3rd ransom? attempt in a week Solved

  1. Slippery's Avatar
    Posts : 215
    Win 10 pro 64 bit/v.1903/18362.295

    3rd ransom? attempt in a week

    So far, this seems to be coming from having Microsoft Solitaire game sitting open along with chrome on the Titan TV Guide page, until today when it was sitting on the forum. Helped me decide that it probably is microsoft server that it's coming from.
    With extensive testing with several programs, I found nothing so, I wiped the drive the first 2 times.
    This time, I just closed the game and browser and came here to report this. I don't have the guts to test if it is the real deal or not. My backup machine blew a capacitor on the X58 m/b. Don't have a clue what the wise poor man's solution is yet.
    If you've seen this sing out please. It's aggravating me. Using the word "irrelevant" in the notification box seems to hint that it is a translation error because that word is out of context to the rest of the notification. Other than that I'm clueless. I guess I didn't say it but I did not click on anything, just shut down and booted to wipe from the bios and recover with reflect the first 2 times. This time I just closed the programs and went looking, finding nothing.
    Attached Thumbnails Attached Thumbnails ransome attempt 7 5 19apture.PNG  
      My ComputerSystem Spec

  2. Posts : 208
    Windows 10 Pro, Version 1903
      My ComputerSystem Spec

  3. Slippery's Avatar
    Posts : 215
    Win 10 pro 64 bit/v.1903/18362.295
    Thread Starter

    Thanks @NMI, I read it and d/l hitman pro. I am running Malwarebytes Premium and have the browser plugin as well as windows defender and their plugin. Neither caught this in the browser and found nothing on scans. Ditto with hitman pro which is really just a pitch to sell the program. I've tried Kapersky's TDS killer and other Sophos all with nothing found. I think that whatever it is it's hidden on my machine. Still looking. Thanks anyway.
      My ComputerSystem Spec

  4. Posts : 208
    Windows 10 Pro, Version 1903

    What about AdwCleaner though, which was Step 1 of 4?
      My ComputerSystem Spec

  5. Slippery's Avatar
    Posts : 215
    Win 10 pro 64 bit/v.1903/18362.295
    Thread Starter

    Yup. I also reset chrome and used it's clean up system too. nothing found. I had chrome set to empty cookies and other trash. I'm going to set that off. Then see if this is being placed in a cookie and thrown away when I close chrome and that's why nothing can find it. I'll do this then run scans if I get that popup again. No telling when or if it will happen again. So, I'll mark this as solved and resurrect it if my plan bears fruit. Thank @NMI.
      My ComputerSystem Spec

  6.    #6

    What you described is a browser displaying a scam - a tech support scam displayed on screen in a web browser.
    It is a kind of malvertisement and does not come from your PC. It emanates from the Internet and exists as Browser based alert and not something from some thing on your computer. Malwarebytes won't "catch it" for that reason.
    Browser lockers reside in the browser cache only, it does not involve actual malware on your computer.

    Please keep in mind that the computer mouse and the keyboard can still be used to get rid ( close out) the screen.

    Cleaning the browser history removes the pop-up. ( tips below ).

    Tech support scammers use fake warnings and lie about the state of your computer to frighten you into calling them & then flim-flam you into a so called cleanup or perhaps, some maintenance scam.

    Getting rid of bogus screen (s)
    Look at the very topmost right corner of the browser itself.
    I mean the one for Chrome or Firefox or Edge browser itself ( or matter of fact any browser).
    Move the mouse pointer over the X at the very far right-top corner and click that.
    That will close the browser and its display and the audio too ( if any).

    You could also use Alt-key + F then click on Exit.
    Other ways available, if the one above is not a success.
    You can easily use keyboard key-press shortcuts to get rid of the false pages displayed. ( see below). And if there is any video with this, it will stop when the page is closed.

    When this fake is in the foreground and in a web browser, there are many ways to get it off the screen.
    I would suggest to do a few keyboard presses to get rid of the windows on-screen.

    press and hold CTRL key on keyboard and then tap W key. CTRL + W

    That should close the Tab page of the web browser in the foreground.
    You can repeat as needed.

    Every web browser will recognize the CTRL+W key-presses as a "close this window" command.
    Other ways to get rid of screen:
    Press and hold ALT-key on keyboard and then tap the F4 function key a to get the foreground windows closed and done away with. ( repeat use of ALT + F4 sequence).

    ALT + F4 is especially helpful against the smaller window ( if any) that is up in front.
    If your machine is a notebook or laptop, you should depress and hold the ALT + FN (function key) + F4 keys.

    ALT + HOME key on the keyboard will put your browser page back onto your prior choice for Home page. That easily deals with the bigger full page displayed.
    Then while still in the web browser, press and hold SHIFT + CTRL + DELete keys to start the process to delete all browser cache & history.

    Other ways to get rid of the bogus display are listed below:

    There is always the ability to end the web-browser program thru using Windows' Task Manager applet.
    Click the Start button and type:
    and then press Enter.
    ( or you can press and hold CTRL-key on keyboard + ALT-key +DELETE key to get Task Manager option).

    In the processes tab, find the process for whichever browser you are running:
    _iexplore.exe, firefox.exe, chrome.exe, MicrosoftEdge.exe, MicrosoftEdgeCP.exe_ and then click _End Process_ or _Terminate_.

      My ComputersSystem Spec

  7. Ztruker's Avatar
    Posts : 8,539
    Windows 10 Pro X64 1903 189362.439

    Excellent, thanks for the clear, easy to understand explanation. Saved this for my and my friends and family's edification.
      My ComputersSystem Spec

  8. Dude's Avatar
    Posts : 13,577
    Windows 10 Pro X64

    Yep, browser spam. I use the task manager to kill it
      My ComputerSystem Spec

  9. jimbo45's Avatar
    Posts : 7,668
    Windows / Linux : Centos, Ubuntu, OpenSuse

    Hi there
    I'd avoid any of the games from the Ms store -- if you want to play things like Solitaire etc I suggest you install the classic games from W7 or if you install a Linux Virtual machine there's a whole slew of FREE card games - install package KPAT or KPATIENCE depending on the distro -- 100% safe and not ridden with advertisements, malware or anything else. The old W7 games also good - no ads / spyware etc etc.

    Here's the kpat games on a Linux VM running on a W10 Host.

    Click image for larger version. 

Name:	snapshot7.png 
Views:	0 
Size:	1.04 MB 
ID:	239612

    BTW things like Malwarebytes / other 3rd party AV software - especially the free versions are IMO increasingly redundant on newer versions of Windows for HOME type users -- WD improves with every release and is updated almost daily -- no 3rd party supplier can possibly keep up with that speed of development. WD on W10 is a totally different animal to previous editions of Windows where security was really just an afterthought.

    These days in any case Identity theft, Scamming and downright fraud are much more likely to be a problem then any amount of nasty virus problems -- Infrastructure attacks etc aren't aimed at Home computers -- I don't think N.Korea for example is bothered about typical home computers but interrupting say the European Air traffic control system is a much more tasty target for example for that type of regime so that's where really serious high grade proffessional AV protection becomes critical -- not on typical Home computers.

    As a test I downloaded a couple of TV series from TPB - not a single bit of malware -- even those torrent sites attempt to keep malware of their sites -- as for the use of TPB - well I'd gladly pay for content but if its not available in your area then what's the alternative other than going without. It's time Geo blocking was stopped and people making tv / other series should be able to market these world wide -- it's rediculous say for Netflix to have different availabilities in different countries --anyway that's another issue.

      My ComputerSystem Spec


Related Threads
Read more: A hacker is wiping Git repositories and asking for a ransom | ZDNet
Ransom ware decryptors in AntiVirus, Firewalls and System Security
all decryptors now in one place The No More Ransom Project
Solved Can I turn my External HDD off and on to prevent a ransom attack? in AntiVirus, Firewalls and System Security
I usually leave my external back up drive disconnected except on Sundays when it's backing up. Frequent plugging and unplugging is probably going to cause a problem at some point, plus I have to remember to do it. If I disable in Device Manager...
WARNING: Link Zcryptor (.lnk) to Ransom Source: https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/
Solved startup password ransom in AntiVirus, Firewalls and System Security
I need help, my dad let a offsite tech service remote on to his computer, the set a startup password on it and want $200 to unlock it. All data is backed up so all I need to do is reset to factory or wipe clean, but it will not let me into any...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:02.
Find Us