Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Locked by virus - Critical-virus.info - Call 855-790-8386 to fix


  • Please log in to reply
5 replies to this topic

#1 bomber1712

bomber1712

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:27 PM

Posted 20 December 2015 - 10:59 PM

A friend sent me this photo: http://1drv.ms/1kbycX7 and asked me what to do.  Their daughter (non-admin account) was logged into the computer and was on a high school homework website when this happened.  Once the message popped up, the computer was "locked up" and the user was unable to do anything, and the warning was on-screen and audible.  I am very suspicious, as I have never seen or heard of anything like this.

 

I was able to log in to an alternative account with no issues.  I ran MBAM and ESET online scanner.  They found nothing.  Not sure what else to do, so I am seeking advice.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:27 PM

Posted 21 December 2015 - 06:03 AM

Tech Support Scamming using browser pop-up alerts with phony telephone numbers from "so-called Support Techs" advising your computer is infected with malware has become an increasing common and prolific scam tactic over the past several years. In some cases, the scam may be a web page which looks like a BSOD and includes a tech support phone number to call in order to fix the problem.

techcall1-300x214.jpg

You may want to read Your PC Is Infected Round-up by Chris Boyd at the Malwarebytes Security Blog.

In the majority of these cases the scammers use social engineering to trick a victim into spending money for unnecessary technical support or to buy an application which claims to remove malware. They typically use bogus error or warning messages (web page redirects & pop-ups) to falsely indicate that your computer is infected or has critical errors. This is done as a scare tactic to goad you into calling a phony tech support phone number shown in the pop-up alert and allowing the scammer remote control access to your computer in order to fix the problem. In some cases you are instructed to download malicious software which will actually infect your system. If the victim agrees, the support usually costs hundreds of dollars and often leaves the victim's computer unchanged or intentionally infected with malware.The warning alert may claim to be affiliated with Microsoft or Windows Support. Microsoft does not contact users via web page messages, phone or email and instruct them to call tech support to fix your computer.Closing your browser and then relaunching it usually eliminates the bogus warning message and is the best way to deal with these scams. If the browser freezes or hangs, you may have to close it with Windows Task Manager by selecting End Task.

If the warning alerts continue to appear after closing and reopening the browser, they could be the result of an ad-supported browser extension, adware or potentially unwanted programs typically bundled with other free software you download and install. In that case, you may need to perform security scans with Malwarebytes Anti-Malware, AdwCleaner and JRT (Junkware Removal Tool).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:27 PM

Posted 21 December 2015 - 02:31 PM

Thanks for the reply and advice. One last question: if there's no virus or malware, how does the scammer gain access to the computer to display this message?

FYI - I ran JRT and ADW cleaner as precaution. They both removed some entries. Can I assume the computer is all clear? (I guess that's a second question :-)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:27 PM

Posted 21 December 2015 - 04:21 PM

In most cases, it is just a browser pop-up alert which is displayed, not something malicious on the computer. However, if someone falls victim of the scam, calls the tech support phone number and allows the scammer remote access...then the computer could be compromised with actual malware.

I would also perform a scan with Malwarebytes.

If you want a more comprehensive look at your system for possible malware by experts,, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If you choose to post a log, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:27 PM

Posted 21 December 2015 - 08:47 PM

I did an MBAM scan and it was clean.  I will consider the matter closed and thank you for your help and advice.  I will have my friend watch the computer for any strange behavior.

 

Thanks.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:27 PM

Posted 21 December 2015 - 10:05 PM

You're welcome.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users