MS Scam Pop-Up fix/help

Status
Not open for further replies.

jssgbsn

Estimable
Dec 30, 2015
1
0
4,510
My inlaws recently fell for an internt pop-up scam.

Its the one that says something to the effect of 'Call the number below immeditaerly to remove the virus/adware/spyware/malware/etc..from your computer'. It a blue screen pop-up, looks official to anybody that isnt familiar with computers. Has audio in the background speaking the text of the long pop-up. When you try and close the window using the 'X' button in the upper right it 'sometimes' closes but will open another tab of the exact same message. Basically unless you can force quit your browser it keeps popping up over and over and wont actually close in a 'traditional' manner.

If you have ever seen this you will know what I am describing.

It is the one that even if you try and close the webpage it either will not close or once you close it it opens a new tab with the same message in 'type and audio'.

Of course they figure t must be MS since I cant close the message and it keeps coming back.

So thjey just told me they were on the phone with somebody last night that they called from that number. The person had them gop through the CMD Prompt/DOS Prompt and tpye who knows what into it.

I already have had them change all login/passowrd info from a secrure PC/Network. And they have recently been considering lifelock/similar so they will probabalt do that also.

I told them to disconnnect their PC completely. Network and Power.

I am gonna go and backup their docs and wipre/reinstall Windows.

Before I do that is there a way to run a report log to find out what has happened in the CMD. (i have the time of their phone call so I have a window to search for a log).

I will probably do a factory reset on their modem and router as well. Juist trying to figure out what happened on the phoine call in the CMD.

Any other advice/opinions about what to do? I have already explained that none of their login/password info (or anything remotely close) can be used again. Number strings, initals, dates, names, places, etc...

Thanks in advance for any replies. Pretty sure what I am having them do is adequate, just wanna toss it out there to othetr more qualified techies :)
 

mdd1963

Distinguished
try www.freefixer.com

I suspect simple browser hijacking....the above will show any suspicious browser add-ons/redirects once it is complete with it's scan...

Very useful tool, safe to run, but, caution to user on what is deleted....
 
Sep 27, 2018
1
0
10


Also, install something like malware bytes or avast so if you run across it in the future it will automatically get blocked and you won't have to go through the hassle of trying to remove it.

-- Owner of https://techscammersunited.com/ --
 
Status
Not open for further replies.