# Computer screen lockup scam?



## carverman (Nov 8, 2010)

Another novel approach by scammers to lock up your computer and extort money from you.
Amazing how innovative these scammers are these days and they can do it halfway around the world. 

http://www.cbc.ca/news/canada/briti...3/01/15/bc-scam-ransomware-virus.html?cmp=rss


----------



## Beaver101 (Nov 14, 2011)

Thanks for the alert! What a PITA it'll be should one get infected with these mal-ware. :miserable:


----------



## carverman (Nov 8, 2010)

Apparently this trojan has been around for quite some time. I suppose it depends on what sites you visit and whether you have a good firewall and virus protection. 

I found this fix for it. 

1) Turn off PC and boot in safe mode WITH networking by pressing F8 during startup.
2) Type "*msconfig*" in your windows search. 
3) Click the "*Startup*" Tab. 
4) UNCHECK anything that has *blank or "unknown" manufacturer* that runs with a "*rundll32*" command.
5) Restart and you should be fine, then use your antivirus to locate the infected files and quarantine/remove them.


----------



## Jim9guitars (May 5, 2012)

I read that they don't unlock it even if you pay, so if you get this and carvermans fix doesn't do it, just buy another computer. With lots of anti-everything.


----------



## Beaver101 (Nov 14, 2011)

... buy another pc? More junk for the landfill? No thanks. And lots of anti-everything? LOL! I'm pinning up Carverman's (retired electrical hard/software engineering man) fix tips next to my pc, just in case. each:


----------



## dogcom (May 23, 2009)

I would just go down to the computer expert and have him reformat my hard drive and start over again.


----------



## HaroldCrump (Jun 10, 2009)

These malwares are so ubiquitous these days that it is only a matter of time before one gets some or the other form of spyware/malware infection.
My PC has been infected a few times in the past.
Initially, I used to spend hours cleaning each virus one by one by following instructions from the Internet or McAfee or Norton website.

But these buggers are so smart that it's hard to be 100% sure that you have cleaned every last bit of them,.
Sometimes they masquerade as device drivers or other TSRs to evade detection.

In the last few years, I have decided it is not worth my while to try and clean infected PCs.
Now I keep the original install of Windows and other programs in a CD.
Any time there is an infection, I back up the data, wipe/format the hard drive, and re-install from the O/S backup.
Adding in time to install software programs like Microsoft Office, Photoshop (for my wife), etc. only takes a couple of hrs. - far less than trying to clean these elusive viruses one by one.


----------



## carverman (Nov 8, 2010)

Jim9guitars said:


> I read that they don't unlock it even if you pay, so if you get this and carvermans fix doesn't do it, just buy another computer. With lots of anti-everything.


Well you don't need to buy another computer for this scam. Worse case, if the fix doesn't work, just reload Windows 7 or whatever version you are using. You should have that OS on a CD that came with your computer, The key to activate it with Microsoft should be on a sticker on the side of your computer.

When you reload the operating system (OS), it cleans up anything that is OS related. I've done this a couple of times in the past for other reasons..(not trojans). 

It's a PITA because you need to reload the applications you are using too, but at least you can get rid of it.

I guess with 100 million "Microsoft trained ITs" in the world that may be unemployed or looking for easy profit, it is bound to happen more often these days, just like the recent scam where a friend of mine got a phone call from someone
claiming to be with Microsoft, (fake number given) and she was asked if she had seen any corruption on her computer..
(She had some strange corruption after opening an email). 

These Pakastanian scam artists sounded very legit, and they called her home number and told her
that for $300 + taxes, (on her Visa), they would fix the corruption up for her. They told her they were Microsoft 
"authorized" and asked her if they could access her computer to check on the corruption..she agreed to have them have a look and saw the cursor move around as they poked around and found "some corruption". 

They gave her a phony number to call (New York City area code pay phone number) and a phony web site.
They told her she could pay by CC or Paypal. She chose Paypal, authorized the payment and found out that it was a scam a few hours later, and they had done nothing to fix the corruption in her computer. 
Fortunately, her son being a PC expert finally found the corruption and fixed it.

She called her bank and Paypal and had to cancel her CC as well, because she panicked. Fortunately Paypal investigated and determined that it was a scam, so she should have her $318 returned in the next 2 weeks.

Do not trust anybody calling you or contacting by email..unless you know who you are dealing with!


----------



## carverman (Nov 8, 2010)

I have Norton 360 and do virus scans every week. As well I have automatic backups for all my files. So if my hard drive or computer crashes, as of last year, I have a backup computer fully loaded and ready to go at a moment's notice. Then I can take my time and get rid of the trojans, malware, tracking cookies, or viruses that somehow got through.


----------



## mrPPincer (Nov 21, 2011)

Never pay these scam artists, they don't want the payment, they want your credit card number so they can clean out your account.

My recommendation; if you have windows, download and install firefox (free) and use it as your default (and only) browser, and download Microsoft Security Essentials (free from Microsoft) and use it as your only anti-malware program.

I think MSE runs a lot leaner and efficiently than the other ones like Mcafee or whatever because it's incorporated into the proprietary windows code.
Firefox is like a firewall for exactly the opposite reason; windows internet explorer runs right out of the windows explorer that runs your computer and will always be full of vulnerabilities, whereas firefox is running on linux code, a whole different language than what your computer is talking to itself in.

http://www.mozilla.org/en-US/
http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

Aside from keeping my Java updated that's all I use and I never have any spyware or viruses or trojans of any kind *(since doing so)
I've heard of people in my area getting this lockup virus and I don't think it's a big deal for a good teck to clear it up; I don't think you usually would have to reinstall your OS, and you definitely shouldn't have to buy a new computer.


----------



## sags (May 15, 2010)

Thanks for the info Carverman................

I used a good anti malware software program called Malwarebytes Anti Malware.............but these *%(%(%(&# are indeed so smart they program their virus to disable known anti malware programs.................so if you download a program, be sure to change the name of the program so the virus doesn't identify and disable it.

EG..............change AntiMalware to AntiMalwareToday...........or something similar.

This software is effective against the lookalike Windows Security virus as well.

I wouldn't mind if the CIA tracked down these scum.........and Bin Laden them.


----------



## carverman (Nov 8, 2010)

sags said:


> T............so if you download a program, be sure to change the name of the program so the virus doesn't identify and disable it.
> EG..............change AntiMalware to AntiMalwareToday...........or something similar.
> This software is effective against the lookalike Windows Security virus as well.
> I wouldn't mind if the CIA tracked down these scum.........and Bin Laden them.



I have Norton 360 total protection. Buy it at Staples every year when it goes on sale. So far, with the constant virus definition updates, I get automatically, I have never received a virus that is as distructive as in my original post. 

The definitions that are downloaded by Norton are constant updates to detect, malware, viruses, spyware, sneaky fake sofware and trojans. When I run the virus check manually, it checks for all the all virus crap, fake trojans 
and even gives me a quick view of what it's looking for when it runs the security scan.

I don't know how some people out there get infected though..maybe their virus protection is non-existant or very poor, such as what would be supplied free of charge by Microsoft. I wouldn't trust any freebee virus protection from Microsoft, because the "Microsoft trained virus programmers out there", would know how to defeat most Microsoft virus definitions and sneak in their trojans.

Unfortunately this is the new situation, when Microsoft moved their 24/7 support to India, Pakistan or any country like that to maximize their profits. You inadvertently train them to become rogues..and go into criminal activities because they know
how the core software is structured and the weak spots.


----------



## mrPPincer (Nov 21, 2011)

well, that could be, but like I say I've had no problems whatsoever since I've started using Microsoft Security Essentials and it doesn't slow down the system as much as Norton or AVG, or others which I've used in the past.
MSE has constant updates as well, and I scan at least once a week.
I'm very happy with it and until I have a good reason not to I'll keep using it.

It's quite important to make sure your Java is up to date because that's how some of these programs are getting in, through old versions of Java.
When you update your Java it's best to uninstall the old version first because some of the older versions went into a different directory, and you could end up having more than one installed in your system, with the older one being potentially exploitable, not everyone knows that.


----------



## Beaver101 (Nov 14, 2011)

carverman said:


> ... I guess with 100 million "Microsoft trained ITs" in the world that may be unemployed or looking for easy profit, it is bound to happen more often these days, *just like the recent scam where a friend of mine got a phone call from someone claiming to be with Microsoft, (fake number given) and she was asked if she had seen any corruption on her computer.. *(She had some strange corruption after opening an email).
> 
> These Pakastanian scam artists *sounded very legit, *and they called her home number and told her that for $300 + taxes, (on her Visa), they would fix the corruption up for her. They told her they were Microsoft
> "authorized" and asked her if they could access her computer to check on the corruption..she agreed to have them have a look and saw the cursor move around as they poked around and found "some corruption".
> ...


 .... how did these scam artists get her phone home number in the first place? was it random? 

This sounded similar to an incident that happened to a friend's colleague at her "workplace" - how these scam artist got her "work number" in the first place is ??? And the fact there is a company firewall on her pc. She almost fell into the trap of giving out her credit card # for the "fix" but then was reminded that there is an IT department within her company to deal with these pc problems. 

Most definitely do not trust any suspicious, unidentifiable calls - just hang up the phone, I say!


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> .... how did these scam artists get her phone home number in the first place? was it random?


They called her on her home phone, so I think it was random, based on their computerized phone number sequence with the Ottawa area code.
She gets a lot of these telemarketer type calls and generally doesn't answer if she recognizes the number as a possible
telemarketer number, but in this case she was having some kind of corruption prior to the call. She mentioned that she thought it started from a email she opened from a friend. Don't know if this friend was in Canada though.



> *This sounded similar to an incident that happened to a friend's colleague at her "workplace" - how these scam artist got her "work number" in the first place is ??? And the fact there is a company firewall on her pc. *She almost fell into the trap of giving out her credit card # for the "fix" but then was reminded that there is an IT department within her company to deal with these pc problems.


Yes, these guys can sound so convincing that they are Microsoft reps and going to deal with your computer directly. Sometimes with PC's you get a popup window with some kind of cryptic error. The popup suggests to send the error to Microsoft directly by clicking inside the popup. She may have had one of those and thought it
was legitimately someone from Microsoft calling her back about the error. 

So in her case, she already had some kind of issue with her PC and had notified
Microsoft..which is really *waste of time, since Microsoft never calls you back to discuss these errors*. 



> Most definitely do not trust any suspicious, unidentifiable calls - just hang up the phone, I say!


Wel she knows that..but in this case, because she already had some kind of issue with her computer, and those scam artists talked her into believing they would do something to fix it..for $300 plus tax..and they would take a CC # or Paypal...she somehow managed to give them both and the Paypal charge went through. 

Paypal has access your bank accts....anyway...they sent her an official looking receipt for her payment with
a bogus email/website and a bogus phone number that she was to call to activate her acct with them....to her email acct. 

So obviously when she found out, she had to call her bank to cancel the credit card number and then call Paypal to lodge a complaint. Seems silly, but this is how these scam artists get people to pay them. Every trick in the book!
Paypal cancelled their dealings with the scam artists that were operating from either India,Pakistan, or Afghanistan, as far as
they were able to determine.



> However, this week, two sites alleged to be involved were still listed as "Microsoft Gold Certified Partners", which Microsoft says means that they must have "demonstrated expertise" and "must employ a minimum number of Microsoft Certified Professionals".


http://www.guardian.co.uk/world/2010/jul/18/phone-scam-india-call-centres


----------



## Beaver101 (Nov 14, 2011)

> So in her case, she already had some kind of issue with her PC and had notified Microsoft..which is really waste of time, since Microsoft never calls you back to discuss these errors.


 ... agreed if she had notified Microsoft then she would have expected a Microsoft tech rep. to get back to her so it was hard to be 'warned" of this sort of in-your-face (or over the phone) "scam". In my friend's case, she forgot that her pc has a fire-wall as well as a company IT department and yet she was almost duped. These fraudsters are so conniving. So essentially, if anyone gets a "pop-up" message when cyber-surfing, he/she should simply close it off and/or possibly do a ALT-CTRL-DEL to shut off the machine and re-start a session so as to avoid any infection or machine corruption? 



> Paypal has access your bank accts....anyway...they sent her an official looking receipt for her payment with a bogus email/website and a bogus phone number that she was to call to activate her acct with them....to her email acct.


 ... and so they want to access to her bank accounts now? Wow ... and the nerve to send her an "official looking receipt."! So I can guess the next step in line is identify-theft? I hope your friend has reported this incident to the Cyber Fraud Squad (contact in link of your earlier post) - btw, does this organization really do any good or has caught any of these fraudsters so as to shut them down, any idea?


----------



## kevinlk (Jul 9, 2009)

I got hit by this malware a month or so ago and it is a rather nasty one. You can't minimize the screen, nor bring up the task manager or switch windows through keyboard shortcuts/control-alt-delete. Upon rebooting, the page comes up right away, preventing you to try to disable it. Booting into safe-mode yielded the same result. 

The only way I was able to remove it was to run malwarebytes from another windows partition, which detected the malware and removed it. Had another partition not been available, I fear that a re-install may have been required.

Oh, as a fun part, the page actually detects if you have a webcam and use it to show your face on the page, which, for neophytes, may be scary (Oh no! They actually see me! It's on their page!).


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> ... *and so they want to access to her bank accounts now?* Wow ... and the nerve to send her an "official looking receipt."! So I can guess the next step in line is identify-theft? I hope your friend has reported this incident to the Cyber Fraud Squad (contact in link of your earlier post) - btw, does this organization really do any good or has caught any of these fraudsters so as to shut them down, any idea?


Well, I don't know if they can get access to your bank accts directly. I know that in the past, I have dealt with PayPal to buy stuff from vendors on E-Bay where I didn't want to give out my CC number to them. I haven't had any problems with those transactions. The way I have my Paypal acct setup is by having PayPal access my checking acct # and withdrawing the amount of the purchase. By using PayPal there is some protection in case the vendor or solicitor of the funds is a phony or fails to ship the goods. You can always get your money back through Paypal. 

However, if you give someone online (and you don't know who you are dealing with) your CC number and they turn out to be a con artist, your CC number can be comprimized very quickly and you can have all sorts of unauthorized purchases
against your CC number. That can be a nightmare to try an recover from your bank, even if the CC is cancelled and a new one issued to you.

I don't know the details on why she had her CC cancelled and re-issued when she was using PayPal. Maybe she gave them the CC number first and decided instead to use Paypal...it's a bit confusing to me, but she was confused at the time to even fall for such a con.


----------



## carverman (Nov 8, 2010)

kevinlk said:


> I
> The only way I was able to remove it was to run malwarebytes from another windows partition, which detected the malware and removed it. Had another partition not been available, I fear that a re-install may have been required.


You mean you ran it from the START control panel?


----------



## sags (May 15, 2010)

You bring up an interesting point Carverman..........on how when companies sent their manufacturing offshore.........they also had to send the engineering and a lot of corporate information along with it. They say that Apple couldn't move their manufacturing from China because all the integral parts for the phone are made by Chinese manufacturers who have the engineering, equipment and expertise to provide the parts.

I watched a panel show on internet security.........and they talked about the security threat to the US, because many computers contain parts made in China.........and some have been found to contain "back door" entry into the software.

Should the need arise..........it is feared that China could shut down anything from airplane electronics to nuclear plants.

Awhile ago...........The Iranians took over control of a drone in mid-flight and landed it safely.

It is believed the "purpose" of the event was to remind the US they had the ability to do it.

The story was reported and then just kind of evaporated.

Pretty scary stuff..............these unintended consequences.

I remember what my mom always used to say to us.....when we asked too many questions.

"Does Eatons tell Simpsons all their business"?


----------



## mrPPincer (Nov 21, 2011)

kevinlk said:


> Upon rebooting, the page comes up right away, preventing you to try to disable it. Booting into safe-mode yielded the same result.
> 
> The only way I was able to remove it was to run malwarebytes from another windows partition, which detected the malware and removed it. Had another partition not been available, I fear that a re-install may have been required.


My tech has a usb stick with a linux OS on it that he can boot a computer with.
He used that to find and remove a computer screen lockup scam program on a neighbour's computer last week, so that's another way it can be done without a re-install.

As an added measure he removed the Java, which he figured would never be missed in these specific circumstances.
I don't have Java installed on my trading computer either, never have, just more potential holes to exploit, and it makes absolutely no difference in what I use it for.


----------



## kevinlk (Jul 9, 2009)

carverman said:


> You mean you ran it from the START control panel?


No. I run on a computer with 3 Windows: XP, 7 32 bits and 7 64 bits. My Windows 7 64 bits got locked up by that malware, with no option to go anywhere else but that screen. The page covers the whole screen, making it impossible to reach the start button (or windows button) to go to any program/control panel. Keyboard shortcuts were useless as well, as I couldn't switch to something else or bring up any window in front of it. Going into safe mode upon reboot yielded the same result.

I had to go to another Windows to clean up the malware into my Windows 7 64 bits. It was totally locked up on its own.


----------



## carverman (Nov 8, 2010)

Unfortunately this is the serious deficiency with the PC operating system. Viruses from emails or downloading from the internet can infect the PC very easily.

If you want to be "relatively virus free"..you need to go to the more expensive MAC personal computers. 
PCs always have been vulnerable and probably always will. They are plentiful and cheap to buy, but they have their inherent design faults. With probably millions of Microsoft trained" "experts" out there with access to the source code, it's relatively easy to write a trojan or virus for a PC.


The difference is in the construction of the software between a Mac and a PC.


> MS Windows is "monolithic" ie: everything is put into the kernel, everything attaches to the kernel, and so every program you install on a Windows system has access to the kernel - it's just the way it's built. On the other hand Unix and Linux are "modular" in that the kernel interacts with various modules, without giving them write access to itself. In fact some security minded folk install their Linux kernel on a CDRom and install the rest on the hard drive. Because a CDRom is readonly it cannot be compromised at all. Not a bad idea. The trick in compromising a Mac or Linux machine is to deceive the user into performing an unsafe procedure. So if you are an idiot, your computer is at risk. But if you have a healthy suspicion, have never opened a Nigerian money scam and wondered if it worked, then there is hope for you with a Mac or Linux system.





> Now, Mac OS X has fewer pieces of malicious software for several reasons. The first is that it is more difficult to write viruses and worms (that seek out remote machines to attack) for multiple reasons:
> 
> (1) Mac OS X is based on UNIX (and Leopard is, in fact, officially UNIX), which has been analyzed by many people who have access to the source code, especially since the underlying source code for much of the low-level parts of Mac OS X is open source.
> 
> ...


----------



## bgc_fan (Apr 5, 2009)

carverman said:


> Unfortunately this is the serious deficiency with the PC operating system. Viruses from emails or downloading from the internet can infect the PC very easily.
> 
> If you want to be "relatively virus free"..you need to go to the more expensive MAC personal computers.
> PCs always have been vulnerable and probably always will. They are plentiful and cheap to buy, but they have their inherent design faults. With probably millions of Microsoft trained" "experts" out there with access to the source code, it's relatively easy to write a trojan or virus for a PC.
> ...


I am not sure where you got your information, but it is a little inaccurate. Unix type systems can be monolithic or microkernel design. Most BSD and Unix variants (Linux included) are monolithic with most drivers compiled into the kernel. However, monolithic kernels have hooks that allow usage of other drivers. The only microkernels that I am aware of are MacOS (based on Mach with BSD filling in the blanks), QNX, and MINIX.

None of which indicates vulnerability to malware. For example, one of the very first malware that took out the Internet was the Morris worm that targetted UNIX machines. The main tradeoffs are performance vs stability, with the monolithic kernel being more responsive in theory, with the microkernel being more stable.

Really, insecurity is due to implementation more than design. For example, when the first Office malware macros came out, I could not believe that they designed a system that would work outside of the document sandbox and allow it to access system registry.


----------

