WARNING: Insidious virus on Internet

I had just gone on the Internet this afternoon when a large dialog box, supposedly warning of some serious problem with my Internet security, appeared, and I could not remove it. It had a toll-free number; to sum it up, the “technician” wanted to correct it but I would have to pay a fee. I did not identify my ISP to this person, and hung up. Later I was able to go back online–for awhile. The box appeared again, and I shut off the surge protector and haven’t switched the computer on since. I’m taking it to Office Depot tomorrow to have it checked out.
This is really a bad one.

So what’s the question?
Reported for forum change.

What would YOU do if you went online and saw this appear on your screen?

Any clues you could give up as to where you might have gotten it or anything useful?

This sounds like ransomware. Read this article. It looks like sometimes just closing your browser and not clicking “restore previous session” may work, but not always. This episode of Radiolab has a terrifying story about a woman hit hard by ransomware in a way that encrypted all her files and threatened to erase them if she didn’t pay hundreds of dollars.

After hearing that story, I installed Malwarebytes Ransomware Beta on my computer, just in case :).

Run a full scan using whatever security software is already in place. Download and run full scans with one or two other popular tools from Malwarebytes, Kaspersky, Sophos etc.

I wouldn’t call the number. I wouldn’t click on anything in the message box reporting the supposed problem.

Also, do you have your browser set to block popup? do you use any ad blocking utility?

Often the goal isn’t to get the $50 or whatever it is that they are asking you to “clean your system”, it’s to get your financial info and then clean you out/commit identity theft. Don’t contact them again.

There’s a great thread stickied in this forum with advice on cleaning malware from your system, read it here.

I’ll personally second the advice for Malwarebytes, that software is fantastic.

Sure as hell wouldn’t ring them up!

Update my adblock software.

Laugh about how stupid you’d have to be to fall for such a transparent ploy.

Calling the number isn’t “falling for it”. Paying the fee is “falling for it”.

Calling a toll-free number is actually smart, if you don’t mind getting junk calls, because it costs them money. I might well keep calling the number, just to work on my “stupid old man” impersonation.

… buy a Macintosh …

Let the hijack begin :smack:

Do you happen to know it’s raining where the OP lives and that he has no protective gament? Because that’s the only way this is a reasonable resonse.

Never click anything on the pop up. Close it with end process con+alt+del.

Can Macs get viruses and malware? We ask an expert
Two Mac viruses strike at the heart of the platform’s secure image

Checking your Mac for viruses

dougie_monty -

If this is the add/scam I think it is - it’s not a ‘virus’ in the traditional sense of the word. Its the internet equivalent of a ‘snake oil salesman’, and the worst part about it is being out the dollars to pay for their software (and if you did, and used paypal, they set up payment agreements so they can charge you again, and again and again).

As others have stated - if you run across popups/adds claiming you have a problem - close them immediately - never believe them - never click or call them - close and clear your browser history,and run malwarebytes and whatever current anti-virus software you have - and you will (most likely) be fine.

If you did end up installing the software -do the above plus uninstalling the software - dispute the charges with paypal/bank and change online passwords.

I know of several people that have, unfortunately, fallen for this scam - there did not seem to be any long term affects - their primary goals seem to be

a) sell you the snakeoil
b) try and get you to let them remote into your pc and get even more money from you thru offering to clean up your terribly infected pc.
c) potentially get info to reuse later

Another +1 for Malwarebytes.

This is not a virus. Just sayin’. If you wouldn’t install random crap on your machine there would be considerably less risk. Now in Chrome, it was possible until just recently to display the ransom message in the browser and “sorta” lock up the machine. That no longer works.

The scammers that want this stuff written tell me that the $conversion rate is good enough that they don’t care to totally screw up the machine nor even trap Ctrl+Alt+Del. They say people fork over the dough without even attempting to resolve it themselves. I guess there really is one born every minute.

One last comment about installing random crap- You needn’t have done it recently. What happens is one group of perps gets you to run something, or uses a legitimate exploit. This simply installs a sleeper exe. Now, possibly even months later, these people sell installs to the scummy “entrepreneurs” with considerably less skills. Scammer XYZ just pays $x and gets his .exe effortlessly delivered to tens of thousands of machines per day. By the time you see stuff appearing on your machine, you’ve long forgotten what you might have done to cause it.

Another new trend I’ve seen recently is ransomware on linux webservers. I had a script hack that encrypted some of the files on my webserver and wanted $50 in bitcoins to decrypt. Luckily I had a backup I could restore. This was using Joomla CMS and I believe it got in through a plugin that hadn’t been updated.

It’s basically harmless if you don’t call the phone number. I’ve seen many infections of it, and never found a problem. No virus is put onto the computer by it.

If you call the number, you won’t get infected unless you pay them to do it or grant them access to “check out” your computer. Anything they tell you will be a lie, BTW.

To get rid of this, kill the process: Press Ctrl-Shift-Esc to bring up the task manager. Look for your web browser on the list of apps, click on it, then on “End Task.” It will ask if you’re sure, but close the task. Then, when you bring up you browser, make sure it doesn’t go to the same pages on startup.