microsoft alert

  • 1
  • Question
  • Updated 11 months ago
  • Answered
clicked on a link on facebook and got this warning my pc is infected call this number and the page will not close down is it harmful? 
Photo of moff1959

moff1959

  • 70 Points

Posted 1 year ago

  • 1
Photo of TM_Mark

TM_Mark, Employee

  • 470 Points 250 badge 2x thumb
Hello moff1959 and welcome to the Community!

Thank you for letting us know about this question that youhave in mind. 

This message from the link you clicked on Facebook is a Technical Support Scam. It is a scheme used by cybercriminals to scare you bydisplaying a fake message on your web browser to make you believe that there isan issue with your computer when there's none. If by chance that you will getto encounter this kind of message again, please do not call the numberindicated on the page.

All you need to do is to get rid of the message on your webbrowser. Please follow the article below for the instructions on how you canreset your web browser:

Resetting yourweb browser

I hope this helps!

Should you have any other concern, please let us know.

Have a great day!


Trend Micro Home Users Community
Photo of sloshnmosh1

sloshnmosh1

  • 450 Points 250 badge 2x thumb
That link you provided for resetting your browser is very good.
However, I have recently found this does not solve the issue in certain circumstances. 

I have found hidden Windows .bat scripts inside the  C:\Program Files (x86)\Google\Chrome\Application that changed the start page of the Chrome browser even if you reset the browser following the excellent Trendmicro link above.

Here is a copy of the hidden batch script I found in the Chrome program folder that I uploaded to Gist. 
(I changed the file extension to .txt to make it benign)
https://gist.github.com/anonymous/c5b8f5caf348736ae2887cc8ec46850d

To fix this problem you must enable "show hidden files and folders" in Control panel/Folder options/View to be able to see these batch scripts in the folders.

Delete the hidden chrome.bat, firefox.bat and iexplore.bat from their corresponding program folders.

You will then have to delete any shortcuts you have to these internet browsers on your desktop and task bar and create new shortcuts from the REAL chrome.exe in the C:\Program Files (x86)\Google\Chrome\Application folder.
(Do the same for Firefox and Internet explorer)
Finished!

NEVER let these fake "Microsoft" support scammers take remote control over your computer!
I let one of these scammers remote access my computer (The scammer did not know it was a virtual machine) and he uploaded a batch script called "antivirus.bat" to my VM and executed it.
It changed all the start pages of the internet browsers on my VM in the registry and created a Visual Basic (.vbs) full screen pop up that said my machine was infected.
I uploaded it to Gist as well and changed the file extension to .txt to make it benign.
https://gist.github.com/anonymous/46bc981f1a27287e919c62a1248340d9
(Edited)
Photo of sloshnmosh1

sloshnmosh1

  • 450 Points 250 badge 2x thumb

Also, the OP said he was not able to close his browser.

You will need to run the Windows Task manager by typing taskmgr.exe in the Start/Run box or by holding down the Ctrl-Alt-Del keys to pull up the Windows task manager.

Use the Task manager to kill all instances of open internet browsers.

Next, open the offending browser and delete all the history from the cache so it does not pop up again.

Photo of TM_Voltaire

TM_Voltaire, Employee

  • 1,080 Points 1k badge 2x thumb
Thank you for the kind comments and suggestions sloshnmosh1. We really appreciate it.

You may follow the suggestions as they are helpful as well in removing the said scam page. 

Issues like these are common nowadays. As mentioned, the page tricks users like moff1959 into contacting the number in order for the scammers to take control of your computer in disguise of a service. In reality, the computer doesn't really have any form of infection whatsoever. Please do not believe it.

We will make a report of it as well so if you have the number on the page, you may give it to us.

If you need additional help in cleaning up the computer as well, feel free to contact our support channels on this link so we can assist you by checking your computer 

I hope this helps. Feel free to let us know for further concerns.

Have a great day!

Trend Micro Home Users Community