Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

popup fake phone support takes over Chrome


  • This topic is locked This topic is locked
7 replies to this topic

#1 jerryc

jerryc

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 August 2015 - 05:57 AM

I read through the list of malwares and didn't see this exact one.  In Chrome, it pops up a new tab and freezes the browser, two windows and multiple tabs completely unusable,  but in Firefox it opened a new window that was easily closed.  It appears that if I don't use Chrome it doesn't run, but I am not sure. I am not seeing computer slowdowns or any other issues.  There are no recent software installs, no odd programs etc.

 

The page that comes up says it's Adwareblocker.com.  It has a background that's grey and with a sort of DOS looking text, and a large sidebar with a scroll bar.  The text says various things and includes a phone number.   It plays a repeating voice message that the computer may be infected, and to call that number.  I didn't write that down but it's a long number/out of country, something like 1-814-xxxx, which I think is another country.

I am somewhat experienced, and have run AdwCleaner, Malwarebytes and Win Security Essentials, and no cure.  AdwCleaner log shows 'yourtango.com' which I know nothing about.  Malwarebytes quarantined 'hijack.host'. 


Edited by jerryc, 13 August 2015 - 06:42 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 AM

Posted 13 August 2015 - 10:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If Firefox and or Internet Explorer are running well I suggest you remove Chrome.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
---

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


Wait for further instructions.

#3 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 August 2015 - 05:34 PM

Before I do all that, I can do nothing in Chrome.  It's completely frozen and will only open that tab.  So I cannot save sessions or bookmarks.  Or, do you know if Session Manager and Session Buddy will save those and run correctly once Chrome is reinstalled?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 AM

Posted 14 August 2015 - 07:43 AM

Just run the Farbar tool and post the logs.

Will take it from there.

#5 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 15 August 2015 - 04:02 AM

Aha; I just ran Chrome today and at the bottom of the page, there was a 'leave this page' box.  I don't know if it was there before, I don't think so, I'm pretty careful about those sorts of things, but anyway  I clicked it and poof, that tab is gone and I can use the browser again.  
You have many things going on and I think I'm ok, so I'll be out for now.
Thank you very much
Jerry


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 AM

Posted 15 August 2015 - 08:17 AM

I just ran Chrome today and at the bottom of the page, there was a 'leave this page' box. I don't know if it was there before, I don't think so, I'm pretty careful about those sorts of things, but anyway I clicked it and poof, that tab is gone and I can use the browser again.

This happens on some site.

Read about it.
http://superuser.com/questions/639084/malicious-confirm-navigation-dialogs

===

To stop this popup on all site you need to disable Java.

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If you do this then some site or games will not work correctly until you re-enable it.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 AM

Posted 21 August 2015 - 10:50 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:59 AM

Posted 27 August 2015 - 07:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users