have probably hijacked your homepage, you most likely clicked a yes box allowing this. When you start the browser the page automatically loads and you are back in the same endless loop preventing you from changing the homepage. No antivirus or antimalware is going to detect this, technically you don't have a virus or malware infection. It's normal function of the browser unless they actually know the URL is known for this.

I'm assuming you are using windows. Right click your desktop and select create shortcut, make a new one and point it to any URL. Make sure the browser is closed and click on it, if it asks you what to use to open it sect the affected browser. This should bypass loading your homepage allowing you into the browsers settings so you can change the homepage back.

Just a another tip here, if you are using a standalone email client you can send yourself a link in an email instead of creating the shortcut.

If that does not solve the issue then Chrome is likely recovering the page because it was closed through task manager.

 
User avatar
Sunny Boy
Member
Posts: 25556
Joined: Mon. Nov. 11, 2013 1:40 pm
Location: Central NY
Hand Fed Coal Boiler: Anthracite Industrial, domestic hot water heater
Baseburners & Antiques: Glenwood range 208, # 6 base heater, 2 Modern Oak 118.
Coal Size/Type: Nuts !
Other Heating: Oil &electric plenum furnace

Post by Sunny Boy » Tue. Sep. 19, 2017 4:41 pm

I sometimes get the same at some sites that are not HTTPS secure when searching for old cars parts and suppliers online. It will freeze and lockup Internet Explorer so that I can't back up, or close it down.

To gain control back I used to just crash the computer and reboot. But that gets to be a real pain.

Then I learned that by hitting Control, Alt & Delete, it doesn't unfreeze things but it goes to a dark screen with a list of five choices - the last one being the "task manager". By clicking on task manager, another box shows up listing all the programs that are running, such as Internet Explorer that is locked up. You can click on that program to highlight it, then down at the bottom you can click on a box to stop that program.

So far, it works every time without having to crash and reboot.

BTW, this is with Windows 7, and Internet Explorer 11 browser. And nothing nasty shows up with Kaspersky, or my Malwarebytes programs.

Paul

 
User avatar
Richard S.
Mayor
Posts: 15183
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Tue. Sep. 19, 2017 4:45 pm

lsayre wrote:The fee thing sounds like what it is. I may be mistaken, but didn't the Mayor go through something like this awhile back?
It was my parents computer, these pages are pretty common and usually spawned through second rate ad networks. The Google ads here are far less vulnerable to this because they have the resources to detect it before it's published.


 
User avatar
Richard S.
Mayor
Posts: 15183
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Tue. Sep. 19, 2017 4:58 pm

franco b wrote:but on opening chrome it had a message that it was not properly shut down.
I misread this before, that's because you closed it through task manager which is usually the only option. When you close an application it will typically have a few things it will do on exit. Closing it through task manager is a hard exit. you should be ale to safely restart it without any issues.
This seems like to me, a shake down con game that if you foolishly call the number, there will be a fee.
Correct, it's simply a con. MS will never send you email, call you or put a warning on your screen to call a 1 800 number.

------------------

While on the topic you can prevent this from happening again by changing your email setting to read as plain text, if that is too restrictive there is usually a box to read an individual email as HTML. There should also be options for what external resources can or cannot be loaded. Images are typically off by default. The spammers will set an external image in the email and if they have request for it on the live server they know it's active email account. For example suppose I were to add a 1245678.gif image inside email notifications where 1245678 is unique identifier for that specific message. If you are allowing your email application to load external images I can tell if that specific email was opened by you. They call this a beacon.

 
franco b
Site Moderator
Posts: 11416
Joined: Wed. Nov. 05, 2008 5:11 pm
Location: Kent CT
Hand Fed Coal Stove: V ermont Castings 2310, Franco Belge 262
Baseburners & Antiques: Glenwood Modern Oak 114
Coal Size/Type: nut and pea

Post by franco b » Tue. Sep. 19, 2017 5:15 pm

Everything seems normal, but as Richard said chrome wanted to reload the last page. That went away on re-starting it.

If that number were called I can imagine them wanting permission to take control of the computer to fix the problem. They would then be free to do whatever.

 
User avatar
freetown fred
Member
Posts: 30293
Joined: Thu. Dec. 31, 2009 12:33 pm
Location: Freetown,NY 13803
Hand Fed Coal Stove: HITZER 50-93
Coal Size/Type: BLASCHAK Nut

Post by freetown fred » Tue. Sep. 19, 2017 8:47 pm

Richard, been there--that's exactly what they want--I just shut down tower & restart--no more problems--happened twice over 6 months--

 
User avatar
Richard S.
Mayor
Posts: 15183
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Tue. Sep. 19, 2017 9:17 pm

freetown fred wrote:Richard, been there--that's exactly what they want--I just shut down tower & restart--no more problems--happened twice over 6 months--
You don't need to shut it down Fred. Type task manager in windows search box or alternatively hold down ctrl, alt and hit delete. Once in task manger on the processes tab you'll find the name of the browser you are using. Highlight it by clicking it and down in the lower right click end process. Restart the browser and all should be well under most circumstances.

 
CapeCoaler
Member
Posts: 6515
Joined: Sun. Feb. 10, 2008 3:48 pm
Location: Cape Cod, MA
Stoker Coal Boiler: want AA130
Hand Fed Coal Stove: DS Machine BS#4, Harman MKII, Hitzer 503,...
Coal Size/Type: Pea/Nut/Stove

Post by CapeCoaler » Tue. Sep. 19, 2017 9:20 pm

Yes the con to scare you into allowing them to remote into your computer...
Just click on the link all will be fixed... ;)
Then you are done...

Good site lots of info and links to good tools...

https://www.bleepingcomputer.com/download/combofix/

Adwarecleaner is a good tool

https://www.bleepingcomputer.com/download/adwcleaner/

Hitman Pro 30 day trial inexpensive yearly fee

https://www.hitmanpro.com/en-us/downloads.aspx

 
User avatar
freetown fred
Member
Posts: 30293
Joined: Thu. Dec. 31, 2009 12:33 pm
Location: Freetown,NY 13803
Hand Fed Coal Stove: HITZER 50-93
Coal Size/Type: BLASCHAK Nut

Post by freetown fred » Tue. Sep. 19, 2017 10:09 pm

Got it--thanx.
Richard S. wrote:
freetown fred wrote:Richard, been there--that's exactly what they want--I just shut down tower & restart--no more problems--happened twice over 6 months--
You don't need to shut it down Fred. Type task manager in windows search box or alternatively hold down ctrl, alt and hit delete. Once in task manger on the processes tab you'll find the name of the browser you are using. Highlight it by clicking it and down in the lower right click end process. Restart the browser and all should be well under most circumstances.

 
User avatar
davidmcbeth3
Member
Posts: 8505
Joined: Sun. Jun. 14, 2009 2:31 pm
Coal Size/Type: nut/pea/anthra

Post by davidmcbeth3 » Wed. Sep. 20, 2017 1:27 am

I get phon(ey) calls from "microsoft" to fix my ailing PC.

When I tell them I'm blind they don't know what to say and hang up.

 
User avatar
Richard S.
Mayor
Posts: 15183
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Wed. Sep. 20, 2017 7:05 am

davidmcbeth3 wrote:I get phon(ey) calls from "microsoft" to fix my ailing PC.

When I tell them I'm blind they don't know what to say and hang up.
I say hold on, put the phone down and walk away. LOL


Post Reply

Return to “Technology”