Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red Screen hijack?


  • Please log in to reply
5 replies to this topic

#1 mejim

mejim

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hoonah, Alaska
  • Local time:03:41 PM

Posted 02 February 2017 - 02:31 AM

New: all in one PC (not sure of the brand)

Windows 10

 

Hi,

 

A friend got one of those scam popups on his edge browser. This one:                                                                                                                                                                            

RDN/YahLover. worm !055BCCAC9FEC  It displays a red screen and tells you to call microsoft tech support with big warnings all over it.

 

Well, he called them and followed their instructions. They had him remove his McAfee anti virus and proceeded to put a few different things on his computer such as Google Chrome, Firefox plus a program that says it is a security (antivirus?) program and windows defender (he says). He paid them $150.00 bucks then he called me after worrying about it(he got his money back for the credit card). (Now) everything works and he can browse on google chrome but not the Microsoft edge browser.

Malwarebytes says there is nothing wrong but you can't click on the (e) browser button because it will just bring up the red screen and warning page again. I couldn't get rid of it.

 

Is there a simple way to get rid of this nuisance or what can a guy do. My trouble is I don't know what is legit on his computer and what is not. It's hard to ask him because he doesn't do computers much. He and his wife are facebook and email etc.I would like to restore his IE for him so that he has confidence in his PC.

 

Also, I've looked at different remedies and it tells me to clear the cookies in the IE browser. How do I do this? I mean I can't even open the browser and the red screen pops up. I am hoping someone here has a easy fix. 

 

ps - I downloaded avast but it would't install. Maiwarebytes did download and installed.

 

Thank you.


Edited by mejim, 02 February 2017 - 02:33 AM.


BC AdBot (Login to Remove)

 


#2 MDD1963

MDD1963

  • Members
  • 699 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 02 February 2017 - 04:11 AM

It's hard to believe people still fall for this anymore.......honestly.


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#3 MDD1963

MDD1963

  • Members
  • 699 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 02 February 2017 - 04:13 AM

Have him delete the current (possibly hijacked/redirected) browser shortcut, and, see if the browser is hijacked when launched from start/programs/ etc....

 

Check browser's homepage!


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 PM

Posted 02 February 2017 - 06:53 AM


Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails (aka Tech Support Scamming) from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

These are a few examples.

The scammer may claim to be affiliated with Microsoft or Windows Support. However, there have been reports of scammers claiming to be affiliated with major computer manufacturers such as Hewlett Packard, Lenovo and Dell, familiar security vendors like Symantec, Panda, McAfee, etc. and even popular ISPs.

Microsoft does not contact users via web page messages, phone or email and instruct them to call tech support to fix your computer.

Not answering any questions and hanging up the telephone is the best way to deal with phone scammers...then report them to the appropriate authorities.

If you are dealing with browser pop-up scams, closing the web browser and then relaunching it usually eliminates the bogus warning message and is the best way to deal with these scams. If the browser freezes or hangs, you may have to close it with Windows Task Manager by selecting End Task.

Scammers and cyber-criminals are very innovated...see Tech Support Scams use new Tricks to Hold Browsers Hostage. They are always developing creative and more sophisticated techniques to scare their victims into providing personal information or stealing their money for financial gain. The criminals can target specific browsers like Microsoft Edge, Google Chrome, specific devices like Apple and even your iPhone or iPad.

Some scam sites may lock up the browser, load the page in full-screen mode or spawn an infinite loop of repeating fake alert dialog boxes that prevent the victim from closing it or navigating away. Despite years of warnings by experts not to click on anything, such behavior requires victims to click OK or similar prompt on the fake alert message if using Dialog Loop Protection supported browsers like Microsoft Edge in order to escape or close the page. Google Chrome has a feature to "Prevent this page from displaying additional dialogs". Some Tech Support scams have similar alerts while others are simply made up and clicking OK can produce the opposite effect. If you are dealing with this type of scam, click the OK button at the bottom of the alert and you should then see a box that says "Do not allow this site to create new pages". Check that box and close the window.

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.

If you need individual assistance with a malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

 

If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic. If not, at least you know doing that is an option available to you.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mejim

mejim
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hoonah, Alaska
  • Local time:03:41 PM

Posted 02 February 2017 - 01:06 PM

It's hard to believe people still fall for this anymore.......honestly.

My friend even  put faith in the crook he was talking to with the number provided. He's no dummie, he is just flustered by technology. Thought he was getting help but was being scammed. but he did know something wasn't right so he called me. Trouble with me being there for him is I don't know what was (all) taken off besides his McAfee and more importantly what was installed into his computer. 

I don't know, I guess we all learn by mistakes so I won't judge him. Lords knows we've all been there.

 

Have him delete the current (possibly hijacked/redirected) browser shortcut, and, see if the browser is hijacked when launched from start/programs/ etc....

 

Check browser's homepage!

The scammer had him put on Google Chrome to use and it does work. His preferred browser, Microsoft Edge (ME), is pinned on his task bar. The moment you click on it the block comes up (red screen).

Not sure what you mean by going to browsers homepage; Chrome or ME? ME is the trouble maker and he likes MSN dot com what the computer came with as a homepage.  

Shall I delete the (e) button off the task bar? Or MSN dot com? 

 

Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails (aka Tech Support Scamming) from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

These are a few examples.

The scammer may claim to be affiliated with Microsoft or Windows Support. However, there have been reports of scammers claiming to be affiliated with major computer manufacturers such as Hewlett Packard, Lenovo and Dell, familiar security vendors like Symantec, Panda, McAfee, etc. and even popular ISPs.

Microsoft does not contact users via web page messages, phone or email and instruct them to call tech support to fix your computer.

Not answering any questions and hanging up the telephone is the best way to deal with phone scammers...then report them to the appropriate authorities.

If you are dealing with browser pop-up scams, closing the web browser and then relaunching it usually eliminates the bogus warning message and is the best way to deal with these scams. If the browser freezes or hangs, you may have to close it with Windows Task Manager by selecting End Task.

Scammers and cyber-criminals are very innovated...see Tech Support Scams use new Tricks to Hold Browsers Hostage. They are always developing creative and more sophisticated techniques to scare their victims into providing personal information or stealing their money for financial gain. The criminals can target specific browsers like Microsoft Edge, Google Chrome, specific devices like Apple and even your iPhone or iPad.

Some scam sites may lock up the browser, load the page in full-screen mode or spawn an infinite loop of repeating fake alert dialog boxes that prevent the victim from closing it or navigating away. Despite years of warnings by experts not to click on anything, such behavior requires victims to click OK or similar prompt on the fake alert message if using Dialog Loop Protection supported browsers like Microsoft Edge in order to escape or close the page. Google Chrome has a feature to "Prevent this page from displaying additional dialogs". Some Tech Support scams have similar alerts while others are simply made up and clicking OK can produce the opposite effect. If you are dealing with this type of scam, click the OK button at the bottom of the alert and you should then see a box that says "Do not allow this site to create new pages". Check that box and close the window.

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.

If you need individual assistance with a malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

 

If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic. If not, at least you know doing that is an option available to you.
 

 Thank you sir. I will do this step by step.

Jim



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 PM

Posted 02 February 2017 - 01:23 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users