Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransom Ware? Cannot close Internet Explore and Need HELP Now!


  • Please log in to reply
6 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:04:42 PM

Posted 04 June 2016 - 06:47 PM

Hello,

I have just had my first experience with Ransom ware a few hours ago!  I turned on my computer, decided to use Internet Explorer instead of one of my other web-browsers, then typed in www.palottery.com,  then clicked enter, and that is when a message popped up stating: 

"Dear Pennteledata inc. customer,

 

Your IP: 70.15.203.116 has been blocked

A serious malfunction has been detected with Windows Vista / Server 2008 and you IE 9.0. Please call the toll-free number below for a certified technician to help you resolve the issue.

 

855-203-2052

 

For your safety, closing the IE browser has been disabled without support of the certified technician to avoid corruption to the registry of your Windows Vista / Server 2008 operating system

 

Please contact support at the toll-free Helpline 855-203-2052

 

DO NOT SHUT DOWN OR RESTART THE COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND POSSIBLE FAILURE OF THE OPERATING SYSTEM AND POTENTIAL NON BOOTABLE SITUATION RESULTING IN COMPLETE DATA LOSS, CONTACT MICROSOFT CERTIFIED TECHNICIANS TO RESOLVE THE ISSUE CALLING TOLL FREE - 855-203-2052"


I tried closing the above message so I could see the message below, but it keeps popping back up. So I tried to time it just right so when the message window closes and right before it pops back up I was able to take a screen shot of the message window under it. I will try to enclose the screenshots of both messages.

I do not know if anything made it to my computer or not. I tried running a scan with MBAM Free and will ran 2 scans with Microsoft Security Essentials. They both turned up nothing. I even did a scan with SUPERAntiSpyware free and that only detected cookies.

My operating system is: Windows Vista Home Premium

I initially started a topic in the: "Am I Infected? What do I do?" section Here is the link to my Topic post there:

http://www.bleepingcomputer.com/forums/t/616347/ransom-ware-cannot-close-internet-explore-and-need-help-now/

I made screenshots of the messages, but was unable to post them in the topic post I mentioned above.

Please, I need HELP IMMEDIATELY!!! I need to know if I can turn off my computer with out damaging it and if there is any "Ransom Ware" on my computer! Thank you!
 



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:42 PM

Posted 04 June 2016 - 07:03 PM

I don't believe you have ransomware unless your files are encrypted and cannot be opened. This is more of a support scam.

Chances are it is just in the browser, and nothing was actually installed. It would be best to continue in the topic you opened in the Am I Infected subforum. Someone will be able to assist you there in scanning your system for infection, and more information on how these scam alerts work. Remember, this forum is full of volunteers, so you may have to be patient for someone to assist.

I will check out the domain you posted when I am at a computer to confirm.

Edited by Demonslay335, 04 June 2016 - 07:04 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:04:42 PM

Posted 04 June 2016 - 10:33 PM

Thank you!



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 04 June 2016 - 10:50 PM

http://www.bleepingcomputer.com/forums/t/616347/ransom-ware-cannot-close-internet-explore-and-need-help-now/#entry4015074

 

Please read this reply as well


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 PM

Posted 05 June 2016 - 06:36 AM

Beware of Phony Tech Support Scams
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:04:42 PM

Posted 05 June 2016 - 10:54 AM

I did go back to my original topic post listed above and followed the advice of Condobloke. Who advised me to send a PM to Curie to ask for a further look into my system because I just had a "Kovter" infection that got cleaned up and was closed about 4 days ago.

@Bleepin' Janitor  I figured it was a phony Tech Support Scam right away when none of my "security" programs: Anti-virus/Anti-malware programs, did not pick anything up on their scans, but I wanted to make sure nothing made it to my computer undetected to be able to cause havoc with my computer!  When it was getting close for me to go to bed I decided: "Heck with it I am turning my computer off anyway! I am NOT leaving my computer on over night!" So I turned it off. then a few minutes later I decided to give it one last shot to see if anyone had replied to my posts and to see if anything would be picked up on the "Security" scans on start up. Which happened with the "Kovter" infection; Microsoft Security Essentials would pick that up after Initial Start up and Windows Desktop would open.  But nothing was picked up. Then I remembered that SUPERAntiSpyware has a function that can show almost every program on my computer! Dang there are a TON of them!! Most of them I don't use any more, some I thought I uninstalled, some I did not even know I had, and the rest are probably essential for my computer. But again Nothing really obvious stuck out that would indicate that there might be a problem. The only things that could indicate are "Unsigned" and "out of date" or "invalid" by the company name, I presume that it indicates that the "certificate" to verify that the program is made by said company.

Thank for your replies!



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 PM

Posted 05 June 2016 - 04:13 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users