Computer Screen Hijack Scam - Don't Get Taken By These Bums

[spongella]

The other day I was doing some work on the computer, when all of a sudden the screen went completely blue,with lots of warnings in white characters that my Windows firewall was compromised by a Trojan virus. Among all these faux-armageddon warnings of computer doom was a website to log in to remedy the situation. There was also a toll-free number to call to unfreeze my screen. The scammer also said the virus probably came from a porn site I supposedly visited (that was my hint that it was all BS, as I never went on a porn site before ). That's one of their scare tactics, saying that you got the virus from a porn site - they instill fear and shame that you are a possible perv, making you all the more prone to open your wallet. The scammers also did their best to make it look like Microsoft was the originator of the warning message.

But don't be fooled......and don't get taken. It is all totally fake.

Luckily, the wife had the same scare tactic scam happen to her about a year ago so I was prepared this time. The first thing you should not do is log into the site that has taken over the screen, nor should you call the toll free #, because they'll charge you a fee to unlock the screen.

Believe me, they make it so your mouse does not work, and any of you keystrokes will not work. Even if you hit the on/off button and turn off the computer, your screen will still be frozen on start-up.

My solution was to hit ALT-CNTRL-DEL simultaneously, go into Task Manager, find that Scammer Task, and end it. That unlocked the screen. As an added precaution I went into my Internet history and deleted all the history and cookies just in case the scammer put cookies on my computer.

 

[Ilya]

If you had a task running on your computer causing all that, killing that task may not be enough I am afraid. Your computer has been compromised. Who knows what other damage has been already done to your system and what other malware has been left...

 

[king3pj]

Yeah, at the very least you need to run a malware scan. If it was me I would think about doing a clean install of Windows too depending on how much stuff you keep on your computer.

 

[stardust3]

Malwarebytes is a really effective and cheap way to keep stuff like this off your computer.

 

[Dirtydan]

Was the Scammer Task listed as "Scammer Task", if not, what was it?

 

[spongella]

I did a virus scan right after that, and have Windows Defender on all the time. No viruses attacked the computer, it was all a part of the scammer's scare tactics, that is how they get your $. Sometimes they charge $49.50 to "unlock" your computer to free it of the virus. Basically they are lying to scare you into paying. No virus, just lots of BS.

 

[king3pj]

I did a virus scan right after that, and have Windows Defender on all the time. No viruses attacked the computer, it was all a part of the scammer's scare tactics, that is how they get your $. Sometimes they charge $49.50 to "unlock" your computer to free it of the virus. Basically they are lying to scare you into paying. No virus, just lots of BS.

Well some kind of malicious software has to be installed on your machine or they wouldn't have been able to take it over like that. Paying them to unlock it is definitely part of the scam but they wouldn't be able to lock it in the first place if something wasn't installed on your computer.

Malware and viruses aren't always the same thing. I would run Malware Bytes as suggested earlier.

Edit: Also Windows Defender is a notoriously weak form of security. Just do a quick google search and you will see that it often comes up dead last in detecting threats.

 

[KE4EST]

Mario,
Like the others have said, if you don't have it get MalwareBytes Antimalware.
Keep it running on your system, I would also suggest paying $25 for the full version.
Well worth it IMO.

 

[lparsons21]

I keep Malwarebytes and Defender running all the time. The cost of Malwarebytes is well worth it and the combo of it and Defender will take care of just about anything that comes along.

 

[stardust3]

I believe malwarebytes offers a free scan. You'd be surprised what it finds the 1st time you run it.

 

[lparsons21]

The biggest difference between Malwarebytes free and paid is that the paid will do real time scanning and the free one requires you to manually do the scan.

 

[Tampa8]

My solution was to hit ALT-CNTRL-DEL simultaneously, go into Task Manager, find that Scammer Task, and end it. That unlocked the screen. As an added precaution I went into my Internet history and deleted all the history and cookies just in case the scammer put cookies on my computer.

Exactly what I do. I also run a virus scan.

 

[. Raine]

I use MalwareBytes too, definitely works good. Another useful thing might be to run the free version CCleaner, to clean out temp, cookies, etc and the registry and it's also a quick and easy way of checking startup items for windows and Firefox, explorer, etc. Just when you download it, make sure that it is from Piriform.

https://www.piriform.com/ccleaner/download

There's a lot of scumbags that try to mis-lead people that're trying to download CCleaner.

Agree with others, if it could get to that point on your computer, something somewhere in your LAN is compromised. What anti-virus do you use?

 

[EarDemon]

Malwarebytes is hands down the best antivirus/antimalware application I've ever used. We have corporate licences for it at work and it finds and removes things our real endpoint protection solution from BitDefender never catches. Perhaps better than Malwarebytes Anti-Malware, is their Anti-Rootkit application that has been in Beta for years. It's an On Demand scanner, with no option for Real Time Protection but Malwarebytes Anti-Rootkit finds and removes things that even Anti-Malware doesn't.

https://www.malwarebytes.org/antirootkit/

Here's what I do at home, and what I've tried to do at work with some success. Do a fresh install of Windows with all current updates and updated drivers and nothing else. Take a system image. Install all of your software, reload all of your documents, customize your GUI. Take another system image. Keep relatively recent back up copies of your data on an external drive or NAS. If you encounter a problem, just reimage and restore.

I've never really had an issue at home, I never get infected. At work this has come in handy. We've had two instances of the Cyrolocker ransomware virus in the past two years and recovering data from back ups has been painless. Sure the end user still loses some data, but they don't lose everything. At work I have about ten 4TB MyBooks with system images from the vast majority of company computers. Again one pristine image with nothing but Windows and updates, and another image taken after everything is loaded up. After the first instance of Cryptolocker I got with the managers of each department, and gave them each a 2TB My Passport and suggested that they keep the drive in their department and encourage the employees underneath them to take sys images, or at the very least dump their My Docs/My Pics/My Vids folders on the drive every few months. If they don't want their data to potentially be in the hands of others, I volunteered to create restricted shared folders on one of our servers where they can dump data. I sent out an email blast to our off site employees (some of who I never met, or only met once or twice), who tend to have more virus issues then those who work inhouse letting them know I will provide whatever they need to keep their data backed up. I didn't have many takers. I'm a staunch supporter in reformating/reimaging over removal. If I have to go to a place like Malware Tips, and do a 50 step process to remove something, I will reformat. Some of our guys have learned the hard way and have had to mail their computers in for me to reformat as I refuse to spend hours on Teamviewer trying to remove an infection.

 

[spongella]

Thank you for all the great information. I will definitely get MalWarebytes on the computer.

 

[TheForce]

I have been thinking of getting Malwarebytes too but as I have the deluxe version of AVG running on all my computers, I rarely find a need to use other brands. I do the scans often on my computers I use to access the internet. I have seen the hijacking scams too and find that AVG does stop the hijack and rids the computer of the installed Trojan. Definitely would never make the phone call. I wonder if Malwarebytes and AVG is redundant.

 

[thomasjk]

I find it useful to use multiple malware scanners. Malwarebytes free is a good choice.

 

[Ilya]

I have been thinking of getting Malwarebytes too but as I have the deluxe version of AVG running on all my computers, I rarely find a need to use other brands. I do the scans often on my computers I use to access the internet. I have seen the hijacking scams too and find that AVG does stop the hijack and rids the computer of the installed Trojan. Definitely would never make the phone call. I wonder if Malwarebytes and AVG is redundant.

I don't know about your AVG specifically, but Malwarebytes is specifically designed (and tested) to run alongside with various antiviruses. It is not a replacement for antivirus, it's an addition. It finds things that most antiviruses can't, or don't want to find.

 

[Foxbat]

First and foremost don't use an Administrative account on your computer to access the Internet. Both Windows and OS X have made it relatively painless to support non-administrative accounts but still install software when you want/need. Most exploits that you might get from the wrong site or Malvertising will run in the context of the running user and will either fail when trying to modify system files or you'll get a pop-up at which time you can say No.

I also like NoFlash settings that let me decide on a site-by-site basis whether I want to allow Flash to run. Yeah, it's a pain because there's this prompt on the bottom of the browser window but like an ad, you learn to ignore it.