moderated Re: Spyware


paul lemm
 

Hi Gerald,

Once I somehow picked up a really nasty bit of ransomware, when you re booted your system the message flashed up and took complete control of the system, so not only did it stop jaws working but also disabled Microsoft functionality too, so you couldn't access start menu, task manager and any windows key commands and safe mode wasn't a fix, just this screen saying I needed to contact the metropolitan police and pay a fine to unlock my PC. I got a sighted friend round who is very tec savvy and even he couldn't find a way of accessing anything from within windows, in the end we had to run a ransom wear tool directly from the bios , which since windows isn't active took ages , but it did fix the problem in the end. Long story short it was probably one of the most sophisticated and nasty bits of malicious software I've come across. Hope I never see it again


Paul

-----Original Message-----
From: main@jfw.groups.io [mailto:main@jfw.groups.io] On Behalf Of Gerald Levy
Sent: 03 April 2018 20:17
To: main@jfw.groups.io
Subject: Re: Spyware


But suppose the ransomware gets installed as soon as you click on the link to the rogue web site, and you start hearing the message to call the 800 number or else. If your computer has been frozen and you shut it down by pressing the power button and then reboot it, there is a good chance that you will not have speech because the ransomware will prevent JAWS or other default screen reader from loading. Then what do you do?

Gerald



-----Original Message-----
From: Mario
Sent: Tuesday, April 03, 2018 3:05 PM
To: main@jfw.groups.io
Subject: Re: Spyware

when I got hit, thinking it was a prank because of some missing info, I immediately shutdown, disconnected from the router, ran a MRT quick scan then a full VIPRE scan, cleaned up any cached leftovers, rebooted, reconnected to the router, and everything is fine. but I didn't call the answer desk. should I have?



-------- Original Message --------
From: Sieghard Weitzel [mailto:sieghard@live.ca]
Sent: Tuesday, Apr 3, 2018 11:05 AM EST
To: main@jfw.groups.io
Subject: Spyware

It won’t hurt your computer if you pull out the cord.

*From:* main@jfw.groups.io <main@jfw.groups.io> *On Behalf Of *Gerald Levy
*Sent:* Tuesday, April 3, 2018 6:24 AM
*To:* main@jfw.groups.io
*Subject:* Re: Spyware

In retrospect, I probably should have called the MS accessibility helpline instead of calling the 800 number as instructed by the ransomware message. But I was so freaked out that in a panic, I called the 800 number. If I ever experience another such ransomware attack, I will definitely call the MS accessibility helpline first.

Gerald

*From:*Richard Turner <mailto:richardturner42@outlook.com>

*Sent:*Tuesday, April 03, 2018 9:08 AM

*To:*main@jfw.groups.io <mailto:main@jfw.groups.io>

*Subject:*Re: Spyware

No charge, completely free, and in my expierience, they will work with you until the issue is resolved no matter howlong it takes. I was on one call for almost 2 hours when my system had gotten really messed up.

I believe they are open in the United States from 6AM to 10PM week days and 6 to 3 on weekends. Something like that.

I would suggest calling them anyway, and have them log into your computer to see if there are any traces left, even though you’ve done a check.

I’d also, obviously, not go near that web site again, grin.

Richard

“The secret is not to make your music louder, but to make the world quieter.”

- Mitch _Albom_from The Magic Strings of Frankie Presto, page 1

*From:*main@jfw.groups.io <mailto:main@jfw.groups.io> <main@jfw.groups.io <mailto:main@jfw.groups.io>> *On Behalf Of *John Doering
*Sent:* Tuesday, April 3, 2018 5:43 AM
*To:* main@jfw.groups.io <mailto:main@jfw.groups.io>
*Subject:* Re: Spyware

Richard, Jessica, and Paul:

Thank you all for the advice. If it comes up again, I will definitely
call Microsoft accessibility. Is there any charge for calling them?

Regards,

*John Doering*

Administrative Pricing Specialist****

**

*p. **414-778-3040 Ext 4063****t. **800-642-8778 **f.**414-778-3392*****

NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments.

*From:*Richard Turner [mailto:richardturner42@outlook.com]
*Sent:* Tuesday, April 03, 2018 7:25 AM
*To:* main@jfw.groups.io <mailto:main@jfw.groups.io>
*Subject:* Re: Spyware

John,

If you know the 800 number, you could Google it from your work computer to find out if it is for real, which I highly doubt.

But, I'd call Microsoft accessibility: 800-936-5900 from before turning on the computer. Ideally, from a speaker phone so when you turn it on, if the pop-up comes up they can hear it.

HTH,

Richard

“The secret is not to make your music louder, but to make the world quieter.”

- Mitch _Albom_ from The Magic Strings of Frankie Presto, page 1


On Apr 3, 2018, at 5:07 AM, John Doering <john.doering@ibsupply.com <mailto:john.doering@ibsupply.com>> wrote:

Hello:

When surfing the web last night, I entered on a link and got a pop
up window that stated Windows detected my system was attacked by
spyware. It stated the spyware was now stealing my credit card
numbers, passwords, and the rest. It also stated this verbally in a
female voice with what sounded like a British accent. It demanded
that I call Microsoft at an 800 number it provided. It also stated
that if I closed the window without calling that Microsoft 800
number, Microsoft would to protect their system disable my IP address.

I never trust pop ups from the web so tried to close the window
without success. I then shut down my system, but when I powered
back up the pop up came up again. This time though, I was able to
close the window. I ran a virus scan with Windows Defender and
there were threats found. I entered on the take action link and let
it run its course. I then ran MRT.exe which found nothing. Then I
shut down the system and have not started it since. Keep your
fingers crossed that it is gone when I power up.

For your information, I am sending this message from my work
computer, so should not be infected.

Has anyone heard of this and is the 800 number legit?

Any help would be appreciated.

Thankyou,

*John Doering*

Administrative Pricing Specialist**

**

*p. **414-778-3040 Ext 4063****t. **800-642-8778
**f.**414-778-3392*****

NOTICE: The information contained in this email and any document
attached hereto is intended only for the named recipient(s). If you
are not the intended recipient, nor the employee or agent
responsible for delivering this message in confidence to the
intended recipient(s), you are hereby notified that you have
received this transmittal in error, and any review, dissemination,
distribution or copying of this transmittal or its attachments is
strictly prohibited. If you have received this transmittal and/or
attachments in error, please notify me immediately by reply e-mail
and then delete this message, including any attachments.

Join main@jfw.groups.io to automatically receive all group messages.