Computer scam
-
- Site Moderator
- Posts: 11416
- Joined: Wed. Nov. 05, 2008 5:11 pm
- Location: Kent CT
- Hand Fed Coal Stove: V ermont Castings 2310, Franco Belge 262
- Baseburners & Antiques: Glenwood Modern Oak 114
- Coal Size/Type: nut and pea
Was checking and reading Email when a page popped up purportedly from Microsoft informing me my computer was infected and locked up.
Call this number to get support and unlock your computer. Do not turn off your computer.
Sure enough I could not exit chrome, locked up.
I decided to hit control, alt, delete, but just hitting control and alt was enough to get the desktop. Ran anti-virus scan which found nothing. Computer runs normally, but on opening chrome it had a message that it was not properly shut down.
This seems like to me, a shake down con game that if you foolishly call the number, there will be a fee.
Call this number to get support and unlock your computer. Do not turn off your computer.
Sure enough I could not exit chrome, locked up.
I decided to hit control, alt, delete, but just hitting control and alt was enough to get the desktop. Ran anti-virus scan which found nothing. Computer runs normally, but on opening chrome it had a message that it was not properly shut down.
This seems like to me, a shake down con game that if you foolishly call the number, there will be a fee.
- lsayre
- Member
- Posts: 21781
- Joined: Wed. Nov. 23, 2005 9:17 pm
- Location: Ohio
- Stoker Coal Boiler: AHS S130 Coal Gun
- Coal Size/Type: Lehigh Anthracite Pea
- Other Heating: Resistance Boiler (13.5 KW), ComfortMax 75
The fee thing sounds like what it is. I may be mistaken, but didn't the Mayor go through something like this awhile back?
- lsayre
- Member
- Posts: 21781
- Joined: Wed. Nov. 23, 2005 9:17 pm
- Location: Ohio
- Stoker Coal Boiler: AHS S130 Coal Gun
- Coal Size/Type: Lehigh Anthracite Pea
- Other Heating: Resistance Boiler (13.5 KW), ComfortMax 75
Can you try this, or does the "lock-up" forbid it??
Click the Chrome menu icon or Google Chrome options icon (at the top right corner of Google Chrome), select "Tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons, select these entries and click the trash can icon.
Plus, i if you can get to the "settings", go to "advanced", look for, and click on "restore all settings to their original defaults" (or something close to that).
Click the Chrome menu icon or Google Chrome options icon (at the top right corner of Google Chrome), select "Tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons, select these entries and click the trash can icon.
Plus, i if you can get to the "settings", go to "advanced", look for, and click on "restore all settings to their original defaults" (or something close to that).
Last edited by lsayre on Tue. Sep. 19, 2017 4:36 pm, edited 1 time in total.
- lsayre
- Member
- Posts: 21781
- Joined: Wed. Nov. 23, 2005 9:17 pm
- Location: Ohio
- Stoker Coal Boiler: AHS S130 Coal Gun
- Coal Size/Type: Lehigh Anthracite Pea
- Other Heating: Resistance Boiler (13.5 KW), ComfortMax 75
This site has pointers to some "cleaners" that will potentially find and kill the offending malware.
https://malwaretips.com/blogs/your-computer-has-been-locked-virus/
https://malwaretips.com/blogs/your-computer-has-been-locked-virus/
- Richard S.
- Mayor
- Posts: 15183
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
Usually these messages are difficult to close because they open a dialog box and nothing else can be done unless the dialog is closed. Closing it spawns another one so you are in endless loop. Closing the browser through task manager is the only solution. On restart of the browser the issue should be gone. Not sure if it's Edge of Firefox but they have now have option on the second dialog box that opens to prevent another one from loading.
If the page respawns when you start the browser they have probably hijacked your homepage, you most likely clicked a yes box allowing this. When you start the browser the page automatically loads and you are back in the same endless loop preventing you from changing the homepage. No antivirus or antimalware is going to detect this, technically you don't have a virus or malware infection. It's normal function of the browser unless they actually know the URL is known for this.
I'm assuming you are using windows. Right click your desktop and select create shortcut, make a new one and point it to any URL. Make sure the browser is closed and click on it, if it asks you what to use to open it sect the affected browser. This should bypass loading your homepage allowing you into the browsers settings so you can change the homepage back.
Just a another tip here, if you are using a standalone email client you can send yourself a link in an email instead of creating the shortcut.
If that does not solve the issue then Chrome is likely recovering the page because it was closed through task manager.
If the page respawns when you start the browser they have probably hijacked your homepage, you most likely clicked a yes box allowing this. When you start the browser the page automatically loads and you are back in the same endless loop preventing you from changing the homepage. No antivirus or antimalware is going to detect this, technically you don't have a virus or malware infection. It's normal function of the browser unless they actually know the URL is known for this.
I'm assuming you are using windows. Right click your desktop and select create shortcut, make a new one and point it to any URL. Make sure the browser is closed and click on it, if it asks you what to use to open it sect the affected browser. This should bypass loading your homepage allowing you into the browsers settings so you can change the homepage back.
Just a another tip here, if you are using a standalone email client you can send yourself a link in an email instead of creating the shortcut.
If that does not solve the issue then Chrome is likely recovering the page because it was closed through task manager.
- Sunny Boy
- Member
- Posts: 25547
- Joined: Mon. Nov. 11, 2013 1:40 pm
- Location: Central NY
- Hand Fed Coal Boiler: Anthracite Industrial, domestic hot water heater
- Baseburners & Antiques: Glenwood range 208, # 6 base heater, 2 Modern Oak 118.
- Coal Size/Type: Nuts !
- Other Heating: Oil &electric plenum furnace
I sometimes get the same at some sites that are not HTTPS secure when searching for old cars parts and suppliers online. It will freeze and lockup Internet Explorer so that I can't back up, or close it down.
To gain control back I used to just crash the computer and reboot. But that gets to be a real pain.
Then I learned that by hitting Control, Alt & Delete, it doesn't unfreeze things but it goes to a dark screen with a list of five choices - the last one being the "task manager". By clicking on task manager, another box shows up listing all the programs that are running, such as Internet Explorer that is locked up. You can click on that program to highlight it, then down at the bottom you can click on a box to stop that program.
So far, it works every time without having to crash and reboot.
BTW, this is with Windows 7, and Internet Explorer 11 browser. And nothing nasty shows up with Kaspersky, or my Malwarebytes programs.
Paul
To gain control back I used to just crash the computer and reboot. But that gets to be a real pain.
Then I learned that by hitting Control, Alt & Delete, it doesn't unfreeze things but it goes to a dark screen with a list of five choices - the last one being the "task manager". By clicking on task manager, another box shows up listing all the programs that are running, such as Internet Explorer that is locked up. You can click on that program to highlight it, then down at the bottom you can click on a box to stop that program.
So far, it works every time without having to crash and reboot.
BTW, this is with Windows 7, and Internet Explorer 11 browser. And nothing nasty shows up with Kaspersky, or my Malwarebytes programs.
Paul
- Richard S.
- Mayor
- Posts: 15183
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
It was my parents computer, these pages are pretty common and usually spawned through second rate ad networks. The Google ads here are far less vulnerable to this because they have the resources to detect it before it's published.lsayre wrote:The fee thing sounds like what it is. I may be mistaken, but didn't the Mayor go through something like this awhile back?
- Richard S.
- Mayor
- Posts: 15183
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
I misread this before, that's because you closed it through task manager which is usually the only option. When you close an application it will typically have a few things it will do on exit. Closing it through task manager is a hard exit. you should be ale to safely restart it without any issues.franco b wrote:but on opening chrome it had a message that it was not properly shut down.
Correct, it's simply a con. MS will never send you email, call you or put a warning on your screen to call a 1 800 number.This seems like to me, a shake down con game that if you foolishly call the number, there will be a fee.
------------------
While on the topic you can prevent this from happening again by changing your email setting to read as plain text, if that is too restrictive there is usually a box to read an individual email as HTML. There should also be options for what external resources can or cannot be loaded. Images are typically off by default. The spammers will set an external image in the email and if they have request for it on the live server they know it's active email account. For example suppose I were to add a 1245678.gif image inside email notifications where 1245678 is unique identifier for that specific message. If you are allowing your email application to load external images I can tell if that specific email was opened by you. They call this a beacon.
-
- Site Moderator
- Posts: 11416
- Joined: Wed. Nov. 05, 2008 5:11 pm
- Location: Kent CT
- Hand Fed Coal Stove: V ermont Castings 2310, Franco Belge 262
- Baseburners & Antiques: Glenwood Modern Oak 114
- Coal Size/Type: nut and pea
Everything seems normal, but as Richard said chrome wanted to reload the last page. That went away on re-starting it.
If that number were called I can imagine them wanting permission to take control of the computer to fix the problem. They would then be free to do whatever.
If that number were called I can imagine them wanting permission to take control of the computer to fix the problem. They would then be free to do whatever.
- freetown fred
- Member
- Posts: 30293
- Joined: Thu. Dec. 31, 2009 12:33 pm
- Location: Freetown,NY 13803
- Hand Fed Coal Stove: HITZER 50-93
- Coal Size/Type: BLASCHAK Nut
Richard, been there--that's exactly what they want--I just shut down tower & restart--no more problems--happened twice over 6 months--
- Richard S.
- Mayor
- Posts: 15183
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
You don't need to shut it down Fred. Type task manager in windows search box or alternatively hold down ctrl, alt and hit delete. Once in task manger on the processes tab you'll find the name of the browser you are using. Highlight it by clicking it and down in the lower right click end process. Restart the browser and all should be well under most circumstances.freetown fred wrote:Richard, been there--that's exactly what they want--I just shut down tower & restart--no more problems--happened twice over 6 months--
-
- Member
- Posts: 6515
- Joined: Sun. Feb. 10, 2008 3:48 pm
- Location: Cape Cod, MA
- Stoker Coal Boiler: want AA130
- Hand Fed Coal Stove: DS Machine BS#4, Harman MKII, Hitzer 503,...
- Coal Size/Type: Pea/Nut/Stove
Yes the con to scare you into allowing them to remote into your computer...
Just click on the link all will be fixed...
Then you are done...
Good site lots of info and links to good tools...
https://www.bleepingcomputer.com/download/combofix/
Adwarecleaner is a good tool
https://www.bleepingcomputer.com/download/adwcleaner/
Hitman Pro 30 day trial inexpensive yearly fee
https://www.hitmanpro.com/en-us/downloads.aspx
Just click on the link all will be fixed...
Then you are done...
Good site lots of info and links to good tools...
https://www.bleepingcomputer.com/download/combofix/
Adwarecleaner is a good tool
https://www.bleepingcomputer.com/download/adwcleaner/
Hitman Pro 30 day trial inexpensive yearly fee
https://www.hitmanpro.com/en-us/downloads.aspx
- freetown fred
- Member
- Posts: 30293
- Joined: Thu. Dec. 31, 2009 12:33 pm
- Location: Freetown,NY 13803
- Hand Fed Coal Stove: HITZER 50-93
- Coal Size/Type: BLASCHAK Nut
Got it--thanx.
Richard S. wrote:You don't need to shut it down Fred. Type task manager in windows search box or alternatively hold down ctrl, alt and hit delete. Once in task manger on the processes tab you'll find the name of the browser you are using. Highlight it by clicking it and down in the lower right click end process. Restart the browser and all should be well under most circumstances.freetown fred wrote:Richard, been there--that's exactly what they want--I just shut down tower & restart--no more problems--happened twice over 6 months--
- davidmcbeth3
- Member
- Posts: 8505
- Joined: Sun. Jun. 14, 2009 2:31 pm
- Coal Size/Type: nut/pea/anthra
I get phon(ey) calls from "microsoft" to fix my ailing PC.
When I tell them I'm blind they don't know what to say and hang up.
When I tell them I'm blind they don't know what to say and hang up.
- Richard S.
- Mayor
- Posts: 15183
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
I say hold on, put the phone down and walk away. LOLdavidmcbeth3 wrote:I get phon(ey) calls from "microsoft" to fix my ailing PC.
When I tell them I'm blind they don't know what to say and hang up.