moderated Re: Spyware
Microsoft Accessibility was able to get rid of the message voice using task manager, but they had a fun time doing so!toggle quoted messageShow quoted text
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of netbat66
Sent: Tuesday, April 03, 2018 11:11 AM
Subject: Re: Spyware
most of the time when you press alt f4, click on close, cancel etc. this will install the spyware.
you should not click on anything and turn the computer off with the power button.
without even trying to close it.
if you are realy infected, the only way you would be sure it is gone is to wipe the drive and re install windows from scratch.
or use a known good backup.
From: Gerald Levy
Sent: Tuesday, April 03, 2018 6:07 AM
Subject: Re: Spyware
This happened to me a few months ago. I was surfing the web for more
information about Spectrum Internet service, and when I clicked on the link for
a seemingly innocent web site, all of a sudden,a window popped up and a message
in a synthesized female voice with a British accent started playing over and
over warning ominously that my computer had been taken over, and that if I
wanted to have it restored to normal, I needed to call an 800 number. The
message would not stop repeating itself, and I could not close the window to
get rid of it. And I discovered to my horror that my computer had been frozen.
I could not access my desktop or start menu or launch any programs. I could
not access any files or folders. I could not even bring up the shutdown menu
to shut down my computer, and I was afraid that if I tried to perform a hard
shut down by pressing and holding the power button, my computer would not boot
up when I pressed the power button again. I figured that this was some kind of
ransomware attack, so in a panic, I called the 800 number that the message kept
repeating and was greeted by some scammer with a Nigerian accent who calmly
told me that if I wanted my computer restored to normal,he would be glad to fix
it for $150. When I agreed to send $150 to some offshore account using PayPal,
the guy proceeded to “fix” my computer. I was scared sh-tless that my computer
would never work again, but to my great relief, when I rebooted as the scammer
instructed, everything was back to normal. I ran full scans using MSE and
Malware Bytes, and everything came up clean. Fortunately, I got the last laugh
because I immediately contacted PayPal which cancelled the transaction, so that
the scammer never received a dime of my money. These scanners can apparently
circumvent even the most effective anti-malware programs, and no matter how
careful you are, this can happen suddenly and unexpectedly without warning. It
is really scary.
From: John Doering
Sent: Tuesday, April 03, 2018 8:07 AM
When surfing the web last night, I entered on a link and got a pop up window
that stated Windows detected my system was attacked by spyware. It stated the
spyware was now stealing my credit card numbers, passwords, and the rest. It
also stated this verbally in a female voice with what sounded like a British
accent. It demanded that I call Microsoft at an 800 number it provided. It
also stated that if I closed the window without calling that Microsoft 800
number, Microsoft would to protect their system disable my IP address.
I never trust pop ups from the web so tried to close the window without
success. I then shut down my system, but when I powered back up the pop up
came up again. This time though, I was able to close the window. I ran a
virus scan with Windows Defender and there were threats found. I entered on
the take action link and let it run its course. I then ran MRT.exe which found
nothing. Then I shut down the system and have not started it since. Keep your
fingers crossed that it is gone when I power up.
For your information, I am sending this message from my work computer, so
should not be infected.
Has anyone heard of this and is the 800 number legit?
Any help would be appreciated.
Administrative Pricing Specialist
p. 414-778-3040 Ext 4063 t. 800-642-8778 f. 414-778-3392
NOTICE: The information contained in this email and any document attached
hereto is intended only for the named recipient(s). If you are not the intended
recipient, nor the employee or agent responsible for delivering this message in
confidence to the intended recipient(s), you are hereby notified that you have
received this transmittal in error, and any review, dissemination, distribution
or copying of this transmittal or its attachments is strictly prohibited. If
you have received this transmittal and/or attachments in error, please notify
me immediately by reply e-mail and then delete this message, including any