Thread: O.T. Yahoo pop-up
View Single Post
  #3  
Old January 20th 18, 01:04 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default O.T. Yahoo pop-up
Mark Twain wrote:
I mentioned this before in another post; when
on Yahoo and reading a story, suddenly the page
just went white. I didn't think to take a screenshot
at the time.

Something similar happened again but this
time I did take a screenshot:

http://i63.tinypic.com/2guwfir.jpg

So what is this? A bad attempt at maleware?

Robert

That's called scareware, and the phone number leads
to a "Technical Support Scam". They will ask for a
credit card number, charge $200 to it and "pretend"
to clean the computer of the virus.

If you cannot dismiss the window using the corner
of the window, and dialogs keep popping up, use
the control-alt-delete (Task Manager).

In there, locate the browser, like say Firefox, and
kill the N copies you find. Modern Firefox is a multi
process program, so more than one thing may need to be
killed on Windows 7. The browsers that run on WinXP
are less likely to be that generous with EXE entries
and have fewer of them.

Once the browser is killed, you can manually clean
the cache and remove the files in it.

When the browser starts, it will ask if you want
to "restore last session". You do not! If you restore
the last session, you'll get that scareware again.
So you don't want the last session, and you do want
to clean the cache.

Firefox has a "clear data" function for cleaning,
but sometimes I like to do this by hand. Just in
case a javascript has found a way to stay alive in
there.

In any case, using Task Manager, you should be
able to get in control of the computer again.
While the "X" might not work on the Firefox window
with the scareware in place, it's a little harder
for them to escape from Task Manager and killing
the process involved.

Just don't "restore last session", OK ? :-)

Cleaning is for when you have some idea where to look.

C:\Users\User Name\AppData\Local\Mozilla\Firefox\Profiles\xxxxxx xx.default\startupCache

startupCache.8.little and five other files

This covers rare cases where the .little is infected

C:\Users\Bolt Upright\AppData\Local\Mozilla\Firefox\Profiles\xxx xxxxx.default\cache2\entries

many files with long names, delete

The scareware javascript is likely to be one of the
files in this folder. Restoring the session would pull
a fresh copy from the Internet again...

Control Panels : Flash Player : Advanced Tab : Delete all

(you can tick both boxes if you want)

That's a small start at cleaning Firefox.

None of those should affect bookmarks.

HTH,
Paul
Ads