dfwci.com

Computer Service / Network Integration / Performance Tuning

Home » The Talking Computer Hijack

The Talking Computer Hijack

The Latest Computer Hijack

The Talking Computer Hijack

OK, boys and girls. The bad guys have just upped their game. A LOT.

Hopefully y’all know to NEVER click on a popup message that jumps on your screen while surfing the web and tells you to call a toll-free number because your computer is infected.

This latest iteration takes the scare tactics one step further. It locks up your screen completely and is unresponsive. A mechanical voice comes over your speakers repeating the following in a loop:

“Please call us immediately at the toll free number listed so that our support engineers can walk you through the removal process over the phone. If you close this page before calling us, we will be forced to disable your computer to prevent further damage to our network. And remember 2 6 8 D 3. Info alert from Microsoft…”

It runs endlessly. It is absolutely maddening.


A dialog box is welded to your screen that reads:

Call Windows Help Desk Immediately at +1-888-210-9302
(the + before the phone # should be your first clue)

The following data will be compromised if you continue

  1. Passwords
  2. Browser History
  3. Credit Card Information

This virus is well known for complete identity and credit card theft.

Further action through this computer or any computer on the network
will reveal private information and involve serious risks.

Call Windows Help Desk Immediately at +1-888-210-9302


 

But whatever you do, NEVER Call These Criminals.

Once you let them into your computer, they will password protect it and then your real problems start.

I have had three clients attacked in this manner in the last two weeks. Two I was able to successfully unscramble. One was too old and slow to even make the attempt worthwhile.  And it was a very clever password hack. I’m still researching the fix so I can document it.

In the first case I had to replace the computer, back up all the data and restore it.  The hacked computer was a pathetic AMD 1.3 GHz processor with 4 GB of ram running Windows 10.  If you know anything about computers, you know this was a doorstop already.  It could have limped along for maybe another year, but once hacked, it was simply not worth the time to fix it.

In the case of the talking computer hack, it was the result of an email message from a friend to watch a movie involving terrorists and an ISIS flag.  Needless to say, no such thing existed.

The screen looked like this:

 

The running processes:

See the two Google Alert processes?  Those are what controls the popup windows and recorded message.  It literally runs in a loop forever until you kill the process.

When my client called me with this recording running in the background, I immediately accessed his computer via my AVG CloudCare console and launched a full virus scan.  I was on my way to another client when this happened, so I told him to turn the volume down and let the scan run.

A full virus scan turned up nothing.

I was able to kill the processes and disable some other tasks running in the background.  The system is clean now, 1-1/2 hours later.

Let’s all be careful out there.

#FakeSupport #FakeMicrosoftSupport #FakeWindowsSupport #SupportPopup #SupportSCAM #ComputerSCAM #FakeVirusAlert

Name of author

Name: Wizard

Short Bio: The Computer Wizard (TCW). TCW was founded by Warren P. Harris in 1994 to service and repair computers in the San Francisco Bay Area. Relocating the business to Plano, Texas in 1999, TCW continued to flourish when an unfortunate loss of data for a wedding Mr. Harris photographed, caused him to research data recovery options. Realizing he would have to either pay someone to recover the photos or find out how to do it himself, the rest, as they say "is history". Approached by a friend who was a Private Investigator in 2006, Mr. Harris studied for his Investigator's license and began honing his skills in Computer Forensics. The company was renamed DFW Computer Integration in 2015.

Leave a Reply