This morning I was surfing the internet for generators. I saw what they had at Home Depot, so as I was entering Lowe's in my Vivaldi browser search bar, a "Microsoft alarm" went off on my computer. Very loud with flashing words, so much so that it distracted me from what all I was seeing on my screen. So I don't remember it all.

But the jest of it was that my computer was being locked down by Microsoft because I had used a website where private data (mine & others) had been compromised. I was told not to turn off my computer or data might be lost. I was instructed to immediately call 1-844-388-4573 to resolve the issue.

Sure enough, I could not get to my desktop or my taskbar. If I closed out the flashing warning window, it came back immediately. So I invoked the Task Manager via Ctrl+Alt+Del and then restarted my computer. I then had MBAM Paid and Defender do scans, and they found nothing (nor had either reported what had just happened on my computer). As far as I can tell, no data is missing from my computer and everything appears to be working fine.

I don't think it was Ransomware because I was able to regain control of my computer. But the loud noise and flashing screen scared the bejesus out of me. If I hadn't known better, I would have thought that a buddy was playing tricks on me. Jay, are you messing with me???

I later searched the internet to find out about the phone number, but that wasn't successful. Needless to say, I did not dial the number.

Does anyone have any idea what that was all about? Got me a little nervous because of all the safeguards I use. Thanks in advance.......

_________________
BB
http://barrypatch.net

I suspect it was what I call Scare ware. Something infiltrated your system to cause the alarm. It was not really a virus but a tactic to try to get you to call the number. If you had called the number I assume that they would have tried to get you to allow remote access to fix. This type of attack would normally be through a malicious web site. I'm surprised the MBAM did not block access to the site.

A search on the phone number comes up as it not existing so I have to assume it is a falsely generated number.

I notice that before this happened you visited Home Depot. It would not be the first time that Home Depot was compromised.

_________________

As always, Jay, your sage advice has made me feel a little better. And the Scareware did scare me, lol. And it still bothers me that I could not regain control of my computer without a restart.

It makes sense that it might have been the Home Depot website, because after looking around on it for several minutes, I got ready to visit Lowe's. But I had not even finished typing the word "Lowe's" in the browser search bar when the scare attack took place.

I am also disappointed that neither Defender nor MBAM blocked any Scareware malicious website. Do you have a recommended utility or tool that will block Scareware? And is there something else I should be doing to ensure that my computer and data have not been compromised? Everything appears normal; however, who knows what lurks beneath?

I just read this note on the internet: "If the web page you have found gives you any sense of alarm, pressing ALT-F4 on your keyboard will shut down your browser and stop any Scareware from getting downloaded." I wish I had known that because doing so might have regained control of my computer without having to do a restart.

_________________
BB
http://barrypatch.net

Jay, although I didn't understand all of it, this is an interesting read on the scareware subject:
https://forums.malwarebytes.com/topic/245095-hijacked-web-browser/

_________________
BB
http://barrypatch.net

The problem with Defender/MBAM in a case like this is that scare ware is hard to detect as malicious. There is actually nothing malicious in the page's code. There is just code that disables closing the window and other things. None of this, in itself, can be detected as malicious. Nor can the content of the page be detected as malicious as it is just words. It is a thing that is almost impossible to detect/stop on a software level... it happens and it is not necessary to restart the system to solve. The code that does the bad deed is probably written in JavaScript. You just can't prevent the ability to run JavaScript and use the Web. People think of HTML as being what runs the Web but that is wrong. JavaScript runs the Web. Shoot, not even my GIF Gallery would run without JavaScript.

How to regain your browser if this ever happens again...

1) Do the ALT/CTRL/DEL to open Task Manager but don't restart.
2) Just go to Applications and do an "End Task" on all browser references. Some MAY take a couple of closes to do the deed.
3) If anything remains do an end task on any application listing that just says "task" with no apparent association to anything.

I don't know about the ALT-F4 deal but will give it a try after I post this.

I have personally tested this several times on my system and it works. As long as you don't panic this type of fraud is not a real danger but, rather, an irritation.

<edit>
I checked out the ALT-F4 deal and it works normally to close a browser window but can easily be defeated with a few lines of JavaScript code. I know that this seems to make JavaScript a danger but it really isn't. These forums are written in PHP yet half the code is actually JavaScript. The thing that keeps JavaScript from being an actual danger is that there is no inherent ability in JavaScript to access a data base or local drive.

Please remember that when I say JavaScript I mean JavaScript, not Java. They are two entirely different critters.

_________________

Jay, thanks for the educational post. I guess I just don't understand the definition of malicious software. A program that doesn't allow me to return to my desktop or task bar is pretty malicious in my mind. If MBAM and Defender have trouble detecting that type of maliciousness, then so be it.

I did try to End Task on several of the browser references, but it didn't seem to be working. Perhaps I didn't try it enough times, as you suggested. But at that point I was anxious to regain control of my computer, even if it did mean a Restart. However, I didn't panic and now it's nice to know that the fraud event was not really dangerous, but more of an irritation.

Thanks again for you prompt and helpful responses

_________________
BB
http://barrypatch.net

YW

_________________