Jim Laumann
09-13-2016, 1:57 PM
Wifelet was using the 'puter yesterday - looked at some email pics, then off to Facebook..... saw a link for uses of Apple Cider vinegar, she clicked it, and it happened.
A window opened, and it was full of Microsoft graphics, and text indicating that our system was virus infected, and that she/we needed to call Microsoft Tech Support at 844-xxx-xxxx. She was unable to do anything w/ the system - could not close the MS browser (what ever they call it these days - running Win 10).
She called me - what to do? I said power off / on. She tried it - same thing - but now at a DOS window - before the desktop was displayed. We know its a scam, but how to fix? Our anti virus did not alert to anything. I speculated that she clicked an executeable somewhere, but she swore she hadn't.
Did some searches here on SMC, and also w/ Goggle. Struggled w/ search words.
Assuming that the system was spiked - data got encrypted - what to do? Have a backup 8-10 days old, but have never tried a boot CD followed by a restore (using Acronis Backup). Figured that I may need to buy a new hard drive and restore to that. But getting things back if the restore didn't work - that bothered me.
System came w/ Win 7, and we upgraded to Win 10 during the freebie period. Would that still work, or was a commercial copy of Win 10 also in my future?
Got home - booted - got in to the desktop, could read everything. Picked a couple of text type files at random. No encryption. Launched the anti virus - did a full scan - nothing.....
Launched the IE replacement (Edge? what ever its called) - then it hit. Once in to the browser, I could do nothing - only way I could kill it was w/ Task Manager.
Launched Chrome - it was clean. Did some more searching - got hits for something similar to what I was seeing but not an exact match. Couple of possible solutions was to clear cache, and to also down load the MS Malicious Software Removal tool.
Naturally, Microsoft moved stuff around from where it was in control panel of previous versions, was looking for the IE settings popups - clear cache, etc. Did find Windows Update. Clicked it - and SHAZAM!! Update broke the hold that the "virus" had on the browser. I started the download of the Removal tool and cleared cache.
The clear killed my down load, but that was ok - as the "virus" no longer had control of the browser. I re-launched the browser, and then did the download again.
Ran the removal tool - it found nothing. Grr?? I can only assume that the "virus" was some sort of source type code - ie a mix of html and possibly Java - written well enough to prevent doing anything inside the browser. But not true ransom ware - it was bluffing.
Shut down , re-booted, things looked good. No sign of miss behavior anywhere. Let wifelet go back to browsing and went to bed.
Tonight is double check of "disaster preparedness" - do another full AV scan, do a back up, check that I have stand alone boot disks, etc etc.
Jim
A window opened, and it was full of Microsoft graphics, and text indicating that our system was virus infected, and that she/we needed to call Microsoft Tech Support at 844-xxx-xxxx. She was unable to do anything w/ the system - could not close the MS browser (what ever they call it these days - running Win 10).
She called me - what to do? I said power off / on. She tried it - same thing - but now at a DOS window - before the desktop was displayed. We know its a scam, but how to fix? Our anti virus did not alert to anything. I speculated that she clicked an executeable somewhere, but she swore she hadn't.
Did some searches here on SMC, and also w/ Goggle. Struggled w/ search words.
Assuming that the system was spiked - data got encrypted - what to do? Have a backup 8-10 days old, but have never tried a boot CD followed by a restore (using Acronis Backup). Figured that I may need to buy a new hard drive and restore to that. But getting things back if the restore didn't work - that bothered me.
System came w/ Win 7, and we upgraded to Win 10 during the freebie period. Would that still work, or was a commercial copy of Win 10 also in my future?
Got home - booted - got in to the desktop, could read everything. Picked a couple of text type files at random. No encryption. Launched the anti virus - did a full scan - nothing.....
Launched the IE replacement (Edge? what ever its called) - then it hit. Once in to the browser, I could do nothing - only way I could kill it was w/ Task Manager.
Launched Chrome - it was clean. Did some more searching - got hits for something similar to what I was seeing but not an exact match. Couple of possible solutions was to clear cache, and to also down load the MS Malicious Software Removal tool.
Naturally, Microsoft moved stuff around from where it was in control panel of previous versions, was looking for the IE settings popups - clear cache, etc. Did find Windows Update. Clicked it - and SHAZAM!! Update broke the hold that the "virus" had on the browser. I started the download of the Removal tool and cleared cache.
The clear killed my down load, but that was ok - as the "virus" no longer had control of the browser. I re-launched the browser, and then did the download again.
Ran the removal tool - it found nothing. Grr?? I can only assume that the "virus" was some sort of source type code - ie a mix of html and possibly Java - written well enough to prevent doing anything inside the browser. But not true ransom ware - it was bluffing.
Shut down , re-booted, things looked good. No sign of miss behavior anywhere. Let wifelet go back to browsing and went to bed.
Tonight is double check of "disaster preparedness" - do another full AV scan, do a back up, check that I have stand alone boot disks, etc etc.
Jim