Ransomeware

Information, discussions, warnings, and friendly assistance with all your computer-related problems.

Moderators: godfather, Dreamweaver

Post Reply
User avatar
Dreamweaver
Global Moderator
Posts: 8404
Joined: 16 Sep 2005, 15:46
Location: Victoria

Ransomeware

Post by Dreamweaver » 21 Feb 2017, 22:39

I am hoping I am recovered from a Ransomware attack. I got an onscreen announcement that said a virus had been detected on my computer, and it had been locked down to prevent further damage. and I was to phone a certain number to be guided in a recovery process. Although I couldn't close internet pages, I was able to shut the computer down as normal.

Then I got a USB stick and backed up my MS Word docs, of which I have many. My son guided me over the phone through my list of files, and how to eliminate anything that looked dodgy. Then I ran Malwarebytes, and now I'm back on line. Fingers crossed. Puter does seem to be behaving better than it did for a few days even before the obvious attack.
:happy-sunshine:

User avatar
Perrorist
Administrator
Posts: 3545
Joined: 17 Sep 2008, 12:36
Location: Tumbi Umbi, Central Coast, NSW
Contact:

Re: Ransomeware

Post by Perrorist » 22 Feb 2017, 06:45

Any idea how you acquired the virus?

User avatar
Buck_naked
Emerald Member
Posts: 6087
Joined: 08 Jul 2013, 18:47
Location: potting shed

Re: Ransomeware

Post by Buck_naked » 22 Feb 2017, 07:12

did you click on a dodgy email????

User avatar
Dreamweaver
Global Moderator
Posts: 8404
Joined: 16 Sep 2005, 15:46
Location: Victoria

Re: Ransomeware

Post by Dreamweaver » 22 Feb 2017, 08:14

I was on Facebook. I suspect it was a link from there, but I can't remember what it might have been. I tried later to look in my history, but couldn't find that either because it was wiped or more likely my own senior's moment! :lol:

I do wonder though if that wasn't the true origin, and they'd been in a couple of day or so previously, as I'd noticed a few differences, such as my sound disappearing. I had checked all possibilities and found no reason. Now that I've got rid of suspect files, lo and behold, my sound is back!

User avatar
Dreamweaver
Global Moderator
Posts: 8404
Joined: 16 Sep 2005, 15:46
Location: Victoria

Re: Ransomeware

Post by Dreamweaver » 25 Feb 2017, 11:51

Ouch!
That attack was on my PC. Now I've got one on my lappy, which is too old to accept Windows 10, and runs on 7 happily.
This time I took more notice. Yes I was on Facebook, but had just clicked a sidebar ad for a 1 room cottage kit, 1 day to erect, last a lifetime, $5000.

I must not click on ads.
I must not click on ads.
I must not click on ads.

What came up was a Microsoft page (pretending to be) with two large signs saying 'call for support 02 8599 4333'
But superimposed on this was a notice:-
s3-us-west-2.amazonaws.com says
YOUR COMPUTER HAS BEEN BLOCKED
Error #2803
Please call us immediately on 02-8599-4333
Do not ignore this critical alert.
If you close this page, your computer will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a virus and spyware. The following information is being stolen
. . . Facebook login
. . . Credit card details
. . . Email account login
. . . Photos stored on this computer
You must contact us immediately so that our engineer can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your computer from being disabled.
Toll Free 02-8599-4333
That error number could be 26803 - my scribble not clear!
There was also something about attempting to close the page would result in being disabled, so I didn't do that. As I have little on my lappy, I just powered off, then started it up in Safe Mode and ran Malwarebytes, which found nothing malicious

User avatar
Dreamweaver
Global Moderator
Posts: 8404
Joined: 16 Sep 2005, 15:46
Location: Victoria

Re: Ransomeware

Post by Dreamweaver » 25 Feb 2017, 11:54

Facebook reporting page
https://www.facebook.com/ReportVirus/

How to delete the Facebook virus
https://www.techwalla.com/articles/how- ... book-virus

Since most reports for it are from 2014/15, I expect it has evolved since then.

User avatar
Perrorist
Administrator
Posts: 3545
Joined: 17 Sep 2008, 12:36
Location: Tumbi Umbi, Central Coast, NSW
Contact:

Re: Ransomeware

Post by Perrorist » 25 Feb 2017, 15:48

You obviously did the right thing. I don't see ads on Facebook. I have a plug-in called FluffBuster that allows me to organise FB any way I like, more or less. You can find it here:

http://www.fbpurity.com/install.htm

Post Reply