Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransom pop up in browser authentication required http://bid.inspectoraw.top


  • Please log in to reply
5 replies to this topic

#1 drbobj

drbobj

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 05 October 2016 - 03:18 PM

Not sure if this is actually true ransomware since it is really just a pop up window from within browser

.

In the process of using mozilla/firefox a tab opened red background with window titled security essentials inside the window says PC status: At risk. Then a pop up appeared Authentification Required asking for a user name and password by hxxp://bid.inspectoraw.top "The Site says" "Security Update Error 0xB376194 Help Desk: +1 (888) 664-2106.

 

Below is link to image from dropbox

https://www.dropbox.com/s/5snjeyjfdt6gj5b/2016_9_lockout%20website.png?dl=0

 

Did not call the number. I used task manager to close firefox, ran malwarebytes, nothing was found.

 

I do not see any signs that my computer is actually ransomed, no evidence of files encrypted etc, Computer seems to work OK for basic tasks. Although I do not know exactly what to do to check "under the hood" so to speak.

 

Anyone have any experience with this or recommend what to do?

 

Any assistance would be appreciated

 

Bob J 

 

Edit: Deactivated malicious website~


Edited by xXToffeeXx, 05 October 2016 - 03:20 PM.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,471 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:22 PM

Posted 05 October 2016 - 04:01 PM

That is just a tech scam screenlocker, not a "real" ransomware. You stumbled across it either by a mistyped URL (e.g. "gogle.com" or something), or from an advertisement. If you just kill the browser process entirely, and do not open those pages again, it should be gone.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 05 October 2016 - 04:30 PM

Thanks Demonslay335,

 

That is pretty much what I suspected, good to have it confirmed, if I do happen to encounter it again I will update this post with what I did prior to it;s appearance

 

Until then we will consider this Demon Slayed

 

Thanks again

 

BobJ



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 05 October 2016 - 06:44 PM

And this type of scam is not new...see Beware of Phony Emails & Tech Support Scams


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Catemaco

Catemaco

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 06 October 2016 - 04:32 PM

I really hope you are right, DemonSlay335.  I also received this popup. complete with a recorded message that started playing automatically.

 

Since I have, in fact, had problems with Windows security updates recently, I was (am) pretty worried.  I knew that the message was not legit (the URL bid.inspectoraw.top certainly looks suspicious).  I've certainly never done business with anyone like that, and I know Microsoft Security Essentials does not have a "Help Desk".  In fact, on my Windows 8.1 machine, I don't think I have Windows Security Essentials.  Windows Defender replaced Security Essentials on Windows 8.

 

And note that the popup window title is "Security Essential", singular, not Security Essentials.

 

Another note - my ad blocker was temporarily disabled in Firefox when this happened.

 

I just hope this didn't come from something that actually got downloaded to my computer and could do further damage.

 

Catemaco

 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 06 October 2016 - 04:47 PM

If closing the web browser and then relaunching it did not eliminate the pop-up and it continues, that could be the result of an ad-supported browser extension, adware or potentially unwanted programs...not ransomware. If that is the case you should run scans with the tools I noted at the bottom of the topic in the link I provided above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users