Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking for some advance help for possible Ransomware, etc.


  • Please log in to reply
6 replies to this topic

#1 Trakkur

Trakkur

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 December 2016 - 12:50 PM

Well, I was hoping I wouldn't have to come back here again - although you are all VERY fine people - but here I am again. This time is to seek your assistance in what appears on the surface to be a possible ransomware infection, or possibly (Hopefully!) just appears to be and isn't.

 

I was working and suddenly got a frantic phone call and text from my wife which contained a photo that showed our Chrome Browser with a popup on top of a Microsoft website - that I know my wife was NOT on at the time, she was on the Kohl's website, so this is a redirect from there. In any case, the image has a phone number 877-760-4657 and states, "Your computer has been blocked...blah blah blah" 

 

If I could figure out how to post an image here it would be far easier...and informative.

 

In any case, I'm not able to get home yet so I directed her to unplug the network cable from the computer - and leave everything alone for now and to NOT touch it at all, and leave it powered on so I can check it when I get home. She told me that it is frozen now...so I'm very concerned that this is a case of ransomware encrypting my files.

 

My question is:

 

1) What should I do first?

2) How do I check if this is a ransomware infection or not? 

3) How do I know if it's encrypted my files? 

4) What can I do?

 

5) How do I upload images and files to this thread?

 

Thanks in advance. I live on the East Coast and expect to be home tonight by 6-7pm EST. I will monitor this website until I get a chance to look at this, so any help will be GREATLY appreciated.

 

Thanks!

-Rob

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:03 PM

Posted 15 December 2016 - 02:18 PM

Appears you are dealing with a well known scam.

Unsolicited phone calls, browser pop-ups and emails (aka Tech Support Scamming) from "so-called Support Techs" advising "your computer is infected with malware", All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. These are a few examples.Microsoft does not make unsolicited phone calls, display pop-up alerts in your browser to call a support number or send unsolicited email messages to request personal or financial information or to fix your computer.You may want to read: Beware of Phony Emails & Tech Support Scams for more information...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 December 2016 - 04:19 PM

Thanks quietman7 - I will check it out when I get home a bit later tonight. My wife was able to close the browser, so you are probably correct.

 

Once I confirm that I can access our local file, I will clear the browser cache and run Malwarebytes and the others plus my normal scans to confirm all is clean. 

 

Stay tuned for updates later.

 

-Rob



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:03 PM

Posted 15 December 2016 - 07:00 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 15 December 2016 - 10:36 PM

Even if it is not ransomware, and your files are not encrypted, this would be a good time to make sure you have proper backups so you are not out of luck in the event you really do get hit with something serious. :wink:

 

I also agree, it is most probably a tech support scam site. Actual ransomware won't give you a phone number to contact, just an email and or website.

 

If you happen to get a hold of the URL she stumbled on, feel free to PM it to me and we can see about getting it reported.


Edited by Demonslay335, 15 December 2016 - 10:37 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 Trakkur

Trakkur
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 16 December 2016 - 12:59 PM

Thanks everyone, the system is secure now - it wasn't ransomware - but it did have a CRAP ton of malware on it. All cleaned (again) now.

 

Thanks for the help and advise.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:03 PM

Posted 16 December 2016 - 02:24 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users