PDA

View Full Version : Ransome ware near miss



Jim Laumann
09-13-2016, 1:57 PM
Wifelet was using the 'puter yesterday - looked at some email pics, then off to Facebook..... saw a link for uses of Apple Cider vinegar, she clicked it, and it happened.

A window opened, and it was full of Microsoft graphics, and text indicating that our system was virus infected, and that she/we needed to call Microsoft Tech Support at 844-xxx-xxxx. She was unable to do anything w/ the system - could not close the MS browser (what ever they call it these days - running Win 10).

She called me - what to do? I said power off / on. She tried it - same thing - but now at a DOS window - before the desktop was displayed. We know its a scam, but how to fix? Our anti virus did not alert to anything. I speculated that she clicked an executeable somewhere, but she swore she hadn't.


Did some searches here on SMC, and also w/ Goggle. Struggled w/ search words.


Assuming that the system was spiked - data got encrypted - what to do? Have a backup 8-10 days old, but have never tried a boot CD followed by a restore (using Acronis Backup). Figured that I may need to buy a new hard drive and restore to that. But getting things back if the restore didn't work - that bothered me.

System came w/ Win 7, and we upgraded to Win 10 during the freebie period. Would that still work, or was a commercial copy of Win 10 also in my future?

Got home - booted - got in to the desktop, could read everything. Picked a couple of text type files at random. No encryption. Launched the anti virus - did a full scan - nothing.....

Launched the IE replacement (Edge? what ever its called) - then it hit. Once in to the browser, I could do nothing - only way I could kill it was w/ Task Manager.

Launched Chrome - it was clean. Did some more searching - got hits for something similar to what I was seeing but not an exact match. Couple of possible solutions was to clear cache, and to also down load the MS Malicious Software Removal tool.

Naturally, Microsoft moved stuff around from where it was in control panel of previous versions, was looking for the IE settings popups - clear cache, etc. Did find Windows Update. Clicked it - and SHAZAM!! Update broke the hold that the "virus" had on the browser. I started the download of the Removal tool and cleared cache.

The clear killed my down load, but that was ok - as the "virus" no longer had control of the browser. I re-launched the browser, and then did the download again.

Ran the removal tool - it found nothing. Grr?? I can only assume that the "virus" was some sort of source type code - ie a mix of html and possibly Java - written well enough to prevent doing anything inside the browser. But not true ransom ware - it was bluffing.

Shut down , re-booted, things looked good. No sign of miss behavior anywhere. Let wifelet go back to browsing and went to bed.

Tonight is double check of "disaster preparedness" - do another full AV scan, do a back up, check that I have stand alone boot disks, etc etc.

Jim

Wade Lippman
09-13-2016, 2:09 PM
I've been hit with that half a dozen times. You have to shut off the internet and load the browser. That pretty much fixes it.
I then run 4 antivirus products, but they never find anything.

Izzy Camire
09-13-2016, 2:34 PM
I had something similar a while back. A friend suggested SAS (Super Antispy Software). I downloaded the trial version and it found all kinds of junk on my machine I thought it did a good job.

http://www.superantispyware.com/

Mike Henderson
09-13-2016, 8:38 PM
It is HIGHLY unlikely that your data is encrypted. If you pull the plug and restart your computer, it likely will start okay.

When you restart your browser, kill that window before it can download again.

Mike

Erik Loza
09-13-2016, 8:52 PM
One one of the numerous times I'm glad my dad probably can't figure out how to use the interwebz. He'd be easy prey.

Erik