Computer Haven
https://computerhaven.com/forum/

Computer Has Been Blocked
https://computerhaven.com/forum/viewtopic.php?f=23&t=1966		 Page 1 of 1
Author:  gmfry [ Sun Jul 22, 2018 4:56 pm ]
Post subject:  Computer Has Been Blocked
My daughter was surfing this morning when the attached windows came up and she could not get rid of them. I did Team Viewer to her and used Task Manager to close down IE with the warnings.

I'm curious to know what might have happened had she done as instructed and called the 844 number. I discovered that Malwarebytes was missing from her computer (I installed it six months ago), so I reinstalled it and ran a scan, which yielded 26 PUPs that I quarantined and then deleted.

Attachments:
File comment: IE would not close and neither window would close.
IMG_6783.JPG
IMG_6783.JPG [ 179.63 KiB | Viewed 4751 times ]
Author:  jaylach [ Sun Jul 22, 2018 6:37 pm ]
Post subject:  Re: Computer Has Been Blocked
They would have tried to get her to allow a remote connection with which they would have installed more infections. At least that is the most common result.

This is what is sometimes called scareware. The actual infection is not anywhere near as bad as ransomware and is designed to scare you into contacting them. Once they have a remote connection it is a different story. Now they have control of your system and can install anything they want.

There is no legit company that would make contact in this manner nor is your system going to send info to any such company except under the possible situation where the company is under a monitoring retainer where it is actually their job to keep 'tabs' on your system. (pun intended)

You did the proper thing by using Task Manager to close IE and running a scan.
Author:  bbarry [ Sun Jul 22, 2018 7:59 pm ]
Post subject:  Re: Computer Has Been Blocked
Out of curiosity, I just Googled "your computer has been blocked message" and got a bunch of helpful information, including recommendations from the Microsoft forum. Most suggest doing exactly what you did, but there were additional recommendations in the event that the message keeps coming back.

I am somewhat sensitive to these types of scare tactics, because a couple of years ago my sister's computer got hit by ransomware (she clicked on a message when she shouldn't have). She didn't pay the ransom; instead she bought a new computer, and the first program I had her install was Malwarebytes. Then we reinstalled what few programs she used and her data files (which she had backed up to a flash drive).
Author:  sboots [ Sun Jul 22, 2018 9:07 pm ]
Post subject:  Re: Computer Has Been Blocked
Jay is correct. The goal of scareware is to get you to pay for useless "support" for lots of money. And, as Jay noted, sometimes they will actually then infect the PC in order to capture your data -- passwords, IDs, banking, etc. The latter is not the usual ploy, though. Typically they are selling you their useless service/software without adding any infections or stealing anything else.
The pop-up is delivered via an ad on the web page or the web page itself, usually via Flash or Java. Closing the web browser via Task Manager is the typical solution. In some cases you may also need to go to the browser settings to prevent it from opening all previously open pages when it was "crashed."
-steve
Author:  gmfry [ Mon Jul 23, 2018 5:19 am ]
Post subject:  Re: Computer Has Been Blocked
Thanks to all for the quick responses. I'm still left with the mystery of how Malwarebytes was removed from her computer and when it happened.
Author:  jaylach [ Mon Jul 23, 2018 6:05 am ]
Post subject:  Re: Computer Has Been Blocked
gmfry wrote:
Thanks to all for the quick responses. I'm still left with the mystery of how Malwarebytes was removed from her computer and when it happened.

My guess would be that the April 2018 feature update may have killed MBAM. Odd as it seems I just did that update yesterday on a secondary system. MBAM is now gone on that system.
Author:  Peter2150 [ Mon Jul 23, 2018 5:42 pm ]
Post subject:  Re: Computer Has Been Blocked
The best solution for this garbage is Sandboxie. Just use sandboxie to close the browser and it's gone.
Author:  BillG [ Tue Jul 24, 2018 5:09 pm ]
Post subject:  Re: Computer Has Been Blocked
Actually I do not think Sandboxie would help here.
The scam works like this: You are asked to call a number, then they tell you not to get off the phone as they can stop the incursion in its tracks, and they need to do it now. They then ask you to allow them into your computer...…...now once you do this they easily install malware and extract your passwords. Not to mention that they would now also have your credit card data because you have just paid them....both cases I am familiar with locally,..$400.00.
That is $400 you have just paid them to steal your passwords and credit card data. In one of the cases I know of, there was some lingering spy/malware inserted on the computer. That particular one was sent out and needed a professional software engineer to remove it.

On the system that I worked on, they did not call and all that was necessary was to close the browser and restart the computer and it was gone. If you give someone permission to access your computer I do not think Sandboxie will help you.


Unless I do not fully understand how Sandboxie works.
Author:  sboots [ Tue Jul 24, 2018 10:10 pm ]
Post subject:  Re: Computer Has Been Blocked
BillG, I believe the advice for Sandoxie was to allow you to close the browser and eliminate any downloaded code that resides in the local temporary/cache. Some of these infections don't allow you to close the browser -- hijacking the "X" Close -- requiring Task Manager to force a close. And some of the infections hijack the start page so that once you close and re-open the browser, you are faced with their message once again.
-steve
Author:  BillG [ Wed Jul 25, 2018 10:39 am ]
Post subject:  Re: Computer Has Been Blocked
OK, I have not seen that happen.
I do understand, and what you have said confirms my understanding of Sandboxie.
Author:  Peter2150 [ Wed Jul 25, 2018 10:17 pm ]
Post subject:  Re: Computer Has Been Blocked
In some of my wanderings I have seen these nefarious web sites and some do indeed make it hard to close the browser. Killing the process by a right click on the sandboxie icon kills it dead.

I remember encountering a virius that took over the computer and just flashed the screen with patterns. Only way out was a reboot and on booting you were owned. Ran it in sandboxie and again it took over the computer and it required a reboot. BUT, on reboot the system was clean

I never use a browser with out Sandboxie
Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/