Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Browser Pop-up Crypto Malware

  • Please log in to reply
4 replies to this topic

#1 FuriusP


  • Members
  • 2 posts
  • Local time:04:38 AM

Posted 16 October 2016 - 05:16 PM

I am afraid i have been hacked. First sign was an unauthorized transaction on my credit card and then this happened... While I was browsing on my laptop a chat dialog opened up and a message "If you want to see your files again you have to pay". Then below i had a notification that the admin (Hacker possibly) was typing... Then the next message was "Check your hard drive". When i checked literally all files were gone. I was only left with empty folders and a lot of the folders were gone as well.
I then closed the dialogue and started investigating the problem on another device. A few moments later text document appeared on my laptop desktop which was named File Recovery.
I opened it and a message "If you decided to pay send me a message" an email address is in the text file as well.
The files are pretty much stuff I could live without but several questions arise.
1) Is this a malware? It looked very coordinated to be a computer ransomeware
2) I haven't run any .exe on my laptop that could potentially trigger a shadow file erase. Will I be able to format the windows disc and perform a disc recovery to save what can be saved?
3) Any ideas if the rest of the devices using the same internet IP are in danger?
4) Will a format delete access point to the device?
5) Some of the files that are gone include some personal account info on several websites. (not financial websites etc banks) What are the chances that apart from "deleting" them from the pc also gained access to them? 
At this point i don't really care about the files but rather the overall security of my devices. Any tips or info about this form of attack would be great.
P.S I checked all the reported ransomware / malware notifications and none of the ones i have seen is similar to the way i was notified.

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)



#2 kris-chevyz24


  • Members
  • 10 posts
  • Gender:Male
  • Location:Canada
  • Local time:10:38 PM

Posted 16 October 2016 - 05:51 PM

I had this happen and it turned out all they did was hide all my files. Go into control panel and click on folder options and select show hidden files/folders and click ok.

#3 FuriusP

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:38 AM

Posted 16 October 2016 - 07:02 PM

It seems the intruder used something to wipe out all the files. I have scan the hard disc and I can retrieve most of the files. So i will be performing a format and then try to retrieve them. Not sure how i got this intrusive entry but it is disturbing for sure.


Update: Files are retrievable. No encryption or anything was used so I kinda consider my self lucky. 

Edited by FuriusP, 16 October 2016 - 09:28 PM.

#4 boooliyooo


  • Members
  • 50 posts
  • Local time:11:38 AM

Posted 17 October 2016 - 04:18 AM



If you talk about ransomware, I believe it will encrypt your files automatically.

Nevertheless if you really want to dig further into this intrusion, I guess looking at your logs will reveal something of interests

#5 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,733 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:38 PM

Posted 17 October 2016 - 06:01 AM

What you describe sounds more like a scam.

Tech Support Scamming through unsolicited phone calls, emails and browser pop-up from "so-called Support Techs" advising "your computer is infected with malware", All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common and prolific scam tactic over the past several years. Actual ransomware infections are created to alert victims that their data has been encrypted and demand a ransom payment, typically by leaving ransom notes in every directory/affected folder where data has been encrypted.

Read Beware of Phony Emails & Tech Support Scams

You may also want to read When should I reformat?
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users