|
Post by Jack Teems on Oct 3, 2015 18:55:35 GMT -5
Just got hit with an old old hoax and wanted to warn everyone.
Sirens go off and a popup appears telling me my PC has just been infected with 4 virus and I need to call a toll-free number to take care of the problem. It looks legitimate and has the logo resembling MS Security Essentials. I could not escape the popup or go to any other site so I closed it by going to Task Manager. Then scanned with my AV, shut down the PC in the normal way, and rebooted. Same thing happened when I reopened my browser (sirens, popups, etc.) This time I did a cold boot, (holding the On button down for 30 seconds). When the PC rebooted and browser reopened, the offending hoax page was still there without sirens and popup and I could close that page OK. I called the number offered in the popup and they said they could help me (next pitch was likely to be $300 on my credit card). I told them they and their hoax could help us all by going to jail (well, I felt like substituting a word there.)
|
|
|
Post by laverne on Oct 3, 2015 20:03:05 GMT -5
Hi Jack, Thanks for the heads-up on the false virus message. I know you are referring to using a laptop (not a desktop computer) but I am curious about what holding the On button down for 30 seconds does. I never heard of this. I thought a cold boot only involved turning the computer completely off, waiting 30 seconds, and then powering the computer on again. I did read that you can do a power reset on laptops but you have to take the battery out.
Do you mind clarifying for me?
|
|
drcard
Software Review Panel
Posts: 581
|
Post by drcard on Oct 4, 2015 5:57:41 GMT -5
Hi laverne,
PCs (laptops and desktops) have different levels of "off".
A Reboot does not totally turn off Windows and some Windows utilities are still running during the reboot process. These utilities store data in the hardware components that allow Windows to load faster during the reboot process. This allows the reboot to be faster than a cold boot. A cold boot means that all Windows utilities are turned off. Malware writters are aware of this and often mark their "payload" to be saved during the reboot process. This is why a cold boot is recommended with dealing with malware.
Turning a PC off using shutdown in Windows does not turn off the power to the PC either. The hardware in the PC still has power to it. It is setup this way to allow the PC to boot faster and keep power to components that run outside of Windows OS. If Windows hangs and cannot be shutdown using the shutdown in Windows, the only way to shutdown is to turn off the power that runs Windows. PC manufacturers put in a shutdown switch for such situations. Most, if not all, manufacturers use holding the power button down for 5 - 30 seconds (exact time differs by manufacturer) will do a power down for Windows; but the hardware will still have power to it. The only way to completely turn off power to a PC or laptop is to disconnect the power supply to it....from the outlet or battery.
The "turn the PC completely off" step in addressing a problem with a PC is a common first step. It often works to resolve problems in how Windows loaded or from data stored in temporary memory. However, if the problem (such as a malware attack) adds itself to one of Windows files that stores settings; then the problem will return when Windows loads that settings file changed by the malware.
|
|
|
Post by Jack Teems on Oct 4, 2015 7:53:37 GMT -5
Yeah, that. :-)
This was a laptop, my new Lenovo Win 10 as a matter of fact, and with it came a Geek Squad support. Never have given them good marks but after a lengthy phone wait, they acknowledged it was a common hoax that has been received at their support desks from "thousands" and the cold boot is a common fix. Scary episode nonetheless.
|
|
|
Post by ddavis4 on Oct 4, 2015 8:38:44 GMT -5
So, no directions on how to remove the problem other than calling Geek Squad?
|
|
jerry
New Member
Posts: 4
|
Post by jerry on Oct 4, 2015 9:07:16 GMT -5
Let's not forget about System Restore. While not 100 percent (some malware attacks the restore points) it is very reliable with a high percentage of success. Power down the computer as Jack mentioned by holding in the power button. On restart look in the PC splash screen at first sign of boot and press whatever key it says for "boot options" or just try tapping the F8 key to get a boot menu. Choose safe mode and once up (screen will look larger and different) use the search and type in system restore. Start that up. Look for a box to check that says show all restore points. Choose a restore point that you know existed before the malware attack and follow the yellow brick road prompts to apply it.
|
|
|
Post by Jack Teems on Oct 4, 2015 10:26:38 GMT -5
So, no directions on how to remove the problem other than calling Geek Squad? The first post tells how I did it, by doing a cold boot.
|
|
Peter
Software Review Panel
Posts: 174
|
Post by Peter on Oct 4, 2015 16:38:10 GMT -5
From time to time, when my computer freezes up, I have reverted to the cold boot method, in preference to turning off the switch (if there is one) or pulling the plug. But I did not realize that the cold boot could sometimes get us past a malware infection such as the one Jack had. So thank you Jack, for that! My current favourite image program is Macrium Reflect. I have it set to image of my computer's C:\ drive, where Windows and its Program Files reside. It is scheduled to do a complete image once-a-month, and incremental backups every day. It will also do a Purge (eliminate older images and the incremental set that goes with the monthly full image), so that I have no more than two month's worth of image/incrementals on the backup drive. Not knowing of the cold-boot trick, I would have gone back to the pre-malware image to recover a clean version of Windows. My data all resides on a separate drive, devoted only to data. I also image that drive daily as above. Being a somewhat paranoid pessimist, I also use back-up programs to backup that data in various ways. If worst comes to worst, I can always reinstall Windows and the Programs. A large hassle, but still better than having to go the Geek Skwad. But I cannot recover lost data unless it is stored on more than one other drive, and in more than one physical location -- because of possible burglary, home invasion, fire, flood, earthquake, volcanic eruption or other unforeseen disaster. On that happy note ...
|
|
paulm
New Member
Posts: 1
|
Post by paulm on Oct 4, 2015 20:02:58 GMT -5
Thanks, Jack -- and all you other guys. I've not seen the particular virus referred to, but now I'ver got some ammunition to use if I do. Again, thanks, all.
|
|
|
Post by laverne on Oct 5, 2015 7:29:50 GMT -5
Thanks, Dana, for the great explanation. Laverne
|
|
|
Post by Jack Teems on Jan 4, 2016 19:07:08 GMT -5
The hoax struck again, this time from my desktop (Windows 7). I followed the same procedure, a cold boot, and rebooted successfully with no hoax message and sirens when I opened IE. But when I opened Firefox, there it was again. I suppose the answer to eliminate this would be to uninstall Firefox which I'm not so happy with lately anyway. Maybe I can uninstall and reinstall later if I want it. I've also run Malwarebytes and there's no evidence of malware. Anyone have any other suggestions?
|
|
|
Post by cyberdiva on Jan 5, 2016 19:19:09 GMT -5
Jack, if you're unhappy with Firefox but like a lot of the way it works, you might consider giving Pale Moon a try. It's based on Firefox and accepts almost all Firefox add-ons, and much of the way it works resembles Firefox. There are several differences, of course, especially as Firefox becomes more and more minimalist. Pale Moon does not follow Firefox's minimalist approach and tends to keep popular features that Firefox has abandoned. One thing that I greatly appreciate is Pale Moon's tech support. I found the Firefox forums so filled with trolls and fan boys that it was almost unusable. The Pale Moon forums, by contrast, are civilized and very useful. They're populated by a lot of people who know what they're talking about, and many are happy to help. Indeed, the creator of Pale Moon is active on the forums, and I've found him immensely helpful. I moved from Firefox to Pale Moon about two years ago, and I've been very pleased.
|
|
drcard
Software Review Panel
Posts: 581
|
Post by drcard on Jan 5, 2016 20:33:13 GMT -5
Hi Jack, This Trojan has been around for a while and has many versions so removal of it will depend on which version. Since a cold boot seemed to get rid of it for IE, this indicates that it is a cached file in the Temp Internet download files, which empties on a cold reboot. I'm not familiar with Firefox, but the principle is the same for it...clean Firefox's cache, cookies, and temp download files to remove it. If it goes away and then comes back then it has infiltrated your registry. Even if it goes away, I suggest to update your AV files and run a scan in safe mode. An updated version of Malwarebytes ran in safe mode should also detect any leftovers and remove them. Another solution is one provided by Microsoft called Microsoft Safety Scanner. The downloaded file can scan for Trojans such as this. The scanner will expire 10 days after you download it because to be effective for new threats you must use an updated version and the 10 day expiration forces you to download the latest version. Link below. Microsoft Safety Scanner
|
|
Peter
Software Review Panel
Posts: 174
|
Post by Peter on Jan 5, 2016 21:29:57 GMT -5
Jack, if you're unhappy with Firefox but like a lot of the way it works, you might consider giving Pale Moon a try. Like cyberdiva, I have pretty well left Firefox and switched to Waterfox -- a Mozilla-based browser -- for about a year. I did try Pale Moon, and liked it very well, except that when I was using it I could not, for some reason, get the Password Manager that I use ("Roboform) to function on it. Waterfox claims to be the fastest 64-bit browser on the web. I cannot either verify or dispute that claim, but it happily takes Roboform, and lets me set up StartPage as my Homepage and default search engine instead of Google. I cannot speak of the support that the Waterfox provides, as I have never tried it out. If you are interested, you can find it here.You might also like to take a look at StartPage. Click on the green word private either here or underneath the Startpage title on their site to see how to safeguard, at least to some extent, your privacy on the web.
|
|