Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have I been infected


  • Please log in to reply
5 replies to this topic

#1 duffsparky

duffsparky

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 AM

Posted 21 October 2017 - 07:09 AM

Apologies in advance for the lack of info, unfortunately I panicked and did not collect the info required, however, I also did not delete any files that I'm aware of being associated with ransome/malware.

 

A few days ago, whilst using Firefox 56.0 on an Acer 5920 laptop running Win 10, I wanted to use the Dogpile search engine so I thought I typed in www.dogplie.com into the address bar. What came up was ww2.digpile.(no sure what the extension was) and the page changed to black background warning me that my data was being stolen and I needed to contact them and if I closed the page the PC would be locked. Note: W & 2 and O & I are adjacent to each other on the keyboard so maybe I typed the address in wrong. 

 

Unfortunately, I panicked and pulled the USB WiFi dongle out. I'm not sure what happened next, whether I closed Firefox and rebooted the PC or just rebooted the PC but which ever I did the PC and Firefox started OK and did not seem to have any issues.

 

I then ran several anti-malware/virus programs including:

 

Avast Free anti-virus

SUPERAntiSpyware Free Edition

Malwarebytes

JRT

AdwCleaner

Hitman Pro

Zemana AntiMalware

Housecall

 

All of which only found a few tracking type cookies.

 

Thinking the PC was OK I continued using it, however, I am now not so sure I got off so lightly as Windows Update was switched off and once switched back on it freezes at different places. I've run the Windows Update Diagnostic tool several times but it seems to repeatedly report the same results fixing the same issues.

 

I realise this forum is not for Windows Update issues but I guess I need to know if the PC is infected before I ask for help with the update problem.

 

Any help would be much appreciated.



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 AM

Posted 21 October 2017 - 02:01 PM

Sounds like it was just a tech support scam website. You should be able to easily tell if you look at the browser history; you'd be redirected to something with some kinda keyword relating to support or something.

 

Always a good time to check you have proper backups. :)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 AM

Posted 21 October 2017 - 06:58 PM

Thanks for the reply. Below is an extract from the browser history immediately after the incident:

 

Name:       Microsoft - Official Security Alert Page

 
 
 
 
Name:       ww2.digpile.com/


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 AM

Posted 22 October 2017 - 07:28 AM


Actual ransomware usually will have obvious indications (signs of infection)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Somes types of ransomware will completely rename, encrypt or even scramble file names. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number to call for assistance.

Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails from "so-called Support Techs" advising "your computer is infected with malware", all your files are encrypted" and other fake messages has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.

If you need individual assistance with a possible malware infection, you should start a new topic in the Am I infected? What do I do? forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 AM

Posted 24 October 2017 - 07:22 AM

There is an error in my second post in that the 3rd name in the browser history extract was "Redirecting..." and not " http://secure.calch.gdn/performance/b..." Base on Demonslay335's comment about redirecting is the reason for me posting the extract.

 

I've ended up back at the scam? warning page only this time I took a screenshot before pulling the plug. However, unlike last time after the PC was rebooted the scam page (Firefox) was Pinned to the Task Bar; so I guess there is some sort of infection.

 

Over to the "Am I infected? What do I do?" forum, see: https://www.bleepingcomputer.com/forums/t/660968/44-800-086-9374-scam-virus/



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 AM

Posted 24 October 2017 - 03:09 PM

As I noted above, these scams are very common and sometimes necessitate a thorough cleaning.

Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users