Security alert the dreaded red screen.

We got this once last week and again just now. It opened in it's own browser or covered another site. I had Yahoo mail open as well as Hotmail and a couple other sites that are frequented regularly. I've never gotten this particular alert before the last 10 days.
I could not close or click ok and was only able to close the full screen. I tried that to, one by one, close each browser. There was not time.
I had to manually shut down after a screen shot of the alert.

That's not my IP address: 165.227.181.242
Last week it was 165.227.114.14
Both said call Microsoft immediately.
Upon reboot Trend Micro did a scan and found nothing.
todaylast week
LVL 25
nickg5Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AlanConsultantCommented:
Hi,

Please can you supply details of your setup.

For example, is this a stand alone machine (Win10 Home maybe), on wifi / ethernet to a single router, then out to your ISP?

Or perhaps a business machine (Win10 Pro?) on a domain, in which case, what is the setup for packet flow from the machine to the outside world?

Most likely is that there is something nasty on the machine, but lots of other possibilities too.

Thanks,

Alan.
0
JohnBusiness Consultant (Owner)Commented:
It is a virus. Do a full scan with Trend Micro and then scan with Malwarebytes and see if the latter picks up and deletes the virus.
0
McKnifeCommented:
Saw this and it was no infection of the client but just a website. Couldn't close the browser because of a funny script that this site ran and had to kill the browser process with task manager. Restarting the browser, it re-occured.., why? Since the browser picked up where you left after you forcefully closed it with task manager (default behavior: restore pages!), it seemed to persist and was taken for a virus. It is not, it is just a scammer's website tricking to think you are infected.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

nickg5Author Commented:
Windows 7 pro desktop to ISP via cable modem. The alert happened fast so I am not sure what triggered it. All websites at the time are sites used many 100's of times in the past. If the scans with TM and MB get rid of it again, then this could become a weekly event.
0
JohnBusiness Consultant (Owner)Commented:
Just be careful where you browse to.
0
nickg5Author Commented:
McKnife: As far as forced turnoff, that was not done by me with task manager. I had to press the on button on the tower. Last week, the first time this happened I was not nearly as locked up or locked out and was able to close all browsers one by one and then a proper shutdown.
0
Thomas Zucker-ScharffSolution GuideCommented:
Seen b4, malvertising link. Just ctrl-alt-del and close browser (dont try to click ANY button)
0
nickg5Author Commented:
Thomas:
ctrl-alt-del are also the keys we use to access password entry window upon boot-up.
0
AlanConsultantCommented:
Hi Nick,

If you see this, does the standard window close option (Ctrl-w) work?

Are your browsers setup to allow scripts to run by default?  Assuming so, I recommend trying uBlockOrigin (add-on) and see what might be doing this.

Thanks,

Alan.
0
Thomas Zucker-ScharffSolution GuideCommented:
You don't need to worry about a conflict since you don't need to reboot.  Worse case scenario is you need to run SpyBHORemover from securityxploded.com.
0
Tom CieslikIT EngineerCommented:
It looks like redirection to website that is trying to scare you.
For me it doesn't look like virus, but maybe you have a cookies in your computer and they're activating if they getting some input, like advertisement from other website.

I think you should not worry but:

1. Close/kill browser
2. Delete Windows/Temp
3. Go to IE Tools/Internet Option and Delete Browsing history - you can leave passwords, but delete all other things
4. Scan your computer using some smart software that will delete all cookies like MylwareBytes

After that , restart computer and check if you can go to your website
0
serialbandCommented:
Install an adblocker.  A lot of these things are just coming through a malicious advertising channel.  Some of these can only killed by opening up task manager to end the process.
0
nickg5Author Commented:
Yes control key and W works to close the browser. And control, alt, delete allows shutdown.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.