Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Bad URL give me ransomware?

  • Please log in to reply
1 reply to this topic

#1 MissPatti


  • Members
  • 2 posts

Posted 21 February 2017 - 07:20 PM

I got ransomware on my PC last week.  It was shortly after I went by mistake to HxxPS://mg.mail.yahoo. It gave me a message there was technical difficulty in opening the mail and I shut off the browser.  Was this site one of the ones I've heard about where they spoof a real site?   Or, is it a legit yahoo site?

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,907 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:42 AM

Posted 21 February 2017 - 07:47 PM

Virus Total says it is an invalid url.

Actual ransomware usually will have obvious indications (signs of infection)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number to call for assistance.

If there are no obvious extensions appended to your file names, no ransom notes, no demands of payment and your data is not actually encrypted, then you most likely are dealing with fake ransomware, a fake web page in your browser, some version of a Tech Support Scam or something else.For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users