Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Browser Frozen and a Screen voice tells me to Call them


  • Please log in to reply
12 replies to this topic

#1 RogerE

RogerE

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 03 February 2017 - 02:19 PM

My Chrome browser periodically ( every 2 - 3 days) freezes and a message is posted that tells me the computer is infected.  Recently, these messages have a verbal component telling me the same thing the message says.

 

I have run Adwcleaner_6.043, Zemana, unHackme,  Malwarebytes, Windows Defender, and HitmanPro. The message keeps returning with the screen frozen.  

 

So far, when the pop-up / frozen screen occurs, I go to Task Manager, and use the end process key to clear Chrome.  I run the listed programs, then open up the Chrome Browser -without the refresh option and start over where I was before the interruption.

 

Additionally, when I leave Drudge.com on a tab for a while I get an ATT&T survey. I am waiting to see if cleaning the first issue will impact this bogus survey problem.

 

Roger


Edited by hamluis, 03 February 2017 - 02:47 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 03 February 2017 - 08:42 PM

Every 2-3 days....sounds like you are visiting the same site where this pop-up is hosted....just a guess.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Block Third party cookies (ad/ tracking cookies) from installing. Once you have blocked them, run CCleaner again to remove existing ones.

How to disable third-party cookies in all major web browsers

 

If you don't have an ad blocker installed I suggest you install Adblock Plus. Once installed Click on the ABP icon at the top of the browser and

choose Filter Preferences. UNcheck the box next to Allow some non-intrusive advertisements.


Edited by buddy215, 03 February 2017 - 08:45 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 RogerE

RogerE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 03 February 2017 - 10:38 PM

buddy215,

 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Roger Erickson (Administrator) on Fri 02/03/2017 at 19:19:10.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Roger Erickson\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder) 
Successfully deleted: C:\Users\Roger Erickson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/03/2017 at 19:21:16.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I ran this software yesterday.   I then thought I was "jumping the gun" so I stopped trying to fix the problem myself.  So, if this is a small amount of text, I did run it once before.  When this current run finished it asked if I wanted to replace the previous file - which I did.
 
I am now going to follow the next steps to block third-party cookies and install adblocker
 
Thanks for your quick response!
 
Roger


#4 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 04 February 2017 - 06:21 AM

Just to be clear...a previous scan using JRT removed more than what is shown in the log you posted...did I get that right?

 

I see I didn't give a link to Adblock Plus yesterday...oops...Adblock Plus - Chrome Web Store

No biggie...just wouldn't want you to get that download from another site.

 

The extension/ add-on that JRT removed is called The Great Suspender. Did you intentionally install that?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 RogerE

RogerE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 04 February 2017 - 10:32 AM

buddy215,

 

You got the JRT right.  I ran it once before posting this topic.  I did remember this morning that I did not have the screen freeze after the first run of JRT.

 

I got the Adblock Plus from Chrome Web Store and installed it.

 

I had installed the The Great Suspender previously.  I would like to add it again, but will wait for your response.

 

I am currently a part of a webinar on Theotrade.com.  The chat does not work due to a cookie issue.  I assume that is due to my following the "How to disable third party cookies"  

 

Regards, Roger



#6 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 04 February 2017 - 12:45 PM

Some sites do insist on allowing their ads...that could be the case Theotrade.com. It could also be that ABP is blocking the ads. Try opening ABP after going to that

site and choosing to allow it. You will need to refresh the page after allowing it in ABP.

 

The reason I asked about Great Suspender is because I couldn't find a reason for JRT to delete it. I suggest you wait a few days to see if the criminal's popup returns

or not before reinstalling Great Suspender. That way you would know that add-on was not the cause or was the cause.

 

Let me know if the criminal's popup returns...otherwise...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 RogerE

RogerE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 04 February 2017 - 01:46 PM

buddie215

 

I am communicating with you on my Laptop which has The Great Suspender and there have been zero issues like on my desktop which we are fixing.

 

I will continue using the desktop and see what happens.  I will get back next Saturday (I am in San Jose, CA for time zone ) and let you know what issues - if any have popped up.

 

Many Thanks,

 

Roger



#8 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 04 February 2017 - 04:14 PM

My grandson interned with Cisco in San Jose last summer. They offered him a job when he graduates this year. Just a bit of trivia from a proud grandad.

 

I'll keep a light on for ya.....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 RogerE

RogerE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 11 February 2017 - 11:50 PM

buddy215,

 

Well, it's still Saturday here on the wet west coast, almost missed my promise to get back to you.

 

I have had zero problems with my computer this week, so it looks like the JRT scan did the trick.

 

Now that I am a bit more familiar with Bleeping Computer I want to solve some networking problems, establish a good protection process, and enhance my backup routing on my wife's and my computers.

 

Also, will look up pay pal for a donation.

 

Roger 



#10 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 12 February 2017 - 07:11 AM

I would suggest using Windows free protection along with MBAM. Having knowledge of how malware gets on the computer and avoiding the

pitfalls is the larger part of computer security....as I often state...the best computer security program is between one's ears.

 

For sure...ask for advice/ assistance in the forums most related to whatever problem or information you are seeking.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 RogerE

RogerE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 17 February 2017 - 04:09 PM

I have been running fine, until today.  I was on Drudge and saw what I
thought was part of Drudge on the right side of the screen.  I clicked on a
story and immediately I was hit with the Frozen screen, red background,
sounds, and a message to call tech support.

I have run JRT and here is the result.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Roger Erickson (Administrator) on Fri 02/17/2017 at 12:57:59.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{948B491A-55E7-4D76-AE6E-5840AE2A35F7} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/17/2017 at 13:01:02.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  I will not click on that stuff again.

Roger

 



#12 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 17 February 2017 - 04:29 PM

Suggest closing the browser when that happens and immediately running CCleaner to delete browser's cached files.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 RogerE

RogerE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 22 February 2017 - 01:37 PM

One last post, I said I clicked on something in Drudge, at is wrong.  I clicked on a "sponsored site" on the right side of the Facebook page.  

 

The clean up after the last episode has returned my computer to no incidents of the frozen screen or the bogus survey's.  I ran the clean up on all the rest of our computers.

 

So, now my wife and I are moving on to networking / backup fixes that are sorely needed.  

 

Again, thanks for your help!!

 

Roger 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users