Pop up browser messages about your computer is infected - how am I getting them?
Pretty regularly - 1 or 2x a day, I get a popup on 1 computer (win 7 SP1, fully patched) about 'your computer is infected', we're from microsoft call us, etc.
I realize it's a scam. But curious how it's getting on there. I've run malwarebytes, superantispyware, hitmanpro and they don't find anything.
I am streaming a radio station based in NY.
Am I mistaken that the people running the malware buy ad space on legit websites and thats how they get on the machine?
these have been easy to get rid of - just close the browser by clikcing on the x in the top right corner (it takes over the tab the radio station was on, another indication that's where the malware is getting in from?). I've seen other versions where you have to kill browsers through task manager or reboot the computer.
I realize it's a scam. But curious how it's getting on there. I've run malwarebytes, superantispyware, hitmanpro and they don't find anything.
I am streaming a radio station based in NY.
Am I mistaken that the people running the malware buy ad space on legit websites and thats how they get on the machine?
these have been easy to get rid of - just close the browser by clikcing on the x in the top right corner (it takes over the tab the radio station was on, another indication that's where the malware is getting in from?). I've seen other versions where you have to kill browsers through task manager or reboot the computer.
John
Run a full scan with your AV followed by Malware Bytes
Remove adware programs and any unknown plugins from browser.
https://www.pcrisk.com/removal-guides/10071-your-computer-has-been-blocked-scam
https://www.pcrisk.com/removal-guides/10071-your-computer-has-been-blocked-scam
If it is only happening in the browser then I would check your addons. Start disabling them one by one. If the disabled one doesn't stop the popups then disable the next one. Once you find the erring one remove it.
For scanning purposes I 'd use AdwCleaner https://www.malwarebytes.com/adwcleaner/ From those nice MalwareBytes people. That'll look for unwanted applications you might have on your computer that have installed unwanted addons and the like.
For scanning purposes I 'd use AdwCleaner https://www.malwarebytes.com/adwcleaner/ From those nice MalwareBytes people. That'll look for unwanted applications you might have on your computer that have installed unwanted addons and the like.
Another thing to try if our suggestions do not stop the pop ups is the following:
Download, install and run Process Explorer from Microsoft.
Look down the left side tree under Explorer and see if there are any strange looking (alphanumeric) processes running. Kill these, close out, do NOT restart, and then run Malwarebytes again.
Download, install and run Process Explorer from Microsoft.
Look down the left side tree under Explorer and see if there are any strange looking (alphanumeric) processes running. Kill these, close out, do NOT restart, and then run Malwarebytes again.
Process Explorer https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx link
Note: Get the entire SysInternals Suite https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx which includes Process Explorer as well as all sorts of other goodies.
Note: Get the entire SysInternals Suite https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx which includes Process Explorer as well as all sorts of other goodies.
Scan your System with RogueKiller:
http://majorgeeks.com/RogueKiller_d6983.html
Uninstall any recently installed suspicious software:
Go to Control Panel >> Programs and Features,
Look for any programs that were installed recently in the last week or so. If you see any programs you don't recognize as something you specifically requested as being installed, chances are it is a rogue program. In that case, you can uninstall it. Proceed through the list of installed programs and remove and potentially unwanted software.
Reset your Internet Browser (Internet Explorer):
1. In your Internet Explorer browser, proceed to tools
2. Then click on Internet Options
3. In the "General" tab in the "Browsing History" section, tick the box that reads "delete browsing history on exit" then click "delete".
4. Ensure the box “Preserve Favorites website data” is UNTICKED and all other boxes ARE TICKED in this screen and click on "delete"
5. Click "OK" to close the menu.
6.Go to the browser's add-ons or extensions and disable any add-ons / extensions that you don't recognize.
http://majorgeeks.com/RogueKiller_d6983.html
Uninstall any recently installed suspicious software:
Go to Control Panel >> Programs and Features,
Look for any programs that were installed recently in the last week or so. If you see any programs you don't recognize as something you specifically requested as being installed, chances are it is a rogue program. In that case, you can uninstall it. Proceed through the list of installed programs and remove and potentially unwanted software.
Reset your Internet Browser (Internet Explorer):
1. In your Internet Explorer browser, proceed to tools
2. Then click on Internet Options
3. In the "General" tab in the "Browsing History" section, tick the box that reads "delete browsing history on exit" then click "delete".
4. Ensure the box “Preserve Favorites website data” is UNTICKED and all other boxes ARE TICKED in this screen and click on "delete"
5. Click "OK" to close the menu.
6.Go to the browser's add-ons or extensions and disable any add-ons / extensions that you don't recognize.
Do you have adblock installed? I would install that and see if it prevents the site from popping up.
Check the phone number that it says you should call. At times this is triggered by a linked advertisement ........
At one point was this system infected?
At one point was this system infected?
thanks guys but I was hoping for comments on the idea that the bad guys buy ad time, maybe run legit ads for a while then switch to these scams?
I can clean the machine ok, but it does come up clean.
some bits of trivia:
I only get the malware pop ups in IE 11. No problems with chrome, but the music site uses flash and it seems to crash more with chrome... I let that page run for hours. with chrome, the music stops at some point.
I had this bookmarked: http://player.radio.com/listen/station/wcbs-fm to get to the music.
but looking at their main site, now their 'listen live' link takes you to: http://tunein.com/radio/WCBS-FM-1011-s27759/
I'll use that and see if it's more stable and don't get the pop ups.
also, in the last couple days I get a warning about an expired certificate for *.brtll.com which if you google that, there's loads about it being malvertising.
also getting verizon user surveys....
So is it reasonable to think - it's not malware installed on the machine, just sleazy ads that come in on this streaming radio site?
I can clean the machine ok, but it does come up clean.
some bits of trivia:
I only get the malware pop ups in IE 11. No problems with chrome, but the music site uses flash and it seems to crash more with chrome... I let that page run for hours. with chrome, the music stops at some point.
I had this bookmarked: http://player.radio.com/listen/station/wcbs-fm to get to the music.
but looking at their main site, now their 'listen live' link takes you to: http://tunein.com/radio/WCBS-FM-1011-s27759/
I'll use that and see if it's more stable and don't get the pop ups.
also, in the last couple days I get a warning about an expired certificate for *.brtll.com which if you google that, there's loads about it being malvertising.
also getting verizon user surveys....
So is it reasonable to think - it's not malware installed on the machine, just sleazy ads that come in on this streaming radio site?
Try using Process Explorer as suggested.
Also look in C:\windows\system32\driver
Also look in C:\windows\system32\driver
The machine is clean
I was hoping for comments on the idea that the bad guys buy ad time, maybe run legit ads for a while then switch to these scams?
I was hoping for comments on the idea that the bad guys buy ad time, maybe run legit ads for a while then switch to these scams?
Put your pop up parameter on HIGH to stop pop ups.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm using the tunein website and none of these pop up ads.
i accidentally clicked on the old shortcut using radio.com... and within seconds 'your computer is infected, call us'.
screw radio.com
i accidentally clicked on the old shortcut using radio.com... and within seconds 'your computer is infected, call us'.
screw radio.com