Friday afternoon, I suddenly heard beeping from the room where my wife’s computer was. She soon came to me and said that there was a screen that said her computer was having problems and she must call Microsoft immediately. Oh, and she must not under any circumstances turn the computer off. The phone number it gave was not the Redmond area code. I know this because when my son worked as an MS programmer (he was on the XT team) his office and home phone number used the same area code and that was not what was displayed on the screen.
Of course, I used the emergency shutdown and then rebooted. I should have immediately run the antivirus scan. But everything seemed okay. Until it came back immediately. Time to call my son. He was working, but said turn it off and he would call back Saturday morning. Which he did. It rebooted fine. If it hadn’t we were going to try to boot in safe mode, but it wasn’t necessary. I backed up the directory in which she had all her text files and then ran scan. It took a couple hours and reported one threat(s) found, but no current threats. I assume that whatever it found, it fixed. The computer seems to working fine.
What did my wife do? Well, she was on a web site and clicked on a button there and all hell broke loose.
^^^ This. There has been no meaningful penetration of the machine (or it’s quite unlikely at least). It’s just a little script trick that causes the browser to pop up the message; the actual hack would happen if you call the number and go along with their instructions to let them open a remote connection to “help” you. Try googling the exact text of the warning to see if you can find removal instructions; they’ll probably be quick and straightforward.
Keep in mind, however that even trustworthy sites will often serve hijacked ads (they basically all use the same ad providers in their page code). No domain that serves ads can be trusted and you should always consider blocking ads. You can always whitelist sites that you want to display ads on (for instance, to support specific sites you visit).
Running a good browser or machine adblock(Adguard, uBlock Origin, Privacy Badger) would have thwarted the malicious ad that was served to her.
A couple of weeks ago, I had a browser hijack in the Google Chrome browser, which changed my homepage, and also changed which page opened on new tabs. I Googled for ways to get rid of it but nothing I found worked, so eventually I uninstalled and reinstalled Chrome. That seems to have gotten rid of it.
No kidding! I once picked up a ransomware screen lock when my cursor inadvertently slid over an ad that must have been infected. Didn’t even click on it. The computer shop freed my machine.
Checked; I’m up to date. For what it’s worth, Mozilla says they automatically update Firefox, and my system says I’m on the October 14 release. The one before that had the exploit fix.