Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified ransomware


  • Please log in to reply
5 replies to this topic

#1 mammaP

mammaP

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 08 February 2017 - 10:29 AM

I clicked a news item on my hudl android tablet and up popped the message in the picture. There is a small ok in the bottom right corner which would presumably close the window but haven't clicked it.  I haven't a clue what to do with it. I tried to identify it with the identifier but unsuccessfully and it sent me here.  Sorry I don't have any techy info except it is a tablet on android and has avast protection. The thing has been glitchy and everything is backed up on cloud so would be no great loss but I am concerned about it having access to other devices. I have an iphone, chromebook, PB laptop and windows tablet. I have turned off wifi and closed it down for now. Any advice would be much appreciated.  Confused,  how do I post a picture? 

 

 



BC AdBot (Login to Remove)

 


#2 mammaP

mammaP
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 08 February 2017 - 10:38 AM

The message says  

 

 error-warning-critical-serious-27x.online says:

 

WARNING You have been subjected to illegally using or distributing copyrighted contents

 

You have been viewing or distributing prohibited pornographic content

 

Access to the internet has been blocked to protect your information until you fix this issue

 

You are strongly advised to call the certified Tech Support office at

 

08000903822 now for IMMEDIATE assistance

 

The URL space is    ! error-warning-critical-serious-27x    

 

I did not visit any dodgy sites or distribute anything! 


Edited by mammaP, 08 February 2017 - 11:24 AM.


#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:13 AM

Posted 08 February 2017 - 11:43 AM

It's a tech support scam, not ransomware. Ransomware would actually encrypt files on your device; I'm not aware of any that actually encrypts files on Android devices.

 

You probably stumbled upon it on an ad or compromised website.

 

What browser are you using? Is it the stock Android browser, Chrome, or something else? Simply kill the app completely, or hard reboot the device. The procedure varies by the exact device you have, but usually holding down the power button will do it.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,920 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:13 AM

Posted 08 February 2017 - 12:42 PM

Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails from "so-called Support Techs" advising "your computer is infected with malware", “All Your Files Are Encrypted" and other fake "alert messages" has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

These are a few examples.If you are dealing with browser pop-up scams, closing the web browser and then relaunching it usually eliminates the bogus warning message and is the best way to deal with these scams. If the browser freezes or hangs, you may have to close it with Windows Task Manager by selecting End Task.

Scammers and cyber-criminals are very innovated...see Tech Support Scams use new Tricks to Hold Browsers Hostage. They are always developing creative and more sophisticated techniques to scare their victims into providing personal information or stealing their money for financial gain. The criminals can target specific browsers like Microsoft Edge, Google Chrome, specific devices like Apple and even your iPhone or iPad.Some scam sites may lock up the browser, load the page in full-screen mode or spawn an infinite loop of repeating fake alert dialog boxes that prevent the victim from closing it or navigating away. Despite years of warnings by experts not to click on anything, such behavior requires victims to click OK or similar prompt on the fake alert message if using Dialog Loop Protection supported browsers like Microsoft Edge in order to escape or close the page. Google Chrome has a feature to "Prevent this page from displaying additional dialogs". Some Tech Support scams have similar alerts while others are simply made up and clicking OK can produce the opposite effect. If you are dealing with this type of scam, click the OK button at the bottom of the alert and you should then see a box that says "Do not allow this site to create new pages". Check that box and close the window.

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.

If you need individual assistance with a malware infection, you should follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mammaP

mammaP
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 08 February 2017 - 01:05 PM

Thank you both for your replies, it is a huge relief! I was thinking that if I called the number they would demand money to clear it. I haven't heard of tech support scams. I use chrome on everything except the windows tab and iphone so was worried it would infect them all. I did as you said and closed the box then clicked the box that says do not allow new pages. I will look at all the info and try to be more careful in future. Can you recommend any security that prevents ransomware? I have a chromebook, android with chrome, windows tablet and PB laptop also with chrome. Avast on tablet and laptop. 

 

Thanks again for your help.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,920 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:13 AM

Posted 08 February 2017 - 05:03 PM

You're welcome on behalf of the Bleeping Computer community.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users