Another internet scam - and how to cope with it!

Discussion in 'Off-Topic Discussion' started by Fat Controller, Mar 4, 2017.

  1. Fat Controller

    Fat Controller 'Cuddly' Scottish Admin! Staff Member

    Joined:
    May 5, 2012
    Messages:
    26,223
    Gender:
    Male
    Occupation:
    Public Transport
    Location:
    At me 'puter, GCHQ Ashford Office, Middlesex
    Ratings:
    +48,882
    This afternoon, I had a panicked phone call from my neighbour across the street who had just paid her tax bill to HMRC, and then got the 'your browser is blocked - please phone this number at Microsoft for assistance' routine.

    Her daughter did ring the number, although did not get to speak to anyone and hung up, but still their browser was blocked. The next phone call made (thankfully) was to me, so I headed across the road to sort things out. By the time I got over there (I was just getting into the bath when she rang, so took a few mins to get dressed etc), she was on the phone to Barclays - sensible, but not necessary really.

    Within half an hour, I had easily resolved the problem for them at absolutely no cost. However, thinking about it, this could very easily trap someone who is not computer savvy, and lead them into a world of pain, so I thought I would post some info here and hopefully ensure that none of our GC friends get affected.

    There are some very simple steps to take if you get a message telling you your browser/computer is blocked, some of which you can do in advance to prevent it happening.

    Firstly DO NOT call the telephone number - all they want is your credit/debit card details to 'fix' the problem, and by the time you realise that it is a scam, you have lost a shed load of cash.

    If you are really not comfortable with doing much more than this, get help from someone who is reasonably happy with how computers work - and no, they don't need to be a computer engineer!

    - Download and install a program called Malwarebytes; the free version is perfectly adequate. Allow it to update, and then run a scan, following which allow it to 'quarantine' any threats. 9 times out of 10, this step will resolve the immediate problem.

    - Run a full virus scan

    - Restart your PC

    - Run CCleaner - if you don't have it, install it - it is free and works remarkably well.

    - Consider whether your browser (Internet Explorer, Edge, Chrome, Firefox etc) is potentially the source of the problem. I am not a fan of Internet Explorer or Edge personally, and in my opinion Chrome and Firefox are more secure.

    - If using Firefox, consider installing UBlockOrigin - this blocks the vast majority of adverts which is often the way that these unwanted bugs get in. You can then add 'exceptions' to disable ad blocking on sites that you know and love to continue to support those sites (Gardeners Corner of course being top of the list!)

    Before getting to a problem situation, download both Malwarebytes and CCleaner, and run them regularly to keep your PC in tip top health. In fact, doing all of the above is a good preventative.

    Please ASK if you need help - I am open to replies to this thread seeking help, or even PM's if that is easier for you. YOU DO NOT have to spend any money, and I do not offer assistance on a chargeable basis; If you are really stuck, I can even arrange with you to remotely access your PC to help you fix your problem. If I have helped you, and you want to 'repay' me in some way, then please make a donation to GC using the donate button, give the money to charity, pay the favour forward by doing a good deed for someone else, or raise a glass in my honour!

    There are many other members on GC who I am sure will also offer advice and help, so please please please DO NOT be duped into handing over your credit/debit card details to anyone, and DO NOT feel that you have to pay someone to help solve your problems.
     
    • Friendly Friendly x 3
    • Like Like x 2
    • Informative Informative x 2
    • Useful Useful x 1
    • clueless1

      clueless1 member... yep, that's what I am:)

      Joined:
      Jan 8, 2008
      Messages:
      17,778
      Gender:
      Male
      Location:
      Here
      Ratings:
      +19,594
      What's the nature of the attack? Is it the classic browser hijack, ie mess with the registry to route all Internet traffic through a proxy, or is it something else?
       
    • Fat Controller

      Fat Controller 'Cuddly' Scottish Admin! Staff Member

      Joined:
      May 5, 2012
      Messages:
      26,223
      Gender:
      Male
      Occupation:
      Public Transport
      Location:
      At me 'puter, GCHQ Ashford Office, Middlesex
      Ratings:
      +48,882
      Its the classic browser hijack that prevents any use of the browser at all, to scare you into calling the number they helpfully provide, at which point they presumably will tan your card to its limit and then uninstall their rubbish from your PC (or not as the case may be). Interestingly, this is the first one I have seen that is accompanied by an audio announcement 'Your PC has been blocked;' etc....

      A quick run of Malwarebytes, followed by getting shot of the registry entry solves it - dead easy really, suggesting that it is quite an amateurish attempt.

      Needless to say, I have told my neighbours that if anything of this nature happens in future, the first thing they do is call me or knock my door. I will be uninstalling their McAfee in the next couple of weeks (they are asking £95 renewal for one PC the robbing bar-stewards!), and will install something more suitable for them (AVG, Avast or ESET most likely).

      Whilst I was at it, I updated Java, Flash and the .NET framework just to make sure that all the potential doors were as closed as they could be.
       
      • Informative Informative x 2
      • clueless1

        clueless1 member... yep, that's what I am:)

        Joined:
        Jan 8, 2008
        Messages:
        17,778
        Gender:
        Male
        Location:
        Here
        Ratings:
        +19,594
        So it's changing the ip address of the proxy from the default to a real but naughty proxy, or changing the ip to the dns to a naughty dns that routes to a naughty website. Either way the result is the same. The perpetrators have total control over what reaches your browser. A classic registry hack. It's good to know that the perpetrators have not yet advanced beyond school boy level hackery.

        Quite apart from FC's good advice, which I agree is 100% bang on, the only thing I'd add is that this kind of attack is only possible because most windows users still insist on logging in with full administrator rights by default, then hitting the interweb with notoriously insecure Web browsers like the default IE.

        Or, the worst possible thing. IE on a machine with java and flash installed, logged in as administrator.

        It takes about 30 seconds to create a user account that let's you do all your normal stuff but will not allow system level changes.
         
        • Informative Informative x 2
        • Agree Agree x 1
        • shiney

          shiney President, Grumpy Old Men's Club Staff Member

          Joined:
          Jul 3, 2006
          Messages:
          61,004
          Gender:
          Male
          Occupation:
          Retired - Last Century!!!
          Location:
          Herts/Essex border. Zone 8b
          Ratings:
          +117,311
          Thanks for the info :blue thumb:

          Maybe this should be a 'Sticky' with an alteration to the title adding something like 'How to cope with it'. :)
           
          • Like Like x 1
          • Fat Controller

            Fat Controller 'Cuddly' Scottish Admin! Staff Member

            Joined:
            May 5, 2012
            Messages:
            26,223
            Gender:
            Male
            Occupation:
            Public Transport
            Location:
            At me 'puter, GCHQ Ashford Office, Middlesex
            Ratings:
            +48,882
            Can do @shiney - things like this really get on my nerves, and I hate the thought that people will have to spend money needlessly.
             
            • Like Like x 1
            • shiney

              shiney President, Grumpy Old Men's Club Staff Member

              Joined:
              Jul 3, 2006
              Messages:
              61,004
              Gender:
              Male
              Occupation:
              Retired - Last Century!!!
              Location:
              Herts/Essex border. Zone 8b
              Ratings:
              +117,311
              I have a very good computer man and he sometimes sorts people's trouble such as you describe for nothing, if they're good customers, or for very little.

              Whilst we were away he serviced (cleaned out) my computer, readjusted all the back-up systems, cleared all the rubbish and changed my USB ports to USB 3. He picked the computer up and delivered it back and charged a total of £50. He's never going to get rich that way!

              He's also a hot chilli man :dbgrtmb:
               
              • Like Like x 1
              • pete

                pete Growing a bit of this and a bit of that....

                Joined:
                Jan 9, 2005
                Messages:
                47,722
                Gender:
                Male
                Occupation:
                Retired
                Location:
                Mid Kent
                Ratings:
                +84,381
                I've just installed Malwarebytes, and it is now quarantining 3880 suspect files.:biggrin:

                Now I know I'm a suspicious git, but my PC seems to be running OK and has been for a while, so are these suspicious files really a problem?
                Or has this anti malware programme just come up with all this just to get me worried and get me to pay them £35 for the proper version?
                 
              • Fat Controller

                Fat Controller 'Cuddly' Scottish Admin! Staff Member

                Joined:
                May 5, 2012
                Messages:
                26,223
                Gender:
                Male
                Occupation:
                Public Transport
                Location:
                At me 'puter, GCHQ Ashford Office, Middlesex
                Ratings:
                +48,882
                No, you do not need to pay them anything @pete - the free version is perfectly adequate.

                The files it has identified are PUP's (Potentially Unwanted Programs) - the vast majority of these are harmless, and often linked to adverts etc, but it is the one that isn't harmless that causes the problem.

                Quarantining them will do no harm, and on that basis it is a case of being overly safe rather than sorry.
                 
                • Like Like x 1
                • Informative Informative x 1
                • clueless1

                  clueless1 member... yep, that's what I am:)

                  Joined:
                  Jan 8, 2008
                  Messages:
                  17,778
                  Gender:
                  Male
                  Location:
                  Here
                  Ratings:
                  +19,594
                  It will be genuine. It's probably mostly cached images and browser plug ins from some of the websites you view in incognito mode.
                   
                  • Like Like x 2
                  • Informative Informative x 1
                  • pete

                    pete Growing a bit of this and a bit of that....

                    Joined:
                    Jan 9, 2005
                    Messages:
                    47,722
                    Gender:
                    Male
                    Occupation:
                    Retired
                    Location:
                    Mid Kent
                    Ratings:
                    +84,381
                    • Like Like x 1
                    • shiney

                      shiney President, Grumpy Old Men's Club Staff Member

                      Joined:
                      Jul 3, 2006
                      Messages:
                      61,004
                      Gender:
                      Male
                      Occupation:
                      Retired - Last Century!!!
                      Location:
                      Herts/Essex border. Zone 8b
                      Ratings:
                      +117,311
                      I ran Malwarebytes today (no problems and nothing needed seeing to) and then CCleaner (originally entitled CrapCleaner) and it cleaned up 800MB (mainly photos from the Recycle Bin as I had just got rid of a lot of photos I took whilst on holiday :noidea:). We took over 1,300 photos last week :doh:.
                       
                    • Fat Controller

                      Fat Controller 'Cuddly' Scottish Admin! Staff Member

                      Joined:
                      May 5, 2012
                      Messages:
                      26,223
                      Gender:
                      Male
                      Occupation:
                      Public Transport
                      Location:
                      At me 'puter, GCHQ Ashford Office, Middlesex
                      Ratings:
                      +48,882
                      Happy days - it appears you have a content and safe machine @shiney :)
                       
                      • Like Like x 1
                      • shiney

                        shiney President, Grumpy Old Men's Club Staff Member

                        Joined:
                        Jul 3, 2006
                        Messages:
                        61,004
                        Gender:
                        Male
                        Occupation:
                        Retired - Last Century!!!
                        Location:
                        Herts/Essex border. Zone 8b
                        Ratings:
                        +117,311
                        I talk to it nicely. :dbgrtmb:
                         
                        • Friendly Friendly x 1
                        Loading...

                        Share This Page

                        1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
                          By continuing to use this site, you are consenting to our use of cookies.
                          Dismiss Notice