Register    Login    Search    FAQ     Articles & more     Donate

Board index » Technical Forums » Security




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post Posted: Sun Jul 22, 2018 4:56 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 275
My daughter was surfing this morning when the attached windows came up and she could not get rid of them. I did Team Viewer to her and used Task Manager to close down IE with the warnings.

I'm curious to know what might have happened had she done as instructed and called the 844 number. I discovered that Malwarebytes was missing from her computer (I installed it six months ago), so I reinstalled it and ran a scan, which yielded 26 PUPs that I quarantined and then deleted.


Attachments:
File comment: IE would not close and neither window would close.
IMG_6783.JPG
IMG_6783.JPG [ 179.63 KiB | Viewed 361 times ]

_________________
Gerry
Top 
 Profile  
Reply with quote  
 Post Posted: Sun Jul 22, 2018 6:37 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 5662
Location: The state of confusion; I just use Wyoming for mail.
They would have tried to get her to allow a remote connection with which they would have installed more infections. At least that is the most common result.

This is what is sometimes called scareware. The actual infection is not anywhere near as bad as ransomware and is designed to scare you into contacting them. Once they have a remote connection it is a different story. Now they have control of your system and can install anything they want.

There is no legit company that would make contact in this manner nor is your system going to send info to any such company except under the possible situation where the company is under a monitoring retainer where it is actually their job to keep 'tabs' on your system. (pun intended)

You did the proper thing by using Task Manager to close IE and running a scan.

_________________
Image
Jaylach Site Portal
I NEVER forget... I just remember late.
ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Sun Jul 22, 2018 7:59 pm 
Offline
Moderator
User avatar

Joined: Fri Nov 30, 2012 12:47 am
Posts: 1222
Location: North Central Arkansas
Out of curiosity, I just Googled "your computer has been blocked message" and got a bunch of helpful information, including recommendations from the Microsoft forum. Most suggest doing exactly what you did, but there were additional recommendations in the event that the message keeps coming back.

I am somewhat sensitive to these types of scare tactics, because a couple of years ago my sister's computer got hit by ransomware (she clicked on a message when she shouldn't have). She didn't pay the ransom; instead she bought a new computer, and the first program I had her install was Malwarebytes. Then we reinstalled what few programs she used and her data files (which she had backed up to a flash drive).


Top 
 Profile  
Reply with quote  
 Post Posted: Sun Jul 22, 2018 9:07 pm 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 1492
Location: New Jersey
Jay is correct. The goal of scareware is to get you to pay for useless "support" for lots of money. And, as Jay noted, sometimes they will actually then infect the PC in order to capture your data -- passwords, IDs, banking, etc. The latter is not the usual ploy, though. Typically they are selling you their useless service/software without adding any infections or stealing anything else.
The pop-up is delivered via an ad on the web page or the web page itself, usually via Flash or Java. Closing the web browser via Task Manager is the typical solution. In some cases you may also need to go to the browser settings to prevent it from opening all previously open pages when it was "crashed."
-steve

_________________
stephen boots
Microsoft MVP since 2004
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Jul 23, 2018 5:19 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 275
Thanks to all for the quick responses. I'm still left with the mystery of how Malwarebytes was removed from her computer and when it happened.

_________________
Gerry


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Jul 23, 2018 6:05 am 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 5662
Location: The state of confusion; I just use Wyoming for mail.
gmfry wrote:
Thanks to all for the quick responses. I'm still left with the mystery of how Malwarebytes was removed from her computer and when it happened.

My guess would be that the April 2018 feature update may have killed MBAM. Odd as it seems I just did that update yesterday on a secondary system. MBAM is now gone on that system.

_________________
Image
Jaylach Site Portal
I NEVER forget... I just remember late.
ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Jul 23, 2018 5:42 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 975
The best solution for this garbage is Sandboxie. Just use sandboxie to close the browser and it's gone.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jul 24, 2018 5:09 pm 
Offline
welcoming committee
User avatar

Joined: Tue Apr 10, 2012 11:19 pm
Posts: 112
Location: Capital District, New York
Actually I do not think Sandboxie would help here.
The scam works like this: You are asked to call a number, then they tell you not to get off the phone as they can stop the incursion in its tracks, and they need to do it now. They then ask you to allow them into your computer...…...now once you do this they easily install malware and extract your passwords. Not to mention that they would now also have your credit card data because you have just paid them....both cases I am familiar with locally,..$400.00.
That is $400 you have just paid them to steal your passwords and credit card data. In one of the cases I know of, there was some lingering spy/malware inserted on the computer. That particular one was sent out and needed a professional software engineer to remove it.

On the system that I worked on, they did not call and all that was necessary was to close the browser and restart the computer and it was gone. If you give someone permission to access your computer I do not think Sandboxie will help you.


Unless I do not fully understand how Sandboxie works.

_________________
I hear and I forget.
I see and I remember.
I do and I understand.

William A. Gustafson
I know I have forgotten more than I can ever hope to remember.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jul 24, 2018 10:10 pm 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 1492
Location: New Jersey
BillG, I believe the advice for Sandoxie was to allow you to close the browser and eliminate any downloaded code that resides in the local temporary/cache. Some of these infections don't allow you to close the browser -- hijacking the "X" Close -- requiring Task Manager to force a close. And some of the infections hijack the start page so that once you close and re-open the browser, you are faced with their message once again.
-steve

_________________
stephen boots
Microsoft MVP since 2004
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Jul 25, 2018 10:39 am 
Offline
welcoming committee
User avatar

Joined: Tue Apr 10, 2012 11:19 pm
Posts: 112
Location: Capital District, New York
OK, I have not seen that happen.
I do understand, and what you have said confirms my understanding of Sandboxie.

_________________
I hear and I forget.
I see and I remember.
I do and I understand.

William A. Gustafson
I know I have forgotten more than I can ever hope to remember.


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Jul 25, 2018 10:17 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 975
In some of my wanderings I have seen these nefarious web sites and some do indeed make it hard to close the browser. Killing the process by a right click on the sandboxie icon kills it dead.

I remember encountering a virius that took over the computer and just flashed the screen with patterns. Only way out was a reboot and on booting you were owned. Ran it in sandboxie and again it took over the computer and it required a reboot. BUT, on reboot the system was clean

I never use a browser with out Sandboxie


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 11 posts ] 

Board index » Technical Forums » Security


Who is online

Users browsing this forum: No registered users and 1 guest

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

cron