Scary popup screens -- wants you to call Microsoft

JNozum

New member
Local time
7:31 PM
Messages
2
Location
Moundsville, WV (USA)
As a local computer technician in the Moundsville, WV area, I am getting complaints of customers getting scary flash-up screens with dire warnings, wanting you to call "Microsoft"--RIGHT AWAY (EMERGENCY!). They may threaten to withdraw from your bank account. They often try to disable the 'X', trying to keep you from exiting your browser. I had one variation, which had a LOUD emergency alarm, specifically to induce PANIC. From talking to another computer guru, it appears that today's browsers are so much more secure that creeps can't penetrate them like they could 5-10 years ago, so now they're resorting to "scareware", trying to scare the crap out of users. Fortunately, CTRL-ALT-DEL will allow you to "kill" the browser that is currently having this scary message. Upon rebooting, people have done multiple security scans, and "nothing" is found. However, they are very troubling, especially for older people and those already prone to anxiety and/or otherwise stressed out. I've educated people about unwanted toolbars, adware, and even tainted versions of Google Chrome. However, 2-3 of my customers seem to be VERY TARGETED for such flash-up screens--on an unusually frequent basis.

Another curve ball to this whole mess is the fact that most newer computers are set so when you hit the power button, it goes to SLEEP (or hibernate). THIS IS VERY DANGEROUS!!! When I fix computers or prep new ones, I go to the Power Options and change "What the power buttons do" to "shut down". Even the emergency shutdown (holding in on the power button 4-5 consecutive seconds) is much more limited in its usefulness when the power button is programmed to go to sleep or hibernate. Upon firing back up, it can TAKE YOU RIGHT BACK TO THAT DANGEROUS STATE AGAIN!!! However, when the computer does a full shut-down (not go to sleep or hibernate), then it has a much better chance of breaking the tie with the "boogeyman" on the other end.

I'm concerned that many of these are getting in through infected ad servers, in which we can't do a whole lot about. If that isn't bad enough, more and more sites are DEMANDING that we turn off our ad blocker--and will DENY us content until we do! :( Since most of these are not quote "viruses", a regular AV program will NOT catch it. Some of these may actually be graphical screens, probably a Flash thing, which would make it much more impossible for an AV program to catch. I try to explain that usually no damage is done as long as you don't call that number. Since they can't penetrate systems like they could 5-10 years ago, they resort to SCARY stuff, HOPING that you would CALL that number--RIGHT NOW. It is at that point and when a remote connection is made that the REAL damage starts. However, this is happening rather FREQUENTLY with some people--and is VERY DISTRESSING and UNNERVING. Aside from doing multiple scans for viruses and other malware and checking for unwanted toolbars and more, is there anything else I can do to ease the fears and such of my customers--and keep such from happening again and again, particularly on a frequent basis? It is as if some people are SPECIFICALLY TARGETED for such scareware. I'm also having difficulty counseling some of these people, and are so paranoid, panicky, and such. I usually recommend my customers to use Firefox and definitely try to stay clear of IE when feasible. As for Google Chrome, I really get into people's minds, QUESTIONING WHERE they got it from. I am VERY PARTICULAR about this. If a person says "I don't know how it got there" or "It just got there", THAT SCARES ME me as a technician! These are the ones that are often TAINTED (POISONED versions of Chrome). I've seen 1-2 "versions" of "Chrome" that AVG flagged as a virus and/or other serious malware!

Any ideas or better explanations of things here?

From John Nozum
 

My Computer My Computer

At a glance

Windows 7 Professional 64-bitIntel i7 at 3.6 GHz8 GB DDR3NVidia
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Windows 7 Professional 64-bit
CPU
Intel i7 at 3.6 GHz
Motherboard
Dell motherboard
Memory
8 GB DDR3
Graphics Card(s)
NVidia
Hard Drives
2 1-TB Western Digital SATA HD's
Antivirus
AVG 2015 Free
Browser
Firefox
In most cases it's just a message on a website and nothing is downloaded. Setting DNS to 208.67.220.220 & 208.67.222.222 will help it's opendns which blocks bad sites it's also very fast
 

My Computer My Computer

At a glance

win 8 32 bit
Computer type
PC/Desktop
OS
win 8 32 bit
Hi,
Most of the time the issue spawns from people opening or following links in email services usually not much anyone can do to help them :)
 

My Computer My Computer

At a glance

Win-7-Pro64bit 7-H-Prem-64biti7-5930K 2nd i9-9940x both water blocked VRM'...Trident-z 3200C14 2nd Trident-z 3600C16EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom assembled by me :}
OS
Win-7-Pro64bit 7-H-Prem-64bit
CPU
i7-5930K 2nd i9-9940x both water blocked VRM's too
Motherboard
ASUS SABERTOOTH X99 2nd ASUS x299 Apex
Memory
Trident-z 3200C14 2nd Trident-z 3600C16
Graphics Card(s)
EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Sound Card
Built-in Realtek
Monitor(s) Displays
1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution
1920 x 1080 144Hz
Hard Drives
2-Samsung M.2 Evo & Evo Plus
2-Samsung 850 EVO 500GB SSD's/ 3-2.5 W.D. Black 1tb-&3-1tb/3-3.5 WD Black 1tb hdd's
PSU
EVGA SuperNOVA 1000-P2 2nd 1200-P2
Case
2-Corsair Obsidian Series 450D Black ATX Mid Tower
Cooling
Custom water loops
Keyboard
Logitech G710+/ 2nd Logitech G910
Mouse
2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
Internet Speed
Comcast Ping 19ms 89.31mbps download speed 6.12mbps upload
Antivirus
Malwarebytes Pro/ Superantispyware Pro
Browser
FireFox & Pale moon
Other Info
2nd ASUS X299 Apex/Intel i9-9940x with Custom water loop/7H-Prem-x64/Corsair 450D case/Ram Trident-z 3600C16 4x8gb / Samsung970Evo plus 500gb SSD/Dual ssd EZ swap evo/PSU EVGA SuperNova 1200w-P2 80+Platinum/GPU Titan Xp /8-ML-140 on push-pull on 2-280GTX rads
most newer computers are set so when you hit the power button, it goes to SLEEP (or hibernate).

I can't figure out why anyone would make the default behavior for the ON/OFF button to be to put the computer in sleep mode. A person naturally thinks of shutting something down when he presses the ON/OFF button.

I'm concerned that many of these are getting in through infected ad servers, in which we can't do a whole lot about. If that isn't bad enough, more and more sites are DEMANDING that we turn off our ad blocker--and will DENY us content until we do!

I browse with Firefox, with NoScript Security Suite added in. I have it set to block all scripts except those I have whitelisted. It is really fun to see all of the junk that NoScript blocks. And most sites will run adequately with only their own scripts enabled. For those must-have sites which don't work well (or at all) with FF/NoScript, I use Opera with ad-blocking turned on.
 

My Computer My Computer

At a glance

Linux Mint 18.2 xfce 64-bit (VMWare host) / W...Haswell4 GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
CPU
Haswell
Memory
4 GB
Monitor(s) Displays
Acer 23"
Screen Resolution
1920 x 1080
Hard Drives
Two hard drives, 1TB each: One for Linux, one for my data.
Keyboard
IBM Model M
Antivirus
Sophos (Linux), Trend Micro (Windows)
Browser
Firefox, Opera
Other Info
I use Samba to share my data drive with the other computers at my house and with my guest session in VMWare Workstation Player.
Back
Top