Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Threat to Disable Computer perportedly from Microsoft


  • This topic is locked This topic is locked
3 replies to this topic

#1 hursthome

hursthome

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 13 July 2016 - 03:25 PM

I am having problems with a virus/worm/Trojan/malware don't know which, purporting itself to be from Microsoft and threatening to disable my computer if I don't call them right away.  I have ignored this and run virus scans using.

 1. My Trend Micro paid subscription,

2. Malwarebytes

3. Adware.

They haven’t cured the problem.  It doesn’t come up everytime I go on line just now and then.

This is the text of the message. It is accompanied by an audio reading of the message.

**YOUR COMPUTER HAS BEEN BLOCKED**

Error #268D3

Please call us immediately at +1-844-307-7679

Do not ignore this critical alert.

If you close this page, your computer access will be disabled to prevent further damage to our network.

 

Your computer has alerted us that it has been infected with a virus and spyware. The following information is being stolen.

 

>Facebook Login

>Credit Card Details

>Email Account Login

>Photos stored on this computer

>You must contact us immediately so that our engineers can walk you through the removal process over the phone.  Please call us within the next 5 minutes to prevent your computer from being disabled.

 Toll free: 1-844-307-7679

One consistent effect is that Firefox opens to "Index of file:///C:/Program Files (x86)/Mozilla Firefox/" This regardless of settings, my homepage is still correct. i.e. my normal is google.com or .ca.  Firefox options/setting does not seem to work. The index issue started after the first appearance of the malware.

I just went online with Chrome and my home page came up as a similar Index.  Didn’t happen with Edge.

 

 

 

 

So far other than being annoying and the Firefox issue it doesn’t appear to have done any damage. 

Has anyone else reported this?

Is it real and should I call the number?

What is the virus?

How do I clean it off?

 

Hursthome

 



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:50 AM

Posted 13 July 2016 - 05:30 PM

Hello hursthome and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Use Task Manager, (Ctr+Alt+Delete), to close any open browser and then, as you say MS Edge is unaffected, use that browser to do the following:

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Download Malwarebytes-Anti-Malware

Click here.

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7, 8, 10 users, please right-click and select “Run as Administrator”)
  • select the “Scan” tab at the top
  • there are three scan types; choose Threat Scan, then click on Scan
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with next post:

AdwCleaner log
JRT.txt
Mbam.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:50 AM

Posted 17 July 2016 - 03:32 AM

Hi hursthome

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:50 AM

Posted 18 July 2016 - 09:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users