Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7

Notices

Reply
 
Topic Tools
  #1  
Old July 30th, 2018, 05:39 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,497
Locked out of pc

My friend just called and said when she booted up her pc this came up on the screen:
Authentication required
http://devfat107.club is requesting for user name and password the site says:"Suspicious activity
detected on your IP address due to harmful virus installed in your computer. Call Toll Free Now
@1-888-410-2444 for any assistance..."

and there is two boxes to put id and password in

Is this that ransom virus that was going around a while back?
She doesn't know what to do.

Thanks kuzzz
Reply With Quote


  #2  
Old July 30th, 2018, 08:30 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 73
Posts: 17,036
DO NOT CLICK ON ANYTHING OR ENTER ANYTHING.


Tell her once that is up on the screen to hit CONTROL/ALT/DELETE then end any tasks this should get her/him back to desktop. Then run MALWAREBYTES or a anti-virus, hopefully find the culprit.


BTW: This is spyware/malware trying to get credit info or sell someone something, generally if you call the number they may say they are Microsoft B.S., then will ask permission to get into your computer to fix it. Once you say OK, your screwed.
Reply With Quote
  #3  
Old July 30th, 2018, 11:25 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,497
Oh no I stopped by there on my way home from work and she said she called the number and they said they were microsoft and they gave her a user name and password to put in and said they would need to go in with a split screen to fix the problem but then they got disconnected. When I got there I unplugged the pc and booted up in safe mode and that's where it sits now. She hasn't put in her password yet I told her not to and that I would call her. Do you think she will be able to get into the pc?

Thanks
kuzzz
Reply With Quote
  #4  
Old July 30th, 2018, 11:32 PM
renegade600's Avatar
renegade600 renegade600 is offline
Certifiable Bum
 
Join Date: Sep 2003
O/S: Linux
Location: Osceola, Ar
Posts: 26,385
try going into safemode and see if you can access windows. if so, try a system restore to a previously saved restore point prior to getting infected. if not, does she have a win7 disk? also might want get a linux boot disk and boot to it so any important files can be recovered just in case.
Reply With Quote
  #5  
Old July 31st, 2018, 01:29 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,497
She is able to get into windows in safe mode. She is looking for her win7 disk but don't they put win7 on a separate drive on the pc's now? And if they do how do you access it. She went into restore but it came up and said restore is not working properly on that pc. I have linux on one of my other machines can I make a boot disk from that. I'm not too familiar with linux yet.
Thanks
kuzzz
Reply With Quote
  #6  
Old July 31st, 2018, 02:08 AM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 73
Posts: 17,036
WOW thankful you stopped her, what a scam. Have her boot it up and get that screen (not SAFE MODE).


Now do this:


1. Right click on the taskbar at the bottom then click START TASK MANAGER or she can press Ctrl+Alt+Del and click on Task Manager



2. Scroll through the list till you see your web browser’s (i.e., IE, Chrome, Firefox) process and left-click on it once so it becomes highlighted. Once you have selected the browser’s process, click on the End Task button.


3. The browser window should now be closed. The next time you open your browser, do not allow the browser to open the last opened page.


Now she needs to get rid of that crap.


AdwCleaner is a free utility that will scan your PC for the adware program responsible for the Tech Support Scam pop-ups.


MALWAREBYTES ADWCLEANER DOWNLOAD LINK



(This link will start the download of “Malwarebytes AdwCleaner” on your computer)


When Malwarebytes AdwCleaner has finished downloading, please double-click on the AdwCleaner icon to perform a system scan with this program.


If Windows prompts you as to whether or not you wish to run Malwarebytes AdwCleaner, please allow it to run.


When the Malwarebytes AdwCleaner program will open, click on the “Scan” button



Malwarebytes AdwCleaner will now start to search for the Tech Support adware and other malicious programs


To remove the malicious files that were detected in the previous step, please click on the “Clean” button.


Malwarebytes AdwCleaner will prompt you to save any open files or documents, as the program will need to reboot the computer to complete the cleaning process. Please do so, and then click on the “OK” button


When your computer reboots and you are logged in, Malwarebytes AdwCleaner will automatically open a log file that contains the files, registry keys, and programs that were removed from your computer.



Just delete it, as she won't know what it is.


This should get rid of it.
Reply With Quote
  #7  
Old July 31st, 2018, 05:53 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,497
I ran the AdwCleaner on her machine and it only came up with 1 item and I had it clean & Repair. Now the box does not come up anymore I tried to run MalwareBytes next and it said it could not connect to service. I brought up firefox and it said were having trouble finding that site. Can't connect to server. So I clicked on troubleshoot and received this: An error occurred while troubleshooting. I tried to go into administrator tools and run view events and a box came up that said: User Account Contol Do you want to allow the following program from unknown publisher mmc.exe Origin Hard Drive this computer. I clicked no and closed it out. I never had that happen before. I rebooted her router but it did not do any good. Also in the task manager under networking it shows that she is connected. I ran hijackthis and have the log if you need to see it.

Thanks
kuzzz

Last edited by kuzzz; July 31st, 2018 at 05:56 AM. Reason: forgot to put something in
Reply With Quote
  #8  
Old July 31st, 2018, 06:42 AM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 73
Posts: 17,036
Try reboot start hitting F8, menu select Last Known Configuration.
Reply With Quote
  #9  
Old July 31st, 2018, 03:28 PM
Digerati Digerati is offline
Senior Member
 
Join Date: Jan 2007
Location: Nebraska, USA
Posts: 2,338
Make sure she did NOT give those crooks any personal information, specifically any credit card information. If she did, she needs to cancel those cards immediately! Same with checking account numbers, etc. The banks will help her with that.

If she gave them other information like her birthday, she needs to freeze her credit immediately!

If there are other computers on her network, scan them next.

Make sure the computer is totally updated too.

If she didn't provide any of that information, make sure to tell her she did the right thing.
Reply With Quote
  #10  
Old July 31st, 2018, 06:31 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,497
She gave them no information and she does no banking on her pc.
Reply With Quote
  #11  
Old July 31st, 2018, 06:32 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,497
ok Murf I'll have her do that
Reply With Quote
  #12  
Old July 31st, 2018, 11:39 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 73
Posts: 17,036
Let us know. Some of those can be nasty to get rid of.
Reply With Quote
  #13  
Old August 1st, 2018, 03:57 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,497
Hi I'm happy to say all seems well with the pc. She can get on the internet. I got malwarebytes to run and we ran anti-virus and nothing was found. Thank you all for your prompt and very helpful advice. So appreciative.

kuzzz
Reply With Quote
  #14  
Old August 1st, 2018, 12:31 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 73
Posts: 17,036
Good news...Thx for letting us know.
Reply With Quote
  #15  
Old August 1st, 2018, 04:17 PM
Digerati Digerati is offline
Senior Member
 
Join Date: Jan 2007
Location: Nebraska, USA
Posts: 2,338
It sounds to me that she was just a random target of a phishing scam. As suggested in that article, these commonly come via spam emails but they can also come from legitimate sources that were previously compromised. That's what makes them tricky to spot as they "appear" to come from your own bank, or a friend or relative or other organization you've done business with.

Check out this email I got. At first glance, it looks scary. But note the grammar errors.

https://imgur.com/rIwpfx9

I don't even have an account there.

I am always preaching to my clients, friends, and family, "Don't be click-happy on unsolicited downloads, links, attachments and popups."

If you are not expecting an email from that source, suspect it. If you are worried there really might be something wrong with your account, visit the site in your normal manner. Or call the bank or friend and ask if they sent it to you. Just don't click on it. Delete it.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 06:14 AM.