Hijack on Explorer

[Arab Nights (imported)]

Am I the only one who has my computer hijacked with screen that my computer may have been hijacked? The red X in upper right corner is de-activated and I end up using the power button to shut of the computer. Pain in the ass. Only seems to happen in Internet Explorer, never Google or Yahoo.

[Wolf-Pup (imported)]

Sure sounds like Mal Ware. Have you run an antivirus scan on your system? Internert Explorer isn't a supported browser anymore. I spend most of my time eith FireFox or Chrome. I ocassionally will run the new Microsoft Edge. Firefox is my workhorse though for browsing.

Always good to have your anti-virus up to snuff with all the latest singnatures and any other updates. Avoid using IE thought I think it is still part of Windows because some internal programs depending on it.

[Arab Nights (imported)]

I use Malwarebytes and Webroot (thru Best Buy). I called Webroot (actually have real people) about another issue and asked about it in passing. There is a way which I did not write down which you can bypass the bastards and continue.

I used Firefox maybe a year or two ago, but quit because of similar repeat hijackings. Now it seems to be IE.

[Paolo]

If the screen you get is telling you to call a number and pay a fee, it's probably code embedded in a page you are visiting, and not actual malware. Nothing is really going on, except for display of some graphics and text trying to get you to give them some free money. My boss tends to blunder into sites that do this quite a bit. Calling up Task Manager and quitting the browser through it makes the screen go away, and all the scans never find a thing on his machine. My guess is that if you call, they'd tell you to do the same thing - after paying the fee. The last one he got was really exciting - it was flashing red and beeping!

[Arab Nights (imported)]

I tend first thing in the morning to scroll down Explorer and Yahoo to see if any stories of interest and click on anything that catches my eye or an animal video to brighten my day. That is when I get hit. The Webroot guy did not seem too fussed that anything happened to the computer, but it is really annoying. Makes me re-think capital punishment.

[Eunuchorn (imported)]

My mom would occasionally stumble onto a site that would stop all other function, then voice read a message that the computer had been corrupted, and gave a phone number to call to fix. she actually called it till I figured out what was going on, deleted the companies client that she had downloaded, and told her not to believe it if it ever happened again. also. there is a company that will call you and tell you you have a problem with your computer, and claim that they are Microsoft. They are Lying. Microsoft does not call out cold. Ever. You call Them. they have offices of technicians waiting for your call.

[talula]

Yea. I see it happening all the time. Just use task manager and kill of the IE process. Of course that kills off the whole IE shebang so you might consider using both Firefox and IE at the same time thus if IE gets all knackered you can kill it but still have things open on FF.

[Paolo]

I've visited some pretty shady sites, and I've never had anything like this happen. I do get all sorts of warnings from the adblockers about Google pages, though? Oddly enough, I've never had this happen with FF and NoScript combined with AdBlockPlus. I am now using UBlock Origin, however.

[TopManFL (imported)]

Do Not Call the Number on the screen.

My father got that screen and called the number. They had him run a command on his computer that showed a list of files. They said they could prove he was infected if the last file name was a certain string of numbers and letters. It was, so he did what they said.

First, they had him download a file that allowed them to control his computer. Then, they took control and disabled all the check boxes that allowed the computer to access the internet.

Next, they transferred him to "the department that can fix his problem". They wanted about $500 to sell him a program that would "protect" his computer.

Luckily, he called me. I went over and uninstalled the software they'd had him down load. But the permission to access the internet is buried deeper in the operating system than I could find.

We called a local computer repair guy that he's used before. He was able to fix it.

The scammers had killed networking, wifi, internet access and just about anything that allows a computer to access the net.

The "X" in the upper right corner might not shut the scam alert off if they freeze your browser. If you are using windows, you can get to the Task Manager with either Ctrl-Alt-Delete or there might be an icon on your task bar that says "Task View". Click that and you should be able to shut down your browser.

Here is an article about Chrome's efforts to fight these fake warnings: https://www.engadget.com/2018/12/05/chr ... -websites/

Also, beware of sites that hijack your back button on your browser. It's a new "trick". They redirect you multiple times before you land on the page you were looking for. When you use the back button to leave the site, it takes you to one of their ads or sites. In most browsers you can right click the back button to see a list of sites that you've visited and then click the site you want to return to.

[jamiepan (imported)]

To summarize all the good info above into something simple:

- ALWAYS have Task Manager running. ALWAYS. Some attacks like the one the OP described can prevent you from opening Task Manager in older operating systems, so just include it in your startup list and let it run. ALWAYS.

- Unless you know your stuff, avoid clicking any small-sized pop-up when running IE. Leave it alone. Don't try to click the red X. Just kill it with Task Manager.

- Learn over time to "know your stuff". It's not hard to recognize fake pop-ups.

- When something pops up that is suspicious, go to Task Manager, look under the first tab (Processes), and find Internet Explorer (or whatever browser) up top in the Apps list. Right click it, hit "end task".

Did I mention always have Task Manager open? . Do it.

One last note... if you are browsing porn or even just forums with porn-ish pics/vids, and you get a small pop-up that says you need a Codec to run a file... use Task Manager to kill your browser. I guarantee you, no codec request by a porn vid EVER supplies a clean file, and will most likely fully ransom-ize your computer.