If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
MALWARE!
A family member clicked on a link in an email supposedly from Amazon.com
and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. |
Ads |
#2
|
|||
|
|||
MALWARE!
On 23/06/2016 18:15, Alek wrote:
A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. Now this family member, was she using an Administrator account or an account with elevated privileges when this happened? If the answer is NO then I don't think any major damage has been done. All it requires is to create another Standard USER and copy the old documents from the old account to the new account and then delete the old account completely. After doing that, rescan the machine just in case nothing else is still lurking in the machine. If, however, the family member was using an Administrator account then clearly some other treatment is required for the infected virus!!! -- Windows 10 https://app.box.com/representation/file_version_74032471857/image_2048/1.png?shared_name=jx7x8bblrf906i7ktrvu4kn89t48b43b |
#3
|
|||
|
|||
MALWARE!
Wolf K wrote on 6/23/2016 1:40 PM:
On 2016-06-23 13:15, Alek wrote: A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. Ouch! Yes there lots of bootable rescue disk out there. I recommend Linux-based rescue tools, booting off a Linux disk/flash drive reduces the risk of reinfection. Search on "linux-based windows rescue antimalware disks". Here's one: http://www.gfi.com/blog/top-5-free-r...admin-toolkit/ As soon as you are certain that the data files are OK, copy them onto an external drive. 1TB drives are well under $100 Canadian these days, well worth the money IMO. Data is really priceless. Systems and software can always be rebuilt, data once destroyed is gone forever. Once you've rescued the data, you may have to decide whether disinfection or rebuild is the best way to go. HTH PS: Use external drives for backing up data, and imaging the whole system. I recommend one for each machine in the house. Also, since data is most precious, create 2nd partition on the HD, move all data (documents, pictures, etc) to it, and set all your software to use it as the working partition (for data storage). This reduces the odds that a system infection will damage the data. Thanks, Wolf. I have backups of all of her files. I rebooted and the process appeared to be normal. ??? I logged in to her account with no apparent problem. I ran MBAM and it found nothing!!! I'm now running a full scan with BitDefender. |
#5
|
|||
|
|||
MALWARE!
In article ,
, Dave Doe says... In article , , Alek says... A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. I doubt you got infected at all. You (the other family member) were probably one or two steps away from that. Had the link been clicked on and the no doubt malicious download been run, the PC would *then* be infected. The message itself is just phishing for that to happen. And on the shutdown, it was just your (unlucky?) day that Windows Updates really *did* need to be installed. Run through: AdwCleaner, JRT.exe and Malwarebytes to be sure. You could Google 'em and just get 'em from bleepingcomputer website - it's easier. Malwarebytes, get from malwarebytes.org - *don't* install the trial (uncheck that option on one of the final install screens). -- Duncan. |
#6
|
|||
|
|||
MALWARE!
Alek wrote:
A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. Since you're shut down now, on your next startup you could boot this. This is an offline AV scanner, that uses signatures but cannot use heuristics (behavioral analysis, watch how code is "hooking" things it should not hook). http://support.kaspersky.com/8092 If you were still running, you could try MBAM. This includes both signature and behavior. There are several versions, but you want the "one-shot scanner", not the "real-time protection Pro" and not the "30-day trial of Pro". You're not after the addition of yet another AV, just want to use the scanner portion, in the same way as the 8092 is a one-shot scanner and not a complete AV product as such. https://en.wikipedia.org/wiki/Malwarebytes For adware (which this might well be, and not a virus), you can use Adwcleaner. http://www.bleepingcomputer.com/download/adwcleaner/ At one time, ransomware was pretty slow to act, and encrypted files one at a time. If it was ransomware, then a fast shutdown could reduce the set of endangered files. But ransomware has also been known to encrypt the $MFT, which makes files inaccessible in a matter of seconds. So they're working on their "response time", to make them just as dangerous as any other kind of infection. If ransomware hits, you don't want your backup drive to be online at the same time. There is no good guaranteed solution for ransomware. While backups are obviously an answer, you have to avoid getting the ransomware on the backup drive. Since the bad guys also have the above tools on their desktop, they're always one step ahead of these products. ******* For the trivial stuff, sometimes cleaning the browser cache folder, disconnecting the network cable, start the browser and work on it (run it in Safe Mode, use the browser Reset Procedure), might work. Chrome has its own copy of Flash (PPAPI), so your exposure to Flash exploits is marginally better than a regular browser with user-managed Flash updates. But sometimes they're a little slow asserting the "vulnerable" flag on the plugin, and preventing the user from using Flash. Chrome is a favorite target for the bad guys. On the one hand, it's popular and has a large percentage of market share. On the other hand, Chrome is hardened. But as you can imagine, never hard enough. Even with process isolation, stuff gets through. And then Chrome gets a black eye. I've just decided to avoid Chrome, for no particularly rational reason, and it's possibly because of all the attack reports. Even though it might be the best design. Good luck (you'll need it), Paul |
#7
|
|||
|
|||
MALWARE!
On 6/23/2016 1:15 PM, Alek wrote:
A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. While this occurred with Chrome, I have seen a similar webpage with Firefox. This one wants you to download and emergency Firefox patch to "prevent" problems It is my understanding the the page for Firefox came from website recently registered by guy from Plano, Texas. While I have seen this before, apparently the guy is working had to infect computers. |
#8
|
|||
|
|||
MALWARE!
Alek wrote on 6/23/2016 2:18 PM:
Wolf K wrote on 6/23/2016 1:40 PM: On 2016-06-23 13:15, Alek wrote: A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. Ouch! Yes there lots of bootable rescue disk out there. I recommend Linux-based rescue tools, booting off a Linux disk/flash drive reduces the risk of reinfection. Search on "linux-based windows rescue antimalware disks". Here's one: http://www.gfi.com/blog/top-5-free-r...admin-toolkit/ As soon as you are certain that the data files are OK, copy them onto an external drive. 1TB drives are well under $100 Canadian these days, well worth the money IMO. Data is really priceless. Systems and software can always be rebuilt, data once destroyed is gone forever. Once you've rescued the data, you may have to decide whether disinfection or rebuild is the best way to go. HTH PS: Use external drives for backing up data, and imaging the whole system. I recommend one for each machine in the house. Also, since data is most precious, create 2nd partition on the HD, move all data (documents, pictures, etc) to it, and set all your software to use it as the working partition (for data storage). This reduces the odds that a system infection will damage the data. Thanks, Wolf. I have backups of all of her files. I rebooted and the process appeared to be normal. ??? I logged in to her account with no apparent problem. I ran MBAM and it found nothing!!! I'm now running a full scan with BitDefender. Bitdefender full scan found nothing. Guess we were lucky!! Now to make an image of drive C:. Thanks to all for the suggestions. |
#9
|
|||
|
|||
MALWARE!
Dave Doe wrote on 6/23/2016 2:30 PM:
In article , , Dave Doe says... In article , , Alek says... A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. I doubt you got infected at all. You (the other family member) were probably one or two steps away from that. Had the link been clicked on and the no doubt malicious download been run, the PC would *then* be infected. The message itself is just phishing for that to happen. And on the shutdown, it was just your (unlucky?) day that Windows Updates really *did* need to be installed. Run through: AdwCleaner, JRT.exe and Malwarebytes to be sure. You could Google 'em and just get 'em from bleepingcomputer website - it's easier. Malwarebytes, get from malwarebytes.org - *don't* install the trial (uncheck that option on one of the final install screens). Already have MBAM Pro installed. |
#10
|
|||
|
|||
MALWARE!
In article
Alek wrote: A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I think the email phishing link was unrelated to the update. I'd bet this was a Windows update waiting for a reboot. If in doubt oull the power cord. Don't just use the menu. Had you done that, things would have gone black immediately. Good to hear all is well. Look at that email and learn to recognize fake from real. |
#11
|
|||
|
|||
MALWARE!
Nomen Nescio wrote on 6/23/2016 9:54 PM:
In article Alek wrote: A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I think the email phishing link was unrelated to the update. I'd bet this was a Windows update waiting for a reboot. If in doubt oull the power cord. Don't just use the menu. Had you done that, things would have gone black immediately. Good to hear all is well. Look at that email and learn to recognize fake from real. It wasn't me!!! |
#12
|
|||
|
|||
MALWARE!
"Alek" wrote in message ...
A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. I'll bet it said it was 268D3 and that is was infecting the network and therefore if it wasn't fixed by calling the MS number 844-576-0461 the computer would be 'screwed' permanently, or similar to protect the Network. If you call it, it sounds like an East Indian guy answers and claims he is a MS certified tech. Sure he is. I was helping a friend out. For more info on it, just Google 268D3 . I believe it is basically a PUP and to shut the window, you most likely need to use the Task Manager. Using Ctrl+F4 did nothing. -- Buffalo |
#13
|
|||
|
|||
MALWARE!
On Fri, 24 Jun 2016 15:47:08 -0600
"Buffalo" wrote: "Alek" wrote in message ... A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. I'll bet it said it was 268D3 and that is was infecting the network and therefore if it wasn't fixed by calling the MS number 844-576-0461 the computer would be 'screwed' permanently, or similar to protect the Network. If you call it, it sounds like an East Indian guy answers and claims he is a MS certified tech. Sure he is. I was helping a friend out. For more info on it, just Google 268D3 . I believe it is basically a PUP and to shut the window, you most likely need to use the Task Manager. Using Ctrl+F4 did nothing. Mind you I called the number to confirm, am I a moron? |
#14
|
|||
|
|||
MALWARE!
"Buffalo" wrote in message ...
On Fri, 24 Jun 2016 15:47:08 -0600 "Buffalo" wrote: "Alek" wrote in message ... A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." I unplugged the Ethernet cable and turned the power off. It showed a screen "working on updates...don't turn your compouter off" and then eventually went to the power-off state. What should I do next? I see some sites recommend booting into Safe Mode and trying to run an anti-malware. Is there a boot disc I could make on my computer that would have the tools to rescue that machine? Thanks. I'll bet it said it was 268D3 and that is was infecting the network and therefore if it wasn't fixed by calling the MS number 844-576-0461 the computer would be 'screwed' permanently, or similar to protect the Network. If you call it, it sounds like an East Indian guy answers and claims he is a MS certified tech. Sure he is. I was helping a friend out. For more info on it, just Google 268D3 . I believe it is basically a PUP and to shut the window, you most likely need to use the Task Manager. Using Ctrl+F4 did nothing. Mind you I called the number to confirm, am I a moron? Yes, Burp&Fart, you ARE a MORON!!! Learn to read and comprehend !!! At least to the 3rd grade level. Sad! -- Buffalo |
#15
|
|||
|
|||
MALWARE!
On 06/23/16 10:15, Alek so wittily quipped:
A family member clicked on a link in an email supposedly from Amazon.com and got a screen saying "a serious malfunction has occurred in Windows 10 and Chrome, ca;ll this toll-free number etc....." a) don't click on links in e-mail, especially not in a microsoft browser b) don't use HTML mail, which often hides the *REAL* link by making it look as a legit link to whatever site it claims to be (don't use HTML in news readers, either, same reason) |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|