Got pop up virus threat - ran Norton and MWB - what else should I do?

LaurieD227 · 06 Mar 2024

I'm running Win 10 Pro, 22H2, 19045.3930. I have version 22.24.1.6 of Norton 360 Deluxe and version 4.6.9 of Malwarebytes Premium (all the protections) running in the background at all times. I also periodically run SuperAntiSpyware free version and Norton SmartScan. I keep my programs current, including my browsers.

I was browsing in Chrome, all of a sudden got a popup/screen blocking window warning me that I'd been infected and needed to call a displayed number (flashing, bright colors, loud recorded message). There was no way to just close the window, so I forced a hard shutdown (forgot about Ctrl-Alt-Del).

Rebooted, disconnected from internet, used Norton to scan ALL files (2.9M) plus Malwarebytes Premium to do its normal scan plus SFC (didn't know if needed but WTH) and all said machine was clean. Also ran SuperAntiSpyware free version to scan entire C drive (other drives only contain docs, photos, and so forth - C contains all program files) and it cleared out a bunch of cookies, but didn't seem to see anything else as far as I can tell.

Here are my questions

1)What else should I do right now if anything?
--is there some other scan I should run?
--Do I need to do a restore to an earlier version?
I have a backup of my C drive that's a few weeks old (I know - sorry!) that I could restore if I need to, but everything seems to be working fine now and all the scans seem to think I'm clean.

2) Is there anything else I should start doing for prevention, in addition to more frequent backups (yes I know I should do these)

Thanks in advance for your advice - Laurie

1PW · 06 Mar 2024

LaurieD227 said:

1)What else should I do right now if anything?
--is there some other scan I should run?
--Do I need to do a restore to an earlier version?
I have a backup of my C drive that's a few weeks old (I know - sorry!) that I could restore if I need to, but everything seems to be working fine now and all the scans seem to think I'm clean.

2) Is there anything else I should start doing for prevention, in addition to more frequent backups (yes I know I should do these)

Thanks in advance for your advice - Laurie

Although the popup notice was real, it was probably a fake notice so it's less likely the system is otherwise infected, and it's highly unlikely you need to restore or reinstall Windows. Yes, frequent backups are still a great solution to a catastrophe. You didn't mention how frequently backups are run.

If you did not phone the number in the popup, you are to be highly complimented.

If you did not, run a full scan with MS Defender.

Run a default scan with the free Malwarebytes AdwCleaner.

Consider a safer default browser. If you strongly object to the much safer Firefox browser, and you still must use a Chrome-based browser, consider transitioning to the better Brave browser.

If you are not already using the free uBlock Origin (uBO) browser extension, do it soon.

Add the free. Malwarebytes Browser Guard (MBG) extension to whatever browsers you use in the future.

Consider installing/using the Tor Browser for sensitive internet use. (Banking, etc.)

You are missing several Windows 10 updates. If you can upgrade to Windows 11 soon, please do so.

Keep the computer's applications up-to-date.

Since the computer already has the outdated Malwarebytes Premium (MB4), update to the new MB5 (5.0.17.99-1.0.1169) soon. If MB4 is currently licensed, the update is free.

HTH

Ghot · 06 Mar 2024

@LaurieD227

First thing you need to do now... is hook up the internet and see if you are still getting that message about infection.

A lot of scams "start" like you are describing. Then when you call the number, they ask for "important" information.
And that is what does the damage.
Sometimes... you get things like that... just from landing on an infected website.

In other words... you may or may not be infected. That's what you have to figure out, now.
The easiest way to do that is to just reconnect the internet.

If, after connecting the internet, you find you are still getting that message... then by all means... restore from a backup.

LaurieD227 · 07 Mar 2024

Ghot said:

@LaurieD227

First thing you need to do now... is hook up the internet and see if you are still getting that message about infection.

.

Ghot - thanks! That's what I'm hoping for.

I've now connected to the Internet using my Admin account on the affected laptop with no message or sign of trouble, will now try it from my Standard account where I got the message before. Even if I'm clean, I also think I will implement some additional safeguards like another poster suggested. Better safe than sorry!

Thanks - Laurie

- - - Updated - - -

1PW said:

Although the popup notice was real, it was probably a fake notice so it's less likely the system is otherwise infected, and it's highly unlikely you need to restore or reinstall Windows. Yes, frequent backups are still a great solution to a catastrophe. You didn't mention how frequently backups are run.

I typically do a backup image every month before and after applying MS updates; file (doc, photos, etc) in between)

If you did not phone the number in the popup, you are to be highly complimented.
Didn't call as I was convinced they were bad actors even if threat was real.

If you did not, run a full scan with MS Defender.
Will do

Run a default scan with the free Malwarebytes AdwCleaner.
Will do

Consider a safer default browser. If you strongly object to the much safer Firefox browser, and you still must use a Chrome-based browser, consider transitioning to the better Brave browser.
Chrome has been habit rather than requirement, will look at Brave but probably will adopt FF

If you are not already using the free uBlock Origin (uBO) browser extension, do it soon.
New info for me - will go check it out

Add the free. Malwarebytes Browser Guard (MBG) extension to whatever browsers you use in the future.
Have MWB, will add Browser Guard ASAP

Consider installing/using the Tor Browser for sensitive internet use. (Banking, etc.)
New to me - will check it out

You are missing several Windows 10 updates. If you can upgrade to Windows 11 soon, please do so.
I do all offered Win 10 updates , just on a slight delay to see if any issues first. Laptop not eligible for Win11.

Keep the computer's applications up-to-date.
I do my best to do so regularly

Since the computer already has the outdated Malwarebytes Premium (MB4), update to the new MB5 (5.0.17.99-1.0.1169) soon. If MB4 is currently licensed, the update is free.
Have MBW 4, click "check for updates" regularly, will get 5 as soon as available because have paid version

HTH

In line answers above - THANKS for all the detailed info - Laurie

Ghot · 07 Mar 2024

@LaurieD227

You can also run a free scan here... run the "One time scan"

Free Virus Scan | Online Virus Scan from ESET | ESET

But like I said above... you probably don't even have an infection. That could very well have been the "bait" to convince you to infect yourself, by following their directions... whatever directions they might have given you.
That's a common method, used to hook people.

Other common "bait" you should be aware of...

1. You get an email from Microsoft, saying you're infected. [Microsoft will never email you, out of the blue]
2. Microsoft "might" email you with Insider or "news" items, but they won't "ask" for anything.
3. You get a phone call saying something is wrong with your account, where ever that account may be.
4. A windows pops up telling you to update something. It will be something that doesn't do that normally.

1PW · 07 Mar 2024

Hello @LaurieD227

“I'm running Win 10 Pro, 22H2, 19045.3930.”

Even if you lack an upgrade path to Windows 11, Microsoft's documentation more than suggests the present computer lacks OS updates: Windows 10 update history.

An untold number of security and code fixes are pending…

If you would like to .zip and attach the actual results of the above various requested scans, more needed assistance may be yours for the asking.

HTH

LaurieD227 · 08 Mar 2024

1PW said:

Hello @LaurieD227

“I'm running Win 10 Pro, 22H2, 19045.3930.”

If you would like to .zip and attach the actual results of the above various requested scans, more needed assistance may be yours for the asking.

HTH

Thank you so much for offering more help - I want to take you up on it. Even if I'm not infected, I will learn a lot from these actions that will be helpful in the future.

First, AdwCleaner: now downloaded, default scan run. Logs attached

Second, turned on MWB Browser Guard since I have it already.

Third, looking at Brave and FireFox before I switch.

More to follow

1PW · 08 Mar 2024

Hello @LaurieD227

You should be pleased with the AdwCleaner results. For the future, users do well to run AdwCleaner several times per year in its default mode. A while back, we asked the developer to make AdwCleaner friendlier to run as a Windows® scheduled task. Yet others are still satisfied with manually running it on-demand.

Many security mavens may gravitate to Mozilla's Firefox for its ability to be tailored to excellent browsing safety. Yet, if switching to Firefox seems too daunting, the Chrome-based Brave browser IMHO is a gentler move if Chrome is too ingrained in your browsing practices. YMMV.

Installing the constantly improving free uBO in all the computer's browsers is a no-brainer. The default install will greatly increase the computer's security. Later, you can research its baked-in options to further increase security. While some believe that combining uBO with MBG extensions is detrimental to system/browsing performance, the maintainers of MBG take great care in updating its multiple databases many times per day and strive for ongoing compatibility with uBO.

The advice sent to you by @Ghot is quite sound. The respected ESET scans are frequently recommended on my home forum.

While you are wrapping your brain around what's been posted, you may wish to consider downloading/running SecurityCheck. If the utility suggests updates, you can whittle away at it in your spare time.

HTH