Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

855-260-9264 Ransom/Support infection?


  • Please log in to reply
10 replies to this topic

#1 potus5

potus5

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 12 October 2016 - 08:42 PM

Need help.

Not sure if this the right place to post this.

Not sure if this is a ransom or fake tech support type of infection.

Will not let me close Chrome browser window or tab or go to other tabs.

There is also a constant "critical alert from Microsoft" audio constantly playing.

 

Hi_Jack.jpg


Edited by potus5, 12 October 2016 - 10:11 PM.


BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:49 PM

Posted 12 October 2016 - 08:55 PM

 

Is there a way to attach a jpg of the screenshot?

 

Hi

Try this.

http://www.bleepingcomputer.com/forums/t/536686/how-do-i-post-a-screen-shot/


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 AM

Posted 12 October 2016 - 09:21 PM

Probably just a tech scam. You should be able to open Task Manager, kill each chrome.exe, then restart the browser. If Chrome asks you to restore the crashed session, tell it NO.

 

Or simply restart your computer. If it comes back after that, then you may have an infection or junk extension causing it.

 

If you give us the URL (break the click-ability of it by putting brackets around the ".com" portion), we can get it reported and possibly taken down.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 potus5

potus5
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 12 October 2016 - 10:23 PM

Thanks NickAu. See my edit for the "screen capture" image now.

 

Demonslay, that was my first thought and then I figured it might be safer to run it by you guys first.

Is there any danger that a reboot would just "solidify" it's entrenchment?



#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 AM

Posted 12 October 2016 - 10:45 PM

If it's a concern, you could reboot into safe mode with networking to run scans.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 AM

Posted 13 October 2016 - 05:58 AM

Tech Support Scamming through unsolicited phone calls, emails and browser pop-up from "so-called Support Techs" advising "your computer is infected with malware", All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common and prolific scam tactic over the past several years. The scams may involve web pages with screenshots of fake anti-virus software displaying warnings of bogus malware infections, fake ransomware and fake BSOD which include a tech support phone number to call in order to fix the problem. More nefarious scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

Closing the web browser and then relaunching it usually eliminates the bogus warning message and is the best way to deal with these scams. If the browser freezes or hangs, you may have to close it with Windows Task Manager by selecting End Task...see Tech Support Scams use new Tricks to Hold Browsers Hostage. Afterwards, be sure to refresh (clear) your browser's cache.

For more information and resources to protect yourself from scams, please read Beware of Phony Emails & Tech Support Scams


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 potus5

potus5
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 13 October 2016 - 12:02 PM

It looks like Demonslay was right. Forced all Chrome windows to close over 12 hours ago and the problem has not shown it's self again - at least not yet. Will clear history now as added precaution.

 

Is there anyone to contact to report this to see if these individuals can be stopped from doing this?

I would think that the phone number provided in scam could be used to track them down.

Also looking at the history I see that some of the links are (or start with):

h ttps://dnshost ".me"/in/726817356/?ads=wy0z4b6cj8
h ttp://engine.spotscenered ".info"/Redirect ".eng?"
h ttp://server31.adserverclicksnow ".com"
h ttp://security-g4y1we ".tech"/critical ".dll"

Edited by potus5, 13 October 2016 - 12:12 PM.


#8 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 AM

Posted 13 October 2016 - 12:18 PM

I've tweeted the scam site, it will propagate to those who can track it down better than I and get it reported. :)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 AM

Posted 13 October 2016 - 02:44 PM


Venues for reporting malicious software & sites:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 potus5

potus5
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 13 October 2016 - 10:19 PM

OK thanks for the help. Hopefully it's gone for good.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 AM

Posted 14 October 2016 - 06:03 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users